Currently only DARTs connects from HMCTS Azure to Archiving with Records Management and it does so via a private endpoint deployed specifically for DARTs. There is a new requirement for data to be archived as part of DLRM Data Ingest activities.
The DLRM Data Landing zones are designed to be ephemeral and multiple can be spun up at a time, unfortunately we cannot follow the same model and deploy a private endpoint for each landing zone as the DNS would not work (can't resolve multiple IPs from the same hostname).
Proposed Ideas
A solution is to deploy a centralised private endpoint for the ARM storage account into the HUB VNET and restrict access from specific ranges (DARTs and the DLRM Data Landing zones, for now)
Another option is to peer the ARM VNet to our Hub and put appropriate Firewall rules in place to allow connectivity - potentially overkill as services (currently) only need access to the storage account.
Intended Outcome
Private connectivity to the Archiving with Records management storage account should be centrally managed and available to any services that need it.
Impact on Teams
DARTs would have to have their specific private endpoint removed, this was deployed manually as DARTs does not have visibility of the ARM infra and ARM doesn't have visibility of the DARTs infra.
DTSPO-22517
Summary
Currently only DARTs connects from HMCTS Azure to Archiving with Records Management and it does so via a private endpoint deployed specifically for DARTs. There is a new requirement for data to be archived as part of DLRM Data Ingest activities.
The DLRM Data Landing zones are designed to be ephemeral and multiple can be spun up at a time, unfortunately we cannot follow the same model and deploy a private endpoint for each landing zone as the DNS would not work (can't resolve multiple IPs from the same hostname).
Proposed Ideas
Intended Outcome
Private connectivity to the Archiving with Records management storage account should be centrally managed and available to any services that need it.
Impact on Teams
DARTs would have to have their specific private endpoint removed, this was deployed manually as DARTs does not have visibility of the ARM infra and ARM doesn't have visibility of the DARTs infra.