The UW Azure platform provides a Microsoft Azure Enterprise-Scale Landing Zone (ESLZ), which is the foundational Azure architecture that Microsoft recommends for enabling secure, scalable, and compliant cloud usage. The UW Azure Platform service functions as a Cloud Platform Provider, provisioning Azure subscriptions, managing shared infrastructure, interfacing Azure billing with UW, overseeing policy governance, and providing general Azure support. This approach allows academic and business units to concentrate on their applications while ensuring alignment with UW compliance and security standards and best practices.
Topics specific to the UW Azure Platform are found in this knowledge base under the UW Azure Platform heading. We are actively writing new pages so if you do not see the answer to your questions please ask.
Your most comprehensive source of detail documentation will be the Microsoft Azure documentation.
Behind the scenes the UW Azure Platform maintains shared networking resources, supports the policy governance framework and enables UWIT Information Security to fulfill their mandates. From a consumer perspective what UW Azure Platform provides is simple: Azure subscriptions for eligible UW people or groups with a UW Workday worktag for billing. Within your subscription you can use Azure resources to implement your solutions.
There are a few use cases to be aware of and explanations that may help you understand our options.
To support administrative uses and services migrated from on-premise we have designated two primary regions, West US 2 and West Central US, with redundant private connectivity through Azure ExpressRoute. These regions are preferred as primary and secondary locations for critical UW services. In our request form you can have us provision networks in these regions that are connected as part of the UW network. In this case we will create a virtual network in your subscription for convenience.
Your solution may not require the extra complexity of private connectivity to UW and you can use standard Azure networking and Internet access. Even with standalone networking we still recommend using West US 2 region as it is closest to UW and West Central US as a secondary.
There may be reasons to use other regions. For example, not all Azure resources are available in all regions. You are free to use any Azure region to implement your solution. A subscription that we provision can use any region(s) and you are not required to tell us what regions you intend to use. Do consider your compliance and legal requirements related to data residency before using regions outside the US.
Use our New Azure Subscription request form to get a subscription. If you have an existing subscription we can work with you to integrate it into our management and to take advantage of network connectivity, use the Existing Azure Subscription Support form to start that process.
An Azure subscription is provisioned with the users that you provided configured in roles that allow them to deploy resources.
If you requested a virtual network you will find a virtual network resource defined in your subscription with an address space allocated from the UW private IP range. We do not define subnets within the virtual network, you must define your own subnet(s) sized to your needs. Please do not delete the virtual network we defined without consulting with us.
That's it. A subscription is an empty container for you to work within.
There are so many services and tools in Azure that we can't describe all the possibilities, we can only show you the doors: