Deploy the management environment#

These instructions will deploy a new Safe Haven Management Environment (SHM). This is required to manage your Secure Research Environments (SREs).

Important

The SHM must be setup before any SREs can be deployed.

Note

A single SHM can manage all your SREs. However, you may choose to use multiple SHMs if, for example, you want to separate production and development environments.

Requirements#

Deployment#

Before deploying the Safe Haven Management (SHM) infrastructure you need to decide on a few parameters:

entra_tenant_id

Tenant ID for the Entra tenant you will be using to manage the TRE users

How to find your Microsoft Entra Tenant ID

  • Go to the Microsoft Entra admin centre

  • Click on your username / profile icon in the top right

  • Click Switch directory in the dropdown menu

  • Ensure that you have selected the directory you chose above

  • Browse to Identity ‣ Overview from the menu on the left side.

  • Take note of the Tenant ID

fqdn

Domain name that your TRE users will belong to.

Hint

Use a domain that you own! If you use e.g. example.org here your users will be given usernames like ada.lovelace@example.org

location

Azure location where you want your resources deployed.

Hint

Use the short name without spaces, e.g. uksouth not UK South

Once you’ve decided on these, run the dsh shm deploy command: [approx 5 minutes]:

$ dsh shm deploy --entra-tenant-id YOUR_ENTRA_TENANT_ID \
                 --fqdn YOUR_DOMAIN_NAME \
                 --location YOUR_LOCATION

Note

You will be prompted to log in to the Azure CLI and to the Graph API.

  • Azure CLI: use your infrastructure user credentials

  • Graph API: use your Entra tenant administrator credentials

Important

You may be asked to delegate your domain name to Azure. To do this, you’ll need to know details about the parent domain. For example, if you are deploying to dsh.example.com then the parent name is example.com.