Mx Azure draft

content/en/docs/deployment/mx-azure/_index.md

@@ -0,0 +1,66 @@
+---
+title: "Mendix on Azure"
+url: /developerportal/deploy/mendix-on-azure/
+description: "Presents documentation on deploying your Mendix app on Microsoft Azure."
+weight: 42
+---
+
+## Introduction
+
+Mendix on Azure provides a simplified, integrated way to deploy Mendix applications to a Microsoft Azure environment. With this solution, users are empowered to deploy their Mendix applications in Azure environments without the need for intricate infrastructure setup in cloud services. They can also seamlessly manage infrastructure services through an intuitive user interface. No matter their IT skills, users can realize their project value quickly and securely with Azure.
+
+## Features of Mendix on Azure
+
+Mendix on Azure has the following features:
+
+* You can create the managed app in Azure and link it to your Mendix Private Cloud environment.
+* You do not need to perform software upgrades, as they are done for you.
+* The environment is set up in an opinionated way according to the architecture prepared by Mendix.
+
+## Typical Use Cases
+
+Mendix on Azure supports the following use cases:
+
+* Geographical data control - For organizations which must keep data within certain regions due to legal or contractual obligations.
+* Industry-specific compliance - For industries such as healthcare, finance, or government, which have strict regulatory compliance requirements.
+* App data sensitivity - For applications which deal with highly sensitive data or are subject to stringent security regulations, Mendix on Azure provides the option to keep this data within the organization's own security perimeter.
+* Legacy systems integration - For integrating with existing legacy systems that are not easily migrated to a public cloud.
+
+## Mendix on Azure and Mendix for Private Cloud
+
+Mendix on Azure is a new deployment option that makes use of some of the features of Mendix for Private Cloud, but does so in an opinionated way. Mendix for Private Cloud offers its users flexibility coupled with the ability to keep their deployment within their enterprise firewall, but requires more effort to configure and more time to value than deployments on Mendix Cloud. Mendix on Azure builds on that by providing an automated, preconfigured solution with access to private customer networks, which can be deployed in 30 minutes by a user without IT skills at no extra operational costs. The architecture, its maintenance, updates, and security hardening are all fully managed by Mendix.
+
+## Architecture
+
+The diagram in this section presents the high-level architecture of the Mendix for Azure solution.
+
+{{< figure src="/attachments/deployment/mx-azure/architecture.png" class="no-border" >}}
+
+The architecture is assessed against the [Azure well-architected framework](https://learn.microsoft.com/en-us/azure/well-architected/) to ensure its reliability, accessibility, and performance.
+
+### Use of PostgreSQL over Azure SQL
+
+The Mendix on Azure solution uses PostgreSQL rather than Azure SQL.
+
+## Security
+
+Mendix access to customer environments uses private customer endpoints.
+
+### SOC 2 Type 2 Compliance Exceptions
+
+The Azure Policy add-on is not enabled inside Mendix Azure clusters, because Mendix can control which workloads can access the cluster. Because of that, the following exceptions to the SOC 2 Type 2 policy are considered acceptable:
+
+* Azure Container Registry:
+    * Container registries should be encrypted with a customer-managed key
+* AKS - cluster resource:
+    * Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters
+    * Azure Kubernetes Service clusters should have Defender profile enabled
+* AKS - cluster VNET:
+    * All Internet traffic should be routed via your deployed Azure Firewall
+    * Subnets should be associated with a Network Security Group
+* PostgreSQL:
+    * Subnets should be associated with a Network Security Group
+* Storage Account:
+    * Storage accounts should use customer-managed key for encryption
+
+## Read More

