At risual, our consultants work with the cutting-edge software from Microsoft. Such was the case with my latest project; our client is looking for the creation of Azure Blueprints and Landing Zones. These blueprints will be used to deploy a standardised configuration to multiple partners.
In a nutshell, a Landing Zone is a group of resources that provide the foundation of an organisation. A landing zone can use a blueprint to deploy that organisation. The blueprint is a super-template. Within Azure, a template is specific to a single type of resource i.e. a template for virtual machines, a template for virtual networks, etc. but a blueprint allows for multiple templates into a single JSON (JavaScript Object Notation) document.
This allows the deployment of the following:
- Security Roles
- Azure Policies
- Resource Groups
- Virtual Networks
- Virtual Machines
- Network Security Groups
- Any other resources from Azure that can be created from an ARM template
Working with the client, we create a blueprint for each Azure subscription based on the Microsoft Cloud Adoption Framework for Azure (CAF). Deploying the resources needed, we are building up the organisation to match the client’s requirements. Once built, we will export the templates which were added to update the blueprint.
That said, there have been some hard-learnt lessons (for me):
- In creating resources, it’s very easy to miss some of the instructions about naming them. Once created, a resource cannot be renamed so if you make a mistake, you have to start again.
- In creating virtual machines, Azure may create additional resources that the client won’t want. The VMs were created with additional Network Security Groups (which weren’t needed as a global NSG was already in place for each Resource Group) and potentially a Public IP Address if you’re not paying attention.
By the end of this project, risual will have a set of blueprints and PowerShell scripts that will allow the client to roll out a standard tenant configuration for it’s partners.
