4 Deployment Scenarios
baseline ($48/mo), firewall ($336/mo), vpn ($187/mo), or full ($476/mo) — each tailored to different security and connectivity needs.
What Is SMB Ready Foundation?
SMB Ready Foundation is a repeatable, single-subscription Azure environment designed for Microsoft partners managing VMware-to-Azure migrations for small and medium business (SMB) customers.
The Problem
Section titled “The Problem”Partners managing 1,000+ SMB customers need identical Azure environments that are:
- Cheap — SMB budgets are tight; $500/month hard cap per subscription
- Secure by default — policy-enforced guardrails, no manual intervention
- Repeatable — no per-customer customization; post-deployment configuration only
- Standards-aligned — Azure CAF naming and tagging conventions
The Solution
Section titled “The Solution”A single azd up command deploys a hub-spoke network topology with governance policies, conditional networking (Firewall, VPN Gateway), and core operations services — all using Azure Verified Modules.
Governance Policies
MG-scoped and subscription-scoped Azure Policy assignments covering compute, network, storage, identity, tagging, Key Vault, monitoring, and backup.
Dual IaC Tracks
Choose Bicep (AVM-first, 13 modules) or Terraform (raw azurerm, 17 modules) — both produce identical infrastructure.
azd-Powered
Pre-provision hooks handle management group creation, policy deployment, CIDR validation, and cleanup automatically.
Architecture at a Glance
Section titled “Architecture at a Glance”Every deployment creates a hub-spoke topology with shared services:
| Resource Group | Contents |
|---|---|
rg-hub-smb-{region} | Hub VNet, NSG, Private DNS, Bastion, Firewall*, VPN GW* |
rg-spoke-prod-{region} | Spoke VNet, NSG, NAT GW* |
rg-monitor-smb-{region} | Log Analytics, Automation Account |
rg-backup-smb-{region} | Recovery Services Vault |
rg-security-smb-{region} | Key Vault + Private Endpoint |
rg-migrate-smb-{region} | Azure Migrate Project |
*Conditional — depends on the chosen scenario.
WAF Pillar Alignment
Section titled “WAF Pillar Alignment”| Pillar | Score | Trade-off |
|---|---|---|
| Security | 8/10 | Policy-enforced, no public IPs, Bastion-only access |
| Reliability | 4/10 | Intentionally low — single-zone, rebuild-from-IaC DR |
| Performance | 6/10 | B/D/E VM series restriction may limit specialized workloads |
| Cost Optimization | 9/10 | Primary pillar — free tiers, caps, budget alerts |
| Operational Excellence | 7/10 | IaC, Log Analytics, policy-driven automation |
Next Steps
Section titled “Next Steps” Prerequisites Tools and access needed before deploying
Quick Start Deploy your first environment in minutes
Partner Onboarding Scale across your customer base