This case study exercise is designed to provide experience performing some conceptual design tasks that relate to the subjects learned in this module.

Case study: Recommend secure methodology with CAF

  • Contoso Banking is a subsidiary of Contoso Group, that is being carved out into an independent business entity. Contoso Banking will be a separate company with its own infrastructure and IT organization.
  • The Contoso Banking infrastructure will be based entirely in the Microsoft Azure cloud. To build a secure cloud platform from the beginning of the company, you need to design a secure Azure Landing Zone.
  • The terms of the agreement dictate that the transition needs to take maximum of 6 months
  • Contoso Banking plans to build the next-generation FinTech solution using cloud-native solutions. MVP 1 release needs to be done in 6 weeks.

Requirements

Contoso Group does not use any cloud services, the infrastructure is entirely hosted in their own data center. The environment that will be part of Contoso Banking includes:

  • Environment 1: Core banking systems: 20 apps. Security is essential.
  • Environment 2: Next-gen / Fintech app, built on Azure Kubernetes Service and Azure Data Lake. 100 releases per month

Planned Changes

Environment 1: Contoso Banking plans to move all the core banking infrastructure to the cloud. The approach needs to include the following:

  • Deploy a landing zone with where the core applications are hosted.
  • The users need to access the core applications from secure cloud-based workstations. The users need to have consistent user experience to access the applications.
  • The solution needs to ensure best practices on identity and access management , governance, security, network and logging are followed.

Environment 2 (Fintech app) needs to meet the following requirements:

  • Release 100x / month
  • Continuously be audit-ready
  • Comply with PCI-DSS

Design tasks

  • What are the components needed to be deployed into the landing zone?
  • How will the choice of workloads affect the implementation time and complexity?
  • How would you implement the secure access to core apps?
  • Which Azure Landing Zone should you recommend Contoso Banking to implement for Environment 1?
  • Which Azure Landing Zone should you recommend Contoso Banking to implement for Environment 2?