Merge pull request #271 from oracle-devrel/LZ_072023-5

Lz 072023 5

Author: cosmindev

landing-zones/README.md

@@ -5,15 +5,15 @@
 
 Welcome to the **Landing Zone Framework (LZF)**. 
 
-The LZF is a set of assets that aim to **simplify the OCI onboarding experience** and **reduce OCI day-one and day-two efforts**. It provides **best practices** covering the complete spectrum of OCI landing zones, from the **standards** to  **tailored** approaches.
+The LZF was created by the EMEA Landing Zone Specialists, collaborating with worldwide Oracle to **simplify the OCI onboarding experience** and **reduce OCI day-one and day-two efforts**. It provides **best practices** covering the complete spectrum of OCI landing zones, from the **standards** to  **tailored** approaches.
 
   
 
 
 | APPROACH  |  DESCRIPTION | 
 |---|---|
-| <a href="/landing-zones/standard_landing_zones/standard_landing_zones.md" ><img src="images/slz.png" alt= “” width="600" height=""></a>  | **Prescribed** and **ready to use** solutions with a **guided setup** and  **IaC**. This is the recommended approach for initial landing zone deployments covering the most-common workload scenarios.  | 
-| <a href="tailored_landing_zones/tailored_landing_zones.md" ><img src="images/tlz.png" alt= “” width="600" height=""> </a>  | An approach to solve **specific requirements** when the standard is not enough. The  designs are transformed into a **configuration-as-code** solution, simple to set up, and used to scale/bridge with existing operating models,  fine-grained segregations of duties, strong network isolation, or heterogeneous workload   |  
+| <a href="/landing-zones/standard_landing_zones/standard_landing_zones.md" ><img src="images/slz.png" alt= “” width="500" height=""></a>  | **Prescribed** and **ready to use** solutions with a **guided setup** and  **IaC**. This is the recommended approach for initial landing zone deployments covering the most-common workload scenarios.  | 
+| <a href="tailored_landing_zones/tailored_landing_zones.md" ><img src="images/tlz.png" alt= “” width="500" height=""> </a>  | An approach to solve **specific requirements** when the standard is not enough. These LZs run with **configuration-as-code** and are used to scale/bridge with existing **operating models**, complying with fine-grained **segregations of duties**, strong **network isolation**, and heterogeneous **workloads**.  |  
 &nbsp; 
 
 If you're **starting with OCI landing zones**:

landing-zones/standard_landing_zones/cis_lz_v2/cis_landing_zone_v2.md

@@ -26,8 +26,8 @@ There are two deployment models described below.
 
 | DEPLOYMENT MODEL  | WHEN TO USE | GUIDELINES  |  EXAMPLES | 
 |---|---|---|---|
-| Oracle Resource Manager (ORM) | Use this option by default |[View](/landing-zones/standard_landing_zones/cis_lz_v2/orm/orm_configuration_guide.pdf)  | [Quick Start](/landing-zones/standard_landing_zones/cis_lz_v2/orm/samples/oci_cislz_configuration_example-quickstart_scenario.pdf)<br> [Production](/landing-zones/standard_landing_zones/cis_lz_v2/orm/samples/oci_cislz_configuration_example-production_scenario.pdf) |
-| Terraform Command Line | Use this option if you have advanced terraform skills or require code extensions |*Soon* | |
+| Oracle Resource Manager (ORM) | Use this option by default. |[View](/landing-zones/standard_landing_zones/cis_lz_v2/orm/orm_configuration_guide.pdf)  | [Quick Start](/landing-zones/standard_landing_zones/cis_lz_v2/orm/samples/oci_cislz_configuration_example-quickstart_scenario.pdf)<br> [Production](/landing-zones/standard_landing_zones/cis_lz_v2/orm/samples/oci_cislz_configuration_example-production_scenario.pdf) |
+| Terraform Command Line | Use this option if you have advanced terraform skills or require code extensions. |*Soon* | |
 
 A configuration for the ORM deployment can have the format of a document, with parameters/values per ORM step, while the Terraform Command Line can have the format of tfvars.
 
