AzureAKSKubernetesInfrastructureNetwork SecurityPlatform Engineering

Enterprise Agent Infrastructure on Azure

Name: Enterprise Agent Infrastructure on Azure
Price: 3495 USD

Bridge the gap between building agents and running them in production. Start with cost estimation and FinOps so you can present a budget before provisioning. Design AKS clusters with tiered node pools and a 4-tier storage architecture. Build a 3-layer egress defense system — Envoy sidecar proxies, Cilium FQDN policies, and Azure Firewall Premium. Implement a custom Kubernetes Operator (AgentFilterPolicy CRD) that reconciles per-agent filtering across all security layers. Plan for disaster recovery with multi-region failover. Build a self-service developer portal so your application teams can deploy agents through self-service workflows.

Duration 5 weeks

Level Advanced

lessons 20

Total Hours 50+

Instructor Rafael Kemish Microsoft Certified Trainer · Azure AI & Platform Engineering

Curriculum

Azure compute options for AI agents: AKS vs. ACA vs. Functions vs. ACI

Cost estimation & FinOps: infrastructure budgets before you provision

AKS cluster design: node pools, reserved instances & sizing for 200+ agents

Per-agent resource budgets & deployment patterns

4-tier storage architecture: Azure Files SSD, Blob Hot, Blob Cool & tmpfs scratch

Entra ID workload identity & Kubernetes service account binding

Per-tenant Key Vault isolation with CSI Secrets Store Driver

Tiered tenant isolation: dedicated cluster, namespace & shared models

Hub-and-spoke networking: Azure Firewall, Private Endpoints & NSGs

Layer 1 — Envoy sidecar proxy: forward proxy, ext_authz & URL categorization

Layer 2 — Cilium FQDN policies: Azure CNI with ACNS & CiliumNetworkPolicy per agent

Layer 3 — Azure Firewall Premium: threat intelligence, web categories & TLS inspection

AgentFilterPolicy CRD: designing the custom resource schema

Operator reconciliation: syncing policy across sidecar, Cilium & Firewall layers

Identity-to-policy binding: Entra ID → Kubernetes labels → filtering rules

Per-node-pool routing & the decision guide: minimum viable to full enterprise

Observability: Application Insights, OpenTelemetry & unified audit trails

GitOps CI/CD: GitHub Actions, ACR, Helm, Flux & blue-green deployments

Disaster recovery: multi-region failover, backup strategies & business continuity

Developer onboarding: self-service namespaces, guardrails & the agent developer portal

What You'll Build

A production AKS cluster with tiered tenant isolation, node pools, and a 4-tier storage architecture
A 3-layer egress defense system with Envoy sidecar proxy, Cilium FQDN policies, and Azure Firewall Premium
A custom Kubernetes Operator (AgentFilterPolicy CRD) that reconciles per-agent filtering across all three security layers
A disaster-recovery-ready platform with GitOps CI/CD and self-service developer onboarding

Prerequisites

Working knowledge of Kubernetes (pods, deployments, services, namespaces) and Helm
An Azure subscription with permissions to create AKS clusters, VNets, and Firewall resources
Familiarity with networking fundamentals (DNS, HTTP proxies, TLS) and Linux command line

Frequently Asked Questions

Can I get an invoice for my company?

Yes. After purchase you'll receive a detailed invoice via email. For custom invoicing or purchase orders, reach out via the contact form on our Teams page.

Do you offer team or group pricing?

Absolutely. We offer up to 20% off for teams of 2 or more, with custom pricing for 10+. Visit our Teams page and fill out the contact form for a quote.

What's your refund policy?

Full refund up to 7 days before the first session, no questions asked. After session 1, reach out — we'll find a fair solution.

Will I get a certificate of completion?

Yes. Upon completing all sessions, you'll receive a verifiable certificate of completion that you can share on LinkedIn or with your employer.

Do I get access to session recordings?

Yes. All live sessions are recorded and available for 6 months after the cohort ends. Watch them at your own pace to review material.

What if I can't attend a live session?

No problem. Recordings are available within 24 hours. You can also ask questions asynchronously in the private community channel.

What prerequisites do I need?

Each course lists specific prerequisites on this page. In general, you need comfortable programming skills and basic familiarity with APIs and cloud services.

About Your Instructor

Rafael Kemish is a Microsoft Certified Trainer with 25 years in the Microsoft ecosystem and 23 active certifications. As a Senior Technical Consultant at Microsoft, he has trained over 5,000 professionals at organizations including NASA, Microsoft, Honda, and Citrix. He specializes in Azure AI, OpenAI integration, and enterprise platform engineering — teaching what actually works in real-world production deployments.