Getting the right Foundation – what makes a GREAT Landing Zone?

· · , , , , , , ,

Tagged: , , , , , , , , , ,

I recently had the pleasure of taking part in the 2024 Technical Summit – a community event covering the key areas of AI, digital transformation, and sustainability in IT. You can find out more about Technical Summit, the various Presenters, and Sessions here: https://www.technicalsummit.de/.

I presented the session “Getting the right Azure Foundation – What makes a great Landing Zone?”

Technical Summit
Technical Summit

I’d like to extend my thanks to the organisers for putting this event together and allowing me to present! 😊

During my session, I covered the following areas:

  • A brief overview – what is a Landing Zone?
  • Key Areas, Benefits, and Why Landing Zones are Important.
  • GREAT Landing Zone
  • Resources

I wanted to present a brief session (30 mins) on this topic – as it’s one that comes up time and time again when discussing Azure. It is worth noting – Azure Landing Zones are complex, and require much more than 30 minutes of consideration / design etc, so please see this presentation as very much an overview and guidance – with links to additional resources and next steps!

Presentation

You can download a copy of my slides here:

Getting the right Azure Foundation - What makes a great Landing Zone?
Getting the right Azure Foundation – What makes a great Landing Zone?

During my session, I talked about the importance of the Landing Zone Design Areas – specifically around Environmental Design Areas, which provide a Foundation, and Compliance Design areas, which build upon the foundation with business or organisation specific aspects.

I’ve summarised my slides and some of the key concepts below, but please review the slides and consult relevant documentation for the full detail!

Design Areas – A Key Landing Zone Concept
  • A set of Key Considerations and Areas that provide guidance and areas that are essential to consider when starting out in Azure.
  • These are the foundation for a successful future in Azure.
  • The good news – there is extensive help and guidance via Microsoft Documentation.

Environment Design Areas:

Environment design areas cover some core foundational aspects that need consideration across all Landing Zones. These areas provide the essential foundation for future growth, and cover:

  • Azure Billing and Microsoft Entra ID Tenant
  • Identity and Access Management
  • Network Topology and Connectivity
  • Resource Organization

Let’s delve into these areas in a little more detail with one of my slides:

Environment Design Areas
Environment Design Areas

As you can see – for each design area there are many considerations we need to account for as part of our Landing Zone. The bullet points above should be seen as a starting point, with differing levels of detail needed, depending on the organisation or use case in question.

Compliance Design Areas:

Building on the Foundation that the Environment Design Areas provide, we must also consider Compliance Design Areas. These cover off aspects like:

  • Security
  • Management
  • Governance
  • Platform Automation and DevOps

Once again, shamelessly using a slide from my presentation – what do these areas contain?

Compliance Design Areas
Compliance Design Areas

Again – lots of areas for us to consider and build into our designs and planning for a Landing Zone. By using these areas as discussion and design points – we can cover a broad range of the core requirements, and ensure an optimally setup environment moving forward.

Implementation Options & Accelerators

Another key aspect I discussed during my talk was Implementation Options – with most designs using either an Accelerator or a Customized approach. Accelerators provide Infrastructure as Code (IAC) implementations that you can use, whereas a customized approach provides this via a Microsoft Partner.

It’s worth noting that the Landing Zone Accelerators can also provide both Platform and Application Landing Zones – providing an accelerated approach that not only covers the core foundation, but also provides for specific application needs and use cases. An overview of the currently available Application Accelerators is shown below:

Application Landing Zone Accelerators
Application Landing Zone Accelerators

You can read more about the Application Landing Zone Accelerators here: https://learn.microsoft.com/en-us/azure/architecture/landing-zones/landing-zone-deploy#application

Beyond the Design Areas – Architecting for Change

One aspect I also covered in my slides, was how we can plan for that which we do not currently know about – e.g. how do we design for an environment that may change? This is a challenge in any technical environment – but using Landing Zone guidance we can prepare as best possible:

  • Consider Design Principles and Areas – plan!
  • Design for flexibility and modularity
  • Design with the future in mind
  • Design for change – sizing and services
  • Follow appropriate documentation & standards
  • Consider our business and application needs and likely changes
A GREAT Landing Zone is build on GREAT Guidance!

