How to Set Up a Cloud Digital Factory
“Digital factory” might be quite the buzzword but the terminology surrounding it remains vague and the concept can be implemented in very different ways.
Let’s start with the definition of a digital factory. The term encompasses a number of aspects and this kind of factory can be set up in a variety of ways. The basic idea though is to establish a framework so your team can deliver digital projects.
This digital factory should meet one or more clearly defined needs which can, in turn, be used as a basis to design or redesign the digital factory. Examples include:
- Supporting teams with project organization
- Providing technical accelerators to drive innovation
- Creating a secure base for projects
These needs can vary and, once they have been clearly identified, you can formulate a target that takes all aspects into consideration:
- Organization, roles and skills
- Process and planning
- Technical platform
Next, let’s turn to the technical platform to answer a question we are often asked: how does a digital factory work in technical terms?
One need that prompts a company to implement a digital factory is supporting and incentivizing internal initiatives to encourage innovative projects.
This technical innovation is often based on cloud platforms that enable optimum use of cutting-edge services: powerful computing capacity, scalability, high availability, specialized machine learning services, IoT, etc. So, implementing a digital factory can take advantage of cloud platforms to promote new project development.
Making use of cloud services for technical projects is just the first step. There is much more to building a framework you will use to set up a digital factory. Beyond the projects themselves, we have to go back to the needs you want to address by implementing the digital factory to identify how to equip the factory for your particular context.
Preparing a Cloud Digital Factory from a Technical Perspective
Keeping these needs in mind, we need to define all the activities related to a cloud-based solution.
Let’s look at the technical activities you need to deal with when implementing a project in the cloud.
Typically, we have a set of issues we recommend you consider:
- Cloud solution: the crux of the matter. The purpose of a cloud digital factory is to provide cloud solutions. There is no digital factory without a cloud-based solution!
- Environments: For any solution implemented in the cloud, good organization and isolation of the environments is key. In addition to the environments, if your business cloud is intended to host multiple cloud solutions, it is important to determine how those solutions or projects will be isolated from one another. Other aspects will rely on this structure and it will therefore make subsequent progress more or less difficult.
- FinOps: A FinOps process comprises several steps. First, get visibility and an understanding of what is being charged. You can then consider optimizing contracts, architecture and configuration.
- CI/CD: Automatically deploying applications is a major part of a DevOps process. Making automated deployment part of your infrastructure also becomes essential.
- Security management: This issue is extensive. At a minimum, it includes the concepts of network interconnection, service and developer authentication, and secrets and certificate management.
- Protection: Beyond making your platform and project secure, what steps should you take if there is downtime? Once implemented, the platform must meet set availability targets and there should be a clearly defined service restoration process.
- Monitoring: You must have the ability to monitor your platform and solutions to anticipate any problems and plan for the longer term. This oversight function uses application and infrastructure monitoring with a particular focus on security. Finally, you can explore monitoring solutions more specific to your line of business.
There may also be other elements to consider depending on the context.
Roles and Responsibilities
For each of these activities, define the roles and responsibilities of the teams responsible for developing the cloud solutions while keeping in mind the reasons you are setting up the digital factory.
As stated above, environment management and project isolation constitute the initial framework. It is often defined by a team that has visibility on all projects. This means that the choice to allocate a particular “zone” to a project cannot, in theory, be made by the project itself.
For all other issues, however, possible options include overall responsibility for a project, shared responsibility with a dedicated team or responsibility delegated in full to a central, dedicated team.
Let’s look at the sensitive example of security. Does the project team that implemented the solution have full responsibility for security? Or do you want to enforce a minimum security standard across all projects in the digital factory?
Once these questions have been answered, you can take concrete steps towards implementing the cloud digital factory. Stay agile though, since all these elements could be improved and modified!
Priorities and Agility
Cloud providers provide a number of tools to help you structure this cloud digital factory. This means you have everything you need to create a fully industrialized digital factory.
How easy or difficult this is to implement depends on how defined responsibilities are distributed and what activities need to be included.
Again, you need to stay agile here and prioritize your actions. Some questions to consider before prioritizing actions:
- What is critical?
- What will save precious time by being automated?
- What impact will this configuration have on the projects? Will this endanger the time to market of any projects?
Let’s look at two examples:
- A company with high security stakes. This company will not authorize deployment of a cloud solution without a guaranteed high level of security. The company’s security manager takes full responsibility for this. The reason for implementing a digital factory is a guaranteed secure framework to contain the projects.
- A company that has been using the cloud for its solutions for some time now but wishes to set up a cloud digital factory to encourage more teams to take advantage of the cloud services. This will also be an opportunity to gain control over the platform with good cost, security and performance management, etc.
In the first example, the actions intended to make the projects secure will need to be prioritized over those aimed at cost optimization. The project teams will not be able to deploy their solutions in the cloud until the framework provided is sufficiently secure.
