The term ‘Azure Scaffolding’ for Cloud essentially refers to creating Cloud design to establish an architecture foundation that supports a scalable, reliable, flexible, dynamic, and redundant architecture. In this blog, I will focus on the ‘Azure Scaffold’ and how to deploy Azure Scaffold in a programmatic way within your subscriptions to start your Azure Cloud Journey.
Before we start with ‘Azure Scaffold’, I’d like to provide context on ‘Cloud Adoption Framework for Azure’, because Azure architecture deployed through Azure Scaffold templates consists of guidance, best practices, and recommendations covered under CAF framework. In summary, CAF for Azure covers multiple elements, like strategy, readiness plan, available assets, innovation, governance, management, and optimisation etc. which is essentially a complete Cloud Lifecycle or ‘Cloud Journey’. CAF Framework helps throughout your transformational journey from physical On-Premise DC to Azure Public Cloud, by providing methodology that covers specific approaches, practices, tools, and techniques to prevent common blockers, based on best practices from Microsoft, partners, and customers.
Now, let’s switch our thought process towards ‘Azure Scaffold’ now – the key question is ‘How to setup an Azure foundation that is scalable, flexible, dynamic, secured, and leverages the CAF framework for Azure?’
During your Cloud adoption journey, you bring your technical design and architecture experience, knowledge, and ideas around Azure Scaffold after strategy exercise is completed. i.e. after all business or organisational strategies are finalised and you are ready to move to the next phase of the journey.
Azure Scaffolding requires business and architectural mindset to make substantial decisions around numerous technical and non-technical components, so you can meet current and future technical and business requirements. Some of these topics are, making decisions around # of subscriptions, # of environments, network traffic flow, Cybersecurity principles, security control, monitoring, and backup, etc. – To help you with these topics and to smooth decision-making, we have created Azure Scaffold templates that are based on best practices and guidance from Microsoft, Partners, and Customers. You can use these templates to kick-off discussions with your wider team /or may decide to simply setup Azure Foundation as per below reference architecture. These templates are readily available to deploy recommended Hub-Spoke Azure architecture.
The Azure Scaffold template deploys a secure Azure environment that you can use to deploy application servers and resources. As part of this scaffold environment, a hub and spoke architecture is deployed, as referenced in the architecture diagram below. The hub subscription, encapsulated by a virtual network, is the sole point of connectivity between your On-Premises Network and the spoke subscriptions. The Spoke subscriptions also encapsulated as individual virtual networks are peered to the Hub using virtual network peering. As such, all ingress and egress network traffic travels via the hub and this isolates the spoke workloads to only have connectivity via the Hub vNet.
The hub and spoke architecture is split into the four subscriptions as seen in the following diagram:
The intent is, to provide Hub-Spoke Azure Architecture templates that are readily available for you to accelerate your Cloud journey, support architectural decision-making, reduce deployment efforts/costs, minimise human errors and build a secure platform. You may decide to deploy the same Architecture as described in the diagram above /or may choose to make certain changes to these templates. For e.g. you may want to remove ‘Pre-Prod’ /or ‘Non-Prod’ subscription from your architecture if you don’t need them or you may choose to deploy 3rd party firewall to meet specific Cybersecurity requirements. You can download these templates and make changes, if/where necessary, based on your requirements to expedite your Azure Scaffold build.
GitHub Repo - https://github.com/rajanbhayana/AzureScaffoldingHubAndSpokeTemplate
Refer to ReadMe to get more details on how to deploy these templates, get insight on template Roadmap, and refer to the attached document in the repo to get more details around parameters, resource values.
Reference Article - Microsoft Cloud Adoption Framework for Azure
https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/