Skip to content

Latest commit

 

History

History
339 lines (301 loc) · 10.7 KB

naming_scheme.md

File metadata and controls

339 lines (301 loc) · 10.7 KB

Naming Scheme

Use lowercase letters and numbers only. Because of some restrictions (resource name length), all the abbreviations and codes should be as short as possible to leave more room for using meaningful names. In general we do not use any padding scheme in our naming conventions such as three-digit padding scheme (###).

Environment

Environment is the name that describes the deployment lifecycle of the applications or services, such as Dev, QA, or Prod.

Environment Abbreviation

Production (live)

prd

Development

dev

QA / Testing

qat

Network Zone

Perimeter-based networks operate on the assumption that all systems within a network can be trusted. But today’s employees access their organization’s resources from anywhere on various devices and apps, which makes perimeter security controls irrelevant. Access control policies that focus only on who can access a resource aren’t enough. To master the balance between security and productivity, security admins also need to factor in how a resource is being accessed.

Best practice: Grant temporary permissions to perform privileged tasks, which prevents malicious or unauthorized users from gaining access after the permissions have expired. Access is granted only when users need it.

A perimeter network (also known as a DMZ) is a physical or logical network segment that provides an extra layer of security between your assets and the internet. Specialized network access control devices on the edge of a perimeter network allow only desired traffic into your virtual network.

A perimeter network is where you typically enable distributed denial of service (DDoS) protection, intrusion detection/intrusion prevention systems (IDS/IPS), firewall rules and policies, web filtering, network anti-malware, and more. The network security devices sit between the internet and your Azure virtual network and have an interface on both networks.

  • Security Isolation: DMZ provides a segregated environment, isolating public-facing services from internal networks to contain and mitigate security threats effectively.
  • Internal Resource Protection: By placing public services in the DMZ, internal resources are shielded from direct internet exposure, reducing the attack surface.
  • Compliance and Regulations: Many compliance frameworks mandate the implementation of a DMZ to meet security and regulatory requirements.
Network Segment Abbreviation

Intranet

intra

DMZ

dmz

Infrastructure

All resources are separated on a subscription level on Azure which would enable us to set quota / limits for the resources.

Infrastructure

Abbreviation

Description

Management

mgmt

All IT management application and systems

Workload

work

All customer application and systems

Hostname

Hostname from Greek Gods can be chosen.

Product Specific

Azure

The choice of a name for any resource in Microsoft Azure is important because:

  • It is difficult to change a name at a later time.
  • Names must meet the requirements of their specific resource type.

Likewise, consistent naming conventions make resources easier to locate. They also assist in understanding the role of a resource in a solution. Naming conventions should be applied as follows on Azure resource types. We recommend that you keep the length of naming components short to prevent exceeding resource name length limits. Please refer to Naming rules and restrictions for Azure resources for up-to-date Azure resource name length limits.

Resource Type Prefix

Subscriptions

sub-

Resource Group

rg-

Virtual Network

vnet-

Virtual Network Gateway

vnet-gw-

Virtual Network Link

vnet-link-

Subnet

subnet-

Network Security Group

nsg-

Virtual Machines

vm-

VM storage account

stvm-

Storage account

st

NIC

nic-

Public IP Address

pip-

Load Balancer

lb-

Azure Functions

func-

Workspace Name

wrkspc-

Application Insight Name

app-insight-

Following structure can be applied for naming the Azure resources when using variables

<azure resource prefix>-<infrastructure_type>-<network zone>-<environment>

Some resource type names can include <project name> rather than <network zone> if the resource type is not generic to any network zone or controls all other resources with Azure Functions like the marketplace application named Start/Stop VMs

It would be always good to have a tag with a name description to the resource type and value describing the resource type in detail.

Examples

Resource group for all the resources to control on Production --> rg-mgmt-showroom-prd
Intranet Infrastructure Management Resource group on Production --> rg-mgmt-intra-prd
DMZ Workload Resource group on Development --> rg-work-dmz-dev
Intranet Infrastructure Management Virtual Network on Production --> vnet-mgmt-intra-prd
DMZ Workload Virtual Network on Development --> vnet-work-dmz-dev
Subscription name for the Project in Management Group --> sub-mgmt-showroom-dev

RH Satellite

Resource Type Prefix

Activation Key

ak_

Credential

gpg_

Custom Product

Custom Repository

repo_

Content View

cv_

Composite Content View

ccv_

Host Group

hg_

Life Cycles

Partition Table

pt_

Sync Plan

sync_

Partition Table

pt_

Following structure can be applied for naming the Satellite resources when using variables

<satellite resource prefix>_<related product name>

Examples

RHEL 8 Activation Key --> ak_rhel8
RHEL 8 Content View --> cv_rhel8
AAP Composite Content View --> ccv_aap
Support Tools Content View --> cv_support_tools
AAP Host Group --> hg_aap
VM Hostgroup --> hg_vm

RHIdM

TODO:

AAP

TODO: