MoreIQPlatform
Architecture
Azure Landing Zones
ALZ Version 1 (WIP) Last Review Date: August, 2024

Documentation Overview

covers:

Architecture

Overview

  • The More IQ Platform is an implementation of Azure Cloud Adoption Framework - Azure Landing Zone (opens in a new tab) architectural pattern.
  • By using the Landing Zone Accelerator we have created a secure hosting environment aligned with the Microsoft Well Architected Framework (opens in a new tab).
  • Each application or vendor would be provided a set of isolated subscriptions to host their workloads, ensuring strong cost and security governance controls while allowing freedom to populate their Landing Zones as required.
  • The following diagram shows the overall subscription topology along with vnet peerings.
    Management Group Subscription Topology
  • The next diagram overlays the subscription topology with the code repos that manage the infrastructure.
    Project and Repo topology

Access

  • Access to this site is for members of the MoreCore team, and permitted subcontractors.
  • Access is controlled via

Azure Landing Zones Bootstrap

  • The Azure Landing Zones Bootstrap utilises the ALZ Powershell Module to create the necessary Azure devops infrastructure and ADO repos and pipelines to support the Azure Landing Zones Accelerator.
  • The code is located in the More IQ Migration Project (opens in a new tab) in the landing-zone-bootstrap repo (opens in a new tab).
  • There are no pipelines for the landing-zone-bootstrap repo and the commands must be run locally on a developer's machine.
  • For a detailed guide on the operation of the Azure Landing Zones Bootstrap, see the documentation at ALZ Powershell Module (opens in a new tab).
  • The More IQ Platform bootstrap creates the project, repos, terraform source code, pipelines source code and service connections in Azure DevOps required for the Azure Landing Zone Acceleratror.
  • The More IQ Platform bootstrap creates the container registry, container instances, managed identities and role assignments in the management subscription to support the Azure Landing Zone Accelerator.

Azure Landing Zones Accelerator

  • The More IQ Landing Zones (opens in a new tab) project contains the repos, source code and pipelines for the Landing Zone Terraform.
  • The Landing Zone Terraform defines the management groups, subscriptions, managed identities, policies, hub networks, subnets to support the Azure Landing Zone.
  • The More IQ Landing Zones are configured for single region hub and spoke with no express route, firewall or VWAN.
  • The pipelines (opens in a new tab) implement a CI/CD workflow with PR approval process.

More IQ Landing Zones

  • The More IQ Landing Zones are a set of child subscriptions that have secure configurations.
  • Each workload is provisioned at least 2 subscriptions; production or non-production.
  • Each subscription inherits policies from the parent management groups.
  • Each subscription contains a spoke network peered to the regional hub for it's region.
  • Each subscription has centralised logging and monitoring, CSPM and SIAM via log analytics workspace, defender for cloud and sentinel.
Add a new Site to an AppManagement