Item | Link | Wordage |
|---|---|---|
main Azure Practice repo for Vending | The main subscription under which config files are placed and picked up by automation to process and vend | |
contino-engineering | an org to build the POC to house vended repositories |
Contino provide services under it’s general and enterprise agreements for access to services such as Microsoft Office 365, Azure and various other management services used for managing resources (such as license allocation) and provisioning services for a variety of requirements
It is the aim of this document to work through a scenario where
resources can be defined by non-technical users with sufficient access
resources and their delivery is automated so far as possible
resource utilisation (or lack thereof) can be picked up to ensure effective cost and license management
joiners and leavers processes can be integrated
The Microsoft CAF provides a best practice suite of modules which for a project delivery into an organisation delivery software products are very well catered for - however Contino as a collective of very technical minds, will often require a thin delivery model
Within this proof management, policy and restrictions will be delivered in line with the scope of the resources delivered, however the aim is maximum flexibility married with cost effectiveness and a frequent feedback loop for the life of deployed resources
TL/DR
Make Azure Infrastructure Management and Lifecycle super simple with IaC usable by non-technical contini’s
Components & Process
Initialisation | ||
While a management “network” and resources as described below is desirable for all stages to replicate the final intended state, the initial POC does not require it - similarly the MVP would simply require a backend state storage facility | ||
A Management system using IaC will require a highly controlled and audited management subscription to contain management resources and provide a secure location to store sensitive data and apply changes to any internal infrastructure |
| |
 |
| |
 |
| |
 |
| |
| ||
[ Initialisation ] | ||
Delivery Component | Detail |
|---|---|
GitHub repository, manual workflow for initialisation components, Terraform | |
Phased introduction of IaC delivered components adding in set tags which as they build and become populated will be central to automated management | |
Policy and automation applied will be dictated by the management groups - with basic delivery ensuring a zero access subscription and as we grow automation, actions will be tailored depending on certain criteria | |
Azure EA Subscription Vending GitHub repository, manual workflow and automated workflow to identify new configurations from json config files (one per sub) and iterate through vending
| |
Azure Image Factory - Hardened Images GitHub repository to pick up configurations of OS and CIS role to automate delivery of Azure base images with CIS enabled - auto-rebuild base images when Azure update the OS ** ready for integration as a landing zone and testing ** | |
Azure Image Factory - Customisable Images GitHub repository to pick up configurations that specify a base OS defined previous step and allow end user managed custom installs and image creation with auto-rebuild on base OS updates! ** ready for integration as a landing zone and testing ** |
Need to look at integrating:
`
Attachments:
gh-maurice-picel-bi.gif (image/gif)
image-20230221-202652.png (image/png)
image-20230221-202813.png (image/png)
image-20230221-205946.png (image/png)
image-20230221-210044.png (image/png)
image-20230221-210136.png (image/png)
image-20230221-210218.png (image/png)
image-20230221-210505.png (image/png)
Screenshot 2023-02-21 at 21.26.08.png (image/png)
Screenshot 2023-02-21 at 21.26.17.png (image/png)
Screenshot 2023-02-21 at 21.26.48.png (image/png)
Screenshot 2023-02-21 at 21.28.00.png (image/png)
image-20230223-014606.png (image/png)
automation-blue.png (image/png)
iac.png (image/png)
iac.png (image/png)
