Table of Contents

Production Architecture

Regardless of the cloud vendor, on-prem, off-prem or hybrid, the guiding principles of production architecture remain the same.


Guiding Principles

  • Principle of least access
  • Isolate at the network layer 1
  • Must have DR (disaster recovery)
  • Must be HA (highly available)
  • All access from internet goes thru a firewall (layer 7)
  • Admin users can only connect to network via jumpbox from known IP range
  • Protected network only accepts requests from public network IP
  • DB in restricted network (only accessible by protected network or jumpbox)
  • Can only connect to jumpbox from a known IP address
  • Keep your audit logs in a different location from your app
  • For DR, spin up similar system in another geo location
  • Use DB Peering between the two locations
  • Use load balancers to handle cutover


  • At a minimum, non-prod and prod and expand as needed
  • Script everything so spinning up new environments is repeatable
  • DR is a production clone in another geo location

Cloud Security

Roles & Access Controls (Principle of least access)

  • Restrict access to admin portal & cli to only view necessary resources (e.g. In Azure, limit view to the resource group)
  • Turn on MFA
  • Notify all admins when a change is made to admin settings

Data Collection and Storage

  • Encryption at rest (e.g. Turn on transparent data encryption in Azure SQL Server)
  • Encryption in transit (e.g. SSL)
  • Turn on soft delete
  • Use SAS (Shared Access Signature) tokens with limited timeframe (e.g. 20 mins instead of 6 months)
  • Turn on security alerts and monitoring (e.g. Azure’s advanced threat protection)



: Subnet calculator useful for network design