Azure landing zones, a critical component of Microsoft’s cloud services, provide a structured approach for designing your environment in the Azure cloud. They follow key design principles across eight design areas to accommodate all application portfolios and enable application migration, modernization, and innovation at scale.
What is an Azure Landing Zone?
Imagine an Azure landing zone as a well-planned plot of land where you can build different parts of your house (applications and platform resources). The layout of this ‘land’ is flexible and expandable, meeting various construction needs. It also allows for a repeatable design, meaning you can apply the same set of blueprints (configurations and controls) to every part of your ‘house’.
Key Design Areas and Resource Organization
Azure landing zones cater to eight ‘rooms’ or design areas (see diagram below) – Azure billing and Azure Active Directory tenant (A), identity and access management (B), resource organization (C), network topology and connectivity (E), security (F), management (D, G, H), governance (C, D), and platform automation and DevOps (I).
Think of these subscriptions as different sections of your house, organized by management group. Subscriptions for application resources are like different rooms (application landing zones), while those for platform resources are like shared/common spaces (platform landing zones).
Platform Landing Zone Vs. Application Landing Zone
A platform landing zone represents shared services like identity, connectivity, and management, similar to shared utilities (water, electricity, internet) in a house. These shared services are typically managed by one or more central teams, and consolidating them often improves operational efficiency.
An application landing zone, on the other hand, is like a specific room in the house designed for a particular purpose. These ‘rooms’ are pre-designed through code, with rules (policies) assigned via management groups. You can manage these ‘rooms’ using a central team, an application team, or a shared team management approach, just like how different family members might take charge of different rooms.
Accelerators: Your Construction Crew
Azure landing zones feature accelerators, which are like your construction crew, helping you build your Azure ‘house’ correctly and swiftly. They include a platform landing zone accelerator and several application landing zone accelerators.
There’s also the Azure landing zone portal accelerator – a ready-made construction plan that deploys the conceptual architecture and applies predetermined configurations to key components such as management groups and policies. It’s perfect for organizations whose conceptual architecture matches their planned operating model and resource structure.
Azure landing zones are like your trusted architects and builders for your cloud environment. By understanding and leveraging these principles and features, you can customize your Azure ‘home’ to your specific needs and ensure smooth operation at scale.