Versions Compared

Version Old Version 3 New Version Current
Changes made by

Dominik Meyer

Enerel Khuyag

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Excerpt
namesummary

A single-tenant on Unique is a separate, isolated, regulated and governed deployment of our product within our own Azure perimeter. Customers that opt for this approach get their own landing-zone that they can reach e.g. with https://customer.unique.app.

...

Child pages (Children Display)
depth2
allChildrentrue
style
sortAndReverse
excerptTypesimple
first0

...

Table of Contents
minLevel1
maxLevel6
outlinefalse
typelist
printablefalse

...

...

Get started

Info

Refer to Get started with a Single Tenant

...

Tenat setup

Info

Unique built their setup according to Azures What is a Landing Zone? and their Architecture of an AKS regulated cluster for Payment Card Industry Data Security Standard v3.2.1.

For every detail you can not find in our concept refer first to the official (blue star) documentation.

gliffy
Drawio
mVer2
zoom1
simple0
inComment0
custContentId698056799
pageId436536110
lbox1
diagramDisplayNameUntitled Diagram-1723024002459.drawio
contentVer
235962404
2
imageAttachmentIdrevisionatt2363883832
baseUrlhttps://unique-ch.atlassian.net/wiki
namelz
diagramAttachmentIdatt236552193
containerIddiagramNameUntitled Diagram-1723024002459.drawio
pCenter0
width1002.76
links
tbstyle
height991
Note

For Single-Tenants we use another Active Directory Tenant than for our /wiki/spaces/Q/pages/235470943!

The tenant used here adheres to the Principle of Least Privilege. To do so, we leverage Privileged Access Management and Conditional Access.

You can read more about our policies in /wiki/spaces/Q/pages/233996292.

Property

Scenario

Azure Active Directory

As outlined above, for single-tenants we use a heavily governed AAD tenant.

Management Group

Unique Enterprise

Our top level management group

Management Group

Landing Zone Customer 1 (…n)

Each customer has their own management group in order to leverage one subscription per customer

Subscription

Landing Zone Subscription 1 (…n)

Each customer has their own subscription so we can leverage the full capabilities of RBAC, Security Policies, Privileged Access Management and Conditional Access based on a customers need

Owner

Dominik Meyer

Tenant architecture

Info

Unique built their setup according to Azures What is a Landing Zone? and their Architecture of an AKS regulated cluster for Payment Card Industry Data Security Standard v3.2.1.

For every detail you can not find in our concept refer first to the official (blue star) documentation.

Drawio
mVer2
zoom1
simple0
inComment0
custContentId701563042
pageId436536110
lbox1
diagramDisplayNameUntitled Diagram-1723096899797.drawio
contentVer1
revision1
baseUrlhttps://unique-ch.atlassian.net/wiki
diagramNameUntitled Diagram-1723096899797.drawio
pCenter0
width751
links
tbstyle
height541

This is Uniques implementation of our own Infrastructure requirements with additions to empower Terraform and Audit Logs.

...

Author

Dominik Meyer