Skip to content

$ ./deploy-cloud.sh

Cloud infrastructure,
delivered.

Architecture · DevOps · FinOps · AI · Consulting

Azure architecture, landing zones, IAM, FinOps and AI delivery for enterprise teams and growing companies that need a senior partner to design, govern and ship.

Discuss your project See services
Enterprise & SMB engagements Azure-native Based in Wrocław, Poland

$ cat about.md

About the practice

Independent cloud architecture and delivery practice based in Wrocław. We work with enterprise teams running large Azure estates — and with smaller companies whose cloud has outgrown its first design and now needs a senior hand.

The approach is hands-on: architecture you can ship, governance that doesn't slow teams down, and FinOps that turns cost into a decision rather than a surprise. From a single landing zone to a multi-year AI rollout, every engagement ends with deployment, documentation and operational excelence.

Equally comfortable embedded inside a client's platform team as advising leadership on cloud strategy — depth on Microsoft Azure, with the breadth of 20 years across networking, virtualisation, DevOps and security.

$ ls services/

Services

Cloud architecture, delivery and advisory. Pick a single discipline or a full engagement — every service ends with something deployed, documented and operable.

Cloud Architecture

Azure landing zones (including AI-ready foundations), hybrid connectivity, governance, naming and tagging standards. The platform everything else stands on.

DevOps & Automation

Infrastructure as Code (Terraform, Bicep), CI/CD pipelines in Azure DevOps and GitHub Actions, AKS and container platforms — pragmatic, repeatable, auditable.

🔐

IAM & Security

Entra ID, PIM, Conditional Access, Key Vault, Defender for Cloud and Sentinel. Zero Trust posture without slowing teams down.

FinOps

Cost visibility, tagging strategy, chargeback frameworks and Power BI dashboards. Cloud spend becomes a decision, not a surprise.

AI Delivery

Azure OpenAI, AI Foundry, AI-ready landing zones and enterprise GenAI rollouts — with the governance, data boundaries and identity controls to make them safe.

📈

Monitoring & Observability

Grafana, Prometheus, Application Insights, SCOM and SolarWinds — building the dashboards, alerts and KQL workbooks that keep production honest.

Productized accelerator

Azure Notifications Framework

A lightweight framework for actionable email alerts on Azure estate hygiene: KQL query → schedule → templated email. Catches orphaned resources, policy non-compliance, missing tags and unowned subscriptions — and routes each finding to the right owner instead of a noisy distribution list.

Engagement modes: architecture · delivery · advisory · audit

$ ls case-studies/

Case Studies

Representative engagements — what was delivered, end-to-end.

# architecture · ai · landing-zone

AI-Ready Azure Landing Zone

An enterprise landing zone tuned for AI workloads: private endpoints, data residency boundaries, RBAC for AI personas, cost guardrails and observability.

# observability · monitoring

Enterprise Monitoring Stack

Designed and delivered a unified observability platform spanning Grafana, Prometheus, Application Insights, SCOM and SolarWinds — single pane of glass across cloud and on-prem, with KQL workbooks and PagerDuty-style routing.

# governance · azure

Cloud Governance Framework

Management Group hierarchy, Azure Policy baseline, RBAC model, naming conventions and landing zones — the foundation everything else stands on.

# iam · zero-trust

IAM Transformation

Entra ID overhaul, PIM rollout, Conditional Access policies and identity lifecycle automation. Moved an enterprise meaningfully closer to a Zero Trust posture.

# iam · cloud-native · entra-id

ADFS → Entra ID Migration

Decommissioned on-prem ADFS in favour of Entra ID. Per-app authentication config migrated (SAML / OIDC), staged rollout across the application portfolio and the cut-over to cloud-native auth — no more on-prem identity federation to keep alive.

# finops · chargeback

FinOps Chargeback Model

Cost allocation framework: tagging strategy, business-unit chargeback rules, and Power BI dashboards that gave each unit real cost accountability — and the data to act on it.

# end-user-compute · azure

VDI → Azure Virtual Desktop

Migration from on-premises VDI to Azure Virtual Desktop: host pools, FSLogix profiles, Entra ID integration and a custom image build pipeline. Cloud-native end-user compute.

# avd · automation · finops

AVD Management Automation

Full IaC for Azure Virtual Desktop — new host pools spun up in minutes, per-pool cost tracking, autoscaling of session hosts, automated handling of idle users and an unattended update / image-refresh pipeline. Day-2 ops without a dedicated AVD team.

# networking · azure · sd-wan

Azure SD-WAN Adoption

Target design and HLD for Azure-native SD-WAN. IaC for the fabric plus migration scripts that lifted firewall rules, service objects and IP groups out of the legacy estate — zero‑touch policy migration into the Azure target.

# dns · hybrid-cloud

Azure DNS Modernisation

Migrated public DNS to Azure DNS and deployed Private DNS Resolver for hybrid resolution. Everything managed through IaC, with the process and change‑tracking around it redesigned so application teams self-serve DNS records instead of queueing behind the network team.

$ tree technologies/

Technologies

The stack we work with — Azure-native, with the cross-platform tooling that real engagements require.

Stack at a glance

  • Microsoft Azure Azure
  • Azure DevOps Azure DevOps
  • Terraform Terraform
  • Ansible Ansible
  • Kubernetes Kubernetes
  • Helm Helm
  • Docker Docker
  • GitHub GitHub
  • GitLab GitLab
  • Jenkins Jenkins
  • Grafana Grafana
  • Prometheus Prometheus
  • PowerShell PowerShell
  • Python Python
  • Azure AI Foundry AI Foundry
  • Power BI Power BI

Full stack by category

Cloud

  • Microsoft Azure

Infrastructure as Code

  • Bicep
  • ARM Templates
  • PowerShell
  • Ansible
  • Terraform

CI/CD

  • Azure DevOps
  • GitHub Actions
  • Jenkins
  • GitLab CI

Containers & Orchestration

  • Kubernetes (AKS)
  • Helm
  • Docker Swarm
  • Container Instances

Identity & Security

  • Entra ID
  • Conditional Access
  • PIM
  • Defender for Cloud
  • Key Vault
  • Zero Trust

Monitoring & Observability

  • Application Insights
  • Azure Monitor
  • Grafana
  • Prometheus
  • SCOM
  • SolarWinds
  • Zabbix
  • KQL

Networking

  • VNet / NSG
  • Front Door
  • App Gateway
  • Traffic Manager
  • Azure Firewall
  • SD-WAN
  • Azure DNS
  • Private DNS Resolver

AI & Data

  • Azure OpenAI
  • AI Foundry
  • Cosmos DB
  • Azure SQL

Scripting & Automation

  • PowerShell
  • Bash
  • Python
  • Groovy

Virtualisation & EUC

  • VMware ESXi
  • Hyper-V
  • Proxmox / KVM
  • Azure Virtual Desktop
  • FSLogix

FinOps

  • Azure Cost Management
  • Power BI
  • Tagging & chargeback

Methodologies

  • DevOps · GitOps
  • FinOps
  • SecOps · Zero Trust
  • Cloud Governance
  • Landing Zones (AI-ready)
  • ITIL

$ ./contact.sh --project

Discuss your project

Architecture review, landing zone build, FinOps audit, AI rollout, or a longer engagement — get in touch and we'll scope it together.

Email

office@dlamperski.com

Phone

+48 691 997 566

Based in Wrocław, Poland · remote, hybrid and on-site engagements across PL & EU