Documentation

Support

Unity Cloud

Get Started

Creator SDKs and Services

Open Unity Dashboard

Unity Cloud

Prerequisites

Before you deploy Unity Virtual Private Cloud to Microsoft Azure
Read time 3 minutesLast updated 6 days ago
To deploy Unity Cloud Services to Microsoft Azure, you must have an Azure account and a role with sufficient permissions to create and manage resources. Before you start deploying Virtual Private Cloud, complete the following steps.

1. Prepare deployment on Unity's side

Perform these steps on Unity's side:
  1. Collect the username and the password for the central Azure Container Registry (ACR) that is managed by Unity.
  2. Collect the .xml files that contain the Pixyz SDK licenses.
  3. Request the Unity team to add the target customer subscription to the relevant private plan. The reason is that the solution is available only through a private plan in Azure Marketplace.

2. Prepare deployment on the client's side

Perform these steps on the client's side:

2.1 Prepare the project name prefix

Prepare the project name prefix with these characteristics:
  • The prefix is a string.
  • The prefix contains at most six characters.
  • The prefix contains only lowercase alphanumeric characters, but no underscores or dashes.

2.2 Collect an IP range for the virtual network

Collect an IP range for the virtual network (VNet) that hosts the solution. The recommended size of the VNet is /21. From that range, a subnet of /22 in size is dedicated to the Azure Kubernetes Service (AKS) cluster, to provide enough address space for the pods. The Virtual Private Cloud solution is deployed in an isolated VNet that is created during deployment, so this IP range can overlap with other ranges in the corporate network. Subsequently, you can peer this VNet with the hub and route it to or from the corporate network. In this light, the recommended practice is to select a valid unique IP range from the IP address space that is allocated to Azure networks and to reserve it in the IP address management system.

2.3 Collect the fully qualified domain name

Collect the fully qualified domain name (FQDN) of the domain to be used to access Virtual Private Cloud. After deployment, the relevant DNS record is created in the internal DNS. Read more about postdeployment.

2.4 Prepare the TLS certificate and the private key

Collect the following information in .pem format:
  • A TLS certificate for the selected domain name, and issued by a certification authority (CA) that is trusted by the clients who access Virtual Private Cloud
  • The corresponding private key

2.5 Prepare the MongoDB instance

Prepare a MongoDB instance that can host Virtual Private Cloud databases and that is managed by one of these entities:
  • A cloud provider that is, for example, hosted in MongoDB Atlas
  • The customer, in which case the instance can run in their Azure environment
You can deploy Virtual Private Cloud even if this MongoDB instance isn't accessible at the time of deployment. For example, the instance might be running in another Azure VNet that can't be peered with the solution VNet until the latter is created. However, Virtual Private Cloud doesn't fully initialize until the MongoDB instance is made accessible from the solution VNet. In this case, consider these options:
  • Use a MongoDB Atlas cluster, or a publicly available cluster, that meets one of these requirements:
    • The cluster is initially accessible from any IP. The reason is that the outbound IPs of the Virtual Private Cloud solution are unknown until deployment. After you have deployed the solution, configure more specific access to the network.
    • The cluster is initially restricted to the administrators' IPs. In this case, you can deploy the solution, but it won't be operational until it can access the MongoDB cluster. Configure the MongoDB cluster so that the solution AKS cluster can access it after deployment.
  • Use an internally deployed MongoDB cluster, for example, one that is deployed in another Azure VNet, and connect it to the solution VNet after deployment, for example, by directly peering VNets. This option is similar to the previous option in terms of enabling access to MongoDB after deployment. This approach also applies when utilizing MongoDB Atlas with network peering. Read more about network peering in the Mongo DB documentation.
  • If you use an internally deployed MongoDB, it is accessible through its internal DNS name rather than by its private IP address. This name must be resolvable from the solution VNet. This requirement might require additional configuration.
Performance characteristics of the MongoDB cluster must match the M30 tier in MongoDB Atlas with 128 GB of storage. Its region must match, or be as close as possible to, the region where Virtual Private Cloud solution is deployed. This requirement is to avoid database latency issues. To run deployment, you need the connection string of the MongoDB instance, even if the instance isn't accessible at the time of deployment.

2.6 Prepare the Azure subscription

Prepare your Azure subscription for deployment:
  1. Adjust the resource quotas. Read more about deployment size in the deployment procedure.
  2. Register the following resource providers for the subscription:
    • Microsoft.Cache
    • Microsoft.CognitiveServices
    • Microsoft.ContainerService
    • Microsoft.DBforPostgreSQL
    • Microsoft.EventGrid
    • Microsoft.EventHub
    • Microsoft.Insights
    • Microsoft.OperationalInsights
    • Microsoft.ServiceBus
The recommended practice is to assign the following roles to Virtual Private Cloud administrators for the subscription for which the solution is to be deployed:
  • The Azure Kubernetes Service RBAC Cluster Admin role, which is required to manage the AKS cluster
  • The Key Vault Administrator role, which is required to manage the secrets in the key vault
Alternatively, you can assign these roles to the solution resource group after deployment.

2.7 Prepare the VNet and the subnet

Prepare the VNet and the subnet to which you will connect the private endpoint to the Azure Private Link services of the solution. The VNet must already exist in the customer environment that is routed to and from the corporate network. The VNet can reside in any subscription.

Next steps

Deploy Virtual Private Cloud