openstack
/
security-doc
Code Issues Proposed changes

Enhancement - Additional ways to configure SSL 

Guide today has decent coverage on secure communication, but
Nathan K. recently (not that recently) published a blog post on
various secure deployment models. Adding discussion on various
deployment models from his blog into the guide.

Change-Id: I207c58890a8cf9b3fb377c6d167037b6aae3d563
Closes-Bug: #1334009
Co-Authored-By: nkinder <nkinder@redhat.com>
This commit is contained in:
Priti Desai 2015-02-19 14:02:47 -08:00 committed by Andreas Jaeger
parent bc0248384d
commit c0d1760541
10 changed files with 2261 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
security-guide/ch_secure_communication.xml
View File

@ -8,6 +8,7 @@
<xi:include href="section_introduction-to-ssl-tls.xml"/>
<xi:include href="section_tls-proxies-and-http-services.xml"/>
<xi:include href="section_secure-reference-architectures.xml"/>
<xi:include href="section_case-studies-pki-and-certificate-management.xml"/>
</chapter>

203
security-guide/section_secure-reference-architectures.xml Normal file
View File

@ -0,0 +1,203 @@
<?xml version="1.0" encoding="UTF-8"?>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink"
version="5.0"
xml:id="secure-reference-architectures">
<?dbhtml stop-chunking?>
<title>Secure reference architectures</title>
<para>We recommend using SSL/TLS on both public networks and
management networks in
<xref linkend="tls-proxies-and-http-services"/>.
However, if actually deploying SSL/TLS everywhere is too
difficult, we recommend evaluating your OpenStack SSL/TLS needs and
following one of the architectures discussed here.</para>
<para>The first thing one should do when evaluating their OpenStack
SSL/TLS needs is to identify the threats. You can divide these
threats into external and internal attacker categories, but the
lines tend to get blurred since certain components of OpenStack
operate on both the public and management networks.</para>
<para>For publicly facing services, the threats are pretty
straightforward. Users will be authenticating against horizon and
keystone with their username and password. Users will also be
accessing the API endpoints for other services using their
keystone tokens. If this network traffic is unencrypted, passwords
and tokens can be intercepted by an attacker using a
man-in-the-middle attack. The attacker can then use these valid
credentials to perform malicious operations. All real deployments
should be using SSL/TLS to protect publicly facing services.</para>
<para>For services that are deployed on management networks, the
threats aren't so clear due to the bridging of security domains with
network security. There is always the chance that an administrator
with access to the management network decides to do something
malicious. SSL/TLS isn't going to help in this situation if the
attacker is allowed to access the private key. Not everyone on the
management network would be allowed to access the private key of
course, so there is still value in using SSL/TLS to protect yourself
from internal attackers. Even if everyone that is allowed to access
your management network is 100% trusted, there is still a threat
that an unauthorized user gains access to your internal network by
exploiting a misconfiguration or software vulnerability. One must
keep in mind that you have users running their own code on instances
in the OpenStack Compute nodes, which are deployed on the management
network. If a vulnerability allows them to break out of the
hypervisor, they will have access to your management network. Using
SSL/TLS on the management network can minimize the damage that an
attacker can cause.</para>
<section xml:id="ssl-tls-proxy-in-front">
<title>SSL/TLS proxy in front</title>
<para>It is generally accepted that it is best to encrypt
sensitive data as early as possible and decrypt it as late as
possible. Despite this best practice, it seems that it's common to
use a SSL/TLS proxy in front of the OpenStack services and use
clear communication afterwards as shown below:</para>
<para>
<inlinemediaobject>
<imageobject role="html">
<imagedata contentdepth="450" contentwidth="540"
fileref="static/secure-arch-ref-1.png" format="PNG" scalefit="1"/>
</imageobject>
<imageobject role="fo">
<imagedata contentdepth="100%" fileref="static/secure-arch-ref-1.png"
format="PNG" scalefit="1" width="100%"/>
</imageobject>
</inlinemediaobject></para>
<para>Some of the concerns with the use of SSL/TLS proxies as
pictured above:</para>
<itemizedlist><listitem>
<para>
Native SSL/TLS in OpenStack services does not perform/scale
as well as SSL proxies (particularly for Python
implementations like Eventlet).
</para>
</listitem><listitem>
<para>
Native SSL/TLS in OpenStack services not as well scrutinized/
audited as more proven solutions.
</para>
</listitem><listitem>
<para>
Native SSL/TLS configuration is difficult (not well
documented, tested, or consistent across services).
</para>
</listitem><listitem>
<para>
Privilege separation (OpenStack service processes should not
have direct access to private keys used for SSL/TLS).
</para>
</listitem><listitem>
<para>
Traffic inspection needs for load balancing.
</para>
</listitem>
</itemizedlist>
<para>All of the above are valid concerns, but none of them
prevent SSL/TLS from being used on the management network. Let's
consider the next deployment model.</para>
</section>
<section xml:id="ssl-tls-proxy-on-same-physical-hosts-as-api-endpoints">
<title>SSL/TLS on same physical hosts as API endpoints</title>
<para>
<inlinemediaobject>
<imageobject role="html">
<imagedata contentdepth="450" contentwidth="540"
fileref="static/secure-arch-ref-2.png" format="PNG" scalefit="1"/>
</imageobject>
<imageobject role="fo">
<imagedata contentdepth="100%" fileref="static/secure-arch-ref-2.png"
format="PNG" scalefit="1" width="100%"/>
</imageobject>
</inlinemediaobject></para>
<para>This is very similar to the
<link linkend="ssl-tls-proxy-in-front">"SSL/TLS in front model"
</link> but the SSL/TLS proxy is on the same physical system as
the API endpoint. The API endpoint would be configured to only
listen on the local network interface. All remote communication
with the API endpoint would go through the SSL/TLS proxy. With
this deployment model, we address a number of the bullet points in
<link linkend="ssl-tls-proxy-in-front">"SSL/TLS in front model"
</link>. A proven SSL implementation that performs well would be
used. The same SSL proxy software would be used for all services,
so SSL configuration for the API endpoints would be consistent.
The OpenStack service processes would not have direct access to
the private keys used for SSL/TLS, as you would run the SSL
proxies as a different user and restrict access using permissions
(and additionally mandatory access controls using something like
SELinux). We would ideally have the API endpoints listen on a Unix
socket such that we could restrict access to it using permissions
and mandatory access controls as well. Unfortunately, this does not
seem to work currently in Eventlet from our testing. It is a good
future development goal.</para>
</section>
<section xml:id="ssl-tls-over-load-balancer">
<title>SSL/TLS over load balancer</title>
<para>What about high availability or load balanced deployments
that need to inspect traffic? The previous deployment model
(<link linkend="ssl-tls-proxy-on-same-physical-hosts-as-api-endpoints"
>SSL/TLS on same physical hosts as API endpoints</link>) would not
allow for deep packet inspection since the traffic is encrypted.
If the traffic only needs to be inspected for basic routing
purposes, it might not be necessary for the load balancer to have
access to the unencrypted traffic. HAProxy has the ability to
extract the SSL/TLS session ID during the handshake, which can
then be used to achieve session affinity
(<link
xlink:href="http://blog.exceliance.fr/2011/07/04/maintain-affinity-based-on-ssl-session-id/"
>configuration details here</link>).
HAProxy can also use the
TLS Server Name Indication (SNI) extension to determine where
traffic should be routed to
(<link
xlink:href="http://blog.exceliance.fr/2012/04/13/enhanced-ssl-load-balancing-with-server-name-indication-sni-tls-extension/"
>configuration details here</link>). These features likely cover
some of the most common load balancer needs. HAProxy would be able
to just pass the HTTPS traffic straight through to the API
endpoint systems in this case:</para>
<para>
<inlinemediaobject>
<imageobject role="html">
<imagedata contentdepth="450" contentwidth="540"
fileref="static/secure-arch-ref-3.png" format="PNG" scalefit="1"/>
</imageobject>
<imageobject role="fo">
<imagedata contentdepth="100%" fileref="static/secure-arch-ref-3.png"
format="PNG" scalefit="1" width="100%"/>
</imageobject>
</inlinemediaobject></para>
</section>
<section xml:id="cryptographic-seperation-of-external-and-internal-environments">
<title>Cryptographic seperation of external and internal environments</title>
<para>What if you want cryptographic separation of your external and
internal environments? A public cloud provider would likely want
their public facing services (or proxies) to use certificates that
are issued by a CA that chains up to a trusted Root CA that is
distributed in popular web browser software for SSL/TLS. For the
internal services, one might want to instead use their own PKI to
issue certificates for SSL/TLS. This cryptographic separation can be
accomplished by terminating SSL at the network boundary, then
re-encrypting using the internally issued certificates. The traffic
will be unencrypted for a brief period on the public facing SSL/TLS
proxy, but it will never be transmitted over the network in the
clear. The same re-encryption approach that is used to achieve
cryptographic separation can also be used if deep packet inspection
is really needed on a load balancer. Here is what this deployment
model would look like:</para>
<para>
<inlinemediaobject>
<imageobject role="html">
<imagedata contentdepth="450" contentwidth="540"
fileref="static/secure-arch-ref-4.png" format="PNG" scalefit="1"/>
</imageobject>
<imageobject role="fo">
<imagedata contentdepth="100%" fileref="static/secure-arch-ref-4.png"
format="PNG" scalefit="1" width="100%"/>
</imageobject>
</inlinemediaobject></para>
<para>As with most things, there are trade-offs. The main
trade-off is going to be between security and performance.
Encryption has a cost, but so does being hacked. The security and
performance requirements are going to be different for every
deployment, so how SSL/TLS is used will ultimately be an
individual decision.</para>
</section>
</section>

