Use lowercase letters and numbers only. Because of some restrictions (resource name length), all the abbreviations and codes should be as short as possible to leave more room for using meaningful names. In general we do not use any padding scheme in our naming conventions such as three-digit padding scheme (###).
Environment is the name that describes the deployment lifecycle of the applications or services, such as Dev, QA, or Prod.
Environment | Abbreviation |
---|---|
Production (live) |
prd |
Development |
dev |
QA / Testing |
qat |
Perimeter-based networks operate on the assumption that all systems within a network can be trusted. But today’s employees access their organization’s resources from anywhere on various devices and apps, which makes perimeter security controls irrelevant. Access control policies that focus only on who can access a resource aren’t enough. To master the balance between security and productivity, security admins also need to factor in how a resource is being accessed.
Best practice: Grant temporary permissions to perform privileged tasks, which prevents malicious or unauthorized users from gaining access after the permissions have expired. Access is granted only when users need it.
A perimeter network (also known as a DMZ) is a physical or logical network segment that provides an extra layer of security between your assets and the internet. Specialized network access control devices on the edge of a perimeter network allow only desired traffic into your virtual network.
A perimeter network is where you typically enable distributed denial of service (DDoS) protection, intrusion detection/intrusion prevention systems (IDS/IPS), firewall rules and policies, web filtering, network anti-malware, and more. The network security devices sit between the internet and your Azure virtual network and have an interface on both networks.
- Security Isolation: DMZ provides a segregated environment, isolating public-facing services from internal networks to contain and mitigate security threats effectively.
- Internal Resource Protection: By placing public services in the DMZ, internal resources are shielded from direct internet exposure, reducing the attack surface.
- Compliance and Regulations: Many compliance frameworks mandate the implementation of a DMZ to meet security and regulatory requirements.
Network Segment | Abbreviation |
---|---|
Intranet |
intra |
DMZ |
dmz |
All resources are separated on a subscription level on Azure which would enable us to set quota / limits for the resources.
Infrastructure |
Abbreviation |
Description |
Management |
mgmt |
All IT management application and systems |
Workload |
work |
All customer application and systems |
Hostname from Greek Gods can be chosen.
The choice of a name for any resource in Microsoft Azure is important because:
- It is difficult to change a name at a later time.
- Names must meet the requirements of their specific resource type.
Likewise, consistent naming conventions make resources easier to locate. They also assist in understanding the role of a resource in a solution. Naming conventions should be applied as follows on Azure resource types. We recommend that you keep the length of naming components short to prevent exceeding resource name length limits. Please refer to Naming rules and restrictions for Azure resources for up-to-date Azure resource name length limits.
Resource Type | Prefix |
---|---|
Subscriptions |
|
Resource Group |
|
Virtual Network |
|
Virtual Network Gateway |
|
Virtual Network Link |
|
Subnet |
|
Network Security Group |
|
Virtual Machines |
|
VM storage account |
|
Storage account |
|
NIC |
|
Public IP Address |
|
Load Balancer |
|
Azure Functions |
|
Workspace Name |
|
Application Insight Name |
|
Following structure can be applied for naming the Azure resources when using variables
<azure resource prefix>-<infrastructure_type>-<network zone>-<environment>
Some resource type names can include <project name>
rather than
<network zone>
if the resource type is not generic to any network zone
or controls all other resources with Azure Functions like the
marketplace application named Start/Stop VMs
It would be always good to have a tag with a name description
to the
resource type and value
describing the resource type in detail.
Resource group for all the resources to control on Production --> rg-mgmt-showroom-prd
Intranet Infrastructure Management Resource group on Production --> rg-mgmt-intra-prd
DMZ Workload Resource group on Development --> rg-work-dmz-dev
Intranet Infrastructure Management Virtual Network on Production --> vnet-mgmt-intra-prd
DMZ Workload Virtual Network on Development --> vnet-work-dmz-dev
Subscription name for the Project in Management Group --> sub-mgmt-showroom-dev
Resource Type | Prefix |
---|---|
Activation Key |
|
Credential |
|
Custom Product |
|
Custom Repository |
|
Content View |
|
Composite Content View |
|
Host Group |
|
Life Cycles |
|
Partition Table |
|
Sync Plan |
|
Partition Table |
|
Following structure can be applied for naming the Satellite resources when using variables
<satellite resource prefix>_<related product name>
RHEL 8 Activation Key --> ak_rhel8
RHEL 8 Content View --> cv_rhel8
AAP Composite Content View --> ccv_aap
Support Tools Content View --> cv_support_tools
AAP Host Group --> hg_aap
VM Hostgroup --> hg_vm
TODO:
TODO: