Initial commit for docs

Author: argeiger

docs/README.md

@@ -16,5 +16,3 @@ The objective of this lab is split into two distinct parts. The first part is bu
   - An Apache server will be deployed in a secure VSI workload VPC
   - The web application will be exposed for outside access.
 - Part 2 shows how to automate the manual steps in Part 1, and then, how to package, and share the automation as a “Deployable Architecture” with other user through a private IBM Cloud Catalog
-
-Before we go onto practical steps, the following sections introduces some of the necessary background and context to understand the general principles of this lab.

docs/about/10-fs-cloud.md

@@ -0,0 +1,25 @@
+# VPC Landing Zone
+
+IBM VPC Landing Zone (“SLZ”) is a set of [Infrastructure-As-Code](https://en.wikipedia.org/wiki/Infrastructure_as_code) automation that enables creating a fully customizable VPC environment within a single region. The VPC Landing Zone is implemented in terraform and automates the provisioning, configuring, and integration of several services that participates in the realization of a compliant VPC-based topology:
+
+- A resource group for cloud services and for each VPC.
+- Cloud Object Storage instances for flow logs and Activity Tracker
+- Encryption keys in either a Key Protect or Hyper Protect Crypto Services instance
+- A management and workload VPC connected by a transit gateway
+- A flow log collector for each VPC
+- All necessary networking rules to allow communication.
+- Virtual Private Endpoint (VPE) for Cloud Object Storage in each VPC
+- A VPN gateway in the management VPC
+
+[Available VPC Landing Zone terraform modules](https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone)
+
+VPC Landing Zone comes with four fully functional patterns that are strictly following the IBM Cloud Financial Services reference architecture:
+
+- VPC pattern
+- VPC with Virtual Servers (“VSIs”) – which the lab will use.
+- VPC with OpenShift
+- VPC with VSIs and OpenShift (“mixed”) pattern.
+
+Each of the patterns can be used as a starting point to create your own customizable VPC-based topology that matches your enterprise or customer exact needs.
+
+![VPC reference architecture](../images/about-fs-cloud.png)

docs/about/20-vpc-landing-zone.md

@@ -0,0 +1,9 @@
+# IBM Cloud for Financial Cloud Services Framework
+
+The IBM Cloud Financial Cloud Services Framework provides comprehensive and detailed guidance to help address the needs of enterprises with regulatory compliance, security, and resiliency during the initial deployment phase and with ongoing operations.
+
+Whilst the framework was initially based on the needs of financial institutions, as its name indicates, it can be used as a starting point and baseline for meeting compliance and security for most industries.
+
+[Getting started with IBM Cloud for Financial Services](https://cloud.ibm.com/docs/framework-financial-services?topic=framework-financial-services-about)
+
+The framework provides secure [VPC reference architectures](https://cloud.ibm.com/docs/framework-financial-services?topic=framework-financial-services-vpc-architecture-about) meeting with a number of regulatory controls.

docs/about/30-deployable-arch.md

@@ -0,0 +1,21 @@
+# Deployable Architecture
+
+“Deployable Architecture” is officially defined as “Cloud automation for deploying a common architectural pattern that combines one or more cloud resources that is designed for easy deployment, scalability, and modularity.”
+
+More specifically, and concretely, from a technical perspective, “Deployable Architectures” are essentially terraform modules that are fully integrated into the IBM Cloud experience. Deployable Architecture are:
+
+- Discoverable and available through the IBM Cloud Catalog (and through IBM Cloud search)
+- Fully integrated in IBM Cloud Projects and Schematics.
+- Integrated with [IBM Cloud Risk Analyzer](https://cloud.ibm.com/docs/code-risk-analyzer-cli-plugin?topic=code-risk-analyzer-cli-plugin-cra-cli-plugin#terraform-command)
+
+In other words, it is possible for an end-user to execute the terraform automation behind a “Deployable Architecture” just from a few clicks and inputs in the IBM Cloud console.
+
+![Deployable Architecture console](../images/about-deployable-arch.png)
+
+The Landing Zone terraform module and patterns described just above have a corresponding [Deployable Architecture](https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-overview) in IBM Cloud. In this lab, the Secure Landing Zone is consumed through the Deployable Architecture experience for ease of use, rather than using the terraform CLI against the open-source github version.
+
+IBM-maintained Deployable Architectures, like the Landing Zone Deployable Architecture:
+
+- Provide the same level of customer support as any other IBM Cloud product
+- [Come with extensive documentation](https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-overview)
+- Are maintained and remains current over time

docs/about/40-projects.md

@@ -0,0 +1,18 @@
+# IBM Cloud Projects
+
+IBM Cloud Projects make it easy to manage Infrastructure-As-Code deployments across accounts, collaborate with team members, and maintain compliance.
+
+At its core, an IBM Cloud Project is made up of a collection of configurations that are used to manage related Infrastructure as Code (IaC) deployments (and associated resources) across accounts.
+
+As a concrete example, let’s imagine the scenario of a SRE team responsible for setting up the infrastructure supporting the web application. That SRE team wants to follow best practices and deploy the following environments, all based on the same Deployable Architecture template (but with slight configuration differences for each environment):
+
+1. A development environment – with scaled down compute resources and no audit event tracking.
+2. A staging environment – as close as possible to the production environment
+3. 2 production environments: one in America and another one in Europe.
+
+That SRE team can group configurations, and thus centralize the governance, for the 4 different environments in one single Project.
+
+Beyond the core configuration grouping capability, IBM Cloud Projects is designed with an IaC and a compliance-first approach. Projects also seemingly integrate with IBM Cloud Schematics to deploy, update, and manage the resources created by the IaC automation.
+Each project also includes tools to scan for potentially harmful resource changes, compliance, security, and cost, as well as tracking configuration versioning and governance.
+
+![IBM Cloud Projects](../about/40-projects.md)

docs/images/about-deployable-arch.png

@@ -1 +1,5 @@
-- [🛫 Overview](README.md)
+- [📘 Overview](README.md)
+  - [IBM Cloud for Financial Service](./about/10-fs-cloud.md)
+  - [VPC Landing Zone](./about/20-vpc-landing-zone.md)
+  - [Deployable Architectures](./about/30-deployable-arch)
+  - [IBM Cloud Projects](./about/40-projects.md)