Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Updated docs to add tier usage to tier reference. #216

Merged
merged 3 commits into from
May 21, 2021
Merged
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ Mission LZ has the following scope:

## Networking

Networking is set up in a hub and spoke design, separated by tiers: T0, T1, T2, and multiple T3s. Security can be configured to allow separation of duties between all tiers. Most customers will deploy each tier to a separate Azure subscription, but multiple subscriptions are not required.
Networking is set up in a hub and spoke design, separated by tiers: T0 (Identity and Authorization), T1 (Infrastructure Operations), T2 (DevSecOps and Shared Services), and multiple T3s (Workloads). Security can be configured to allow separation of duties between all tiers. Most customers will deploy each tier to a separate Azure subscription, but multiple subscriptions are not required.

<!-- markdownlint-disable MD033 -->
<img src="src/docs/images/networking.png" alt="Mission LZ Networking" width="600" />
Expand Down
6 changes: 3 additions & 3 deletions src/docs/command-line-deployment.md
Original file line number Diff line number Diff line change
Expand Up @@ -170,15 +170,15 @@ For saca-hub, run the following command to apply the terraform configuration fro
src/core/saca-hub saca-hub.tfvars
```

You could apply Tier 0 with a command below:
You could apply Tier 0 (Identity and Authorization) with a command below:

```bash
src/scripts/terraform/apply_terraform.sh \
src/core/globals.tfvars \
src/core/tier-0 tier-0.tfvars
```

To apply Tier 1, you could then change the target directory:
To apply Tier 1 (Infrastructure Operations), you could then change the target directory:

```bash
src/scripts/terraform/apply_terraform.sh \
Expand All @@ -190,7 +190,7 @@ Repeating this same pattern, for whatever configuration you wanted to apply and

Use `init_terraform.sh` at [src/scripts/terraform/init_terraform.sh](/src/scripts/terraform/init_terraform.sh) to perform just an initialization of the Terraform environment

To initialize Terraform for Tier 1, you could then change the target directory:
To initialize Terraform for Tier 1 (Infrastructure Operations), you could then change the target directory:

```bash
src/scripts/terraform/init_terraform.sh \
Expand Down
2 changes: 1 addition & 1 deletion src/docs/getting-started.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ If you are planning to deploy from your local workstation, we recommend using th

If you want to deploy from the command line on your workstation but do not want to use the develompent container, take a look at the [`Dockerfile`](../../.devcontainer/Dockerfile) and the [`devcontainer.json`](../../.devcontainer/Dockerfile) file for examples on how to configure your environment.

The develoment container is not necessary if you want to use the Mission LZ user interface for deployments. Docker Desktop or Docker CE is still required to build the user interface container.
The develoment container is not necessary if you want to use the Mission LZ user interface for deployments. Docker Desktop or Docker CE is still required to build the user interface container or you can download a precompiled UI conatiner from the [Releases](https://github.com/Azure/missionlz/releases) page.

## Pre-Requisites

Expand Down
2 changes: 1 addition & 1 deletion src/docs/management-groups.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@

### MLZ Structure

The base Mission Landing Zone (MLZ) tiers (SACA Hub, Tier 0, Tier1, Tier 2) can be deployed across one or more Azure subscriptions. The mission workloads (Tier 3) can be deployed into separate subscriptions per workload, consolidated into a single subscription, or a combination of these approaches can be used based on your needs. So from a management perspective, there is usually one SACA Hub subscription, one Tier 0 subscription, one Tier 1 subscription, one Tier 2 subscription and one or more Tier 3 subscriptions.
The base Mission Landing Zone (MLZ) tiers (SACA Hub, Tier 0, Tier1, Tier 2) can be deployed across one or more Azure subscriptions. The mission workloads (Tier 3) can be deployed into separate subscriptions per workload, consolidated into a single subscription, or a combination of these approaches can be used based on your needs. So from a management perspective, there is usually one SACA Hub subscription, one Tier 0 (Identity and Authorization) subscription, one Tier 1 (Infrastructure Operations) subscription, one Tier 2 (DevSecOps and Shared Services) subscription and one or more Tier 3 (Workload) subscriptions.

### Management Groups

Expand Down
2 changes: 1 addition & 1 deletion src/docs/scca.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ Each component has a set of controls. The controls for each component are listed
- Some of the controls are implemented using Azure technologies, but are not within the scope of Mission Landing Zone, e.g. multi-factor authentication and AAD Connect. These rows do not have a ✔️ in the Mission LZ column.
- Some of the controls are not implemented with Azure technologies, e.g. BCAP 2.1.1.7. These rows have "N/A" under the Azure Technologies column.

> NOTE: the mapping of controls to technologies and Mission Landing Zone implementation represents our opinion on how Mission Landing Zone implements SCCA controls. The mappings below are not defined by any DoD organization or Authorizing Official.
> NOTE: the mapping of controls to technologies and Mission Landing Zone implementation represents our opinion on how Mission Landing Zone implements SCCA controls. The mappings below are not defined by any DoD organization or Authorizing Official.

## BCAP Controls

Expand Down