Introducing Oracle Enterprise Landing Zone v2

March 6, 2023 | 7 minute read
Fabio Bonisoli
Sr. Principal Product Manager
Text Size 100%:

For the past year, Oracle Enterprise Landing Zone v1 has enabled customers like you to rapidly onboard workloads to OCI using industry and Oracle best practice guidance. Building on the success of the Oracle Enterprise Landing Zone v1 (OELZv1), OCI has just released Oracle Enterprise Landing Zone v2 (OELZv2), which provides an updated experience with new and existing features, built on top of a new modular design to scale efficiently as your environment grows. 

Some common use cases for Oracle Enterprise Landing Zone v2 include support to:

  • Create a landing zone to connect to other clouds, such as Microsoft Azure, as part of Oracle’s distributed clouds strategy.
  • Help with compliance objectives such as CIS Benchmarks 1.2 with the new a set of OCI pre-built policies and guardrails.
  • Automate the creation of new accounts, users, and resources on OCI, making it easier to scale the cloud infrastructure as your organization grows.

Oracle Enterprise Landing Zone v2 enables the following benefits:

  • Accelerated time to value:  Automates the ability to use Oracle best practices to help secure the cloud environment and comply with industry standards such as CIS Benchmarks 1.2.
  • Prescriptive: Contains both OCI and industry best practices guidance.
  • More out-of-the-box controls: Includes a set of built-in security controls, such as network segmentation and identity and access management (IAM) policies, that help address security for your OCI environment.
  • Enhanced governance: Provides a set of pre-built policies and guardrails that help address compliance requirements such as CIS OCI Benchmarks 1.2 and make it easier to manage and audit the OCI environment.
  • Reduce complexity: Provides deployment templates that help eliminate the need to invest a long time to determine security best practices to deploy to a public cloud.
  • Automation: Minimizes engineering overhead using the infrastructure-as-code (IaC) approach, which is inherent to landing zones and enables repeatable and stable environments. The automated repeatability helps reduce the risk of manual error and enables easier scaling of multiple landing zones.

So, what's new?

Oracle Enterprise Landing Zone v2 provides numerous updates while also maintaining existing features that are crucial to our customers’ continued success with OCI onboarding.

Here are the v1 features that are also present in this new landing zone:

OELZ v1 Features and Services

Associated Service


CIS Benchmarks 1.1

This applies to all adhering services

Helps customers adhere to CIS Benchmark controls Level 1.

Federating with Microsoft Azure Active Directory


Describes how to federate with Microsoft Azure Active Directory using Microsoft Active Federation Services (AD FS).

OCI Bastion


Provide restricted and time-limited secure access to resources that don't have public endpoints and require strict resource access controls.

Oracle Cloud Guard


Detects misconfigured resources, insecure activity across tenants, and malicious threat activities and provides security administrators with the visibility to triage and resolve cloud security issues.

OCI Vulnerability Scanning Service


Helps eliminate risk from new, unpatched vulnerabilities and open ports by assessing and monitoring cloud instances.

OCI Vault


Centrally manage and maintain control of the encryption keys that protect enterprise data and the secret credentials used to securely access key vault resources.



Sets soft limits on your Oracle Cloud Infrastructure spending.



Allows you to add metadata to resources, which enables you to define keys and values and associate them with resources.

Now to the good part – what’s new in Oracle Enterprise Landing Zone v2?

Oracle Enterprise Landing Zone v2 has all the features present in OELZ v1 and, in addition, now supports:

OELZ v2 Features and Services

Associated Service




Provides a new stack that offers compartment designs for Prod, Dev/Test/UAT. This allows customers to have isolated environments.

Hub & Spoke Networking


Allows users to segment their environment on a network layer by having one-to-many relationships between the hub and spoke networks.

Identity Domains 

Identity, Compartments

Separates production and non-production environments on an Identity layer allowing customers to isolate different user personas.

CIS Benchmarks 1.2


Is compliant with CIS Benchmark 1.2 Level 1.

Modular Design


Makes it easier to customize, deploy in modular chunks.

Oracle Enterprise Landing Zone Architecture

Following are the newest components of the Oracle Enterprise Landing Zone v2:

  • Tenancy: The root of the OCI environment, which is the highest level of organization in the OCI environment. A tenancy contains one or more compartments, and all resources in the OCI environment belong to a tenancy.
  • Compartments: Logical groupings of resources within a tenancy. Compartments provide a way to organize and isolate resources in your environment. Resources within a compartment are isolated from resources in other compartments.
  • OCI IAM: Enables you to securely manage users, groups, and policies in your OCI environment. This includes creating and managing users, groups, and policies, as well as managing access to resources.
  • Virtual Cloud Network (VCN): A virtual version of a traditional network that you can use to connect your on-premises infrastructure to the Oracle Cloud. It provides an isolated, private network space in the Oracle Cloud where you can launch your resources.
  • Security Lists and Network Security Groups (NSGs): These are the firewalls that help protect your VCN. Security Lists and NSGs give you granular control over inbound and outbound traffic.
  • Dynamic Routing Gateway (DRG): The DRG is a virtual router that provides a path for private network traffic between a VCN and a network outside the region, such as a VCN in another Oracle Cloud Infrastructure region, an on-premises network, or a network in another cloud provider.
  • DRG Attachment: This enables you to create a direct network connection between VCNs through a DRG so that resources in one VCN can communicate with resources in another VCN using the Hub & Spoke Architecture.
  • Security Automation: This includes a set of pre-built security controls, policies, and guardrails that help to ensure that your OCI environment is secure and compliant with industry standards.
  • Automation Tools: This includes Terraform, a popular infrastructure-as-code (IaC) tool, for automating the creation of new accounts, users, and resources on OCI.

These are the main components of Oracle Enterprise Landing Zone v2. The components and configuration may vary depending on your use case and requirements. The following diagram illustrates an Oracle Enterprise Landing Zone v2 reference architecture. 

Enterprise Scale Baseline Landing Zone v2 architecture


Try it today

Now that you have had a small taste of the capabilities and features that will be part of Oracle Enterprise Landing Zone v2, go to the repository and start using it.



Fabio Bonisoli

Sr. Principal Product Manager

Previous Post

Self-patching Autonomous Linux 8 can help increase security, availability, and performance

Julie Wong | 3 min read

Next Post

Discover what's new in OpenSearch 2.3 and upgrade today!

Jim Battenberg | 4 min read