Prerequisites
Before you deploy Unity Virtual Private Cloud to Microsoft Azure
Read time 3 minutesLast updated 6 days ago
To deploy Unity Cloud Services to Microsoft Azure, you must have an Azure account and a role with sufficient permissions to create and manage resources. Before you start deploying Virtual Private Cloud, complete the following steps.
1. Prepare deployment on Unity's side
Perform these steps on Unity's side:- Collect the username and the password for the central Azure Container Registry (ACR) that is managed by Unity.
- Collect the .xml files that contain the Pixyz SDK licenses.
- Request the Unity team to add the target customer subscription to the relevant private plan. The reason is that the solution is available only through a private plan in Azure Marketplace.
2. Prepare deployment on the client's side
Perform these steps on the client's side:2.1 Prepare the project name prefix
Prepare the project name prefix with these characteristics:- The prefix is a string.
- The prefix contains at most six characters.
- The prefix contains only lowercase alphanumeric characters, but no underscores or dashes.
2.2 Collect an IP range for the virtual network
Collect an IP range for the virtual network (VNet) that hosts the solution. The recommended size of the VNet is /21. From that range, a subnet of /22 in size is dedicated to the Azure Kubernetes Service (AKS) cluster, to provide enough address space for the pods. The Virtual Private Cloud solution is deployed in an isolated VNet that is created during deployment, so this IP range can overlap with other ranges in the corporate network. Subsequently, you can peer this VNet with the hub and route it to or from the corporate network. In this light, the recommended practice is to select a valid unique IP range from the IP address space that is allocated to Azure networks and to reserve it in the IP address management system.2.3 Collect the fully qualified domain name
Collect the fully qualified domain name (FQDN) of the domain to be used to access Virtual Private Cloud. After deployment, the relevant DNS record is created in the internal DNS. Read more about postdeployment.2.4 Prepare the TLS certificate and the private key
Collect the following information in .pem format:- A TLS certificate for the selected domain name, and issued by a certification authority (CA) that is trusted by the clients who access Virtual Private Cloud
- The corresponding private key
2.5 Prepare the MongoDB instance
Prepare a MongoDB instance that can host Virtual Private Cloud databases and that is managed by one of these entities:- A cloud provider that is, for example, hosted in MongoDB Atlas
- The customer, in which case the instance can run in their Azure environment
-
Use a MongoDB Atlas cluster, or a publicly available cluster, that meets one of these requirements:
- The cluster is initially accessible from any IP. The reason is that the outbound IPs of the Virtual Private Cloud solution are unknown until deployment. After you have deployed the solution, configure more specific access to the network.
- The cluster is initially restricted to the administrators' IPs. In this case, you can deploy the solution, but it won't be operational until it can access the MongoDB cluster. Configure the MongoDB cluster so that the solution AKS cluster can access it after deployment.
- Use an internally deployed MongoDB cluster, for example, one that is deployed in another Azure VNet, and connect it to the solution VNet after deployment, for example, by directly peering VNets. This option is similar to the previous option in terms of enabling access to MongoDB after deployment. This approach also applies when utilizing MongoDB Atlas with network peering. Read more about network peering in the Mongo DB documentation.
- If you use an internally deployed MongoDB, it is accessible through its internal DNS name rather than by its private IP address. This name must be resolvable from the solution VNet. This requirement might require additional configuration.
2.6 Prepare the Azure subscription
Prepare your Azure subscription for deployment:- Adjust the resource quotas. Read more about deployment size in the deployment procedure.
-
Register the following resource providers for the subscription:
- Microsoft.Cache
- Microsoft.CognitiveServices
- Microsoft.ContainerService
- Microsoft.DBforPostgreSQL
- Microsoft.EventGrid
- Microsoft.EventHub
- Microsoft.Insights
- Microsoft.OperationalInsights
- Microsoft.ServiceBus
- The Azure Kubernetes Service RBAC Cluster Admin role, which is required to manage the AKS cluster
- The Key Vault Administrator role, which is required to manage the secrets in the key vault