d-bis/smom-dbis-138
4
0
Fork 0
Code Issues Pull Requests Actions 5 Packages Projects Releases Wiki Activity
Files
main
smom-dbis-138/docs/deployment/CLOUD_FOR_SOVEREIGNTY_LANDING_ZONE.md

179 lines
4.8 KiB
Markdown
Raw Permalink Normal View History

Add Oracle Aggregator and CCIP Integration - Introduced Aggregator.sol for Chainlink-compatible oracle functionality, including round-based updates and access control. - Added OracleWithCCIP.sol to extend Aggregator with CCIP cross-chain messaging capabilities. - Created .gitmodules to include OpenZeppelin contracts as a submodule. - Developed a comprehensive deployment guide in NEXT_STEPS_COMPLETE_GUIDE.md for Phase 2 and smart contract deployment. - Implemented Vite configuration for the orchestration portal, supporting both Vue and React frameworks. - Added server-side logic for the Multi-Cloud Orchestration Portal, including API endpoints for environment management and monitoring. - Created scripts for resource import and usage validation across non-US regions. - Added tests for CCIP error handling and integration to ensure robust functionality. - Included various new files and directories for the orchestration portal and deployment scripts.
2025-12-12 14:57:48 -08:00
# Cloud for Sovereignty Landing Zone - Multi-Region Architecture
## Overview
This document outlines the Well-Architected Framework implementation for a Cloud for Sovereignty landing zone across all Azure commercial Non-US regions.
## Architecture Principles
1. **Data Sovereignty**: Data remains within specified regions
2. **Compliance**: Meets regional regulatory requirements
3. **Resilience**: Multi-region deployment for high availability
4. **Scalability**: Supports growth across regions
5. **Cost Optimization**: Efficient resource utilization
## Management Group Structure
```
Root Management Group
└── Landing Zones (Landing Zones)
├── Platform (Platform)
│ ├── Management (Management)
│ ├── Connectivity (Connectivity)
│ └── Identity (Identity)
└── Workloads (Workloads)
├── Production (Production)
├── Non-Production (Non-Production)
└── Sandbox (Sandbox)
```
## Non-US Commercial Regions
### Europe
- Belgium Central (belgiumcentral)
- France Central (francecentral)
- France South (francesouth)
- Germany North (germanynorth)
- Germany West Central (germanywestcentral)
- Italy North (italynorth)
- Netherlands (northeurope)
- Norway East (norwayeast)
- Norway West (norwaywest)
- Poland Central (polandcentral)
- Spain Central (spaincentral)
- Sweden Central (swedencentral)
- Switzerland North (switzerlandnorth)
- Switzerland West (switzerlandwest)
- UK South (uksouth)
- UK West (ukwest)
- West Europe (westeurope)
### Asia Pacific
- Australia East (australiaeast)
- Australia Southeast (australiasoutheast)
- China East (chinaeast)
- China North (chinanorth)
- East Asia (eastasia)
- India Central (centralindia)
- India South (southindia)
- India West (westindia)
- Indonesia Central (indonesiacentral)
- Japan East (japaneast)
- Japan West (japanwest)
- Korea Central (koreacentral)
- Korea South (koreasouth)
- Malaysia West (malaysiawest)
- New Zealand North (newzealandnorth)
- Southeast Asia (southeastasia)
### Middle East & Africa
- Israel Central (israelcentral)
- Qatar Central (qatarcentral)
- South Africa North (southafricanorth)
- South Africa West (southafricawest)
- UAE Central (uaecentral)
- UAE North (uaenorth)
### Americas (Non-US)
- Brazil South (brazilsouth)
- Brazil Southeast (brazilsoutheast)
- Canada Central (canadacentral)
- Canada East (canadaeast)
- Chile Central (chilecentral)
- Mexico Central (mexicocentral)
## Resource Organization
### Per-Region Structure
Each region follows the Well-Architected Framework structure:
```
{cloud}-{env}-{region}-rg-{type}-{instance}
```
Example: `az-p-we-rg-comp-001` (Azure, Production, West Europe, Resource Group, Compute, Instance 001)
### Resource Group Types
- **Network** (`rg-net-001`): Virtual networks, subnets, NSGs, Application Gateways
- **Compute** (`rg-comp-001`): AKS clusters, VMs, Container Instances
- **Storage** (`rg-stor-001`): Storage accounts, backups
- **Security** (`rg-sec-001`): Key Vaults, Security Centers
- **Monitoring** (`rg-mon-001`): Log Analytics, Application Insights
- **Identity** (`rg-id-001`): Managed identities, Azure AD resources
- **Terraform State** (`rg-tfstate-001`): State storage
## Deployment Strategy
### Phase 1: Foundation
1. Management Group hierarchy
2. Subscription organization
3. Policy definitions and assignments
4. Role-based access control (RBAC)
### Phase 2: Core Infrastructure (Per Region)
1. Resource Groups (all types)
2. Virtual Networks and connectivity
3. Key Vaults
4. Log Analytics Workspaces
5. Storage accounts
### Phase 3: Compute Resources (Per Region)
1. AKS clusters
2. Node pools (validators, sentries, RPC)
3. Container registries
### Phase 4: Application Deployment
1. Besu network components
2. Monitoring stack
3. Application gateways
4. Load balancers
## Compliance & Sovereignty
### Data Residency
- All data stored within specified region
- No cross-region data replication (unless explicitly configured)
- Regional compliance certifications
### Security
- Regional Key Vaults
- Regional identity providers
- Network isolation per region
- Regional monitoring and logging
## Cost Management
### Tagging Strategy
- Environment: prod, dev, test, staging
- Region: region code
- CostCenter: Blockchain
- Project: DeFi Oracle Meta Mainnet
- ManagedBy: Terraform
### Budgets
- Per-region budgets
- Per-environment budgets
- Alert thresholds
## Monitoring & Governance
### Centralized Monitoring
- Log Analytics Workspaces per region
- Centralized dashboard
- Cross-region metrics aggregation
### Policy Enforcement
- Naming conventions
- Resource location restrictions
- Tag requirements
- SKU restrictions
## Next Steps
1. Create management group structure
2. Create subscription structure
3. Deploy foundation resources
4. Deploy per-region infrastructure
5. Deploy application components
6. Configure monitoring and governance
Reference in New Issue Copy Permalink