Deployment⚓︎

Pre-Requisites⚓︎

Before getting started, ensure you meet the following pre-requisites:

Have a suitable Azure subscription for deployment.
Have access to the SmartDocumentor deployment template, which you can request from us.
Have access to your unique Container Registry Username and Container Registry Token , provided by us, to insert during deployment configuration.
You are deploying with an account or principal with sufficient deployment permissions.

Virtual Networks and Private Endpoints⚓︎

SmartDocumentor can be deployed into a private network, automatically created during deployment. Most resources are privately secured but some limitations apply when enabling virtual networks:

The SmartDocumentor app itself is available to the public internet but can access resources on the virtual network.
Some resources like certain Azure Storage accounts are available to the public internet but blocked at the Firewall or ACL level, allowing only access to select subnets or to internal secure Azure services.
Due to technical limitations, whenever SAS URLs are generated from protected Azure Storage accounts, they are proxied through the public SmartDocumentor application.
- These URLs are still secure and are expire after a short time, unless you configure otherwise.
- This functionality is required for the following use cases:
- Downloading the original file in any Review screen
- Displaying document pages as images in the Documents Review screen
- Displaying audio, video and timeline in the Transcripts Review screen
- Sending uploaded documents to virtual network-secured AI services, such as Document Intelligence, Video Indexer, PII Anonymizer and AI Content Understanding.
- Sending original files or export artifacts URLs via HTTP to your configured webhooks.
Azure Service Bus only supports virtual networks and private endpoints with the Premium SKU, which incurs a significant monthly cost (+- 600€/month).
Whenever virtual networks are enabled, an Azure Bastion enabled Windows VM is also deployed, which can be used to debug and configure resources within the virtual network. This incurs an additional cost of about 200€/month (Azure Bastion + Windows VM + OS Disk + NAT Gateway). The VM can be disabled when not in use.

Managed Identity and Access Keys⚓︎

Regardless if virtual networks and private endpoints are enabled, most services use Managed Identity to allow access from SmartDocumentor's services. There are a few exceptions:

Postgres uses a Username/Password pair automatically generated during deployment and stored in Key Vault, which facilitates database access from IT admins whenever support is necessary.
Redis uses an access key which can be revoked/refreshed at any time (if correctly reconfigured) due to technical limitations with the libraries used to access Redis.
Azure Storage Accounts tied to Azure Functions containers, used exclusively for lock management, use access keys for simplicity.
The main Azure Storage Account used to upload files and processing artifacts uses access keys because it is a requirement to generate SAS-secured URLs from upload blobs with longer expire times. These URLs are necessary to send documents to AI services, or otherwise securely allow users to the see the documents' content in the app. The access key can be revoked at any time and reconfigured at deployment time.

Deployment Zone⚓︎

The template is officially tested and supported in the Sweden Central zone, which is the preferred and recommended deployment zone by the team. Other zones may still function or include partial support for some features. When deploying on an unsupported region, the Azure Portal can identify incompatibilities during the deployment stage on some resources. Other features may only break during runtime.

Configuring the Template⚓︎

When you open the template URL provided by us, all configurable parameters will be displayed. Reference the table below to learn more:

