If your business uses Microsoft Azure, you also need a well-designed and structured Landing Zone. A Landing Zone is a key component of the Microsoft Cloud Adoption Framework, helping organisations to better manage and scale their public cloud environments.
What makes up a Landing Zone?
In terms of Microsoft Azure, a landing zone is a combination of multiple subscriptions within an Azure Environment. These subscriptions are already set up for all areas of the platform that may be required to support the environment, whether that’s Infrastructure as a service or Platform as a service.
You could view a Landing Zone as foundations, built on solid practice and design considerations, which you can build on, expand and scale as required. The design of these foundations will differ, and the basics can be laid out differently from one Landing Zone to the other, as there is not one single design for all types of infrastructure.
While Landing Zones can vary due to their modular design and business requirements, they usually cover certain design areas, as below:
Landing Zone Design Areas
No matter what type of deployment you are designing, be it enterprise, hybrid-cloud, or a simple, small POC (proof of concept) environment, each design area listed should be considered within a Landing Zone.
- Enterprise enrolment – have we set up a tenant that will support growth and scale? How will we license it?? CSP, EA etc?
- Identity – How are we going to control identity and access? Serious consideration should be given to how this is managed.
- Network topology and connectivity – What will our network look like now and how will this scale and grow? What design considerations, such as segregation, do we need to consider?
- Resource organization – How will we organise our resources to allow for growth without red tape? What are our needs around business areas, different teams, subscriptions? And how we implement this within management groups?
- Governance disciplines – How do we stay compliant? How do we enforce security requirements? How do we ensure our data sovereignty?
- Operations baseline – How will we manage, monitor and optimise our environment? How will we maintain visibility within our environment and ensure it operates as required?
- Business continuity and disaster recovery (BCDR) – How will we plan and design for continuity and protect our data? Have we considered the need to replicate data or provide a method of restoration? Do our proposed methods meet the RPO and RTO objectives of our organization?
- Deployment options – How will we deploy our Landing Zone and resources moving forward? Will this be a manual process? Will we consider Infrastructure as Code? What methodologies for deployment could we use?
We’ve helped several customers get their landing zone to good by deploying QuoStar’s best practise landing zone framework, which implements current governance best practises, cost management protection and parameter security. This has helped them to get to a position where they have the correct foundations build upon, future proof expansion and allow adoption and implementation of a continuously evolving best practise frameworks.