Azure Landing Zone Accelerator

The Landing Zone Accelerator is a good match for your needs, if your organization meets one or more of the following characteristics:

• The need for cloud infrastructure in your company is growing and more and more people and teams need access to the cloud and different use cases have to be taken into account.
• You already have the first workloads running in the cloud that you want to organize and transfer to consistent governance.
• You have already clarified the organizational requirements, that you are responsible for cloud integration (Azure) and also have the corresponding mandate (and, as an effect, access to administrative privileges in Azure).
• You want to build up and retain the skills in-house to secure and operate the cloud infrastructure so you remain independent
• You want to ensure that cloud accounts are secured according to specific rules (e.g. restrict certain services or locations, enforce encryption, etc.) and are set up according to the “everything as code” principle.
• While making the cloud compliant you still want to maintain the speed and flexibility of cloud technologies to foster innovation.
• The use of industry and manufacturer standards and best practices is important to you
• You benefit from the extensive experience of year-long experts in building highly scalable cloud governance solutions and want to adopt them for your company
• You currently want to put Azure into operation in a focused manner, and in the future you may also want to provide other cloud platforms in the company
• You may have been building a landing zone for some time, you finally want to get results, but the coordination with all stakeholders seems to drag on endlessly

Further, you need access to a cloud environment in Azure (e.g. an Azure Tenant) which we can use to build up the landing zone architecture within your organization.

We designed the landing zone accelerator to be an empowerment programme for a team of two roles:

1. An Architect who designs the system landscape to integrate the cloud.
2. An Engineer who implements the foundational cloud security and provisioning automations.

These can be two people or both roles combined in one person, but shouldn’t be more than three to ensure fast progression of the accelerator format.

Being in contact with other stakeholders can support small decisions along the way, however we explicitly refrain from time-consuming alignment meetings before we build something to collect feedback on. Rather, we create an MVP during the accelerator which you iteratively improve afterwards as stakeholders are available. To enable you to do so, we put all tools, workflows and foundations in place along the accelerator.

We help you to get set up your toolstack, understand the components and go step-by-step to bring all parts together. We focus on the essential parts of a landing zone architecture, e.g. the shared responsibility model, service and location restrictions, audit logs etc. to ensure you set basic security boundaries consciously before letting users into the cloud. That way, you control what users are able to do in the cloud and prevent forbidden behaviour.

Git and terraform are among the industry-standard tools when it comes to follow an IaC approach. Therefore, if you master these tools you can benefit from this state-of-the-art method of infrastructure management.

For your case, we offer an IaC Bootcamp that helps you get comfortable with tools like git and terraform. We’ll ensure you manage the necessary workflows to get along in the LZA and own your landing zone deployments afterwards.

Yes, we build the LZA workflows to be used in best practice IaC GitOps.

Yes, as the whole LZA approach is based on terraform and GitOps, you are able to insert your existing modules. That way, our setup is future-proof to add further support for more service or other platforms besides Azure at a later stage.

Yes, we have two specialized modules which focus on both cloud networking and on-premise connectivity. Building on the foundation we establish in the LZA, we will ensure to have basic networking services running after two additional weeks.

No, the LZA builds only on native platform tools and tooling available as Open Source without dependencies on further tooling. Of course, as our meshStack product is build on similar principles and technologies, we ensure you can smoothly migrate to this solution if you want to do so at some point.

We know that aligning with other teams (e.g. IAM, Security, Infrastructure etc.) is challenging in large organizations. After all, that is what stalls many companies’ cloud journeys. That is why we follow a different approach: We implement a working landing zone architecture (based on the Azure Enterprise Scale Framework) to show hands-on how the parts work together. Instead of talking about powerpoint slides, we deliver a workable and self-documenting technical artifact.

With the implementation in hand (e.g. a landing zone with existing service policies), we ask other stakeholders for their specific feedback. Moving target discussions therefore converge to questions like: “Is this sufficient? If not, what do we need to add or change?”. This way, we talk about specific requirements which are actionable. We move forward and get into a mode of iterative improvements, eventually succeeding in an aligned green-lighted landing zone.

That way, we progress fast together during the Landing Zone Accelerator and create the prerequisites for continuous stakeholder alignment afterwards in a realistic timeframe for your organization.

You will be able to operate and maintain a foundational Azure landing zone. This includes all workflows for a proper Infrastructure-as-Code (IaC) approach. From there, you can start to extend the policies on your own. Use the Cloud Foundation Maturity Model (CFMM) and the Cloud Foundation community to define your path forward. Visit cloudfoundation.org for more information.

After the compact build phase with the Landing Zone Accelerator, next steps include:

• Tailoring landing zones to specific use cases (e.g. cloud-native or lift&shift workloads) to strike the optimal balance between security and application team empowerment
• Provide cloud environments to application teams on-demand to scale your company’s cloud adoption quickly
• Use the Cloud Foundation Maturity Model (CFMM) to inspire further creation of capabilities that are valuable to your organization.

With meshcloud, we specialize in the building and running of scaling cloud foundations. With our customers, we operate cloud infrastructure for thousands of users and projects. We build cloud foundations in many organizations in different stages of their cloud journey.

We are currently offering the LZA for Azure specifically as a pilot offering. If AWS or Google Cloud are your focus, please reach out to us with your request and let us know.

Please reach out to us with your question. We are happy to hear your feedback and provide the answers.