Overview
Riscosity's Azure deployment involves 2 mandatory steps and 1 optional step:
The initial setup and verification process is coordinated over live screen sharing and requires a technical resource familiar with Azure and customer infrastructure setup.
The validation process involves configuring the installed software with info specific to the customer such as adding relevant users, product code repositories, configuring proxy for managing traffic to specific domains etc. This step can be done separately from initial setup and does not require Azure access or expertise.
Prerequisites for Deploying the Riscosity Certificate Manager
Summary
The Riscosity Certificate Manager is an Azure access policies key vault that will manage an uploaded PFX certificate which will be used to provide HTTPS access to the Riscosity web application.
Prerequisites
A PFX certificate file is required and will be uploaded to the Riscosity Certificate Manager.
If you decide to use your own preexisting key vault, you will be manually responsible for:
- Uploading your PFX certificate to your key vault.
- Creating an Azure managed identity that has secret get permissions on your key vault.
- Obtaining the resource ID of your key vault, the name of your key vault’s uploaded certificate, and the resource ID of your managed identity.
Prerequisites for Deploying the Riscosity Stack
Summary
The Riscosity Stack is the collection of cloud resources that comprises your Riscosity web application.
Prerequisites
A kickoff meeting with Riscosity is required. During this meeting, a subscription in your tenant will need to manage a new RBAC Azure compute gallery which Riscosity will need limited access to via a multi-tenant app registration that resides in the Riscosity tenant. This gallery (in your tenant) will store copies of the Riscosity VM image definition versions. Riscosity will provide you with new VM image definition versions on an as-needed basis by uploading them to your Azure compute gallery.
You will also need details about the PFX certificate you intend to use to provide HTTPS access to your Riscosity web application. These details include: the resource ID of the key vault storing your imported PFX certificate, the name of the imported PFX certificate in the key vault, and the resource ID of the managed identity that has secret get permissions on the key vault.
Lastly, you will also need the latest ARM template for the Riscosity Stack. This will be provided by Riscosity.
Prerequisites for Deploying the Riscosity Proxy
Summary
At a high level, the Riscosity Proxy is a control valve that is capable of blocking and redacting network traffic.
Prerequisites
The Riscosity Stack must be already deployed.
At least one single-tenant app registration is also required, along with metadata associated with the app registration. The app registration will need the privileged administrator role: contributor on the subscription that manages the Riscosity Stack. You can either use an existing app registration or create a new one from scratch. Additionally, we currently require that the app registration reside in the same tenant as the subscription.
If you decide to use your own pre-existing app registration, you will be manually responsible for:
- Obtaining the app registration client ID, the app registration tenant ID, and exactly one client secret value belonging to the app registration.
- Obtaining the subscription ID of the subscription that manages the Riscosity stack.