Azure Landing Zone

Azure Landing Zone

Azure Landing Zones are a set of policies and hierarchical resources that allow for grouping within Azure as well as centralized management and monitoring. Landing Zones are based on two of Microsoft’s best practices known as the Cloud Adoption Framework and the Well-Architected Framework. The policies that get implemented have many purposes, including providing security baselines, cost control measures, and best-practice configurations.

By leveraging Landing Zones, you can deploy Azure with confidence, ensuring:

1 A strong foundation for Azure using only the resources you need, preventing surprise monthly bills

2 Your resources are configured securely based on proper governance and policies

3 Users can deploy in Azure with minimal friction thanks to role-based access control for business units while retaining centralized visibility for IT

Landing zone in enterprise-scale

Azure landing zones are the output of a multisubscription Azure environment that accounts for:

  • Scale
  • Security
  • Governance
  • Networking
  • Identity


Landing Zone considerations

The fundamental choices you will need to make in your Landing Zone will differ for each workload and for each organization. For example if you are going to use Azure Compute, ensure you are maximizing your efforts in automating the management and administration of these systems. It’s also interesting to note that the step for using modern PaaS services are more often than not, is a lot smaller then you might initially expect. Depending on the workload type, you can directly leverage highly scalable and efficient Azure App Services, Container Instances or Azure Functions. The?Cloud Adoption Framework?contains an handy decision tree that guides you through the possible options:


No alt text provided for this image

?

If you are considering setting up a hybrid environment, you should also directly include the networking requirements as part of your first Landing Zone. The usage of Azure Virtual Networks might be a requirement and you might also need a VPN Gateway or ExpressRoute to connect both worlds. When publishing services or apps to the outside world, consider using services like Azure Front Door, Application Gateway or Traffic Manager and make them a part of your Landing Zone.

要查看或添加评论,请登录

Theophilus Bittok的更多文章

  • BGP MTU Discovery.

    BGP MTU Discovery.

    What is MTU and Why is it Important? The Maximum Transmission Unit (MTU) is the maximum size, in bytes, that a packet…

    2 条评论
  • BGP Best External.

    BGP Best External.

    By default, BGP speakers only advertise their best route for a destination. The BGP best external feature allows BGP…

    2 条评论
  • BGP Multihop.

    BGP Multihop.

    External BGP (eBGP) Multihop Support Connections between BGP speakers of different ASs are referred to as External BGP…

    1 条评论
  • IP Time To Live.

    IP Time To Live.

    Time to Live (TTL) is a computer networking term that refers to the lifespan of data on the network. TTL determines how…

  • BGP Max Prefix Limit.

    BGP Max Prefix Limit.

    What is BGP Max Prefix Limit? Border Gateway Protocol (BGP) is essential for routing data across the internet, enabling…

    6 条评论
  • Path Hunting in BGP.

    Path Hunting in BGP.

    BGP is a path vector protocol. This is similar to distance vector protocols such as RIP.

  • BGP Monitoring protocol (BMP).

    BGP Monitoring protocol (BMP).

    What Is BMP? BGP Monitoring Protocol (BMP) is a protocol used for monitoring BGP sessions. Prior to BMP, network…

    5 条评论
  • BGP Slow Peer.

    BGP Slow Peer.

    Update Group A router implementing an Exterior Gateway Protocol (EGP) such as Border Gateway Protocol (BGP), typically…

    5 条评论
  • BGP Add-Path: Enhancing Path Visibility in Networks

    BGP Add-Path: Enhancing Path Visibility in Networks

    BGP routers only advertise the best path to their neighbors. When a better path is found, it replaces the current path.

    7 条评论
  • BGP Multipath.

    BGP Multipath.

    What is BGP multipath By default, BGP does not perform load balancing. BGP will select only a single path for a prefix.

    4 条评论

社区洞察

其他会员也浏览了