First of all, stay away from docker windows containers, they are a pain in the ass.
You are saying you need to deploy ASP.net components on a couple of VM in the private network and in the cloud. I think you first need to look at your architecture. Do i need a front-end, do i need a back-end. Do the asp.net components have dependencies on server roles we need to install, for example IIS. Which server is going to have which role and components?
Regarding this question Deployment Recommendations: What are the best practices for deploying different components of a system on separate VMs while ensuring efficient communication and maintainability?
Best practices are in my opinion:
- Use a naming convention and deploy all everything on the servers in the same way as much possible (for example logfiles on a seperate drive, and that the same on each server) -Use least privilege, grant service accounts and so, the permissions the only need and as less possible. Document that
- only open network ports when required, and keep it as minimal as possible. Document that
- Do a sizing with the customer and check if the servers have enough resources.
- Harden the servers, for example with a cis benchmark to keep the attack surface as low as possible.
- Install all the latest updates and patches.