Auto-sync: 2026-04-21 17:12
This commit is contained in:
@@ -1,50 +0,0 @@
|
||||
---
|
||||
title: CTP Topic 34 Azure Landing Zone Architecture Overview
|
||||
type: source
|
||||
tags: [Azure, Landing-Zone, CTP]
|
||||
date: 2026-04-14
|
||||
---
|
||||
|
||||
## Source File
|
||||
- [[raw/Cloud & DevOps/Public-Cloud-Learning-Sessions/01_AWS-Landing-Zone/ctp-topic-34-azure-landing-zone-architecture-overview.md]]
|
||||
|
||||
## Summary
|
||||
- 核心主题:Azure Landing Zone 在 Micro Focus 的架构设计与实现
|
||||
- 问题域:云采用框架、订阅组织、访问管理
|
||||
- 方法/机制:Management Groups、Subscription 分离、Terraform Cloud 自动化、PIM 权限管理
|
||||
- 结论/价值:通过模块化、自动化的 Landing Zone 设计,各团队可独立部署工作负载,最小化跨团队依赖
|
||||
|
||||
## Key Claims
|
||||
- Azure Landing Zone 通过Management Groups 将组织划分为四个区域:Platform(平台)、Landing Zones(着陆区)、Decommission(退役)、Sandbox(沙盒)
|
||||
- Platform 包含 Identity Management(身份管理)和 Connectivity(连接)两个订阅,分别由专门团队管理,增强安全性
|
||||
- Connectivity 订阅作为所有入站和出站 Azure 流量的中心hub,集成 DDoS 防护和 Checkpoint 防火墙
|
||||
- Landing Zones 设计为可扩展、模块化、完全自动化的模板,为新项目提供标准化基础
|
||||
- Terraform Cloud 使用 Terraform States 管理订阅间的依赖关系,实现分层访问控制
|
||||
|
||||
## Key Quotes
|
||||
> "The core reason of these individual or isolated subscriptions is you are basically containing a subscription for a specific purpose." — 核心设计理念:每个订阅专注于特定用途,实现隔离和管控
|
||||
|
||||
> "This sandbox is an interesting one because these landings on subscriptions allows your workloads." — Sandbox 订阅为实验工作负载提供隔离环境
|
||||
|
||||
## Key Concepts
|
||||
- [[Management Groups]]:Azure 组织管理结构,类似于 Windows 父目录,用于组织订阅
|
||||
- [[Subscription]]:Azure 订阅,隔离的资源容器,每个订阅有特定用途
|
||||
- [[Terraform Cloud]]:HashiCorp 的云基础设施自动化平台,管理 IaC 状态和执行
|
||||
- [[PIM(Privileged Identity Management)]]:Azure 特权身份管理,控制提升权限的访问
|
||||
- [[Azure Landing Zone]]:云采用的起点架构,为工作负载提供安全的标准化基础
|
||||
|
||||
## Key Entities
|
||||
- [[Micro Focus]]:案例公司,正在实施 Azure Landing Zone
|
||||
- [[Kishore Garlopati]]:讲师,介绍 Azure Landing Zone 架构
|
||||
- [[Azure]]:Microsoft 公有云平台
|
||||
- [[Azure Active Directory]]:Azure 身份识别服务,用于用户认证
|
||||
- [[Checkpoint Firewall]]:企业级防火墙解决方案
|
||||
|
||||
## Connections
|
||||
- [[Azure]] ← hosts ← [[Azure Landing Zone]]
|
||||
- [[Azure Landing Zone]] ← uses ← [[Management Groups]]
|
||||
- [[Azure Landing Zone]] ← automates ← [[Terraform Cloud]]
|
||||
- [[Azure Active Directory]] ← authenticates ← [[PIM]]
|
||||
|
||||
## Contradictions
|
||||
- (暂无)
|
||||
Reference in New Issue
Block a user