Hi everyone, this is Srinivas Rautumala, I'm a senior customer engineer helping customers in the cloud journey. I'm here to talk about Azure landing zone and how it benefits the organizations. Azure landing zone is a key element for a successful cloud adoption journey, as it establishes the platform competence and helps organizations successfully migrate and innovate in the cloud, whether the organizations are building a cloud native applications or building applications for Azure virtual machines. Azure landing zone lets organization build a strong foundation. Without any delay, let's jump into the topic. Before we dive deeper into the Azure landing zone itself, we need to understand where does the landing zone stand in the cloud journey. Cloud Adoption Framework is a Microsoft best practice guidance for organizations looking to migrate, modernize, and optimize their cloud environments on Azure. The CAF has been divided into several phases, such as define strategy, plan, ready. adopt, govern, manage, and secure. The first is defined strategy. It's about defining the business objectives and justification for moving to Azure. it's about aligning cloud investments with business goals. In the plan phase, organizations will be assessing the current IT landscape and workload dependencies. In the ready Organizations are preparing the Azure learning zone, establishing a subscription model, and configuring policies. This is, the phase in cloud adoption framework where we are going to dive deeper today. Migrate phase is about, executing migration plans using tools like Azure Migrate, Azure Site Recovery, and Database Migration Service. Governance is about establishing a governance framework using Azure Policy and Azure Blueprints. And in managed organizations needs to implement tools like Azure Monitor, Azure Log Analytics, Workspace, Application Insights for proactive monitoring. Last but not the least is secure. Security is a very important in the cloud journey. It's about identifying security and compliance requirements, deploying cloud posture management tools like different cloud and same tools like Sentinel to keep the environment secure. Why do we need a learning zone? It's important to have a strong foundation when we are building the infrastructure, for example, like building a house or a bridge or a stadium. The same logic applies to building the cloud infrastructure. The strong foundation will enable organizations to build a secure, scalable, and a well governed cloud environment that accelerates deployment while ensuring compliance, security, and best practices for The enterprise workloads. What is Azure Learning Zone? Azure Learning Zone is a conceptual architecture, which the organization used to build their Learning Zone. This will make the organization more agile, and the Learning Zone architecture will help them grow their footprint in Azure with ease. Learning Zone will also enable them embrace automation and integration with ease. Key benefits of the Learning Zone is agility, scalability, and it's secure. So this is a very, common topic and a very important, discussion we have with the customers, whether they need a single subscription versus a multiple subscription. Organizations often, go with multiple subscription to avoid a per subscription resource limit and to better manage and govern their Azure resources. It's important to define a strategy for, scaling your, applications, in the subscriptions. Subscriptions have defined limit for some resource types. For example, the number of virtual networks in a subscription is limited. When a subscription approaches these limits, organizations have to create another subscription and put additional resources there. Azure Management Groups are top level containers in Azure hierarchy that helps organizations manage access and policies and compliance across multiple subscriptions. We can segregate the workloads using the management group like what you're seeing in the picture that's on the right. Based on environments such as, prod, pre prod, development, QA, etc. We can apply these policies based on different environments at the management group level, so we don't have to manage the subscription individually. Also, applying the RBAC policies is much easier when we have such a management model. so we can control who has access to which resources. Let's look at the key challenges when working with our customers and partners, where we have received the feedback on some challenges they face. When starting with Azure, customers are being accustomed to a traditional IT architecture. The cloud model can get lost in the translation between the technology concepts and security models. On the top of the architectural challenges, there are challenges with operating models. Traditional delivery and management of IT services is not compatible with the cloud operating models. Lastly, our customers and partners have desired for control of their cloud environment and compliant platform that generates trust. What you are seeing here is the Azure landing zone conceptual architecture, which shows what are the things the organization might have to be deploying in the landing zone architecture. Not all, not all organizations might need this big of a design. Depending on the size of the organization, we can simplify this a bit. On the top, it starts with, the identity, which is also, called a secure tenant. The organization then, will be creating different management groups, underneath the tenants, and, they are the logical containers for separating different, workloads. First, we start with the root group. What you're seeing here. And, then we create, management groups underneath it. Such as the platform, learning zone, and the sandbox containers. Under the platform, we have identity, management, and connectivity. Under the learning zone, different departments will be creating their own workloads, for deploying their resources in Azure. Each container, under the platform such as, Identity has its resources related to Identity, gets deployed under the Identity subscription. Let's say an organization is having Active Directory servers, they'll be, deploying that Active Directory servers under the Identity subscription, which you're seeing on the left. Under the Management subscription, resources are, resources such as, Log Analytics, Azure Policies are, gets deployed. And in the connectivity subscription as well. you are deploying the network resources such as, VPN Express Route and this, connectivity, subscription will become the hub for your network. Organization might also follow different approaches, to get, to get to the end State organization might, be of different sizes. Organization might be building just a platform subscription. And under the platform subscription, they will, they might be deploying all the identity management and network resources underneath it because they are very small. They might also build a couple of learning zones for their workloads. And some of the customers might have hundreds of subscriptions, for different departments, which who might follow this, the conceptual model lasses. So these are the different stages that the customer might be in the cloud journey. First is the start stage. The customers are brand new. They are, they want to move towards an accelerator architecture with landing zone accelerator, which I'm going to dive deeper into this in the latest slide. Organization might be in the align stage. Organization have built their design. but they would like to align with the best practices. The organization can review the design areas and assess what parts need to be improved. In the enhanced stage, customers might, like to enhance their enterprise case landing zone with some tweaking. Let's say they would like to build a better governance or even make it more secure. Let's start on the cloud journey by looking at our Greenfield deployment. The term Greenfield means the organization don't have anything running in Azure, and they are planning to migrate their workloads into Azure. Are they going to build their workloads from scratch? Some organization might have, might be doing some testing, in Azure, but they don't have a production, any workloads running in Azure yet. If the organizations are in this phase, it is much easier for them to build a landing zone from scratch. How are they going to build a landing zone? We have, we offer several options. which we are going to see in the next slide. Azure Learning Zone Accelerator are, so Azure Learning Zone Accelerator are a ready made deployment experience for organizations where conceptual architecture, fits in with the operating model and resource structure they are planning to use. Organizations can choose, the design which which they want to deploy using the Azure portal based deployment to provide full implementation of the conceptual architecture using that portal based interface. let's look at in detail how to deploy, the landing zone accelerator. Organization can use the portal based, accelerator which you are seeing at the top to deploy the landing zone. Organization can also use ARM template, Bicep, Terraform to build a landing zone design. On top of this, partners can build organizations, sorry, partners can help organizations, in building the learning zone through automation. The term brownfield, means they're already running their workloads, organizations are running their workloads in the cloud, but they would like to make changes, since they have, their requirements have changed over the period of time. Let's say they built their learning zone with only 10 applications in mind. Now they are expanding their portfolio to 100 and like to make changes so that they can run those 100 workloads without any challenge, without any challenges. Let's look at what are the common approaches in learning zone implementation look like. Organizations seek to align with the target state, target state architecture by looking at our client structural alliance architecture, which we discussed earlier and come up with tweaks to align with our best practices. Some of the areas they can focus on is implementing Azure policies for better governance, building management groups, hierarchy, implementing ad backed policies, enhanced network architecture, and centralizing the security model. Alignment might involve such as moving resources between subscriptions or building more subscription to implement the required best practices. In the enhanced stage, organizations have already built an enterprise scale landing zones and are liking to make few changes to the landing zone architecture to make it even better. The areas they can focus on is governance, management, and security. They would like to define a business risk. and convert those risks into policies, monitor violations, and remediate them. The organization can use the security tools, such as, to reduce the security risk and ensure they are prepared for any security incidents if they were to occur. I would like to summarize what we, what we discussed today. First, I talked about, the cloud adoption framework and its importance in the cloud journey. Where does the landing zone fit under the CAF framework? We also looked at the Azure landing zone conceptual architecture and how does the design of each components, such as the management groups, and various subscriptions. We looked at the landing zone deployments options such as, portal, deployment to portal, ARM, Bicep, Terraform options to build landing zone architecture. I also discussed about various stages the organization might be in, in the cloud journey based on how they have to build or tweak their learning zone architecture. Thank you very much. I hope you got a good idea about the learning zone and its importance. Thank you.