Description
As an Airlock Manager,
I want to have a user resource template
So that I can deploy it into Research Workspace and use user resources (VMs in Guacamole) to review export data requests
Requirement
When deployed into a Research Workspace (i.e. for reviewing export requests), a Review VM must be isolated from other resources in the workspace, as in some cases, reviewer is not allowed to access the research, they can only access the data that is intended to be exported.
To achieve this, we can have a private endpoint for the export in progress storage account, and an NSG that allows the VM to access that storage account, but limits access for everything else.
Description
As an Airlock Manager,
I want to have a user resource template
So that I can deploy it into Research Workspace and use user resources (VMs in Guacamole) to review export data requests
Requirement
When deployed into a Research Workspace (i.e. for reviewing export requests), a Review VM must be isolated from other resources in the workspace, as in some cases, reviewer is not allowed to access the research, they can only access the data that is intended to be exported.
To achieve this, we can have a private endpoint for the export in progress storage account, and an NSG that allows the VM to access that storage account, but limits access for everything else.