Featured image of post Going pro? Get yourself some subscriptions
Explained Architecture

Going pro? Get yourself some subscriptions

Disclaimers: What I propose here is not the one proposal to rule them all. Each project is unique, and each client has their own needs. With that said, let’s see how many subscriptions we need.

Common Approaches to Azure Landing Zones

When it comes to Azure Landing Zones and Cloud Architecture, I’ve seen various approaches:

  • Single Subscription: Everything is placed in one subscription, with resource groups named to differentiate environments like Production and Test.
  • Per Product Subscription: Each product gets its own subscription for easier isolation and management.

Personally, I prefer a different approach, inspired by Microsoft’s recommendations and my own experience.

A Practical Model for Small & Medium Clients

The model I propose works well for small and medium-sized clients. It balances simplicity with scalability, as shown below:

The approach I find most suitable

Why Only One Tenant?

  • Centralized Identity Management: Azure AD resides in a single tenant, making it easier to manage identities and access.
  • Unified Budget: All projects typically share the same budget source.
  • Migration Exception: Multiple tenants might be needed only during migrations.

Why Only One Management Group?

  • Simplified Budgeting: Breaking down budgets further hasn’t been necessary in my experience.

Why 4 (or 3) Subscriptions?

Separation of Concerns

Creating separate subscriptions for each environment ensures:

  1. Cost Management: Better visibility into costs per environment.
  2. Environment Isolation: No experiments in production.
  3. Team Independence: Teams can work without disrupting each other.

Subscription Breakdown

  1. Production (Prod):

    • Contains real, up-to-date data.
    • Resources are configured for performance and reliability.

  2. Release Candidate (RC):

    • Mirrors production with anonymized or cropped data.
    • Used by clients to test new releases.

  3. Test:

    • For integration testing by developers.
    • Can be skipped if budget constraints exist.

  4. Development (Dev):

    • A playground for experimentation.
    • Necessary for resources that cannot be emulated.

Maintaining Identical Subscriptions

While environments become more flexible moving from Prod to Dev, maintaining consistency is crucial. The solution? Infrastructure as Code (IaC).

Tags: Architecture, Azure, Landing Zones

© 2022 - 2025 Nikolaos Delis
All rights reserved
Built with Hugo
Theme Stack designed by Jimmy