Deviations from the Common Model
Unique recommends the Common Model described in Get started with a Customer Managed TenantUNDEFINED. Only proceed reading on this page if you are interested in a deeper collaboration with Unique where a mutual trust relationship will be established and Unique will actually run the workloads within your tenant.
Responsibilities
In order to start discussing this variant some conscious choices have to be discussed with the client and decisions have to be made.
The result of this questionnaire heavily impacts the pricing and timeline of the setup. It is thus vital for both parties to plan accordingly and to note the responsibilities down properly in the statement of work (SoW).
Task | RACI |
---|---|
Manage identities for Unique employees | RA: The client C: Unique |
Manage security requirements towards identities (2FA, Conditional Auth, etc). | |
Monitor, manage and archive Azure Activity Logs | RA: The client |
Manage custom ARM roles | RA: The client C: Unique |
Manage PIM eligibilities | |
Manage budgets | |
Manage policies | |
Watch network ing- and e-gress | |
Run and maintain Defender For Cloud | |
Provide peered VNET and IP-Adress ranges | |
Maintain VNet/Subnets within LZ with outlet/gateway to Peer includes Network Security Groups | To be worked out, impacts pricing and timeline. Note that these topics are often governed by central IT teams of the client and thus leave a few choices up to the implementation of a specific deal. The client must revisit their internal guidelines to answer these questions. |
Manage resource groups | |
Deploy resources incl. AKS | |
Update applications on AKS (basically delivering and maintaining or upgrading the product) | |
Investigate incidents | |
Provide secure, tamper-safe, legally held audit logs for application audit logs and append only to them | AC: The client R: Unique |
A: Accountable, R: Responsible, C: Consulted (billed by effort), I: Informed
Compliance
Certain compliance and regulatory topics must also be clarified up front as they again have impact on pricing and timeline and must be noted in the contract:
In which Azure region should the deployment reside
Which Azure regions could be used for any OpenAI or LLM interactions
more regions = more flexibility and potentially better quality
Where can the Unique employees maintaining the solution be from?
Author | See Parent |
---|
© 2024 Unique AG. All rights reserved. Privacy Policy – Terms of Service