%% title: 10-4.2 Jumpbox Data Flow %% description: Section 10 - System Environment - Figure 10-4.2 Jumpbox Data Flow graph TD subgraph AWS GovCloud UAA["User Authentication/Authorization (UAA)"] web["Concourse Web Server"] worker[Concourse Worker] Jumpbox{Ephemeral Jumpbox} BOSH[BOSH Director] EC2[AWS EC2 Instances] ELB("AWS Elastic Load Balancer (ELB)") end subgraph GSA Responsibility SAML{"Single Sign-on (SSO)<br>providing MFA - SecureAuth"} end subgraph GSA VPN and Internet Egress ZScalerDNS("ZScaler DNS") GSAProxy("GSA Internet Proxy") end Ops((Cloud Operations)) Ops--"Concourse CLI (fly): HTTPS/TCP 443"-->ZScalerVPN-->ZScalerDNS-->GSAProxy-->ELB ELB-->web UAA-.Authentication.->SAML web-.Authorization.->UAA web--Run jumpbox job-->worker worker-.Container.->Jumpbox Jumpbox--BOSH SSH request-->BOSH BOSH-.BOSH Director sets up temporary SSH key.->EC2 Jumpbox--SSH using temporary key-->EC2