Build and Deploy the Azure Virtual Datacentre - Part 1: Introduction & Overview
Stephen Tulp
APAC Tech Strategist & Distinguished Technologist | Microsoft Azure MVP - Azure Infra as Code
In a previous article I have talked about the Azure Virtual Datacentre (AVDC) using Infrastructure as Code and the key areas of focus that need to be addressed when designing and implementing Azure. I have been meaning to expand on this original post to go into more detail and breakdown the areas that I previous discussed, but as most consultants will know finding the time to do this can be hard fitting it in between client work. The previous article can be found here.
What is an Azure Virtual Datacentre and why do I need it?
The AVDC focuses on creating a trusted extension of an on-premises datacentre making the most of the Azure cloud platform capabilities while respecting organisational security and governance policies. The AVDC ensure that Governance, Architecture, Operations and Security is addressed as part of a customer's journey to Azure leveraging a standardised and best practice environment, based on reference architecture using Infrastructure as Code.
In this series I will cover the build and deployment of the AVDC based on the Insight offering that my team has created and refined over the last 2 years. The series will be split into multiple articles, focusing on;
- Introduction & Overview
- Architecture - (Networking, Identity and Security)
- Governance
- Operations
The diagram below is one that I present quite often to customers as it explains the three key areas outlined above and need to be addressed as part of a customers journey to Azure.
Azure Virtual Datacentre Design
The environment I will use throughout the series is based on the hub-and-spoke model which is a core design pattern that is used to provide the foundations for the AVDC. Further to this, some points for the demo include:
- Three (3) Azure subscriptions - Shared Services or "Hub", Production and non-Production "Spokes" (This will be simulated in a single MSDN subscription.
- The solution will focus on and Azure Region (Australia) using paired datacentres of Australia East (Sydney) and Australia SouthEast (Melbourne).
- The Shared Services subscription will host key network infrastructure, policies and security controls, with the spokes focused on workloads.
- Network, Security, Administration and Backup Resource Groups will be created in each subscription
The diagram below outlines the architecture that will be deployed based on the details above.
Prepare the AVDC
The master.json is used for all the global parameters and settings that will be used to build the templates, these include various codes for naming conventions, locations, network connectivity options and subscription IDs.
Build the AVDC
Now we have the master.json all configured, we can build the AVDC by running the Build-AzureVirtualDatacentre.ps1 script. This will create a storage account to host all the IaC templates, calculate the Vnets and subnets from the CIDR I have allocated, create the IaC templates an upload them to the storage account.
- Execute the script
- Calculate Network ranges
- Create the storage account
- Upload the templates to the storage account
Deploy the AVDC
Now the templates are uploaded to the storage account we can execute the Deploy-AzureVirtualDatacentre.ps1 script to test the templates and then deploy them to the appropriate location.
End Result
Once all the templates are provisioned we should see 12 Resource Groups ( 4 per subscription) and an overall dashboard that represents the deployed AVDC, segregated into the core areas that are deployed.
In the article I will go into the details on Software Defined Networking details that have been deployed as part of the environment.