Updated on 2025-05-07 GMT+08:00

Overall Architecture

We provide the following Landing Zone reference architecture based on Huawei Cloud's practices and extensive delivery experience. This architecture involves nine domains: organization and account management, identity and permissions management, centralized network management, resource sharing management, unified security management, unified compliance audit, unified O&M management, unified financial management, and data perimeters.

Figure 1 Landing Zone reference architecture

The resources of the nine domains are managed by specific accounts. For example, organization and account management is implemented in the master account (management account), and centralized network management is implemented in the network operations account. The following table lists the accounts for these domains.

Table 1 Domains and corresponding accounts

Domain

Account

Organization and account management

Master account (management account)

Identity and permissions management

Master account (management account)

Centralized network management

Network operations account

Resource sharing management

Public service account

Unified security management

Security operations account

Unified compliance audit

Security operations account and logging account

Unified O&M management

O&M monitoring account

Unified financial management

Master account (management account)

Data perimeters

Master account (management account) and sandbox account (used to test various control policies)

The previous sections detailed the design of organizations and accounts. The following sections will describe the designs of the other eight domains.