This document discusses using the Cloud Adoption Framework (CAF) Terraform modules to create Azure landing zones. It begins with an introduction to Azure landing zones and their purpose. It then discusses everything-as-code and using Terraform to deploy environments. The remainder of the document focuses on the benefits of using the CAF Terraform modules, including consistency, maintainability, reusability, and delivering value. It provides an overview of the core principles and fundamental building blocks of the CAF modules. Finally, it demonstrates how to get started with the CAF Terraform landing zones.
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018Amazon Web Services
In this session, we discuss how to deploy a scalable environment that considers the AWS account structure, security services, network architecture, and user access. We present an overview of the AWS Landing Zone solution, an automated solution for setting up a robust and flexible AWS environment designed from the collective experience of AWS and our customers. The AWS Landing Zone helps automate the setup of a flexible account structure, security baseline, network structure, and user access based on best practices. Future growth is facilitated by an account vending machine component that simplifies the creation of additional accounts. Learn how the AWS Landing Zone can ensure that you start your AWS journey with the right foundation. We encourage you to attend the full AWS Landing Zone track, including SEC303. Search for #awslandingzone in the session catalog.
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018Amazon Web Services
In this session, we discuss how to deploy a scalable environment that considers the AWS account structure, security services, network architecture, and user access. We present an overview of the AWS Landing Zone solution, an automated solution for setting up a robust and flexible AWS environment designed from the collective experience of AWS and our customers. The AWS Landing Zone helps automate the setup of a flexible account structure, security baseline, network structure, and user access based on best practices. Future growth is facilitated by an account vending machine component that simplifies the creation of additional accounts. Learn how the AWS Landing Zone can ensure that you start your AWS journey with the right foundation. We encourage you to attend the full AWS Landing Zone track, including SEC303. Search for #awslandingzone in the session catalog.
An Introduction to the AWS Well Architected Framework - WebinarAmazon Web Services
The AWS Well-Architected Framework enables customers to understand best practices around security, reliability, performance, cost optimization and operational excellence when building systems on AWS. This approach helps customers make informed decisions and weigh the pros and cons of application design patterns for the cloud.
In this one hour webinar, you'll learn how to use the AWS Well-Architected Framework to follow guidelines and best practices for your architecture on AWS.
The Ideal Approach to Application Modernization; Which Way to the Cloud?Codit
Determine your best way to modernize your organization’s applications with Microsoft Azure.
Want to know more? Don't hesitate to download our White Paper 'Making the Move to Application Modernization; Your Compass to Cloud Native': http://bit.ly/39XylZp
An Overview of Best Practices for Large Scale Migrations - AWS Transformation...Amazon Web Services
Whether you are moving a small application or entire datacenters, migrating to the cloud can be a complex process. In this session, we will share some of the common challenges that our customers face on their journey to the cloud and discuss how these challenges can be overcome. We will outline the patterns of success that we have observed from partnering with hundreds of customers on their large-scale migrations as well as highlight the mechanisms we have created to help our customers migrate faster.
About the Event:
AWS Transformation Day is designed for enterprise organizations migrating to the cloud to become more responsive, agile and innovative, while staying secure and compliant. Join us for this one-day event and we’ll share our experiences of helping enterprise customers accelerate the pace of migration and adoption of strategic services.
Who should attend?
This event is recommended for IT and business leaders who are looking to create sustainable benefits and a competitive advantage by using the AWS Cloud. CIOs, CTOs, CISOs, CDOs, CFOs, IT leaders and IT professionals, enterprise developers, business decision makers, and finance executives.
Cloud Migration Cookbook: A Guide To Moving Your Apps To The CloudNew Relic
The process of building new apps or migrating existing apps to a cloud-based platform is complex. There are hundreds of paths you can take and only a few will make sense for you and your business. Get a step-by-step guide on how to plan for a successful app migration.
Opinionated implementation of AWS Landing Zone - Best practices for automating AWS multi-account environment in your organization based on my past experience.
Is anyone interested in live webinar ?
Please write down in comments.
PS. I still have to add few more slides.
#hybridcloud #aws #cloud #devops #automation #cloudcomputing #vmware #kubernetes #teambuilding #bestpractices #cloudsecurity #automating #terraform #cloudformation #cloudnative
Mactores Cloud Assessment Suite is strategically made for enterprises who foresee cloud as a driving force for their business. We help enterprises identify applications and resources which are well suited for cloud and distinguish benefits to the enterprise in terms of ROI, Scalability and Agility.
