Welcome to the DTU Azure Public Documentation. This page serves as your comprehensive guide to understanding DTU's strategic approach to utilizing Azure for enhancing research, teaching, and administration within secure and innovative frameworks. Our Azure strategy focuses on creating a robust foundation for value-driven exploitation of Azure Cloud, ensuring operational excellence, security, compliance, and cost-effectiveness while fostering innovation and flexibility.
DTU's Azure strategy is built on the pillars of innovation, cybersecurity, cost insight and management, compliance, data protection, and value creation, alongside a dedicated focus on public cloud education. It is designed to meet DTU's needs and is based on well-architected cloud framework principles, including cost optimization, operational excellence, security, reliability, performance efficiency, sustainability, and skills enhancement.
The displayed DTU Azure Cloud Architecture diagram demonstrates a top-down approach that DTU has adopted, focusing on scalability, security, and efficiency within our cloud infrastructure. The architecture begins with the Platform Engineering Landing Zone, featuring essential tooling such as Azure DevOps, Git, and Terraform to create a suite of common, reusable modules that serve as the building blocks for subsequent zones. Descending from this, the Platform Landing Zone is constructed using the Terraform module 'terraform-azurerm-caf-enterprise-scale', which lays out a sturdy architectural framework. Further down, the Application Landing Zone is governed by the Terraform module 'terraform-azurerm-lz-vending', streamlining the management and provisioning of Azure subscriptions and governance. The base layer, the Developer Landing Zone, provides a dynamic environment for the development and integration of applications, flexibly supporting DTU's evolving technological landscape.
Understanding the shared responsibility model helps you work effectively in Azure. It defines clear boundaries between what the Cloud Adoption team manages at the platform level and what subscription owners manage within their environments. This clarity ensures better security, compliance, and operational efficiency.
The Cloud Adoption team maintains DTU's Azure foundation, which includes landing zone architecture, security frameworks, and core infrastructure. We handle platform-level policies, identity management, and provide tools for cost management and security monitoring. For technical details about our infrastructure, see the Azure Landing Zone documentation.
Subscription owners manage their specific environments within DTU's framework. This includes application deployment, resource configuration, data management, and environment-specific security controls. You're responsible for monitoring your applications, managing costs, and ensuring compliance with DTU policies. Browse Azure Architecture examples for guidance on implementing common workloads.
Several areas require coordination between the Cloud Adoption team and subscription owners:
Handle application-specific issues within your team. For platform-level questions, architecture guidance, or security incidents, contact the Cloud Adoption team at azure-cloud-adoption@dtu.dk.
For additional information about Azure's shared responsibility model, visit Microsoft's detailed documentation.
Cloud-native engineering is about more than just using cloud services. It's about building a mindset where teams think in terms of automation, infrastructure as code, and architectural patterns. Even if you're not writing code daily, understanding these concepts helps make better decisions about our cloud infrastructure.
For subscription owners and stakeholders, grasping these fundamentals is crucial. You don't need to be hands-on, but understanding why we use infrastructure as code, why automation matters, and why we "shift left" with security makes for better cloud governance.
We prioritize open source tools and approaches where feasible within our Azure environment. This provides flexibility, strong community support, and helps maintain portability while building cloud infrastructure.
These GitHub collections provide practical examples of modern cloud engineering approaches:
https://github.com/awesome-selfhosted/awesome-selfhosted
https://github.com/shuaibiyy/awesome-tf
https://github.com/lukemurraynz/awesome-azure-architecture
All DTU staff and students with an @dtu.dk account have the ability to create their own Azure DevOps organizations. This empowers our community to leverage DevOps practices and tools effectively. For a detailed guide on setting up a new organization, visit Create an Azure DevOps Organization. In cases where an organization becomes orphaned due to the absence of active administrators, our cloud adoption team has protocols in place to recover access and ensure continuity. Please contact the Cloud Adoption team for recovery. For information on how recovery procedures work, please refer to Resolve an Orphaned Organization.
DTU users can request the creation of new Azure subscriptions by completing the following form: Subscription Request Form. This streamlined process ensures that new subscriptions are set up efficiently and aligned with DTU's Azure policies. The creation of subscriptions is automated using Terraform, which allows for scalable and consistent configuration across multiple environments. To understand more about our automation process, please visit Automated Subscription Vending.
DTU users can request the creation of new Azure Service Principal Name (SPN) with Federated Credentials for authentication by completing the following form: Azure SPN Request Form. This streamlined process ensures that new spns are set up efficiently. The creation of spns is automated via Terraform. To understand more about this solution, please visit Azure SPN Using Workload Identity Service Connection.
At DTU, governance by Azure policy plays a pivotal role in maintaining a secure, compliant, and efficient cloud environment. Our policies are crafted to protect users by enforcing standards for security, compliance, resource utilization, and cost management. These policies help ensure that Azure resources are used in a manner that aligns with DTU's strategic objectives and regulatory requirements.
Users encountering deployment errors can trace the issue to specific policies by utilizing Azure's deployment history and error messages. Azure provides tools and guidelines for users to check their compliance status and identify which policies might be blocking their actions. For detailed instructions, see Deployment operations and error messages, Determining non-compliance, and Resolving policy blocks.
To view the full details about all the policies that are deployed in our Azure environment, enhancing security and compliance, please visit our detailed policies documentation.
If you need to request an exemption from an Azure policy, please follow the steps outlined in our detailed guide. This includes identifying the need for an exemption, gathering the required information (such as resource ID, policy assignment ID, and other relevant details), and contacting the Azure Cloud Adoption team with your request. For more information, please refer to Requesting an Exemption from a Policy in Azure or visit our exemption request page.
To view a list of our Wiki documentation, please go to our wiki index.
For support please contact us via email at azure-cloud-adoption@dtu.dk or visit DTUs IT support webpage https://itservice.ait.dtu.dk/. For critical cases, please call us at +4545255555.