Merge pull request #266 from oracle-devrel/LZ_072023-4

simplifications

Author: cosmindev

landing-zones/README.md

@@ -1,29 +1,29 @@
-# LANDING ZONE FRAMEWORK
+# **Landing Zone Framework**
 
   
 
 
 Welcome to the **Landing Zone Framework (LZF)**. 
 
-The LZF is a set of assets that aim to **simplify the OCI onboarding experience** and **reduce OCI day-one and day-two efforts**. It provides **best practices**, and approaches covering the complete spectrum of OCI landing zones, from the **Standards** ones with the CIS LZ and OELZ to the **Tailored** approaches with IaC configurations.  
+The LZF is a set of assets that aim to **simplify the OCI onboarding experience** and **reduce OCI day-one and day-two efforts**. It provides **best practices** covering the complete spectrum of OCI landing zones, from the **standards** to  **tailored** approaches.
+
   
 
 
-| APPROACH  |  DESCRIPTION | ASSET  |  
-|---|---|:---:|
-| <a href="/landing-zones/standard_landing_zones/standard_landing_zones.md" ><img src="images/slz.png" alt= “” width="600" height=""></a>  | A standard landing zone is a **prescribed** approach to landing zones with a **guided setup** by the user, using an **existing IaC solution**. This is the recommended approach for initial landing zone deployments covering the most-common workload scenarios.  | **[VIEW](/landing-zones/standard_landing_zones/standard_landing_zones.md)** | 
-| <a href="tailored_landing_zones/tailored_landing_zones.md" ><img src="images/tlz.png" alt= “” width="600" height=""> </a>  | A tailored landing zone is a solution to **fit specific requirements** when the standard approach is not enough. It's an **IaC configuration-driven** approach, simple to set up, and is normally used to bridge with existing operating models, with fine-grained segregations of duties, strong network isolation, and heterogeneous workloads, among others.  |  **[VIEW](/landing-zones/tailored_landing_zones/tailored_landing_zones.md)** |   |  
+| APPROACH  |  DESCRIPTION | 
+|---|---|
+| <a href="/landing-zones/standard_landing_zones/standard_landing_zones.md" ><img src="images/slz.png" alt= “” width="600" height=""></a>  | **Prescribed** and **ready to use** solutions with a **guided setup** and  **IaC**. This is the recommended approach for initial landing zone deployments covering the most-common workload scenarios.  | 
+| <a href="tailored_landing_zones/tailored_landing_zones.md" ><img src="images/tlz.png" alt= “” width="600" height=""> </a>  | An approach to solve **specific requirements** when the standard is not enough. The  designs are transformed into a **configuration-as-code** solution, simple to set up, and used to scale/bridge with existing operating models,  fine-grained segregations of duties, strong network isolation, or heterogeneous workload   |  
 &nbsp; 
 
-If you're starting with landing zones, we recommend the following **decision process**:
-1. Start with the **standard** approach as they're full of best practices.
-2. If it needs adjustments or **extensions** on top of the prescribed design, customize it by code or manually. 
-3. If the design requires **structural changes** to the standard landing zone and a **scalable operating model**, use the **tailored** approach with IaC configuration (json/hcl).
+If you're **starting with OCI landing zones**:
+1. Start with a **standard** landing zone as they're full of best practices. If it needs adjustments or **extensions on top** of the prescribed design, customize it by code or manually. 
+2. If your design is very **specific**, requiring **structural changes** to a standard landing zone, and/or you need a **highly scalable operating model**, use the **tailored** approach.
 
 &nbsp; 
 
-The following support assets are also available for a better OCI experience:
-- [Resource Namining Conventions](/landing-zones/commons/resource_naming_conventions.md)
+The following **assets** are also available to improve the OCI landing experience:
+- [Resource Naming Conventions](/landing-zones/commons/resource_naming_conventions.md)
 - [User Identity Management](/landing-zones/commons/user_identity_management.md)
 - [Budgets and Tagging](/landing-zones/commons/budgets_and_tagging.md)
 

landing-zones/standard_landing_zones/standard_landing_zones.md

@@ -1,4 +1,4 @@
-# STANDARD LANDING ZONES
+# STANDARD LANDING ZONES (SLZs)
 
   
 
@@ -8,30 +8,27 @@
 
 ## 1. What Are Standard Landing Zones
 
-An SLZ is a **prescribed approach** to landing zones with a **guided setup**, that can be used in **self-service mode** by the user. To achieve this, a **set of configurations** are available with a predefined structure. This is the **recommended approach for initial landing zone deployments** covering the most-common workload scenarios. An SLZ can also be extended to implement specific requirements, but those extension resources would be manually created or by custom code.
+An SLZ is a **prescribed approach** to landing zones with a **guided setup**. To achieve this, a **set of configurations** are available with a predefined structure. This is the **recommended approach for initial landing zone deployments** covering the most-common workload scenarios. An SLZ can also be extended to implement specific requirements, but those **extension** resources, or **add-ons**, would be manually created or by custom code.
 
 Some characteristics of an SLZ:
 
 - It provides a set of **best practices** and a prescriptive approach to deploying secure landing zones.
 - It creates a **pre-defined** landing zone structure (compartments, networks, groups, policies, etc.)
 - It’s a **configurable** setup, with no design or implementation activities.
 - It provides a **secure footprint** to safely land and uses workloads.
-- It has an **automated deployment** with **public** and **free** code
-- It’s where you **start the journey** and later expand or extend toward specific requirements.
+- It has an **automated deployment** with **public** code
 
-Please note that there are several solutions that fit this model, see below.
 
