Hosting build and deployment on two separate server instances

Hi all,

We've been using Teamcity successfully as our build and deployment engine, having several builds (projects) on one single instance and restricting who does what by built-in user permissions. But our security guys are concerned (as they always are) with the issue that the teamcity vm can be vulnerable as it has access to both dev and production environments and only difference who can build for testing or deploy new version to the live production server is 'simple' username/password control that we have for the Teamcity users.

We are thinking about spliting the project between two TC installations, so that two machines can be in separate subnets etc. but the question is what is the best way to move artifacts from the build instance to the deployment instance - use the shared drive available to both machines and come up with some kind of storage protocol (build puts files in a folder with build no as a name, or something like that), or access artifacts over rest/direct http(s) address...or anything else.

Anybody has experience doing something similar? any advice would be appreciated!

1 comment
Comment actions Permalink

Hi Zura,

The usual approach is to use one TeamCity server for CI and deployment. Except user permissions, you can use typed parameter with display mode prompt and validate it in a build step to protect builds from occasional triggering.
If you want to use two TeamCity servers you can get artifacts to deployment server using REST API or you can use third-party tool to store artifacts (for example Artifactory or perhaps some more suitable one).


Please sign in to leave a comment.