Search…
Welcome
Details
Editions
SCEPMAN Deployment
Getting Started
Azure Sizing
Permissions
Deployment Options
Root Certificate
Architecture
Device Directories
Certificate Deployment
Microsoft Intune
Jamf
🆕
Certificate Master
3rd-party MDM Solutions
Domain Controller Certificates
Advanced Configuration
Application Artifacts
Application Insights
Application Settings
Autoscaling
Certificate Master Settings
Custom Domain
Geo-redundancy
Health Check
Intermediate Certificate
License Key
Log configuration
Update Strategy
NAC Configuration
Network Access Controllers
Other
Troubleshooting
Important Links
Changelog
Licensing
Support
SCEPman Website
Powered By GitBook
Update Strategy

Evergreen approach

We recommend an Evergreen approach for our SCEPman solution. That means that you should use the latest version from our production channel. Through the possibilities of the ZIP-Deployment you can point directly to our GitHub and load the latest version that is released by our development team.
How to do that is mentioned in this article:
With this approach you always get the newest features and security updates.
Keep in mind that an update only occurs, when the App Service is stopped and started again. This is the event when the ZIP-Deployment is triggered. The App Service does not stop and start automatically in case new application artifacts are available, so you have to perform it manually.
In a production enterprise environment, if you want to have more control over the update process you can use the Microsoft feature Deployment Slots.

Deployment Slot configuration

In case you want to have full control over the update process of SCEPman you can use the Deployment Slots within the Azure App Service.
To get more details about the Deployment Slots you can visit the Microsoft docs: https://docs.microsoft.com/en-us/azure/app-service/deploy-staging-slots​
The following steps give you our recommended setup for a pre-release management
Please keep in mind that each Deployment Slot is running on the same App Service Plan of your production App and use the same resources.

pre-release slot

The idea behind the pre-release slot is to have your production App Service running with artifacts stored on your own Storage account and create a new Deployment Slot pointing to our GitHub artifacts. You can find the steps for setting up your custom artifact's location in the following article:
Now your production App Service is running with a custom artifacts location and we proceed with the configuration of the new Deployment Slot.
Deployment Slot requirements (via PS. SCEPman Module):
  • SCEPman 2.2 or above
  • PS. SCEPman-Module 1.5.1.0 or above
The following CMDlet command will create a Deployment Slot and configure all required permissions for you.
New-SCEPmanDeploymentSlot -SCEPmanAppServiceName <Your SCEPman App Service Name> -DeploymentSlotName <Name For The Deploymentslot> 6>&1
Example
After the deployment is finished successfully, you can check the deployment slot in your SCEPman App Service -> Deployment slots
Now ensure that your deployment slot points to SCEPman Production channel on GitHub:
Navigate to the Deployment Slot -> Configuration and look for the setting WEBSITE_RUN_FROM_PACKAGE and past the production channel artifacts to the value.
If you now go back to your primary App Service and navigate to Deployment Slots you can see your two slots and can manage the Traffic % to root the defined among of request to the new pre-release slot. Important that this traffic rooting is completely transparent for the application and handled by the App Service. We recommend setting the Traffic % to 20. After that, you can compare the two slots in Application Insights. In case we are releasing an updated version to our GitHub, you only must restart the pre-release slot and after that, you can compare the two different versions in Application Insights. After one week or your choice of time, you can upload the new GitHub artifacts to your custom artifacts location and have updated the SCEPman solution.
Advanced Configuration - Previous
Log configuration
Next - NAC Configuration
Network Access Controllers
Last modified 3mo ago
Copy link
Edit on GitHub
Outline
Evergreen approach
Deployment Slot configuration
pre-release slot