content/en/docs/deployment/mx-azure/mx-azure-getting-started.md

@@ -0,0 +1,73 @@
+---
+title: "Getting Started with Mendix on Azure"
+url: /developerportal/deploy/mendix-on-azure/quickstart/
+description: "Documents the pre-implementation tasks for Mendix on Azure."
+weight: 10
+---
+
+## Introduction
+
+Before you can deploy your Mendix app on Azure, you must plan and complete a number of pre-implementation tasks.
+
+## Prerequisites
+
+To adopt Mendix on Azure, you need to have the following:
+
+* A Mendix account; Mendix Studio Pro 10.10 or newer is required
+* An Azure account with the following permissions:
+    * Permission to grant admin consent on the Mendix on Azure portal app registration
+    * Owner or Mendix on Azure Operator custom role assigned on the target subscription level
+
+## Licensing
+
+Mendix on Azure is available for purchase from the the [Azure Marketplace](https://azuremarketplace.microsoft.com/). Connecting to Azure services may also include additional cost in the form of Azure tokens. For more information, refer to Azure documentation.
+
+Depending on your use case, your deployment environment, and the type of app that you want to build, you may also need a license for your Mendix app. For more information, refer to [Licensing Apps](/developerportal/deploy/licensing-apps-outside-mxcloud/).
+
+In addition to the licenses for your apps, you will also need to license the Mendix Operator which helps deploy your app to a Mendix on Azure environment. For details on the Mendix Operator license, see [Licensing Mendix for Private Cloud](/developerportal/deploy/private-cloud/#licensing).
+
+## Shared Responsibility Model
+
+Under the shared responsibility model for Mendix on Azure deployments, Mendix, Microsoft, and customer organizations all have their own responsibilities in the deployment process and business-as-usual operations. Familiarize yourself with the responsibilities listed below:
+
+### Microsoft Responsibilities
+
+Microsoft is responsible for operating and securing the Azure services underlying the Mendix on Azure service. This includes the following services:
+
+* Compute
+    * Azure Kubernetes service
+* Storage
+    * Azure Blob Storage
+    * Azure Container Registry
+* Database
+    * PostgreSQL Flexible Server
+* Networking
+    * Virtual networks
+    * Load balancer
+    * Private endpoints
+* Monitoring
+    * Managed Grafana and Prometheus
+
+### Mendix Responsibilities
+
+Mendix is responsible for orchestrating, operating, maintaining, securing, and supporting the Mendix on Azure service. This includes the following tasks:
+
+* Orchestrating - Ensure that the underlying Azure services function together as one cohesive offering.
+* Operating - Resolve regressions in how the underlying Azure services come together as one service.
+* Maintaining - Ensure that the service absorbs changes in the underlying Azure services without impact on customers.
+* Securing - Ensure that the service remains compliant with relevant security best practices and frameworks.
+* Supporting - Reactively address customer issues with using the service.
+
+### Customer Responsibilities
+
+Customers are responsible for developing, deploying, operating, integrating, and securing apps on top of the Mendix on Azure service. This includes the following tasks:
+
+* Developing - Create apps that deliver business outcomes.
+* Deploying - Deploy apps.
+* Operating - Monitor app behavior and address deviations.
+* Integrating - Securely integrate apps with backend services and IAM.
+* Securing - Comply with Mendix best practices for secure apps.
+
+## Environment Planning
+
+When planning the implementation, keep in mind the following environment specifications.

content/en/docs/deployment/mx-azure/mx-azure-installation.md

@@ -0,0 +1,60 @@
+---
+title: "Installing and Configuring Mendix on Azure"
+url: /developerportal/deploy/mendix-on-azure/installation/
+description: "Documents the initial configuration tasks for Mendix on Azure."
+weight: 20
+---
+
+## Introduction
+
+To get started with your Mendix on Azure deployment, you must first register your Microsoft Azure cloud cluster in the Mendix Portal. This will provide you with the resources required to deploy the Mendix Operator and host your Mendix app in an Azure deployment.
+
+### Prerequisites
+
+Before starting the installation and implementation process, make sure that you have all the necessary prerequisites:
+
+* Obtain and configure a Microsoft Azure account. For more information, refer to the the Microsoft Azure documentation.
+* Purchase the Mendix on Azure offering in the [Azure Marketplace](https://azuremarketplace.microsoft.com/).
+* Familiarize yourself with the [Private Cloud](https://docs.mendix.com/developerportal/deploy/private-cloud/) concepts.
+* Ensure that your Mendix Studio Pro is in version 10.10 or newer.
+
+## Creating an Azure Cluster
+
+To create a cluster for your Mendix on Azure app, perform the following steps:
+
+1. In the Mendix Portal, in Private Cloud Cluster Manager, click **Mendix on Azure**.
+2. Connect to your Azure account by clicking **Connect and Initialize**, and then logging in with the same account that you used to purchase the Mendix on Azure offering.
+
+    After you successfully connect the accounts, the Mendix Portal shows a list of available clusters (that is, any Azure clusters that you have already linked with Mendix) and initializable clusters (that is, any clusters that you have not yet linked with Mendix).
+
+    {{< figure src="/attachments/deployment/mx-azure/available-clusters.png" class="no-border" >}}
+
+3. In the Microsoft Azure portal, add a new managed Mendix on Azure application with **Standard** as the plan.
+
+    {{< figure src="/attachments/deployment/mx-azure/create-managed-app.png" class="no-border" >}}
+
+4. Provide a name for the resource group. The resource group contains all the resources that must be initialized for your Mendix deployment.
+
+    {{< figure src="/attachments/deployment/mx-azure/resource-group-name.png" class="no-border" >}}
+
+5. Follow the **Create** wizard to create the managed application.
+
+6. After the resource deployment finishes, click **Go to resource**, and then click **Mendix on Azure Portal**.
+
+    The managed app that you created is now visible as a new initializable cluster.
+
+    {{< figure src="/attachments/deployment/mx-azure/initializable-clusters.png" class="no-border" >}}   
+
+7. Click **Initialize**. 
+
+    The preflight check launches to verify that the required resources can be registered in the cluster. Mendix apps are hosted with virtual images, so the preflight check determines whether the cluster contains the required type of virtual image. To view a list of the required resource providers, hover your cursor over the **Information** icon. If required, you can register any missing providers in the **Resource providers** section of the Microsoft Azure portal.
+
+8. After the preflight check completes, click **Next**.
+
+9. Select the **AKS Service Tier**.
+
+    You can choose any tier that suits your requirements. Higher tiers will incur higher costs.
+
+10. Click **Initialize**.
+
+    The initialization process takes ca. 15 minutes. It creates a resource group in the managed app. It also automatically adds a namespace and cluster in Private Cloud portal, which you can use to create environments. For more information, see [Deploying a Mendix App to a Private Cloud Cluster](/developerportal/deploy/private-cloud-deploy/). The cluster cannot be deleted from the Private Cloud portal. If you want to remove it, you must delete it in the Microsoft Azure portal.