Architect your app modernization journey with containers on Microsoft AzureDavide Benvegnù
Modernize your application with containers has never been easier! Discover how Azure helps providing all the services you need.
This slides deck has been created for the Microsoft Azure Developer Camp in HK
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...Amazon Web Services
In this workshop, we present best practices for establishing an AWS Landing Zone. We provide a demonstration of the automated AWS Landing Zone solution, and we show you how it builds a multi-account architecture that is enterprise-ready for application deployment and compliant with common operations, security, and procurement processes. You have the opportunity to modify the code for custom deployments. Leave the workshop with an understanding of the mechanism to update the AWS Landing Zone using a CI/CD pipeline, how to create new AWS accounts using the built-in account vending machine, and how the AWS Landing Zone solution components integrate to provide a secure, scalable starting environment for your cloud journey. We encourage you to attend the full AWS Landing Zone track. Search for #awslandingzone in the session catalog.
There are options beyond a straight forward lift and shift into Azure IaaS. What are your options? Learn how Azure helps modernize applications faster with containers and how you can use serverless to add additional functionality while keeping your production codebase 'clean'. We'll also learn how to incorporate DevOps throughout your apps lifecycle and take advantage of data-driven intelligence. Demo intensive session integrating the likes of Service Fabric, AKS VSTS and more.
While many organizations have started to automate their software development processes, many still engineer their infrastructure largely by hand. Treating your infrastructure just like any other piece of code creates a “programmable infrastructure” that allows you to take full advantage of the scalability and reliability of the AWS cloud. This session will walk through practical examples of how AWS customers have merged infrastructure configuration with application code to create application-specific infrastructure and a truly unified development lifecycle. You will learn how AWS customers have leveraged tools like CloudFormation, orchestration engines, and source control systems to enable their applications to take full advantage of the scalability and reliability of the AWS cloud, create self-reliant applications, and easily recover when things go seriously wrong with their infrastructure.
Overview session of Microsoft's Azure Service Fabric Overview (v1.5.175), delivered at AzurePT community event in Lisbon, held March 26. The session describes all the main components of the platform, with a focus on its architecture.
This presentation is about Platform as a Service, a category of cloud computing services that enables customers to develop, run, and manage applications without building and maintaining their own infrastructure. The presentation also contains an overview of public cloud application platforms, such as Google Cloud Platform, AWS, Microsoft Azure and more.
The presentation was held by Volodymyr Davydenko (Engineering Consultant, GlobalLogic) at GlobalLogic Kyiv DevOps Career Day on June 9, 2018.
An Introduction to the AWS Well Architected Framework - WebinarAmazon Web Services
The AWS Well-Architected Framework enables customers to understand best practices around security, reliability, performance, cost optimization and operational excellence when building systems on AWS. This approach helps customers make informed decisions and weigh the pros and cons of application design patterns for the cloud.
In this one hour webinar, you'll learn how to use the AWS Well-Architected Framework to follow guidelines and best practices for your architecture on AWS.
The Ideal Approach to Application Modernization; Which Way to the Cloud?Codit
Determine your best way to modernize your organization’s applications with Microsoft Azure.
Want to know more? Don't hesitate to download our White Paper 'Making the Move to Application Modernization; Your Compass to Cloud Native': http://bit.ly/39XylZp
An Overview of Best Practices for Large Scale Migrations - AWS Transformation...Amazon Web Services
Whether you are moving a small application or entire datacenters, migrating to the cloud can be a complex process. In this session, we will share some of the common challenges that our customers face on their journey to the cloud and discuss how these challenges can be overcome. We will outline the patterns of success that we have observed from partnering with hundreds of customers on their large-scale migrations as well as highlight the mechanisms we have created to help our customers migrate faster.
About the Event:
AWS Transformation Day is designed for enterprise organizations migrating to the cloud to become more responsive, agile and innovative, while staying secure and compliant. Join us for this one-day event and we’ll share our experiences of helping enterprise customers accelerate the pace of migration and adoption of strategic services.
Who should attend?
This event is recommended for IT and business leaders who are looking to create sustainable benefits and a competitive advantage by using the AWS Cloud. CIOs, CTOs, CISOs, CDOs, CFOs, IT leaders and IT professionals, enterprise developers, business decision makers, and finance executives.
Cloud Migration Cookbook: A Guide To Moving Your Apps To The CloudNew Relic
The process of building new apps or migrating existing apps to a cloud-based platform is complex. There are hundreds of paths you can take and only a few will make sense for you and your business. Get a step-by-step guide on how to plan for a successful app migration.
