Internal Documentation

Network Diagram

This is a logical network diagram. We host on a PAAS, fly, and so therefore don’t have direct control over the network layer.

Fly applications are hosted within a wireguard VPN, and only ports explicitly listed are open to the world.

We use Cloudflare for DNS, and for staging use Cloudflare Zero Trust to prevent access to the Fly environment.

Production

[<actor> user] -> [Cloudflare DNS / Proxy]

[Cloudflare DNS / Proxy] -> [Fly Production]

[<frame> Fly Production|
    [Momentum] -> [Application-DB]
    [Momentum] -> [BKB-DB]
    [Momentum] -> [Momentum-Calcs]     
]

[<note> Momentum is exposed on port 443]

Staging


[<actor> user] -> [Cloudflare DNS / Proxy]

[<actor> user] -> [Fly VPN]

[Cloudflare DNS / Proxy] -> [Cloudflare Zero Trust]

[Cloudflare Zero Trust] -> [Fly Staging]

[Fly VPN] -> [Fly Staging]

[<frame> Fly Staging|
    [Momentum] -> [Application-DB]
    [Momentum] -> [BKB-DB]
    [Momentum] -> [Momentum-Calcs]     
]

[<note> Momentum is exposed on port 443]

Visibility

This document is confidential and is a proprietary work product of Cadence OneFive. The information contained herein may not be copied or distributed without the specific written consent of Cadence OneFive.