Update our key SSP diagrams (Data Flow Diagram and Network Diagram)

[brittag]

In order for compliance reviewers and other documentation readers to understand our system, the cloud.gov diagrams in our SSP need to be very accurate and up to date.

How to do this:

The best available diagrams that we have right now are in this folder. The two key diagrams are the Figure 10-4 Data Flow Diagram and the Cloud-gov-boundary diagram (called Figure 10-1 Network Diagram in our SSP). Both of these need various updates. We don't seem to have source files for these (see this thread).

For example, some updates we probably need for Data Flow:

• URLs need to include .fr.
• DevOps should probably be "cloud.gov Cloud Operations team"

And for example, some updates we probably need for the Boundary / Network Diagram:

• Remove Trello
• Need to update jumpboxes as ephemerals
• Update "NAT" to "NAT gateway" for clarity

Terminology should match the terminology we're using in the SSP. The latest SSP draft is here. Ideally the capitalization/spelling should match our content guide for consistency (nice to have; not a blocker). Please ask me if you have questions about keeping our terminology consistent. :D

Acceptance Criteria

• [x] This folder has an updated Data Flow Diagram
• [x] This folder has an updated Boundary / Network Diagram

After this is done, we will need to make sure there are large versions available to readers, which is a separate task tracked at https://github.com/18F/cg-compliance/issues/166.

[brittag]

cc @mogul since he'll need these updated diagrams for the JAB product briefing (https://github.com/18F/cg-product/issues/153)

[mogul]

If we need to recreate any of them: Britta suggests that we use Google Drawings since it enables us to collaborate, leave comments, etc. and still export as SVG for inclusion in repositories. There's a template with AWS icons, if that's helpful. I'll ask only that we include a link back to the current drawing's URL somewhere inconspicuous (either in the drawing footer or in the .svg itself) since the exported SVG is not the canonical source.

[mogul]

Since I'll be coming off of vacation directly into DC the night before our meeting, please just replace the appropriate diagrams/links in the FedRAMP product briefing presentation directly!

[mogul]

Just to be explicit: We need to update these by next Tuesday, 8/2!

[brittag]

We also made a cloud.gov team folder for system diagrams.

Noting followup tasks as a checklist for reference:

• [x] Update the boundaries diagram in the product briefing
• [x] Update the data flow diagram in the product briefing

[mogul]

A couple other points not previously captured here:

• data flow diagram - remove the service broker from the link
• Need to update that it’s services network, not concourse network in prod vpc

[brittag]

Adam updated both of these. 🎉 They are in this Diagrams folder - I added a subfolder called "Latest key diagrams used in SSP" and put the two final versions in there as an effort at clarity.

I've updated these in the FedRAMP product briefing presentation. I've also updated these in the SSP, and I've added the latest versions to the SSP Attachments folder.

[marshallpmp]

Can anyone share a sample boundary diagram, that shows the level of detail needed? New to this thread (and Github in general). marshall_pmp@comcast.net

[LinuxBozo]

@marshallpmp All of our current diagrams are available to view at https://diagrams.fr.cloud.gov, and the source at https://github.com/18F/cg-diagrams