Exactly what is an Azure Landing Zone?
Streamline your Azure cloud migration
Rinie Huijgen, Intercept
With an Azure Landing Zone you're actually creating a framework for your organization that enables you to efficiently perform and manage your cloud migration. Within a landing zone you’ll select the parameters or guardrails that will be used to determine how to use your data and application in the cloud. Landing Zones are the necessary building blocks for each successful cloud adoption strategy. You can compare this with building a new house, you need to have the resources in place before the actual construction.
Landing zone considerations
The fundamental choices you will need to make in your Landing Zone will differ for each workload and for each organization. For example if you are going to use Azure Compute, ensure you are maximizing your efforts in automating the management and administration of these systems. It’s also interesting to note that the step for using modern PaaS services are more often than not, is a lot smaller then you might initially expect. Depending on the workload type, you can directly leverage highly scalable and efficient Azure App Services, Container Instances or Azure Functions. The Cloud Adoption Framework contains an handy decision tree that guides you through the possible options:
If you are considering setting up a hybrid environment, you should also directly include the networking requirements as part of your first Landing Zone. The usage of Azure Virtual Networks might be a requirement and you might also need a VPN Gateway or ExpressRoute to connect both worlds. When publishing services or apps to the outside world, consider using services like Azure Front Door, Application Gateway or Traffic Manager and make them a part of your Landing Zone.
Governance is an easy topic to ignore but, is at least as important as the technical elements of your Landing Zone. Especially when setting up your first Landing Zone, you’ll need to make decisions with regards to the usage of policies, monitoring, cost management and identity. To remain in control, also directly include primitives such as naming convention, subscription design, resource groups and the usage of management groups.
As you can see, there are a lot of choices to be made. Therefore always determine the scope and purpose of your Landing Zone first.
Start small and scale up
After creating your first Landing Zone it’s important to keep improving, you have now reached the refactoring fase. Within this fase you can focus on using more cloud native tooling for monitoring and management or use Azure Lighthouse to create a single control plane to view and manage resources across multiple tenants. Part of this fase in your journey is to also look at the different failure modes in your environment and, improve by leveraging the usage of multiple instances or by switching to a Premium tier that might better suite your workload. In Azure you also want to use horizontal scaling over vertical scaling where possible. If your dev/test and production systems are not completely separated or, if the same applies to frontend workloads like Web App and backend workloads like Web API’s this is also the fase to restructure these workloads.
Infrastructuur as code
The Azure Portal is a great graphical interface when you are still learning how to use Azure. It offers great insights into the different options and how they relate to each other. Landing Zones however, are created in code. Luckily there are several ways to convert what you have set up to Infrastructure as Code. Intercept offers multiple (free of charge!) Fundementals workshops where we explain how to do achieve that. If you want to join a session, please look at our event calendar.
Do you want to learn more, please read the Go to market or Transformation areas articles. If you are you interested in migrating to a modern CSP subscription without any effort, you should also read the EA to CSP migration guide and always feel free to contact us.