One of the key takeaways from my session, was that there are some simply brilliant resources to help with the Landing Zone process, and any great deployment is likely to be built on these. It’s worth noting, these aren’t by any means exhaustive, but I wanted to call these out specifically based on my experience of using them. For each area below, I have included an overview, and why I think these are a great example of resources to use for a Landing Zone, and provided links to relevant documentation.

1. Accelerators

Accelerators are a great way to enhance the speed of delivering the Landing Zone that you require – providing an IAC approach that standardises and provides an easy path forward for specific Landing Zones, of both Platform and Application. As well as the application specific accelerators I covered earlier in this article, Platform accelerators are also available and provide additional assistance:

Azure Landing Zone Accelerator Approach
Azure Landing Zone Accelerator Approach

You can read more about these Platform Accelerators here: https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/implementation-options#azure-landing-zone-accelerator-approach

2. Antipatterns

Antipatterns are a collection of missteps that should be avoided during Cloud Adoption. These missteps block and stifle innovation and adoption – and many create blockers that can prevent success in a Cloud Environment. As well as a comprehensive list of these antipatterns to avoid, Microsoft Learn provides guidance on resolving these:

Cloud Adoption Framework Antipatterns
Cloud Adoption Framework Antipatterns

Resolving the antipattern:

You can read more about Antipatterns, and each in detail, here: https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/antipatterns/ready-antipatterns

3. Skills Readiness

Skills readiness is as critical as any other aspect during Cloud Adoption. Without the right skills, adoption of any new technology usually fails or becomes delayed. It’s worth noting that Skills readiness is covered as a core aspect of the Cloud Adoption Journey, within the Cloud Adoption framework here: https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/strategy/suggested-skills

I’ve spoken to countless organisations as part of my day job who are adoption Cloud – and Skills Readiness is always a key priority during my engagements. Having the right skills sets in place sets organisations and teams up for success. Thankfully there are lots of great resources to help. A recommended starting point is always with Microsoft Learn, and the relevant Microsoft Technical Training and Certification. For those starting out in Microsoft Azure – the AZ-900 and AZ-104 certifications are a great path to follow.

4. Policy Policy and Policy

There’s a huge emphasis on the use of Policy with the Cloud Adoption Framework (CAF), starting with the definition and design from a Cloud Governance perspective. There simply isn’t enough time, or space on the page of this blog post to cover all of these aspects and considerations. However, the right place to start (as always) is with the relevant section of the CAF, here: https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/govern/.

5. Terraform and Bicep

During my session, I also spoke briefly about the use of Azure Bicep and Terraform when deploying Landing Zones. Both of these are IAC tools that enhance and optimise the process. For organisations already familiar with Bicep or Terraform, there are a huge range of benefits to continuing to use them when deploying Landing Zones, and the use of IAC generally can rapidly speed up the process, as well as providing enhancements around testing and development environments. I’ve personally used Terraform extensively, and have worked on environments using Terraform to provide rapid deployment, change tracking via GitHub/Azure DevOps, and pipeline based deployment. The use of IAC tooling also enhances the development and testing process – providing the ability to rapidly deploy these types of environments with ease. IAC tooling also provides tighter integration into wider tooling too – for example using pipelines to deploy environments on demand.

It is worth noting that Microsoft has a huge range of resources specifically created to help – including documentation, modules, videos and more. You can see more of these below, and in the resources section:

Also, if you are new to using Azure and Terraform – why not check out my Azure Terraform getting started guide? Click here. 

6. Subscription Vending

Subscription Vending is an element within the Platform Automation and DevOps area of the Cloud Adoption Framework (CAF). Subscription Vending aims to provide a programmatic way to issue Subscriptions to application teams, who need these for their workloads. By using Subscription Vending, the key concept of Subscription Democratisation can be achieved. Subscription Vending requires the right organisational approach and tooling to achieve – but once done, can provide a rapid way to respond to business needs, and growth.

Subscription Vending overview from Microsoft Learn
Subscription Vending overview from Microsoft Learn

Consider an organisation with multiple application teams, who all have differing Azure requirements. Providing a method to access Subscriptions quickly via an automated process frees up internal IT Teams from managing Subscription creation and setup – and wraps this in a programmatic method that provides self service, of defined Subscriptions that align to business standards and policy.

You can read more about Subscription Vending here: https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/subscription-vending

Resources

During the session, I also shared lots of Resources – most of those are links to Microsoft Learn, and various GitHub Repositories. You can find a full list of the resources shared below:

Thanks for reading!

Skip to content