Mission Landing Zone Edge is a highly opinionated template which IT oversight organizations can used to deploy compliant enclaves on Azure Stack Hub stamps. It addresses a narrowly scoped, specific need for an SCCA compliant hub and spoke infrastructure.
Mission LZ Edge is:
Mission Landing Zone Edge is the right solution when:
Design goals include:
Our intent is to enable IT Admins to use this software to:
If you are interested in Mission Landing Zone for your Hyperscale solutions, check out the Mission Landing Zone repo
Mission LZ Edge has the following scope:
Here's a summary of what Mission Landing Zone Edge deploys of as of February 2022:
Networking is set up in a hub and spoke design, separated by tiers: T0 (Identity and Authorization), T1 (Infrastructure Operations), T2 (DevSecOps and Shared Services), and multiple T3s (Workloads). Access control can be configured to allow separation of duties between all tiers.
Most customers will deploy each tier to a separate Azure subscription, but multiple subscriptions are not required. A single subscription deployment is good for a testing and evaluation, or possibly a small IT Admin team.
All network traffic is directed through the firewall residing in the Network Hub resource group. The firewall is configured as the default route for all the T0 (Identity and Authorization) through T3 (workload/team environments) resource groups.
The default firewall configured for MLZ edge is a single F5 BIG-IP VE. Review the Configuring F5 README for detailed instructions on how to configure the F5.
Prior to deploying the Mission Landing Zone Edge on a new install of Azure Stack Hub (ASH), the ASH marketplace must be populated with the necessary items to support the deployment. Review the Deployment Container README to set up Azure stack Hub with required artifacts.
Review the Deployment Guide for Mission LZ Edge.
See the Projects page for the release timeline and feature areas.
Here's a summary of what Mission Landing Zone Edge deploys of as of February 2022:
Azure Government
This project welcomes contributions and suggestions. See our Contributing Guide for details.
This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.