Opinionated implementation of AWS Landing Zone - Best practices for automating AWS multi-account environment in your organization based on my past experience.
Is anyone interested in live webinar ?
Please write down in comments.
PS. I still have to add few more slides.
#hybridcloud #aws #cloud #devops #automation #cloudcomputing #vmware #kubernetes #teambuilding #bestpractices #cloudsecurity #automating #terraform #cloudformation #cloudnative
Mactores Cloud Assessment Suite is strategically made for enterprises who foresee cloud as a driving force for their business. We help enterprises identify applications and resources which are well suited for cloud and distinguish benefits to the enterprise in terms of ROI, Scalability and Agility.
Architect your app modernization journey with containers on Microsoft AzureDavide Benvegnù
Modernize your application with containers has never been easier! Discover how Azure helps providing all the services you need.
This slides deck has been created for the Microsoft Azure Developer Camp in HK
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...Amazon Web Services
In this workshop, we present best practices for establishing an AWS Landing Zone. We provide a demonstration of the automated AWS Landing Zone solution, and we show you how it builds a multi-account architecture that is enterprise-ready for application deployment and compliant with common operations, security, and procurement processes. You have the opportunity to modify the code for custom deployments. Leave the workshop with an understanding of the mechanism to update the AWS Landing Zone using a CI/CD pipeline, how to create new AWS accounts using the built-in account vending machine, and how the AWS Landing Zone solution components integrate to provide a secure, scalable starting environment for your cloud journey. We encourage you to attend the full AWS Landing Zone track. Search for #awslandingzone in the session catalog.
There are options beyond a straight forward lift and shift into Azure IaaS. What are your options? Learn how Azure helps modernize applications faster with containers and how you can use serverless to add additional functionality while keeping your production codebase 'clean'. We'll also learn how to incorporate DevOps throughout your apps lifecycle and take advantage of data-driven intelligence. Demo intensive session integrating the likes of Service Fabric, AKS VSTS and more.
While many organizations have started to automate their software development processes, many still engineer their infrastructure largely by hand. Treating your infrastructure just like any other piece of code creates a “programmable infrastructure” that allows you to take full advantage of the scalability and reliability of the AWS cloud. This session will walk through practical examples of how AWS customers have merged infrastructure configuration with application code to create application-specific infrastructure and a truly unified development lifecycle. You will learn how AWS customers have leveraged tools like CloudFormation, orchestration engines, and source control systems to enable their applications to take full advantage of the scalability and reliability of the AWS cloud, create self-reliant applications, and easily recover when things go seriously wrong with their infrastructure.
Overview session of Microsoft's Azure Service Fabric Overview (v1.5.175), delivered at AzurePT community event in Lisbon, held March 26. The session describes all the main components of the platform, with a focus on its architecture.
This presentation is about Platform as a Service, a category of cloud computing services that enables customers to develop, run, and manage applications without building and maintaining their own infrastructure. The presentation also contains an overview of public cloud application platforms, such as Google Cloud Platform, AWS, Microsoft Azure and more.
The presentation was held by Volodymyr Davydenko (Engineering Consultant, GlobalLogic) at GlobalLogic Kyiv DevOps Career Day on June 9, 2018.
[Capitole du Libre] #serverless - mettez-le en oeuvre dans votre entreprise...Ludovic Piot
Tout comme le Cloud IaaS avant lui, le serverless promet de faciliter le succès de vos projets en accélérant le Time to Market et en fluidifiant les relations entre Devs et Ops.
Mais sa mise en œuvre au sein d’une entreprise reste complexe et coûteuse.
Après 2 ans à mettre en place des plateformes managées de ce type, nous partagons nos expériences de ce qu’il faut faire pour mettre en œuvre du serverless en entreprise, en évitant les douleurs et en limitant les contraintes au maximum.
Tout d’abord l’architecture technique, avec 2 implémentations très différentes : Kubernetes et Helm d’un côté, Clever Cloud on-premise de l’autre.
Ensuite, la mise en place et l’utilisation d’OpenFaaS. Comment tester et versionner du Function as a Service. Mais aussi les problématiques de blue/green deployment, de rolling update, d’A/B testing. Comment diagnostiquer rapidement les dépendances et les communications entre services.
Enfin, en abordant les sujets chers à la production : * vulnerability management et patch management, * hétérogénéïté du parc, * monitoring et alerting, * gestion des stacks obsolètes, etc.
