Prerequisites
These are the key requirements that must be met before you can begin your integration with RTGS.global
Prerequisite Overview
You must have:
Received two secure emails containing your RTGS.global Id and digital signing credentials. If you have not received these please email support@rtgs.com.
A minimum of
Contributor
access to an Azure Subscription.Enabled the following Azure Subscription resource providers:
Microsoft.App,
Microsoft.ContainerService
andMicrosoft.ServiceBus
(see Enabling Azure Resource Providers).Established available IP ranges for the RTGS.global components with your network administrator (see Networking Requirements).
Met the RTGS.global security checklist (see Security Checklist).
Enabling Azure Resource Providers
This can also be done programmatically - see the Microsoft guide for more information.
Navigate to your subscription in the Azure Portal.
1) From the left hand menu under the settings subheading, select Resource providers.
For each of the required providers, Microsoft.App
, Microsoft.ContainerService
, Microsoft.ServiceBus
2) Click on the row (not the name) of the resource provider in the list to select it.
3) Click Register.
There is a search box under the register icon where you can filter the resource providers by name.
Networking Requirements
RTGS.global components must be deployed within a dedicated Azure subscription. This makes it easier to isolate the integration from the rest of your infrastructure and control access.
Each RTGS.global component (see table below) requires a dedicated IP range which is set during deployment and cannot be modified afterwards without redeployment. The IP range is provided using CIDR notation.
You will be unable to peer any other network infrastructure if they clash with the ranges used, therefore we recommend consulting with your network administrator before installing RTGS.global components.
Component | CIDR Notation | Resulting IP Range |
---|---|---|
RTGS.global Network Connector | 10.1.0.0/24 | 10.1.0.0 - 10.1.0.255 |
RTGS.global Signing | 10.2.0.0/21 | 10.2.0.0 - 10.2.7.255 |
RTGS.global Gateway | 10.3.0.0/23 | 10.3.0.0 - 10.3.1.255 |
Global Fabric Link (Optional) | 10.4.0.0/23 | 10.4.0.0 - 10.4.1.255 |
Security Checklist
To ensure that all participants integrate and communicate across the RTGS.global network in a secure manner, these standards must be followed:
You must use a dedicated subscription within Microsoft Azure that will be used solely for the purpose of integrating into the RTGS.global network.
User access to components within this Azure subscription must be via an Azure Bastion or similar.
You must not directly expose RTGS.global components to the public internet.
Azure accounts and resources should be secured according to Microsoft recommendations. These include using MFA, device conditional access, principle of least privilege and RBAC.
All failed logins to the Azure portal and associated resources must be logged, monitored and investigated by your security team.
Last updated