Tutorial: Create a data landing zone

In this tutorial, learn how to create a data landing zone by using the Deploy to Azure option in the Azure portal. Learn how to:

• Use the Deploy to Azure option
• Select settings and options for your deployment
• Validate deployment parameters
• Create the deployment

A data landing zone is a unit of scale in the enterprise-scale analytics architecture pattern. The benefits of using a data landing zone include regional deployments, clear separation of ownership, cost chargeback, and in-place data sharing within and across zones. You also can scale within a data landing zone by using cross-functional data integration and data product teams. The reference design offers a self-service approach for data product teams to overcome bottlenecks and the need for a central team for cloud service deployments. The data landing zone reference implementation creates a consistent setup inside an Azure subscription. It deploys storage accounts and data processing services like Azure Synapse Analytics, Azure Data Factory, and Azure Databricks.

What's deployed?

When you complete the deployment steps described in this tutorial, you deploy a setup in your Azure subscription like the one shown in the following diagram:

Note

Before you deploy the resources described in this tutorial, check the registration status of the required resource providers for your Azure subscription. For more information, see Resource providers for Azure services.

A data landing zone deployment uses these Azure services and resources:

• Azure Virtual Network, including network security groups and route tables
• Azure Key Vault
• Azure Storage Account
• Azure Data Lake Storage Gen2
• Self-hosted integration runtime (in Azure Data Factory)
• Log Analytics workspace (in Azure Monitor)
• SQL Server
• Azure SQL Database
• Synapse workspace (in Azure Synapse Analytics)
• Azure Databricks
• Azure Event Hubs

Supported regions

Not all services and features are available in all Azure regions. For this tutorial, we recommend that you use the zone-redundant storage replication option for all the central data lakes in your data landing zone. Because zone-redundant storage isn't available in all regions, we limit the regions that are available in the deployment template. If you plan to deploy to a region that's not listed here, change the setting in the corresponding Bicep files when you use the template to create a deployment in the Azure portal.

For this tutorial, select one of the Azure regions in the following list:

• (Africa) South Africa North
• (Asia Pacific) Australia East
• (Asia Pacific) Central India
• (Asia Pacific) Japan East
• (Asia Pacific) South India
• (Asia Pacific) Southeast Asia
• (Canada) Canada Central
• (Europe) France Central
• (Europe) Germany West Central
• (Europe) North Europe
• (Europe) UK South
• (Europe) West Europe
• (South America) Brazil South
• (US) Central US
• (US) East US
• (US) East US 2
• (US) South Central US
• (US) West Central 2
• (US) West US 2

Prerequisites

Before you begin setting up your deployment, make sure that you meet these prerequisites:

• Azure subscription. If you don't have an Azure subscription, create your Azure free account today.

• Permissions for the Azure subscription. You must have the User Access Administrator role or the Owner role.

• Deploy a data management landing zone. Before you begin, make sure you successfully deploy a data management landing zone. The data landing zone relies on Azure Private DNS zones that are deployed when you use the data management landing zone template. If you already have Azure Private DNS zones deployed, you can point to those zones. If you don't have Azure Private DNS zones deployed for the respective Azure services, deployment by using the data landing zone template fails. For more information, see the data management landing zone GitHub repository.

Set up the data landing zone deployment

You can use a one-click customized deployment template to deploy the data landing zone in your Azure subscription. The deployment template deploys all the required resources.

1. To deploy a data landing zone, select the Deploy to Azure button:

   

   The Cloud-scale Analytics Scenario - Data Landing Zone customized deployment template opens in the Azure portal.

2. In Data Landing Zone, select or enter the following information:

   Setting	Action
   Subscription	Select the Azure subscription to use for the data landing zone deployment.
   Location	In the dropdown, select one of the Azure regions that are supported for this scenario. If no organizational policies influence the region you choose, it's a good idea to choose a region that's physically close to you. For more information, see Supported regions.
   Environment	For this tutorial, select Development.
   Data landing zone prefix	Enter a unique string that's a maximum of 10 alphanumeric characters. The string is a unique prefix that's added to all resource groups and resources in the deployment.

   

   Select Next : General Settings.

3. In General Settings, select or enter the following information:

   Setting	Action
   Password	Enter a new password to create the required administrator password for Synapse workspaces, Azure SQL servers, and potentially for self-hosted integration runtimes that are hosted on a virtual machine scale set.
   Confirm Password	Reenter the password to confirm it.
   Connect to Purview Account	In the dropdown, select the Azure Purview account you want to use to connect Azure Synapse Analytics and Azure Data Factory.
   Deploy Self-hosted Integration Runtimes	Select Yes.
   Purview Self-hosted Integration Runtime Authentication Key	If you have a self-hosted integration runtime authentication key, enter or paste the key. If you don't have a key, complete the steps to create a self-hosted integration runtime for Azure Purview. Copy the key, and then paste the key here.

   

   Select Next : Connectivity Settings.

4. In Connectivity Settings, complete these steps:

   1. In the Data Management Landing Zone Virtual Network Configuration section, select or enter the following information:

      Setting	Action
      Data Management Landing Zone Subscription	Select the Azure subscription you use for the data landing zone deployment.
      Data Management Landing Zone Virtual Network	Select your data management landing zone virtual network to peer it with your data landing zone.
      Existing Firewall	Leave the default, Azure Firewall.
      Azure Firewall Subscription	Select the Azure subscription that has an Azure Firewall deployment. It should be the same subscription you use to deploy the data management landing zone.
      Azure Firewall	Select the Azure Firewall from the data management landing zone deployment. An example value is <DLZ-prefix>-dev-firewall.

      

   2. Under Private DNS Zone, select or enter the following information:

      Setting	Action
      DNS A-Records are deployed through Azure Policy	Select No.
      Subscription with Private DNS Zones	Select the Azure subscription you use to deploy the data management landing zone.
      Private DNS Zone Key Vault	Select privatelink.vaultcore.azure.net.
      Private DNS Zone DataFactory	Select privatelink.datafactory.azure.net.
      Private DNS Zone DataFactory Portal	Select privatelink.adf.azure.net.
      Private DNS Zone Blob Storage	Select privatelink.blob.core.windows.net.
      Private DNS Zone DFS Storage	Select privatelink.dfs.core.windows.net.
      Private DNS Zone SQL Server	Select privatelink.database.windows.net.
      Private DNS Zone MySQL Server	Select privatelink.mysql.database.azure.com.
      Private DNS Zone EventHub Namespace	Select privatelink.servicebus.windows.net.
      Private DNS Zone Synapse Dev	Select privatelink.dev.azuresynapse.net.
      Private DNS Zone Synapse SQL	Select privatelink.sql.azuresynapse.net.

      

   Select Review + create.

5. When the parameters are validated, select Create to start the deployment.

   

Deployment takes approximately 25 minutes to complete.

Next steps

Create a data product batch