Proofreading + Image addition + Index edition

Author: Y0Coss

pages/index.md

@@ -605,6 +605,7 @@
             + [Healthcare (HDS) compliance activation](public_cloud/public_cloud_cross_functional/activate-hds-certification)
         + [Migration](public-cloud-cross-functional-migration)
             + [Public Cloud IaaS Migration - Steps and Best Practices](public_cloud/public_cloud_cross_functional/iaas-migration-steps)
+            + [Architecture Reference - Building a Landing Zone with OVHcloud Public Cloud](public_cloud/public_cloud_cross_functional/landing_zone_migration)
         + [Tutorials](public-cloud-cross-functional-tutorials)
             + [How to use Terraform](public_cloud/public_cloud_cross_functional/how_to_use_terraform)
         + [Services management](public-cloud-cross-functional-services-management)

pages/public_cloud/public_cloud_cross_functional/landing_zone_migration/guide.en-gb.md

@@ -1,7 +1,7 @@
 ---
-title: "Architecture Reference: Building a Landing Zone with OVHcloud Public Cloud"
-excerpt: "A practical guide to designing a secure and scalable Landing Zone on OVHcloud Public Cloud, covering networking, IAM, backups, and more."
-updated: 2025-06-16
+title: "Architecture Reference - Building a Landing Zone with OVHcloud Public Cloud"
+excerpt: "A practical guide to design a secure and scalable Landing Zone on OVHcloud Public Cloud, covering networking, IAM, backups, and more."
+updated: 2025-07-24
 ---
 
 ## Objective
@@ -10,32 +10,32 @@ This guide helps OVHcloud Public Cloud users design and deploy a secure, scalabl
 
 It covers core networking setup (vRack, subnets, gateways, floating IPs), traffic management (load balancer), and security layers (firewall, WAAP, Bastion).
 
-It also includes guidance on infrastructure choices, IAM, backups, logging, private connectivity, and cost control—offering a clear foundation for production-ready cloud environments.
+It also includes guidance on infrastructure choices, IAM, backups, logging, private connectivity, and cost-control, offering a clear foundation for production-ready cloud environments.
 
 ## Requirements
 
 - Access to the [OVHcloud Control Panel](/links/manager).
 - [Setting OpenStack environment variables](/pages/public_cloud/public_cloud_cross_functional/loading_openstack_environment_variables).
 - Being familiar with [Terraform](/pages/public_cloud/public_cloud_cross_functional/how_to_use_terraform), if you intend using it.
-- Basic understanding of [cloud networking concepts](/links/public-cloud/network) (e.g., subnets, gateways, floating IPs).
+- Basic understanding of [cloud networking concepts](/links/public-cloud/network) (e.g., subnets, gateways, Floating IPs).
 
 ## Instructions
 
 To help you design a secure, scalable, and production-ready cloud foundation, the following diagram illustrates the key steps in building a Landing Zone on the OVHcloud Public Cloud:
 
-![Landing zone architecture diagram](images/landing_zone_architecuture.png)
+![Landing zone architecture diagram](images/landing_zone_architecture.png){.thumbnail}
 
-Each numbered step corresponds to a component or action in the setup process. Below is a detailed explanation for each:
+Each numbered step corresponds to a component or action in the setup process. Below are detailed explanations for each:
 
-0. vRack Setup
+### 0. vRack setup
 
 A vRack (Virtual Rack) is the foundational component that allows private networking between resources.
 
 When you create a Public Cloud project, OVHcloud automatically provisions a vRack for you. This virtual layer isolates your internal communication and enables secure interconnections between services (instances, databases, gateways, etc.) across regions and even between different OVHcloud services (Bare Metal, Hosted Private Cloud).
 
 You will use the vRack to attach all private subnets and connect public and private-facing services securely.
 
-1. Create a Private Subnet
+### 1. Create a private subnet
 
 Inside the vRack, define private subnets to segment your network. For example, you can have separate subnets for frontend, backend, databases, and bastions.
 
@@ -45,7 +45,7 @@ Inside the vRack, define private subnets to segment your network. For example, y
 
 Subnet creation is done from the OVHcloud Control Panel, via the OpenStack API, or using Terraform.
 
-2. Set Up a Gateway
+### 2. Set up a Gateway
 
 To enable outbound or cross-zone communication for your private subnet, set up a Network Gateway for Public Cloud. It acts as a NAT device to allow traffic from your private subnet to the internet or other public resources.
 
@@ -55,7 +55,7 @@ To enable outbound or cross-zone communication for your private subnet, set up a
 
 Follow [this guide](/pages/public_cloud/public_cloud_network_services/getting-started-02-create-private-network-gateway) to set up a gateway.
 
-3. Assign Floating IPs
+### 3. Assign Floating IPs
 
 A Floating IP is a public IP that you can attach to a resource (usually an instance or load balancer) within a private network.
 
@@ -65,9 +65,9 @@ Use cases include:
 - Public-facing applications hosted inside a private subnet
 - Failover and migration between zones
 
-Use floating IPs to expose selected private resources (e.g., instances, services) to the public internet securely. Follow [this guide](/pages/public_cloud/public_cloud_network_services/getting-started-03-attach-floating-ip-to-instance) to link a floating IP.
+Use Floating IPs to expose selected private resources (e.g., instances, services) to the public internet securely. Follow [this guide](/pages/public_cloud/public_cloud_network_services/getting-started-03-attach-floating-ip-to-instance) to link a Floating IP.
 
-4. Set Up a Load Balancer
+### 4. Set up a Load Balancer
 
 An OVHcloud Load Balancer lets you distribute traffic between multiple backend instances in different availability zones.
 
