170614119 - Adds initial connection lists and architecture doc

This adds the initial lists of transient connections (protocols, ports, etc). Also adds listening services and hosts used.
2020-01-13 20:02:04 -05:00 · 2020-01-13 20:02:04 -05:00 · 7cb260a70d
commit 7cb260a70d
parent b1345c0eb0
2 changed files with 32 additions and 0 deletions
--- a/docs/ATATArchitecture.md
+++ b/docs/ATATArchitecture.md
--- a/docs/EdgeControls.md
+++ b/docs/EdgeControls.md
@ -0,0 +1,32 @@
+# Edge Control
+This document describes the expected connections and listening services.
+
+## Transient Connections
+| Service | Direction | Ports | Encrypted? | Ciphers      |
+| --------|-----------|-------|------------|--------------|
+| Azure Container Registry  | Egress    | 443   | Yes        | MSFT Managed |
+| DOD CRL Service | Egress | 443 | Yes | DOD Managed | 
+| Azure Storage | Egress | 443 | Yes | MSFT Managed| 
+| Redis | Egress | 6380 | Yes | MSFT Managed| 
+| Postgres | Egress | 5432 | Yes | MSFT Managed| 
+
+# Listening Ports / Services
+| Service/App | Port | Encrypted? | Accessible |
+|-------------|------|------------|--------|
+| ATAT App    | 80, 443 | Both | Load Balancer Only 
+| ATAT Auth   | 80, 443 | Both | Load Balancer Only
+
+# Host List
+## Dev
+| Service| Host |
+|--------|------|
+| Redis  | cloudzero-dev-redis.redis.cache.windows.net |
+| Postgres| cloudzero-dev-sql.postgres.database.azure.com |
+| Docker Container Registry | cloudzerodevregistry.azurecr.io |
+
+## Production
+| Service | Host |
+|---------|------|
+| Redis   |      |
+| Postgres|      |
+| Docker Container Registry | |