Landing Zone
Landing zone accelerator: your compliant and sovereign cloud foundation
A secure and compliant cloud foundation that’s ready to use from day one, enabling your teams to deploy workloads in production without having to rethink governance for each project.
A customisable cloud foundation that adapts to your needs.
Pre-governed environment on the OVHcloud Public Cloud
An OVHcloud landing zone allows you to deploy a structured environment, with network isolation, next-generation firewall (e.g. OPNsense, Fortigate, Stormshield in BYOL), log centralisation, and security best practices aligned with specific profiles such as PBMM and NIST 800-53.
Certifications and compliance
ISO 27001/27017/27018
HDS
GDPR
PCI DSS
GDPR
PBMM
ISO 27701
Our commitments
Technological sovereignty, compliance with cloud standards, and non-interference with your data: these are the three pillars that ensure a trustworthy cloud.
Technological sovereignty
OVHcloud designs and operates its infrastructures in Europe, with self-managed datacentres and supply chains. Your landing zone is based on a cloud whose technical stack and strategic decisions are not affected by extraterritorial laws. You maintain control over your digital environment.
Compliance with cloud standards
Our landing zone scripts are aligned with frameworks recognised by government authorities, such as PBMM (Canada) and NIST 800-53, with progress towards FedRAMP for the American market. Compliance by design, with a documented and shared security controls roadmap (shared responsibility model) to facilitate your audits.
Completely customisable
OVHcloud landing zones are adaptable according to your business needs and structural issues. We have a support programme to assist you in deploying these landing zones, either with our Professional Services or our certified partners.
Examples of deployments
One foundation, many combinations, a tailored approach
Deploy an environment that meets advanced compliance requirements.
Protect your data and applications with a network architecture where each environment is strictly isolated.
- Strong isolation between environments
- Encrypted flows between perimeters
Long-term log archiving
Adapt your architecture to workloads requiring large bandwidths
Transition to a solution optimised for performance without sacrificing isolation or centralised security.
- Direct connectivity between environments: reduced latency, maximum throughput
- Centralised security policy on the hub
- More flexible spokes lifecycle
Optimise your operational management in line with your existing technical scopes
Your company has its own security standards, certifications, and approved equipment. Deploy the solutions you’re already familiar with, without compromising on integration.
- Compatible with market solutions: Stormshield, Fortinet, Palo Alto and other certified solutions
- Keep your existing administration processes: no disruption to operations
Deploy your solution as early as tomorrow!
Our Professional Services support you from start to finish in the design and deployment of your bespoke Landing Zone. With their help, you get a turnkey solution that adapts to your technical and organisational constraints.
Features
Preconfigured environment that provides a secure, scalable, and compliant foundation for deploying workloads in the cloud.
Network isolation
Dedicated topology by profile: shared network isolation or project-based network isolation to isolate environments and control flows.
Security
Open-source firewall without subscription (e.g. OPNsense) or in BYOImage/BYOLicence to replicate pre-existing network behaviours. Flow control and compliance with sectoral requirements.
Observability
Centralised log management via Logs data platform only. A single provider for infrastructure and log management: governance and support are simplified.
Identity and Access Management
An ideal solution for the most stringent requirements in managing sensitive data. Our architecture is aligned with this commitment (isolation, hub, identification, IAM).
Governance
Each team works in its own space, without the risk of interfering with others. The platform sets the rules: your environments may multiply, but governance remains centralised and consistent.
Automation
Deployments via Infrastructure as Code scripts: it’s simple and subscription-free. The scripts are versioned, reproducible, and maintained in line with the growth of the Public Cloud service portfolio.
Use case
For which contexts? Public sector, regulated firms, or organisations that require sovereignty and compliance.
Public sector
The MCN recommends PBMM-aligned landing zones. The OVHcloud government profile meets this requirement with a matrix of controls and documentation tailored for public procurement.
Multi-project
Multiple projects on a single isolated network, next-generation firewall (e.g., OPNsense), controlled costs. Ideal for starting up or for shared development/staging environments.
Sector compliance
You require network isolation for each project, an enterprise-grade next-generation firewall (e.g. Fortigate, Stormshield), as well as log centralisation.
Support
Follow a structured process from discovery to implementation, with the option of support from our teams or from Sopra Steria for managed deployments.
1
Discovery
Context analysis (sector, regulations), assessment of needs, current environment and constraints, and defining the target architecture.
2
Design
Defining and designing the target architecture with our certified OVHcloud specialists.
3
Deployment
Execution of OpenTofu scripts according to the selected profile. The network, firewall, Logs/Observability platform, and compliance options are deployed.
4
Validation
Verifying controls, configuring alerts, and using the compliance matrix for audit evidence.
5
Training
Documentation, training of teams, and skills transfer. Pro Services option or partner for a managed deployment.
Let us build your OVHcloud landing zone together
Define your target architecture with our OVHcloud business experts, consult the documentation and OpenTofu scripts on our GitHub, or contact us for support.
Your questions answered
How do I deploy an OVHcloud Landing Zone?
Deployment uses OpenTofu scripts (Infrastructure as Code). You can execute them yourself by following the documentation and guides, or feel free to call on OVHcloud Professional Services or our partner Sopra Steria for support.
Where are the logs hosted?
The logs are centralised in OVHcloud Logs/Observability. A replica can be configured in a second region for resilience and auditing. The logging stack is 100% created by OVHcloud (no third-party solution involved).
Can I get help on implementing my solution?
Yes. OVHcloud offers Professional Services to assist you with deployment and training. Our partner Sopra Steria can also take care of a managed deployment for you. Contact us to find the best plan for you.