Key components of AI Landing Zone
Three paradigms for AI adoption
Enterprises typically adopt AI through one of three common paradigms:
Paradigm | Characteristics | Typical users |
MaaS (Model-as-a-Service) | Build no-code agent applications by calling pre-trained large model APIs. | Business departments, product managers, ISVs |
PaaS (Platform-as-a-Service) | Use a managed platform for model training, fine-tuning, deployment, and management. | Data scientists, algorithm engineers |
IaaS/Self-developed platform (Infrastructure-as-a-Service) | Build highly customized AI systems for maximum performance and control. | MLOps teams, large tech companies |
To support these three paradigms, Alibaba Cloud offers several key AI products:
Paradigm | Key products | Typical users |
MaaS (Model-as-a-Service) | Model Studio | An easy-to-use platform for business users to build AI applications. |
PaaS (Platform-as-a-Service) | PAI, AI Gateway, Function Compute (FC) | An all-in-one AI development and service platform for developers. |
IaaS/Self-developed platform (Infrastructure-as-a-Service) | ACK + custom cluster | High-performance, scalable AI infrastructure for professional teams. |
AI Landing Zone
Regardless of which platform you use, a unified governance framework is essential. To this end, Alibaba Cloud introduces the AI Landing Zone (AI LZ): a standardized, automated, and governable enterprise-grade AI infrastructure framework based on cloud best practices. It is more than a technical platform; it is a methodology that combines organizational collaboration, process standardization, and automated governance. This ensures that from the outset, AI projects are built on a foundation of:
Organizational and account isolation
Security and access control
Cost allocation and monitoring
Sustainable evolution
Just as an aircraft needs a secure landing zone to prepare for a mission, an AI project needs a "digital landing zone" to successfully move to production. The AI LZ extends a general-purpose landing zone by adding capabilities specific to AI. These include security and compliance, AI cost management, and observability for training and inference scenarios. The following diagram shows the overall architecture of the AI LZ.
AI Landing Zone components
The AI LZ retains the eight functional modules of a general-purpose landing zone but adds new features within each module that are tailored for specific AI platforms.
The following table briefly describes these functional modules.
Module | Description |
Resource planning | Defines the organizational structure for cloud accounts, plans AI project workspaces, and establishes resource group and tag standards for AI resources. |
Financial management | Manages financial models for your cloud accounts and designs cost allocation rules for AI platforms and their related resources to enable detailed cost tracking for AI projects. |
Network planning | Plans the optimal network architecture for each stage of the AI lifecycle, from data ingestion to model serving. |
Identity and permissions | Provides best practices for identity and access management, defines permissions for the AI platform, and establishes secure usage guidelines for API keys. |
Security protection | Ensures end-to-end AI security—from infrastructure and models to applications—to help you build a secure, AI-ready environment on the cloud. |
Compliance audit | Provides compliance audit rules and operational audit logs for the AI platform and its related training and inference resources to meet MLPS Level 3 and other industry audit requirements. |
O&M management | Provides unified, end-to-end AI observability for training and inference scenarios and uses MCP capabilities to enable AIOps. |
Automation | Defines automation scenarios and objectives, and uses appropriate tools to achieve deployment automation. Common scenarios include AI Landing Zone setup and MLOps pipeline automation. |