Deploy a migration landing zone in Azure
A migration landing zone is an environment that has been provisioned and prepared to host workloads that are being migrated from an on-premises environment into Azure.
Deploy the blueprint
Before you use the CAF Migration landing zone blueprint in the Cloud Adoption Framework, review the following design principles, assumptions, decisions, and implementation guidance. If this guidance aligns with the desired cloud adoption plan, the CAF Migration landing zone blueprint can be deployed using the deployment steps.
This implementation option provides an opinionated approach to the common design areas shared by all Azure landing zones. See the assumptions and decisions below for addition technical detail.
This implementation option deploys a minimum viable product (MVP) to start a migration. As the migration progresses, the customer will follow a modular refactoring-based approach to mature the operating model in parallel guidance, using the Govern methodology and the Manage methodology to address those complex topics in parallel to the initial migration effort.
The specific resources deployed by this MVP approach are outlined in the decisions section below.
This implementation option doesn't take an inherent position on enterprise enrollment. This approach is designed to be applicable to customers regardless of contractual agreements with Microsoft or Microsoft partners. Prior to deployment of this implementation option, it is assumed that the customer has created a target subscription.
This implementation option assumes that the target subscription is already associated with an Azure Active Directory instance in accordance with identity management best practices
Network topology and connectivity
This implementation option creates a virtual network with subnets for gateway, firewall, jump box, and landing zone. As a next step iteration, the team would follow the networking decisions guide to implement the appropriate form of connectivity between the gateway subnet and other networks in alignment with network security best practices.
This implementation option creates a single landing zone, in which resources will be organized into workloads defined by specific resource groups. Choosing this minimalist approach to resource organization defers the technical decision of resource organization until the team's cloud operating model is more clearly defined.
This approach is based on an assumption that the cloud adoption effort will not exceed subscription limits. This option also assumes limited architectural complexity and security requirements within this landing zone.
If this changes through the course of the cloud adoption plan, the resource organization may need to be refactored using the guidance in the Govern methodology.
This implementation option doesn't implement any governance tooling. In the absence of defined policy automation, this landing zone should not be used for any mission critical workloads or sensitive data. It is assumed that this landing zone is being used for limited production deployment to initiate learning, iteration, and development of the overall operating model in parallel to these early stage migration efforts.
To accelerate parallel development of governance disciplines, review the Govern methodology and consider deploying the CAF Foundation blueprint in addition to the CAF Migration landing zone blueprint.
As the governance disciplines mature, refactoring may be required. Refactoring may be required. Specifically, resources may later need to be moved to a new subscription or resource group.
This implementation option doesn't implement any operations. In the absence of a defined operations baseline, this landing zone should not be used for any mission critical workloads or sensitive data. It is assumed that this landing zone is being used for limited production deployment to initiate learning, iteration, and development of the overall operating model in parallel to these early stage migration efforts.
As the operations baseline is developed, refactoring may be required. Specifically, resources may later need to be moved to a new subscription or resource group.
Business continuity and disaster recovery (BCDR)
This implementation option doesn't implement any BCDR solution. It is assumed that the solution for protection and recover will be addressed by the development of the operations baseline.
This initial landing zone includes the following assumptions or constraints. If these assumptions align with your constraints, you can use the blueprint to create your first landing zone. The blueprint also can be extended to create a landing zone blueprint that meets your unique constraints.
- Subscription limits: This adoption effort isn't expected to exceed subscription limits.
- Compliance: No third-party compliance requirements are needed in this landing zone.
- Architectural complexity: Architectural complexity doesn't require additional production subscriptions.
- Shared services: No existing shared services in Azure require this subscription to be treated like a spoke in a hub and spoke architecture.
- Limited production scope: This landing zone could potentially host production workloads. It is not a suitable environment for sensitive data or mission-critical workloads.
If these assumptions align with your current adoption needs, then this blueprint might be a starting point for building your landing zone.
The following decisions are represented in the landing zone blueprint.
|Migration tools||Azure Site Recovery will be deployed and an Azure Migrate project will be created.||Migration tools decision guide|
|Logging and monitoring||Operational insights workspace and diagnostic storage account will be provisioned.|
|Network||A virtual network will be created with subnets for gateway, firewall, jump box, and landing zone.||Networking decisions|
|Identity||It's assumed that the subscription is already associated with an Azure Active Directory instance.||Identity management best practices|
|Policy||This blueprint currently assumes that no Azure policies are to be applied.|
|Subscription design||N/A - designed for a single production subscription.||Create initial subscriptions|
|Resource groups||N/A - designed for a single production subscription.||Scale subscriptions|
|Management groups||N/A - designed for a single production subscription.||Organize and manage subscriptions|
|Data||N/A||Choose the correct SQL Server option in Azure and Azure data store guidance|
|Storage||N/A||Azure Storage guidance|
|Naming and tagging standards||N/A||Naming and tagging best practices|
|Cost management||N/A||Tracking costs|
Customize or deploy a landing zone
Learn more and download a reference sample of the CAF Migration landing zone blueprint for deployment or customization from Azure blueprint samples.
For guidance on customizations that should be made to this blueprint or the resulting landing zone, see the landing zone considerations.
After deploying your first landing zone, you're ready to expand your landing zone