Deploying Zilla’s Modern IGA On-Prem: A New Approach for Azure Customers

by | Jan 30, 2025

Legacy IGA solutions, which were designed before the cloud era, are known to fall woefully short in their ability to easily integrate with cloud applications. At the same time, the increasing number of cloud-based identity products fail to address on-premises managed identities and applications. As businesses increasingly adopt a hybrid cloud infrastructure that leverages cloud-based resources alongside on-prem infrastructure, the demand for adaptable and secure deployment solutions that support a multitude of options has risen dramatically. Zilla initially introduced PO Box, which runs on AWS, Azure and other cloud environments, to meet this need and enable easier integration for on-prem systems that house user and application access data. 

Recently, Zilla has expanded on the PO Box deployment strategy for Azure environments.This new approach offers greater flexibility, ensures robust security, and gives customers full control over sensitive data by storing credentials within their Azure infrastructure while pulling Docker images from the Zilla-hosted Azure Container Registry (ACR).If your organization is using Azure, read below for more details on the deployment strategy, including the technical architecture, available options, and practical tips for implementation. 

Deploying Zilla PO Box in On-Prem Azure Environments

One of the reasons that customers choose Zilla is the extensive integration we offer across all apps and environments, including on-prem environments. This is no different for Azure customers. Here is what they love about using PO Box to deploy their IGA solution:

  • Customizable Deployment Options: Tailored deployment methods to suit various organizational needs.
  • Secure Container Delivery: Docker images are securely hosted in the Zilla Azure Container Registry (ACR) and can be accessed by authorized customers.
  • Local Storage for Credentials: Securely mount Azure storage services, ensuring sensitive credentials remain within the customer’s environment.

How PO Box for Azure Works

1. Docker Image Delivery

The Zilla-hosted Azure Container Registry (ACR) is the foundation for this integrated deployment model. Customers authenticate with the registry to pull Docker images of PO Box. This approach ensures secure delivery and simplifies image management through version-controlled images and access restrictions according to AAD and customer IAM policies.

2. Secure Storage Integration

Security is paramount for access to these types of resources. To protect sensitive data, this strategy supports mounting Azure storage services, such as Azure Files or Blob Storage, directly to the container. This allows credentials, configurations, and other sensitive information to be stored securely within the customer’s Azure environment.

By leveraging Azure Managed Identities, customers can avoid embedding credentials within their application code, reducing security risks while maintaining seamless access.

3. Flexible Deployment Options

We recognize that every organization has unique operational and technical requirements. To accommodate these differences, our playbook outlines various deployment options, including a more guided Azure Portal option, a CLI-based setup and a PowerShell script. 

  • The Azure Portal is ideal for users who prefer a hands-on, step-by-step process with a visual interface. It’s particularly suited for one-off deployments or for users who are new to Azure or PO Box. 
  • Azure CLI is for those who want a faster, more streamlined deployment experience. It’s a powerful tool for teams looking to automate processes or integrate deployments into existing workflows. This option is particularly ideal for DevOps teams who are managing multiple deployments and need maximum scalability and automation. 
  • PowerShell scripts offer deep integration with the Azure ecosystem, making them a natural fit for customers heavily invested in Microsoft tools. They’re also a great option for handling complex workflows. This option is ideal for enterprise IT admins managing larger environments and overseeing multi-step deployments. 

Security Considerations

No matter which deployment option is chosen, security is a core aspect of this strategy. Here’s how Zilla ensures data and operational security:

  • Private ACR Access: The Zilla-hosted ACR uses private endpoints and authentication mechanisms to ensure only authorized customers can pull Docker images.
  • Secure Storage: Credentials and sensitive configurations are stored in Azure storage services with encryption enabled.
  • Managed Identities: Azure Managed Identities eliminate the need for hardcoded credentials, providing secure access to storage and other Azure resources.
  • Network Security: Deployment environments can be further secured by restricting access to containers or VMs using Azure Network Security Groups (NSGs) or private VNETs.

Monitoring and Maintenance

Once deployed, Zilla enables administrators to easily monitor the health and performance of PO Box to ensure optimal operation. Besides the proactive monitoring Zilla offers to its customers, Azure also provides robust tools for monitoring and troubleshooting, such as connection monitoring via Datadog and dashboards and alerts. 

Customers can also integrate Azure-native monitoring tools like Azure Monitor for tracking container performance metrics, Log Analytics to analyze logs and troubleshoot issues, and Alerts and Notifications to proactively respond to critical events.

Conclusion

Zilla customers appreciate the flexibility, security, and integration depth offered to them by PO Box, and this new deployment strategy opens new doors for IT teams to operate securely and efficiently within their own Azure environments. Whether you prefer the visualized user experience to deploy in Azure UI, the simplicity of using Azure CLI, or the robust and scalable approach of using PowerShell Script, Zilla offers a pathway that can work for hybrid and on-prem environments. 

We’re excited to see how you use these flexible options to meet your identity governance goals.

Author

  • Mike BinLi

    Mike Bin Li, who goes by “Bin”, manages Customer Success and Deployment at Zilla Security. He collaborates with enterprise customers to create frictionless experiences when deploying the Zilla product suite by leveraging their existing infrastructure to architect optimal solutions. He is passionate about helping customers by understanding their unique needs and translating them into tailored product roadmaps that align with their business goals. Prior to Zilla, Bin worked for healthcare IT organizations where he led technical services teams, developing integrations to migrate on-premises solutions to the cloud.

    Connect with Bin via LinkedIn.

    View all posts Customer Success and Deployment

Recent Posts

Identity Governance Agony – A Discussion on the State of IGA Report

Zilla Security recently held a webinar to discuss the recently unveiled 2025 State of IGA Survey results. Zilla’s Chief Strategy Officer, Mark Jaffe, facilitated a discussion with two experts in the world of IGA – Brian Cap, IGA Practice Director at GuidePoint Security, and Zilla’s own Co-Founder and CEO, Deepak Taneja.

The Power of AI-Driven Pre-Approvals

Discover how Zilla’s AI-powered pre-approvals reduce identity governance efforts by streamlining provisioning and eliminating redundancy in user access reviews. Pre-approvals help eliminate role management headaches, reduce access review efforts by 75%, and enhance security.

The 2025 State of IGA Survey is Available Now

Zilla surveyed 300 identity management leaders to understand their identity governance perspectives, challenges, and maturity. The findings, especially those around user access review automation and provisioning speed, were quite surprising.

Strategies for Managing Non-Human Identities

Non-human identities can pose unique security challenges. Learn how to enhance security with accountability, access reviews, AI-powered tools, and the principle of least privilege, as part of a comprehensive identity governance strategy.