Governance in Azure is a hot topic and I often find myself talking to customers about Azure Enterprise Scaffold which is a prescriptive approach to subscription governance. I noticed today that a new (free) eBook has been released by the Azure Customer Advisory Team (AzureCAT). This book discusses how hosting on a cloud infrastructure is fundamentally different from hosting on a traditional on-premises infrastructure, and provides detail about how you can use the Azure Virtual Datacentre model to structure your workloads to meet your specific governance policies.
The first part of the eBook discusses three essential components; Identity, Encryption and Software Defined Networking with compliance, logging, auditing and reporting running across all these areas. It goes into detail about the technologies available in Azure that can help you to achieve this, for example Microsoft Compliance Manager, Availability Zones and other features such as Global VNet peering which I’ve discussed in other blog posts. It also talks about new and upcoming features such as confidential computing through TEE as well as virtual machine capabilities such as Secure Boot and Shielded VMs. There are many more areas discussed in the book which is well worth reading.
The second part of the eBook brings this to life using Contoso as an example case study and this helps you to visualise and understand how you could interpret it for your organisation. The final part of the book discusses the cloud datacentre transformation, and how this is an on-going process to modernise an organisations IT infrastructure. It talks about the balance between agility and governance and discusses some common workload patterns.
This looks to be a great read (kudos to the AzureCAT team!) to make what is a difficult area easier to understand, and also provides a great model to pin design considerations against. Look forward to reading it in more detail later! The book can be downloaded at the following link: https://azure.microsoft.com/en-us/resources/azure-virtual-datacenter/en-us/