University of Bern
Dokumentationen
  1. Dokumentationen
  2. Cloud
  3. Azure
  4. First Steps
  5. Order

Dokumentationen

Order

In order to build a technical solution in the Azure Cloud, an Azure Subscription, also called Management Group, is required. This acts as a closed container in which work is performed; comparable to an account.

Azure Subscriptions are managed and issued by the IT services. One can be requested using the order form for subscriptions.

Info

It is possible to order multiple subscriptions. It makes sense to have project-based or team-based Subscriptions, to allow resources to be managed by a team in a bundled manner.

Ordering an Azure Subscription

The following information is required for an Azure Subscription:

  • Name: A short, concise designation for the Subscription. This designation will be incorporated into the name of the Subscription according to the following schema: UniBE - [Organizational Unit] - [Name] - [Cost Center].
  • Organizational Unit: The official abbreviation of the organizational unit that will operate the Subscription, e.g., ID for IT services
  • Cost Center: The cost center (REF-xyz-ab) to be used for billing the incurred costs is to be specified here
  • Type of Subscription: According to the defined types of subscription.
  • Description: Brief description of what is to be implemented in the Subscription
  • Owners: Each Subscription requires at least one, preferably two owners who have full permissions on the Subscription. The email addresses of the campus accounts to be authorized are to be entered here.

The order process includes a manual review by the Cloud Team. If no queries are necessary, the registered owners will be automatically notified once the Subscription has been created.

Type of Subscription

There are three different types of Subscriptions:

  • Sandbox: A Sandbox Subscription serves as a place for experiments. Here, services should be tried out, solutions created, evaluated and tested, and finally dismantled. Production services, however, do not belong in this type.
  • Online: An Online Subscription has a connection to the Internet. Here, productive services should be built that do not require direct connections to resources in the University of Bern's network. Solutions here can, for example, include publicly provided websites and applications.
  • Corp: A Corp Subscription, on the other hand, can contain solutions that can be used directly from the University of Bern's network without passing through the Internet, essentially an internal university outpost. This type is also mandatory if the solution requires direct access to local resources in the university's network. This is achieved with a VPN tunnel between the university's firewall and the corresponding firewall in the university's network hub in the cloud. Thus, secure communication is established. Access to the solution from the Internet is then not readily possible.

The following decision tree should help when choosing the type of Subscription:

flowchart TB
    id1{Exploration/Tests?} -- Yes --> sandbox[Sandbox]
    id1 -- No --> id2{Access to university-internal resources}
    id2 -- No --> online[Online]
    id2 -- Yes --> corp[Corp]

The choice of the type of Subscription affects which Policies are active on the Subscription. A Policy is a rule that can prevent actions, enforce settings, or restrict the selection of services, data centers, etc.

Example

A Policy can, for example, prevent an Azure service from being deployed outside of Switzerland. This is active in the UniBE Tenant across all types of Subscriptions. Another Policy enforces that only secure connections with TLS version 1.2 or better can be established.

The IT services use Policies specifically to prevent potentially harmful settings. Therefore, the Policies of a Corp-Subscription are more restrictive than those of the other types.

Note

There are situations and use cases where it may make sense to set an exception for an applicable policy. Such exceptions can be ordered from the IT services with a justification: Order form for exceptions.

Next Steps

Once the subscription is available, resources can be created via the Azure Self-Service Portal and solutions can be built: Guide: Login to the Portal

After the first login, it is advisable to configure the new Subscription. The overview article briefly explains the structure of the portal and helps to get an initial overview of the new Subscription.

Further Information