BIN
security-guide/static/secure-arch-ref-1.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 26 KiB

495
security-guide/static/secure-arch-ref-1.svg Normal file
View File

@ -0,0 +1,495 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!-- Created with Inkscape (http://www.inkscape.org/) -->
<svg
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:cc="http://creativecommons.org/ns#"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:svg="http://www.w3.org/2000/svg"
xmlns="http://www.w3.org/2000/svg"
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
width="744.09448819"
height="1052.3622047"
id="svg2"
version="1.1"
inkscape:version="0.91 r13725"
sodipodi:docname="secure-arch-ssl-proxy-in-front.svg">
<defs
id="defs4">
<marker
inkscape:stockid="Arrow1Lend"
orient="auto"
refY="0.0"
refX="0.0"
id="Arrow1Lend"
style="overflow:visible;">
<path
id="path5082"
d="M 0.0,0.0 L 5.0,-5.0 L -12.5,0.0 L 5.0,5.0 L 0.0,0.0 z "
style="fill-rule:evenodd;stroke:#000000;stroke-width:1.0pt;"
transform="scale(0.8) rotate(180) translate(12.5,0)" />
</marker>
<marker
inkscape:stockid="Arrow2Lstart"
orient="auto"
refY="0.0"
refX="0.0"
id="Arrow2Lstart"
style="overflow:visible">
<path
id="path5591"
style="fill-rule:evenodd;stroke-width:0.62500000;stroke-linejoin:round"
d="M 8.7185878,4.0337352 L -2.2072895,0.016013256 L 8.7185884,-4.0017078 C 6.9730900,-1.6296469 6.9831476,1.6157441 8.7185878,4.0337352 z "
transform="scale(1.1) translate(1,0)" />
</marker>
<marker
inkscape:stockid="Arrow2Lend"
orient="auto"
refY="0.0"
refX="0.0"
id="Arrow2Lend"
style="overflow:visible;">
<path
id="path5594"
style="fill-rule:evenodd;stroke-width:0.62500000;stroke-linejoin:round;"
d="M 8.7185878,4.0337352 L -2.2072895,0.016013256 L 8.7185884,-4.0017078 C 6.9730900,-1.6296469 6.9831476,1.6157441 8.7185878,4.0337352 z "
transform="scale(1.1) rotate(180) translate(1,0)" />
</marker>
<marker
inkscape:stockid="Arrow1Lend"
orient="auto"
refY="0"
refX="0"
id="Arrow1Lend-1"
style="overflow:visible">
<path
inkscape:connector-curvature="0"
id="path5082-4"
d="M 0,0 5,-5 -12.5,0 5,5 0,0 z"
style="fill-rule:evenodd;stroke:#000000;stroke-width:1pt"
transform="matrix(-0.8,0,0,-0.8,-10,0)" />
</marker>
<filter
id="filter6098"
inkscape:label="Inner Shadow"
inkscape:menu="Shadows and Glows"
inkscape:menu-tooltip="Adds a colorizable drop shadow inside"
color-interpolation-filters="sRGB">
<feGaussianBlur
id="feGaussianBlur6100"
stdDeviation="25.0075"
result="result8" />
<feOffset
id="feOffset6102"
dx="0"
dy="0"
result="result11" />
<feComposite
id="feComposite6104"
in2="result11"
result="result6"
in="SourceGraphic"
operator="in" />
<feFlood
id="feFlood6106"
result="result10"
in="result6"
flood-opacity="1"
flood-color="rgb(0,0,0)" />
<feBlend
id="feBlend6108"
in2="result10"
mode="normal"
in="result6"
result="result12" />
<feComposite
id="feComposite6110"
in2="SourceGraphic"
result="result2"
operator="in" />
</filter>
<marker
inkscape:stockid="Arrow1Lend"
orient="auto"
refY="0"
refX="0"
id="Arrow1Lend-9"
style="overflow:visible">
<path
inkscape:connector-curvature="0"
id="path5082-3"
d="M 0,0 5,-5 -12.5,0 5,5 0,0 z"
style="fill-rule:evenodd;stroke:#000000;stroke-width:1pt"
transform="matrix(-0.8,0,0,-0.8,-10,0)" />
</marker>
<marker
inkscape:stockid="Arrow1Lend"
orient="auto"
refY="0"
refX="0"
id="Arrow1Lend-6"
style="overflow:visible">
<path
inkscape:connector-curvature="0"
id="path5082-5"
d="M 0,0 5,-5 -12.5,0 5,5 0,0 z"
style="fill-rule:evenodd;stroke:#000000;stroke-width:1pt"
transform="matrix(-0.8,0,0,-0.8,-10,0)" />
</marker>
<marker
inkscape:stockid="Arrow1Lend"
orient="auto"
refY="0"
refX="0"
id="Arrow1Lend-90"
style="overflow:visible">
<path
inkscape:connector-curvature="0"
id="path5082-43"
d="M 0,0 5,-5 -12.5,0 5,5 0,0 z"
style="fill-rule:evenodd;stroke:#000000;stroke-width:1pt"
transform="matrix(-0.8,0,0,-0.8,-10,0)" />
</marker>
</defs>
<sodipodi:namedview
id="base"
pagecolor="#ffffff"
bordercolor="#666666"
borderopacity="1.0"
inkscape:pageopacity="0.0"
inkscape:pageshadow="2"
inkscape:zoom="0.52"
inkscape:cx="613.46139"
inkscape:cy="499.41665"
inkscape:document-units="px"
inkscape:current-layer="g6404"
showgrid="false"
inkscape:window-width="1280"
inkscape:window-height="756"
inkscape:window-x="0"
inkscape:window-y="76"
inkscape:window-maximized="0" />
<metadata
id="metadata7">
<rdf:RDF>
<cc:Work
rdf:about="">
<dc:format>image/svg+xml</dc:format>
<dc:type
rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
<dc:title />
</cc:Work>
</rdf:RDF>
</metadata>
<g
inkscape:label="Layer 1"
inkscape:groupmode="layer"
id="layer1">
<rect
style="fill:#aaeeff;fill-rule:evenodd;stroke:#000000;stroke-width:3;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none"
id="rect3818"
width="219.94656"
height="146.42062"
x="-1391.7836"
y="-15.267624"
rx="7.2910466"
ry="6.0923982" />
<g
id="g3887"
transform="translate(-604.1739,-665.88962)">
<path
sodipodi:nodetypes="sssssssss"
inkscape:connector-curvature="0"
id="path3889"
d="m -461.83095,1032.4929 17.17824,0 c 28.5344,0 51.50616,22.9717 51.50616,51.5062 l 0,41.6121 c 0,28.5344 -22.97176,27.0723 -51.50616,27.0723 l -17.17824,0 c -28.5344,0 -51.50616,1.4621 -51.50616,-27.0723 l 0,-41.6121 c 0,-28.5345 22.97176,-51.5062 51.50616,-51.5062 z"
style="fill:#e6e6e6;fill-opacity:1;stroke:#000000;stroke-width:3;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none" />
<path
transform="matrix(0.75680036,0,0,0.75680036,487.24955,1274.1958)"
d="m -1176.1879,-357.11319 a 66.532639,66.532639 0 0 1 -66.5327,66.53264 66.532639,66.532639 0 0 1 -66.5326,-66.53264 66.532639,66.532639 0 0 1 66.5326,-66.53264 66.532639,66.532639 0 0 1 66.5327,66.53264 z"
sodipodi:ry="66.532639"
sodipodi:rx="66.532639"
sodipodi:cy="-357.11319"
sodipodi:cx="-1242.7206"
id="path3891"
style="fill:#e6e6e6;fill-opacity:1;stroke:#000000;stroke-width:3.96405721;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none"
sodipodi:type="arc" />
</g>
<g
id="g4769"
transform="translate(-978.89992,817.78805)">
<path
sodipodi:nodetypes="sscccsssccss"
inkscape:connector-curvature="0"
id="path4691-4"
d="m -306.08776,-630.04373 c -44.4834,0 -80.5625,36.04785 -80.5625,80.53125 0,0.49501 0.0224,38.15846 0.0312,38.65135 l 11.65625,0.7224 11.65625,-0.16997 c -0.0124,-0.49113 -0.0312,-38.70965 -0.0312,-39.20378 0,-31.62407 25.62593,-57.25 57.25,-57.25 31.62406,0 57.91431,25.62593 57.91431,57.25 0,0.49413 0.0124,38.62766 0,39.11879 l 23.28125,-0.46744 c 0.009,-0.49289 0,-38.15634 0,-38.65135 0,-44.4834 -36.71216,-80.53125 -81.19556,-80.53125 z"
style="fill:#ffff00;fill-opacity:1;stroke:#000000;stroke-width:3;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none" />
<rect
ry="6.8937893"
rx="6.5289483"
y="-512.20892"
x="-404.24753"
height="165.68073"
width="196.9566"
id="rect3818-0-0"
style="fill:#ffff00;fill-rule:evenodd;stroke:#000000;stroke-width:3;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none" />
</g>
<g
id="g6423"
transform="translate(-613.27916,252.81162)"
style="stroke-width:3;stroke-miterlimit:4;stroke-dasharray:none">
<g
transform="matrix(0.41806376,0,0,0.41806376,-367.27289,-69.315998)"
id="g6366-5"
style="stroke-width:7.17593908;stroke-miterlimit:4;stroke-dasharray:none">
<path
inkscape:connector-curvature="0"
style="fill:#ffff00;fill-opacity:1;stroke:#000000;stroke-width:7.17593908;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none"
d="m -327.71875,840.21875 c -21.09354,0 -38.0625,17.00021 -38.0625,38.09375 l 0,84.3125 c 0,21.09354 16.96896,38.0625 38.0625,38.0625 l 65.59375,0 184.1875,181.9687 40.96875,0 0,-87.2187 -45.65625,0 0,-45.0937 -45.625,0 0,-45.0938 -45.65625,0 0,-45.09375 -31.4375,0 0,-81.84375 c 0,-21.09354 -16.96896,-38.09375 -38.0625,-38.09375 l -84.3125,0 z m 4.09375,17.6875 c 13.51815,0 24.46875,10.9506 24.46875,24.46875 0,13.51815 -10.9506,24.5 -24.46875,24.5 -13.51815,0 -24.5,-10.98185 -24.5,-24.5 0,-13.51815 10.98185,-24.46875 24.5,-24.46875 z"
id="rect6255-62-0" />
<path
style="fill:none;stroke:#000000;stroke-width:7.17593908;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none"
d="M -39.434801,1180.1853 -236.60881,983.01133"
id="path6358-8"
inkscape:connector-curvature="0" />
</g>
</g>
<g
id="g6404"
transform="translate(-588.46154,250)">
<rect
ry="0"
rx="0"
y="-113.02243"
x="190.91679"
height="632.69232"
width="1878.8461"
id="rect5203"
style="fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none"
inkscape:export-xdpi="90"
inkscape:export-ydpi="90" />
<g
id="g6363">
<g
id="g6321"
style="fill:#fcffdb;fill-opacity:1">
<rect
ry="8.2770443"
rx="6.5136275"
y="32.066845"
x="873.3009"
height="342.51376"
width="347.73422"
id="rect3818-6-4"
style="fill:#fcffdb;fill-rule:evenodd;stroke:#000000;stroke-width:3.14976287;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;fill-opacity:1" />
