Infrastructure Landing Zone - Service Offer

Introduction & wording

The infrastructure landing zone service has changed its naming several times during the last year. The reading of the following release note may be complex…

Some insights:

• C2 / C3 means a thales security classification about confidentiality.
• Azure Hardened Subscriptions (AHE) is the initial name of the c3 subscription at the beginning of the project
• Discover / Innovate / Industrialized means the service type. This impacts the pricing and the list of the available features
• Prod / nonProduction is an option for any landing zone to reduce the azure consumption price by removing the principles of SLA.

Current wording:

TrustNest Cloud service provides an infrastructure landing zone. This landing zone is based on an azure subscription with the “production” option enabled by default. This landing zone can be purchased as Discover, Innovate or Industrialized. As a consumer of TrustNest, you can host C2 data if you follow the Security Basic Stories provided by your local security team and C3 data if you pass an Information System Security Committee (ISSC) with Thales CISOs. Additional addon are available to enable advanced features such as Corporate, or Confidential.

Description

An infrastructure Landing Zone is a preconfigured cloud environment that accounts for scale, security, governance, networking, and identity. In terms of operating model, you’re the owner of the environment. It means you will be accountable of the security and the availability.

You can choose to use an Azure Landing Zone for the following use cases :

• Deploy a solution that needs Virtual Machines
• Deploy a IaaS Infrastructure in a secured environment and benefit from services like Monitoring, Patch Management, Antivirus, Vulnerability Management,…
• Migration of a Datacenter while keeping Network Connectivity with others Datacenters
• Deploy an AI solution with Azure PaaS services like Databricks, Datalake Storage,…
• Deploy Serverless architecture using services like Azure Functions
• Deploy Event Driven or IoT solutions (using Azure services like Event Hub, IoT Hub,…)

In some cases, it’s better to use other types of Trustnest Cloud Services:

• Host a container based application => Use instead our Managed Kubernetes Services - k8saas
• Host your own Software Factory => Use instead our Software Factory based on popular tools like Gitlab and Artifactory.
• Host your own Datalake => Use instead our Datalake
• Use only Azure Database Managed Services => Use instead our Managed Databases services

Service Offers

Discover

The Discover service offers the same features than the Innovate service. The main difference is on the billing: the fixed fees is free for the first 6 months if your environment does not exceed 500 EUR of azure consumption per month. Then, the offer will be switch to Innovate.

Innovate

The Innovate service is a standard offer.

Features available:

• Access to all Azure IaaS and Paas (for instance: azure virtual machines, virtual networks, cosmodb, azure data lake service)
• Standard security mechanisms imposed (for instance: limitation on administration ports to internet, antivirus deployment on virtual machines)
• Cyber Security Operating Center (CSOC) Monitoring on IaaS layer
• Basic Monitoring tooling (for instance: log & metrics collection & dashboarding)
• Trustnest infrastructure landing zones Role Base Access Control (RBAC) model (for instance: Tech Lead custom Role)
• Corporate addon can be enabled

Industrialized

The Industrialized service offers advanced features in addition to the innovate service.

Features available:

• Regroup multiple infrastructure landing zones within a single Business Zone
• Confidential addon can be enabled

Add-ons

Corporate add-on

For some reason, you may want to restrict the exposition of your environment to Thales RIE networks (and TNAP devices). To do so, you can ask during the creation to enable the corporate addon. If you are interested in, click on a Corporate Addon Page

Confidential add-on

Due to business constraints you may want to enable advanced encryption mechanisms on your infrastructure landing zone. (Doc coming soon…)

Release Note

Reading the Release Note is a good way to measure the reactivity and the velocity of a team. It shows also the main concerns of the engineering team behind the scene.

Detailed Release Note Page

Next Steps

How to request for an infrastructure environment?

Follow the form: here