New in OCI Landing Zones: Enhanced Deployment and Improved Separation of Duties

I’m excited to share the new release of OCI Core Landing Zone. The new version features enhanced deployment experience for faster provisioning, new extensions to simplify support for separation of duties, Generic Workload template to streamline application deployments on top of Core, and more. 

What are landing zones: 

OCI Landing Zones are well-architected, configurable Terraform automation templates designed to support a variety of use cases. They accelerate time-to-production on Oracle Cloud Infrastructure (OCI) while enabling a secure, compliant, resilient, and cost-effective cloud environment.  The OCI Core Landing Zone sets up the foundational tenancy and essential cloud services, delivering a CIS-compliant, optimized base in the cloud for subsequent application workload deployments.

Read on to learn about the new capabilities in this jam-packed release: 

Enhanced deployment experience: 

• Flexible configurations for faster rollouts: 
  For quick POCs, QuickStart deployments from the console, or for simple use cases, customers can now deploy the Core landing zone with pre-populated, CIS-certified default settings for Cloud Guard — bypassing security zones, service connectors, vulnerability scanning, and budget configurations. This helps speed up deployments, reduce complexity, and minimize user input. Customers requiring more granular controls can still update configurations for the different services provisioned by the landing zone as needed, 

• Free tier tenancy support:
  The Landing Zone can now be deployed to an OCI free tenancy. If selected, the Cloud Guard service and Security Zones would not be enabled to accommodate the limitations of the free-tier tenancy. 

Improved support for separation of duties with new IAM and Network Extensions: 

After deploying the Core landing zone to set up their base tenancy, customers usually assign specific admin teams to manage resources in their respective domains- often separating Identity/security admins from Network admins to meet segregation of duties requirements. 

 The new version of the Core landing zones introduces two new extensions: IAM and Network. These simplify support for SoD operations and easier extendability to new workloads deployed. To learn about the new extensions, use cases, and deployment sequence, see this blog.

Additional Network Routing Support – This new capability allows network admins to dynamically extend routing for new workload VCNs, without modifying any existing shared infrastructure. Whether the need is for public internet access or secure on-premises connectivity, the Core LZ now automates DRG attachments, route table updates, and CIDR discovery for any additional networks post-deployment. This enables consistent hub-and-spoke routing and centralized governance, while giving workload teams the flexibility to scale quickly to deploy as many VCNs as they need. 

To use the OCI Core landing zone and try these new features, visit GitHub:  
https://github.com/oci-landing-zones/terraform-oci-core-landingzone   

Watch this webinar recording for an overview of the capabilities of OCI Core landing zone and the underlying landing zone framework,