March 15, 2021 By Frederic Lavigne 4 min read

When planning to deploy a solution in IBM Cloud, there are several areas to carefully consider.

These include how you will set up the account, which permissions to assign to users, how to log and monitor your systems, how to design the networking configuration, which compute options to use and how to automate deployments:

Establish an enterprise account structure and standards

An important step in preparing your project is to define how you are going to structure your account. IBM Cloud introduces the concepts of Enterprise, Account, Account Group, Users, Access Groups, Resource Groups and Tags. You will want to understand these concepts to make the right decisions for your enterprise.

A common approach is to define a blueprint for all projects, as shown in “Blueprinting the Onboarding of Cloud Projects Using Terraform.” With the concepts defined above, a blueprint could be as follows:

In this example, a project maps to an Account, and a set of standard Access Groups exist in every project to bring consistency across the Enterprise. Each Access Group would have specific IAM policies assigned based on their purpose. Resource groups could be dedicated to specify environments (e.g., Development, Test, Staging, Production):

Related links

Identify and configure a set of shared services

No matter which compute options you are deploying to, there is likely a set of common shared services you are going to use. Typically, this would include services like log and metrics collection, auditing, certificate management and key management. When possible, use a dedicated resource group or account to host these services and configure compute resources to send their logs and metrics to the shared instances. Apply IAM policies to control which access groups can read/write from/to these instances:

Related links

Define your networking strategy

From IP addressing scheme to rules in network access lists and security groups, the scope of the networking configuration is not to be taken lightly. Do you need to interconnect your remote network environments with IBM Cloud? Will you go over a dedicated link? Through a virtual private network? How do you plan to isolate applications within the same account and across accounts? Which IP address ranges to use? Are there any conflicts? How to protect ingress traffic while ensuring high availability requirements are met?

Related links

Evaluate and improve security posture

Embed security checks into everyday workflows to help monitor for security and compliance. Configure Security and Compliance Center to monitor and govern the use of resources in your accounts. Set up base compliance policies, scans and schedules. Set up common approaches to the management of secrets, certificates and keys:

Related links

Automate all steps

Once you have passed the initial discovery phase of a service, using either the user interface or the command line, and you’ve made the decision to use this service as part of your solution, make sure to rely on automation to integrate, configure and operate the service. From infrastructure provisioning to production deployment, whenever possible, capture these steps as code — as repeatable and auditable processes. Tools like the IBM Cloud CLI, Terraform and Ansible will play their part in this endeavor, together with Continuous Delivery and IBM Cloud Schematics:

Related links

Feedback, questions, and suggestions

If you have feedback, suggestions or questions about this post, please reach out to me on Twitter (@L2FProd).

Was this article helpful?
YesNo

More from Cloud

Attention new clients: exciting financial incentives for VMware Cloud Foundation on IBM Cloud

4 min read - New client specials: Get up to 50% off when you commit to a 1- or 3-year term contract on new VCF-as-a-Service offerings, plus an additional value of up to USD 200K in credits through 30 June 2025 when you migrate your VMware workloads to IBM Cloud®.1 Low starting prices: On-demand VCF-as-a-Service deployments begin under USD 200 per month.2 The IBM Cloud benefit: See the potential for a 201%3 return on investment (ROI) over 3 years with reduced downtime, cost and…

24 IBM offerings winning TrustRadius 2024 Top Rated Awards

2 min read - TrustRadius is a buyer intelligence platform for business technology. Comprehensive product information, in-depth customer insights and peer conversations enable buyers to make confident decisions. “Earning a Top Rated Award means the vendor has excellent customer satisfaction and proven credibility. It’s based entirely on reviews and customer sentiment,” said Becky Susko, TrustRadius, Marketing Program Manager of Awards. Top Rated Awards have to be earned: Gain 10+ new reviews in the past 12 months Earn a trScore of 7.5 or higher from…

IBM Tech Now: April 8, 2024

< 1 min read - ​Welcome IBM Tech Now, our video web series featuring the latest and greatest news and announcements in the world of technology. Make sure you subscribe to our YouTube channel to be notified every time a new IBM Tech Now video is published. IBM Tech Now: Episode 96 On this episode, we're covering the following topics: IBM Cloud Logs A collaboration with IBM watsonx.ai and Anaconda IBM offerings in the G2 Spring Reports Stay plugged in You can check out the…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters