Legacy IGA solutions, which were designed before the cloud era, are known to fall woefully short in their ability to easily integrate with cloud applications. At the same time, the increasing number of cloud-based identity products fail to address on-premises managed identities and applications. As businesses increasingly adopt a hybrid cloud infrastructure that leverages cloud-based resources alongside on-prem infrastructure, the demand for adaptable and secure deployment solutions that support a multitude of options has risen dramatically. Zilla initially introduced PO Box, which runs on AWS, Azure and other cloud environments, to meet this need and enable easier integration for on-prem systems that house user and application access data.
Recently, Zilla has expanded on the PO Box deployment strategy for Azure environments.This new approach offers greater flexibility, ensures robust security, and gives customers full control over sensitive data by storing credentials within their Azure infrastructure while pulling Docker images from the Zilla-hosted Azure Container Registry (ACR).If your organization is using Azure, read below for more details on the deployment strategy, including the technical architecture, available options, and practical tips for implementation.
Deploying Zilla PO Box in On-Prem Azure Environments
One of the reasons that customers choose Zilla is the extensive integration we offer across all apps and environments, including on-prem environments. This is no different for Azure customers. Here is what they love about using PO Box to deploy their IGA solution:
- Customizable Deployment Options: Tailored deployment methods to suit various organizational needs.
- Secure Container Delivery: Docker images are securely hosted in the Zilla Azure Container Registry (ACR) and can be accessed by authorized customers.
- Local Storage for Credentials: Securely mount Azure storage services, ensuring sensitive credentials remain within the customer’s environment.
How PO Box for Azure Works
1. Docker Image Delivery
The Zilla-hosted Azure Container Registry (ACR) is the foundation for this integrated deployment model. Customers authenticate with the registry to pull Docker images of PO Box. This approach ensures secure delivery and simplifies image management through version-controlled images and access restrictions according to AAD and customer IAM policies.
2. Secure Storage Integration
Security is paramount for access to these types of resources. To protect sensitive data, this strategy supports mounting Azure storage services, such as Azure Files or Blob Storage, directly to the container. This allows credentials, configurations, and other sensitive information to be stored securely within the customer’s Azure environment.
By leveraging Azure Managed Identities, customers can avoid embedding credentials within their application code, reducing security risks while maintaining seamless access.
3. Flexible Deployment Options
We recognize that every organization has unique operational and technical requirements. To accommodate these differences, our playbook outlines various deployment options, including a more guided Azure Portal option, a CLI-based setup and a PowerShell script.
- The Azure Portal is ideal for users who prefer a hands-on, step-by-step process with a visual interface. It’s particularly suited for one-off deployments or for users who are new to Azure or PO Box.
- Azure CLI is for those who want a faster, more streamlined deployment experience. It’s a powerful tool for teams looking to automate processes or integrate deployments into existing workflows. This option is particularly ideal for DevOps teams who are managing multiple deployments and need maximum scalability and automation.
- PowerShell scripts offer deep integration with the Azure ecosystem, making them a natural fit for customers heavily invested in Microsoft tools. They’re also a great option for handling complex workflows. This option is ideal for enterprise IT admins managing larger environments and overseeing multi-step deployments.
Security Considerations
No matter which deployment option is chosen, security is a core aspect of this strategy. Here’s how Zilla ensures data and operational security:
- Private ACR Access: The Zilla-hosted ACR uses private endpoints and authentication mechanisms to ensure only authorized customers can pull Docker images.
- Secure Storage: Credentials and sensitive configurations are stored in Azure storage services with encryption enabled.
- Managed Identities: Azure Managed Identities eliminate the need for hardcoded credentials, providing secure access to storage and other Azure resources.
- Network Security: Deployment environments can be further secured by restricting access to containers or VMs using Azure Network Security Groups (NSGs) or private VNETs.
Monitoring and Maintenance
Once deployed, Zilla enables administrators to easily monitor the health and performance of PO Box to ensure optimal operation. Besides the proactive monitoring Zilla offers to its customers, Azure also provides robust tools for monitoring and troubleshooting, such as connection monitoring via Datadog and dashboards and alerts.
Customers can also integrate Azure-native monitoring tools like Azure Monitor for tracking container performance metrics, Log Analytics to analyze logs and troubleshoot issues, and Alerts and Notifications to proactively respond to critical events.
Conclusion
Zilla customers appreciate the flexibility, security, and integration depth offered to them by PO Box, and this new deployment strategy opens new doors for IT teams to operate securely and efficiently within their own Azure environments. Whether you prefer the visualized user experience to deploy in Azure UI, the simplicity of using Azure CLI, or the robust and scalable approach of using PowerShell Script, Zilla offers a pathway that can work for hybrid and on-prem environments.
We’re excited to see how you use these flexible options to meet your identity governance goals.