In collaboration with Kredsløb, we have built a modern cloud-infrastructure to support applications such as a modern data platform. The cloud-infrastructure follows Microsoft Cloud Adoption Framework and includes modern IT-security and high flexibility. This means that servers, systems and applications have a secure and safe landing zone in Microsoft Azure.


Kredsløbs new landing zone enables the organization to maintain the right governance and security. To obtain this, all the cloud resources are configured in order to comply with the organization’s security standards, but also the NIS 2-directive.


The cloud-infrastructure is designed to be scalable, as well as to contain and drift the many servers, systems and applications that Kredsløb has. This also includes everything from simple IT-administration systems to Kredsløbs new data platform. As the landing zone also integrates with OT, in order to support the new data platform, the focus has been on building an integration that secures the right performance, security and flexibility.


The landing zone as a foundation creates a secure environment, built through ‘infrastructure as code’, which is a flexible way to handle the many possibilities of IT regarding data and AI. Deliveries to the cloud infrastructure can happen multiple times within a short execution time.


Facts about Kredsløb

Kredsløb A/S, formerly known as AffaldVarme Aarhus A/S, consists of both district heating production, recycling and energy production. Kredsløb has an annual revenue of DKK 3 billion, employs approximately 500 employees, has a network for district heating with more than 2.000 km of pipes and delivers heat to approximately 300.000 citizens each day. This makes Kredsløb one of the largest in Denmark within distinct heating.

Neurospace and Kredsløb have had a long standing relationship and we have set the foundation for a partnership, involving multiple cloud-infrastructure projects. The newest project has had a special focus around the security of Kredsløb. Kredsløb drives critical infrastructure and therefore must supply with the EU NIS 2-directive, which contains security standards to both OT and IT systems. This also includes the restriction that OT systems must not have direct access to IT systems. However, it is possible to let all data pass through an intermediate system, allowing data to be securely transferred to the cloud.


In Kredsløbs role as a critical infrastructure provider, it is essential for Kredsløb to maintain security around the company, and there is a strong focus on operational stability. At the same time, Kredsløb is a growing company, which also means that the systems used are changing over time. Therefore, Kredsløb needs a cloud infrastructure that can accommodate existing as well as new systems, servers, and applications in order to continue its development.

Summary

  • The platform increases the possibilities for collaboration and productivity.
  • The landing zone is built through infrastructure as code, which increases their possibilities for recovery of codes and changes.
  • Kredsløb has established a technological and secure upgrade of their infrastructure.
  • The platform is scalable and can be modular, which means it fits different needs of implementation.

The value for Kredsløb

  1. Optimized security.
  • The infrastructure is configured with code and can be recreated.
  • Access and rights around the platform are built through Identity and Access Management (IAM) and Zero Trust principles.
  • Automatic documentation through code as well as Architecture Decision Records to describe architecture decisions.
  • Compliance with GDPR and NIS 2 - risk assessment and appropriate technical measures.

  1. The cloud infrastructure provides Kredsløb with a framework and best practices, which means that they can effectively and securely migrate their servers, systems, and IT applications to the cloud.

  1. The cloud infrastructure ensures scalability, performance, flexibility, and elasticity.
  • The cloud infrastructure is able to adapt to and respond to changes in needs and demand.
  • Ability to easily scale resources up or down, ensure user availability, and control costs.
  • The cloud infrastructure enables Kredsløb to optimize resource consumption.



Inspired by the Microsoft Cloud Adoption Framework, Kredsløb and Neurospace have managed to build an Azure Landing Zone with infrastructure as code. We expect to place the majority of out IT-infrastructure in this platform.

Nick Sørensen

Microsoft Specialist at Kredsløb


The purpose of the Landing Zone project

The Landing Zone project was launched in 2022 and aims to establish a stable, secure, and well-functioning platform that will enable Kredsløb to independently run operations and developments. In addition, the project aims to ensure agile and flexible work processes with deliveries to the cloud.


Kredsløb has the ability to run tests and control the security through the landing zone. The platform also gives the possibility to automate and deploy new functions or updates.


The entire platform is built with ‘infrastructure as code’. This gives Kredsløb the following advantages:


  • Security control through version control - It is always possible to restore and reproduce as well as reuse and document data.
  • Improves collaboration - Tracking of changes made over time.
  • Critical resources are monitored.
  • Reduce cost - Able to help identify and reduce unused resources.
  • Improved disaster recovery plan.

The value for Kredsløbs will, among other things, be an improved productivity due to the fact that the team has a solid foundation to collaborate on projects. Kredsløb has a foundation that is scalable, which enables new possibilities for existing and new servers, systems and applications.


The landing zone uses ‘Identity and Access Management (IAM)’, a system that controls who has access to which resources. A Zero Trust security model is also implemented, meaning that access attempts are verified and authenticated. These security measures create enhanced security around the cloud infrastructure and reduce unauthorized access. With IAM permissions are assigned to groups and only access to necessary resources is granted. Through Zero Trust principles, there is no implicit trust, but rather continuous access validation.


Kredsløb has gained a vast amount of knowledge and has undergone a significant technological and security transformation of the infrastructure. Our new platform is built with scalable and modular architecture that can be adapted to various implementation needs. In out IT infrastructure team, we are proud to deliver a robust and reliable cloud infrastructure platform

Nick Sørensen

Microsoft Specialist at Kredsløb


Collaboration and Onboarding

The entire process has been conducted through a collaborative partnership, which has strengthened the development of the landing zone. Additionally, the process has served as a continuous knowledge-sharing and onboarding exercise, enabling Kredsløb to ultimately take ownership of operations and development.


The collaboration has been built on the agile Scrum methodology with ongoing sprints, with the participation of employees from Kredsløb and Neurospace. The ongoing onboarding process gives Kredsløb an easy transition and ensures that the team who are to work with the cloud infrastructure, can handle tasks such as creating and configuring new landing zones.


Kredsløbs collaboration with Neurospace has been highly rewarding and has served as a natural extension of our internal department. We have worked in agile cross-functional teams with daily interaction, ambitious goal setting, and celebration of milestones with social activities

Nick Sørensen

Microsoft Specialist at Kredsløb


Lisbjerg genrugsstation og affaldsenergianlægget

Lisbjerg recycling station and the waste-to-energy plant