@@ -43,8 +43,8 @@ The guidelines below can be used and shared informally with the deployment team
 
 | DEPLOYMENT MODEL  | WHEN TO USE | GUIDELINES  |  
 |---|---|---|
-| Oracle Resource Manager (ORM) | Use this option by default | [Review Steps](/landing-zones/standard_landing_zones/cis_lz_v2/orm/orm_deployment_guide.pdf)<br>[Review Live Lab](https://apexapps.oracle.com/pls/apex/r/dbpm/livelabs/view-workshop?wid=3662) | 
-| Terraform Command Line | Use this option if you have advanced terraform skills or require code extensions | *Soon*
+| Oracle Resource Manager (ORM) | Use this option by default. | [Review Steps](/landing-zones/standard_landing_zones/cis_lz_v2/orm/orm_deployment_guide.pdf)<br>[Review Live Lab](https://apexapps.oracle.com/pls/apex/r/dbpm/livelabs/view-workshop?wid=3662) | 
+| Terraform Command Line | Use this option if you have advanced terraform skills or require code extensions. | *Soon*
 
 &nbsp; 
 

landing-zones/standard_landing_zones/standard_landing_zones.md

@@ -1,4 +1,4 @@
-# STANDARD LANDING ZONES (SLZs)
+# **Standard Landing Zones**
 
   
 
@@ -8,22 +8,22 @@
 
 ## 1. What Are Standard Landing Zones
 
-An SLZ is a **prescribed approach** to landing zones with a **guided setup**. To achieve this, a **set of configurations** are available with a predefined structure. This is the **recommended approach for initial landing zone deployments** covering the most-common workload scenarios. An SLZ can also be extended to implement specific requirements, but those **extension** resources, or **add-ons**, would be manually created or by custom code.
+A Standard Landing Zone (SLZ) is a  **prescriptive approach** to landing zones. To achieve this, a **set of configurations** are available with a predefined structure. This is the **recommended approach for initial landing zone deployments** covering the most-common workload scenarios. An SLZ can also be extended to implement specific requirements, but those **extension** resources, or **add-ons**, would be manually created or by custom code.
 
 Some characteristics of an SLZ:
 
-- It provides a set of **best practices** and a prescriptive approach to deploying secure landing zones.
+- It provides a set of **best practices** and a prescriptive solution to deploy secure landing zones.
 - It creates a **pre-defined** landing zone structure (compartments, networks, groups, policies, etc.)
 - It’s a **configurable** setup, with no design or implementation activities.
 - It provides a **secure footprint** to safely land and uses workloads.
-- It has an **automated deployment** with **public** code
+- It has an **automated deployment** with **public Infrastructure as Code (IaC)**.
 
 
   
 
 ## 2. What Are The Solutions Available
 
-There are two solutions OCI Standard Landing Zones:
+There are **two solutions** OCI Standard Landing Zones:
 
 
 * **[CIS LANDING ZONE (CIS LZ)](https://docs.oracle.com/en/solutions/cis-oci-benchmark/index.html)**:  This solution provides a Terraform-based landing zone template that meets the security guidance prescribed in CIS Oracle Cloud Infrastructure Foundations Benchmark. This LZ brings in the ability to provision multiple VCNs, either in standalone mode or as constituent parts of a Hub and Spoke architecture. The VCNs can either follow a general purpose standard three-tier network topology or are oriented towards specific topologies. 
@@ -48,22 +48,22 @@ Find below an executive review of some key requirements that will influence the
 
 | DOMAIN  |  REQUIREMENT | SOLUTION  |  
 |---|---|---|
-| **Segregation of Duties** | A dedicated **Network** Team, **Security** Team, **Database** Team, and **Applications** Team, operating their respective resources | CIS LZ v2 |
-| **Segregation of Duties** | A dedicated **Network** Team, **Security** Team, and possibly a Team per **Application** operating their respective resources | OELZ v2 |
-| **Networt** | A strong workload network isolation with **NSGs** is required | CIS LZ v2 |
-| **Security** | **CIS Compliant** solution with embedded **CIS validations** | CIS LZ v2 |
-| **IAM** | The target tenancy **without Identity Domains** | CIS LZ v2 |
-| **Cost** | Starting with **no initial OCI consumption** is required | CIS LZ v2 |
+| **Segregation of Duties** | A dedicated **Network** Team, **Security** Team, **Database** Team, and **Applications** Team, operating their respective resources. | CIS LZ v2 |
+| **Segregation of Duties** | A dedicated **Network** Team, **Security** Team, and possibly a Team per **Application** operating their respective resources. | OELZ v2 |
+| **Network** | Strong workload network isolation with **NSGs**. | CIS LZ v2 |
+| **Security** | **CIS Compliant** solution with embedded **CIS validations**. | CIS LZ v2 |
+| **IAM** | The target tenancy **without Identity Domains**. | CIS LZ v2 |
+| **Cost** | Starting with **no initial OCI consumption**. | CIS LZ v2 |
 
   
 
 For other design considerations (such as hub & spoke, several environments, ExaCS ready, etc.), both solutions will tend to fit. Note the support model for both solutions is UPL 1.0. 
 
