We start the service design, collecting existing assets. This encompasses applications, licenses and contracts.
The definition of the landing zone is automated, using predefined deployment models. Models represent reusable patterns, such as certifying a server, authorizing a user or encrypting your data. We populate firewall rules based on inventory data, assign operator roles to resource types, and so on based on policies.
In order to utilise a model-driven approach, we have separated service definitions and resource descriptions, store dependencies in a graph database and avoid the complexity of managing infrastructure components through code repositories. Custom resources extend beyond the cloud provider defined scope, and include client specific commercial, as well as security controls.
A collection of predefined models include common controls, e.g. like defined in the CSA (Cloud Security Alliance) framework to accelerate the onboarding process, and to focus a project delivery on individual requirements. Categorising applications based on their consumption and communication profile helps to employ predefined models and common patterns. We distinguish between services, systems, and processes to determine the optimal hosting environment and allocate the right resources - dedicated, shared, physical, or virtual.
With our controller, a well structured application inventory leads automatically to the definition of a landing zone. Commercial optimization, security, and compliance checks before the launch of a service are possible by capturing dependencies in the graph.