%% title: 10-4.2 Jumpbox Data Flow %% description: Section 10 - System Environment - Figure 10-4.2 Jumpbox Data Flow graph TD subgraph AWS GovCloud UAA["User Authentication/Authorization (UAA)"] concourse["Concourse Server"] worker[Concourse Worker] Jumpbox{Ephemeral Jumpbox} BOSH[BOSH Director] EC2[AWS EC2 Instances] ALB("AWS Application Load Balancer (ALB)") opsuaaweb["UAA Web UI<br>(presents CLI authentication token)"] end subgraph GSA Responsibility SAML{"Single Sign-on (SSO)<br>providing MFA<br>SecureAuth"} end subgraph GSA VPN and Internet Egress ZScalerDNS("ZScaler DNS") GSAProxy("GSA Internet Proxy") end Ops((Cloud Operations)) Ops--"Concourse Web UI HTTPS 443"-->ZScalerVPN-->ZScalerDNS-->GSAProxy-->ALB Ops=="Concourse CLI (fly) HTTPS 443"==>ZScalerVPN==>ZScalerDNS==>GSAProxy==>ALB ALB--Run Jumpbox pipeline-->concourse ALB==Access via fly CLI<br>with token==>concourse concourse==CLI routed to Jumpbox SSH 2222==>Jumpbox ALB--Request token for CLI-->opsuaaweb-->UAA UAA-.Authentication.->SAML concourse-.Authorization.->UAA concourse-.Run jumpbox job.->worker worker-.Launch Container.->Jumpbox Jumpbox--BOSH SSH request-->BOSH BOSH-.BOSH Director sets up temporary SSH key.->EC2 Jumpbox==Access EC2 via SSH 22 using temporary key==>EC2