To design cloud enterprise architecture we need focus on the following below concepts!
Target Cloud Architecture Design:
Design a Target Cloud Architecture that includes platform subscriptions, landing zones, technology stack, building blocks and target and forecast cost calculation.
Management Scope:
Organizing of cloud-based resources is critical to securing, managing, and tracking the costs related to azure resources or the application workloads.
Azure provides four levels of management scope: management groups, subscriptions, resource groups, and resources.
- Management groups: These groups are containers that help you manage access, policy, and compliance for multiple subscriptions. All subscriptions in a management group automatically inherit the conditions applied to the management group.
- Subscriptions: A subscription logically associates user accounts and the resources that were created by those user accounts. Each subscription has limits or quotas on the number of resources you can create and use. Organizations can use subscriptions to manage costs and the resources that are created by users, teams, or projects.
- Resource groups: A resource group is a logical container into which Azure resources like web apps, databases, and storage accounts are deployed and managed.
- Resources: Resources are instances of services that you create, like virtual machines, storage, or SQL databases.
Management Group Layers:
The Management Group structure will be multi-layered with each different layer serving a different purpose:
- Governance Layer: The goal of the Governance Layer is to be the main policy container, providing a top position within the hierarchy to enforce and control governance adherence.
- Management Layer: Access Management Layer, allowing for groups of users to have distributed access across all the subscriptions of an entire department
- Legacy Layer: Management Group layer that included the first iteration of policies and subscriptions.
Policy-Driven Architecture:
For policy driven architecture resources should be planned and to be split according to the level of policies affecting them.
There are two main policy categories that affect the grouping of resources:
- Governance policies that affect running resources such as tagging requirements, monitoring requirements, and other configuration level policy requirements.
- Identity and access management similarities such as resources managed by the same teams or internal project departments.