Consumers are to fill out the onboarding form and submit their architectures to be vetted by the Architecture Review Board (eau.mita@gov.mt). Once approved and/or modified, they are then handed over to the Onboarding team where firstly a final approval will be requested from the consumer, upon which, a two dedicated Resource Groups will be created with the required credentials and officially handed over.

Once complete, consumers are provided with the following resources:

• 1 Resource Group which is a container for other resources:
  • 1 Key Vault used to store backup usernames and passwords automatically
  • 2 Network Security Groups (NSG) for each subnet (Frontend & Backend) which contain security rules that allow or deny inbound or outbound network traffic from several types of Azure resources.
• 1 Resource Group which will contain the Azure Monitor & Automation resources for the main Resource Group mentioned above. This will include:
  • 1 Monitoring Dashboard for all of your resources
  • 1 Log Analytics Workspace
  • 1 API connection for your monitoring metrics
  • 1 Application Insights resource
  • 1 Azure Automation account
• 2 Subnets
  • 1 FRONTEND Subnet (/28 = 11 Usable IPs – 5 Reserved by Azure) – All traffic is routed directly to the internet
  • 1 BACKEND Subnet (/28 = 11 Usable IPs – 5 Reserved by Azure) – All traffic is routed to MITA’s firewall
• 1 Backup Tenant
  

The consumer must create resources within these confinements only – they cannot create resources outside of their own resource group.

Due to the limitations of the on-premises Microsoft Azure Stack, a separate Azure Monitor & Automation Resource Group is created for you on the off-premises Microsoft Azure Cloud’s West Europe datacentre and all logs are automatically shipped from Azure Stack to this extra Resource Group. You must access the public azure via https://portal.azure.com in order to view the Monitoring Dashboard and consume the necessary features.

However, if you have only requested to have a Resource Group on the off-premises Azure Cloud, then all Azure Monitor features can be consumed within the same Resource Group.