Hi Dominik Zemp ,
Thanks for the article. I found the best practices list and the high level architecture very valuable.
But I do not agree with the interpretation of "landing zone". From my perspective, a landing zone is a logical concept, not a specific subscription.
I know that Microsoft changed the definition this Jun 2020, and now the term is used in plural, which is more confused from my point of view (see references). Probably, because of that, a "physical implementation" for "landing zone" has emerged in the Microsoft architecture references. But we should to have into account that the concept of landing zone is logical and applies to all cloud vendors. If you go to AWS, you will find the same concept, but you will not find a "Landing Zone Account".
I prefer the previous "Landing Zone" definition from Microsoft:
A landing zone is *the output* of a well-architected, multi-subscription Azure environment that accounts for scale, security, governance, networking and IAM (Identity and Access Management). Landing zones enables application migrations and greenfield development at an enterprise scale in Azure. When the adoption team uses a landing zone, all platform resources that are required to support the customer’s portfolio have already been considered. As a result, the team can safely deploy IaaS, PaaS, or hybrid solutions with greater confidence.
Please, don't use "landing zone" for naming subscriptions. I hope I don't find a lot of "Landing Zone" client subscriptions in the future.
Thanks.
Juan Ramón Cabrera
Cloud Solutions Architect
Reference:
- Landing zone definition change: https://github.com/MicrosoftDocs/cloud-adoption-framework/commit/4680581e36aa7d22e6307f01f3d9d03e779490dc#diff-6154dd1b39240c24706b8554503c44f7
- Current landing zone definition: https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/
- AWS Landing Zone: https://aws.amazon.com/solutions/implementations/aws-landing-zone/