az-hop icon indicating copy to clipboard operation
az-hop copied to clipboard

Published 20 hours ago verified publisher icon Azure

feedback on architecture diagram

Open ltalirz opened this issue 1 year ago • 3 comments

This comes from discussing the architecture diagram on https://azure.github.io/az-hop/ with an IT professional from a customer

image

  • If possible, it would be useful to use color to indicate not just what is optional, but also what is part of the public/locked-down scenario to make the security aspect easier to understand

  • For every component outside the hpcvnet box that is connected via a line to a component inside, we should indicate whether the connection can be made via a private endpoint in the lockdown scenario

  • The rationale for drawing components outside or inside the hpcvnet box is not 100% clear to me (e.g. why does the box in the bottom left memtion CycleCloud?). I guess the rationale is that prepackaged services are drawn outside the box (but bastion & vpn gateway are also services? + they also have associated public IPs that are not drawn)

  • Some aspects of the drawing are outdated

    • My = Mariadb
    • Lustre & connected services are optional

  • The connection to the enterprise firewall could mention expressroute (?)

@xpillons if you have a visio diagram of the drawing, it might make sense to add it to the repo as well so people can adapt it to their specific deployment for talks with IT security

ltalirz avatar Mar 13 '23 21:03 ltalirz

Yes good point, I will make the visio file available

xpillons avatar Mar 14 '23 11:03 xpillons

@ltalirz please check the visio file here https://github.com/Azure/az-hop/blob/main/docs/files/azhop-public.vsdx

xpillons avatar Mar 16 '23 09:03 xpillons

Thanks a lot @xpillons ! I won't make it this week but will check back next week

ltalirz avatar Mar 16 '23 13:03 ltalirz