FSI landing zone architecture
The Financial Services Industry (FSI) landing zone includes a management group hierarchy along with common platform resources to facilitate networking, logging, and managed service identities. Application workloads and subscriptions are provisioned into the following default landing zones, depending on their intended purposes:
- Corp: Non-internet facing, nonconfidential workloads
- Online: Internet facing, nonconfidential workloads
- Confidential Corp: Non-internet facing, confidential workloads (only allows confidential computing resources to be used)
- Confidential Online: Internet facing, confidential workloads (only allows confidential computing resources to be used)
The assigned policies in each of the landing zones support the behavior and connectivity profiles of the workloads deployed.
You can deploy a landing zone under the tenant root group in Azure or to an arbitrary child management group. The landing zone can support brownfield deployments, greenfield deployments, and multiple FSI landing zone deployments within the same tenant based on your requirements.