In the second scenario, however, the company wants to avoid any excessive impact on the time to market of projects and can build a framework gradually. The priority, for example, may be actions to provide automated environments to attract project teams, followed by work on optimizing costs before improving the security standard.
Note: Obviously, you could create an alternate environment with a secure area and an isolated lab space to enable project teams to test new cloud services without any security constraints or risk.
Stick with an agile and DevOps approach by using a partner project to test this new framework so you can detect any problems as early as possible.
Building a Cloud Digital Factory in Azure
To illustrate how to implement a cloud digital factory, we will look at the tools Azure provides to help you.
Going back to the first topic, environment management or resource organization, I recommend you use different organization levels:
- management groups
- resource groups
For more information, have a look at the Microsoft documentation in this article: Organize your Azure resources effectively.
There are several templates available, but the way you organize your resources will primarily depend on how your company and IT teams operate. You will then be able to define what a “project” is within your environment.
Example 1 – A project can be a management group comprising three subscriptions, one per environment (Dev, Test, Prod).
Example 2 – A project can be a set of three resource groups, one per environment. The resource groups are split up into environment-specific subscriptions.
Note: You can add multiple levels of management groups, unlike subscriptions or resource groups.
Guidelines and Compliance
For all other areas, such as security, monitoring, FinOps, CI/CD, you should define the desired target audience and responsibility levels. In addition to the resulting necessary documentation, actual implementation of these best practices will improve.
Again, a more restrictive or permissive approach is possible based on the responsibility level of the teams. Even with a permissive approach, however, it is possible to have visibility about what is happening and to assess the rate of compliance with these best practices. You can then help the project teams improve this compliance rate.
You will find the Azure policies vital for restricting the use of Azure services and/or assessing the rate of compliance with your guidelines.
These policies are also useful for customizing the security audits provided by Azure Security Center. Enabling Security Center often results in false positives because the elements assessed do not correspond to the environment.
To manage these policies on a larger scale, you can also apply them in resource groups, subscriptions or management groups, etc. Hence the importance of excellent resource organization.
The purpose of a cloud digital factory is not just to make projects more secure: its most beneficial objective is making it easier for projects to adopt use of the cloud. You also want to provide accelerators via the digital factory.
Policies can be restrictive but they can also simplify things! For example, you can automatically preconfigure a service right from its deployment:
- Enabling the collection of logs from an Azure SQL database from the outset can help the project pinpoint the origin of a problem
- Automatically configuring network integration and DNS configuration for an app service so it can resolve private names
Going one step further, you can also use blueprints.
A blueprint can be seen as a layer to be applied to a subscription (not to the resource group or management group). A blueprint follows the same principle as a policy: we have a blueprint definition with a concept of an additional version and a version of a blueprint is then assigned to a subscription.
This layer can contain several object types (called artifacts):
- Resource groups: where the blueprint is to be assigned to a subscription, the resource groups defined within the blueprint are created within the subscription.
- Policies assignment: where the blueprint is to be assigned to a subscription, the policies defined in the blueprint are assigned to the subscription or to one of the resource groups defined in the blueprint.
- Roles assignment: where the blueprint is to be assigned to a subscription, a role is assigned to one or more identities configured within the subscription or within a resource group defined in the blueprint.
- ARM templates: this last artifact type enables you to deploy services within the subscription to which you are applying the blueprint. For example, you can choose to deploy a log analytics service within each subscription to collect all logs from the subscription services.
Finally, the accelerators can be various tools, not specific to the cloud provider, made available to the projects to simplify their configuration.
Hosting projects in the cloud provides flexibility and thus naturally promotes the automated use of environments and projects. It stops being a novelty! A cloud digital factory capable of providing environments for fully automated projects will be truly effective.
We won’t go into detail here about the technologies that help you automate these deployments, but they include everything you need to deploy Azure services and environments:
- Infrastructure as code: Terraform, ARM Templates, etc.
- Scripts: AZ CLI, PowerShell
- API/SDK: .Net, Java, etc.
As for services that are not Azure-specific, these will obviously be selected on a case-by-case basis.
The priority is to clearly define the deployment process in line with the specified framework and the identified responsibilities. This will enable you to break the deployment down into multiple practical steps or modules. This modular nature will make upgrades to the cloud digital factory, whether technical or organizational, easier.
Note: We have refrained from going into the technical details of how to implement a cloud digital factory because this can take various forms and will depend greatly on the needs and objectives involved. We have mentioned several key services for implementing a cloud digital factory project in Azure, however.
Agility for Effective Implementation
A cloud digital factory will therefore define a framework that is more or less rigid, based on the defined objectives. To be effective and adopted, however, agile methods should be used to implement this framework. One of the pitfalls of this type of project is ending up in a seemingly endless tunnel or with V-model management. So, depending on the context, use pilot projects to obtain regular feedback and, where possible, build this framework brick by brick.