Azure Cloud Case Study · 2026

Building TechNova
from the Ground Up

A self-directed journey designing, deploying, and securing a complete enterprise Azure cloud infrastructure from scratch.

5
Phases
16+
Azure Services
2
Days to Build
$40
Estimated Cost
The Story

A company needed a cloud.
I built it.

TechNova Inc. is a growing Canadian tech startup. They've outgrown their on-premise servers and need to move to the cloud — but they need it done right. Secure. Scalable. Cost-efficient. Resilient enough to survive failures without going offline.

As their newly contracted Cloud Administrator, I was handed one mandate: design and deploy a complete Azure cloud infrastructure from scratch — with no pre-built templates, no guided labs, and no safety net. Just an Azure subscription, a plan, and the skills to execute it.

Over two focused build sessions, I architected TechNova's entire cloud environment — from the first resource group to the final backup policy. Every decision had a reason. Every resource had a purpose. This is that story.

The Objective

Three goals.
One infrastructure.

🔐

Security First

Deploy an infrastructure where no resource is exposed unnecessarily. Every VM secured behind Bastion. Every role following least-privilege. Every disk encrypted.

Always Available

Build a system that doesn't go down when a single server fails. Load balanced. Auto-scaling. Backed up. Designed to survive failures gracefully.

💰

Cost Conscious

Deliver enterprise-grade infrastructure without enterprise-grade waste. Budget alerts, right-sized VMs, lifecycle policies, and resource cleanup baked in from day one.

TechNova Advanced Azure Infrastructure Architecture Diagram
TechNova Advanced Azure Infrastructure — Hub-and-Spoke Architecture
The Build

Five phases.
Built in order. Built with intent.

01
Foundation

Resource Governance

Before deploying a single resource, the house needed a structure. A dedicated Resource Group was created with consistent naming conventions and tags — Environment, Project, Owner — so every resource is traceable, billable, and manageable from day one.

TechNova-RG Resource Tagging Budget Alert ($150) Canada East Region
TechNova-RG — all resources overview in Azure Portal
TechNova-RG — all resources overview in Azure Portal
Resource Group — page 2 showing full resource list
Resource Group — page 2 showing full resource list
Resource tags applied — Environment, Project, Owner
Resource tags applied — Environment, Project, Owner
Resource Group review and create confirmation
Resource Group review and create confirmation
02
Networking

Hub-and-Spoke Network Architecture

Three Virtual Networks were designed and deployed using the industry-standard hub-and-spoke pattern. The Hub VNet handles management traffic. Two Spoke VNets separate application and database workloads. VNet Peering connects them. NSGs lock down every subnet.

Hub VNet (10.0.0.0/16) App Spoke VNet DB Spoke VNet VNet Peering NSG Rules
App VNet — address space and subnet configuration
App VNet — address space and subnet configuration
App VNet — subnet details and peering settings
App VNet — subnet details and peering settings
DB VNet — isolated database network configuration
DB VNet — isolated database network configuration
All three VNets deployed — Hub, App, and DB
All three VNets deployed — Hub, App, and DB
VNet Peering configuration between Hub and spokes
VNet Peering configuration between Hub and spokes
VNet Peerings confirmed — Connected status verified
VNet Peerings confirmed — Connected status verified
IP addressing and subnet configuration details
IP addressing and subnet configuration details
Azure Marketplace — resource creation workflow
Azure Marketplace — resource creation workflow
03
Security

Compute & Security Hardening

Two Linux VMs were deployed — but never exposed directly to the internet. Azure Bastion provides secure browser-based access with no public IP. RBAC enforces least-privilege across all roles. Microsoft Defender for Cloud monitors the entire environment for threats.

2x Linux VMs (B1s) Azure Bastion RBAC Roles Defender for Cloud No Public IPs
TechNova-VM1 — overview and configuration details
TechNova-VM1 — overview and configuration details
TechNova-VM2 — overview and configuration details
TechNova-VM2 — overview and configuration details
VM2 successfully deployed and running
VM2 successfully deployed and running
RBAC — least-privilege role assignments on Resource Group
RBAC — least-privilege role assignments on Resource Group
Web NSG — overview and inbound rules
Web NSG — overview and inbound rules
NSG — HTTP port 80 and HTTPS port 443 rules configured
NSG — HTTP port 80 and HTTPS port 443 rules configured
NSG — additional HTTP/HTTPS rule confirmation
NSG — additional HTTP/HTTPS rule confirmation
DB NSG — database layer network security group
DB NSG — database layer network security group
DB NSG — SQL port 1433 restricted to AppSubnet only
DB NSG — SQL port 1433 restricted to AppSubnet only
NSG associated to subnet — traffic filtering active
NSG associated to subnet — traffic filtering active
04
High Availability

Load Balancing & Resilience

TechNova's app can't afford downtime. An Azure Load Balancer distributes incoming traffic across both VMs with health probes continuously checking server availability. If one VM goes down, traffic automatically shifts to the healthy one — users never notice.

Azure Load Balancer Health Probes Load Balancing Rules Backend Pool
TechNova-LB — Load Balancer overview and configuration
TechNova-LB — Load Balancer overview and configuration
Load Balancing Rule — port 80 traffic distribution
Load Balancing Rule — port 80 traffic distribution
Backend Pool — VM1 and VM2 registered and active
Backend Pool — VM1 and VM2 registered and active
Health Probe — continuously checking VM availability
Health Probe — continuously checking VM availability
05
Backup & Storage

Data Protection & Business Continuity

Data loss is not an option. A Storage Account with access controls and lifecycle management policies was configured. Azure Backup protects both VMs with defined recovery policies — ensuring TechNova can recover from any failure with minimal data loss and downtime.

Storage Account RBAC Access Controls Lifecycle Policies Azure Backup Recovery Services Vault
Storage Account — overview and access configuration
Storage Account — overview and access configuration
Blob Container — storage container configured
Blob Container — storage container configured
Key Vault — TechNova-DB-Password secret stored
Key Vault — TechNova-DB-Password secret stored
Key Vault overview — TechNova-KV01 configuration
Key Vault overview — TechNova-KV01 configuration
Recovery Services Vault — backup management
Recovery Services Vault — backup management
Azure Backup — VM backup policy configured
Azure Backup — VM backup policy configured
TechNova-RG — complete infrastructure, all 17 resources deployed
TechNova-RG — complete infrastructure, all 17 resources deployed
Accomplishments

What was
delivered.

16+
Azure services configured end-to-end
3
VNets peered in hub-and-spoke architecture
0
Public IPs exposed on production VMs
~$40
Total cost — well within $200 budget

Skills demonstrated across this project:

Virtual Networking Network Security Groups Azure Bastion Load Balancing RBAC & IAM Microsoft Defender Azure Backup Storage Management Cost Governance Resource Tagging High Availability Design Disaster Recovery
The End Goal

Not just a project.
Proof I can do the job.

TechNova's infrastructure demonstrates that I can take a blank Azure subscription and deliver a secure, scalable, production-ready cloud environment — the exact skillset companies hire Cloud Administrators for.

View on GitHub Connect on LinkedIn