Deviations from the Common Model

Unique recommends the Common Model described in Get started with a Customer Managed TenantUNDEFINED. Only proceed reading on this page if you are interested in a deeper collaboration with Unique where a mutual trust relationship will be established and Unique will actually run the workloads within your tenant.

Responsibilities

In order to start discussing this variant some conscious choices have to be discussed with the client and decisions have to be made.

The result of this questionnaire heavily impacts the pricing and timeline of the setup. It is thus vital for both parties to plan accordingly and to note the responsibilities down properly in the statement of work (SoW).

Task

RACI

Task

RACI

Manage identities for Unique employees

RA: The client

C: Unique

Manage security requirements towards identities (2FA, Conditional Auth, etc).

Monitor, manage and archive Azure Activity Logs

RA: The client

Manage custom ARM roles

RA: The client

C: Unique

Manage PIM eligibilities

Manage budgets

Manage policies

Watch network ing- and e-gress

Run and maintain Defender For Cloud

Provide peered VNET and IP-Adress ranges

Maintain VNet/Subnets within LZ with outlet/gateway to Peer

includes Network Security Groups

To be worked out, impacts pricing and timeline.

Note that these topics are often governed by central IT teams of the client and thus leave a few choices up to the implementation of a specific deal. The client must revisit their internal guidelines to answer these questions.

Manage resource groups

Deploy resources

incl. AKS

Update applications on AKS (basically delivering and maintaining or upgrading the product)

Investigate incidents

Provide secure, tamper-safe, legally held audit logs for application audit logs and append only to them

AC: The client

R: Unique

A: Accountable, R: Responsible, C: Consulted (billed by effort), I: Informed

Compliance

Certain compliance and regulatory topics must also be clarified up front as they again have impact on pricing and timeline and must be noted in the contract:

  1. In which Azure region should the deployment reside

  2. Which Azure regions could be used for any OpenAI or LLM interactions

    1. more regions = more flexibility and potentially better quality

  3. Where can the Unique employees maintaining the solution be from?


Author

See Parent

© 2024 Unique AG. All rights reserved. Privacy PolicyTerms of Service