@@ -79,17 +79,17 @@ This is essential for creating highly available applications and distributing lo
 
 Follow [this guide](/pages/public_cloud/public_cloud_network_services/getting-started-01-create-lb-service) to set up and use a Load Balancer.
 
-5. Implement Firewall Rules
+### 5. Implement firewall rules
 
 Although OVHcloud doesn’t provide a built-in firewall-as-a-service, you can:
 
 - Use Security Groups on each instance (similar to AWS)
 - Deploy a third-party virtual firewall like Stormshield in your vRack
 - Firewall solutions should inspect north-south (ingress/egress) and east-west (internal) traffic where applicable.
 
-Follow [this guide](/pages/public_cloud/public_cloud_network_services/tutorial-stormshield_network_security_vrack) to set up and use a Stormshield Firewall.
+Follow [this guide](/pages/public_cloud/public_cloud_network_services/tutorial-stormshield_network_security_vrack) to set up and use a Stormshield firewall.
 
-6. Add WAAP Protection
+### 6. Add WAAP protection
 
 To protect your web and API applications, deploy a Web Application and API Protection (WAAP) service like Ubika.
 
@@ -99,7 +99,7 @@ To protect your web and API applications, deploy a Web Application and API Prote
 
 Follow [this guide](/pages/public_cloud/public_cloud_network_services/tutorial-ubika_vrack) to deploy a WAAP protection with Ubika.
 
-7. Configure a Bastion Host
+### 7. Configure a Bastion Host
 
 A Bastion is a secure access point to manage instances located in private subnets. OVHcloud provides a hardened, audited open-source bastion tool for this purpose.
 
@@ -111,7 +111,7 @@ Use it to:
 
 See [documentation about Bastion](https://ovh.github.io/the-bastion/index.html){.external} on our GitHub account.
 
-8. Enable Private Connectivity (OCC)
+### 8. Enable private connectivity (OCC)
 
 If you need to connect your on-premise infrastructure or other OVHcloud services securely to the Landing Zone, use OVHcloud Connect (OCC).
 
@@ -121,31 +121,31 @@ If you need to connect your on-premise infrastructure or other OVHcloud services
 
 See [this documentation](/pages/network/ovhcloud_connect/occ-direct-control-panel).
 
-9. Deploy Your Infrastructure
+### 9. Deploy your infrastructure
 
 With networking and security in place, deploy your core services:
 
 - Compute: Public Cloud Instances (GP/CPU/GPU)
 - Containers: Managed Kubernetes Service
 - Storage:
     - Block storage (via volumes)
-    - Object Storage (S3-compatible)
+    - Object Storage (S3<sup>1</sup>-compatible)
     - Public Cloud File Storage (NFSv4)
 - Databases: Managed MongoDB, PostgreSQL, MySQL, Kafka
 
 These services can be managed using the Control Panel, OpenStack CLI, or Terraform.
 
-10. Set Up Identity and Access Management (IAM)
+### 10. Set up Identity and Access Management (IAM)
 
 IAM is essential for defining who can access what and under which conditions. With OVHcloud IAM, you can:
 
 - Create and assign roles and policies per user/group
 - Integrate with SAML, OIDC, or use native IAM
 - Isolate access by project, service, or region
 
-See [related documentation](/pages/public_cloud/public_cloud_cross_functional/securing_and_structuring_projects).
+See the [related documentation](/pages/public_cloud/public_cloud_cross_functional/securing_and_structuring_projects).
 
-11. Define Backup Policies
+### 11. Define backup policies
 
 Ensure business continuity by protecting critical data and workloads:
 
@@ -155,7 +155,7 @@ Ensure business continuity by protecting critical data and workloads:
 
 Define a backup strategy aligned with your RPO (Recovery Point Objective) and RTO (Recovery Time Objective).
 
-12. Centralize Logging with Logs Data Platform
+### 12. Centralize logging with Logs Data Platform
 
 Logs Data Platform (LDP) allows you to:
 
@@ -165,18 +165,20 @@ Logs Data Platform (LDP) allows you to:
 
 This is key for observability, security audits, and troubleshooting. Follow [this documentation](/pages/manage_and_operate/observability/logs_data_platform/getting_started_quick_start).
 
-13. Implement Cost Control and Monitoring
+### 13. Implement cost control and monitoring
 
-Keep control of your cloud spend with:
+Keep control of your cloud spending with:
 
 - Budget alerts and consumption dashboards
 - API access to cost usage reports
 - Daily/hourly resource tracking
 
-Use tagging, IAM roles, and alerts to link costs to teams, environments, or services. To more informations, see [this documentation](/pages/public_cloud/public_cloud_cross_functional/analyze_billing).
+Use tagging, IAM roles, and alerts to link costs to teams, environments, or services. For more information, read [this documentation](/pages/public_cloud/public_cloud_cross_functional/analyze_billing).
 
 ## Go Further
 
 If you need training or technical assistance to implement our solutions, contact your sales representative or click on [this link](/links/professional-services) to get a quote and ask our Professional Services experts for assisting you on your specific use case.
 
-Join our [community of users](/links/community) and visit our [Discord channel](https://discord.gg/ovhcloud).
+Join our [community of users](/links/community) and visit our [Discord channel](https://discord.gg/ovhcloud).
+
+<sup>1</sup>: S3 is a trademark of Amazon Technologies, Inc. OVHcloud’s service is not sponsored by, endorsed by, or otherwise affiliated with Amazon Technologies, Inc.

pages/public_cloud/public_cloud_cross_functional/landing_zone_migration/images/landing_zone_architecture.png

@@ -1,2 +1,2 @@
 id: 3a894dca-4e73-471a-887f-337ca19a7b10
-full_slug: public-cloud-landinz-zone
+full_slug: public-cloud-landing-zone