Three and a half Roses

Set up your Azure cloud with Landing Zones

landing zone

A while back, someone pointed me to the Azure Landing Zones concept as an excellent way to organize an Enterprise Cloud environment in Azure.

Classic enterprise networks

In a classic enterprise network, you will find network segments like a DMZ for the front-end applications, another segment for back-end systems, and so on. Your enterprise network might look somewhat different, but you get the idea.

The segments also tend to be relatively static (i.e., don’t change much over time). Giving access to third parties outside the company is often a big no-no. And if it can be done, it is often complicated to set up.

We need a new way for the cloud

However, in the cloud, you often want to quickly integrate third-party SaaS solutions. You also need to give restricted (but convenient) access to parts of your cloud infrastructure to allow third parties to develop and install applications. “Restricted” is the keyword here because you don’t want the third-party developer to change anything to your firewalls, routing tables, or any other security-sensitive component. Still, you may want them to be able to spin up virtual machines or deploy containers.

Subscriptions, lots of subscriptions

That’s where the Landing Zone comes in. You organize your applications and resources by “grouping” them into Subscriptions. You can then regulate the access to these applications and resources based on the Subscriptions the user has access to. The picture below is a blueprint for such a setup. At the bottom-right, you’ll see a box for “Sandbox Subscriptions.” Those can be opened to third parties to develop innovative applications within the confines of your cloud. Since they don’t have access to -say- the Connectivity subscriptions, they won’t be able to modify the firewall configurations, for instance.

Conclusion

Make sure to set up your enterprise’s cloud using the concept of Landing Zones right from the start. Implementing it afterward is always possible, but you’ll have some migrations on your hand.  

You can download a Visio starter file (containing the diagram from the image above). Or, if you prefer, use an accelerator.

,
, ,

Posted by:

Patrice

Mobilista and Software Architect, with a penchant for Big Data and many many other things in life. This is a list of ramblings that may or may not be interesting to other people. Enjoy!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About Me

I’m an enterprise architect and have been passionate about Mobile and Architecture for years.

Many years I’ve been designing Mobile apps and back-ends.  Now I’m looking into the next shift: Big Data and Cloud and AI.  Combined with Mobile this is bound to give interesting architectural challenges.

Recent Posts