Landing zone in a Multi Cloud, Explained.
Kiran Arunkumar Babu
Director - Solution Sales driving innovative solutions & services for customer-centric growth.
Landing Zone in the Cloud the backbone and foundation of all forms of digital transformation. The concept of landing zones is the literal foundation for a successful transition to the cloud. This post will discuss the lifetime management of landing zones.
But first, let's briefly define what a landing zone is and what it does:
What is a Landing zone?
A landing zone is the fundamental configuration of any environment for cloud adoption. Landing zones offer a preconfigured, code-provisioned environment for hosting workloads in private, hybrid, and public clouds. You do not want to provide your developers with "raw" cloud tenants – AWS accounts, Azure subscriptions, or Google Cloud Platform (GCP) projects with no configuration.
Here are four important aspects that a landing zone can and should address in your cloud:
A landing zone is the beginning of your cloud journey, but it is also an ever-evolving component of your infrastructure's core.
Advantages of Landing Zones
Landing Zones enable standardisation of cloud environments provisioned to DevOps teams. They provide consistency in naming, scalability, and access control across all tenants. This is accompanied by a security baseline that prevents (unintentional) non-compliant or unauthorised configurations.
Therefore, let's discuss the various phases of a landing zone's lifecycle!
Design, Deployment, and Operations: Three "Days" in a landing zone's life
Frequently encountered in software development are the terms
"Day 0/Day 1/Day 2".
These denote distinct phases in the lifecycle of a software: from specifications and design (Day 0) to development and deployment (Day 1) and operations (Day 2). (Day 2). This terminology will be used to describe the phases of the landing zone lifecycle in this post.
Day 0: Designing a Landing Zone
As the starting point of your cloud journey and the central component of your cloud environment, landing zones should be carefully planned and strategized, with Day 1 and Day 2 in mind. Let's elaborate on the four aspects that a well-designed landing zone in the cloud should address:
Security and Compliance: Consolidate your approach to security, monitoring, and logging. Compliance and data residency policies can be implemented enterprise-wide using landing zones. This allows you to guarantee a minimum level of compliance across multiple tenants or environments.
Standardized tenancy: Enforce tagging policies across multiple cloud tenants and provide tenants with standardised security profiles (dev/staging/prod).
Implement the principle of least privilege in identity and access management by defining roles and access policies. Define your tenant-wide user ID configurations and password standards.
Provide IaaS network configurations, firewalls, and other fundamental networking parameters.
领英推荐
Day 1: Deploying a Landing Zone
On Day 1, the landing zone is customised and deployed based on the design and specifications determined on Day 0. Each public cloud service provider handles the execution of the landing zone idea differently.
Let's examine the three largest CSPs:
Microsoft Azure: The Cloud Adoption Framework incorporates the concept of landing zones into Microsoft's public cloud platform. Azure blueprints are a vital tool: You can select and configure Azure migration landing zone blueprints to set up cloud environments. Alternately, you can utilise third-party services such as terraform.
Amazon Web Services' landing zone solution is simply referred to as AWS Landing Zone. This solution offers a pre-configured security baseline for AWS services such as CloudTrail, GuardDuty, and Landing Zone Notifications. Additionally, the solution simplifies the configuration of a landing zone environment, hence accelerating cloud migrations. AWS offers Cloud Formation Templates to customise and standardise service or application architectures, depending on the use case.
Google Cloud Platform: With GCP, the Google Deployment Manager is used to create flexible configuration and template files. You can configure deployments using a declarative approach employing Yaml, Python, and Jinja2 templates.
Day 2: Operating a Landing Zone
Cloud environments and their utilisation are never fixed. This necessitates constant maintenance and administration of the landing zones beneath the airport.
As your use of the cloud grows, the landing zones must be well-maintained and continually updated as all parts of cloud environments improve. Implementing new best practises from cloud service providers, responding to new application requirements, or mitigating impending security issues. Ensure that your architecture is adaptable enough to permit the expansion and updating of landing zones during operations.
Noventiq's perspective on Landing Zones
Noventiq?has its own interpretation of the landing zone notion. With Noventiq Consulting Services, we support the native tools offered by many cloud platforms and providers. Thus, we assure the seamless integration of existing operational skills and utilise the most potent and best-integrated tools for each platform. In most cases, this tooling adheres to the infrastructure-as-code model, which fits nicely with Noventiq's multi-cloud orchestration strategy.
On day 0, the landing zones are designed using the respective providers' native tools.
On day one, Noventiq is integrated into the deployment. For example, Noventiq Landing Zones can incorporate Azure blueprints that have already been produced. Noventiq Landing Zones rely on the providers' various native tools: These include OU Assignments, Lambda Invocations, and Cloud Formation Templates in the case of AWS.
For day 2 operations, Noventiq provides multiple landing zone management technologies. With rapid updates of landing zones across several projects, it is able to respond to imminent security threats. Versioning landing zones enables the long-term growth of landing zones to conform with new regulations and requirements. You always have a cross-platform view of which projects use which landing zone using Noventiq's Managed Services.
In simplified terms : A landing zone is the output of a multi-subscription environment that accounts for scale, security governance, networking, and identity. A landing zone enables application migration, modernization, and innovation at enterprise-scale with Hyper Scalers
With basic rules of :
To know more, DM me will be glad to assist.