From 7cb260a70dd22fa841071c05c6f344990cd75519 Mon Sep 17 00:00:00 2001 From: Rob Gil Date: Mon, 13 Jan 2020 20:02:04 -0500 Subject: [PATCH 1/2] 170614119 - Adds initial connection lists and architecture doc This adds the initial lists of transient connections (protocols, ports, etc). Also adds listening services and hosts used. --- docs/ATATArchitecture.md | 0 docs/EdgeControls.md | 32 ++++++++++++++++++++++++++++++++ 2 files changed, 32 insertions(+) create mode 100644 docs/ATATArchitecture.md create mode 100644 docs/EdgeControls.md diff --git a/docs/ATATArchitecture.md b/docs/ATATArchitecture.md new file mode 100644 index 00000000..e69de29b diff --git a/docs/EdgeControls.md b/docs/EdgeControls.md new file mode 100644 index 00000000..9f265910 --- /dev/null +++ b/docs/EdgeControls.md @@ -0,0 +1,32 @@ +# Edge Control +This document describes the expected connections and listening services. + +## Transient Connections +| Service | Direction | Ports | Encrypted? | Ciphers | +| --------|-----------|-------|------------|--------------| +| Azure Container Registry | Egress | 443 | Yes | MSFT Managed | +| DOD CRL Service | Egress | 443 | Yes | DOD Managed | +| Azure Storage | Egress | 443 | Yes | MSFT Managed| +| Redis | Egress | 6380 | Yes | MSFT Managed| +| Postgres | Egress | 5432 | Yes | MSFT Managed| + +# Listening Ports / Services +| Service/App | Port | Encrypted? | Accessible | +|-------------|------|------------|--------| +| ATAT App | 80, 443 | Both | Load Balancer Only +| ATAT Auth | 80, 443 | Both | Load Balancer Only + +# Host List +## Dev +| Service| Host | +|--------|------| +| Redis | cloudzero-dev-redis.redis.cache.windows.net | +| Postgres| cloudzero-dev-sql.postgres.database.azure.com | +| Docker Container Registry | cloudzerodevregistry.azurecr.io | + +## Production +| Service | Host | +|---------|------| +| Redis | | +| Postgres| | +| Docker Container Registry | | \ No newline at end of file From 04806592582e0e3a1b12104a7c985f690670f951 Mon Sep 17 00:00:00 2001 From: Rob Gil Date: Wed, 15 Jan 2020 11:25:15 -0500 Subject: [PATCH 2/2] Documents protocols used for connections --- docs/EdgeControls.md | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/docs/EdgeControls.md b/docs/EdgeControls.md index 9f265910..b9b409f6 100644 --- a/docs/EdgeControls.md +++ b/docs/EdgeControls.md @@ -2,19 +2,19 @@ This document describes the expected connections and listening services. ## Transient Connections -| Service | Direction | Ports | Encrypted? | Ciphers | -| --------|-----------|-------|------------|--------------| -| Azure Container Registry | Egress | 443 | Yes | MSFT Managed | -| DOD CRL Service | Egress | 443 | Yes | DOD Managed | -| Azure Storage | Egress | 443 | Yes | MSFT Managed| -| Redis | Egress | 6380 | Yes | MSFT Managed| -| Postgres | Egress | 5432 | Yes | MSFT Managed| +| Service | Direction | Ports | Protocol | Encrypted? | Ciphers | +| --------|-----------|-------|----------|------------|--------------| +| Azure Container Registry | Egress | 443 | HTTP | Yes | MSFT Managed | +| DOD CRL Service | Egress | 443 | HTTP | Yes | DOD Managed | +| Azure Storage | Egress | 443 | HTTP | Yes | MSFT Managed| +| Redis | Egress | 6380 | HTTP | Yes | MSFT Managed| +| Postgres | Egress | 5432 | HTTP | Yes | MSFT Managed| # Listening Ports / Services -| Service/App | Port | Encrypted? | Accessible | -|-------------|------|------------|--------| -| ATAT App | 80, 443 | Both | Load Balancer Only -| ATAT Auth | 80, 443 | Both | Load Balancer Only +| Service/App | Port | Protocol| Encrypted? | Accessible | +|-------------|---------|---------|------------|--------| +| ATAT App | 80, 443 | HTTP | Both | Load Balancer Only +| ATAT Auth | 80, 443 | HTTP | Both | Load Balancer Only # Host List ## Dev