Play 11
Landing Zone Advanced
High🔧 Skeleton
Multi-region, policy-driven enterprise AI infrastructure with firewall and DNS.
The enterprise-grade version of Play 02. Multi-region VNets with Azure Firewall, NAT Gateway, custom DNS, Azure Policy enforcement, and network segmentation. Hub-spoke topology with dedicated subnets for AI services, management, and data. Designed for regulated industries needing compliance controls.
Architecture Pattern
Enterprise network, segmentation, multi-region, policy enforcement
Azure Services
Multi-region VNetAzure FirewallNAT GatewayAzure PolicyKey VaultPrivate Endpoints
DevKit (.github Agentic OS)
- agent.md — root orchestrator with builder→reviewer→tuner handoffs
- 3 agents — LZ Advanced Builder (gpt-4o), Reviewer (gpt-4o-mini), Tuner (gpt-4o-mini)
- 3 skills — deploy (105 lines), evaluate (105 lines), tune (116 lines)
- 4 prompts — /deploy, /test, /review, /evaluate with agent routing
- .vscode/mcp.json — FrootAI MCP with tenant + subscription inputs + envFile
TuneKit (AI Config)
- config/network.json — multi-region config, firewall rules, DNS
- config/policy.json — Azure Policy definitions
- infra/main.bicep — Firewall, NAT, segmentation
Tuning Parameters
Multi-region layoutFirewall rulesNetwork segmentationPolicy enforcementRBAC scopes
Estimated Cost
Dev/Test
$200–500/mo
Production
$2K–15K/mo