Back to all diagrams Save as PNG
%% title: 10-4.1 Customer Data Flow %% description: Section 10 - System Environment - Figure 10-4.1 Customer Data Flow graph LR subgraph AWS GovCloud subgraph Cloud Foundry Components subgraph Container Management Segments Cell["Cell"] AppContainer{"Customer<br>Application"} Dashboard{Dashboard<br>dashboard.fr.cloud.gov} end Router[Router] SSHProxy[SSH Proxy] UAA["User Authentication/Authorization (UAA)<br>login.fr.cloud.gov"] CloudController[Cloud Controller<br>api.fr.cloud.gov] ServiceBroker[Service Broker] InternalService["Internal Service<br>e.g. Service Account<br>Identity Provider"] HM[Health Monitor] Loggregator[Loggregator] end subgraph Customer Logs Q[Redis Queue] Logstash[Logstash] ES[Elasticsearch] Kibana[Kibana<br>logs.fr.cloud.gov] end subgraph AWS Brokered Services VPC AWSService["AWS Service<br>e.g. RDS<br>Redis"] end subgraph SAML IDP SAML[cloud.gov fallback IDP<br>providing MFA] end ELB("Elastic Load Balancer (ELB)") CloudControllerDB(Cloud Controller<br>RDS DB) CloudWatch[AWS CloudWatch Logs] S3[S3] end subgraph Customer Responsibility CustomerSAML{"Single Sign-on (SSO)<br>providing MFA"} end subgraph AWS East/West cloudfront["AWS CloudFront"] end Customer((Customer)) statuspage["StatusPage<br>cloudgov.statuspage.io"] Router-->Cell SSHProxy--SSH using temporary key-->Router CloudController-.API Request Sets up temporary SSH key.->SSHProxy CloudController--Request for provision-->ServiceBroker CloudController--Provision/scale application instances-->Cell CloudControllerDB-->CloudController ServiceBroker--Provisions-->InternalService ServiceBroker--Provisions-->AWSService InternalService--Service protocol-->AppContainer AWSService--Service protocol-->AppContainer HM--Monitoring of assigned port-->AppContainer Cell-.Container.->AppContainer AppContainer-->Loggregator Cell-.Container.->Dashboard Loggregator-->Logstash Logstash-->Q Q-->ES Logstash-->CloudWatch Logstash-->S3 ES-->Kibana Customer--"Web request (HTTPS)"-->ELB Customer--SSH using temporary key-->ELB Customer--"Web request (HTTPS)"-->statuspage Customer--"Web request (HTTPS)"-->cloudfront cloudfront --"Web request (HTTPS)"--> ELB ELB --SSH using temporary key--> SSHProxy ELB --"Web request (HTTPS)"--> Router ELB --API request--> CloudController ELB -- "Triggered by web request (HTTPS) only" --> Kibana UAA-.Authentication.->CustomerSAML UAA-.Authentication.->SAML CloudController-.Authorization.->UAA SSHProxy-.Authorization.->UAA Kibana-.Authorization.->UAA
Legend
Bidirectional data/information flow
One-directional data/information flow
Data/information request that is system generated
Component ( square corners )
Collections of VMs or containers
Non-VMs / container components ( rounded corners )
User types
External data components
Grouping of components
Back to all diagrams