An approach to isolation, security, and trust in the Microsoft cloud
I am excited to announce the distribution of Azure Virtual Datacenter guidance. Azure Virtual Datacenter (VDC) is an approach to making the most of the Azure cloud platform's capabilities while respecting your existing security and networking policies. When deploying enterprise workloads to the cloud, IT organizations and business units must balance governance with developer agility. Azure Virtual Datacenter provides models to achieve this balance with an emphasis on governance.
Enterprise IT wants their cloud-based applications to be governed by many of the same policies as their on-premises implementations. Even born-in-the-cloud applications, especially multitenant PaaS offerings and SaaS application such as Office 365, need to have well defined isolation boundaries and role-based policy enforcement. The Azure Virtual Datacenter model begins to give enterprise IT the controls they need to enforce governance.
The Azure Virtual Datacenter model provides guidance for a coherent and consistent deployment model of workloads in the Azure cloud. The first edition of this model focuses on creating a trusted datacenter extension for virtual machine-based workloads hosted on the public cloud with a connection to an on-premises datacenter. Future editions of this model will show how additional elements can be used to achieve isolation of more complex scenarios, such as orchestrator based workloads or workloads composed of platform services. Future models will also support secure Internet access directly from the virtual datacenter.
The Azure Virtual Datacenter model can be a cornerstone of many large-scale datacenter migration plans. Though datacenter migrations are inherently complex, and VDC is only one part, it does give Azure customers a familiar starting point for designing Azure deployments of multiple applications. We have found that even if VDC is used just as a discussion starting point, it does help enterprise IT teams to accelerate the migration conversations with their line-of-business and security team counterparts.
We hope you find this initial guidance useful.