Cloud is touted as a new age computing, especially now with its popularity as number of enterprise workloads migrated to cloud are rising exponentially. The agility, flexible financial model and productivity with cloud platforms has accelerated this move, making it imperative for enterprises to have the right strategy in place. When planning a cloud migration and an adoption strategy, it is important to create an effective operational and governance model that is connected to business goals and objectives. At this point, building an efficient cloud landing zone plays a big role. In this article we will take a deeper look into why having a cloud landing zone is a key foundation block in the cloud adoption journey. We will also elaborate on the building blocks for creating a mature landing zone.
The cloud landing zone is an environment configured for desired standards and best practices that provides foundational capabilities for workloads that are deployed in the cloud. What are these foundational capabilities? Think of any application deployment platform and identify the following attributes:
A landing zone deployment will contain all of these attributes to create a secure, scalable and operationally efficient environment in cloud where workloads can be deployed and managed.
Now, you must be thinking, isn’t this obvious? These concerns existed prior to the era of cloud, so what changed? Well, the change is the arrival and proliferation of cloud as the new way of running IT. Cloud platforms have made it easy to build, deploy and run apps in virtually no time. Consider that you can:
Imagine if you had to manage to execute these activities in a traditional data center. While this new power of the cloud is quite liberating, such capabilities need to be dealt with carefully. Best practices indicate to make a conscious effort to create a “standardized,” “secured” and “maintainable” cloud environment. If different teams are given the freedom to deploy workloads with their own assumptions and understanding, they can harness the power of cloud, but that will lead to a few challenges, such as:
A cloud landing zone addresses all of these concerns. It allows enterprises to standardize cloud environments, so that teams deploying and managing workloads will experience consistency across ops instrumentation, access control, connectivity and other key concerns.
Building a landing zone, is therefore a starting point to meet the needs for any kind of cloud transformation journey. It effectively lays the groundwork and the platform on which cloud workloads are deployed and managed.
The landing zone is designed to implement the following foundation elements.
The landing zone must provide a streamlined approach to address and manage the tenancy / multiple cloud subscriptions and the overarching access management when using these constructs. This creates a centralized approach to manage user and application access in a consistent manner and allows streamlined governance per enterprise standards. In other words, the landing zone implements a pre-defined blueprint to define various access types, Role based Access Control (RBAC) as well as isolation of multiple cloud subscriptions to define the desired isolation and responsibilities.
The landing zone should be built to leverage existing identity management capabilities. Rather than creating a new Identity management repository, the identity repository is replicated into the cloud environment. This approach allows for existing identity management controls to be extended into the cloud environment. In addition, users can switch between cloud based and non-cloud applications in a seamless manner.
Most enterprises operate across multiple environments, cloud, and traditional data centers. Further, there may be clients that operate across multiple cloud platforms. In this instance, it is essential to build a uniform virtual network topology across these platforms to abstract the underlying complexities from the end user. The existing network topology is extended across each cloud platform, thereby providing a seamless, simplified logical network architecture. This approach creates the simplicity for application deployment and network isolation irrespective of the target environment.
One of the biggest challenges of adopting the full capabilities of the cloud is enforcing adequate security standards. The landing zone build out takes these standards into consideration by implementing and enforcing required controls in the cloud environment. This build out provides a single pane of glass for management and governance of security controls across environments. As part of this process, consistent architecture is deployed for concerns such as Edge Security, Threat Management, Vulnerability Management, Transmission Security, and others.
When planning cloud adoption extending existing policies and toolsets for Data Retention and Disaster Recovery is a key consideration. The landing zone takes into account the instrumentation required to meet the policy requirements. The actual design may or may not use the same toolset (there are many alternate cloud native options available), but the goal is to use have a common implementation to meet the policy requirements.
The landing zone automates the implementation of monitoring, engineering ops, governance. Additionally, a landing zone addresses cloud-specific concerns such as cost management and alerts, reactive scalability, and templated deployment. This facilitates an optimal/right sized environment that provides the optimal compute needed by the application workloads.
Infogain helps the enterprise build and deploy cloud landing zones as part of the overall cloud transformation journey. Infogain has an elaborate cloud transformation framework to help organizations migrate to cloud at scale. One approach for landing zone buildout is identifying common use cases and building a templated approach called “Patterns”. Patterns are a standardized definition of the work breakdown, effort needed to execute the implementation. Furthermore, the patterns are used with reusable deployment templates to deploy landing zones rapidly.