Azure
/
ipam
зеркало из https://github.com/Azure/ipam.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
ipam/docs
История
IPAM GitHub Actions fb7fe292f8 Updated Azure IPAM Version to v3.4.0 [skip ci] 2024-09-03 07:15:32 +00:00
..
api Updated docs and added skip ci message to workflow commit 2024-03-05 10:53:30 -08:00
contributing Merged in changes from main branch 2024-06-03 20:48:02 -07:00
deployment Added support to change the deployment scope 2024-06-10 11:18:24 -07:00
how-to Added support to change the deployment scope 2024-06-10 11:18:24 -07:00
images Updated deploy script, bicep templates, switches Cosmos DB to use RBAC, switch KeyVault to use RBAC, updated NPM packages, added scripts for version management and building zip asset file and updated docs and screenshots to align with other updates 2024-01-15 22:36:13 -08:00
questions-comments Updated deploy script, bicep templates, switches Cosmos DB to use RBAC, switch KeyVault to use RBAC, updated NPM packages, added scripts for version management and building zip asset file and updated docs and screenshots to align with other updates 2024-01-15 22:36:13 -08:00
troubleshooting Updated docs and added skip ci message to workflow commit 2024-03-05 10:53:30 -08:00
.nojekyll Updating more homepage for Docsify 2021-10-14 15:13:52 -07:00
README.md Updated docs and added skip ci message to workflow commit 2024-03-05 10:53:30 -08:00
_coverpage.md Updated Azure IPAM Version to v3.4.0 [skip ci] 2024-09-03 07:15:32 +00:00
_sidebar.md Added a troubleshooting section to the documentation 2023-01-15 12:59:09 -08:00
index.html Added dark mode support to docs 2023-02-03 21:20:37 -08:00

README.md

Welcome to Azure IPAM

Overview and Architecture

Azure IPAM was developed to give customers a simple, straightforward way to manage their IP address space in Azure. It enables end-to-end planning, deploying, managing and monitoring of your IP address space, with an intuitive user experience. Additionally, it can automatically discover IP address utilization within your Azure tenant and enables you to manage it all from a centralized UI. You can also interface with the Azure IPAM service programmatically via a RESTful API to facilitate IP address management at scale via Infrastructure as Code (IaC) and CI/CD pipelines. Azure IPAM is designed and architected based on the 5 pillars of the Microsoft Azure Well Architected Framework.

App Service Function
IPAM Architecture IPAM Architecture

Azure IPAM Infrastructure

The Azure IPAM solution is delivered via a container running in Azure App Services or as an Azure Function. It can also be deployed in an API-only fashion if no UI is required (e.g. pure IaC model). The container is built and published to a public Azure Container Registry (ACR), but you may also choose to build your own container and host it in a Private Container Registry. More details on this can be found in the Deployment section. All of the supporting infrastructure is deployed and runs within your Azure Tenant and none of the resources are shared with other IPAM users (outside of the publicly hosted ACR).

Here is a more specific breakdown of the components used:

  • App Registrations
    • 2x App Registrations
      • Engine App Registration
        • Granted reader permission to the Root Management Group to facilitate IPAM Admin operations (global visibility)
        • Authentication point for IPAM API operations (on-behalf-of flow)
      • UI App Registration (Optional if no UI is desired)
        • Granted read permissions for Microsoft Graph API's
        • Added as a known client application for the Engine App Registration
        • Authentication point for the IPAM UI (auth code flow)
  • Resource Group
    • Contains all Azure IPAM deployed resources
  • App Service Plan with App Service (AppContainer Deployment only)
    • Runs the Azure IPAM solution as a container within App Services
  • App Service Plan with Function App (FunctionContainer Deployment only)
    • Runs the Azure IPAM solution as a container within Azure Functions
  • Storage Account with Blob Container (FunctionContainer Deployment only)
    • Storage for the Azure Function metadata
  • Cosmos DB
    • Backend NoSQL datastore for the IPAM application
  • KeyVault
    • Stores the following secrets:
      • App Registration application IDs and Secrets (Engine & UI)
      • Managed Identity ID
      • Azure Tenant ID
  • User Assigned Managed Identity
    • Assigned to the App Service to retrieve secrets from KeyVault
  • Container Registry (Optional)
    • Stores a private copy of the Azure IPAM containers

How Azure IPAM Works

Azure IPAM has been designed as such to radically simplify the often daunting task of IP address management within Azure and was built to accommodate use cases such as the following...

  • Discover
    • Identify networks, subnets and endpoints holistically across your Azure tenant
    • Visualize misconfigurations such as orphaned endpoints and improperly configured virtual network peers
  • Organize
    • Group Azure networks into Spaces and Blocks aligned to internal lines of business and enterprise CIDR assignments
    • Track IP and CIDR consumption
    • Map external (non-Azure) networks to Azure CIDR ranges
  • Plan
    • Explore "what if" cases such as how may subnets of a given mask are available within a given CIDR block
  • Self-Service
    • Allow users to reserve CIDR blocks for new virtual network and subnet creation programatically
    • Integration with Azure template deployments (ARM/Bicep), Terraform and CI/CD pipelines

User Interface

The front end is written in React and leverages the Material UI for the UI components. The UI handles AuthN/AuthZ with AzureAD via MSAL, and manages token acquisition & refresh for communication to the backend Engine API (on your behalf).

Backend Engine

The engine is written in Python and leverages the FastAPI Framework for building the APIs. It handles interfacing with Azure Resource Graph on the user's behalf to gather information about various Azure Networking related resources, and their states.