Parameter	Description	Notes
Subscription	The Azure subscription to deploy to. Ensure you have suficient permissions to deploy in the selected subscription.
Resource Group	The resource group to deploy to. We recommend creating a new resource group specifically for SmartDocumentor.
Region	The region to deploy to. Only Sweden Central is officially supported and validated.	Other regions may work, but some features won't be available at deploy or run time.
Environment Tag	Environment tag to apply to all resources. Used for organizational and billing purposes	Applies to all deployed resources. Additional tags with the version and product name are also added with the following format: Version: Environment: Product: sdcloud-v2
Container Registry Username	Unique username provided to you by DevScope, to pull images from our private container registry.	This value is unique to you and must be kept secret, do not share it with anyone.
Container Registry Token	Unique token provided to you by DevScope, to pull images from our private container registry.	This value is unique to you and must be kept secret, do not share it with anyone.
Management Vm Username	Username for management Windows VM used to debug and support deployments when using virtual networks. Must meet Azure VM username complexity requirements. Use this username to connect to the VM using Azure Bastion.	If you don't intend to use virtual networks, you can insert any value here as it won't be used. This value allows privileged access to virtual networked resources, do not share it with anyone that shouldn't have access.
Management Vm Password	Password for management Windows VM used to debug and support deployments when using virtual networks. Must meet Azure VM password complexity requirements. Use this password to connect to the VM using Azure Bastion.	If you don't intend to use virtual networks, you can insert any value here as it won't be used. This value allows privileged access to virtual networked resources, do not share it with anyone that shouldn't have access.
Single Organization Mode	When enabled (default), SmartDocumentor creates a single Organization which is shared with all users. On account creation, all users are added to this single Organization, and no more organizations can be created. The first user of the organization has the Administrator role.	Disabling this makes SmartDocumentor operate like the publicly available version hosted by us. Each account is assigned a new organization when created or invited.
Single Organization Name	The name of your organization when Single Organization Mode is enabled. You can update the organization name at deployment time or within the application itself in the Organization screen.	Ignored if Single Organization Mode is disabled.
Single Organization Default Role	The default role for new registered accounts whenever Single Organization Mode is enabled. Users invited from within the platform will have the role you select during the invitation process. Remember that unless users are Administrators, they must manually be assigned to each Workspace you wish them to have access to.	Ignored if Single Organization Mode is disabled. The first account of the Organization will always be Administrator.
Smart Documentor Container CPU/RAM	CPU and RAM configuration for the Smart Documentor container. Recommended for development is 0.75 CPU and 1.5Gi RAM. For production, we recommend at least 2.0 CPU and 4Gi RAM.
Render Farm Container CPU/RAM	CPU and RAM configuration for the Render Farm container. Recommended for development is 0.75 CPU and 1.5Gi RAM. For production, we recommend at least 1.0 CPU and 2Gi RAM.
Render Farm Container Max Replicas	The maximum number of replicas for the Render Farm container app when auto-scaling. For development, we recommend a maximum of 1 replica. For production, we recommend at least 3 replicas to handle load and provide redundancy. Render Farm scales up every 100 concurrent requests.
Functions Python Container CPU/RAM	CPU and RAM configuration for the Python Azure Functions container. Recommended for development is 1.0 CPU and 2.0Gi RAM. For production, we recommend at least 1.75 CPU and 3.5Gi RAM.
Functions Python Container Max Replicas	The maximum number of replicas for the Python Azure Functions container app when auto-scaling. For development, we recommend a maximum of 1 replica. For production, we recommend at least 4 replicas to handle load and provide redundancy. Azure Functions scales based on the number of incoming events and can scale very rapidly to handle spikes in traffic.
Functions C# Container CPU/RAM	CPU and RAM configuration for the C# Azure Functions container. Recommended for development and production is 0.75 CPU and 1.5Gi RAM.
Functions C# Container Max Replicas	The maximum number of replicas for the C# Azure Functions container app when auto-scaling. For development, we recommend a maximum of 1 replica. For production, we recommend at least 3 replicas to handle load and provide redundancy. Azure Functions scales based on the number of incoming events and can scale very rapidly to handle spikes in traffic.
PII Anonymizer Container CPU/RAM	CPU and RAM configuration for the PII Anonymizer container. Recommended for development and production is 1.0 CPU and 2.0Gi RAM.
