Azure Development VMs landscape

Most of the time when an enterprise architect envisioned how the devOps landscape should look like but in reality the security team seems not to be aligned as they believe they are not part of it or left behind during the course of Azure infra discussion. This article is a small depiction of how the Azure development should look like in the entire Azure infrastructure landscape.

The azure development VMs fundamentally can talk to different VNets and Subnets either on-premise or in cloud infra. It also depends whether the requirement is to connect to other cloud services like AWS/GCP or in the same company but on-premise/Azure cloud like below examples:

a) Connect to On-premise applications like ERPs, Business warehouse and file servers. The on-premise connection happened with the help of Azure express route.

b) Connect to Azure services like PaaS Sql, WebApps etc

c) connect to Azure IaaS CI-CD pipeline as mentioned in the diagram.

As the services talks to each other in Azure or any cloud, it always has to pass through network security group or to firewall if it is going outside of Azure cloud. if Azure services are talking to on-premise then it has to go through firewall and then to Azure express route. At the on-premise end also it has to pass through the on-premise firewall and then to on-premise resources.

Since it is passing through firewall we need to open the various ports for particular IP address or subnets IPs and ports. In the above diagram it shows how the Dev machines in Azure should talk to on-premise SQL or other resources like AD and SAP web services , Business warehouse and etc.

I hope the above article will help you in designing the Azure dev Ops architecture which can connect to either eco-system or to on-premise systems.