Azure landing zone for SCCA-compliant organizations.
Перейти к файлу
Brooke Hamilton 7d9aa3e12d
Update pr template (#429)
Co-authored-by: Glenn Musa <4622125+glennmusa@users.noreply.github.com>
2021-09-22 15:44:16 -04:00
.devcontainer add a Bicep implementation and remove bash scripts (#425) 2021-09-22 11:57:05 -04:00
.github Update pr template (#429) 2021-09-22 15:44:16 -04:00
.vscode add a Bicep implementation and remove bash scripts (#425) 2021-09-22 11:57:05 -04:00
docs add a Bicep implementation and remove bash scripts (#425) 2021-09-22 11:57:05 -04:00
src add a Bicep implementation and remove bash scripts (#425) 2021-09-22 11:57:05 -04:00
.gitattributes Update .gitattributes to use LF endings for *.sh (#292) 2021-07-13 16:36:02 -04:00
.gitignore add a Bicep implementation and remove bash scripts (#425) 2021-09-22 11:57:05 -04:00
CODE_OF_CONDUCT.md Initial CODE_OF_CONDUCT.md commit 2021-02-19 06:36:37 -08:00
CONTRIBUTING.md add CODEOWNERS file (#364) 2021-08-24 16:57:11 -04:00
LICENSE Initial LICENSE commit 2021-02-19 06:36:37 -08:00
NOTICE updated NOTICE to remove unused licenses (#321) 2021-08-02 10:48:09 -04:00
README.md add a Bicep implementation and remove bash scripts (#425) 2021-09-22 11:57:05 -04:00
SECURITY.md Updates to SECURITY.md (#58) 2021-03-03 16:25:38 -05:00
SUPPORT.md Added Microsoft CSS support information (#298) 2021-07-16 11:31:09 -04:00

README.md

Mission LZ

Mission Landing Zone is a highly opinionated template which IT oversight organizations can use to create a cloud management system to deploy Azure environments for their teams. It addresses a narrowly scoped, specific need for an SCCA compliant hub and spoke infrastructure.

Mission LZ is:

  • Designed for US Gov mission customers
  • Implements SCCA requirements following Microsoft's SACA implementation guidance
  • Deployable in commercial, government, and air-gapped Azure clouds
  • A narrow scope for a specific common need
  • A simple solution with low configuration
  • Written in Terraform and Linux shell scripts

Mission Landing Zone is the right solution when:

  • A simple, secure, and scalable hub and spoke infrastructure is needed
  • Various teams need separate, secure cloud environments administered by a central IT team
  • There is a need to implement SCCA
  • Hosting any workload requiring a secure environment, for example: data warehousing, AI/ML, and containerized applications

Design goals include:

  • A simple, minimal set of code that is easy to configure
  • Good defaults that allow experimentation and testing in a single subscription
  • Deployment via command line or with a user interface
  • Uses Azure PaaS products

Our intent is to enable IT Admins to use this software to:

  • Test and evaluate the landing zone using a single Azure subscription
  • Develop a known good configuration that can be used for production with multiple Azure subscriptions
  • Optionally, customize the Terraform deployment configuration to suit specific needs
  • Deploy multiple customer workloads in production

Scope

Mission LZ has the following scope:

  • Hub and spoke networking intended to comply with SCCA controls
  • Remote access
  • Shared services, i.e., services available to all workloads via the networking hub
  • Ability to create multiple workloads or team subscriptions
  • Compatibility with SCCA compliance (and other compliance frameworks)
  • Security using standard Azure tools with sensible defaults
Mission LZ Scope

Networking

Networking is set up in a hub and spoke design, separated by tiers: T0 (Identity and Authorization), T1 (Infrastructure Operations), T2 (DevSecOps and Shared Services), and multiple T3s (Workloads). Security can be configured to allow separation of duties between all tiers. Most customers will deploy each tier to a separate Azure subscription, but multiple subscriptions are not required.

Mission LZ Networking

Getting Started using Mission LZ

See our Getting Started Guide in the docs.

Product Roadmap

See the Projects page for the release timeline and feature areas.

Here's what the repo consists of as of May 2021:

Mission LZ as of April 2021

Contributing

This project welcomes contributions and suggestions. See our Contributing Guide for details.

Feedback, Support, and How to Contact Us

Please see the Support and Feedback Guide. To report a security issue please see our security guidance.

Trademarks

This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.