<g
transform="translate(1097.579,-812.32329)"
id="g5016"
style="fill:#ff4a00;fill-opacity:0.78039217">
<rect
style="fill:#ff4a00;fill-rule:evenodd;stroke:#000000;stroke-width:4;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;fill-opacity:0.78039217"
id="rect3818-6-9-1"
width="252.3513"
height="227.34058"
x="-176.58664"
y="930.81921"
rx="8.3652372"
ry="9.4593878" />
<g
id="g5007"
style="fill:#00cb00;fill-opacity:1">
<text
sodipodi:linespacing="125%"
id="text3631-8"
y="976.315"
x="-50.616062"
style="font-size:40px;font-style:normal;font-weight:normal;text-align:center;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none;font-family:'Open Sans';-inkscape-font-specification:'Open Sans';font-stretch:normal;font-variant:normal;"
xml:space="preserve"><tspan
y="976.315"
x="-50.616062"
id="tspan3633-0"
sodipodi:role="line">SSL/TLS</tspan><tspan
id="tspan3635-1"
y="1026.3149"
x="-50.616062"
sodipodi:role="line">Proxy</tspan></text>
<g
style="fill:#00cb00;stroke:#000000;stroke-width:4.44857025;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;fill-opacity:1"
transform="matrix(0.67437396,0,0,0.67437396,254.04221,854.16866)"
id="g6423-4-8-4-2">
<g
style="fill:#00cb00;stroke:#000000;stroke-width:10.64089012;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;fill-opacity:1"
id="g6366-5-6-1-0-3"
transform="matrix(0.41806376,0,0,0.41806376,-367.27289,-69.315998)">
<path
id="rect6255-62-0-3-8-9-2"
d="m -327.71875,840.21875 c -21.09354,0 -38.0625,17.00021 -38.0625,38.09375 l 0,84.3125 c 0,21.09354 16.96896,38.0625 38.0625,38.0625 l 65.59375,0 184.1875,181.9687 40.96875,0 0,-87.2187 -45.65625,0 0,-45.0937 -45.625,0 0,-45.0938 -45.65625,0 0,-45.09375 -31.4375,0 0,-81.84375 c 0,-21.09354 -16.96896,-38.09375 -38.0625,-38.09375 l -84.3125,0 z m 4.09375,17.6875 c 13.51815,0 24.46875,10.9506 24.46875,24.46875 0,13.51815 -10.9506,24.5 -24.46875,24.5 -13.51815,0 -24.5,-10.98185 -24.5,-24.5 0,-13.51815 10.98185,-24.46875 24.5,-24.46875 z"
style="fill:#00cb00;fill-opacity:1;stroke:#000000;stroke-width:10.64089012;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none"
inkscape:connector-curvature="0" />
<path
inkscape:connector-curvature="0"
id="path6358-8-0-9-8-3"
d="M -39.434801,1180.1853 -236.60881,983.01133"
style="fill:#00cb00;stroke:#000000;stroke-width:10.64089012;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;fill-opacity:1" />
</g>
</g>
</g>
</g>
<text
sodipodi:linespacing="125%"
id="text4627-7"
y="89.201553"
x="911.13287"
style="font-size:40px;font-style:normal;font-weight:normal;line-height:125%;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;font-family:'Open Sans';-inkscape-font-specification:'Open Sans';font-stretch:normal;font-variant:normal;"
xml:space="preserve"><tspan
y="89.201553"
x="911.13287"
id="tspan4629-9"
sodipodi:role="line">Proxy System</tspan></text>
</g>
<g
id="g3887-4"
transform="matrix(0.87857813,0,0,0.87857813,972.35949,-702.90307)"
style="stroke:#000000;stroke-width:3.414608;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;fill:#0040fd;fill-opacity:0.99215686">
<path
sodipodi:nodetypes="sssssssss"
inkscape:connector-curvature="0"
id="path3889-8"
d="m -461.83095,1032.4929 17.17824,0 c 28.5344,0 51.50616,22.9717 51.50616,51.5062 l 0,41.6121 c 0,28.5344 -22.97176,27.0723 -51.50616,27.0723 l -17.17824,0 c -28.5344,0 -51.50616,1.4621 -51.50616,-27.0723 l 0,-41.6121 c 0,-28.5345 22.97176,-51.5062 51.50616,-51.5062 z"
style="fill:#0040fd;fill-opacity:0.99215686;stroke:#000000;stroke-width:3.414608;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none" />
<path
transform="matrix(0.75680036,0,0,0.75680036,487.24955,1274.1958)"
d="m -1176.1879,-357.11319 a 66.532639,66.532639 0 0 1 -66.5327,66.53264 66.532639,66.532639 0 0 1 -66.5326,-66.53264 66.532639,66.532639 0 0 1 66.5326,-66.53264 66.532639,66.532639 0 0 1 66.5327,66.53264 z"
sodipodi:ry="66.532639"
sodipodi:rx="66.532639"
sodipodi:cy="-357.11319"
sodipodi:cx="-1242.7206"
id="path3891-0"
style="fill:#0040fd;fill-opacity:0.99215686;stroke:#000000;stroke-width:4.5119009;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none"
sodipodi:type="arc" />
</g>
<g
id="g6354">
<g
id="g6152">
<path
style="fill:none;stroke:#000000;stroke-width:2.37661695;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;marker-end:url(#Arrow1Lend)"
d="m 641.38647,233.52613 245.36821,0"
id="path4889-4"
inkscape:connector-curvature="0" />
<text
xml:space="preserve"
style="font-size:40px;font-style:normal;font-weight:normal;line-height:125%;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;font-family:'Open Sans';-inkscape-font-specification:'Open Sans';font-stretch:normal;font-variant:normal;"
x="699.31464"
y="309.79642"
id="text5074-6"
sodipodi:linespacing="125%"><tspan
sodipodi:role="line"
id="tspan5076-8"
x="699.31464"
y="309.79642">HTTPS</tspan></text>
</g>
<g
style="fill:#00cb00;stroke:#000000;stroke-width:11.13250828;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;fill-opacity:1"
transform="matrix(0.26948105,0,0,0.26948105,846.46958,353.94503)"
id="g4769-4-8">
<path
style="fill:#00cb00;fill-opacity:1;stroke:#000000;stroke-width:11.13250828;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none"
d="m -306.08776,-630.04373 c -44.4834,0 -80.5625,36.04785 -80.5625,80.53125 0,0.49501 0.0224,38.15846 0.0312,38.65135 l 11.65625,0.7224 11.65625,-0.16997 c -0.0124,-0.49113 -0.0312,-38.70965 -0.0312,-39.20378 0,-31.62407 25.62593,-57.25 57.25,-57.25 31.62406,0 57.91431,25.62593 57.91431,57.25 0,0.49413 0.0124,38.62766 0,39.11879 l 23.28125,-0.46744 c 0.009,-0.49289 0,-38.15634 0,-38.65135 0,-44.4834 -36.71216,-80.53125 -81.19556,-80.53125 z"
id="path4691-4-1-3"
inkscape:connector-curvature="0"
sodipodi:nodetypes="sscccsssccss" />
<rect
style="fill:#00cb00;fill-rule:evenodd;stroke:#000000;stroke-width:11.13250828;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;fill-opacity:1"
id="rect3818-0-0-4-9"
width="196.9566"
height="165.68073"
x="-404.24753"
y="-512.20892"
rx="6.5289483"
ry="6.8937893" />
</g>
</g>
<g
id="g6297"
transform="translate(-330.76923,29.807696)"
style="fill:#fcffdb;fill-opacity:1">
<rect
ry="8.2749462"
rx="6.5164423"
y="2.2455835"
x="1722.2117"
height="342.54089"
width="347.88449"
id="rect3818-6-4-5-1"
style="fill:#fcffdb;fill-rule:evenodd;stroke:#000000;stroke-width:3;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;fill-opacity:1" />
<g
id="g6288"
style="fill:#fcffdb;fill-opacity:1">
<g
id="g4985-6-9"
transform="translate(1666.3442,-842.13099)"
style="fill:#ff4a00;fill-opacity:0.78039217">
<rect
ry="9.4593878"
rx="8.3652372"
y="930.81921"
x="103.63408"
height="227.34058"
width="252.3513"
id="rect3818-6-9-5-0-9-5"
style="fill:#ff4a00;fill-rule:evenodd;stroke:#000000;stroke-width:4;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;fill-opacity:0.78039217" />
<text
sodipodi:linespacing="125%"
id="text3637-1-8-1"
y="1029.9094"
x="228.33511"
style="font-size:40px;font-style:normal;font-weight:normal;text-align:center;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none;font-family:'Open Sans';-inkscape-font-specification:'Open Sans';font-stretch:normal;font-variant:normal;"
xml:space="preserve"><tspan
id="tspan3641-3-4-1"
y="1029.9094"
x="228.33511"
sodipodi:role="line">API</tspan><tspan
id="tspan4959-2-5"
y="1079.9094"
x="228.33511"
sodipodi:role="line">Endpoint</tspan></text>
</g>
<text
xml:space="preserve"
style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:40px;line-height:125%;font-family:'Open Sans';-inkscape-font-specification:'Open Sans';letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none"
x="1877.9606"
y="59.393852"
id="text4627-7-8-6"
sodipodi:linespacing="125%"><tspan
sodipodi:role="line"
id="tspan4629-9-4-2"
x="1741.6227"
y="59.393852"
style="text-anchor:middle;text-align:center">Service System</tspan></text>
</g>
</g>
<g
id="g6117"
transform="translate(-263.46154,59.817146)">
<path
inkscape:connector-curvature="0"
id="path4889-2"
d="m 1444.6236,173.99218 245.3682,0"
style="fill:none;stroke:#000000;stroke-width:2.37661695;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;marker-end:url(#Arrow1Lend)" />
<text
sodipodi:linespacing="125%"
id="text5074-8-2"
y="250.26248"
x="1514.8273"
style="font-size:40px;font-style:normal;font-weight:normal;line-height:125%;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;font-family:'Open Sans';-inkscape-font-specification:'Open Sans';font-stretch:normal;font-variant:normal;"
xml:space="preserve"><tspan
y="250.26248"
x="1514.8273"
id="tspan5076-6-1"
sodipodi:role="line">HTTP</tspan></text>
</g>
</g>
</g>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 22 KiB

