Deployment
Follow the steps in this page to learn how to deploy SmartDocumentor to your own Azure subscription.
Pre-Requisites
Before getting started, ensure you meet the following pre-requisites:
Have a suitable Azure subscription for deployment.
Have access to the SmartDocumentor deployment template, which you can request from us.
Have access to your unique
Container Registry UsernameandContainer Registry Token, provided by us, to insert during deployment configuration.You are deploying with an account or principal with sufficient deployment permissions.
Virtual Networks and Private Endpoints
SmartDocumentor can be deployed into a private network, automatically created during deployment.
Most resources are privately secured but some limitations apply when enabling virtual networks:
The SmartDocumentor app itself is available to the public internet but can access resources on the virtual network.
Some resources like certain Azure Storage accounts are available to the public internet but blocked at the Firewall or ACL level, allowing only access to select subnets or to internal secure Azure services.
Due to technical limitations, whenever SAS URLs are generated from protected Azure Storage accounts, they are proxied through the public SmartDocumentor application.
These URLs are still secure and are expire after a short time, unless you configure otherwise.
This functionality is required for the following use cases:
Downloading the original file in any Review screen
Displaying document pages as images in the Documents Review screen
Displaying audio, video and timeline in the Transcripts Review screen
Sending uploaded documents to virtual network-secured AI services, such as Document Intelligence, Video Indexer, PII Anonymizer and AI Content Understanding.
Sending original files or export artifacts URLs via HTTP to your configured webhooks.
Azure Service Bus only supports virtual networks and private endpoints with the Premium SKU, which incurs a significant monthly cost (+- 600€/month).
Whenever virtual networks are enabled, an Azure Bastion enabled Windows VM is also deployed, which can be used to debug and configure resources within the virtual network. This incurs an additional cost of about 200€/month (Azure Bastion + Windows VM + OS Disk + NAT Gateway). The VM can be disabled when not in use.
Managed Identity and Access Keys
Regardless if virtual networks and private endpoints are enabled, most services use Managed Identity to allow access from SmartDocumentor's services. There are a few exceptions:
Postgres uses a Username/Password pair automatically generated during deployment and stored in Key Vault, which facilitates database access from IT admins whenever support is necessary.
Redis uses an access key which can be revoked/refreshed at any time (if correctly reconfigured) due to technical limitations with the libraries used to access Redis.
Azure Storage Accounts tied to Azure Functions containers, used exclusively for lock management, use access keys for simplicity.
The main Azure Storage Account used to upload files and processing artifacts uses access keys because it is a requirement to generate SAS-secured URLs from upload blobs with longer expire times. These URLs are necessary to send documents to AI services, or otherwise securely allow users to the see the documents' content in the app. The access key can be revoked at any time and reconfigured at deployment time.
Deployment Zone
The template is officially tested and supported in the Sweden Central zone, which is the preferred and recommended deployment zone by the team.
Other zones may still function or include partial support for some features. When deploying on an unsupported region, the Azure Portal can identify incompatibilities during the deployment stage on some resources. Other features may only break during runtime.
Configuring the Template
When you open the template URL provided by us, all configurable parameters will be displayed. Reference the table below to learn more:
Subscription
The Azure subscription to deploy to. Ensure you have suficient permissions to deploy in the selected subscription.
Resource Group
The resource group to deploy to. We recommend creating a new resource group specifically for SmartDocumentor.
Region
The region to deploy to. Only Sweden Central is officially supported and validated.
Other regions may work, but some features won't be available at deploy or run time.
Environment Tag
Environment tag to apply to all resources. Used for organizational and billing purposes
Applies to all deployed resources. Additional tags with the version and product name are also added with the following format: Version: <version> Environment: <environment tag> Product: sdcloud-v2
Container Registry Username
Unique username provided to you by DevScope, to pull images from our private container registry.
This value is unique to you and must be kept secret, do not share it with anyone.
Container Registry Token
Unique token provided to you by DevScope, to pull images from our private container registry.
This value is unique to you and must be kept secret, do not share it with anyone.
Management Vm Username
Username for management Windows VM used to debug and support deployments when using virtual networks. Must meet Azure VM username complexity requirements. Use this username to connect to the VM using Azure Bastion.
If you don't intend to use virtual networks, you can insert any value here as it won't be used. This value allows privileged access to virtual networked resources, do not share it with anyone that shouldn't have access.
Management Vm Password
Password for management Windows VM used to debug and support deployments when using virtual networks. Must meet Azure VM password complexity requirements. Use this password to connect to the VM using Azure Bastion.
If you don't intend to use virtual networks, you can insert any value here as it won't be used. This value allows privileged access to virtual networked resources, do not share it with anyone that shouldn't have access.
Single Organization Mode
When enabled (default), SmartDocumentor creates a single Organization which is shared with all users. On account creation, all users are added to this single Organization, and no more organizations can be created. The first user of the organization has the Administrator role.
Disabling this makes SmartDocumentor operate like the publicly available version hosted by us. Each account is assigned a new organization when created or invited.
Single Organization Name
The name of your organization when Single Organization Mode is enabled. You can update the organization name at deployment time or within the application itself in the Organization screen.
Ignored if Single Organization Mode is disabled.
Single Organization Default Role
The default role for new registered accounts whenever Single Organization Mode is enabled.
Users invited from within the platform will have the role you select during the invitation process. Remember that unless users are Administrators, they must manually be assigned to each Workspace you wish them to have access to.
Ignored if Single Organization Mode is disabled. The first account of the Organization will always be Administrator.
Use Production Apps
Whether to use production resources for Container Apps.
Enabling this sets resources for the smart-documentor and renderfarmv2-api to 1.75 CPU and 3.5 GiB RAM each, suitable for production workloads.
Disabling this sets resources to 0.75 CPU and 1.5 GiB RAM each, which can help reduce costs during development or testing but may impact performance under load. Defaults to true.
Unless creating QA/UAT environments, you should leave this at the default value. For smaller deployments, setting this to false may provide significant hosting savings at the cost of performance.
Postgres Relational Sku
Which database SKU to use for the Postgres relational database. Standard_B1ms, 1 vCore, 2 GiB RAM is enough for development workloads.For production, we recommend Standard_B2s, 2 vCore, 4 GiB RAM at a minimum.
Postgres Vector Sku
Which database SKU to use for the Postgres vector store. Standard_B1ms, 1 vCore, 2 GiB RAM is enough for small development workloads. For production, we recommend Standard_B2s, 2 vCore, 4 GiB RAM at a minimum. If you intend to index large amounts of documents, consider using a more powerful SKU with more RAM.
Postgres Relational Storage Size GB
The maximum storage size assigned to the database instance. Defaults to 32 GB.
From our testing, 32GB is enough for most workloads. Consider increasing this value if you predict very high usage.
Postgres Vector Storage Size GB
The maximum storage size assigned to the database instance to store embedding vectors. Defaults to 32 GB.
From our testing, 32GB is enough for most workloads. Consider increasing this value if you predict very high index/search usage. Chat history is also stored in this database, which may affect storage usage.
Use High Availability Redis
Deploys two instances of Azure Managed Redis instead of one, ensuring higher SLAs. Defaults to true.
Enabling this doubles the Redis cost, but is recommended for production deployments due to the SLA improvement.
Use Premium Service Bus SKU
Disabled by default, only consider enabling when you require virtual networks and all resources to be private. When disabled, uses the Standard SKU which is considerably cheaper but does not support virtual networks or private endpoints.
When enabled, the Premium SKU incurs a signficant monthly cost of about 600€/month.
Llm Deployment Type
The deployment type for models in Azure AI Foundry.
Defaults to GlobalStandard, which supports higher quota values. This means data can travel across diferent regions depending on load.
Use other values to configure according to your security and data locality requirements.
See https://learn.microsoft.com/en-us/azure/ai-foundry/foundry-models/concepts/deployment-types to learn more about Deployment Types and which Type is more appropriate for your requirements. Token quota is managed by Deployment Type and model. Note that due to technical limits, the "text-embedding-3-large" model always uses the "GlobalStandard" deployment type, regardless of this setting.
GPT-4o Token Capacity
GPT-4o token capacity, measured in thousands of tokens, also known as quota.
Before increasing, make sure you have sufficient quota in your AI Foundry resource and subscription.
This particular model handles transcription summaries.
If you experience slow performance, increase this value in increments of 50 until happy with the results.
GPT-4.1 Token Capacity
GPT-4.1 token capacity, measured in thousands of tokens, also known as quota.
Before increasing, make sure you have sufficient quota in your AI Foundry resource and subscription.
This particular model handles anonymization and more complex content understanding tasks which require deeper reasoning.
If you experience slow performance, increase this value in increments of 50 until happy with the results.
GPT-4.1-Mini Token Capacity
GPT-4.1-Mini token capacity, measured in thousands of tokens, also known as quota.
Before increasing, make sure you have sufficient quota in your AI Foundry resource and subscription.
This particular model handles simpler content understanding tasks like classification.
If you experience slow performance, increase this value in increments of 50 until happy with the results.
text-embedding-3-large Token Capacity
text-embedding-3-large token capacity, measured in thousands of tokens, also known as quota.
Before increasing, make sure you have sufficient quota in your AI Foundry resource and subscription.
This particular model handles content ingestion for search and chat functionalities.
If you experience slow performance, increase this value in increments of 50 until happy with the results.
Time Based Scaling
When enabled, the SmartDocumentor application only scales during period defined by Start and End hours. This allows you to reduce hosting costs in off hours. To have 100% availability, disable this.
The app still scales automatically in response to HTTP requests or when internal jobs need to execute. It may take a few minutes before the app can respond to requests.
Time Based Scaling Start Hour
Start time, in UTC, when the app should automatically scale up (0-23). Must be smaller than Time Based Scaling End Hour.
Ignored if Time Based Scaling is disabled.
Time Based Scaling End Hour
End time, in UTC, when the app should automatically scale down (0-23). Must be larger than Time Based Scaling End Hour.
Ignored if Time Based Scaling is disabled.
Use Virtual Network
Enables Virtual Networks and private endpoints for all elegible resources. See Virtual Networks and Private Endpointsto learn more.
Azure Bastion, management VM and NAT Gateway are only configured when Use Virtual Network is enabled.
Developer Account Emails
List of developer account emails, seperated by ; At least one must be configured. This account should be assigned to an IT Admin or technical user which can help DevScope with support and access to workspaces. Developer roles have the same permissions as Administrators but can see additional debug and support tools.
Whenever an account is created or invited with one of these emails, it is automatically upgraded to the Developer role, regardless of Workspace or Organization.
OTLP Endpoint
OpenTelemetry endpoint for custom OTEL collector.
If not configured, uses default Aspire telemetry, which resets after each restart or deployment.
OTLP Protocol
The network protocol used to send metrics, logs and traces to collector. Defaults to http/protobuf.
Only used if OTLP endpoint is configured. Check your specific OTLP collector distribution for details on what protocol should be configured. SmartDocumentor's services support protobuf and grpc, which are the two most common protocols.
OTLP Headers
OpenTelemetry OTLP Authorization headers, seperated by spaces. Each header should be in the format <key>=<value> (without <>).
Only required if collector requires specific headers such as authorization (recommended).
OTLP Dashboard Url Format
OpenTelemetry OTLP Dashboard URL format. Use this URL to link to your OTLP traces dashboard. Use {traceId} as a placeholder for the trace ID. If not set, the Aspire dashboard will be used for trace links.
When configured, the "Open in Developer Dashboard" option in the Task List for each task automatically redirects to this URL, which can be very useful for debugging purposes.
QA Environment Target
Which environment should be updated when performing a deployment. Only useful if your deployment flow includes QA or UAT environments. Supported values include "production", "pre-dev", "pre-release" and "pre-production".
Defaults to "production", which is the recommended value for all deployments unless instructed otherwise by DevScope.
All non-Container Apps infrastructure is always created/updated regardless of the value selected here. This only affects the version of main and init containers of the SmartDocumentor app itself. Its useful to test pre-dev/release/production code on real infrastructure and data, so it shouldn't be configured to a value other than "production" in production environments.
Custom Host
Custom host name for the "smartdocumentor" container. Include the "https://" prefix and do not end in a "/". Ensure the DNS is configured to point to the container app as according to the documentation.
Leave empty to use the default domain provided by Azure Container Apps.
If this value is set, an equivalent custom domain must be set for the "smart-documentor" Container App.
See the Additional Configurationsection for more details.
Skip Seeding
Skip seeding data on startup, only applying database migrations. Defaults to false.
Only useful for advanced scenarios where you are migrating from a previous version of the service.
enableVersionEndpointInProduction
Whether to enable the version endpoint in the Smart Documentor application, available at /api/v1.0/external/version, in the production environment. This endpoint exposes the current application version.
Recommended to keep disabled in production environments for security reasons. QA environments always have this enabled.
Once configured to your liking, hit Review + Create to validate and create your deployment. Depending on configuration and Azure Cloud availability, deployment can take up to 40 minutes. Subsequent deployments are much faster.
Save the parameters inserted in the template for later in a secure place, otherwise you won't be able to easily reproduce your setup if an update is necessary.
See Additional Configurationfor additional configuration settings after deployment, such as configuring Email Sending/Receiving, adding Microsoft Account social login or configuring a custom domain.
Post-Deployment Updates
To receive additional features or bug fixes, you can contact or be prompted by DevScope to re-run the deployment with a new template. Redeploy using the same settings as you used before.
Database migrations and service updates are performed automatically. The team ensures no major breaking changes occur when upgrading, unless previously notified.
Every resource is marked with the "version" tag, which you should refer to the team to facilitate support if necessary.
Deleting resources
Simply delete the resource group where you deployed SmartDocumentor to remove all resources. Optionally force the removal of VM related resources to completely clean your subscription of SmartDocumentor services.
If you deployed SmartDocumentor in an existing resource group with existing resources, you must delete every SmartDocumentor resource individually. We recommend creating a dedicated SmartDocumentor resource group to simplify resource management.
Last updated