Industries like automotive, manufacturing, healthcare, robotics, and others, face heightened challenges when it comes to scaling immersive solutions across production environments. This is due to strict security and data sovereignty requirements, such as balancing platform architecture tradeoffs of compliance, performance, and sustainable and controllable cloud costs. These requirements often prevent the use of public cloud SaaS solutions for their valuable intellectual property.
If your organization is facing these challenges, then Virtual Private Cloud for Unity Asset Manager might be the solution.
This article covers:
- An overview of the Virtual Private Cloud and Unity Asset Manager
- A solution for organizations’ content silos and security requirements
- Unity Asset Manager for Virtual Private Cloud reference architecture
- Defining user types in projects and organizations
The traditional real-time 3D delivery framework is where the problems begin and the hidden costs arise. Organizations invest substantial resources in developing immersive visualizations and simulations, only to encounter significant operational obstacles that undermine their effectiveness.
When teams make bespoke requests to create high-fidelity and accurate real-time 3D experiences, they typically navigate through disparate systems and siloed data repositories, causing considerable inefficiency. This fragmentation leads to developers spending excessive time searching for the most current datasets rather than creating value, ultimately delaying project deliveries and increasing costs.
The risks of self-developed solutions are: the difficulty of meeting enterprise-grade security policy internally, and in scaling towards business needs, high maintenance costs, and investment increasing sharply beyond the prototype stage.
Simultaneously, these teams often struggle to demonstrate meaningful ROI for business at scale and meeting security policy. From a security standpoint, Unity Asset Manager resolves the challenge of managing sharing assets only with those who should have access to the assets, while Virtual Private Cloud restricts access to the entire infrastructure supporting Unity Asset Manager and the contained IP only to the customer.
Failing to incorporate proper data security and governance protocols can lead to: completed projects facing insurmountable barriers when IT security teams block deployment to production environments, transforming promising innovations into expensive concept prototypes that never reach end users.
Without adherence to security requirements from the beginning, organizations find themselves with technically impressive but ultimately unusable 3D solutions that fail to deliver on their business potential.
The Virtual Private Cloud is deployed directly into your organization’s dedicated cloud environment: Azure or AWS. The solution offers the full power of Unity’s asset management, transformation, and collaboration tools while you retain exclusive control over your data, infrastructure, and security posture. This results in eliminating content silos without compromising on security.
When organizations scale, the content often becomes fragmented between different teams, projects, and storage systems and it can create significant obstacles.
Here are some of the key pain points organizations struggle with:
- Asset discovery: Assets are difficult to find and that leads to teams recreating content that already exists, wasting time and resources.
- Access and collaboration: Sharing assets securely, controlling versions, and managing permissions becomes a burden for administrators and artists alike.
- Interoperability: Transforming assets to work across different DCC tools and 3D softwares can be a laborious, manual process.
- Asset tracking: Managing licenses, versions, and dependencies throughout an asset’s lifecycle is critical, but often overlooked.
Here are the core pillars of Unity Asset Manager designed to solve the most pressing user pain points:
- Asset discovery: Find assets instantly with powerful search, metadata filters, and rich previews.
- Rich asset previews: Preview large 3D assets directly in your browser.
- Asset management: Centrally upload, categorize, version, and manage assets and their license information throughout their lifecycle.
- Asset transformation: Automatically generate different asset formats and variations using an integrated Asset Transformer-powered pipeline, eliminating repetitive and tedious data preparation workflows.
- Asset collaboration: Streamline creative review and feedback with tools for tracking asset status and collaboration.
- DCC interoperability: Validate assets directly within DCC tools and game engines to shorten painful manual workflows with Unity Asset Manager, Unity Pipeline Automation, and the Unity Cloud Python SDK.
- Security and storage: Deploy on your own AWS or Azure cloud infrastructure for maximum control with flexible storage options and robust security features.
One of the most important assets for organizations is intellectual property, which is why standard public cloud SaaS offerings aren’t always viable for numerous reasons, such as:
- Data and IP protection: Many companies have strict regulations that prohibit hosting asset metadata on shared, public cloud infrastructure.
- Data sovereignty: There are often mandates that require data to remain within a specific geographic region or country. Since public Unity Asset Manager is US-based only, Virtual Private Cloud can be the right solution for you.
- IT and cost strategy: Organizations want to leverage existing investments in their own cloud infrastructure and avoid redundant systems.
Virtual Private Cloud is an adapted version of Unity's cloud services, packaged to run inside a client’s own dedicated AWS or Azure environment. It provides a centralized platform to manage the entire asset lifecycle while adhering to the strict security and control requirements.
The entire solution is deployed within your cloud tenant, giving you exclusive control over your data and your systems by design.
The fundamental principle of Unity Asset Manager for Private Cloud is that you maintain control. At its core, the solution utilizes a Kubernetes cluster, enabling it to automatically scale up and down as needed to maintain performance during periods of high and low demand. This container-based approach also ensures the solution is reliable, portable, and the user experience is consistent in terms of performance and quality.
The architecture of the cloud services handle persistence, caching, and processing:
- Compute
- Database
- Caching
- Monitoring
To ensure a reliable and repeatable setup, Unity Asset Manager for Private Cloud is deployed using methods native to each cloud platform.
- On Azure, the solution is delivered as a private plan in the Azure Marketplace, which simplifies procurement and initiates a guided configuration process.
Organizations with bespoke requirements may opt to deploy using Terraform for greater flexibility and customization.
- On AWS, deployment is managed via Unity-provided Terraform scripts that automate the provisioning of all required infrastructure.
The platform is deployed into an isolated virtual network, logically separating it from other workloads. An API gateway is responsible for intelligently routing authorized traffic to appropriate resources. But you have the flexibility to decide how to route end-user traffic to the gateway, based on your organization's policy or preference. Most commonly, we're seeing organizations use some combination of VPN, Peering, Load Balancing, and/or Azure Private Link/endpoints.
Single sign-on (SSO) and role-based access control (RBAC)
For organizations, Single Sign-On (SSO) is supported via OpenID Connect (OIDC) or SAML 2.0 protocol, allowing users to authenticate with their corporate identity provider, such as Microsoft Entra ID and Okta.
The system also enforces the principle of least privilege through Role-Based Access Control (RBAC), and privileged access is periodically reviewed per the Organization Security policy.
Data encryption policy
Customers’ data is protected using strong, industry-standard encryption. Customers also have the option to encrypt their data using their own encryption keys. Data-in-transit is secured using HTTPS with TLS 1.2/1.3, while data-at-rest, including data stored in databases and backups, is encrypted using the AES-256 standard.
Azure Key Vault or AWS Secret Manager are integrated with the solution. The platform also supports and recommends a procedure for rotating the SSO application's client secret as a security best practice.
Certifications and standards
Unity maintains SOC 2 Type 1 attestation for its Public Cloud Creator Services, including Asset Manager and Unity Pipeline Automation. The associated report is available for review under NDA upon request.
As the software is the same on Virtual Private Cloud, all applicable security measures are also present in this version. As it’s on the customer's tenant, it’s possible to enforce bespoke security policies.
User types and roles
At its core, Unity Asset Manager is powered by a Role-Based Access (RBAC) system where administrators can define specific use types and roles for organizations and projects.
To control access to an organization and its projects, you assign user types and roles to organization members and project members:
- The user type is the member's default permissions in the organization or project.
- User roles are the member's additional permissions in the organization or project.
These User types include:
- Owner: Highest level of permissions within an organization or project.
- User: Standard permissions for contributing and accessing assets.
Project roles are assigned permissions to a seat that are specific to projects or the organization. For example, a user could be an Asset Manager Viewer for one project and an Asset Manager Contributor in a different project.
Make sure to check out the documentation for more information around organization-level access, project-level access, and roles.
Fill out this form to access cutting-edge insights and solutions from industry experts
