Platform
Infrastructure build, operations, and runbooks for the UIAO governance substrate
Platform
Operational runbooks for building, hardening, and governing the on-premises UIAO substrate. These documents describe how to stand up the concrete infrastructure the canon governs — Gitea behind IIS on Windows Server 2025, Intune compliance, Azure Arc enrollment, and OrgTree integration — so the policies in Modernization Specs have a real substrate to attach to.
Platform pages are infrastructure runbooks, not identity architecture. Identity governance (OrgPath, dynamic groups, AUs, joiner/mover/leaver) lives in the Modernization canon and its appendices MOD_A..MOD_Z. Platform pages cite those canonical sources and show only the server-scoped instantiation.
Pages in this section
| Slug | Purpose | Posted source |
|---|---|---|
platform-server-build |
Windows Server 2025 + IIS + Gitea + Intune + Azure Arc + OrgTree — 14-phase build guide | UIAO Platform Server Build Guide — Windows Server 2025 with Gitea and IIS.docx (UIAO_SBG_001) |
Canonical invariants
Every platform page respects:
- Boundary:
gcc-moderate(M365 SaaS). IaaS components sit in commercial FedRAMP per ADR-001. - Architecture decision: Gitea behind IIS reverse proxy (ADR-001). The rejected Option A (IIS + git-http-backend alone) is non-canonical; any Posted document describing it is superseded.
- OrgTree integration: every platform server carries an OrgPath, lives inside an Administrative Unit, and reports drift state to MOD_M.