Deploying GitHub as a Service in Azure (GitHub AE)

David Okeyode
3 min readJan 6, 2023

--

GitHub is a platform that allows developers to collaborate on projects, share code, automate integration and deployments. There are different versions of GitHub that it can be confusing to understand which one is the best for you. However, if your goal is to control where your GitHub data is stored, you can use the Azure Cloud to achieve this.

GitHub has two options for hosting on the Azure Cloud for organizations that need to meet certain security and data residency requirements. The first option is to use a self-managed GitHub Enterprise Server as an Azure virtual machine. Microsoft provides a VM image in the Azure marketplace to make it easier to set up (Figure 1). The main downside is that it requires more effort to maintain.

Figure 1 — GitHub Enterprise Server VM image in the Azure marketplace

However, there is a less well-known option, called GitHub AE (Figure 2) that takes away the responsibility of ongoing management (less management overhead). It allows us to deploy a fully managed GitHub Enterprise version into the Azure Cloud of our choice (US Government OR Commercial). This allows organizations to meet data residency requirements of GDPR and FedRAMP standards. Also, resiliency features like high availability, automatic failover, automatic backup and disaster recovery are handled for us.

Figure 2 — GitHub AE service in the Azure Portal

Implementation steps for GitHub AE

AE stands for Accelerate Edition???

1. Purchase GitHub AE or start a trial

Figure 3 — Error message because GitHub AE is not enabled

The provider that needs to be enabled is:

/subscriptions/<SUBSCRIPTION_ID>/providers/Microsoft.Features/providers/GitHub.Enterprise/features/EnableAccess

2. Deploy GitHub AE in your Azure subscription

  • In this phase, we need to go to the Azure Portal to set up a GitHub AE account (Figure 4). The email we specify for the administrator will receive a notification for further steps after the account is set up.
  • We can use the links provided to set up the account on either the Azure Commercial Cloud or the Azure US Government Cloud.
  • Deploy GitHub AE to Azure Commercial Cloud https://aka.ms/create-github-ae-instance
  • Deploy GitHub AE to Azure US Government Cloudhttps://aka.ms/create-github-ae-instance-gov
Figure 4 — Creating a GitHub AE account in Azure

3. Initialize GitHub AE

  • Post-deployment, we will get an email from GitHub asking us to complete additional configuration. One of the required configuration is SAML SSO, which is a way for users to log in to GitHub AE with their corporate identities.
  • To complete this, we need to have some information ready: the Entity ID (SSO) URL, Issuer ID URL, and public signing certificate

GitHub AE release noteshttps://docs.github.com/en/github-ae@latest/admin/release-notes

--

--

David Okeyode

Author of four books on cloud security — https://amzn.to/2Vt0Jjx. I also deliver beginner 2 advanced level cloud security training 2 organizations.