Azure IaaS Lab – High-level

This post is part of a series, for the series contents see:

Right, here’s the high-level overview of what the IaaS lab will look like:


It’s not necessarily how you’d implement in production, the subnet design is a mess for starters, but it does allow me to test out a whole bunch of concepts/technologies:

  • Resource groups
  • VNET Peering
  • Point-to-Site VPNs (because I don’t have a VPN router with a public IP laying around the house to setup a site-to-site VPN).
  • User Defined Routing (UDR)
  • Web Application Firewalls (WAF)
  • NSGs and other firewalls (using an Ubuntu VM because I can’t afford an NVA such as a Barracuda or Check Point device to play with!)

Other stuff I’ll setup that isn’t immediately obvious from the diagram includes:

  • Azure Security Center
  • Diagnostics (hence the logs storage account)
  • Azure Backup
  • Encryption (I’ll give both storage account encryption and VM disk encryption a go)
  • Azure Key Vault
  • Azure AD (let’s try to get some RBAC going on there)


Not great from a resilience perspective as it will all be in a single Azure DC (North Europe) and none of the VMs are doubled up and in availability sets but, then again, that’s why its only a lab environment!

The goal is also to get everything up and running via PowerShell rather than the portal.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: