1. Recommended Deployment Path
The recommended production deployment path is the Azure Marketplace Kubernetes Application on AKS. Docker Compose may be used for lab, pilot, developer, or lightweight environments where applicable; Kubernetes on AKS is the production, Marketplace, and enterprise deployment path.
2. Prerequisites
- An Azure subscription with rights to acquire Marketplace offers.
- Permission to deploy Marketplace offers into the target subscription.
- An existing AKS cluster, or permission to create or select one.
- DNS and domain planning for the Cassian service hostname.
- A TLS certificate plan (managed certificate, customer-provided, or cert-manager).
- Microsoft Entra ID tenant and admin access for identity configuration.
- Database and storage decisions (managed service, in-cluster, backup target).
- Network connectivity from Cassian to any managed devices or upstream systems, where applicable.
- An identified support contact and escalation path.
3. High-Level Installation Steps
- Acquire Cassian from Azure Marketplace.
- Select the Marketplace plan that matches your intended capabilities and entitlement.
- Select the target Azure subscription and resource group.
- Select or create the target AKS cluster.
- Configure the Cassian namespace (for example,
cassian). - Configure domain, ingress, and TLS termination.
- Configure the identity provider (Microsoft Entra ID) and role mappings.
- Configure database and storage (connection strings, managed identity, persistent volumes).
- Configure telemetry retention, log aggregation, and monitoring integrations.
- Review the configuration and deploy.
- Validate that service health endpoints report healthy.
- Confirm license and entitlement state in the Cassian console.
- Create or confirm initial administrator access.
4. Post-Install Validation
- Cassian UI is reachable at the configured hostname over HTTPS.
- Core services report healthy in cluster.
- License and entitlement state are visible in the console.
- Telemetry ingestion is available.
- Audit logging is active and reaching the configured sink.
- Support bundle generation is available from the console.
5. Upgrades
Upgrades are published through Quantum Iryx Systems release channels. Review the release notes for the target version, back up persistent state, and follow the upgrade path documented for your current version. Customers are responsible for applying updates unless a separate managed-service agreement states otherwise.
6. Backup and Restore
Configure backups for the Cassian database and any persistent volumes according to your organization’s data protection policy. Periodically test restore procedures into a non-production environment.
7. Uninstall and Data Retention
8. Security Guidance
- Protect secrets using Azure Key Vault or an equivalent secret store.
- Apply least-privilege roles to administrators and service principals.
- Configure Microsoft Entra ID groups and map them to Cassian roles.
- Restrict ingress to required networks and clients.
- Configure logging, monitoring, and alerting on critical events.
- Confirm backup and recovery policies are in place and tested.
Compliance Note
Cassian is designed to support secure operations and compliance workflows. Cassian does not, by itself, guarantee FedRAMP authorization, FIPS validation, NIAP certification, CSfC listing, Common Criteria certification, RMF authorization, or any other compliance outcome. Customers remain responsible for their Azure environment, configuration, and controls.
9. Disclaimer
Exact screens, fields, and workflows may vary by Marketplace plan, Cassian version, and Azure configuration. Refer to the release notes for the version you deploy.
