Best practices and recommendations

Suwarna S Kale 321 Reputation points
2023-09-26T22:44:55.58+00:00

Is it a best practice to have both Prod and DR environment under single subscription and segregated with resource group?

scenario1 - If yes, why?

scenario2- If no, why?

what are pros and cons in both scenarios?

Azure Data Factory
Azure Data Factory
An Azure service for ingesting, preparing, and transforming data at scale.
10,717 questions
{count} votes

Accepted answer
  1. PRADEEPCHEEKATLA-MSFT 89,646 Reputation points Microsoft Employee
    2023-09-27T05:32:14.01+00:00

    @Suwarna S Kale - Thanks for the question and using MS Q&A platform.

    Whether it is a best practice to have both Prod and DR environments under a single subscription and segregated with resource groups depends on your specific requirements and constraints. Here are some pros and cons of both scenarios:

    Scenario 1: Having both Prod and DR environments under a single subscription and segregated with resource groups

    Pros:

    • Easier to manage and monitor both environments as they are under a single subscription.
    • Can share resources between the two environments, which can be cost-effective.
    • Can use Azure policies and role-based access control (RBAC) to enforce governance across both environments.

    Cons:

    • If there is an issue with the subscription, both environments can be affected.
    • If there is a security breach in one environment, it can potentially affect the other environment.
    • If there is a need to separate billing or reporting for the two environments, it can be more difficult to do so.

    Scenario 2: Having Prod and DR environments under separate subscriptions

    Pros:

    • Provides better isolation between the two environments, which can improve security and compliance.
    • If there is an issue with one subscription, it does not affect the other subscription.
    • Easier to separate billing or reporting for the two environments.

    Cons:

    • Can be more difficult to manage and monitor both environments as they are under separate subscriptions.
    • Cannot share resources between the two environments, which can be less cost-effective.
    • Cannot use Azure policies and RBAC to enforce governance across both environments.

    In summary, both scenarios have their pros and cons, and the decision depends on your specific requirements and constraints. If you prioritize cost-effectiveness and ease of management, Scenario 1 may be a better fit. If you prioritize security and compliance, Scenario 2 may be a better fit.

    Hope this helps. Do let us know if you any further queries.


    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.