As organizations and development departments begin to move toward cloud first development practices, there are often situations where employees, with the best of intentions, pull up to the buffet that is Azure and start to decide what they want to put on their plate.
They grab a little of this service and oooh some of that service and hey that looks tasty and before you know it you have a huge load of great tasting services on a plate all ready to go. Now you come to the checkout and find out that the plate that you just filled is going to cost you by the ounce, or you end up just overloading your plate and can’t manage to carry it all! There wasn’t any sign or anything to tell you before this how much this was going to cost or how much of a certain thing you could grab.
I know this seems like a bit of a stretch but we see it time and time again. Organizations want to ENABLE their developers and operations teams to move ideas from whiteboard to production as fast as possible but if a solid groundwork of governance and structure are not put in place from the beginning you end up with……results that are not optimal.
In order to set yourself and your organization up for success, it is imperative to implement standards and governance around your Azure environments. The following documentation from Microsoft does a great job of explaining the need for Azure Governance and explains the Azure Scaffold. https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-subscription-governance
The Azure Scaffold is an abstract way of thinking of how the pieces of Azure on build each other as your environment takes shape. Similar to a structure in the real world, the foundation is the most important thing and it is what allows for building bigger and better things. Let’s dig into the first foundational piece of the scaffold.
“The following image describes the components of the scaffold. The foundation relies on a solid plan for departments, accounts, and subscriptions. The pillars consist of Resource Manager policies and strong naming standards. The rest of the scaffold comes from core Azure capabilities and features that enable a secure and manageable environment.”
The basis of this scaffold is the Azure Enterprise Enrollment (Enterprise Portal). This is where an organization defines the shape and use of Azure services and is the core of the governance structure. Inside the Enterprise Agreement, organization are then able to subdivide into departments, accounts and finally into subscriptions.
Assuring that time is spent setting the correct foundation for the scaffold is essential to ensuring the success of your azure environment.
The three common patterns for Azure enrollments are:
These patterns allow for the flexibility for the organization to organize their subscriptions and then start to build their scaffold under the subscription layer. The next item to consider as the scaffolding is built out is to the policies that the organization needs to assure compliance. I covered azure policy in my last blog post here… https://nebbia.kenji.cshp.co/2018/03/02/app-modernization-and-azure-policy-enforcement/
As your organization continues down the path to cloud first development and lays the foundation for Azure governance there will very likely be questions that will come up. Feel free to reach out to us here at Nebbia and we will be more than happy to help.