Since its inception, Oracle Cloud Infrastructure (OCI) has seen tremendous growth, launching more than 100 cloud services across more than 70 regions globally, supporting exponential demand from tens of thousands of customers that run their business on OCI. One thing that remains constant is the continued demand for faster, simpler onboarding to the cloud, with a solution that accelerates time-to-production with easy setup of secure best practices-based architectures with all the required service configurations.

To address this need, we’re delighted to announce the launch of the revamped, standardized OCI Landing Zones framework, now available on the new OCI Landing Zones GitHub organization, your one-stop shop to accelerating your OCI journey. This initiative brings together the best practices across all previous OCI Landing Zones solutions and implementations from product and worldwide field teams across Oracle. They converge on a single, unified strategy and standard framework to support all OCI services, use cases, and customer needs in an optimal, consistent, way.

Built on extendable modules, hardened architecture templates, and configuration best practices, the new framework dramatically improves ease-of-use, use case coverage, and consistency, even for complex topologies and regulation requirements. Let’s dive into what’s new in the OCI Landing Zones framework, what’s to come, and templates you can use today.

Landing zones help you start immediately

Let’s refresh our understanding of what landing zones are. Landing zones are ubiquitous across cloud providers, providing a framework to accelerate customer onboarding and provisioning of required cloud services for different architectures and use cases. OCI Landing Zones simplify the onboarding and running on OCI by providing design guidance, best practices, and infrastructure-as-code (IaC) Terraform-based templates. These templates help enable customers to easily provision a secure foundation in the cloud and then reliably scale as their workloads expand.

You can deploy OCI landing zones as a single stack for simple use cases or multistack with complex customization requirements. The landing zone provisions the OCI tenancies with all required cloud services, including identity, security, networking, observability, governance, along with those for the workloads. With Landing Zones, OCI customers can speed up time-to-production by reducing design and implementation efforts, costly trial-and-error, or steep learning curve.

What’s new in the revamped OCI Landing Zones framework

The new OCI Landing Zones framework is a strategic investment that consolidates previous disparate efforts into a single, unified, framework. The new standard is comprised of the following parts:

 

The new OCI Landing Zone framework included constructs for blueprints, core modules, extensions and workloads

 

  • Landing zones and blueprints: Landing zones have blueprints, which are the main artifact to onboard and run on OCI. Blueprints include a documented design and guidance, Terraform-based IaC templates, and recommended configurations for consistent provisioning. The templates are composed of the framework’s base modules. Customers select, configure, customize, and deploy the most suitable blueprint for their use case. Examples of these uses case include the OCI Center for Internet Security (CIS) Landing Zone and OCI Enterprise Landing Zone for provisioning the base tenancy –  two previous efforts that are now unified into the new OCI Core Landing ZoneOperating Entities Landing Zone, the new Zero Trust Landing Zone, SCCA Landing Zone for government workloads, and more. You can also deploy a wide variety of workloads on top of the landing zones that provision the base tenancy.

    All landing zones and workloads are tested to meet the CIS OCI Benchmark to help ensure a minimum-security baseline that you can easily verify by running the CIS Compliance Checking script.
     
  • Landing zone extensions: Provide capabilities that you can add to a deployed landing zone blueprint, such as hub-and-spoke network configuration, added multicloud connectivity, or extra controls that you can add to a certain service configuration.
     
  • Landing zone workloads: A workload is a self-contained and pluggable element that simplifies the onboarding of specific services or applications, such as Oracle Kubernetes Engine (OKE), Oracle Cloud VMware Solution, Exadata Database Service, E-Business Suite, and AI Services. Workloads are deployed on top of a landing zone and provide repeatable and best-practices infrastructure configuration for certain use cases.
     
  • Landing zones modules: All landing zones are composed from a set of secure Terraform-based modules that provision OCI Resources and include all available configurations for the service. The following modules are available:
    • Identity and Access Management (IAM) modules: Including compartments, groups, policies, dynamic groups, and identity domains. Together, they enable the logical organization of resources with segregation of duties and the ability to federate with your identity provider.
    • Networking modules: Enables the creations of any network topology using all OCI network core resources, such as virtual cloud networks (VCNs), subnets, and multitenancy hub-and-spoke design with workloads segregation. All these resources are ready to support multicloud or on-premises connectivity through FastConnect or a VPN.
    • Security modules: Cloud Guard is enabled as your security operations (SecOps) single pane of glass, including Vulnerability Scanning to help ensure a strong security posture from day 0.  Bastions, security zones, and vaults under the Key Management service are also available.
    • Observability and Monitoring modules: Provides the required visibility and control of your OCI resources, enabling events, alarms, logging, notifications, streams, and service connectors.
    • Governance modules: Deploys budgets and tags to help customer manage their tenancies.
    • Workloads modules: Enables the deployment of future workloads, with current support for OCI Compute and OKE.

Customers can deploy landing zones directly from GitHub, continuous integration and delivery (CI/CD), and the OCI Resource Manager service. Soon, landing zones will be available for easy deployment through the Oracle Cloud Console as part of the new OCI Fleet Application Management service, enabling a graphic user interface (GUI) experience with advanced controls around curation of standardized templates for the entire organization, complete with automated governance and drift detection. Customers can also use the new framework to build their own templates to meet their unique architectures, submit feature requests, and contribute to the code base.

Get started today!

The new standardized OCI Landing Zones framework has everything you need to accelerate your OCI journey, making it easier, repeatable, and consistent for all enterprises to build secure, scalable cloud environments in Oracle Cloud Infrastructure. The new framework is available on GitHub in early preview, and will be generally available soon. For more information, explore OCI Landing Zones on GitHub today. If you have any questions or comments, don’t hesitate to contact the authors or add a comment on GitHub!

Attending CloudWorld?

Learn more about the new Landing Zones framework and how to use it by attending the following talks or stopping by the Ask the Expert OCI demo pod at the expo hall: