Kundenportal Operations

🤖 Consolidated with Claude Code, reviewed by author.

Co-Authored-By: Claude (noreply@anthropic.com)

Sources (from cca.wiki):

Hosting-v2-(Azure-DevOps-Hosting).md → Infrastructure components

Neue-Kundenportal-Version-ausrollen.md → Release process

Deployment und Betrieb des Kundenportals.

Infrastructure Components

Component	Purpose	Azure Resource
Management App	Hosting Server	TIS-PROD-CCAKundenportalManagement-WE-APP
Storage	Working Directory	kundenportal-hosting-working-directory
CDN	Frontend Assets	TIS-PROD-TISCCAWebApplications-CDN1
Certificate	*.myversum.at	myversum-at-wildcard
Key Vault	Certificate Storage	MyVersumVault
DNS	*.myversum.at	Managed by A1 (migration to Azure planned)

Operational Repository

Warning: Changes to this repository affect all Kundenportale immediately.

Repository: togethercca-hosting/kundenportal-hosting

Structure:

kundenportal-hosting/
├── manifest.json
├── _versionen/
└── *.myversum.at/     # Portal folders

The Management App accesses this repository via Managed Identity.

Release Process

graph TB
    A[Corner4 completes changes] --> B[togethercca triggers Release Pipeline]
    B --> C[Stage 1: Deploy Assets → CDN]
    B --> D[Stage 2: Deploy Package → Management Service]
    D --> E[Management Service commits to Hosting Repo]
    E --> F[Portals auto-select version based on CCAOnline]

1. Build Pipeline

Pipeline: kundenportal Build

Builds togethercca-cdn configuration
Extracts version from environment.togethercca-cdn
Adds version meta tag to index.html

2. Release Pipeline

Pipeline: kundenportal Release

Stage 1: Azure CDN

Deploys static assets to CDN for browser loading:

Extract build artifact
Remove web.config and customization/
Rename index.html → index_$version$.html
Copy to Azure Blob Storage (cdn.togethercca.com/kundenportal-frontend/)

Stage 2: Hosting V2 (Kundenportal-Management)

Deploys core files to Management Service:

Create deploy package containing:
- index.html
- ngsw-worker.js, ngsw.json
- safety-worker.js, worker-basic.min.js
POST to /kundenportal-versionen/v2 with OAuth2 token
Management Service extracts to _versionen/{version}/ in Hosting Repo
Commits and pushes changes

Authentication: OAuth2 Client Credentials Flow (Azure AD App with portale.deploy permission).

3. Version Selection

Each portal has a configured version mode:

Mode	Behavior
`latest_compatible`	Auto-select based on CCAOnline version
Specific version (e.g. `2.1.00`)	Pinned to exact version

Automatic selection (latest_compatible):

User requests portal (e.g., makler.myversum.at)
Management Service calls CCAOnline /health endpoint
Reads applicationVersion from health response
Selects matching SPA version from _versionen/
Serves appropriate index.html (assets load from CDN)

Version lookup is cached for 10 minutes per portal.

Pinned versions are used when a portal needs to stay on a specific SPA version regardless of CCAOnline updates.

4. Admin Dashboard (Optional)

Admin Dashboard: https://admin-dashboard.togethercca.com/

Used for:

Viewing portal list and status
Checking installed versions
Manual portal management

Certificate Management

The wildcard certificate for *.myversum.at is renewed annually.

Access requirements:

Certificate Registration → Key Vault (for renewal)
App Service → Key Vault (for binding)

DNS Management

Currently managed by A1. Migration to Azure DNS planned for scriptable management.

Portal-specific CNAME entries are created during v2 hosting migration.

Infrastructure Components​

Operational Repository​

Release Process​

1. Build Pipeline​

2. Release Pipeline​

Stage 1: Azure CDN​

Stage 2: Hosting V2 (Kundenportal-Management)​

3. Version Selection​

4. Admin Dashboard (Optional)​

Certificate Management​

DNS Management​