PII Anonymizer Container Max Replicas	The maximum number of replicas for the PII Anonymizer container app when auto-scaling. For development, we recommend a maximum of 1 replica. For production, we recommend at least 3 replicas to handle load and provide redundancy. The PII Anonymizer scales based on the number of incoming requests and the processing time of those requests.
Postgres Relational Sku	Which database SKU to use for the Postgres relational database. Standard_B1ms, 1 vCore, 2 GiB RAM is enough for development workloads.For production, we recommend Standard_B2s, 2 vCore, 4 GiB RAM at a minimum.	See https://azure.microsoft.com/en-us/pricing/details/postgresql/flexible-server/ for details.
Postgres Vector Sku	Which database SKU to use for the Postgres vector store. Standard_B1ms, 1 vCore, 2 GiB RAM is enough for small development workloads. For production, we recommend Standard_B2s, 2 vCore, 4 GiB RAM at a minimum. If you intend to index large amounts of documents, consider using a more powerful SKU with more RAM.	See https://azure.microsoft.com/en-us/pricing/details/postgresql/flexible-server/ for details.
Postgres Relational Storage Size GB	The maximum storage size assigned to the database instance. Defaults to 32 GB.	From our testing, 32GB is enough for most workloads. Consider increasing this value if you predict very high usage.
Postgres Vector Storage Size GB	The maximum storage size assigned to the database instance to store embedding vectors. Defaults to 32 GB.	From our testing, 32GB is enough for most workloads. Consider increasing this value if you predict very high index/search usage. Chat history is also stored in this database, which may affect storage usage.
Use High Availability Redis	Deploys two instances of Azure Managed Redis instead of one, ensuring higher SLAs. Defaults to true.	Enabling this doubles the Redis cost, but is recommended for production deployments due to the SLA improvement.
Use Premium Service Bus SKU	Disabled by default, only consider enabling when you require virtual networks and all resources to be private. When disabled, uses the Standard SKU which is considerably cheaper but does not support virtual networks or private endpoints.	When enabled, the Premium SKU incurs a signficant monthly cost of about 600€/month.
Llm Deployment Type	The deployment type for models in Azure AI Foundry. Defaults to `GlobalStandard`, which supports higher quota values. This means data can travel across diferent regions depending on load. Use other values to configure according to your security and data locality requirements.	See https://learn.microsoft.com/en-us/azure/ai-foundry/foundry-models/concepts/deployment-types to learn more about Deployment Types and which Type is more appropriate for your requirements. Token quota is managed by Deployment Type and model. Note that due to technical limits, the "text-embedding-3-large" model always uses the "GlobalStandard" deployment type, regardless of this setting.
GPT-4o Token Capacity	GPT-4o token capacity, measured in thousands of tokens, also known as quota. Before increasing, make sure you have sufficient quota in your AI Foundry resource and subscription.	This particular model handles transcription summaries. If you experience slow performance, increase this value in increments of 50 until happy with the results.
GPT-4.1 Token Capacity	GPT-4.1 token capacity, measured in thousands of tokens, also known as quota. Before increasing, make sure you have sufficient quota in your AI Foundry resource and subscription.	This particular model handles anonymization and more complex content understanding tasks which require deeper reasoning. If you experience slow performance, increase this value in increments of 50 until happy with the results.
GPT-4.1-Mini Token Capacity	GPT-4.1-Mini token capacity, measured in thousands of tokens, also known as quota. Before increasing, make sure you have sufficient quota in your AI Foundry resource and subscription.	This particular model handles simpler content understanding tasks like classification. If you experience slow performance, increase this value in increments of 50 until happy with the results.
text-embedding-3-large Token Capacity	text-embedding-3-large token capacity, measured in thousands of tokens, also known as quota. Before increasing, make sure you have sufficient quota in your AI Foundry resource and subscription.	This particular model handles content ingestion for search and chat functionalities. If you experience slow performance, increase this value in increments of 50 until happy with the results.
Time Based Scaling	When enabled, the SmartDocumentor application only scales during period defined by Start and End hours. This allows you to reduce hosting costs in off hours. To have 100% availability, disable this.	The app still scales automatically in response to HTTP requests or when internal jobs need to execute. It may take a few minutes before the app can respond to requests.
Time Based Scaling Start Hour	Start time, in UTC, when the app should automatically scale up (0-23). Must be smaller than Time Based Scaling End Hour.	Ignored if Time Based Scaling is disabled.
Time Based Scaling End Hour	End time, in UTC, when the app should automatically scale down (0-23). Must be larger than Time Based Scaling End Hour.	Ignored if Time Based Scaling is disabled.
