This post is part of a series, for the series contents see:
Right, here’s the high-level overview of what the IaaS lab will look like:
It’s not necessarily how you’d implement in production, the subnet design is a mess for starters, but it does allow me to test out a whole bunch of concepts/technologies:
- Resource groups
- VNET Peering
- Point-to-Site VPNs (because I don’t have a VPN router with a public IP laying around the house to setup a site-to-site VPN).
- User Defined Routing (UDR)
- Web Application Firewalls (WAF)
- NSGs and other firewalls (using an Ubuntu VM because I can’t afford an NVA such as a Barracuda or Check Point device to play with!)
Other stuff I’ll setup that isn’t immediately obvious from the diagram includes:
- Azure Security Center
- Diagnostics (hence the logs storage account)
- Azure Backup
- Encryption (I’ll give both storage account encryption and VM disk encryption a go)
- Azure Key Vault
- Azure AD (let’s try to get some RBAC going on there)
Not great from a resilience perspective as it will all be in a single Azure DC (North Europe) and none of the VMs are doubled up and in availability sets but, then again, that’s why its only a lab environment!
The goal is also to get everything up and running via PowerShell rather than the portal.