3. Landing Zones
Overview
https://learn.microsoft.com/en-us/training/modules/cloud-adoption-framework-ready/
- Azure landing zones: Azure landing zones provide an accelerated approach to deploying your cloud platform. That platform consists of critical design areas that should be included in your cloud environment. After you deploy the platform, you can modify the architectures that define Azure landing zones to meet your business, operations, and technical requirements.
- Operating model: The way you choose to operate and run technology solutions will have a big impact on the design of your environment and the initial architecture for configuring your environment. Your cloud operating model is the specific way that you want to operate assets hosted in the cloud. Aligning to an operating model will help you to quickly assess requirements for governance, security, and operations management.
Alignment
- The conceptual architecture of Azure landing zones will serve as the long-term vision for the future state of the cloud environment. All affected teams will use that architecture as a basis for building cloud skills and configuring their cloud environment.
- The teams will use the Azure landing zone accelerator to get started with their environmental configuration.
- If the teams need to customize their environment in the future, they'll use one of the custom implementation options that align to or extend the initial accelerator-based deployment.
Note you can deviate from standard landing zone guidance
- maybe you want a couple subscriptions outside of the landing zone.
Common Operating Models
- Decentralized Operations
- Centralized Operations
- Enterprise Operations
- Distributed Operations
Decentralized
Centralized Operations
Enterprise Operations
Distributed Operations
Design Areas
Basic environmental:
Compliance:
Design Principles
Subscription democratization - They are a unit of management and scale to accelerate application migrations and application development
It is ok to deviate from this guidance, but try to stay within your alignment guidance.
Azure Policy within Landing Zones: https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/enterprise-scale/dine-guidance
You can use Azure to establish a standardized set of policies and controls for governing the entire enterprise estate.
Dev/Test/Production workloads: https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/enterprise-scale/faq#how-do-we-handle-devtestproduction-workload-landing-zones-in-enterprise-scale-architecture
Journey to the target architecture
Landing zone review: https://aka.ms/LandingZoneReview
On Ramp:
- Start - New infrastructure - greenfield
- Align - Existing infrastructure - brownfield
- Enhance - already aligned environments.
Align:
- https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/refactor
- https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/enterprise-scale/transition
- https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/align-scenarios
Enhance
- https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/considerations/landing-zone-operations
- https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/considerations/landing-zone-governance
- https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/considerations/landing-zone-security
Landing Zone Review
- Deploy the Azure Landing Zone Accelerator
- Update your billing strategy
- https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/azure-billing-microsoft-customer-agreement
- https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/azure-billing-microsoft-customer-agreement#design-recommendations
- https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/azure-billing-microsoft-customer-agreement#design-recommendations
- Organize your management groups and subscriptions
- Implement Azure Governance
- https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/governance
- https://docs.microsoft.com/en-us/azure/cost-management-billing/costs/cost-mgt-best-practices?bc=/azure/cloud-adoption-framework/_bread/toc.json&toc=/azure/cloud-adoption-framework/toc.json
- Management
- https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/management-workloads
- https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/management-operational-compliance
- https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/management-platform
- Platform Automation and DevOps
Choosing an Azure Landing Zone
Although the accelerator is the suggested starting point for all customers, it does assume full alignment with the conceptual architecture, adherence to the design principles, and tooling for cloud-native operations. For customers who need to customize their experience with Azure landing zones, the following implementation options might be a better fit:
- Azure landing zone Terraform modules are a third-party path for multicloud operating models. This path can limit Azure-first operating models. Review the design principles or deploy this solution to your Azure environment.
Deploy a Landing Zone
Prerequisites
Before you deploy the Azure landing zone accelerator, you need to create two Azure subscriptions:
- A networking subscription to host networking and connectivity assets
- An identity subscription to host identity and access management assets You might also want to create a management subscription, if you plan to deploy the operations management configuration. Tailwind Traders chose not to use that configuration option.
Steps: https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/implementation-options https://aka.ms/caf/ready/accelerator
Enhance
