Merge pull request #1685 from craddm/sre-storage-docs

Document removal of persistent SRE storage accounts
alan-turing-institute · Dec 12, 2023 · 485b4bb · 485b4bb
2 parents b6cefe4 + 0641bee
commit 485b4bb
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 1 deletion.
diff --git a/docs/source/deployment/snippets/05_storage_accounts.partial.md b/docs/source/deployment/snippets/05_storage_accounts.partial.md
@@ -7,4 +7,4 @@ PS> ./Setup_SRE_Storage_Accounts.ps1 -shmId <SHM ID> -sreId <SRE ID>
 - where `<SHM ID>` is the {ref}`management environment ID <roles_deployer_shm_id>` for this SHM
 - where `<SRE ID>` is the {ref}`secure research environment ID <roles_deployer_sre_id>` for this SRE
 
-This script will create a storage account in the `RG_SHM_<shmId>_DATA_PERSISTENT` resource group, a corresponding private end point in `RG_SRE_NETWORKING` and will configure the DNS zone of the storage account to the right IP address.
+This script will create a storage account in the `RG_SHM_<SHM ID>_PERSISTENT_DATA` resource group, a corresponding private end point in `RG_SRE_<SRE ID>_NETWORKING` and will configure the DNS zone of the storage account to the right IP address.
diff --git a/docs/source/roles/system_manager/manage_deployments.md b/docs/source/roles/system_manager/manage_deployments.md
@@ -127,6 +127,15 @@ On your **deployment machine**.
 
 - If you provide the optional `-dryRun` parameter then the names of all affected resources will be printed, but nothing will be deleted
 
+The `SRE_Teardown.ps1` script *does not* remove the SRE data storage account stored in the SHM. Thus, the `ingress`, `egress`, and `backup` data folders still exist.
+This allows the data to be used for the project associated with the SRE to exist before and after the project starts and ends, without requiring the full SRE to be running.
+
+```{attention}
+To avoid accidental deletion, the storage account must be deleted manually through the Azure Portal.
+The storage account can be found under `RG_SHM_<SHM ID>_PERSISTENT_DATA`, with a name similar to `<SHM ID><SRE ID>data<random letters>`.
+Deleting the SRE storage account from `RG_SHM_<SHM ID>_PERSISTENT_DATA` will delete any work that was done in the SRE.
+```
+
 ## {{end}} Remove a complete Safe Haven
 
 ### {{collision}} Tear down any attached SREs
@@ -154,6 +163,15 @@ On your **deployment machine**.
     If you provide the optional `-dryRun` parameter then the names of all affected resources will be printed, but nothing will be deleted
     ```
 
+The `SRE_Teardown.ps1` script *does not* remove the SRE data storage account stored in the SHM. Thus, the `ingress`, `egress`, and `backup` data folders still exist.
+This allows the data to be used for the project associated with the SRE to exist before and after the project starts and ends, without requiring the full SRE to be running.
+
+```{attention}
+To avoid accidental deletion, the storage account must be deleted manually through the Azure Portal.
+The storage account can be found under `RG_SHM_<SHM ID>_PERSISTENT_DATA`, with a name similar to `<SHM ID><SRE ID>data<random letters>`.
+Deleting the SRE storage account from `RG_SHM_<SHM ID>_PERSISTENT_DATA` will delete any work that was done in the SRE.
+```
+
 ### {{unlock}} Disconnect from the Azure Active Directory
 
 Connect to the **SHM Domain Controller (DC1)** via Remote Desktop Client over the SHM VPN connection