timja
commented
1 year ago Original Work Item Details
| Created date | Created by | Changed date | Changed By | Assigned To | State | Type | Area Path | Iteration Path| |---|---|---|---|---|---|---|---|---| | 04/13/2023 15:50:55 | Eamon Alkadhimi | 06/08/2023 15:11:51 | richard.rothery | | New | Epic | PlatformOperations\EEB | PlatformOperations\Sprint 68 W |
DTSPO-13416
Summary
Azure Firewall is currently deployed as a single zone which doesn't meet current architectural standards of using availability zones where possible. It should therefore be re-deployed to multiple availability zones.
This will need new Azure firewalls to be deployed as you can only set it at deployment time, meaning there is likely to be substantial impact to teams and services. We therefore want to complete the work looking at Azure Firewall vs Palo Alto before revisiting this decision. Additionally Azure Firewall provides a 99.99% SLA without availability zones, which is higher than some of the rest of the platform anyway - which should help allow us delay the work until we know the result of looking at consolidation of Palo vs Azure Firewall.
Intended Outcome
Azure Firewall instances are redeployed using Availability zones to provide enhanced HA
Impact on Teams
Because of the re-ip as a result of redeployment, there is likely impact to any team that currently has public IP addresses on Azure Firewall that are directly in use by client systems (think this mainly impacts Heritage, but may also impact others). Services that come through front-door should be able to be migrated without impacting them.