 If after reviewing the table above the solution is not clear: 
-1. Visit [landing zone landscape](/landing-zones/commons/select_your_solution.pdf) for further consideration.
-2. Might be the case that a customization is required for a standard landing zone, which should be treated as an extension of it, and **not** as rebuilding it into a different shape. Choose the solution that is nearer to the requirements.
-3. If it's required to rebuild/restructure a standard landing zone then  use it's recommended to use the [tailored landing zone](/landing-zones/tailored_landing_zones/tailored_landing_zones.md) approach.
-4. Reach out to us for a recommendation.
+1. Visit [**landing zone landscape**](/landing-zones/commons/select_your_solution.pdf) for further consideration.
+2. Might be the case that a **customization** is required for a standard landing zone, which should be treated as an extension of it, and **not** as rebuilding it into a different shape. Choose the solution that is nearer to the requirements.
+3. If it's required to r**ebuild/restructure** a standard landing zone then  use it's recommended to use the [**tailored landing zone**](/landing-zones/tailored_landing_zones/tailored_landing_zones.md) approach.
+4. If none of the above is sufficient, reach out to us for a recommendation.
 
   
 

landing-zones/tailored_landing_zones/tailored_landing_zones.md

@@ -1,4 +1,4 @@
-# TAILORED LANDING ZONES 
+# **Tailored Landing Zones**
 
   
 
@@ -37,15 +37,15 @@ There are **two assets** for creating OCI tailored landing zones, one for **desi
 
   
 
-### 2.1 Design Blueprint
+### 2.1 Design - with a Blueprint
 To tailor a landing zone we recommend using the **[OCI Open LZ Blueprint](https://github.com/oracle-quickstart/terraform-oci-open-lz)**, which is a **reference solution** and a **repeatable design process**. It presents an end-to-end coherent solution - with the security, network, and operations views - of what an organization-wide landing zone looks like, with fine-grained segregation of duties, strong isolation of resources, and a scaleable operating model.
 
 The **benefits** of this blueprint is that it can be completely **adjusted and easily simplified** into any other type of landing zone, by following the design steps towards your needs.  Using this reference blueprint will help **create a day-two operational model ready to scale** - using the IaC solution presented in the next section.
 
 
   
 
-### 2.2 Configuration and Infrastructure as Code 
+### 2.2 Run - with Configuration and Infrastructure as Code 
 For this type of approach **we recommend** the use of the **CIS LZ v3 Terraform modules**, to **configure** the resources with *json/hcl* terraform native interfaces. 
 
 The **benefits** of using this approach is: 
@@ -95,7 +95,7 @@ The CIS LZ v3 Terraform modules are distributed into five repositories, as descr
 
 ## 4. Other Considerations
 
-Note that the **alternative** for not using the configurable approach described in section 2.1 is to **code your own solution**, from zero or reuse existing modules. The CIS v3 modules allow any configuration topology and allow to focus on business resources (workloads) instead of investing time coding to create OCI core resources. By using the recommended approach it's possible to avoid the **common pitfalls** associated with complex customizations:
+Note that the **alternative** for not using the configurable approach described in section 2.2 is to **code your own solution**, from zero or reuse existing modules. The CIS v3 modules allow any configuration topology and allow to focus on business resources (workloads) instead of investing time coding to create OCI core resources. By using the recommended approach it's possible to avoid the **common pitfalls** associated with complex customizations:
 - **Hard-coding**. Changing or adapting code to create a new landing zone different than the original is complex and time-consuming. This also means that any change to the landing zone will be executed by code and not configurations.
 - **Waste & Late Time-to-Value**. The time spent on adapting code, or re-coding over and over for the OCI landing/core resources is time wasted and not used on the business value/workloads.
 - **Limited Scaling**. Doing OCI changes manually can work for some tactical solutions, but it will always limit the scaling and add complexity and cost to the day-two operations. Note that, for example, CIS LZ creates 100+ OCI resources.