%3CLINGO-SUB%20id%3D%22lingo-sub-1595710%22%20slang%3D%22en-US%22%3EWhen%20to%20use%20Enterprise-Scale%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1595710%22%20slang%3D%22en-US%22%3E%3CP%3EI%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-architecture-blog%2Fenterprise-scale-for-azure-landing-zones%2Fba-p%2F1576575%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Eintroduced%20Enterprise-Scale%3C%2FA%3E%20in%20my%20first%20blog%2C%20which%20is%20part%20of%20the%20Cloud%20Adoption%20Framework%20(CAF).%20In%20this%20second%20blog%20I%20want%20to%20answer%20the%20question%20about%20when%20Enterprise-Scale%20should%20be%20adopted%2C%20compared%20to%20alternative%20solutions%3B%20%3CU%3Ein%20my%20own%20words%20and%20from%20my%20own%20view%3C%2FU%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EAzure%20landing%20zone%20and%20implementation%20options%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EOn%20the%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fcloud-adoption-framework%2Fready%2Flanding-zone%2Fimplementation-options%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3Eimplementation%20options%3C%2FA%3E%20we%20have%20a%20few%20information%20documented%20related%20to%20the%20question%20above%2C%20as%20follows%3A%3C%2FP%3E%0A%3CP%3E%E2%80%9C%3CEM%3EWhen%20business%20requirements%20necessitate%20a%20rich%20initial%20implementation%20of%20landing%20zones%2C%20with%20fully%20integrated%20governance%2C%20security%2C%20and%20operations%20from%20the%20start%2C%20Microsoft%20recommends%20the%20enterprise-scale%20approach.%3C%2FEM%3E%E2%80%9D%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHowever%2C%20I%20think%20this%20does%20not%20fully%20address%20the%20question%20about%20the%20when%2C%20as%20from%20my%20view%20the%20following%20must%20be%20take%20into%20account%20as%20well%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EThe%20culture%20of%20the%20organization%20(centrally%20IT-controlled%20vs%20DevOps%20empowered)%3C%2FLI%3E%0A%3CLI%3EThe%20cloud%20and%20DevOps%20maturity%20of%20application%20teams%3C%2FLI%3E%0A%3CLI%3EThe%20cloud%20maturity%20of%20the%20organization%E2%80%99s%20operating%20model%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EShould%20Enterprise-Scale%20be%20used%3F%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EIf%20an%20organization%20is%20very%20much%20IT-controlled%2C%20and%20there%20is%20a%20mandatory%20layer%20to%20enable%20a%20centralized%20IT%20team%20to%20control%20the%20entire%20cloud%20adoption%2C%20including%20all%20networking%20aspects%2C%20identity%2C%20security%2C%20monitoring%20for%20all%20applications%2C%20resource%20organization%20including%20subscriptions%20and%20resource%20groups%2C%20etc.%2C%20Enterprise-Scale%20might%20not%20be%20the%20best%20implementation%20options%20for%20Azure%20landing%20zones.%20This%20is%20due%20to%20the%20fact%20that%20such%20an%20IT-controlled%20approach%20would%20not%20align%20with%20the%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fcloud-adoption-framework%2Fready%2Fenterprise-scale%2Fdesign-principles%3FWT.mc_id%3Dazurecaf-webinar-thmaure%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3EEnterprise-Scale%20design%20principles%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3EIn%20contrast%2C%20if%20an%20organization%20embraces%20DevOps%20principles%20and%20methodologies%2C%20cloud%20democratization%2C%20empowers%20application%20teams%20to%20implement%20a%20DevOps%20approach%20(they%20own%20an%20application%20end-to-end)%2C%20Enterprise-Scale%20might%20be%20a%20very%20good%20fit.%20This%20is%20due%20to%20the%20fact%20that%20Enterprise-Scale%20considers%20a%20cloud-native%20way%20to%20build%20landing%20zones%2C%20which%20differs%20greatly%20from%20a%20traditional%20on-premises%20data%20center%20setup.%20One%20concrete%20example%20is%20the%20recommended%20approach%20to%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fcloud-adoption-framework%2Fready%2Fenterprise-scale%2Fnetwork-topology-and-connectivity%23plan-for-inbound-and-outbound-internet-connectivity%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3Eprotect%20web%20applications%20and%20web%20APIs%3C%2FA%3E%2C%20which%20in%20an%20on-premises%20data%20center%20would%20be%20completely%20owned%20by%20the%20central%20IT%20team.%20In%20Enterprise-Scale%2C%20though%2C%20the%20service%20used%20to%20protect%20web%20applications%20and%20APIs%20is%20part%20of%20the%20landing%20zone%2C%20therefore%20setup%20in%20a%20decentralized%20way.%20But%20of%20course%2C%20configured%20Azure%20policies%20(guard-rails)%20ensure%20the%20required%20configuration%20of%20the%20protection%20service%20(Azure%20Application%20Gateway%20and%20Azure%20Web%20Application%20Firewall%2C%20to%20be%20precise).%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-1595710%22%20slang%3D%22en-US%22%3E%3CP%3EEnterprise-Scale%20fits%20best%20with%20organizations%20that%20empowers%20DevOps%20and%20have%20a%20cloud%20modern%20operating%20model%20implemented.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1595710%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EApps%20%26amp%3B%20DevOps%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EInfrastructure%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Microsoft

I introduced Enterprise-Scale in my first blog, which is part of the Cloud Adoption Framework (CAF). In this second blog I want to answer the question about when Enterprise-Scale should be adopted, compared to alternative solutions; in my own words and from my own view.

 

Azure landing zone and implementation options

On the implementation options we have a few information documented related to the question above, as follows:

When business requirements necessitate a rich initial implementation of landing zones, with fully integrated governance, security, and operations from the start, Microsoft recommends the enterprise-scale approach.

 

However, I think this does not fully address the question about the when, as from my view the following must be take into account as well:

  • The culture of the organization (centrally IT-controlled vs DevOps empowered)
  • The cloud and DevOps maturity of application teams
  • The cloud maturity of the organization’s operating model

 

Should Enterprise-Scale be used?

If an organization is very much IT-controlled, and there is a mandatory layer to enable a centralized IT team to control the entire cloud adoption, including all networking aspects, identity, security, monitoring for all applications, resource organization including subscriptions and resource groups, etc., Enterprise-Scale might not be the best implementation options for Azure landing zones. This is due to the fact that such an IT-controlled approach would not align with the Enterprise-Scale design principles.

In contrast, if an organization embraces DevOps principles and methodologies, cloud democratization, empowers application teams to implement a DevOps approach (they own an application end-to-end), Enterprise-Scale might be a very good fit. This is due to the fact that Enterprise-Scale considers a cloud-native way to build landing zones, which differs greatly from a traditional on-premises data center setup. One concrete example is the recommended approach to protect web applications and web APIs, which in an on-premises data center would be completely owned by the central IT team. In Enterprise-Scale, though, the service used to protect web applications and APIs is part of the landing zone, therefore setup in a decentralized way. But of course, configured Azure policies (guard-rails) ensure the required configuration of the protection service (Azure Application Gateway and Azure Web Application Firewall, to be precise).