Azure Design Feasibility Report (Hybrid Strategy & Costs)
This report analyzes your 50 Azure Designs by combining the strengths of your Pluralsight Sandbox (for compute/networking) and your Azure Free Tier (for Identity/SaaS).
💰 Cost Analysis (Pay-As-You-Go)
Since your Free Tier trial has expired, here are the estimated costs for the "Free Tier" components used in this strategy.
| Service |
SKU / Tier |
Estimated Cost |
Notes |
| Entra ID (Azure AD) |
Free |
$0.00 |
Always free (500k objects). |
| Azure AD B2C |
Free |
$0.00 |
First 50,000 MAUs are free. |
| Azure DevOps |
Basic |
$0.00 |
First 5 users are free. |
| Cosmos DB |
Free Tier |
$0.00 |
First 1000 RU/s & 25GB storage free (lifetime). |
| App Service |
F1 (Free) |
$0.00 |
60 mins/day CPU, shared infrastructure. |
| Storage (LRS) |
Hot |
~$0.02 / GB |
Pennies. 1GB lab = 2 cents/month. |
| Key Vault |
Standard |
~$0.03 / 10k ops |
Lab usage is negligible (< 1 cent). |
| Static Website |
Storage |
~$0.02 / month |
Hosting a small site is dirt cheap. |
| Bandwidth |
Internet Egress |
~$0.08 / GB |
First 100GB is often free. Lab usage is negligible. |
Total Estimated Monthly Cost for Labs: < $0.50 USD (if you clean up large files).
🔌 Connectivity: How Sandbox Talks to Free Tier
You do NOT need expensive VPNs or ExpressRoute to connect these environments for labs. We use Public Endpoints secured by authentication.
- Scenario 1: Sandbox VM → Free Tier SaaS (e.g., Key Vault, Storage)
- Method: Public Internet (HTTPS).
- Cost: $0.00.
- Security: The Sandbox VM authenticates using a Connection String or Access Key.
- Scenario 2: Sandbox Agent → Azure DevOps (Free Tier)
- Method: Outbound HTTPS (443).
- Cost: $0.00.
- Mechanism: The agent polls Azure DevOps for jobs. No inbound ports needed.
- Scenario 3: Sandbox VM (AD Connect) → Entra ID (Free Tier)
- Method: Outbound HTTPS (443).
- Cost: $0.00.
- Mechanism: AD Connect sync engine pushes hash data to Azure.
📊 Combined Feasibility Summary
| Category |
Count |
Description |
| ✅ Fully Practicable |
42 |
By combining both environments, you can do almost everything. |
| ⚠️ Simulate / Mock |
5 |
Requires expensive hardware (SAP, AVS) or specific blocked features. |
| ❌ Blocked |
3 |
Truly impossible without Enterprise agreements (e.g., ExpressRoute Circuits). |
📝 Detailed Analysis by Design
Designs 1-10: Foundation
| Design |
Best Venue |
Notes |
| 01. Static Website | Free Tier | Cost: ~$0.02/mo (Storage). |
| 02. Single VM | Sandbox | Free (in Sandbox). |
| 03. Load Balancer | Sandbox | Free (in Sandbox). |
| 04. PaaS Web App | Free Tier | Cost: $0.00 (F1 Plan). |
| 05. Hub & Spoke | Sandbox | Free (in Sandbox). |
| 06. NVA (Routing) | Sandbox | Free (in Sandbox). |
| 07. VM Scale Sets | Sandbox | Free (in Sandbox). |
| 08. Storage Options | Free Tier | Cost: ~$0.02/GB. |
| 09. Azure Files | Sandbox | Free (in Sandbox). |
| 10. Monitoring | Free Tier | Cost: $0.00 (5GB/mo free ingestion). |
Designs 11-20: Advanced Networking
| Design |
