You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: landing-zones/README.md
+3Lines changed: 3 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,6 +7,9 @@ Welcome to the **OCI Landing Zone Framework (LZF)**.
7
7
8
8
The LZF was created by the EMEA Landing Zone Specialists, collaborating with worldwide Oracle, customers, and partners, to **simplify the OCI onboarding experience** and **reduce OCI day-one and day-two efforts**. It provides **best practices** covering the complete spectrum of OCI landing zones, from the **standards** to the **tailored** approaches, including landing zone extensions for specific **workloads**.
9
9
10
+
Before starting we recommend viewing a [13-minutes video](https://www.linkedin.com/feed/update/urn:li:activity:7206600588216659968/) with EMEA OCI Landing Zones **approach** and **strategy**.
Copy file name to clipboardExpand all lines: landing-zones/commons/oci_landingzones_iac.md
+17-13Lines changed: 17 additions & 13 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -71,26 +71,23 @@ The next diagram depicts the key capabilities/benefits enabled by each building
71
71
## 3. The IaC Engine
72
72
73
73
74
-
The following Git repositories contain the Terraform engine that enables the IaC Configurable approach. For a high-level overview please refer to [OCI CIS Enhanced Modules](https://www.ateam-oracle.com/post/cis-landing-zone-enhanced-modules).
74
+
The following Git repositories contain the Terraform engine that enables the IaC Configurable approach. For a high-level overview please refer to [OCI CIS Landing Zone Modules](https://www.ateam-oracle.com/post/cis-landing-zone-enhanced-modules).
75
75
76
-
77
76
78
-
| REPOSITORY | OBJECTIVE | GIT |
79
-
|---|---|---|
80
-
|**Landing Zone Orchestrator**| Simplifies operations by providing the ability to relate several resource types from all the other modules into one consolidated operation (i.e., one plan/apply). |[View](https://github.com/oracle-quickstart/terraform-oci-landing-zones-orchestrator)|
81
-
|**Identity and Access Management**| Provides the ability to configure Compartments, Groups, Policies, Dynamic Groups, etc. |[View](https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-iam)|
82
-
|**Networking**| Provides the ability to configure all OCI Core Network Resources (e.g., VCNs, Subnets, Route tables, Security Lists, Network Security Groups, Gateways, etc.). |[View](https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-networking)|
83
-
|**Security**| Provides the ability to configure OCI Security Resources (e.g., Cloud Guard, VSS, Security Zones, Vaults, etc.). |[View](https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-security)|
84
-
|**Observability**| Provides the ability to configure OCI monitoring resources (e.g., Logging, Events, Alarms, Notifications, etc.). |[View](https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-security)|
85
-
| **Governance** | Provides the ability to configure OCI Tagging. | [View](https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-observability)
86
77
78
+
Name | Description
79
+
------------ | -------------
80
+
[OCI Landing Zones Orchestrator][oci-lz-orchestrator] | Provides the ability to declare and relate several resource from the modules below into one consolidated operation (i.e., one plan/apply).
81
+
[OCI Landing Zones IAM][oci-lz-iam] | Provides the ability to declare Compartments, Groups, Policies, Dynamic Groups, etc.
82
+
[OCI Landing Zones Network][oci-lz-network]| Provides the ability to declare all OCI Core Network Resources for any network topology.
83
+
[OCI Landing Zones Security][oci-lz-security] | Provides the ability to declare OCI Security Resources (e.g., Cloud Guard, VSS, Security Zones, Vaults, etc.).
84
+
[OCI Landing Zones Observability][oci-lz-observability] | Provides the ability to declare OCI monitoring resources (e.g., Logging, Events, Alarms, Notifications, etc.).
85
+
[OCI Landing Zones Governance][oci-lz-governance] | Provides the ability to declare OCI Tagging.
87
86
88
87
89
88
90
89
91
-
For **unitary examples** of usage please review the examples on each repository.
92
-
93
-
For **complete end-to-end examples** using the orchestrator and several other modules please refer to the [OCI Open LZ Blueprint](https://github.com/oracle-quickstart/terraform-oci-open-lz/tree/master/design) and [Runtime View](https://github.com/oracle-quickstart/terraform-oci-open-lz/tree/master/design#6-runtime-view).
