Azure Design Document
January 11, 2021
I couldn’t find a proper design document template for Azure projects when searched in the internet, so I thought better I’ll make a reference design template for solutions based on Azure cloud.
Solution Architecture
- Solution Diagrams using latest approved Azure icons.
Sample Diagram (Image owned by Microsoft Corporation)
- General overview of solution architecture, Azure services and Non-Azure services used. (Example Function App, API, Azure AD, Front Door, Storage Account etc.)
- Decision factors behind using specific services.
Network Architecture
- Solution communication flow between the components and other systems which are integrated
- Whitelisting of certain IPs as access to the public end points of the resources will be restricted from Internet
- Source and Destination communication matrix
Sample Diagram (Image owned by Microsoft Corporation)
Storage Architecture
- Whether Storage is a Database in IaaS, or as a PaaS service like Azure SQL DB, Cosmos DB, Storage account etc.
- Architecture Diagram of the Storage
Sample Diagram (Image owned by Microsoft Corporation)
Backup and Disaster Recovery Architecture
- Sample Diagram (Image owned by Microsoft Corporation)
Security Architecture
- Details on securing the solution at Network Level – using Azure services or third-party products. (Example Firewall, WAF, Application gateway etc.) need to be detailed.
- Details on securing the data of the solution– (Example: Data in transit, data at Rest, data encryption, masking etc.) need to be detailed.
- Details on Identity and Access Requirements for all the components used in the solution architecture – RBAC (at all levels of the enterprise from network access control at the device level, database access control at the data level, application level access control, as well as user access), SPN, Key Vaults, Access Keys etc.
- Certificate Requirements
Sample Diagram (Image owned by Microsoft Corporation)
Environment Details
- Resources and their specifications along with cost is required in Production Azure Subscription.
- Resources and their specifications along with cost is required in Staging Azure Subscription.
- Resources and their specifications along with cost is required in DevTest Azure Subscription.
Sample Table:
| Service type | Quantity | Region | Description |
| Container Registry | 1 | West Europe | Standard Tier, 5 units x 30 days, 5 GB Bandwidth, 0 GB Extra Storage |
| Storage Accounts | 1 | West Europe | File Storage, Premium Performance Tier, LRS Redundancy, 100 GB Capacity, 100 GB Snapshots |
| Azure Database for MySQL | 1 | West Europe | Memory Optimized Tier, 1 Gen 5 (4 vCore), 1 year reserved, 5 GB Storage, 100 GB Additional Backup storage – LRS redundancy |
| Notification Hubs | 1 | West Europe | Free tier |
| App Service (Two slots for web app) | 1 | West Europe | Premium V2 Tier; 2 P3V2 (4 Core(s), 14 GB RAM, 250 GB Storage) x 730 Hours; Linux OS |
| App Service (Two slots for Cron jobs) | 1 | West Europe | Premium V2 Tier; 2 P3V2 (4 Core(s), 14 GB RAM, 250 GB Storage) x 730 Hours; Linux OS |
Monitoring Architecture
- Azure Monitoring
- Log Analytics
- Application Insights
- Diagnostic settings
Sample Diagram (Image owned by Microsoft Corporation):
Deployment Architecture
- ARM template, PS, DSC, CLI etc. (Deployment using Azure Portal is not accepted)
- DevOps – Repos, Service Connection, Build and Release Pipelines.
- Slots for Prod and Pre-Prod.
Sample Diagram (Image owned by Microsoft Corporation)
Integrations
- Integration with other systems
- Source and Destination communication matrix
Sample Diagram (Image owned by Microsoft Corporation)
Assumptions and Considerations
- Existing NGFW and WAF will be used for the solution
- Sentinel will be used as security information event management (SIEM) and security orchestration automated response (SOAR) solution
Appendix
- Asset naming convention document
- Asset reference document
- Tagging convention document