BIN
security-guide/static/secure-arch-ref-2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 22 KiB

381
security-guide/static/secure-arch-ref-2.svg Normal file
View File

@ -0,0 +1,381 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!-- Created with Inkscape (http://www.inkscape.org/) -->
<svg
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:cc="http://creativecommons.org/ns#"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:svg="http://www.w3.org/2000/svg"
xmlns="http://www.w3.org/2000/svg"
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
width="744.09448819"
height="1052.3622047"
id="svg2"
version="1.1"
inkscape:version="0.91 r13725"
sodipodi:docname="secure-arch-ssl-tls-proxy-on-same-physical-hosts-as-api-endpoints.svg"
inkscape:export-filename="/Users/priti_desai1/Symantec/OpenStack/source/security-doc/security-guide/static/secure-arch-ssl-tls-proxy-on-same-physical-hosts-as-api-endpoints.png"
inkscape:export-xdpi="90"
inkscape:export-ydpi="90">
<defs
id="defs4">
<marker
style="overflow:visible"
id="Arrow1Lend-6"
refX="0"
refY="0"
orient="auto"
inkscape:stockid="Arrow1Lend">
<path
transform="matrix(-0.8,0,0,-0.8,-10,0)"
style="fill-rule:evenodd;stroke:#000000;stroke-width:1pt"
d="M 0,0 5,-5 -12.5,0 5,5 0,0 z"
id="path5082-5"
inkscape:connector-curvature="0" />
</marker>
<marker
style="overflow:visible"
id="Arrow1Lend-9"
refX="0"
refY="0"
orient="auto"
inkscape:stockid="Arrow1Lend">
<path
transform="matrix(-0.8,0,0,-0.8,-10,0)"
style="fill-rule:evenodd;stroke:#000000;stroke-width:1pt"
d="M 0,0 5,-5 -12.5,0 5,5 0,0 z"
id="path5082-3"
inkscape:connector-curvature="0" />
</marker>
<filter
color-interpolation-filters="sRGB"
inkscape:menu-tooltip="Adds a colorizable drop shadow inside"
inkscape:menu="Shadows and Glows"
inkscape:label="Inner Shadow"
id="filter6098">
<feGaussianBlur
result="result8"
stdDeviation="25.0075"
id="feGaussianBlur6100" />
<feOffset
result="result11"
dy="0"
dx="0"
id="feOffset6102" />
<feComposite
operator="in"
in="SourceGraphic"
result="result6"
in2="result11"
id="feComposite6104" />
<feFlood
flood-color="rgb(0,0,0)"
flood-opacity="1"
in="result6"
result="result10"
id="feFlood6106" />
<feBlend
result="result12"
in="result6"
mode="normal"
in2="result10"
id="feBlend6108" />
<feComposite
operator="in"
result="result2"
in2="SourceGraphic"
id="feComposite6110" />
</filter>
<marker
style="overflow:visible"
id="Arrow1Lend-1"
refX="0"
refY="0"
orient="auto"
inkscape:stockid="Arrow1Lend">
<path
transform="matrix(-0.8,0,0,-0.8,-10,0)"
style="fill-rule:evenodd;stroke:#000000;stroke-width:1pt"
d="M 0,0 5,-5 -12.5,0 5,5 0,0 z"
id="path5082-4"
inkscape:connector-curvature="0" />
</marker>
<marker
style="overflow:visible;"
id="Arrow2Lend"
refX="0.0"
refY="0.0"
orient="auto"
inkscape:stockid="Arrow2Lend">
<path
transform="scale(1.1) rotate(180) translate(1,0)"
d="M 8.7185878,4.0337352 L -2.2072895,0.016013256 L 8.7185884,-4.0017078 C 6.9730900,-1.6296469 6.9831476,1.6157441 8.7185878,4.0337352 z "
style="fill-rule:evenodd;stroke-width:0.62500000;stroke-linejoin:round;"
id="path5594" />
</marker>
<marker
style="overflow:visible"
id="Arrow2Lstart"
refX="0.0"
refY="0.0"
orient="auto"
inkscape:stockid="Arrow2Lstart">
<path
transform="scale(1.1) translate(1,0)"
d="M 8.7185878,4.0337352 L -2.2072895,0.016013256 L 8.7185884,-4.0017078 C 6.9730900,-1.6296469 6.9831476,1.6157441 8.7185878,4.0337352 z "
style="fill-rule:evenodd;stroke-width:0.62500000;stroke-linejoin:round"
id="path5591" />
</marker>
<marker
style="overflow:visible;"
id="Arrow1Lend"
refX="0.0"
refY="0.0"
orient="auto"
inkscape:stockid="Arrow1Lend">
<path
transform="scale(0.8) rotate(180) translate(12.5,0)"
style="fill-rule:evenodd;stroke:#000000;stroke-width:1.0pt;"
d="M 0.0,0.0 L 5.0,-5.0 L -12.5,0.0 L 5.0,5.0 L 0.0,0.0 z "
id="path5082" />
</marker>
</defs>
<sodipodi:namedview
id="base"
pagecolor="#ffffff"
bordercolor="#666666"
borderopacity="1.0"
inkscape:pageopacity="0.0"
inkscape:pageshadow="2"
inkscape:zoom="0.35"
inkscape:cx="-83.571424"
inkscape:cy="514.28571"
inkscape:document-units="px"
inkscape:current-layer="g5810"
showgrid="false"
inkscape:window-width="1280"
inkscape:window-height="756"
inkscape:window-x="-6"
inkscape:window-y="13"
inkscape:window-maximized="0" />
<metadata
id="metadata7">
<rdf:RDF>
<cc:Work
rdf:about="">
<dc:format>image/svg+xml</dc:format>
<dc:type
rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
<dc:title />
</cc:Work>
</rdf:RDF>
</metadata>
<g
inkscape:label="Layer 1"
inkscape:groupmode="layer"
id="layer1">
<text
xml:space="preserve"
style="font-size:40px;font-style:normal;font-weight:normal;line-height:125%;letter-spacing:0px;word-spacing:0px;fill:#ffffff;fill-opacity:1;stroke:none;font-family:'Open Sans';-inkscape-font-specification:'Open Sans';font-stretch:normal;font-variant:normal;"
x="1546.2023"
y="644.31458"
id="text5074"
sodipodi:linespacing="125%"><tspan
sodipodi:role="line"
id="tspan5076"
x="1546.2023"
y="644.31458">HTTPS</tspan></text>
<g
id="g5810"
transform="translate(-971.87465,222.72162)">
<rect
ry="0"
rx="0"
y="-116.86858"
x="376.92307"
height="632.69232"
width="1878.8461"
id="rect5203"
style="fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none"
inkscape:export-xdpi="90"
inkscape:export-ydpi="90" />
<g
id="g5777">
<g
id="g5053"
transform="translate(1402.7225,-816.16944)"
style="fill:#fcffdb;fill-opacity:1">
<rect
ry="15.93363"
rx="10.717546"
y="844.73724"
x="-196.3822"
height="341.81955"
width="572.16315"
id="rect3818-6-4"
style="fill:#fcffdb;fill-rule:evenodd;stroke:#000000;stroke-width:3.28743052;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;fill-opacity:1" />
<g
id="g5036"
style="fill:#ff4a00;fill-opacity:0.78039217">
<g
id="g5016"
style="fill:#ff4a00;fill-opacity:0.78039217">
<rect
ry="9.4593878"
rx="8.3652372"
y="930.81921"
x="-176.58664"
height="227.34058"
width="252.3513"
id="rect3818-6-9-1"
style="fill:#ff4a00;fill-rule:evenodd;stroke:#000000;stroke-width:4;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;fill-opacity:0.78039217" />
<g
id="g5007"
style="fill:#00cb00;fill-opacity:1">
<text
xml:space="preserve"
style="font-size:40px;font-style:normal;font-weight:normal;text-align:center;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none;font-family:'Open Sans';-inkscape-font-specification:'Open Sans';font-stretch:normal;font-variant:normal;"
