Azure Landing Zone
Azure Landing Zones are a set of policies and hierarchical resources that allow for grouping within Azure as well as centralized management and monitoring. Landing Zones are based on two of Microsoft’s best practices known as the Cloud Adoption Framework and the Well-Architected Framework. The policies that get implemented have many purposes, including providing security baselines, cost control measures, and best-practice configurations.
By leveraging Landing Zones, you can deploy Azure with confidence, ensuring:
1 A strong foundation for Azure using only the resources you need, preventing surprise monthly bills
2 Your resources are configured securely based on proper governance and policies
3 Users can deploy in Azure with minimal friction thanks to role-based access control for business units while retaining centralized visibility for IT
Landing zone in enterprise-scale
Azure landing zones are the output of a multisubscription Azure environment that accounts for:
领英推荐
Landing Zone considerations
The fundamental choices you will need to make in your Landing Zone will differ for each workload and for each organization. For example if you are going to use Azure Compute, ensure you are maximizing your efforts in automating the management and administration of these systems. It’s also interesting to note that the step for using modern PaaS services are more often than not, is a lot smaller then you might initially expect. Depending on the workload type, you can directly leverage highly scalable and efficient Azure App Services, Container Instances or Azure Functions. The?Cloud Adoption Framework?contains an handy decision tree that guides you through the possible options:
?
If you are considering setting up a hybrid environment, you should also directly include the networking requirements as part of your first Landing Zone. The usage of Azure Virtual Networks might be a requirement and you might also need a VPN Gateway or ExpressRoute to connect both worlds. When publishing services or apps to the outside world, consider using services like Azure Front Door, Application Gateway or Traffic Manager and make them a part of your Landing Zone.