Azure Enterprise Scale Landing Zone Architecture View

Azure enterprise-scale Landing Zones – The why and when?

One of the most attractive things about the public cloud is the astonishing simplicity with which you can get started with your workloads. In Azure, all it takes is (someone’s) credit card and few mouse clicks on the Azure portal, and you might be up and running with your app running on Azure, right from within the convenience of Visual Studio Code (I should remind myself and anyone reading here that friends don’t let friends right-click publish!). However, just because the wild west is well within reach, doesn’t mean we should – as with all things associated with a sustainable, long-term investment, we would look at an Azure estate with a view to manage, monitor, and govern effectively, both to reduce the cost of future innovation and ownership.


Acknowledging this, Microsoft has made the Cloud Adoption Framework (CAF) for Microsoft Azure available for a good while now, which among many other things, specifically addresses the topic of “landing zone” – that’s cloud speak for a foundation/baseline cloud environment – a formal definition exists here. It’s interesting that major cloud providers call this a landing zone, which is a term derived from military – not entirely new phenomenon in IT though, DMZ anyone? However, coming back to the point, through CAF and it’s relatively more recent sister Well-architected framework (WAF, not to be confused with Web Application Firewall, context, context…) – Microsoft publishes some really high quality guidance around how to start and scale your cloud journey.

In June 2020, we saw the construct on Enterprise-scale landing zones (ESLZs) introduced to CAF. This actually prescribes a more opinionated, specific guidance around Azure landing zones, and specifically focuses on large enterprises (in case that wasn’t too evident from the name). As a professional services organisation working with large enterprises, we are quite excited with this development and think this is a welcome addition. For starters, it looks grand – which is always a great start! However, the following aspects stand out from the concept of ESLZs –

  • Firstly, it is very useful that ESLZ comes with a set of design principles, which is a great starting point to evaluate if this is something which suits the cloud strategy of an organisation. Is this for your organisation? “That depends”. Of course – it does. On what? This is always the million dollar question. These design principles give you an idea of whether your cloud strategy and vision are aligned – in which case ESLZ would serve your journey well.
  • We have started to regard Gregor Hohpe’s Cloud Strategy as a textbook around how an enterprise should adopt to, and gain the benefits of cloud. Building upon the principles and very practical views Gregor expresses throughout the book, autonomy, ongoing optimisations to “earn” cloud savings and IT organisational change emerge as themes of a winning cloud strategy which will earn you the benefits of migrating to the cloud. This is the very essence of ESLZs – organising your Azure estates in a way so you can provide autonomy to the various infrastructure and application teams while establishing guardrails through automation and policy.
  • The other aspect of ESLZs is the notion of Critical design areas and how they force you to think about the common, practical considerations for the Azure estate. These are critical design decisions, with their impact reverberating throughout the course of your Cloud journey – and having a clear set of considerations and recommendations help.
  • Finally, what does this mean in the wider subject of PlaformOps. While GitOps is a very Kubernetes aligned term thanks to its origin, the concept can certainly extended to Infrastructure as Code and how that can be leveraged to provide a continuous integration style infrastructure operations service. This blog extends the concept of ESLZs and policy driven governance to a PlatformOps level, with some specific illustrations of how this can work in practice.

All in all – we believe the ESLZs add a much-needed colour of the enterprise scale complexity on the already excellent CAF and WAF materials, and definitely merits explorations as part of a cloud journey.

At Eighty20 Solutions, our goal is to deliver technology transformations in a faster, simpler and more collaborative manner working with our clients. If you are looking at a cloud journey and are looking at partners who get in the trenches, work shoulder to shoulder with your team, and stay the course, while you help your organisation to sustain long-term, strategic technology investments, embrace change, and realise benefits – as opposed to leaving the teams grappling with shiny new technical debt – reach out to us today!