Forum Discussion

DanEvansCA's avatar
DanEvansCA
Copper Contributor
Dec 02, 2022

Sandbox, Dev, Test, Production | IaC | Zero Trust - How do you do it?

We have built up a design for our estate based on the Cloud Adoption Framework, specifically built in a hub and spoke topology, looking very similar to the recommended design from Microsoft's own literature:  Azure Landing Zone Concept 

 

You'll notice in the management group design, there is a "Sandbox", which effectively is it's own spoke which developers/azure admins can "play" and test and quick fail new ideas and solutions for new potential platforms. 

 

This naturally all sits in a single tenancy, so despite the segregation of the networking, it is a single tenancy which has a single code base from the Infrastructure-as-code perspective.

 

When running IaC, it runs it from a main branch, as per bicep (and terraform) standard processes and this means that to push out to somewhere like the "sandbox" environment, the "change" is still to the tenancy as a whole.  As such, during deployment via bicep/terraform,  the whole code based is looked at, compared to the Azure live estate and then the changes and additions are figured out.  

 

If you wanted to introduce branch controls, this means people who want to do quick changes to the estate would need to tweak code, request a branch merge, go to release and deploy.  There are two approval gates for that, the merge and then the release.  That is a little overkill for a sandbox environment, is it not?

 

I was wondering, is anyone out there running a single tenancy with a Dev/Sandbox location in their environment with similar branch and release controls?  How do you give a looser and more free area for developers/infrastructure engineers?  Do you create separate branches? Splitting the code base?  Surely maintenance of that is a pain?

 

I might be over thinking it, going away from the simple model, but as people are making changes to the branch that reflects a live environment, so how do you maintain zero trust security controls,  yet give developers a place to play?  Or is a separate tenancy the only way to achieve this?

 

Genuinely curious, Microsoft have this landing zone model, have advised single tenancy, created Bicep, shout about zero trust and yet I can't seem to find a way to make all those concepts work together.

 

If I have created any confusion, don't worry about my specific problem, I'm curious how you do it.  The best thing with DevOps is that it is malleable, so I can change, just keen to hear about how others give freedom to that sandbox, but maintain strict controls on the rest of the estate. 

 

Also, how do you setup your "Organization" and "Projects" in Azure DevOps.  If you split your code base I imagine you have multiple projects, do you fork the "main" branch? Open to new ideas.

 

Thanks community!

 

 

No RepliesBe the first to reply

Resources