x="-50.616062"
y="976.315"
id="text3631-8"
sodipodi:linespacing="125%"><tspan
sodipodi:role="line"
id="tspan3633-0"
x="-50.616062"
y="976.315">SSL/TLS</tspan><tspan
sodipodi:role="line"
x="-50.616062"
y="1026.3149"
id="tspan3635-1">Proxy</tspan></text>
<g
id="g6423-4-8-4-2"
transform="matrix(0.67437396,0,0,0.67437396,254.04221,854.16866)"
style="fill:#00cb00;stroke:#000000;stroke-width:4.44857025;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;fill-opacity:1">
<g
transform="matrix(0.41806376,0,0,0.41806376,-367.27289,-69.315998)"
id="g6366-5-6-1-0-3"
style="fill:#00cb00;stroke:#000000;stroke-width:10.64089012;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;fill-opacity:1">
<path
inkscape:connector-curvature="0"
style="fill:#00cb00;fill-opacity:1;stroke:#000000;stroke-width:10.64089012;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none"
d="m -327.71875,840.21875 c -21.09354,0 -38.0625,17.00021 -38.0625,38.09375 l 0,84.3125 c 0,21.09354 16.96896,38.0625 38.0625,38.0625 l 65.59375,0 184.1875,181.9687 40.96875,0 0,-87.2187 -45.65625,0 0,-45.0937 -45.625,0 0,-45.0938 -45.65625,0 0,-45.09375 -31.4375,0 0,-81.84375 c 0,-21.09354 -16.96896,-38.09375 -38.0625,-38.09375 l -84.3125,0 z m 4.09375,17.6875 c 13.51815,0 24.46875,10.9506 24.46875,24.46875 0,13.51815 -10.9506,24.5 -24.46875,24.5 -13.51815,0 -24.5,-10.98185 -24.5,-24.5 0,-13.51815 10.98185,-24.46875 24.5,-24.46875 z"
id="rect6255-62-0-3-8-9-2" />
<path
style="fill:#00cb00;stroke:#000000;stroke-width:10.64089012;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;fill-opacity:1"
d="M -39.434801,1180.1853 -236.60881,983.01133"
id="path6358-8-0-9-8-3"
inkscape:connector-curvature="0" />
</g>
</g>
</g>
</g>
<g
id="g4985"
style="fill:#ff4a00;fill-opacity:0.78039217">
<rect
ry="9.4593878"
rx="8.3652372"
y="930.81921"
x="103.63408"
height="227.34058"
width="252.3513"
id="rect3818-6-9-5-0"
style="fill:#ff4a00;fill-rule:evenodd;stroke:#000000;stroke-width:4;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;fill-opacity:0.78039217" />
<text
sodipodi:linespacing="125%"
id="text3637-1"
y="1029.9094"
x="228.33511"
style="font-size:40px;font-style:normal;font-weight:normal;text-align:center;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none;font-family:'Open Sans';-inkscape-font-specification:'Open Sans';font-stretch:normal;font-variant:normal;"
xml:space="preserve"><tspan
id="tspan3641-3"
y="1029.9094"
x="228.33511"
sodipodi:role="line">API</tspan><tspan
id="tspan4959"
y="1079.9094"
x="228.33511"
sodipodi:role="line">Endpoint</tspan></text>
</g>
</g>
<text
sodipodi:linespacing="125%"
id="text4627-7"
y="901.52484"
x="-64.831879"
style="font-size:40px;font-style:normal;font-weight:normal;line-height:125%;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;font-family:'Open Sans';-inkscape-font-specification:'Open Sans';font-stretch:normal;font-variant:normal;"
xml:space="preserve"><tspan
y="901.52484"
x="-64.831879"
id="tspan4629-9"
sodipodi:role="line">Service System</tspan></text>
</g>
<g
id="g5765">
<g
style="stroke:#000000;stroke-width:3.414608;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;fill:#0040fd;fill-opacity:0.99215686"
transform="matrix(0.87857813,0,0,0.87857813,1305.0518,-706.74922)"
id="g3887-4">
<path
style="fill:#0040fd;fill-opacity:0.99215686;stroke:#000000;stroke-width:3.414608;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none"
d="m -461.83095,1032.4929 17.17824,0 c 28.5344,0 51.50616,22.9717 51.50616,51.5062 l 0,41.6121 c 0,28.5344 -22.97176,27.0723 -51.50616,27.0723 l -17.17824,0 c -28.5344,0 -51.50616,1.4621 -51.50616,-27.0723 l 0,-41.6121 c 0,-28.5345 22.97176,-51.5062 51.50616,-51.5062 z"
id="path3889-8"
inkscape:connector-curvature="0"
sodipodi:nodetypes="sssssssss" />
<path
sodipodi:type="arc"
style="fill:#0040fd;fill-opacity:0.99215686;stroke:#000000;stroke-width:4.5119009;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none"
id="path3891-0"
sodipodi:cx="-1242.7206"
sodipodi:cy="-357.11319"
sodipodi:rx="66.532639"
sodipodi:ry="66.532639"
d="m -1176.1879,-357.11319 a 66.532639,66.532639 0 0 1 -66.5327,66.53264 66.532639,66.532639 0 0 1 -66.5326,-66.53264 66.532639,66.532639 0 0 1 66.5326,-66.53264 66.532639,66.532639 0 0 1 66.5327,66.53264 z"
transform="matrix(0.75680036,0,0,0.75680036,487.24955,1274.1958)" />
</g>
<g
transform="translate(5.7691931,-1.2231444e-6)"
id="g5414">
<path
style="fill:none;stroke:#000000;stroke-width:2.37661695;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;marker-end:url(#Arrow1Lend)"
d="m 968.30959,229.67998 245.36821,0"
id="path4889-4"
inkscape:connector-curvature="0" />
<g
id="g4769-4-8"
transform="matrix(0.26948105,0,0,0.26948105,1173.3927,350.09888)"
style="fill:#00cb00;stroke:#000000;stroke-width:11.13250828;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;fill-opacity:1">
<path
sodipodi:nodetypes="sscccsssccss"
inkscape:connector-curvature="0"
id="path4691-4-1-3"
d="m -306.08776,-630.04373 c -44.4834,0 -80.5625,36.04785 -80.5625,80.53125 0,0.49501 0.0224,38.15846 0.0312,38.65135 l 11.65625,0.7224 11.65625,-0.16997 c -0.0124,-0.49113 -0.0312,-38.70965 -0.0312,-39.20378 0,-31.62407 25.62593,-57.25 57.25,-57.25 31.62406,0 57.91431,25.62593 57.91431,57.25 0,0.49413 0.0124,38.62766 0,39.11879 l 23.28125,-0.46744 c 0.009,-0.49289 0,-38.15634 0,-38.65135 0,-44.4834 -36.71216,-80.53125 -81.19556,-80.53125 z"
style="fill:#00cb00;fill-opacity:1;stroke:#000000;stroke-width:11.13250828;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none" />
<rect
ry="6.8937893"
rx="6.5289483"
y="-512.20892"
x="-404.24753"
height="165.68073"
width="196.9566"
id="rect3818-0-0-4-9"
style="fill:#00cb00;fill-rule:evenodd;stroke:#000000;stroke-width:11.13250828;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;fill-opacity:1" />
</g>
</g>
<text
sodipodi:linespacing="125%"
id="text5074-6"
y="305.95026"
x="1032.007"
style="font-size:40px;font-style:normal;font-weight:normal;line-height:125%;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;font-family:'Open Sans';-inkscape-font-specification:'Open Sans';font-stretch:normal;font-variant:normal;"
xml:space="preserve"><tspan
y="305.95026"
x="1032.007"
id="tspan5076-8"
sodipodi:role="line">HTTPS</tspan></text>
</g>
</g>
</g>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 17 KiB

