Skip to content

Azure Trial And Enterprise Deployment

Huzefaaa2 edited this page Jun 28, 2026 · 1 revision

Azure Trial And Enterprise Deployment

This page describes the Azure deployment model for CAVRA Trial and Enterprise Edition at a public-safe level. The executable workflows live in the private Huzefaaa2/cavra-enterprise repository because they deploy licensed artifacts, private control-plane code, tenant stores, connector configuration, report delivery settings, and AISPM production-readiness validators.

Trial Deployment

Trial deployment includes:

  • Trial portal and license request workflow.
  • Authenticated evaluator/operator access.
  • Time-limited trial licenses.
  • Private package/container delivery.
  • Trial sandbox and AISPM guided labs.
  • Expiry, revocation, audit evidence, and closeout.

The Azure shape is Static Web Apps or App Service, Container Apps, Container Registry, Key Vault, Azure SQL or PostgreSQL, Application Insights, and Monitor.

Enterprise Deployment

Enterprise deployment includes:

  • Private Enterprise API/control plane.
  • Microsoft Entra ID OIDC/SSO and RBAC.
  • Tenant isolation.
  • Private policy packs.
  • Persistent audit and evidence stores.
  • SMTP or report-provider integration.
  • Live connectors and runtime workflow validation.
  • Final AISPM production readiness gate.

The Azure shape is Container Apps or AKS, Key Vault, Azure SQL or PostgreSQL, immutable Blob Storage, Service Bus or Event Grid, Front Door/WAF, Private Endpoints, Monitor, and Application Insights.

Private Workflow Set

The private Enterprise repository contains:

Workflow Purpose
deploy-azure-trial-api.yml Deploys the Trial Access Portal API.
deploy-azure-trial-ui.yml Deploys the Trial front door.
deploy-azure-enterprise-api.yml Deploys the Enterprise control plane.
deploy-azure-enterprise-ui.yml Deploys the authenticated operator UI shell.
deploy-azure-enterprise-connectors.yml Deploys connector worker jobs.
validate-azure-aispm-production.yml Runs the final AISPM production readiness gate.

AISPM Production Gate

Enterprise AISPM is not production-ready until live validators run with real production inputs:

  • real tenant configuration;
  • real connector/provider settings;
  • real SMTP or report-provider settings;
  • real runtime agent/tool workflows;
  • real tenant isolation checks;
  • real operating archive/public-sync evidence.

The final packet must return:

{
  "ready_for_aispm_production": true,
  "blockers": []
}

If any blocker remains, production launch is stopped until the referenced source validator is corrected and the final gate is rerun.

Security Boundary

Do not copy private Enterprise workflow secrets, connector payloads, license keys, tenant data, SMTP credentials, private policy packs, or production evidence into the public repository or public wiki.

Clone this wiki locally