As stated in my previous blog, Cloud Adoption Framework is all about bringing together different departments and people to outline a business plan for moving all or some of their resources into the cloud and this is done by following the seven different phases.
But what are the different Landing Zone architectures that can be adopted? They are:
- Foundation
- Enterprise Scale
So, what is the difference and benefits of each? We start with the Foundation architecture.
Foundation
This architecture is designed for companies that are just starting out on the road to putting their resources into the cloud, following the ‘start small and expand’ option which does not put too much emphasis on cost at the start.
The basic principle of the Foundation architecture is to deploy Azure services into one Azure subscription and then separate those services that all have the same function into their own Resource groups, which you can see below taken from Microsoft CAF documentation.
https://docs.microsoft.com/en-us/azure/governance/blueprints/samples/caf-migrate-landing-zone/
So, we have a resource group for Networking, one for Storage, Log Analytics, Key Vaults, etc.
Pro’s: Quick and easy deployment of resources into Azure to outline the ‘Foundation’ of your move into the cloud.
Con’s: – Security of access to the overall subscription is done at the root level, meaning that if you give someone access to do everything at the top, they can do everything against each resource, even if you don’t want them to have access to it.
Enterprise scale
This architecture is designed for companies that are big in size and require more granular control over each of their resources.
You would choose this option if your business requirements were expecting you to implement a high number of Azure services/resources into the cloud and on a large scale.
But here is the big difference and benefit of the Enterprise scale architecture; Resources that have the same function are built into their own separate Azure subscriptions, so as in our example you would have a subscription for networks, storage, etc., see below taken from Microsoft CAF documentation:
https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/enterprise-scale/architecture
Pro’s: more granular control can be implemented against each individual subscription – meaning that giving access to a user with owner rights in one subscription does not apply to another subscription.
Con’s: More administrative controls/structure is required on a subscription-by-subscription basis.
