Installation

Install Unity Virtual Private Cloud in Microsoft Azure for the first time

Read time 2 minutes

Last updated 11 days ago

Overview

Resources

The deployment process creates resources across these resource groups:

The resource group that contains a managed application synthetic resource. The synthetic resource doesn't require administration or maintenance.
The managed resource group of the application. This group contains all Azure resources that the solution utilizes. This group includes a VNet, a key vault, an Azure Kubernetes Service (AKS) cluster, and an Azure Log Analytics workspace.
Warning
Don't delete the resources in the managed resource group of the application.
These resources may require very limited administration. Administration tasks include adjusting AKS node pools to the workload and scaling up PostgreSQL servers.
The infrastructure resource group of the AKS cluster. This group contains AKS-specific resources, such as virtual machine (VM) scale sets or load balancers. Azure fully manages this resource group.
Warning
Don't directly modify the infrastructure resource group of the AKS cluster.

Endpoints

After you have deployed the solution, it exposes these endpoints for user access:

The frontend of the internal load balancer of the AKS cluster. The frontend is used for access to the solution, that is, the dashboard and the API. A Private Link service is tied to the frontend. This way, the customer can create a private endpoint that enables access to Virtual Private Cloud from the corporate network.
The workspace storage account. This account is used to store asset files. To access this storage account, the customer has these possibilities:
- If public access is enabled, the customer can access the account through the account's public IP.
- The customer can create a private endpoint for the account, for example, in the same VNet or subnet as the other private endpoint. The customer is responsible for these tasks:
  - Configuring the internal DNS name resolution
  - Ensuring that internal clients can resolve the name of the storage account to the IP address of its private endpoint

Deployment modes

To deploy the solution from the Marketplace offer, choose one of these modes:

Full deployment The process deploys all solution resources as a part of the offer.
Bring your own VNet (BYO VNet) Before deployment, uou prepare a VNet according to the solution requirements. You can assign network security groups (NSGs) and route tables to the subnets of this VNet. The process deploys the offer in this VNet.
Bring your own AKS cluster (BYO AKS) This option is a bespoke one and isn't available through Azure Marketplace.

Whichever mode you choose, you can connect the solution VNet to the rest of the corporate network. For example, you can peer the VNet peer with a network hub. However, until the solution is fully deployed, you must not route outbound internet traffic through a network virtual appliance. Otherwise, deployment fails. Once the solution is up and running, you can reconfigure the VNet and AKS cluster to lock or control outbound access. Read more about network integration.

Phases

The first installation consists of these phases:

1. PrerequisitesCollect and prepare the required data, from Unity and from the customer

2. DeploymentInitiate and monitor deployment for the Azure Marketplace offer

3. PostdeploymentConfigure network integration with the customer environment, and perform the initial configuration of the identity subsystem, based on Keycloak

Firewall rules for the outbound internet access

Documentation

Engine

Services

Grow

Industry

Support

Unity Cloud

Get Started

Creator SDKs and Services