Use Virtual Network	Enables Virtual Networks and private endpoints for all elegible resources. See Virtual Networks And Private Endpoints to learn more.	Azure Bastion, management VM and NAT Gateway are only configured when Use Virtual Network is enabled.
Developer Account Emails	List of developer account emails, seperated by ; At least one must be configured. This account should be assigned to an IT Admin or technical user which can help DevScope with support and access to workspaces. Developer roles have the same permissions as Administrators but can see additional debug and support tools.	Whenever an account is created or invited with one of these emails, it is automatically upgraded to the Developer role, regardless of Workspace or Organization.
OTLP Endpoint	OpenTelemetry endpoint for custom OTEL collector.	If not configured, uses default Aspire telemetry, which resets after each restart or deployment.
OTLP Protocol	The network protocol used to send metrics, logs and traces to collector. Defaults to `http/protobuf`.	Only used if OTLP endpoint is configured. Check your specific OTLP collector distribution for details on what protocol should be configured. SmartDocumentor's services support protobuf and grpc, which are the two most common protocols.
OTLP Headers	OpenTelemetry OTLP Authorization headers, seperated by spaces. Each header should be in the format \=\ (without <>).	Only required if collector requires specific headers such as authorization (recommended).
OTLP Dashboard Url Format	OpenTelemetry OTLP Dashboard URL format. Use this URL to link to your OTLP traces dashboard. Use {traceId} as a placeholder for the trace ID. If not set, the Aspire dashboard will be used for trace links.	When configured, the "Open in Developer Dashboard" option in the Task List for each task automatically redirects to this URL, which can be very useful for debugging purposes.
QA Environment Target	Which environment should be updated when performing a deployment. Only useful if your deployment flow includes QA or UAT environments. Supported values include "production", "pre-dev", "pre-release" and "pre-production". Defaults to "production", which is the recommended value for all deployments unless instructed otherwise by DevScope.	All non-Container Apps infrastructure is always created/updated regardless of the value selected here. This only affects the version of main and init containers of the SmartDocumentor app itself. Its useful to test pre-dev/release/production code on real infrastructure and data, so it shouldn't be configured to a value other than "production" in production environments.
Custom Host	Custom host name for the "smartdocumentor" container. Include the "https://" prefix and do not end in a "/". Ensure the DNS is configured to point to the container app as according to the documentation. Leave empty to use the default domain provided by Azure Container Apps.	If this value is set, an equivalent custom domain must be set for the "smart-documentor" Container App. See the Adding A Custom Domain section for more details.
Skip Seeding	Skip seeding data on startup, only applying database migrations. Defaults to `false`.	Only useful for advanced scenarios where you are migrating from a previous version of the service.
enableVersionEndpointInProduction	Whether to enable the version endpoint in the Smart Documentor application, available at /api/v1.0/external/version, in the production environment. This endpoint exposes the current application version.	Recommended to keep disabled in production environments for security reasons. QA environments always have this enabled.

Once configured to your liking, hit Review + Create to validate and create your deployment. Depending on configuration and Azure Cloud availability, deployment can take up to 40 minutes. Subsequent deployments are much faster.

Info

Save the parameters inserted in the template for later in a secure place, otherwise you won't be able to easily reproduce your setup if an update is necessary.

See Additional Configuration for additional configuration settings after deployment, such as configuring Email Sending/Receiving, adding Microsoft Account social login or configuring a custom domain.

Post-Deployment Updates⚓︎

To receive additional features or bug fixes, you can contact or be prompted by DevScope to re-run the deployment with a new template. Redeploy using the same settings as you used before. Database migrations and service updates are performed automatically. The team ensures no major breaking changes occur when upgrading, unless previously notified. Every resource is marked with the "version" tag, which you should refer to the team to facilitate support if necessary.

Deleting resources⚓︎

Simply delete the resource group where you deployed SmartDocumentor to remove all resources. Optionally force the removal of VM related resources to completely clean your subscription of SmartDocumentor services.

Info

If you deployed SmartDocumentor in an existing resource group with existing resources, you must delete every SmartDocumentor resource individually. We recommend creating a dedicated SmartDocumentor resource group to simplify resource management.