BIN
security-guide/static/secure-arch-ref-3.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 33 KiB

543
security-guide/static/secure-arch-ref-3.svg Normal file
View File

@ -0,0 +1,543 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!-- Created with Inkscape (http://www.inkscape.org/) -->
<svg
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:cc="http://creativecommons.org/ns#"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:svg="http://www.w3.org/2000/svg"
xmlns="http://www.w3.org/2000/svg"
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
width="744.09448819"
height="1052.3622047"
id="svg2"
version="1.1"
inkscape:version="0.91 r13725"
sodipodi:docname="secure-arch-ssl-tls-over-load-balancer.svg"
inkscape:export-filename="/Users/priti_desai1/Symantec/OpenStack/source/security-doc/security-guide/static/secure-arch-ssl-tls-over-load-balancer.png"
inkscape:export-xdpi="90"
inkscape:export-ydpi="90">
<defs
id="defs4">
<marker
inkscape:stockid="Arrow1Lend"
orient="auto"
refY="0.0"
refX="0.0"
id="Arrow1Lend"
style="overflow:visible;">
<path
id="path5082"
d="M 0.0,0.0 L 5.0,-5.0 L -12.5,0.0 L 5.0,5.0 L 0.0,0.0 z "
style="fill-rule:evenodd;stroke:#000000;stroke-width:1.0pt;"
transform="scale(0.8) rotate(180) translate(12.5,0)" />
</marker>
<marker
inkscape:stockid="Arrow2Lstart"
orient="auto"
refY="0.0"
refX="0.0"
id="Arrow2Lstart"
style="overflow:visible">
<path
id="path5591"
style="fill-rule:evenodd;stroke-width:0.62500000;stroke-linejoin:round"
d="M 8.7185878,4.0337352 L -2.2072895,0.016013256 L 8.7185884,-4.0017078 C 6.9730900,-1.6296469 6.9831476,1.6157441 8.7185878,4.0337352 z "
transform="scale(1.1) translate(1,0)" />
</marker>
<marker
inkscape:stockid="Arrow2Lend"
orient="auto"
refY="0.0"
refX="0.0"
id="Arrow2Lend"
style="overflow:visible;">
<path
id="path5594"
style="fill-rule:evenodd;stroke-width:0.62500000;stroke-linejoin:round;"
d="M 8.7185878,4.0337352 L -2.2072895,0.016013256 L 8.7185884,-4.0017078 C 6.9730900,-1.6296469 6.9831476,1.6157441 8.7185878,4.0337352 z "
transform="scale(1.1) rotate(180) translate(1,0)" />
</marker>
<marker
inkscape:stockid="Arrow1Lend"
orient="auto"
refY="0"
refX="0"
id="Arrow1Lend-1"
style="overflow:visible">
<path
inkscape:connector-curvature="0"
id="path5082-4"
d="M 0,0 5,-5 -12.5,0 5,5 0,0 z"
style="fill-rule:evenodd;stroke:#000000;stroke-width:1pt"
transform="matrix(-0.8,0,0,-0.8,-10,0)" />
</marker>
<filter
id="filter6098"
inkscape:label="Inner Shadow"
inkscape:menu="Shadows and Glows"
inkscape:menu-tooltip="Adds a colorizable drop shadow inside"
color-interpolation-filters="sRGB">
<feGaussianBlur
id="feGaussianBlur6100"
stdDeviation="25.0075"
result="result8" />
<feOffset
id="feOffset6102"
dx="0"
dy="0"
result="result11" />
<feComposite
id="feComposite6104"
in2="result11"
result="result6"
in="SourceGraphic"
operator="in" />
<feFlood
id="feFlood6106"
result="result10"
in="result6"
flood-opacity="1"
flood-color="rgb(0,0,0)" />
<feBlend
id="feBlend6108"
in2="result10"
mode="normal"
in="result6"
result="result12" />
<feComposite
id="feComposite6110"
in2="SourceGraphic"
result="result2"
operator="in" />
</filter>
<marker
inkscape:stockid="Arrow1Lend"
orient="auto"
refY="0"
refX="0"
id="Arrow1Lend-9"
style="overflow:visible">
<path
inkscape:connector-curvature="0"
id="path5082-3"
d="M 0,0 5,-5 -12.5,0 5,5 0,0 z"
style="fill-rule:evenodd;stroke:#000000;stroke-width:1pt"
transform="matrix(-0.8,0,0,-0.8,-10,0)" />
</marker>
<marker
inkscape:stockid="Arrow1Lend"
orient="auto"
refY="0"
refX="0"
id="Arrow1Lend-6"
style="overflow:visible">
<path
inkscape:connector-curvature="0"
id="path5082-5"
d="M 0,0 5,-5 -12.5,0 5,5 0,0 z"
style="fill-rule:evenodd;stroke:#000000;stroke-width:1pt"
transform="matrix(-0.8,0,0,-0.8,-10,0)" />
</marker>
</defs>
<sodipodi:namedview
id="base"
pagecolor="#ffffff"
bordercolor="#666666"
borderopacity="1.0"
inkscape:pageopacity="0.0"
inkscape:pageshadow="2"
inkscape:zoom="0.52"
inkscape:cx="455.90367"
inkscape:cy="535.16366"
inkscape:document-units="px"
inkscape:current-layer="g5525"
showgrid="false"
inkscape:window-width="1280"
inkscape:window-height="756"
inkscape:window-x="69"
inkscape:window-y="252"
inkscape:window-maximized="0" />
<metadata
id="metadata7">
<rdf:RDF>
<cc:Work
rdf:about="">
<dc:format>image/svg+xml</dc:format>
<dc:type
rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
<dc:title />
</cc:Work>
</rdf:RDF>
</metadata>
<g
inkscape:label="Layer 1"
inkscape:groupmode="layer"
id="layer1">
<rect
style="fill:#aaeeff;fill-rule:evenodd;stroke:#000000;stroke-width:3;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none"
id="rect3818"
width="219.94656"
height="146.42062"
x="-1391.7836"
y="-15.267624"
rx="7.2910466"
ry="6.0923982" />
<g
id="g3887"
transform="translate(-604.1739,-665.88962)">
<path
sodipodi:nodetypes="sssssssss"
inkscape:connector-curvature="0"
id="path3889"
d="m -461.83095,1032.4929 17.17824,0 c 28.5344,0 51.50616,22.9717 51.50616,51.5062 l 0,41.6121 c 0,28.5344 -22.97176,27.0723 -51.50616,27.0723 l -17.17824,0 c -28.5344,0 -51.50616,1.4621 -51.50616,-27.0723 l 0,-41.6121 c 0,-28.5345 22.97176,-51.5062 51.50616,-51.5062 z"
style="fill:#e6e6e6;fill-opacity:1;stroke:#000000;stroke-width:3;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none" />
<path
transform="matrix(0.75680036,0,0,0.75680036,487.24955,1274.1958)"
d="m -1176.1879,-357.11319 a 66.532639,66.532639 0 0 1 -66.5327,66.53264 66.532639,66.532639 0 0 1 -66.5326,-66.53264 66.532639,66.532639 0 0 1 66.5326,-66.53264 66.532639,66.532639 0 0 1 66.5327,66.53264 z"
sodipodi:ry="66.532639"
sodipodi:rx="66.532639"
sodipodi:cy="-357.11319"
sodipodi:cx="-1242.7206"
id="path3891"
style="fill:#e6e6e6;fill-opacity:1;stroke:#000000;stroke-width:3.96405721;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none"
sodipodi:type="arc" />
</g>
<g
id="g4769"
transform="translate(-978.89992,817.78805)">
<path
sodipodi:nodetypes="sscccsssccss"
inkscape:connector-curvature="0"
id="path4691-4"
d="m -306.08776,-630.04373 c -44.4834,0 -80.5625,36.04785 -80.5625,80.53125 0,0.49501 0.0224,38.15846 0.0312,38.65135 l 11.65625,0.7224 11.65625,-0.16997 c -0.0124,-0.49113 -0.0312,-38.70965 -0.0312,-39.20378 0,-31.62407 25.62593,-57.25 57.25,-57.25 31.62406,0 57.91431,25.62593 57.91431,57.25 0,0.49413 0.0124,38.62766 0,39.11879 l 23.28125,-0.46744 c 0.009,-0.49289 0,-38.15634 0,-38.65135 0,-44.4834 -36.71216,-80.53125 -81.19556,-80.53125 z"
style="fill:#ffff00;fill-opacity:1;stroke:#000000;stroke-width:3;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none" />
<rect
ry="6.8937893"
rx="6.5289483"
y="-512.20892"
x="-404.24753"
height="165.68073"
width="196.9566"
id="rect3818-0-0"
style="fill:#ffff00;fill-rule:evenodd;stroke:#000000;stroke-width:3;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none" />
</g>
<g
id="g6423"
transform="translate(-613.27916,252.81162)"
style="stroke-width:3;stroke-miterlimit:4;stroke-dasharray:none">
<g
transform="matrix(0.41806376,0,0,0.41806376,-367.27289,-69.315998)"
id="g6366-5"
style="stroke-width:7.17593908;stroke-miterlimit:4;stroke-dasharray:none">
<path
inkscape:connector-curvature="0"
style="fill:#ffff00;fill-opacity:1;stroke:#000000;stroke-width:7.17593908;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none"
d="m -327.71875,840.21875 c -21.09354,0 -38.0625,17.00021 -38.0625,38.09375 l 0,84.3125 c 0,21.09354 16.96896,38.0625 38.0625,38.0625 l 65.59375,0 184.1875,181.9687 40.96875,0 0,-87.2187 -45.65625,0 0,-45.0937 -45.625,0 0,-45.0938 -45.65625,0 0,-45.09375 -31.4375,0 0,-81.84375 c 0,-21.09354 -16.96896,-38.09375 -38.0625,-38.09375 l -84.3125,0 z m 4.09375,17.6875 c 13.51815,0 24.46875,10.9506 24.46875,24.46875 0,13.51815 -10.9506,24.5 -24.46875,24.5 -13.51815,0 -24.5,-10.98185 -24.5,-24.5 0,-13.51815 10.98185,-24.46875 24.5,-24.46875 z"
id="rect6255-62-0" />
<path
style="fill:none;stroke:#000000;stroke-width:7.17593908;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none"
d="M -39.434801,1180.1853 -236.60881,983.01133"
id="path6358-8"
inkscape:connector-curvature="0" />
</g>
</g>
<g
id="g5576"
transform="translate(-478.84615,230.76923)">
<rect
ry="0"
rx="0"
y="-116.86858"
x="46.153854"
height="632.69232"
width="1878.8461"
id="rect5203"
style="fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none" />
<g
transform="translate(5.7691931,-1.2231444e-6)"
id="g5525">
<g
id="g5514"
transform="translate(203.84615,1.2231444e-6)"
style="fill:#fcffdb;fill-opacity:1">
<rect
ry="15.943333"
rx="9.3976145"
y="28.463722"
x="304.97809"
height="342.02771"
width="501.69778"
id="rect3818-6"
style="fill:#fcffdb;fill-rule:evenodd;stroke:#000000;stroke-width:3.07928538;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;fill-opacity:1" />
<g
id="g5505"
style="fill:#fcffdb;fill-opacity:1">
<g
id="g5499"
style="fill:#ff4a00;fill-opacity:0.78039217">
<rect
ry="9.4154282"
rx="13.430089"
y="115.17805"
x="351.30334"
height="226.28409"
width="405.14096"
id="rect3818-6-9-5"
style="fill:#ff4a00;fill-rule:evenodd;stroke:#000000;stroke-width:5.05648613;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;fill-opacity:0.78039217" />
<text
sodipodi:linespacing="125%"
id="text3637"
y="213.74002"
x="553.88361"
style="font-size:40px;font-style:normal;font-weight:normal;text-align:center;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none;font-family:'Open Sans';-inkscape-font-specification:'Open Sans';font-stretch:normal;font-variant:normal;"
xml:space="preserve"><tspan
id="tspan3641"
y="213.74002"
x="553.88361"
sodipodi:role="line">HAProxy</tspan><tspan
id="tspan5497"
y="263.74002"
x="553.88361"
sodipodi:role="line">(TCP Passthrough)</tspan></text>
</g>
<text
xml:space="preserve"
style="font-size:40px;font-style:normal;font-weight:normal;line-height:125%;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;font-family:'Open Sans';-inkscape-font-specification:'Open Sans';font-stretch:normal;font-variant:normal;"
x="332.21371"
y="85.355408"
id="text4627"
sodipodi:linespacing="125%"
inkscape:export-xdpi="90"
inkscape:export-ydpi="90"><tspan