Docker Datacenter Overview and Production Setup SlidesDocker, Inc.
An overview on Docker Data Center and Universal Control Plane. We will cover how to install for production and integrate Docker Trusted Registry.
Led by DDC + UCP Champ:
Vivek Saraswat
Experience Level: Attendees need no prior experience with Docker, but should be familiar with basic linux command-line.
Jelastic PaaS for Hosting companies, Telcos & MSPs. Jelatic allows hosting companies to enter to the DevOps market and monetize trendy Docker technology
Kaleido Platform Overview and Full-stack Blockchain ServicesPeter Broadhurst
Overview of the Kaleido Platform, and one-slide summaries of the Kaleido services.
Learn more about our full-stack services at:
https://marketplace.kaleido.io
Get started today at:
https://console.kaleido.io
Access our docs at:
https://docs.kaleido.io
Join our webinar on dealing with too many automation tools and platforms, and how the newest Cloudify 5.1 release brings in the Orchestrator of Orchestrators and how this helps.
Enterprise DevOps is different then DevOps in startups and smaller companies. This session how AWS/CSC address this. How AWS IaaS level automation via CloudFormation, UserData, Console, APIS and some PaaS OpsWorks/Beanstalk is complimented by CSC Agility Platform. CSC Agility adds application compliance and security to the AWS infrastructure compliance and security. CSC Agility allows for the creation of architecture blueprints for predefined application offerings.
Platform as a Runtime - PaaR QCON 2024 - FinalAviran Mordo
In this talk, Aviran will describe how http://Wix.com is pushing this trend even further to build its own Platform as a Runtime (PaaR) infrastructure that allows developers to develop faster, better with higher quality. By allowing nano deployments of different modules into a “SingleRuntime” inside a robust internal platform that handles many of the non-functional concerns developers are facing on a daily basis.
Azure Cloud Application Development Workshop - UGIdotNETLorenzo Barbieri
Based on Global Black Belt Azure CAD Workshop, this material was used during ugidotnet.org CAD Lab in June 2017.
Azure VMs, AppService, Functions, Logic Apps and Service Fabric were demoed during the day.
GIDS 2019: Developing Apps with Containers, Functions and Cloud ServicesPatrick Chanezon
Cloud native applications are increasingly composed of containers, serverless functions responding to events and managed cloud services. What is the best workflow and set of tools to provide a rapid, iterative development experience and to package applications using these three components?
This hand-on talk will compare and contrast several sets of tools and their associated workflows:
Using Docker Desktop, with its local Docker engine and Kubernetes cluster, with open source tools such as the Virtual Kubelet, or the Gloo hybrid app gateway, to build the most productive development inner-loop for these type of applications
OpenFaaS, Fn, or Nuclio open source serverless framework to run functions in containers locally
Telepresence to run a container locally, connected to a remote cluster
Helm and Draft
Knative
The talk will also cover how you can use the Cloud Native Application Bundle (CNAB) format and tools to package your applications and share them using a container registry.
Automated Serverless Pipelines with #GitOps on CodefreshCodefresh
**Watch the full presentation here: https://codefresh.io/automated-serverless-pipelines-with-gitops-on-codefresh/
Dan Van Brunt introduces you to Serverless, talks about common misconceptions and challenges, and then demos how he uses the Serverless Framework effectively alongside containers. He shares some of the advanced pipelines he's developed so you can replicate his workflow without building a pipeline from scratch!
Try Codefresh for FREE (120 builds/month) and get a free custom demo at Codefresh.io
Managing Software from Development to Deployment in the CloudCloudBees
CloudBees' Harpreet Singh and Vivek Panday give an introduction to managing and deploying Java applications in the cloud. The presentation covers...
- What’s the cloud and what's a PaaS?
- Criteria choosing a PaaS
- Demonstration of taking applications to the PaaS
- PaaS services available today
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
TechnicalTerraformLandingZones121120229238.pdf
1. Question and Answer
Have a question?
Reach out to our experts through the “Q&A” Chat Box below.
