This article is more related to architecture and design in the cloud; whenever you are moving into the cloud, there are certain things to consider to have a proper minimal viable product available to you in the cloud; the Landing Zone is part of that infrastructure design.
What is a Landing Zone?
Landing Zone is an environment for hosting your workloads through pre-provisioned code.
You can deploy and create using code. Using your code, you are creating the base or foundation of the overall infrastructure that you are going to deploy in the cloud.
So, when you talk about a landing zone, think of it like you are building a house. When you build you house you need to laydown foundation of your house, you need to think about a blueprint, where your leaving room will be, where will be your kitchen, where will be your washroom, and so on.
Similarly to that, you need to think about where your different application components will be placed in the cloud while designing a landing zone.
Why do we need a landing zone?
Landing zone helps you create scalable and modular systems. It is scalable because there are components that you can increase or decrease at any time. Whenever you want to deploy an application, you can use a modular component of that application and deploy that application within your environment.
Hence, scalability and modularity help you to design a very good architecture in the cloud.
The landing zone has five main pillars on which you will be focusing, which are listed below.
- Identity Management
- Networking
- Governance
- Security
- Management
Let’s discuss the above pillars in detail.
Identity Management
You need to think about this.
- Users/ Group Desing: how many users need to be created? Will they be cloud identities, on-prem identities, or hybrid identities? How do you invite other business users?
- SSO
- Authentication: How users will be authenticated.
- RBAC: How are you going to assign different roles to different sets of people in your organization?
Networking
You need to focus primarily on this.
- Connectivity
- Quality of Service
- Routing
- Firewall
- IP Addressing
- DMZ
This is a small list; however, you need to think about several other things related to networking before deploying your infrastructure in it.
Governance
It is involved in all phases of migration as well. You need to think about it.
- Policy
- Compliance
- Subscription Management
- Management Groups
You need to think about the overall hierarchy within your environment.
Security
It is paramount in all areas wherever you have deployed your cloud services. You need to think about this.
- Data Security: How do you encrypt data in transit? How do you encrypt data at rest?
- Built-in protection
- Threat Detection
Management
You need to think about this.
- Monitoring: How will you manage monitoring where it will be central or distributed across departments?
- Resilience: How will you build resiliency, i.e. how will you manage your DR region for any application?
- Automation: In this automation of patches for your resources.
![Management]()
Now, let us understand Enterprise Architect.
In this first area will be.
Enterprise enrolment
In this, you need to think about subscriptions and how you will get subscriptions from cloud providers i.e. Azure/AWS/ Google. OR if you are a large enterprise, then you go for an enterprise agreement. With an enterprise agreement, you will get a separate portal like ea.microsoft.com for Azure. Using this, you can create your department's structure, its account structures, and all subscriptions that are part of that department. It helps you to manage things easily.
Then you will also design.
Identity and Management
In this, you will consider details like.
- How will you create users?
- How will you design your audit report?
- How will you configure MFA?
- What will be your approval workflow?
- How will you design a hybrid identity? It will use the Azure Active directory and connect it with the on-prem active directory.
Then you have,
Management Group and Subscription Structure
In this Tenant, a root group is created and the name of the company will be there “ABC”. You will be designing a hierarchy for your company based on the organizational hierarchy of your company.
It will include,
- Management Group Structure
- Subscription Structure
- Business Units
If you want to do consolidated billing, then you will do it at the company level. Or for decentralized billing, i.e. if each department wants to manage their own billing and policies, then you need to create multiple management groups.
Management groups may be created on the basis of
- Subscriptions
- Environment
- Landing zone
- Platform
- Identity