sodipodi:role="line"
id="tspan4629"
x="332.21371"
y="85.355408"
style="-inkscape-font-specification:'Open Sans';font-family:'Open Sans';font-weight:normal;font-style:normal;font-stretch:normal;font-variant:normal;">Load Balancer System</tspan></text>
</g>
</g>
<g
id="g5053"
transform="translate(1396.9533,-816.16944)"
style="fill:#fcffdb;fill-opacity:1">
<rect
ry="15.93363"
rx="10.717546"
y="844.73724"
x="-196.3822"
height="341.81955"
width="572.16315"
id="rect3818-6-4"
style="fill:#fcffdb;fill-rule:evenodd;stroke:#000000;stroke-width:3.28743052;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;fill-opacity:1" />
<g
id="g5036"
style="fill:#ff4a00;fill-opacity:0.78039217">
<g
id="g5016"
style="fill:#ff4a00;fill-opacity:0.78039217">
<rect
ry="9.4593878"
rx="8.3652372"
y="930.81921"
x="-176.58664"
height="227.34058"
width="252.3513"
id="rect3818-6-9-1"
style="fill:#ff4a00;fill-rule:evenodd;stroke:#000000;stroke-width:4;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;fill-opacity:0.78039217" />
<g
id="g5007"
style="fill:#ff4a00;fill-opacity:0.78039217">
<text
xml:space="preserve"
style="font-size:40px;font-style:normal;font-weight:normal;text-align:center;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#ff4a00;fill-opacity:0.78039217;stroke:none;font-family:'Open Sans';-inkscape-font-specification:'Open Sans';font-stretch:normal;font-variant:normal;"
x="-50.616062"
y="976.315"
id="text3631-8"
sodipodi:linespacing="125%"><tspan
sodipodi:role="line"
id="tspan3633-0"
x="-50.616062"
y="976.315"
style="fill:#000000;fill-opacity:1;-inkscape-font-specification:'Open Sans';font-family:'Open Sans';font-weight:normal;font-style:normal;font-stretch:normal;font-variant:normal;">SSL/TLS</tspan><tspan
sodipodi:role="line"
x="-50.616062"
y="1026.3149"
id="tspan3635-1"
style="fill:#000000;fill-opacity:1;-inkscape-font-specification:'Open Sans';font-family:'Open Sans';font-weight:normal;font-style:normal;font-stretch:normal;font-variant:normal;">Proxy</tspan></text>
<g
id="g6423-4-8-4-2"
transform="matrix(0.67437396,0,0,0.67437396,254.04221,854.16866)"
style="fill:#00cb00;stroke:#000000;stroke-width:4.44857025;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;fill-opacity:1">
<g
transform="matrix(0.41806376,0,0,0.41806376,-367.27289,-69.315998)"
id="g6366-5-6-1-0-3"
style="fill:#00cb00;stroke:#000000;stroke-width:10.64089012;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;fill-opacity:1">
<path
inkscape:connector-curvature="0"
style="fill:#00cb00;fill-opacity:1;stroke:#000000;stroke-width:10.64089012;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none"
d="m -327.71875,840.21875 c -21.09354,0 -38.0625,17.00021 -38.0625,38.09375 l 0,84.3125 c 0,21.09354 16.96896,38.0625 38.0625,38.0625 l 65.59375,0 184.1875,181.9687 40.96875,0 0,-87.2187 -45.65625,0 0,-45.0937 -45.625,0 0,-45.0938 -45.65625,0 0,-45.09375 -31.4375,0 0,-81.84375 c 0,-21.09354 -16.96896,-38.09375 -38.0625,-38.09375 l -84.3125,0 z m 4.09375,17.6875 c 13.51815,0 24.46875,10.9506 24.46875,24.46875 0,13.51815 -10.9506,24.5 -24.46875,24.5 -13.51815,0 -24.5,-10.98185 -24.5,-24.5 0,-13.51815 10.98185,-24.46875 24.5,-24.46875 z"
id="rect6255-62-0-3-8-9-2" />
<path
style="fill:#00cb00;stroke:#000000;stroke-width:10.64089012;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;fill-opacity:1"
d="M -39.434801,1180.1853 -236.60881,983.01133"
id="path6358-8-0-9-8-3"
inkscape:connector-curvature="0" />
</g>
</g>
</g>
</g>
<g
id="g4985"
style="fill:#ff4a00;fill-opacity:0.78039217">
<rect
ry="9.4593878"
rx="8.3652372"
y="930.81921"
x="103.63408"
height="227.34058"
width="252.3513"
id="rect3818-6-9-5-0"
style="fill:#ff4a00;fill-rule:evenodd;stroke:#000000;stroke-width:4;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;fill-opacity:0.78039217" />
<text
sodipodi:linespacing="125%"
id="text3637-1"
y="1029.9094"
x="228.33511"
style="font-size:40px;font-style:normal;font-weight:normal;text-align:center;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none;font-family:'Open Sans';-inkscape-font-specification:'Open Sans';font-stretch:normal;font-variant:normal;"
xml:space="preserve"><tspan
id="tspan3641-3"
y="1029.9094"
x="228.33511"
sodipodi:role="line">API</tspan><tspan
id="tspan4959"
y="1079.9094"
x="228.33511"
sodipodi:role="line">Endpoint</tspan></text>
</g>
</g>
<text
sodipodi:linespacing="125%"
id="text4627-7"
y="901.52484"
x="-64.831879"
style="font-size:40px;font-style:normal;font-weight:normal;line-height:125%;letter-spacing:0px;word-spacing:0px;fill:#fcffdb;fill-opacity:1;stroke:none;font-family:'Open Sans';-inkscape-font-specification:'Open Sans';font-stretch:normal;font-variant:normal;"
xml:space="preserve"><tspan
y="901.52484"
x="-64.831879"
id="tspan4629-9"
sodipodi:role="line"
style="fill:#000000;fill-opacity:1">Service System</tspan></text>
</g>
<g
id="g5116"
transform="translate(414.34561,37.471492)">
<g
style="stroke:#000000;stroke-width:3.414608;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;fill:#0040fd;fill-opacity:0.99215686"
transform="matrix(0.87857813,0,0,0.87857813,223.39858,-720.07043)"
id="g3887-4">
<path
style="fill:#0040fd;fill-opacity:0.99215686;stroke:#000000;stroke-width:3.414608;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none"
d="m -461.83095,1032.4929 17.17824,0 c 28.5344,0 51.50616,22.9717 51.50616,51.5062 l 0,41.6121 c 0,28.5344 -22.97176,27.0723 -51.50616,27.0723 l -17.17824,0 c -28.5344,0 -51.50616,1.4621 -51.50616,-27.0723 l 0,-41.6121 c 0,-28.5345 22.97176,-51.5062 51.50616,-51.5062 z"
id="path3889-8"
inkscape:connector-curvature="0"
sodipodi:nodetypes="sssssssss" />
<path
sodipodi:type="arc"
style="fill:#0040fd;fill-opacity:0.99215686;stroke:#000000;stroke-width:4.5119009;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none"
id="path3891-0"
sodipodi:cx="-1242.7206"
sodipodi:cy="-357.11319"
sodipodi:rx="66.532639"
sodipodi:ry="66.532639"
d="m -1176.1879,-357.11319 a 66.532639,66.532639 0 0 1 -66.5327,66.53264 66.532639,66.532639 0 0 1 -66.5326,-66.53264 66.532639,66.532639 0 0 1 66.5326,-66.53264 66.532639,66.532639 0 0 1 66.5327,66.53264 z"
transform="matrix(0.75680036,0,0,0.75680036,487.24955,1274.1958)" />
</g>
<g
transform="translate(0,9.6176845)"
id="g4743">
<path
style="fill:none;stroke:#000000;stroke-width:2.37661695;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;marker-end:url(#Arrow1Lend)"
d="m -113.58447,206.74109 245.3682,0"
id="path4889"
inkscape:connector-curvature="0" />
<g
id="g4769-4"
transform="matrix(0.26948105,0,0,0.26948105,91.498642,327.15999)"
style="stroke:#000000;stroke-width:11.13250828;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;fill:#00cb00;fill-opacity:1">
<path
sodipodi:nodetypes="sscccsssccss"
inkscape:connector-curvature="0"
id="path4691-4-1"
d="m -306.08776,-630.04373 c -44.4834,0 -80.5625,36.04785 -80.5625,80.53125 0,0.49501 0.0224,38.15846 0.0312,38.65135 l 11.65625,0.7224 11.65625,-0.16997 c -0.0124,-0.49113 -0.0312,-38.70965 -0.0312,-39.20378 0,-31.62407 25.62593,-57.25 57.25,-57.25 31.62406,0 57.91431,25.62593 57.91431,57.25 0,0.49413 0.0124,38.62766 0,39.11879 l 23.28125,-0.46744 c 0.009,-0.49289 0,-38.15634 0,-38.65135 0,-44.4834 -36.71216,-80.53125 -81.19556,-80.53125 z"
style="fill:#00cb00;fill-opacity:1;stroke:#000000;stroke-width:11.13250828;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none" />
<rect
ry="6.8937893"
rx="6.5289483"
y="-512.20892"
x="-404.24753"
height="165.68073"
width="196.9566"
id="rect3818-0-0-4"
style="fill:#00cb00;fill-rule:evenodd;stroke:#000000;stroke-width:11.13250828;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;fill-opacity:1" />
</g>
</g>
<text
sodipodi:linespacing="125%"
id="text5074-8"
y="292.62906"
x="-55.656231"
style="font-size:40px;font-style:normal;font-weight:normal;line-height:125%;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;font-family:'Open Sans';-inkscape-font-specification:'Open Sans';font-stretch:normal;font-variant:normal;"
xml:space="preserve"><tspan
y="292.62906"
x="-55.656231"
id="tspan5076-6"
sodipodi:role="line">HTTPS</tspan></text>
</g>
<g
id="g5420">
<g
id="g5414">
<path
style="fill:none;stroke:#000000;stroke-width:2.37661695;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;marker-end:url(#Arrow1Lend)"
d="m 968.30959,229.67998 245.36821,0"
id="path4889-4"
inkscape:connector-curvature="0" />
<g
id="g4769-4-8"
transform="matrix(0.26948105,0,0,0.26948105,1173.3927,350.09888)"
style="fill:#00cb00;stroke:#000000;stroke-width:11.13250828;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;fill-opacity:1">
<path
sodipodi:nodetypes="sscccsssccss"
inkscape:connector-curvature="0"
id="path4691-4-1-3"
d="m -306.08776,-630.04373 c -44.4834,0 -80.5625,36.04785 -80.5625,80.53125 0,0.49501 0.0224,38.15846 0.0312,38.65135 l 11.65625,0.7224 11.65625,-0.16997 c -0.0124,-0.49113 -0.0312,-38.70965 -0.0312,-39.20378 0,-31.62407 25.62593,-57.25 57.25,-57.25 31.62406,0 57.91431,25.62593 57.91431,57.25 0,0.49413 0.0124,38.62766 0,39.11879 l 23.28125,-0.46744 c 0.009,-0.49289 0,-38.15634 0,-38.65135 0,-44.4834 -36.71216,-80.53125 -81.19556,-80.53125 z"
style="fill:#00cb00;fill-opacity:1;stroke:#000000;stroke-width:11.13250828;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none" />
<rect
ry="6.8937893"
rx="6.5289483"
y="-512.20892"
x="-404.24753"
height="165.68073"
width="196.9566"
id="rect3818-0-0-4-9"
style="fill:#00cb00;fill-rule:evenodd;stroke:#000000;stroke-width:11.13250828;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;fill-opacity:1" />
</g>
</g>
<text
sodipodi:linespacing="125%"
id="text5074-6"
y="305.95026"
x="1026.2378"
style="font-size:40px;font-style:normal;font-weight:normal;line-height:125%;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;font-family:'Open Sans';-inkscape-font-specification:'Open Sans';font-stretch:normal;font-variant:normal;"
xml:space="preserve"><tspan
y="305.95026"
x="1026.2378"
id="tspan5076-8"
sodipodi:role="line">HTTPS</tspan></text>
</g>
</g>
</g>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 26 KiB

