LZiaB Overview
Page Contents
What is LZiaB
LZiaB is our reusable some-org Landing Zone-in-a-Box. It is a GCP-based platform, intended for the hosting of cloud-native applications, off-the-shelf products, packages, and as a migration target for existing VM-based on-prem workloads. These workloads can be Internet-facing, internally-facing, or both.
Motivation for LZiaB
Google Cloud Platform offers hundreds of services. There are a staggering number of permutations as to how these services can be deployed. Uncontrolled deployment of such services leads to:
- Project sprawl.
- Solutions with different compliance postures.
- Unnecessary complexity.
- Reinvention of common solutions, with associated engineering overhead.
- A lack of repeatability.
- Solutions that are far from cost optimal.
- Solutions that are unmanaged.
- A lack of visibility of what has been deployed (leading to further “cloud sprawl” and shadow IT).
- A lack of common access control.
LZiaB wraps these standard Google Cloud services with:
- A landing zone and (Google) project factory, providing a repeatable and consistent way to deploy cloud services, using standardised tools, monitoring, preferred patterns, and repeatable infrastructure-as-code.
- Default security policies, to meet the enterprise needs of some-org.
- Enforced use of automation, to prevent configuration drift and inconsistency, and to ensure agility.
- Private, SLA-backed high bandwidth, low latency connectivity to on-premises data centre networks, for use cases that need it. (E.g. for routine high volume data transfer.)
- Identity and access management that is integrated with our existing on-prem master identity provider, Active Directory.
- Pre-designed and validated DR capability and patterns. Google’s London region is used for ‘primary’ environments, with Netherlands as the ‘DR’ region.
- A standardised, centralised approach to billing and cost attribution.
- A standardised, centralised approach to operational support.
- Policy-enforced standardised CIS-compliant operating system images.
- Standardised automation to create single-tenant and multi-tenant Kubernetes environments, for workloads and packages that can run in containers.