WHITE PAPER
Tessell Security Architecture on Azure
Share this White Paper
arrow icon

Tessell Security Architecture on Azure

Create your custom data plane by bringing your own Azure subscription to Tessell and understand Tessellโ€™s security posture

The white paper outlines Tessellโ€™s BYOA (Bring Your Own Azure) functionality within its platform, enabling customers to integrate their existing Azure subscriptions seamlessly. Tessell ensures a secure onboarding process and management of these Azure accounts using a turnkey solution.

Key points of the article:

1. Access Management: Tessell uses an Azure Active Directory (AD) application named โ€œTessellโ€ to manage both Tessell-managed and BYOA Azure subscriptions. Customers authorize this AD application, creating a service principal with custom role assignments that limit permissions to specific resource groups.

2. Automation: The process of creating the service principal and assigning the custom role is automated using Azure ARM templates, simplifying resource deployment and role assignment.

3. Custom Role Permissions: Tessell creates a custom role called โ€œTessell Operator,โ€ granting it the necessary permissions to perform operations within a defined resource group. However, default permissions limit Tessellโ€™s ability to create or delete networks and encryption keys, requiring customer intervention for those tasks.

The architecture ensures secure management and provisioning of customer Azure subscriptions using Tessellโ€™s platform, with clearly defined roles and automated deployment processes for efficiency.

Read the White Paper