   
 
 ## 2. What Are The Solutions Available
 
-Before starting, it's important to understand the existing OCI landing zone solution landscape. There are mainly two solutions to take into account:
+There are two solutions OCI Standard Landing Zones:
 
-  
 
-* **[CIS LANDING ZONE (CIS LZ)](https://docs.oracle.com/en/solutions/cis-oci-benchmark/index.html)**:  This reference architecture provides a Terraform-based landing zone template that meets the security guidance prescribed in CIS Oracle Cloud Infrastructure Foundations Benchmark. This LZ brings in the ability to provision multiple VCNs, either in standalone mode or as constituent parts of a Hub and Spoke architecture. The VCNs can either follow a general purpose standard three-tier network topology or are oriented towards specific topologies. 
+* **[CIS LANDING ZONE (CIS LZ)](https://docs.oracle.com/en/solutions/cis-oci-benchmark/index.html)**:  This solution provides a Terraform-based landing zone template that meets the security guidance prescribed in CIS Oracle Cloud Infrastructure Foundations Benchmark. This LZ brings in the ability to provision multiple VCNs, either in standalone mode or as constituent parts of a Hub and Spoke architecture. The VCNs can either follow a general purpose standard three-tier network topology or are oriented towards specific topologies. 
   * The current version is v2.x.
-  * The v3 is coming and a highly configurable set of terraform modules are already available to configure with json/hcl any landing zone structure. For more details refer to the [Tailored Landing Zones](/landing-zones/tailored_landing_zones/tailored_landing_zones.md) approach. 
+  * The **version 3** is coming and a highly configurable set of terraform modules are already available to configure with json/hcl any landing zone structure. For more details refer to the [Tailored Landing Zones](/landing-zones/tailored_landing_zones/tailored_landing_zones.md) approach. 
 
 
   
@@ -51,19 +48,22 @@ Find below an executive review of some key requirements that will influence the
 
 | DOMAIN  |  REQUIREMENT | SOLUTION  |  
 |---|---|---|
-| Segregation of Duties | A dedicated Network Team, Security Team, Database Team, and Applications Team, operating their respective resources is required| CIS LZ v2 |
-| Segregation of Duties | A dedicated Network Team, Security Team, and possibly a Team per Application operating their respective resources is required | OELZ v2 |
-| Isolation of Resources | A strong workload network isolation with NSGs is required | CIS LZ v2 |
-| Security | The OCI Tenancy CIS Validation embedded on the solution is required | CIS LZ v2 |
-| Security | The target tenancy doesn't have Identity Domains | CIS LZ v2 |
-| Cost | Starting with no initial OCI consumption is required | CIS LZ v2 |
+| **Segregation of Duties** | A dedicated **Network** Team, **Security** Team, **Database** Team, and **Applications** Team, operating their respective resources | CIS LZ v2 |
+| **Segregation of Duties** | A dedicated **Network** Team, **Security** Team, and possibly a Team per **Application** operating their respective resources | OELZ v2 |
+| **Networt** | A strong workload network isolation with **NSGs** is required | CIS LZ v2 |
+| **Security** | **CIS Compliant** solution with embedded **CIS validations** | CIS LZ v2 |
+| **IAM** | The target tenancy **without Identity Domains** | CIS LZ v2 |
+| **Cost** | Starting with **no initial OCI consumption** is required | CIS LZ v2 |
 
   
 
-For other design considerations (such as hub & spoke, several environments, ExaCS ready, etc.), both solutions will fit. If after reviewing the table above it's still not clear to identify a solution: 
-1. Visit [this asset](/landing-zones/commons/select_your_solution.pdf) for further consideration.
-2. Might be in the case that a customization is required for a standard landing zone, which should be treated as an extension of it, and **not** as rebuilding it into a different shape. Choose the solution that is nearer to the requirements.
+For other design considerations (such as hub & spoke, several environments, ExaCS ready, etc.), both solutions will tend to fit. Note the support model for both solutions is UPL 1.0. 
+
+If after reviewing the table above the solution is not clear: 
+1. Visit [landing zone landscape](/landing-zones/commons/select_your_solution.pdf) for further consideration.
+2. Might be the case that a customization is required for a standard landing zone, which should be treated as an extension of it, and **not** as rebuilding it into a different shape. Choose the solution that is nearer to the requirements.
 3. If it's required to rebuild/restructure a standard landing zone then  use it's recommended to use the [tailored landing zone](/landing-zones/tailored_landing_zones/tailored_landing_zones.md) approach.
+4. Reach out to us for a recommendation.
 
   
 
@@ -74,7 +74,7 @@ For other design considerations (such as hub & spoke, several environments, ExaC
 | STEP  |   DESCRIPTION | 
 |:---:|---|
 | 1 | Review the previous section | 
-| 2 | Review the [**landing zone landscape**](/landing-zones/commons/select_your_solution.pdf) for complementary **considerations for using and before using**.  |
+| 2 | Review the [**landing zone landscape**](/landing-zones/commons/select_your_solution.pdf) for complementary **considerations for using** and **before using**.  |
 |3 | Select the solution:<br>- For the **CIS LZ [start here](/landing-zones/standard_landing_zones/cis_lz_v2/cis_landing_zone_v2.md)**. <br>- For the **OELZ [start here](/landing-zones/standard_landing_zones/oelz_v2/oelz_v2.md)**.
 | 4 | If it's required a **custom design extending the standard landing zone**, there are three alternatives: <br>**a. OCI Console**: Update the resources after deploying the solution. The impact of this is operating the OCI landing zone with the OCI console, i.e., manually.<br>**b. Extended IaC**: Update the code to fit the needs and deploy the solution. The impact of this might be the effort and skills required. <br>**c. Tailored with IaC**: If it's required more design flexibility or the extensions break the standard solution and require structural changes, use the [tailored landing zone](/landing-zones/tailored_landing_zones/tailored_landing_zones.md) approach.