Contents
- 1. Executive Summary
- 2. Introduction
- 3. Benefits of Transition
- 4. Overview of Report Generator
- 5. Migration Strategy
- 6. Security and Compliance
- 7. Training and Support
- 8. Contact Information
1. Executive Summary
This white paper outlines a transformative journey that involves migrating from an existing on-prem/Streets Heaver hosted Report Generator implementation to Streets Heaver's new Report Generator SaaS utilising Azure resources while implementing Microsoft Entra ID (former - Azure Active Directory (AAD)) authentication. This transition not only addresses the challenges of the current environment but also unlocks opportunities for resilience & disaster recovery, efficiency, security, and scalability.
Key Benefits
The implementation of Azure SQL databases and Microsoft Entra ID (AAD):
- Enhanced Security: implementation of MS Entra ID's authentication protocols.
- Streamlined User Access: Simplify user management with single sign-on and multi-factor authentication through MS Entra ID.
- Reduced Maintenance: Automated backups, updates, and optimisations, reducing the burden on IT resources.
- Improved Performance: Leverage Azure's scalable infrastructure for application performance.
- Resilience: Geo Failover for the Report Generator database and web app, globally distributed static web apps.
- Disaster Recovery: Azure Active Geo-Replication, 1-month retention with point-in-time restore capability.
- Continuous Deployments: Latest features are deployed as they are made available, unavailable to the original Report Generator on-prem installation
2. Introduction
Current Scenario
Report Generator is currently implemented either within a client's infrastructure or in Streets Heaver's datacentre and deployed as a desktop application over RDP+Citrix. When deployed on-prem, this incurs local resources to provision the infrastructure and allows generates an overhead for updates. When deployed in SH DC, whilst updates are automated, it incurs an overhead and bottleneck of named user registration.
Challenges Faced
The main challenges are around keeping up to date with updates, due to local resource capabilities or processes. Another challenge relates to DR, either on-prem or SH DC. Clients aim to improve their DR capabilities and strategy - the SH Datacentre is unable to provide geo-redundancy.
Need for Transition
Moving to a public, MS Azure, hosted and Streets Heaver centrally managed solution gives an up to date solution. Leveraging Azure services and MS Entra ID authentication, this transition aims to provide the future of Streets Heavers solutions.
3. Benefits of Transition
- Ownership
- Streets Heaver has complete ownership of all hosted services.
- The client is responsible for adequate internet access.
- Deployment
- Report Generator is a full web application and only requires a modern browser.
- Security
- Report Generator is secured with MS Entra ID authentication.
- Connections to the Compucare database are set up with a read-only SQL login/user, which is set up by local IT or SH Platforming team.
- Azure ComosDB with encryption at rest.
- User Changes
- The client is able to manage the users within the limits of their licence (max named users) - providing the users are created within the client's MS Entra ID tenant, and guest users are invited into the MS Entra ID.
- Updates
- All updates, maintenance and features, are centrally managed and rolled out continually. Report Generator supports a client's Compucare application version.
- Data and Storage
- ComosDB for core Report Generator data.
- Connectivity
- Access to compucare.streets-heaver.com, reports.streets-heaver.com and other Streets Heaver hosted domains.
- Resilience
- CosmosDB
- Geo Failover
- Static Web apps
- Globally distributed
- App Service
- Geo replicated (UK South > UK West)
- CosmosDB
- Disaster Recovery
- CosmosDB Active Geo-Replication (UK South > UK West)
- Backups 1 month retention, with point in time restore capability
4. Overview of Report Generator
Typical Topology
Tenant Permission/Claims
MS Graph Permissions
- Delegated (i.e. logged in user)
- People.Read
- Presence.ReadWrite - used for presence indicator
- User.Read
- User.ReadBasic.All
- Application (i.e. non-interactive application)
- User.Read.All - used to get user's name from the token
- Internal Scope for Report Generator itself
RepGen.User
5. Migration Strategy
Assessing Your Current Implementation
We would do a full survey of your existing setup, along with any connected services and build an implementation plan. If you are already a Streets Heaver Datacentre client, the transition is much simpler.
Simplified Migration Example
- Pre-requisites
- Compucare 7 clients will need to be migrated to Compucare 8 and the legacy Report Generator
- Register Tenant ID with Streets Heaver for Report Generator
- Where on-premise installation of Report Generator; Setup Hybrid Connection.
- Set up data sources for each Compucare db.
- Convert existing Report Generator reports
- Sign off
Testing and Validation
There will be a degree of professional services expected to align expectations and timescales in collaboration between Streets Heaver implementation teams.
Once signed off the legacy Report Generator will be uninstalled along with the client and database removed.
6. Security and Compliance
Data Protection and Encryption
- Encryption at Rest: The application's data stored in Azure CosmosDB is encrypted at rest.
- MS Entra ID (former Azure AD) Authentication: Access to the application is restricted to authenticated users via Azure Active Directory.
- MFA is enforced via the client's tenant configuration within MS Entra ID (former Azure AD)
- The enterprise application will need to be approved, Assigned Access can be enabled, and then the users and groups are restricted to the application.
- Azure Front Door: All web applications are fronted by Azure Front Door which serves as a secure entry point for web traffic, offering several security benefits.
Secure and Resilient Hosting Environment
- Static Web Apps: Globally distributed Azure Static Web Apps for our applications front end.
- Geo-Replicated App Service Plans: Report Generator benefits from redundancy and failover capabilities. Utilising UK South and UK West regions with replicated architecture gives load balancing and resilience.
Data Access and Querying
The application queries Compucare databases, either Azure SQL Databases or on-premises SQL databases via Azure Hybrid Connections.
- Azure SQL Databases: Queries to Azure SQL Compucare databases secure connection protocols TLS 1.2 to ensure that data in transit is encrypted.
- On-Premises SQL Databases via Azure Hybrid Connections: The application's interaction with on-premises SQL databases is facilitated through Azure Hybrid Connections. These allow the application to access on-premises resources without exposing the internal network to the public internet.
Compliance and Auditing
- Data Storage and Handling: All data including, but not limited to report configuration and stored reports, is stored within UK-only regions in Azure, and has built-in 90-day retention policies for clearing up stored reports.
- Logging and Monitoring: The application's activities are logged and monitored to identify and respond to potential security incidents. This allows audit capabilities for all report executions and queries run.
- Regular Security Audits: The application undergoes annual external CREST-approved PEN testing, as well as regular vulnerability audits to assess its security posture and identify vulnerabilities. Any findings are promptly addressed to maintain a robust security posture. Internal and external reports are available upon request.
Conclusion
The security and compliance measures implemented in the application demonstrate a commitment to safeguarding data, ensuring authorised access, and meeting regulatory requirements. By utilising industry-standard Azure services such as Static Web Apps, Geo-Replicated App Service Plans, and CosmosDB with encryption at rest, the application establishes a strong foundation for a secure environment.
7. Training and Support
Transition Training
Streets Heaver have provided a number of quick training videos to allow self-paced training. The application is designed with ease of use as the primary focus.
Ongoing Support Resources
Streets Heaver Knowledge Base is constantly updated with all features and how-to guides.
8. Contact Information
Please contact the Streets Heaver Commercials team at marketing@streets-heaver.com.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article