/
Essential Prerequisites for Customer Managed Tenant

Essential Prerequisites for Customer Managed Tenant

 

This how-to article serves as a comprehensive guide for clients preparing to deploy the Unique application in Azure environments. It outlines a sequential set of prerequisites and configurations to ensure that the infrastructure, security measures, and operational tools are correctly established before and after the initial deployment. The article is tailored for IT administrators and cloud architects, detailing necessary steps from basic Azure service understanding to advanced application-specific customizations to achieve a smooth and secure implementation of Unique.



 Introduction

Purpose: This guide is designed to assist clients in efficiently preparing their Azure environments for the deployment of the Unique application. It serves to ensure that all necessary preconditions and setups are comprehensively addressed to facilitate a smooth and secure implementation process.

Scope: The checklist detailed herein focuses on both initial setups and subsequent advanced configurations, primarily within Azure environments. It guides through the preparatory steps required to deploy Unique, emphasizing security and functional integrity in various deployment stages.

Audience: This document is intended for IT administrators and cloud architects tasked with setting up and securing Azure environments in anticipation of deploying Unique. It provides them with a structured framework to follow, ensuring that every aspect of the environment and security setup aligns with best practices tailored to support the Unique application effectively.

General Understanding and Preparation

This section is designed to ensure that all teams involved in the deployment of Unique have a foundational understanding of the necessary preparations and are equipped to handle the complexities associated with setting up Unique in an Azure environment. Proper preparation will minimize potential issues and expedite the deployment process.

Disclaimer: Support Limitations for ClickOps Configurations

Please note that if ClickOps is utilized instead of Infrastructure as Code (IaC) or automation for setting up Unique environments, support from Unique may be limited. Unique's support is tailored for environments managed through codified and automated configurations, ensuring predictable and reproducible setups. Using ClickOps can lead to configurations that deviate from these standards, thereby restricting our ability to provide effective support or troubleshoot issues. Clients using ClickOps should be aware of these limitations and are encouraged to adopt IaC or automated processes to fully leverage Unique's support capabilities.

Below you can see a summary of required knowledge prerequisites:

  1. Comprehensive Understanding of Azure Resources

    • Role-Based Access Control (RBAC): Ensure that all team members understand the importance of RBAC in managing access to Azure resources. Familiarity with Azure's RBAC permissions system is crucial for securing the deployment environment. Azure RBAC Documentation, Terraform Azure RM Provider - RBAC

    • Azure Resource Management: Proficiency in managing Azure resources through automation is critical. Teams should move away from ClickOps to ensure configurations are reproducible and manageable at scale. Azure Automation, Terraform Azure RM Provider

  2. Networking Proficiency

    • Azure Networking Components: Teams must have a strong grasp of Azure networking components such as public IPs, Application Gateways, Virtual Networks, and Network Security Groups. Understanding how these components interact is key to securing and optimizing the environment. Azure Networking Documentation, Terraform Azure RM Provider - Networking

    • Custom Network Configurations: For clients using custom networking solutions, it is important to have detailed documentation and a deep understanding of how these custom setups integrate with the standard deployment architecture. Custom Azure Networking Solutions

  3. Security and Compliance

    • Data Security: Understand the implications of using custom certificates and how to integrate them within Azure. This includes managing custom Certificate Authorities and ensuring that all security measures align with organizational policies. Manage Certificates in Azure

    • Compliance Requirements: Be aware of the compliance requirements that affect the deployment, including those related to data handling, privacy, and interactions with external networks. Azure Compliance Documentation

  4. Kubernetes and Container Management

    • Azure Kubernetes Service (AKS): Gain in-depth knowledge of AKS and its dependencies, such as Managed Prometheus and Grafana, Virtual Machine Scale Sets, and storage options. AKS Documentation, Terraform Azure RM Provider - AKS

    • Container Orchestration: Ensure familiarity with container orchestration tools including Helm, Helmfile, and kubectl. Understand how to use these tools to manage Kubernetes resources effectively. Kubernetes Tools

  5. Pre-Deployment Checks

    • Infrastructure Audit: Conduct a thorough audit of the existing infrastructure to ensure compatibility with the deployment requirements. This includes checking the configurations of VMs, storage, and networking components. Azure Audit Documentation

    • Preparation for Unique Mobile App Deployment: If the Unique mobile recording app is part of the deployment, prepare for any specific requirements such as custom certificate installation on client devices. Mobile Apps in Azure

  6. Training and Documentation

    • Internal Training: Conduct internal training sessions to ensure all team members are up to date with the latest Azure features and deployment processes. Azure Training Resources

    • Documentation: Maintain comprehensive documentation of all processes, custom configurations, and operational procedures. This documentation should be readily accessible to all team members and updated regularly. Technical Documentation Best Practices

Identity and Access Management

This section is designed to guide IT administrators and cloud architects through the necessary preparations for implementing Identity and Access Management within Azure environments. A sound understanding of these principles will equip all teams involved in deploying applications to effectively manage access controls and security configurations. Proper setup of IAM is crucial to minimize potential security issues and streamline the deployment process within the Azure Landing Zone.

 

The entity-relationship diagram illustrating the relationships within Identity and Access Management for Azure environments, focusing on components like RBAC, Certificate Management, and Managed Identities:

1. Role-Based Access Control (RBAC) Adoption:

  • It is recommended to consistently use RBAC for Azure Kubernetes Service (AKS), KeyVault, and all other Azure resources to ensure a secure and scalable access control environment. The use of outdated access control methods is discouraged as they may pose security risks and impact functionality. Learn more about RBAC in Azure.

2. Certificate Management:

  • Clients utilizing custom certificates or custom Certificate Authorities (CAs) must have a deep understanding of their configurations.

  • The Unique mobile recording application currently does not support custom certificates. Exploration of this capability is possible through a dedicated integration project, estimated to take approximately 8 weeks.

3. Microsoft Intune and Azure Entra Integration:

  • Clients using the Unique mobile recording app alongside Microsoft Intune must be knowledgeable about Intune’s integration with Azure Entra ID, as well as the related Conditional Access Policies, Enterprise Applications, and App Registrations. Explore Intune and Azure Entra Integration.

4. Managed and Workload Identities:

  • Managed and Workload Identities must be properly configured to access necessary services w