I am trying to setup the Infrastructure on Azure using the CAF. However, I have a requirement to deploy multiple instance of the Infrastructure specific to the Application(s), say Azure Synapse & it’s related components in Dev, Stage, Prod.
I am calling everything from the Root to Connectivity as Azure Landing Zone and Application specific deployment as Azure Vending machine as it deploys multiple instance. Is this fine?
What is the difference between Azure Landing Zone and Azure Vending machine?
2
Answers
It is almost the same, and yet it is not.
Landing Zones are your subscriptions where your workloads reside. A small environment you could call it. It includes multiple resources and is used in a larger scale to generate the Azure Landing Zone architecture.
Vending Machines are basically fully-working landing zone provisioning. A process for how you will deploy new landing zones via IaC (e.g. Terraform) that will support workload requirements. It is not just the subscription, but also the resources like VNet, Storage accounts, etc.
https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/
The term landing zone is a bit overloaded depending on the context it’s mentioned in. Based on the official definition Microsoft uses the terms
Azure Landing Zone (sometimes with an appended "Architecture", which I think clarifies it a lot) describes the entire set up of your Azure Tenant, e.g. your management groups, subscriptions etc. Think of it as "this is where the organization lands".
Platform Landing Zone to describe the subscriptions providing central functions like an Azure vWAN Hub managing on-prem connectivity for your entire org. Think of it as "this is where shared platform services land".
Application Landing Zone to describe the subscriptions where individual applications land. In a lift & shift setting this may be one big subscription hosting multiple apps in resource group, but for something more cloud-native you’d have a subscription for each. Think of it as "this is where an individual application team lands".
The Vending Machine‘s job is to provision new application landing zones. I find it useful to cut down the specific jargon a bit and think of it more in terms of capabilities, i.e. a vending machine gives you the capability to provision new environments for application teams in a multi-tenant Azure landing zone – so you can call the capability tenant provisioning. The vending machine is just an automated implementation for this type of task as a self-service workflow.