A Landing Zone is a method of achieving scalable and modular growth within Microsoft Azure. A Landing Zone does this by providing common design areas that need to be considered for the majority of Cloud Adoption journeys. Essentially, Landing Zones provide a foundation for growth, but in a scalable and modular fashion – acknowledging that there is no single technical solution for all types of environment
Landing Zone Design Areas
Whether we are designing for a large, multi-location, enterprise hybrid-cloud deployment, or deploying a simple, isolated test environment, each of the design areas below should be considered within our Landing Zone.
Enterprise enrolment – Do we have a tenant in place that will support our growth and needs moving forward? Will we use EA/CSP/PAYG etc? How will we structure our subscriptions?
Identity – How will identity and access be controlled and managed?
Network topology and connectivity – What will our network topology be? How will our resources and locations be connected? What will our needs look like in days/weeks/years to come?
Resource organization – How will we organize our resources to allow for growth without red tape? Considering our needs around management groups, subscriptions, our business areas, different teams, and more.
Governance disciplines – How do we stay compliant? How do we enforce security requirements? How do we ensure our data sovereignty?
Operations baseline – How will we manage, monitor and optimize our environment? How will we maintain visibility within our environment and ensure it operates as required?
Business continuity and disaster recovery (BCDR) – How will we architect for continuity and protect our data? Have we considered the need to replicate data or provide a method of restoration? Do our proposed methods meet the RPO and RTO objectives of our organization?
Deployment options – How will we deploy our Landing Zone and resources moving forward? Will this be a manual process? Will we consider Infrastructure as Code? What methodologies for deployment could we use?
Enterprise Scale – Design Principles
Enterprise Scale design principles serve as pointers for organizational decisions toward achieving your required Azure growth. These are the critical principles that need organizational decisions to achieve enterprise scale, and the provided reference architectures (above), are based on these Principles.
Subscription democratization – Considering how Subscriptions can be used to enable management and scale aligned to business needs and units.
Policy-driven governance – Using Azure Policy correctly to provide compliance, whilst ensuring application owners are not hindered in migrating their workloads and applications.
Single control and management plane – Providing a consistent experience for operations teams, utilizing role-based access and policy-driven controls.
Application-centric and archetype-neutral – Using a focus on application-centric migration, rather than a lift and shift mentality. Also focusing on providing a foundation for all application types that the enterprise could deploy.
Align Azure-native design and roadmaps – Using Azure-native services and capabilities, ensuring that the enterprise can benefit from new capabilities.
Recommendations – Balancing functionality, using preview services for testing/development/future enhancements, and using technical roadmaps to allow migration.
Landing Zone Benefits
Cloud architecture in line with (development) policy
Speed and scalability
Security and Compliance
A better grasp of the costs