The Scenario
A 250-person SA mining services company has cloud-friendly workloads (email, collaboration, sales CRM) and workloads that must stay on-site (process control systems, video monitoring of sites with poor connectivity). The CIO wants a hybrid architecture that survives audit, supports growth, and does not create disaster recovery gaps.
The Brief
Design a target hybrid architecture covering compute, identity, networking, data, and security. Justify which workloads stay on-premise and which move to the cloud, and how the two halves are connected and governed.
Deliverables
- An architecture diagram or text representation showing on-premise versus cloud workloads, identity flow, network connectivity (ExpressRoute, VPN, SD-WAN), and data flows
- A workload classification table listing each major workload, its destination (on-premise / Azure / M365 / SaaS), the rationale, and the key risks of placement
- A security and identity section covering: hybrid identity (AD Connect or Entra Connect), conditional access, network segmentation between cloud and on-premise, and key management
- A disaster recovery overlay describing how the hybrid architecture supports recovery for both halves, with stated RTO and RPO tiers
Submission Guidance
Hybrid is harder than full cloud or full on-premise. Most failure modes happen at the boundary: identity sync failures, expired ExpressRoute peering, conflicting backup tools. Show that you have thought about the seams, not just the halves.
Submit Your Work
Your submission is graded against the rubric on the right. If you pass, you get a public Badge URL you can share on LinkedIn. There is no draft save, so work offline first and paste your finished response here.