What is an Azure Landing Zone?

With an Azure Landing Zone, you're creating a framework for your organization that enables you to efficiently perform and manage your cloud migration. Within a landing zone, you’ll select the parameters or guardrails that will be used to determine how to use your data and application in the cloud.  Landing Zones are the necessary building blocks for each successful cloud adoption strategy. You can compare this with building a new house, you need to have the resources in place before the actual construction.

Landing Zone considerations

The fundamental choices you will need to make in your Landing Zone will differ for each workload and for each organization. For example, if you are going to use Azure Compute, ensure you are maximizing your efforts in automating the management and administration of these systems. It’s also interesting to note that the step for using modern PaaS services are more often than not, is a lot smaller than you might initially expect. Depending on the workload type, you can directly leverage highly scalable and efficient Azure App Services, Container Instances, or Azure Functions. The Cloud Adoption Framework contains a handy decision tree that guides you through the possible options:

 

If you are considering setting up a hybrid environment, you should also directly include the networking requirements as part of your first Landing Zone. The usage of Azure Virtual Networks might be a requirement and you might also need a VPN Gateway or ExpressRoute to connect both worlds. When publishing services or apps to the outside world, consider using services like Azure Front Door, Application Gateway, or Traffic Manager and make them a part of your Landing Zone.

Governance is an easy topic to ignore but, is at least as important as the technical elements of your Landing Zone. Especially when setting up your first Landing Zone, you’ll need to make decisions with regards to the usage of policies, monitoring, cost management, and identity. To remain in control, also directly include primitives such as a naming convention, subscription design, resource groups, and the usage of management groups.

As you can see, there are a lot of choices to be made. Therefore always determine the scope and purpose of your Landing Zone first.

Start small and scale-up

After creating your first Landing Zone it’s important to keep improving, you have now reached the refactoring phase. Within this phase, you can focus on using more cloud-native tooling for monitoring and management or use Azure Lighthouse to create a single control plane to view and manage resources across multiple tenants. Part of this phase in your journey is to also look at the different failure modes in your environment and, improve by leveraging the usage of multiple instances or by switching to a Premium tier that might better suit your workload. In Azure, you also want to use horizontal scaling over vertical scaling where possible. If your dev/test and production systems are not completely separated or, if the same applies to frontend workloads like Web App and backend workloads like Web APIs this is also the phase to restructure these workloads.

Infrastructure as code

The Azure Portal is a great graphical interface when you are still learning how to use Azure. It offers great insights into the different options and how they relate to each other. Landing Zones, however, are created in code. Luckily there are several ways to convert what you have set up to Infrastructure as Code.