# Architecture Notes

Notes on the multiaccount/multipartition architecture. Draft.

## VPC Breakdown

Proposed VPC Breakdown

| VPC Name             | Accounts                 | Purpose                                         | Servers                                                                              | Special Traffic Considerations                                           |
| -------------------- | ------------------------ | ----------------------------------------------- | ------------------------------------------------------------------------------------ | ------------------------------------------------------------------------ |
| vpc-splunk           | Customer and C2          | Splunk Clusters including Moose                 | splunk-\*                                                                            | Inbound Splunk Data from Customers                                       |
| vpc-interconnects    | C2 Gov Only              | Connect GovCloud and Commercial                 | interconnect-\*                                                                      | IPSEC inbound and outbound to Transit Gateways                           |
| vpc-access           | C2 Gov Only              | VPN and Bastion Access                          | openvpn-\*, bastion\*                                                                | Inbound from internet/whitelist. Outbound to all systems on admin ports. |
| vpc-portal           | C2 Gov Only???           | Customer Portal                                 | portal\* and supporting                                                              | Inbound HTTPS, outbound to customer vpc-splunk                           |
| vpc-public           | C2 Gov Only              | Publicly Accessible Services for Infrastructure | github, ghe-backup, jira                                                             | Inbound HTTPS                                                            |
| vpc-scanners         | C2 Gov and Commercial    | Security Scanning                               | qualys-\*                                                                            | Outbound to private                                                      |
| vpc-system-services  | C2 Gov and Commercial(?) | Services provided to systems                    | mailrelay, oscontext-unbound, proxy, reposerver, resolver, salt-master, sensu, vault | Inbound from private                                                     |
| vpc-private-services | C2 Gov Only              | Employee Services that access Splunk            | fm-shared-search, qcompliance, phantom                                               | Inbound from employees, outbound to all splunk                           |
| vpc-vmray            | VMRay                    | Malware Detonation                              | vmray-\*                                                                             | Inbound from employees                                                   |