Reputation: 1
Azure Devops Servers/Policy Design
We are facing a challenge with our security department to implement Azure DevOps for continuous deployment on our production servers, which are under PCI policy. The challenge is that our Azure DevOps is administered by our development team. We are responsible for pipelines, so security concerns arise even if there is an approval level for deploying on production. They do not want the server used by our team to access any production server to ensure that our test and development VLAN cannot deploy anything in production. I do not have any idea about what the possible design to solve our issue might be.
We have installed two nodes of Azure DevOps application tier with one database server. I have blocked outbound and inbound connections between one of them (which we use for testing and development) to ensure that we cannot deploy to production. However, because the second server has a connection to production, we encounter the same problem of having access to production due to the second server so what is the best practice to keep using continous deployment and in the other hand prevent our team to access production server.
Upvotes: 0
Views: 20
Answers (0)
Related Questions
- Delete files from app service as part of Azure DevOps release pipeline
- DevOps: Azure Enterprise Application - login via Secret vs. interactive -> Security Issue?
- Product release approval assigned to one team for different Azure DevOps project
- Azure DevOps nuget artifact delay
- Azure DevOps Permissions Hierarchy for SOX Compliance
- Azure DevOps API gives anonymous access error when creating a work item
- Release Management in Azure Devops with Git
- Can't update policy settings in the Azsk task in Azure devops