Unit4 Identity Services as a cloud service
Unit4 Identity Services (U4IDS) is only delivered as a service managed by Unit4. Local installations of U4IDS are not supported by Unit4. Customers with on-premise applications can use U4IDS as a service for authentication.
U4IDS is hosted on Azure Platform Services. Unit4 R&D deploys to secure environments managed by Unit4 Cloud Operations. Cloud Operations operates U4IDS instances in most geopolitical regions using high availability configurations, including geo-replication of data and automatic failover of operational sites. New U4IDS Instances are set up by configuring new VSTS deployment definitions. These are configured by Unit4 R&D and Unit4 Cloud Operations in collaboration. Role-based security ensures that only Cloud Engineers have access to IDS environments, and only Software Engineers have access to product source code.
Application configuration in production
Unit4 Cloud Operations will set up IDS instances in a highly secure and available fashion. The application configuration of a production instance will have certain common traits vs an IDS development environment.
- Secure transport is enabled and enforced
- Signing certificates are deployed securely from Azure Key Vault
- Logging is configured with Application Insights for logging troubleshooting and monitoring purposes
- All storage is configured to be encrypted and threat detection is enabled
- Web Application Firewall is configured so that no direct access to the Azure App Services is allowed
- Geo-replication is set up across regions to make data highly available
- Azure Traffic Manager is set up for automatic failover between primary and secondary sites across regions to make services highly available
- Administration interfaces are secured with bearer token authentication and external or internal role based authorization
- Development features like OpenAPI /Swagger UI for administrative interfaces and development log traces are turned off