Azure Landing Zones
Governed foundations for scalable product-team delivery.
Explore topicAzure platform architecture
Senior Enterprise Architect Manager | Azure Landing Zones | Sovereign Cloud | Platform Architecture
I design secure, scalable and governed Azure platforms for enterprise product teams and regulated workloads.
This is my architecture blog: practical thinking on platform foundations, controls and operating models that allow teams to deliver safely at enterprise scale.
I focus on Azure landing zones, sovereign and regulated cloud environments, enterprise networking and private DNS, Azure Virtual Desktop, identity controls, Terraform-based infrastructure as code and platform engineering for secure multi-tenant products.
Architecture themes for governed, secure Azure delivery.
Governed foundations for scalable product-team delivery.
Explore topicControl boundaries and resilience for regulated workloads.
Explore topicSecure enterprise desktop platform architecture.
Explore topicPrivate connectivity and enterprise name resolution.
Explore topicIdentity-led controls for trusted cloud platforms.
Explore topicRepeatable delivery with Terraform and policy automation.
Explore topicGoverned self-service capabilities for product teams.
Explore topicStart with the core patterns behind secure Azure platform foundations.
Build a governed foundation that supports autonomy, repeatability and enterprise controls.
Read architecture noteDesign private resolution patterns that stay manageable across connected landing zones.
Read architecture noteI bring more than 19 years in IT and experience spanning Microsoft Azure, Microsoft 365 and Citrix Cloud. My work includes lead Azure architecture for global multi-tenant platforms, governed landing zones and cloud foundations for regulated environments.
Find me on LinkedIn and GitHub, or read the latest articles below.
Follow new Azure architecture notes via RSS or connect with me on LinkedIn. Public technical work is also available on GitHub.
As enterprise Azure estates grow, DNS moves from being an application configuration item to being a platform control plane. A useful namespace should express durable ownership and resolution boundaries across public s...
Continue readingPrivate endpoints are straightforward to demonstrate in one virtual network. Across many subscriptions, products, environments and connected networks, private DNS becomes one of the most important shared services in a...
Continue readingPrivate connectivity is not complete when an endpoint resource exists in the portal. It is complete when the intended clients can resolve the service name correctly and use the private path reliably.
Continue readingAzure product teams need a platform that removes repeated foundation decisions without removing accountability. An Azure landing zone should make secure delivery the normal path, not become a central queue for every s...
Continue readingRecently, I invested a lot of time into writing Terraform code to deploy a fairly complex infrastructure in Azure, which included a Virtual WAN, Firewall, Azure Front Door, and multiple virtual networks in two differe...
Continue reading