New Reply

We are engaged in a proof of concept using Azure DevOps. We have ProGet on-prim and would like to consider what it would take to replicate a server that is outside of our express-route in Azure. Does inedo have a SaaS offering that we can use? If not is their a recommended pattern to secure the outside instance that will not have AD available to manage access. Is this possible or recommended.

I understand that Azure DevOps will run on express-route with Microsoft peering, but we are only configured with private peering and this will be too much of a lift for a POC.

We have ProGet as the enterprise solution, part of this POC is involves the Marketing team that has chosen Artifactory and Azure DevOps has an artifacts offering.

Product: ProGet
Version: 5.2.3

We have a lot of customers who host an instance of ProGet in the cloud, but we do not offer hosting at this time for a number of reasons:

  • better control of infrastructure; you can design your instance to fit for you, instead of in the limited buckets that would be provided
  • choose your own provider; instead of being forced into using whatever cloud provider (or random datacenter) we choose, you can pick the one that you use
  • full control over disaster recovery; no company will care about your data as much as you will, and getting a month free of hosting after losing all of your data probably isn't going to make any of your stakeholders happy

As far as how to host a ProGet instance in the cloud, you would be safe simply using built-in authentication and installing it on a public-facing server with only the HTTPS port open. "Anyone" could access the log-in page, and any feeds that you give "Anonymous" access to, but on it's own, ProGet has been pen-tested and will be secure.

You could also do any of the following:

  • IP Restrict at the network level
  • use ExpressRoute (a kind of VPN)
  • integrate LDAP (Azure version) instead of built-in authentication
  • sync Azure AD with your AD

Those are progressively more difficult to configure, so it just depends on how much effort you want in a POC.

Note: we don't recommend regular HTTP, because then a "man-in-the-middle" attack could capture authentication information. But if it's only a POC, maybe it's ok.

Finally, some articles for your consideration;

Answer Details

Preview:

Post Reply