Microsoft Cloud Adoption Framework
for Azure
Optimize your organization with DevOps and
Terraform landing zones
2. Agenda
• Quick Introduction to Azure landing zones and architecture
blueprint
• Introduction to CAF Terraform landing zones concepts and
tools
3. Azure landing zones
Help customers set up their Azure environment—
for scale, security, governance, networking, and identity
Azure landing zones:
• Enable migrations and net new apps
• Consider all platform resources
• Don't differentiate between IaaS or PaaS
4. Azure landing zones
Design areas
ENVIRO NM E N T
Azure billing &
Active Directory tenant
Identity & access
management
Resource organization
Network topology
& connectivity
COMP LIA NCE
Security
Governance
Management
Platform automation
& DevOps
5. Azure landing zone—conceptual architecture
• Target end-state for the
majority of organizations
• Scaled-out, mature
environment
• Represents broad range of
Microsoft best practices for
Azure environment design
• Provides strong foundation
for organizations to
establish on-going
management, governance
and security processes
6. Everything-as-code
Stand up environments in the
fastest possible way
Remove the human element
and reliably and repeatable
deploy every time
Improve environment
visibility and improve
developer efficiency
Store your configuration
definitions alongside your
application code
7. Why Terraform for Azure landing zones?
• Declarative code: Collaboration
enabler among team members
• Providers and skills ecosystem
• State management and
operations predictability
• Version control
…
9. Why do I need a framework when I can just Terraform.exe?
Not everyone is a developer
It’s hard to ensure: consistency, readability,
maintainability, reusability
Immutable infrastructure requires: centralizing
knowledge, experience, features into Terraform
Deliver value to your customers, not modules!
State management and delegation in complex
organizations
11. Fundamental building blocks
Enterprise as
Configuration
Transparent
composition
Hierarchy and
delegation
Easy state
management
Developer
productivity
DevOps
Ubiquity
Whatever you
need, don’t
write code, just
configuration
files.
Read or Write
Terraform states
easily between
landing zones.
Proposed
hierarchical
model of
Terraform state
files allow
enterprise
composition
and delegates
innovation to
business units.
Just code, let
rover put the
sate at the right
place and
ensure its safety
and resiliency.
Run your code
on your laptop
or in your
pipelines – just
the same way.
Run on any
pipeline and
CI/CD.
12. production environment
Landing
zones logic
Ubiquitous Inner
feedback loop
Test
Debug
VSCode
Dev
subscription
rover
Azure Pipelines,
GitHub Actions,
etc.
Business tier
Web tier
Azure
Monitor
CI/CD
Seamless development experience
Landing
zones
configuration
dev, qa, etc. environment
Business tier
Web tier
rover
Windows
Linux
Mac
GitHub Codespaces
13. Level0
Compute
Node
TF State
MSI
/SP/
OID
C
RW
Core platform: Terraform State Management
Fundamentals (launchpad), Billing subscription role
delegation from EA or MCA.
Core platform: Connectivity components for Virtual
WAN, hub and spoke, ExpressRoute, etc., identity domain
controllers, management services.
Core platform: Enterprise-Scale management groups
and policies, Identity services, management services,
platform subscriptions creation and GitOps pipelines.
Application landing zone (managed by platform team),
subscription vending machine to create application
landing zone subscriptions and base services (resource
groups, Virtual Networks peering and delegated identities for
level 4).
Service
Principal
privilege
reduction
Identity
segmentation
CAF SRE Stack on Azure
Level1
Compute
Node
TF State
MSI
/SP/
OID
C
RW
Level2
Compute
Node
TF State
MSI
/SP/
OID
C
RW
Level3
Compute
Node
TF State
MSI
/SP/
OID
C
RW
Level4
Compute
Node
TF State
MSI
/SP/
OID
C
RW
R
R
R
R
Application landing zone (delegated to application teams)
platform ops solution accelerators (AKS, App Service,
Data analytics, etc.)
Platform control plane
Enterprise Scale, DevOps automation,
Identity, Management, Connectivity
Azure Subscription Vending
Machine
Landing zone factory, bridge to the platform,
solutions accelerators
Virtual network, RBAC mapping, backup
store and policies, delegated identities for
pipelines
Application landing zones Project custom code (business application)
Infrastructure IaC project specific
Databricks, Data factory, ML workspace,
AKS Kubernetes
14. Enterprise enrollment
Enrollment
Department
Account Subscription
A.
Azure Active Directory
• Service Principal(s)
• Security group(s)
• Users
Active Directory
On-premises
B.
Identity and access management
• Approval workflow
• Notifications
• MFA
• Access reviews
• Audit reports
Privileged Identity
Management
App/DevOps
Subscription manager
Other custom roles
Tenant root group
Contoso
Management groups
C. Management group and subscription organization
Decommissioned Sandbox
Landing zones
Platform
Identity Management Connectivity SAP Corp Online
Identity
subscription
Management
subscription
Connectivity
subscription
Landing zone
A1
Landing zone
A2
Decommissioned
subscriptions
Sandbox
subscription 1
Sandbox
subscription 2
Identity
subscription
Resource group(s)
DC 1 DC 2
Azure Key Vault
Recovery...
