Addressing Enterprise Control - Technical Overview

Addressing Enterprise Control, Predictability, and Security in Azure Automation 

This paper explains how Fabrics addresses enterprise control, predictability, and security in Azure, through its architecture, policy-driven automation engine, and granular control model. Enterprises can safely automate cost optimization while maintaining visibility, control, and governance. 

Executive Summary 

Enterprises today face a fundamental mismatch: cloud capacity is provisioned for peak demand, yet real-world usage fluctuates constantly. The result? Over-provisioned infrastructure and wasted spending, or under-provisioned infrastructure and performance issues. 

Most organizations have already solved the first layer of this challenge using static provisioning, alerts, or basic autoscaling. These approaches deliver an initial round of savings, but then plateau. Inefficiencies remain hidden, and IT teams continue firefighting capacity issues instead of driving strategy. 

Fabrics tackles this head-on with Micro-Dynamic Optimization: a continuous feedback loop that connects demand, capacity, and performance. Perpetually, Fabrics ingests utilization metrics, compares them to custom targets, and automatically adjusts resources in real time. Powered by predictive analytics, Fabrics ensures capacity flexes with demand before performance is impacted. 

When it comes to the technical implementation of Fabrics, this document highlights technical teams’ concerns and how Fabrics addresses them accordingly. 

1. Customer Challenges Identified 

1.1 Platform Stability and Cloud Outages 

Across industries, IT and cloud operations teams consistently cite concerns about the stability of automated reconfigurations during cloud provider outages or service disruptions. When dynamic automation tools interact with cloud APIs, the risk arises that an action might fail or stall mid-execution, creating uncertainty around which system initiated the issue, the automation platform, or the provider. Enterprises need reliable mechanisms to maintain stability, traceability, and rollback safety during external cloud events. 

1.2 VM Predictability and Resource Availability 

A frequent challenge for customers is ensuring that virtual machines can reliably start, resize, or redeploy in regions with variable capacity. When cloud regions experience allocation constraints, mission-critical workloads can be delayed or stranded. Customers want confidence that automation will not introduce additional risk to resource availability and that recovery processes are predictable and verifiable. 

1.3 Control and Choice in Automation 

Organizations value automation that adapts intelligently, but not at the expense of human oversight. IT leaders describe the balance between efficiency and control as “the self-driving car problem.” They want the vehicle to steer itself but keep their hands near the wheel. The ideal solution allows full visibility and override capability, letting administrators tune thresholds, pause automations, or enforce policies without disrupting broader optimization goals. 

1.4 Security and Access Permissions 

Security and compliance teams are often cautious about granting high-level privileges to automation systems. Enterprises expect tools to integrate securely with existing identity frameworks, operate within defined role-based access control (RBAC) boundaries, and store credentials in a way that meets zero-trust and audit requirements. Minimizing privilege scope while maintaining operational effectiveness is a consistent customer expectation. 

1.5 Policy Flexibility Across Workloads 

Enterprises typically run a mix of workloads, some continuous and high-demand, others intermittent or seasonal. Customers seek automation platforms that allow policy differentiation, such as applying strict scaling and shutdown rules for dev/test or virtual desktop environments, while keeping production or integration systems always available. 

Granularity at the workload level is essential to avoid one-size-fits-all optimization that could impact performance. 

1.6 Advanced Cost Optimization Scenarios 

As cloud adoption matures, customers are looking beyond basic “stop/start” schedules to more sophisticated efficiency models. These include dynamically adjusting compute SKUs, resizing managed disks, scaling App Service Plans, and modulating Azure SQL performance tiers based on real usage patterns. 

Enterprises want to achieve continuous cost optimization that accounts for performance, availability, and business continuity in a single, automated framework. 

2. Fabrics’ Response and Architecture Overview 

2.1 Policy-Driven Control Framework 

Administrators can define per-resource or group-level policies across any subscription or tenant. 

Each policy defines: 

• Operating schedules (start/stop by time or day) 

• Performance thresholds (CPU or memory targets) 

• SKU fallback hierarchy (primary, secondary, tertiary) 

• Minimum and maximum resource limits 

This allows organizations to standardize efficiency policies while maintaining workload-specific autonomy. 

2.2 Predictable Operations and Auto-Recovery 

Fabrics reduces allocation-failure risk through: 

• Multi-SKU fallback, automatically retrying with alternate SKUs until capacity is found. 

• Health watchdogs that verify VM states continuously and reissue commands if necessary. 

• Self-healing loops that detect and resolve “stuck starting” or “stuck deallocating” conditions faster than native Azure alerts. 

The result is improved uptime and predictability even during partial Azure region outages. 

2.3 Fine-Grained Control and Manual Override 

Administrators can: 

• Disable Fabrics control for maintenance or manual operations. 

• Apply automation only to specific VMs, host pools, or storage types. 

• Override schedules or resource states without losing configuration history. 

When Fabrics is disabled, it pauses all automated actions until re-enabled, ensuring operators keep full control. 

2.4 Security and Role-Based Access 

Fabrics uses a service principle and user account created during onboarding. 

• Default permissions include Contributor, User Access Administrator, and Global Administrator (for Entra ID integration). 

• Those accounts persist; they are what Fabrics uses to perform its designed function. Security on those accounts can be scoped to any customers’ preference. 

• Credentials are stored in Fabrics’ Azure Key Vault and never accessible to anyone. 

This aligns with enterprise zero-trust standards and provides full auditability. 

2.5 Storage and Database Optimization 

Fabrics dynamically optimizes Managed Disks, Azure Files, and Azure SQL Databases: 

• Managed Disks: Monitors utilization and expands capacity automatically. 

• Azure SQL: Scales vCores and storage between defined limits based on load. 

• App Service Plans: Supports scheduled scaling between SKU tiers (for example, Premium to Standard) during off-hours. 

Upcoming capabilities include disk-tier switching and time-based VM-SKU adjustments, expanding cost optimization beyond compute resources. 

2.6 Governance and Observability 

Fabrics’ Focus Cost Reports and dashboards provide: 

• Real-time utilization tracking 

• Historical efficiency analytics 

• Policy compliance visibility 

• Cost-savings attribution per subscription or workload 

This gives FinOps and IT Ops teams shared insight into automation outcomes and savings trend. 

3. Benefit of Controlled Proof-of-Concept 

The joint proof of concept will: 

1. Onboard selected subscriptions using tenant and subscription IDs.

2. Deploy the Fabrics onboarding script (about five minutes) to create the service principle and Event Grid integration. 

3. Apply policies to selected resources to demonstrate real-time scaling and scheduled automation. 

4. Validate cost-saving results and operational reliability. 

This environment provides a safe space to observe Fabrics’ behavior before broader client rollout. 

CONTACT FABRICS 

info@trustfabrics.com 

www.trustfabrics.com