90
+
For **unitary examples** of usage please review the examples on each repository. For **complete end-to-end examples** using the orchestrator and several other modules please refer to the [OCI Open LZ Blueprints](https://github.com/oracle-quickstart/terraform-oci-open-lz).
| **1. CIS OCI Landing Zone** | **XS-S** | <imgsrc="../images/slz_model1.jpg"alt= “”width="60"height="value"> | A simple landing zone model that meets the security guidance prescribed in CIS Oracle Cloud Infrastructure Foundations Benchmark and brings in the ability to provision a Hub and Spoke architecture. The VCNs can either follow a general purpose standard three-tier network topology or are oriented towards specific topologies. | [View](/landing-zones/standard_landing_zones/cis_lz_v2/cis_landing_zone_v2.md)
41
-
| **2. OCI Operating Entities Landing Zone** | **M-L** | <imgsrc="../images/slz_model2.jpg"alt= “”width="100"height="value"> | A landing zone model - with several flavors - that provides the ability to onboard one or several operating entities (OEs) into OCI, such as organization units, LoBs, customers, partners, OpCos, subsidiaries, or any type of managed services. It provides shared central services capabilities with a strong security posture and network segregation, with environments, projects, and platfoms adaptable for each OE. | [View](https://github.com/oracle-quickstart/terraform-oci-open-lz)
42
-
| **3. OCI Multitenancy Landing Zone** | **L-XXL** | <imgsrc="../images/slz_model3.jpg"alt= “”width="400"height="value"> | This landing zone model provides the ability to onboard several organizations into OCI introducing the multi-tenancy capabilities with tenancies for shared/central services (e.g., Connectivity Hub) and tenancies dedicated to complete enterprise organizations such as customers, countries businesses, sub-organizations, departments, etc. It's a highly adaptable blueprint with the concept of landing zone environments, workload environments, hub-hub models, projects, and platforms, providing the highest levels of segregation on OCI. This model fits any OCI flavor and it's ideal for the OCI DRCCs use cases. | Available On Demand
41
+
| **2. OCI Operating Entities Landing Zone** | **M-L** | <imgsrc="../images/slz_model2.jpg"alt= “”width="100"height="value"> | A landing zone model - with several flavors - that provides the ability to onboard **one** or **multiple** operating entities (OEs) into OCI, such as organization units, LoBs, customers, partners, OpCos, subsidiaries, or any type of managed services. It provides shared central services capabilities with a strong security posture and network segregation, with environments, projects, and platfoms adaptable for each OE. | [View](https://github.com/oracle-quickstart/terraform-oci-open-lz)
42
+
| **3. OCI Multitenancy Landing Zone** | **L-XXL** | <imgsrc="../images/slz_model3.jpg"alt= “”width="400"height="value"> | This landing zone model provides the ability to onboard several organizations into OCI introducing the multi-tenancy capabilities with tenancies for shared/central services (e.g., Connectivity Hub) and tenancies dedicated to complete enterprise organizations such as customers, countries businesses, sub-organizations, departments, etc. It's a highly adaptable blueprint with the concept of landing zone environments, workload environments, hub-hub models, projects, and platforms, providing the highest levels of segregation on OCI. This model fits any OCI flavor and it's ideal for the OCI DRCCs and Alloy use cases. | Available On Demand
Copy file name to clipboardExpand all lines: landing-zones/tailored_landing_zones/readme.md
+12-9Lines changed: 12 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -67,18 +67,21 @@ To learn how to **design**, **create**, and **run IaC configurations** we recomm
67
67
68
68
69
69
70
-
| STEP | DESCRIPTION | GUIDANCE |
71
-
|:---:|---|---|
72
-
| 1 |**Understand OCI core resources**, such as compartments, groups, policies, and network elements. They are the foundations of any OCI landing zone. |[OCI Foundations](https://mylearn.oracle.com/learning-path/become-an-oci-foundations-associate/108448)<br> [OCI Architect Associate](https://mylearn.oracle.com/learning-path/become-an-oci-architect-associate/108703) <br>[OCI Architect Professional](https://mylearn.oracle.com/learning-path/become-an-oci-architect-professional/108709)|
73
-
| 2 |**Review a Standard Landing Zone Design**: The **OCI Open LZ Blueprint** is a pedagogical and coherent end-to-end landing zone design. The **OCI Open LZ** is a reference of what a landing zone "looks like", and it's not prescriptive. The git repository contains also several useful resources and recordings to help with the next steps. |[OCI Open LZ Blueprint](https://github.com/oracle-quickstart/terraform-oci-open-lz)|
74
-
| 3 | **Design the Security View first**, with a focus on the tenancy structure and IAM, as all resources and access to them will be defined here. | [OCI Open LZ Security View](https://github.com/oracle-quickstart/terraform-oci-open-lz/blob/master/docs/OCI_Open_LZ.pdf)<br> [OCI Open LZ Draw.io](https://github.com/oracle-quickstart/terraform-oci-open-lz/blob/master/docs/OCI_Open_LZ.drawio)
75
-
| 4 | **Design the Network View**, with a focus on the network structure, connectivity, and isolation. | [OCI Open LZ Network View](https://github.com/oracle-quickstart/terraform-oci-open-lz/blob/master/docs/OCI_Open_LZ.pdf)<br> [OCI Open LZ Draw.io](https://github.com/oracle-quickstart/terraform-oci-open-lz/blob/master/docs/OCI_Open_LZ.drawio)
76
-
| 5 | If applicable, **design the Operations View**, and set up the cloud operating model. It can contain also monitoring and integrations with IT Systems. | [OCI Open LZ Operations View](https://github.com/oracle-quickstart/terraform-oci-open-lz/blob/master/docs/OCI_Open_LZ.pdf)
77
-
| 6 |**Learn** how to create and run **IaC configurations** with examples and exercises. |[OCI Learn LZ](https://github.com/oracle-quickstart/terraform-oci-open-lz/tree/master/examples/oci-learn-lz)|
78
-
| 8 | Create the **IaC configurations** for your design using the CIS Landing Zone Enhanced Modules.| [OCI Open LZ Rumtime View](https://github.com/oracle-quickstart/terraform-oci-open-lz/blob/master/docs/OCI_Open_LZ.pdf)<br> [CIS Landing Zone Enhanced Modules](https://www.ateam-oracle.com/post/cis-landing-zone-enhanced-modules)
70
+
| # | ACTIVITY | ASSETS| DESCRIPTION |
71
+
|---|---|---|---|
72
+
| **1** | **TRAINING** | [OCI Foundations](https://mylearn.oracle.com/learning-path/become-an-oci-foundations-associate/108448)<br> [OCI Architect Associate](https://mylearn.oracle.com/learning-path/become-an-oci-architect-associate/108703) <br>[OCI Architect Professional](https://mylearn.oracle.com/learning-path/become-an-oci-architect-professional/108709) | **Master OCI core resources**, such as compartments, groups, policies, and network elements. They are the foundations of any OCI landing zone.
73
+
| **2**| **PREPARE** | [EMEA OCI Landing Zones - Video](https://www.linkedin.com/feed/update/urn:li:activity:7206600588216659968/)| Understand OCI Landing Zones, **approach**, and **strategy** in **13 minutes**.
74
+
|**3**|**ENABLE**|[OCI Learn LZ](/addons/oci-learn-lz/readme.md)| Use the OCI Learn LZ exercises to understand how to **design** and **configure** OCI Landing Zones. |
75
+
|**4**|**SELECT**|[OCI Open LZ Blueprints](/README.md#the-blueprints-menu)| Select you prefered blueprint from the options above. |
76
+
|**5**|**DESIGN**|[One-OE](/one-oe/readme.md) </br> [Multi-OE](/multi-oe/readme.md) </br> [Network Hubs](/addons/oci-hub-models/readme.md)| Use the selected OCI Open LZ **blueprint** to design - in drawio - your functional, security, network, and operations view, with all the diagrams in a reusable format. For network use our **Hub Menu** to select your prefered topology. |
77
+
|**6**|**CONFIGURE**|[Declarative IaC](https://github.com/oracle-devrel/technology-engineering/blob/main/landing-zones/commons/oci_landingzones_iac.md)| Learn about the OCI IaC declarative approach and use the OCI Open LZ runtime **configurations** as your IaC templates. These configurations are easily adjustable to any other landing zone model. |
78
+
|**7**|**RUN**|[One-OE](/one-oe/readme.md) </br> [Multi-OE](/multi-oe/readme.md)| Run your configurations using **Terraform CLI** or **Oracle Resource Manager (ORM)** as described in the blueprint runtimes documentation. |
79
+
|**8**|**EXTEND**|[Workload Extensions](/landing-zones/workload_extensions/readme.md)| Extend your Landing Zone with ready-made pluggable workload extensions to reduce your time-to-production with OCI best practices. |
80
+
79
81
80
82
81
83
84
+
82
85
## 4. Other Considerations
83
86
84
87
Note that the **alternative** for not using the configurable approach described in [section 2.2](#2_2) is to **code your own solution**, from zero or reuse existing modules. The CIS Landing Zone Modules allow any configuration topology and allow to focus on business resources (workloads) instead of investing time coding to create OCI core resources. By using the recommended approach it's possible to avoid the **common pitfalls** associated with complex customizations:
0 commit comments