Best Venue |
Notes |
| 11. VPN Gateway | Sandbox | Free (in Sandbox). |
| 12. Container Instance | Sandbox | Free (in Sandbox). |
| 13. Key Vault | Free Tier | Cost: < $0.01. Use Free Tier to practice RBAC. |
| 14. Backup | Sandbox | Free (in Sandbox). |
| 15. Traffic Manager | Sandbox | Free (in Sandbox). |
| 16. VMSS Autoscaling | Sandbox | Free (in Sandbox). |
| 17. Multi-Tier (App Svc) | Hybrid | Frontend (Free Tier F1) → Backend (Sandbox VM). |
| 18. App Gateway (WAF) | Sandbox | Free (in Sandbox). |
| 19. Site-to-Site VPN | Sandbox | Free (in Sandbox). |
| 20. Azure Firewall | Sandbox | Free (in Sandbox). |
Designs 21-30: Security & Governance
| Design |
Best Venue |
Notes |
| 21. Private Link | Sandbox | Free (in Sandbox). |
| 22. AKS (Basic) | Sandbox | Free (in Sandbox). |
| 23. Azure AD B2C | Free Tier | Cost: $0.00 (Free for 50k MAUs). |
| 24. API Management | Sandbox | Free (in Sandbox). |
| 25. Cosmos DB | Free Tier | Cost: $0.00 (Free Tier). |
| 26. DDoS Protection | Simulate | Too expensive ($3k/mo). Just enable "Standard" on a VNet in Sandbox then delete immediately. |
| 27. Policy | Free Tier | Cost: $0.00. Practice Policy assignment here. |
| 28. Cost Management | Free Tier | Cost: $0.00. |
| 29. Event Hubs | Sandbox | Free (in Sandbox). |
| 30. Logic Apps | Free Tier | Cost: < $0.01 (Consumption). |
Designs 31-40: Enterprise Scale
| Design |
Best Venue |
Notes |
| 31. Global Web App | Sandbox | Free (in Sandbox). |
| 32. Virtual WAN | Sandbox | Free (in Sandbox). |
| 33. AKS Advanced | Sandbox | Free (in Sandbox). |
| 34. Virtual Desktop | Simulate | Mock it in Sandbox. |
| 35. Azure Arc | Hybrid | VM in Sandbox → Arc Agent → Connected to Free Tier Arc resource ($0.00). |
| 36. Disaster Recovery | Sandbox | Free (in Sandbox). |
| 37. Zero Trust | Free Tier | Cost: $0.00 (Free Entra ID). Note: Conditional Access needs P1 (Trial). |
| 38. Service Mesh | Sandbox | Free (in Sandbox). |
| 39. HPC Batch | Sandbox | Free (in Sandbox). |
| 40. IoT Edge | Free Tier | Cost: $0.00 (IoT Hub Free Tier). |
Designs 41-50: Specialized & Capstone
| Design |
Best Venue |
Notes |
| 41. SAP on Azure | Simulate | Mock Network in Sandbox. |
| 42. AVS (VMware) | Blocked | Cannot simulate. |
| 43. Confidential Comp | Sandbox | Free (in Sandbox). |
| 44. Mission Critical | Hybrid | Front Door (Sandbox) → AKS (Sandbox) + Cosmos (Free Tier). |
| 45. Data Mesh | Hybrid | Purview (Free Tier) scanning Storage (Sandbox). |
| 46. AI / ML | Sandbox | Free (in Sandbox). |
| 47. DevSecOps | Hybrid | Azure DevOps (Free) → Agent (Sandbox VM). |
| 48. Container Apps | Free Tier | Cost: $0.00 (Free grant). |
| 49. Hybrid Identity | Hybrid | Sandbox VM (AD Connect) → Free Tier Entra ID. |
| 50. Ultimate Arch | Hybrid | Build the Hub in Sandbox, Identity in Free Tier. |
🚀 Conclusion
- Total Cost: Less than $0.50 / month (mostly for Storage/Key Vault operations).
- Connectivity: Done via Public Internet (HTTPS). No VPN costs.
- Feasibility: 42/50 Designs are GO.