@startuml frame "Azure" { boundary "IpSec" as azure_ipsec boundary "SWH network" as azure_net collections "SWH workers\nDB replica\n..." as azure_workers } frame "VPN users" { collections "Open VPN users" as openvpn_users } cloud "Internet" as internet frame "CESI Rocquencourt" { boundary "FW DSI" as dsi_fw boundary "VLAN 210 - swh-public" as vlan_public node "staging gateway" as staging_gateway boundary "VLAN 443 - swh-staging" as vlan_staging together { node louvre { boundary "IpSec" as louvre_ipsec interface "router" as louvre_fw boundary "OpenVPN" as louvre_openvpn } node "pergamon" as pergamon node "tate" as tate node "moma" as moma } boundary "VLAN 400 - swh-production" as vlan_production together { node "ceph-osd" as ceph_osd collections "ceph-nodes" as ceph_nodes } boundary "VLAN 442 - unused" as vlan_ceph collections staging_services [ Staging services ------ databases workers journal ... ] collections production_services [ Production services ------ databases workers ... ] collections production_kafka [ Kafka nodes ] } azure_net -- azure_ipsec azure_ipsec -- internet internet -- dsi_fw azure_workers -- azure_net openvpn_users -- internet louvre_fw -r- louvre_openvpn louvre_fw -- vlan_production : default gw vlan_public -- louvre_fw louvre_fw -l- louvre_ipsec staging_gateway -l- vlan_production ceph_osd -- vlan_ceph ceph_osd -u- vlan_production ceph_nodes -d- vlan_ceph ceph_nodes -u- vlan_production staging_gateway -- vlan_staging : default gateway vlan_public -u- dsi_fw pergamon -u- vlan_public pergamon -d- vlan_production tate -u- vlan_public tate -d- vlan_production moma -u- vlan_public moma -d- vlan_production staging_services -u- vlan_staging production_services -u- vlan_production production_kafka -u- vlan_public production_kafka -d- vlan_production @enduml