A set of Azure Resource Manager templates and scripts for multi-tier, multi-tenant architectures
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.


Azure ACME Foundation Templates

See the feature-modular branch for a better way, that will be merged in due time.


  • Key vault
  • Service Map agent
  • Front-end load balancers
  • Docker registry and Jenkins
  • Postgres PaaS
  • Check timezones and locales in cloud-config
  • Automation account?
  • Tag solutions and OMS
  • Split monitoring and networking
  • Windows variant
  • Timestamp deployments
  • Full diagnostics and OMS configuration (solutions, dashboards, container support)
  • Docker CE repository added to all servers to ease deployment
  • Generic layer template
  • Jumpbox and diagnostics storage account
  • Networking

Note: Right now all VMs start a redis container for testing OMS monitoring. That will be removed in the future.


This is a set of scripts to generate and deploy Azure Resource Manager templates for multi-tier, multi-tenant solutions.

A tenant is defined as a set of resource groups, each of which maps to a typical application tier or environment:

  • foundation (networking, OMS monitoring and an SSH jumpbox)
  • data (IaaS database servers)
  • middleware (app servers)
  • frontend (front-end servers)
  • devops (Jenkins, etc.)

This is what the default monitoring dashboard looks like after a few minutes:

This is what it all looks like deployed, if you hide away storage and other inconsequentials:


I needed a set of re-usable Azure templates that brought together a number of (sometimes quite widely disseminated) aspects of Linux infrastructure management (like diagnostics and monitoring) and that enabled me to get large-scale projects up to speed quickly.

As such, these templates have a number of distinguishing features from the standard Microsoft samples:

  • Everything is CLI-driven. Templates never leave your machine and are never published to a public URL
  • All layes share a foundation networking infrastructure and can be developed/tweaked independently
  • Server configurations include full Linux/Docker diagnostics, logging and monitoring, including a free tier OMS instance and sample dashboards
  • Linux package provisioning leverages cloud-config, making it easier to re-use existing on-premises (or competing providers') configurations
  • Resources and resource groups are namespaced and tagged to make it easy to deploy and manage multiple copies of the same solution for separate tenants

Why ACME? well, because I loved the Warner Bros. cartoons, and because these templates aim to let you do everything you'd possibly need to get your infrastructure running and usable in under an hour.


  • make keys - generates an SSH key for managing the servers
  • make params - generates ARM template parameters
  • make deploy-foundation - deploys the networking layer, the jumpbox, a diagnostics storage account and OMS for all servers
  • make deploy-<layername> - deploys a named layer using the generic-layer template
  • make endpoints - list DNS aliases
  • make destroy-<layername> - destroys the named layer

Recommended Sequence

# edit the Makefile to set the tenant name
# edit genparams.py to map layers to cloud-config files, set tags, etc.
az login
make keys
make params
make deploy-foundation
make deploy-data
make deploy-middleware
make deploy-frontend
make endpoints
make ssh