1fb7266469
- Introduced Aggregator.sol for Chainlink-compatible oracle functionality, including round-based updates and access control. - Added OracleWithCCIP.sol to extend Aggregator with CCIP cross-chain messaging capabilities. - Created .gitmodules to include OpenZeppelin contracts as a submodule. - Developed a comprehensive deployment guide in NEXT_STEPS_COMPLETE_GUIDE.md for Phase 2 and smart contract deployment. - Implemented Vite configuration for the orchestration portal, supporting both Vue and React frameworks. - Added server-side logic for the Multi-Cloud Orchestration Portal, including API endpoints for environment management and monitoring. - Created scripts for resource import and usage validation across non-US regions. - Added tests for CCIP error handling and integration to ensure robust functionality. - Included various new files and directories for the orchestration portal and deployment scripts.
4.8 KiB
4.8 KiB
Cloud for Sovereignty Landing Zone - Multi-Region Architecture
Overview
This document outlines the Well-Architected Framework implementation for a Cloud for Sovereignty landing zone across all Azure commercial Non-US regions.
Architecture Principles
- Data Sovereignty: Data remains within specified regions
- Compliance: Meets regional regulatory requirements
- Resilience: Multi-region deployment for high availability
- Scalability: Supports growth across regions
- Cost Optimization: Efficient resource utilization
Management Group Structure
Root Management Group
└── Landing Zones (Landing Zones)
├── Platform (Platform)
│ ├── Management (Management)
│ ├── Connectivity (Connectivity)
│ └── Identity (Identity)
└── Workloads (Workloads)
├── Production (Production)
├── Non-Production (Non-Production)
└── Sandbox (Sandbox)
Non-US Commercial Regions
Europe
- Belgium Central (belgiumcentral)
- France Central (francecentral)
- France South (francesouth)
- Germany North (germanynorth)
- Germany West Central (germanywestcentral)
- Italy North (italynorth)
- Netherlands (northeurope)
- Norway East (norwayeast)
- Norway West (norwaywest)
- Poland Central (polandcentral)
- Spain Central (spaincentral)
- Sweden Central (swedencentral)
- Switzerland North (switzerlandnorth)
- Switzerland West (switzerlandwest)
- UK South (uksouth)
- UK West (ukwest)
- West Europe (westeurope)
Asia Pacific
- Australia East (australiaeast)
- Australia Southeast (australiasoutheast)
- China East (chinaeast)
- China North (chinanorth)
- East Asia (eastasia)
- India Central (centralindia)
- India South (southindia)
- India West (westindia)
- Indonesia Central (indonesiacentral)
- Japan East (japaneast)
- Japan West (japanwest)
- Korea Central (koreacentral)
- Korea South (koreasouth)
- Malaysia West (malaysiawest)
- New Zealand North (newzealandnorth)
- Southeast Asia (southeastasia)
Middle East & Africa
- Israel Central (israelcentral)
- Qatar Central (qatarcentral)
- South Africa North (southafricanorth)
- South Africa West (southafricawest)
- UAE Central (uaecentral)
- UAE North (uaenorth)
Americas (Non-US)
- Brazil South (brazilsouth)
- Brazil Southeast (brazilsoutheast)
- Canada Central (canadacentral)
- Canada East (canadaeast)
- Chile Central (chilecentral)
- Mexico Central (mexicocentral)
Resource Organization
Per-Region Structure
Each region follows the Well-Architected Framework structure:
{cloud}-{env}-{region}-rg-{type}-{instance}
Example: az-p-we-rg-comp-001 (Azure, Production, West Europe, Resource Group, Compute, Instance 001)
Resource Group Types
- Network (
rg-net-001): Virtual networks, subnets, NSGs, Application Gateways - Compute (
rg-comp-001): AKS clusters, VMs, Container Instances - Storage (
rg-stor-001): Storage accounts, backups - Security (
rg-sec-001): Key Vaults, Security Centers - Monitoring (
rg-mon-001): Log Analytics, Application Insights - Identity (
rg-id-001): Managed identities, Azure AD resources - Terraform State (
rg-tfstate-001): State storage
Deployment Strategy
Phase 1: Foundation
- Management Group hierarchy
- Subscription organization
- Policy definitions and assignments
- Role-based access control (RBAC)
Phase 2: Core Infrastructure (Per Region)
- Resource Groups (all types)
- Virtual Networks and connectivity
- Key Vaults
- Log Analytics Workspaces
- Storage accounts
Phase 3: Compute Resources (Per Region)
- AKS clusters
- Node pools (validators, sentries, RPC)
- Container registries
Phase 4: Application Deployment
- Besu network components
- Monitoring stack
- Application gateways
- Load balancers
Compliance & Sovereignty
Data Residency
- All data stored within specified region
- No cross-region data replication (unless explicitly configured)
- Regional compliance certifications
Security
- Regional Key Vaults
- Regional identity providers
- Network isolation per region
- Regional monitoring and logging
Cost Management
Tagging Strategy
- Environment: prod, dev, test, staging
- Region: region code
- CostCenter: Blockchain
- Project: DeFi Oracle Meta Mainnet
- ManagedBy: Terraform
Budgets
- Per-region budgets
- Per-environment budgets
- Alert thresholds
Monitoring & Governance
Centralized Monitoring
- Log Analytics Workspaces per region
- Centralized dashboard
- Cross-region metrics aggregation
Policy Enforcement
- Naming conventions
- Resource location restrictions
- Tag requirements
- SKU restrictions
Next Steps
- Create management group structure
- Create subscription structure
- Deploy foundation resources
- Deploy per-region infrastructure
- Deploy application components
- Configure monitoring and governance