Building Landing Zones in Azure can often feel like navigating a maze, especially for Canadian Public Sector customers. With a foundation rooted in the Cloud Adoption Framework for Azure, this guide aims to simplify the process while ensuring compliance with stringent regulatory requirements.
Introduction
The reference implementation provided here serves as a roadmap for establishing Azure Landing Zones specifically tailored for Canadian Public Sector departments. This implementation is based on the Cloud Adoption Framework for Azure and adheres to ITSG-33 regulatory compliance guided by standards such as NIST SP 800-53 Rev. 4 and Canada Federal PBMM.
Architecture Overview
To get an in-depth view of the architectural design, please refer to the architecture documentation. You can deploy this architecture using Azure DevOps Pipelines, and you can adapt it for other automated systems like GitHub Actions or Jenkins. The automation itself is constructed with Project Bicep and Azure Resource Manager templates.
GC 30-Day Cloud Guardrails
As part of the Government of Canada’s Cloud Operationalization Framework, a set of minimum guardrails must be established within the first 30 days of launching a cloud environment. Check out the GC 30-Day Cloud Guardrails to see how the reference implementations align with these requirements.
We recommend deploying the Guardrails Solution Accelerator, which provides continuous audits of the cloud environment and a comprehensive workbook to reveal compliance statuses.
Onboarding to Azure DevOps
- Azure DevOps Setup: Guidance for creating and configuring your Azure DevOps environment.
- Azure DevOps Scripts: Scripts to simplify onboarding to the Azure Landing Zones design.
- Azure DevOps Pipelines: Manual steps for onboarding to the Azure Landing Zones design.
- Configuration Scripts: Guidance on scripts to streamline configuration.
Goals & Non-Goals
Goals:
- Support TBS Cloud Profile 3 for Cloud Only Applications.
- Establish a secure environment for Protected B workloads.
- Facilitate the adoption of Azure in Public Sector through onboarding various workloads.
- Simplify compliance management through a consolidated source of compliance, audit reporting, and auto-remediation.
- Enhance the agility of business processes through the deployment of DevOps frameworks.
Non-Goals:
- This implementation does not configure firewalls deployed as Network Virtual Appliances (NVA).
- It does not automatically approve Canada Federal PBMM or Authority to Operate (ATO).
- It does not ensure compliance with all Azure Policies upon deployment, due to the shared responsibility with customers.
Troubleshooting Tips
If you encounter issues during deployment or onboarding, consider the following troubleshooting ideas:
- Ensure that all Azure subscriptions are correctly configured and that proper access permissions are granted.
- Check your pipeline configurations to ensure that the Azure DevOps setups are aligned with the provided scripts.
- Refer to the documentation linked in this guide for specific issues related to guardrails or compliance.
- For more specialized assistance, joining forums or communities focused on Azure can provide additional insights.
For more insights, updates, or to collaborate on AI development projects, stay connected with fxis.ai.
Conclusion
At fxis.ai, we believe that such advancements are crucial for the future of AI, as they enable more comprehensive and effective solutions. Our team is continually exploring new methodologies to push the envelope in artificial intelligence, ensuring that our clients benefit from the latest technological innovations.