Hub-and-spoke topology
Why: A central hub for shared services, inspection and policy, with spokes that inherit governance consistently across both regions.
What we rejected: Isolated per-application networks with no shared inspection point.
A hub-and-spoke design with Azure Firewall, Network Security Groups and Web Application Firewalls, deployed as code across two regions — built with the in-house team so they could run it afterwards.
As part of its digital transformation, Lakeland Dairies set out to modernise its network architecture in Azure to support resilience, security and cross-regional disaster recovery — a foundation robust enough to carry more workloads to the cloud over time.
A centrally governed hub-and-spoke model implementing a Zero Trust approach: network firewalls, web application firewalls and NSGs driven by automation. Two regions with availability zones and multiple failover paths, backed by detailed design documentation.
House-style architecture diagram — hub-and-spoke across two regions
Why: A central hub for shared services, inspection and policy, with spokes that inherit governance consistently across both regions.
What we rejected: Isolated per-application networks with no shared inspection point.
Why: One place to inspect and log outbound traffic, with policy the in-house team can read and audit.
What we rejected: Per-spoke egress that scatters policy and logging across the estate.
Why: Assume breach: control east-west traffic and protect public entry points rather than trusting internal traffic.
What we rejected: A flat network that trusts anything already inside it.
Why: Reviewable, repeatable and reproducible across two regions — and handed over with the design documentation.
What we rejected: Portal click-ops that cannot be reviewed, repeated or safely handed over.
We took a mentoring-first approach with hands-on guidance across the 21-day engagement, involving the client team in the build and delivering pre-training. By handover the team understood the environment — the point was never to leave them dependent on us.
“As we continue migrating more workloads to the cloud, we partnered with Cloud Mechanix to establish a robust environment with the right governance, security, and automation in place. Cloud Mechanix's collaborative approach—particularly involving my team in the build process and delivering pre-training—was instrumental in helping us understand how we'll deliver future workloads in Azure.”