Cloudreach and Microsoft assist Douglas in developing a governance framework to improve and scale its application infrastructure in the cloud according to best practices.

  • Azure
  • Retail

The Challenge

Douglas aimed to transform from a leading beauty retailer to a leading beauty
platform. As part of the omnichannel strategy, Douglas built a new commerce platform comprised of the SAP Commerce Cloud and a multitude of
additional microservices.

In order to scale the platform across its locations, Douglas chose to deploy new
services on the Microsoft Azure cloud, and migrate existing services there as well.

Early on in the project, Douglas management realized that developing a
governance framework would decrease unnecessary cost, make the resource
consumption more efficient, create a framework for the application deployment,
and increase the security posture. At the start of this initiative, Douglas was facing the following needs:

  • To create a cloud landing zone for newly developed services
  • To create a secure and effective network design, spanning existing data centers and the new cloud environment
  • Design a governance framework based on Azure best practices

With years of experience in deploying such Governance Frameworks to
encompass the needs of application modernization, Cloudreach was more than
prepared to take on this task!

Throughout the engagement, the initial scope evolved from a wider Azure
Governance Service range to specific services and governance which were more
appropriate and useful for this transformation.

The Solution

The project included a Design phase and an Implementation phase rolled out
over six months. During the first phase, our consultants created a tenant model
for the various applications and entities associated with the project.

This initiative included:

  • Setting up naming convention, enforced tagging, resource types and more
    by making use of Azure Policies
  • Standardizing the usage of Terraform templates for deploying governed Azure Kubernetes Service (AKS) clusters
  • Implementing Identity Management with the Azure Active Directory (Azure AD) and role-based access control (Azure RBAC)
  • Integration of Azure RBAC roles with Azure AKS in a seamless way, on deployment, by using predefined standards
  • Adding security controls and improving the security posture plan: Azure Policies, usage of KeyVault, Network Security (DDoS protection and
  • Creating Guidelines for Monitoring, Logging, Backups and Operation
  • Creating the DevOps and CICD structure and processes by using Azure DevOps suite
  • Drafting a Disaster Recovery Plan for the different Azure regions

During the implementation phase our team was involved in:

  • The creation of a new Douglas landing zone to empower the easy
    onboarding of application components, as well as integration with the
    current solutions
  • Hub and spoke design with major refactoring around communications between apps and a governed way of communicating between spokes (app components) and Internet or Intranet
  • Putting in place a Network infrastructure using Azure Kubernetes Service (AKS) to offer a continuous integration and continuous delivery (CI/CD) experience. This also helped establish enterprise-grade security and governance
  • Upgrading the managed Kubernetes instances to include the usage of Helm, policies, etc
  • Design of the Network model for the AKS and non-AKS vNETs
  • Integration of the AKS clusters into the higher level tenant model, to be covered by the general governance framework maintained by the Douglas IT
  • Triggering the creation of new processes and fixing/modifying current ones to be able to work with the new structures

The Partnership

From the beginning of our collaboration with Douglas, we found a great team,
well prepared and staffed, which was already making good progress towards
modernizing the Storefront application. All of our initial workshops with the
Douglas IT team finished in consensus and a clear vision of where we wanted to
go and the challenges we need to overcome.

Despite the wide scope and focus of the project, the positive, dynamic working environment helped the team prioritise tasks and set an excellent pace towards the application transformation we set out to achieve.

The Outcome

Cloudreach created a comprehensive governance framework for Douglas, which
included: enterprise account structure, tenant model, access management,
policies, environment templates as well as naming and tagging.

Besides this, a blueprint of the Cloud Landing Zone has been created, which
included mainly the network structure and connectivity, security model and
Kubernetes cluster blueprints.

By implementing the cloud blueprint and governance framework, Douglas was
able to quickly onboard development teams onto the new cloud environment
while ensuring consistent use of technology and establishing standards for
security, cost, and operational maturity.

As a result, the migration of the first batch of stores onto the new commerce platform was completed on time and the Douglas team was able to rapidly build
expertise on Azure and Kubernetes management.


Douglas is the leading premium beauty retailer in the European beauty industry with about 2,400 stores and fast-growing online shops in 26 European countries.