Forum Discussion
2 IT Departments split in Azure
Good Day All, I do hope someone here could point me in the correct direction in finding an answer. I am a noob on the Azure platform so please go easy hahaha. I work for a large corporate, wi...
Hi, sounds like a scenario i heard about some times.
To go ahead with 2 Subscriptions for the Cost separation sounds like a good way and also pairing this with tagging of ressources to maybe split those costs a bit more visual afterwards is a common and well known way.
While using two Subscriptions you can use Azure Management Groups for the global Management of those Subscriptions, when it is wanted. A Management Layer above pure RBAC if you want.
https://docs.microsoft.com/en-us/azure/governance/management-groups/index
I don't know how your Azure Resources will be managed, maybe Dept. 1 will manage only their Stuff and Dept. 2 may manage only their Stuff, but maybe there will be Admins working in both Subscriptions as they are responsible for Network or Monitoring. Then for those Admins those Management Groups might be more useful instead of give them RBAC rights on each single Resource.
Especially Network should always be well documented and communicated between those two Depts as they otherwise might ran in big Problems. Also with the linking of OnPremise components.
Hope i could have been a bit helpful.
Kind Regards, Peter
"I don't know how your Azure Resources will be managed, maybe Dept. 1 will manage only their Stuff and Dept. 2 may manage only their Stuff, but maybe there will be Admins working in both Subscriptions as they are responsible for Network or Monitoring. Then for those Admins those Management Groups might be more useful instead of give them RBAC rights on each single Resource."
I see each department working on their own stuff. That being everything segregated for now, however, the networking part is a bit different as we will receive a "super-net" which we will need to split between internal and external, so indeed, we will need to design the network layer extremely well
I see each department working on their own stuff. That being everything segregated for now, however, the networking part is a bit different as we will receive a "super-net" which we will need to split between internal and external, so indeed, we will need to design the network layer extremely well
Ok, understood.
I strongly recommend that there is a platform, whatever (Wiki, Teams Channel, ...) where the Admins of both Subscriptions can communicate and discuss about experience, new Features, Problems and grab some KnowHow from each other Team.
