-
Notifications
You must be signed in to change notification settings - Fork 988
ALZ Deploy reference implementations
This section will guide you through the process of deploying an Enterprise-Scale reference implementation in your own environment.
The Enterprise-Scale design principles and reference implementations can be adopted by all customers no matter what the size or history of their Azure estate. The following reference implementations target the most common customer scenarios for adopting Enterprise-Scale.
Reference implementation | Description | ARM Template | Link |
---|---|---|---|
Contoso | On-premises connectivity using Azure vWAN | Detailed description | |
AdventureWorks | On-premises connectivity with Hub & Spoke | Detailed description | |
WingTip | Azure without hybrid connectivity | Detailed description | |
Trey Research | For small enterprises | Detailed description |
An Enterprise-Scale reference implementation is rooted in the principle that Everything in Azure is a Resource. All of the reference scenarios leverage native Azure Resource Manager (ARM) to describe and manage their resources as part of their target state architecture at-scale.
Reference implementations enable security, monitoring, networking, and any other plumbing needed for landing zones (i.e. subscriptions) autonomously through policy enforcement. Companies will deploy the Azure environment with ARM templates to create the necessary structure for management and networking to declare a desired goal state. All scenarios will apply the principle of "Policy-Driven Governance" for landing zones by using Azure Policy. The benefits of a policy-driven approach are many but the most significant are:
-
The platform can provide an orchestration capability to bring target resources (in this case a subscription) to a desired goal state.
-
Continuous conformance to ensure all platform-level resources are compliant. Because the platform is aware of the goal state, the platform can assist with the monitoring and remediation of resources throughout their life-cycle.
-
The platform enables autonomy regardless of the customer's scale point.
To know and learn more about ARM templates used for above reference implementation, please follow this article.
- What's New?
- Community Calls
- Frequently Asked Questions (FAQ)
- Known issues
- What is Enterprise-Scale
- How it Works
- Deploying Enterprise-Scale
- Pre-requisites
- ALZ Resource Providers Guidance
- Configure Microsoft Entra permissions
- Configure Azure permissions
- Deploy landing zones
- Deploy reference implementations
- Telemetry Tracking Using Customer Usage Attribution (PID)
- Deploy without hybrid connectivity to on-premises
- Deploy with a hub and spoke based network topology
- Deploy with a hub and spoke based network topology with Zero Trust principles
- Deploy with an Azure Virtual WAN based network topology
- Deploy for Small Enterprises
- Operating the Azure platform using AzOps (Infrastructure as Code with GitHub Actions)
- Deploy workloads
- Create landing zones (subscriptions) via Subscription Vending
- Azure Landing Zones Deprecated Services
- Azure Landing Zone (ALZ) Policies
- Policies included in Azure landing zones reference implementations
- Policies included but not assigned by default and Workload Specific Compliance initiatives
- Policies FAQ & Tips
- Policies Testing Framework
- Migrate Azure landing zones custom policies to Azure built-in policies
- Updating Azure landing zones custom policies to latest
- MMA Deprecation Guidance
- Contributing