Azure
Landing Zone
Enables application migration, modernization, and innovation at enterprise-scale in the cloud.
Environment for hosting your workloads, pre-provisioned through code!
Azure Landing Zone is the result of a multi-subscription environment focused on Scale, Security, Governance, Networking, and Identity & Access Management.
Azure Landing Zone
Benefits at a glance
Security and Compliance
Public clouds provide enterprise grade multi-layer security across physical data centers, infrastructure, and operations. Rely on a cloud that is built with customized hardware, has security controls integrated into the hardware and firmware components, and added protections against threats such as DDoS.
Performance
Migrating to public cloud can improve performance and user experience. Global geographical presence of public cloud data centers reduces network latency, as the services on cloud can run near to the users.
Backup and Disaster Recovery
Public cloud provides enterprise grade backup and DR capabilities at very low cost. Unlike traditional on-premises DR, you only pay for the storage when the workloads are replicating and save cost on monitoring, patching, and maintaining the DR infrastructure.
Reduce Cost
Landing Zones provides public clouds work on Pay-as-you-go model, so no large upfront investments to setup the infrastructure. Also, cloud providers take over maintenance and upgrade, which reduces the cost of IT operations significantly.
Scalability
Services on cloud can scale up/out and down/in easily to meet the users and workload demand, more easily than on-premises infrastructure.
Compliant
One of the key driving factors of migrating to cloud for many organizations is they need to comply with legal and regulatory standards. Public clouds are equipped with many compliance certificates, specific to global region, countries, such as US, the European Union, Germany, Japan, United Kingdom, China, and India. Also, compliance specific to the needs of key industries, including health, government, finance, education, manufacturing, and media.
Azure Landing Zone
Our Approach
We deliver this engagement in the following two phases:
Phase 1 - Design
- Assist the customer in reaching design decisions for the implementation of the components under each design area, including Management Groups hierarchy, Subscriptions, Naming and Tagging, Identity and Access Management, Network design, Security, Compliance, and Governance, BCDR and Automation.
- Capture additional design requirements that are iteratively inherited.
- Finalize the Azure Landing Zone Design
- Conduct design workshops to present, discuss and explore initial Azure design proposals. The Design Workshops will align with the following 8 design areas of the Azure Landing Zone:
- Azure billing and Active Directory tenant
- Identity and access management
- Network topology and connectivity
- Resource organization
- Security
- Management
- Governance
- Platform automation and DevOps
Phase 2 - Implementation
- Network Topology and Connectivity
- Hub and Spoke network topology implementation
- Connectivity with on-premises, using Express Route or Site-to-site VPN
- Connectivity with all spoke’s networks in platform and application landing zones
- Network Security Groups
- User Defined Routs
- Management and Monitoring
- Azure Monitor -basic implementation
- Log Analytics workspace
- Centralized Key Vault for Management
- Security and Governance
- Default Security benchmark
- Cost Management and alerts
- Network security
- Microsoft Defender for Cloud
- Platform automation and DevOps
- Infrastructure as Code
- Platform Automation
- Azure Billing and Active Directory tenant
- Define and configure Azure AD tenant
- Multi-Factor Authentication
- Break-glass accounts
- Azure AD security and logging
- Subscriptions on-boarding as per the finalized billing model
- Identity and access management
- Implement hybrid identity for single sign-on
- Identity and Access for Platform Access
- Identity and Access for Landing Zones
- Resource organization
- Management Group hierarchy and subscription structure
- Naming and Tagging Standards
- Resource Groups