Azure
Monitor
Cost
Management
Role
entitlement
Policy
assignment
Network
Watcher
Security
Center
Management
subscription
Role
entitlement
Policy
assignment
Network
Watcher
Security
Center
Connectivity
subscription
VWAN Hub
Region 1
Role
entitlement
Policy
assignment
Network
Watcher
Security
Center
Dashboards
(Azure Portal)
Automation
account(s)
Log analytics
workspace
• Change tracking
• Inventory management
• Update management
• Dashboards
• Queries
• Alerting
Subset
On-premises systems
Azure DDoS
Standard
Azure DNS
• Shared services
• ExpressRoute
• VPN (P2S/S2S)
• Virtual WAN
Landing zone
subscription
Load
Balancer
Role
entitlement
Policy
assignment
Network
Watcher
Security
Center
Virtual
Network
DNS UDR(s) NSG/ASG(s)
Vnet peering
Azure
Key Vault
File Share
Recovery...
Dashboards
(Azure Portal)
Recovery
Services vault(s)
Shared
services
Application
Application
Application
VM SKU(s)
• Access credentials
• In-guest policies/DCS
• Backup policy
• Extensions
• Tagging
Compliant VM
Templates
Sandbox
subscription
Role
entitlement
Policy
assignment
Network
Watcher
Security
Center
Application
Application
Application
DevOps
Platform
DevOps Team
D.
E.
F.
H.
G.
Critical Design Areas
A.) Enterprise Agreement (EA) enrollment and Azure Active Directory tenants
B.) Identity and access management
C.) Management group and subscription organization
D.) Network topology and connectivity
E.) Management and monitoring
F.) Business continuity and disaster recovery
G.) Security, governance, and compliance
H.) Platform automation and DevOps
v DevOps Vnet Terraform States
(x)
Azure DevOps
Landing zones
- Code
- Configurations
Agent Pools Variable Groups
Virtual
Network
Terraform States
DevOps
Agents with MSI
DevOps
Agents with MSI
Terraform States
Key Vault
Landing zones
Pipelines
DevOps
Diagnostics
Key Vault
Analytics
Log Analytics
Vnet peering
Application
Azure AD
Custom Role
Managed
Identities
Rover
15. Build the Azure Platform
Enterprise Scale
Create the landing zones Deploy Solution landing
zone Accelerators
Overall process
19. Why using CAF module?
Bespoke vs Standard Terraform
Everyone can do a Terraform module
Difficult part #1: the integration work
Difficult part #2: adding capabilities, maintenance over time, and testing
IaC: Infrastructure-as-Configuration
Not everyone wants to write code, so -> configuration is the contract
Focus on deploying new features with preserved configuration
Tested and validated against regressions
Fully Declarative and Iterative
Just declare variable, we iterate and compose for you
20. CAF Terraform module capabilities
• #1 VERIFIED module for Azurerm and AzAPI
with 1 M provisions
• Fully Open Source
• 80+ contributors from Microsoft engineers,
partners and customers
• Iterative by design, works on all version of
Terraform starting 0.14 (up to current 1.1.3)
• Leveraging key-association pattern for easy
composition within all* Azure capabilities
• Useable with or without rover
aztfmod/caf/azurerm | Terraform Registry
22. Starter repository
Sample of configuration repository
Ready to be cloned and started
Typically in organizations: 1 repo for
platform, many repos for applications
Contains:
1. Rover version
2. Templates
Azure/caf-terraform-landingzones-platform-starter: CAF Terraform landing zone - platform configuration starter kit (github.com)
Azure/caf-terraform-landingzones-starter: Starter project for Cloud Adoption Framework for Azure landing zones on Terraform (github.com)
25. Getting started with CAF Terraform landing zones
• Explore the Azure landing zone section in CAF –
https://aka.ms/adopt/landingzones
• CAF Terraform landing zones documentation –
https://aka.ms/caf/terraform
• Explore the CAF Terraform modules in the Terraform registry –
https://aka.ms/terraformio
• Hashicorp: Industrialized Workflows - Using Microsoft CAF Patterns
and Terraform- Industrialized Workflows - Using Microsoft CAF Patterns
and Terraform (hashicorp.com)