Prerequisites

These are the key requirements that must be met before you can begin your integration with RTGS.global

Prerequisite Overview

You must have:

Received two secure emails containing your RTGS.global Id and digital signing credentials. If you have not received these please email support@rtgs.com.
A minimum of Contributor access to an Azure Subscription.
Enabled the following Azure Subscription resource providers: Microsoft.App, Microsoft.ContainerService and Microsoft.ServiceBus(see Enabling Azure Resource Providers).
Established available IP ranges for the RTGS.global components with your network administrator (see Networking Requirements).
Met the RTGS.global security checklist (see Security Checklist).

Enabling Azure Resource Providers

This can also be done programmatically - see the Microsoft guide for more information.

Navigate to your subscription in the Azure Portal.

1) From the left hand menu under the settings subheading, select Resource providers.

For each of the required providers, Microsoft.App, Microsoft.ContainerService, Microsoft.ServiceBus

2) Click on the row (not the name) of the resource provider in the list to select it.

3) Click Register.

There is a search box under the register icon where you can filter the resource providers by name.

Networking Requirements

RTGS.global components must be deployed within a dedicated Azure subscription. This makes it easier to isolate the integration from the rest of your infrastructure and control access.

Each RTGS.global component (see table below) requires a dedicated IP range which is set during deployment and cannot be modified afterwards without redeployment. The IP range is provided using CIDR notation.

You will be unable to peer any other network infrastructure if they clash with the ranges used, therefore we recommend consulting with your network administrator before installing RTGS.global components.

Component	CIDR Notation	Resulting IP Range
RTGS.global Network Connector	10.1.0.0/24	10.1.0.0 - 10.1.0.255
RTGS.global Signing	10.2.0.0/21	10.2.0.0 - 10.2.7.255
RTGS.global Gateway	10.3.0.0/23	10.3.0.0 - 10.3.1.255
Global Fabric Link (Optional)	10.4.0.0/23	10.4.0.0 - 10.4.1.255

Component

CIDR Notation

Resulting IP Range

RTGS.global Network Connector

10.1.0.0/24

10.1.0.0 - 10.1.0.255

RTGS.global Signing

10.2.0.0/21

10.2.0.0 - 10.2.7.255

RTGS.global Gateway

10.3.0.0/23

10.3.0.0 - 10.3.1.255

Global Fabric Link (Optional)

10.4.0.0/23

10.4.0.0 - 10.4.1.255

Security Checklist

To ensure that all participants integrate and communicate across the RTGS.global network in a secure manner, these standards must be followed:

You must use a dedicated subscription within Microsoft Azure that will be used solely for the purpose of integrating into the RTGS.global network.
User access to components within this Azure subscription must be via an Azure Bastion or similar.
You must not directly expose RTGS.global components to the public internet.
Azure accounts and resources should be secured according to Microsoft recommendations. These include using MFA, device conditional access, principle of least privilege and RBAC.
All failed logins to the Azure portal and associated resources must be logged, monitored and investigated by your security team.

PreviousAzure Deployments NextDeployment

Last updated 3 months ago