Skip to main content

Azure Deployment Overview

Cado provides flexible deployment options for Microsoft Azure, enabling you to start quickly or roll out a full-scale deployment with advanced processing capabilities.

At its core, a Cado deployment in Azure consists of:

  • Infrastructure: A core virtual machine that runs the Cado platform within your Azure subscription.
  • Permissions: Azure RBAC permissions (e.g., Contributor on the Cado resource group) to manage the main VM and, in full deployments, launch worker VMs.
  • Cross-subscription/tenant access: An Azure App Registration used to import data from other Azure subscriptions or tenants.

Next Steps

GoalMethodDescriptionLink
Deploy Cado with full capabilitiesTerraform ModuleUse Cado’s Terraform to deploy a full-featured platform (including support for worker VMs for faster processing and large imports).Azure Terraform deployment
Quickly deploy Cado with minimal setupMinimal (Portal) DeploymentLaunch a basic Cado instance directly from the Azure Portal using the Cado Community Images—ideal for restricted environments or quick evaluations.Minimal Deployment Guide
Understand architecture & networkingArchitecture OverviewReview how the platform is deployed in its own isolated network and the options available for private access.Architecture in Azure
Configure cross-subscription/tenant importsApp RegistrationRegister an application in the target subscription/tenant and add it to Cado to enable acquisitions across subscriptions/tenants.Adding Azure subscriptions
Review supported configurationsSupported Deployment ConfigurationsEnsure your IAM and network setup aligns with Cado’s supported configurations to avoid import failures.Supported Configurations

Deployment Options

Minimal Deployment

  • Purpose: Fast setup with minimal permissions.
  • Use Case: Highly restricted environments or quick proofs-of-concept.
  • Availability: Azure Portal via Cado Community Images.

Full Deployment

  • Purpose: Enables worker VMs for faster processing and large system imports.
  • Use Case: Production environments with higher performance needs.
  • Availability: Terraform for Azure.

Permissions and Security

Cado in Azure relies on Azure RBAC to provision and operate platform resources. At minimum, Contributor permissions on the Cado resource group and Storage Account Contributor are required to deploy the platform, with optional broader permissions (e.g., VM/Disk roles) if you plan to run acquisitions locally within the same subscription.

For cross-subscription/tenant acquisitions, register an Azure App Registration in the target subscription/tenant and supply its details to Cado. This enables controlled access to data sources outside the deployment subscription.

Organizations that need tighter control can replace broad roles with scoped custom roles that grant only the specific actions required for storage, compute, and activity log acquisitions.

Cado’s Azure architecture can be deployed into an isolated virtual network, with options to support private access patterns as needed. Deployments can typically be brought online in under ~25 minutes.