Landing zone implementation options

Important

The Azure landing zones Implementation options section of the Cloud Adoption Framework is undergoing a freshness update.

As part of this update, we will be revising the table of contents and article content, which will include a combination of refactoring and consolidation of several articles. An update will be posted on this page once the work is completed.

Visit the new "Deployment options" section of the Azure Architecture Center for the latest Azure landing zone implementation content, including platform and application landing zones.

An Azure landing zone provides cloud adoption teams with a well-managed environment to run their workloads. Take advantage of the best practices described in landing zone design areas to build a strong foundation. You can then extend the foundation by implementing processes related to security, governance, and compliance.

Environment development approaches

There are two primary approaches. The choice will depend on how fast your teams can develop the required skills.

  • Start with the Azure landing zone accelerator: If your business requirements call for a rich initial implementation of landing zones with fully integrated governance, security, and operations from the start. If you need to, you can modify using Infrastructure-as-Code (IaC) to set up and configure an environment per your requirements. For IaC, your organization will require skills in Azure Resource Manager templates and GitHub.

  • Customize: If it's more important to build your environment to meet specific requirements, or develop internal skills. In this approach, focus on the basic landing zones considerations required to start cloud adoption. All technical and business requirements are considered complete when your environment configuration aligns with Azure landing zone conceptual architecture. You can then focus on enhancing your landing zone.

Important

Of the two approaches, the Azure landing zone accelerator is recommended because it's the quickest way to achieve a scaled-out and mature environment.

DTA-Button-ALZ

Beside the use of the Azure landing zone accelerator, there are use cases where organizations have specific business or technical requirements. For those cases, some customization might be needed.

To address the customization use cases, consider the implementation options given in this article. The options are intended for users with strong skills in technologies such as Azure Resource Manager, Azure Policy, DevOps tools, and third-party deployment tools. Those technologies are required for a solid foundation on which to build a landing zone.

Caution

The best practices used for customization will ultimately be aligned with the Azure landing zone. However, there's added investment in time and effort which might be justified to fit specific business requirements.

Finally, guidance in the Govern and Manage methodologies will build on top of your initial landing zones. The design of any Azure landing zone outline will likely require refactoring over time.

Implementation options

Here are some implementation options for landing zones keeping in mind the development approaches described above. Each implementation option in this table is designed for a specific set of operating model dependencies to support your organizations nonfunctional requirements. Every option includes distinct automation approaches and tools. Even though each option is mapped to a different operating model, they have common design areas. The difference is how you choose to implement them and the level of technical experience required.

Azure landing zone accelerator approach

Implementation option Description Deployment instructions
Enterprise-scale foundation Enterprise-ready platform foundation with all the necessary shared services to support the full IT portfolio, where connectivity can be added later as needed.

Design principles
Design areas
Dta-button
Readme: foundation
Readme: Network topology (Virtual WAN)
Readme: Network topology (hub-spoke)
Azure landing zones modular Modular approach using Bicep for deploying the core platform capabilities. Readme: Bicep modules
Enterprise-scale for small enterprises This reference implementation is meant for organizations that don't have a large IT team and do not require fine grained administration delegation models. Dta-button
Readme
Enterprise-scale for Azure Government Reference implementation that can be deployed to Azure Government Cloud. Dta-button
Readme
CAF enterprise-scale landing zone (Azure China 21Vianet regions) Reference implementation that can be deployed to Azure clouds in China. Dta-button
Deploy
Azure landing zones Terraform module Deploys an enterprise-ready platform foundation using Terraform. Use this option when managing your platform using Terraform and need to accelerate delivery of the recommended resource hierarchy and governance model. Shared services, network connectivity, and application workloads can be integrated into your deployment or managed independently. Readme
Microsoft Cloud for Sovereignty A sovereign landing zone uses the same code base as the Azure landing zone Bicep approach but has more orchestration and deployment automation capabilities. It also has Azure Policy initiatives and assignments to help meet sovereignty requirements for public-sector customers, partners, and independent software vendors (ISVs). Readme

Customize approach

Implementation option Description Deployment instructions
Partner landing zones Partners who provide offerings aligned to the Ready methodology of the Cloud Adoption Framework can provide their own customized implementation option.
Design principles
Find a partner

Next steps

To proceed, choose one of the implementation options shown in the preceding tables. Each option includes a link to deployment instructions and the specific design principles that guide implementation.