Landing Zone Design
This page:
Introduces the concept of a landing zone, why you need one, and the considerations that influence a landing zone's design.
Helps you design a starter landing zone that gives prescriptive guidance on:
How your teams can implement Atlas in accordance with both the Well-Architected Framework pillars and your organization's unique requirements.
How Atlas fits into your organization's larger ecosystem and architecture.
MongoDB's Professional Services team partners with enterprise customers to create custom landing zones for Atlas. If you're working with MongoDB's Professional Services, the resources on this page can also help you plan for those discussions.
Landing Zone Overview
What Is A Landing Zone?
A landing zone is a framework for establishing a well-architected and pre-configured cloud environment for Atlas that conforms to your organization's unique requirements across security, compliance, and governance. A landing zone is often a prerequisite for enterprises to move workloads to the cloud, and it is often provisioned programmatically using an API or tools like Terraform.
An Atlas landing zone defines the default, minimum, and maximum settings that teams use to deploy workloads in Atlas. A landing zone also defines the tools and settings that teams should leverage in order to integrate systems with Atlas and their applications connecting to Atlas.
Why Do You Need a Landing Zone?
Establishing a landing zone gives you confidence that every workload your team deploys aligns with your requirements around security, performance, reliability, operational efficiency, and cost optimization. Designing and sharing out a landing zone helps ensure alignment across all teams and stakeholders on how your organization will work in Atlas, and it prevents developers on all of your teams following different standards.
What Are Some Important Landing Zone Considerations?
Consider the following organization-specific requirements when you create a landing zone:
Consideration | Description |
|---|---|
System Hierarchy Requirements | Identify how you will group database clusters for management and isolation. For example, clarify how your team should arrange Atlas organizations, projects, and clusters. To get recommendations and learn more about this topic, see Guidance for Atlas Orgs, Projects, and Clusters. |
Access Controls | Identify MongoDB Atlas Control Plane access controls, and database access controls for both workload and workforce principals. Create a comprehensive list of principals and mechanisms for how you will authenticate and authorize. Define Atlas API key policies, including authorizations and internal policies for key rotation. To get recommendations and learn more about this topic, see Guidance for Atlas Authorization and Authentication. |
Change Control and Auditability Requirements | Clarify any change control or audit controls requirements. This can include change approval processes and tools, along with reporting guidelines. To get recommendations and learn more about this topic, see Guidance for Atlas Auditing and Logging. |
Data Residency Requirements | Identify data residency requirements, such as data sovereignty requirements, or application data partitioning rules. |
Network Topology Requirements | Identify network topology requirements, including Cloud Provider regions, private connectivity options, and application deployment topology. To get recommendations and learn more about this topic, see Guidance for Atlas Network Security. |
High Availability Requirements | Identify high availability requirements such as cluster topology with node count and priority per region, global write requirements, and partitioning tolerances. To get recommendations and learn more about this topic, see Guidance for Atlas High Availability. |
Data Retention Requirements | Identify and record your data retention policies. This may require creating a classification for automation, including creation of archive or purge automation. In some cases, data must be preserved for a certain duration, whereas in other cases data must be purged after some duration. Identify performance characteristics of retrieval of archived records. |
Disaster Recovery Requirements | Identify all disaster recovery requirements, including:
To get recommendations and learn more about this topic, see Guidance for Atlas Disaster Recovery and Guidance for Atlas Backups. |
Observability Requirements | Identify requirements for external system integrations that you use for observability, such as ingestion of Atlas log files, activity feed data, audit logs, alerts, and metrics. Identify required alert events, thresholds, recipients, and alert delivery mechanism(s). To get recommendations and learn more about this topic, see Guidance for Atlas Monitoring and Alerts. |
Security | Identify and define any specific security requirements, including requirements for encryption, network security, authentication, and authorization. Consider integration requirements with Security Information and Event Management (SIEM) systems. To get recommendations and learn more about this topic, see the following resources: |
Legal and Compliance Requirements | Identify and define any specific legal or compliance requirements not clearly articulated within other requirements definitions. To learn more about compliance, see Features for Compliance with External Standards. |
Maintenance Requirements | Identify whether you have any specific requirements regarding Maintenance windows or upgrade deferments. |
Backup Snapshot Requirements | Identify all backup snapshot requirements, including:
To get recommendations and learn more about this topic, see Guidance for Atlas Backups. |
Billing Requirements | Identify any specific requirements to billing, such as integrations with FinOps tools for reporting and charge-back. You can build these requirements into the automation and provisioning process for Atlas clusters to facilitate this integration. To get recommendations and learn more about this topic, see Features for Atlas Billing Data. |
Finally, prioritize requirements based on their importance and impact.
Design Your Landing Zone
Use the following resources to design an Atlas landing zone. We recommend that you compile all diagrams, recommendations, and examples in a document and adjust them to meet your organization's requirements.
Designing a landing zone is an iterative process that involves reviewing and aligning based on the best path forward for integration to satisfy requirements. The following resources provide a starting point to begin your organization's first Atlas landing zone.
Example Landing Zone Diagram
The following example diagram unifies many of the architectural diagrams across the Atlas Architecture Center in one image to visualize your landing zone. You can adjust it as needed to customize it for your organization.
Information In The Atlas Architecture Center
To begin, copy the relevant guidance and examples in Guidance for Atlas Orgs, Projects, and Clusters, which helps you create your first foundational components in Atlas.
Then, review the guidance and examples for each of the pages nested under each Well-Architected Framework pillar in the Atlas Architecture Center. Copy the diagrams, recommendations, tools, and examples that are relevant for your organization.
See Terraform examples to enforce our Staging/Prod recommendations across all pillars in one place in Github.
The Atlas Architecture Center pages include:
Operational Efficiency
Security
Reliability
Performance
Cost Optimization
Your Organization's Requirements
Adjust the example landing zone diagram, recommendations, and examples that you copied from the Atlas Architecture Center to fit your organization's specific requirements. For example, if you use only Google Cloud as a cloud provider, your landing zone should specify that requirement and you should exclude any recommendations and examples applicable only to AWS and Azure.
To identify more considerations and requirements specific to your organization, see the previous section on Landing Zone Considerations.
Next Steps
See the Guidance for Atlas Orgs, Projects, and Clusters page to learn about the building blocks of your Atlas enterprise estate or use the left navigation to find features and best practices for each Well-Architected Framework pillar.