LogoLogo
LogoLogo
  • Welcome
  • Details
  • Editions
  • Use Cases
  • SCEPMAN Deployment
    • Getting Started
      • Standard Guide
      • Extended Guide
    • Permissions
      • Azure App Registration
      • Managed Identities
    • Deployment Options
      • Marketplace deployment
      • Enterprise deployment
      • Terraform deployment
    • Root CA
    • Intermediate CA
  • Certificate Management
    • Revocation
    • Microsoft Intune
      • Windows
        • Certificate Based Authentication for RDP
      • macOS
      • Android
      • iOS/iPadOS
      • Linux
    • Jamf Pro
      • General Configuration
      • Computers
      • Devices
      • Users
    • Other MDM Solutions
      • Google Workspace
        • ChromeOS
      • Kandji
      • Mosyle
      • SOTI MobiControl
    • Certificate Master
      • Manage Certificates
      • Certificate Signing Request (CSR)
      • TLS Server Certificate
      • Sub CA Certificate
      • Code Signing Certificate
      • Client Certificate
      • User Certificate
    • Domain Controller Certificates
    • Enrollment REST API
      • Self Service Enrollment
        • Intune Managed Linux Client
        • Unmanaged Linux Client
      • API Enrollment
        • Linux Server
        • Windows Server
      • SCEPmanClient
  • Azure Configuration
    • Application Insights
    • App Service Sizing
      • Autoscaling
    • Custom Domain
    • Geo-Redundancy
    • Health Check
      • Using 3rd Party Monitoring
    • Log Management
    • Moving Resources
    • Private Endpoints
    • Split-Tenancy
  • Update Strategy
  • SCEPman Configuration
    • SCEPman Settings
      • Basics
      • Certificates
      • Certificate Master
      • CRL
      • Dependencies (Azure Services)
        • Azure KeyVault
        • Logging
        • Microsoft Entra ID (Azure AD)
        • National Cloud Platforms
      • Enrollment REST API
      • OCSP
      • SCEP Endpoints
        • DC Validation
        • Intune Validation
        • Jamf Validation
        • Static Validation
        • Static-AAD Validation
    • Certificate Master Settings
      • Basics
      • Microsoft Entra ID (Azure AD)
      • Logging
      • National Cloud Platforms
    • Application Artifacts
    • Certificate Master RBAC
    • Device Directories
    • Intune Strong Mapping
  • Other
    • Security & Privacy
    • Support
    • Licensing
      • Azure Marketplace
    • FAQs
      • General
      • Certificate Connector
      • Network Access Controllers
      • Renewing SCEPman Root CA
    • Troubleshooting
      • Common Problems
      • Certifried Security Vulnerability
      • Cisco ISE Host Header Limitation
      • Intune service discovery API permissions
      • Re-enrollment trigger
  • Uninstallation
  • Change Log
  • Links
  • SCEPman Website
Powered by GitBook
On this page
  • Evergreen Approach
  • Deployment Slot Configuration
  • Pre-release slot

Was this helpful?

Update Strategy

Last updated 20 days ago

Was this helpful?

Evergreen Approach

We recommend an Evergreen approach for our SCEPman solution. That means that you should use the latest version from our production channel. Through the possibilities of the ZIP-Deployment you can point directly to our GitHub and load the latest version that is released by our development team.

How to do that is mentioned in this article:

With this approach you always get the newest features and security updates.

Keep in mind that an update only occurs, when the App Service is stopped and started again. This is the event when the ZIP-Deployment is triggered. The App Service does not stop and start automatically in case new application artifacts are available, so you have to perform it manually.

In a production enterprise environment, if you want to have more control over the update process you can use the Microsoft feature Deployment Slots.

Deployment Slot Configuration

In case you want to have full control over the update process of SCEPman you can use the Deployment Slots within the Azure App Service.

To get more details about the Deployment Slots you can visit the Microsoft docs:

The following steps give you our recommended setup for a pre-release management

Please keep in mind that each Deployment Slot is running on the same App Service Plan of your production App and uses the same resources.

Pre-release slot

The idea behind the pre-release slot is to have your production App Service running with artifacts stored on your own Storage account and create a new Deployment Slot pointing to our GitHub artifacts. You can find the steps for setting up your custom artifact location in the following article:

Now your production App Service is running with a custom artifacts location and we proceed with the configuration of the new Deployment Slot.

Deployment Slot requirements **** (via PS. SCEPman Module):

  • SCEPman 2.2 or above

  • PowerShell SCEPman-Module 1.5.1.0 or above

The following CMDlet command will create a Deployment Slot and configure all required permissions for you.

New-SCEPmanDeploymentSlot -SCEPmanAppServiceName <Your SCEPman App Service Name> -DeploymentSlotName <Name For The Deploymentslot> 6>&1

Example

After the deployment is finished successfully, you can check the deployment slot in your SCEPman App Service -> Deployment slots

Now ensure that your deployment slot points to SCEPman Production channel on GitHub:

If you go back to your primary App Service and navigate to Deployment Slots you can see your two slots and can manage the Traffic % to root the defined among of request to the new pre-release slot. Important that this traffic rooting is completely transparent for the application and handled by the App Service. We recommend setting the Traffic % to 20. After that, you can compare the two slots in Application Insights. In case we are releasing an updated version to our GitHub, you only must restart the pre-release slot and after that, you can compare the two different versions in Application Insights. After one week or your choice of time, you can upload the new GitHub artifacts to your custom artifacts location and have updated the SCEPman solution.

Navigate to the Deployment Slot -> Environment variables and look for the setting WEBSITE_RUN_FROM_PACKAGE and past the to the value.

Application Artifacts
https://docs.microsoft.com/en-us/azure/app-service/deploy-staging-slots
Application Artifacts
production channel artifacts