BIN
security-guide/static/secure-arch-ref-4.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 32 KiB

638
security-guide/static/secure-arch-ref-4.svg Normal file
View File

@ -0,0 +1,638 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!-- Created with Inkscape (http://www.inkscape.org/) -->
<svg
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:cc="http://creativecommons.org/ns#"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:svg="http://www.w3.org/2000/svg"
xmlns="http://www.w3.org/2000/svg"
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
width="744.09448819"
height="1052.3622047"
id="svg2"
version="1.1"
inkscape:version="0.91 r13725"
sodipodi:docname="secure-arch-crypotgraphic-seperation-of-external-and-internal-environments.svg"
inkscape:export-filename="/Users/priti_desai1/Symantec/OpenStack/source/security-doc/security-guide/static/secure-arch-crypotgraphic-seperation-of-external-and-internal-environments.png"
inkscape:export-xdpi="90"
inkscape:export-ydpi="90">
<defs
id="defs4">
<marker
inkscape:stockid="Arrow1Lend"
orient="auto"
refY="0.0"
refX="0.0"
id="Arrow1Lend"
style="overflow:visible;">
<path
id="path5082"
d="M 0.0,0.0 L 5.0,-5.0 L -12.5,0.0 L 5.0,5.0 L 0.0,0.0 z "
style="fill-rule:evenodd;stroke:#000000;stroke-width:1.0pt;"
transform="scale(0.8) rotate(180) translate(12.5,0)" />
</marker>
<marker
inkscape:stockid="Arrow2Lstart"
orient="auto"
refY="0.0"
refX="0.0"
id="Arrow2Lstart"
style="overflow:visible">
<path
id="path5591"
style="fill-rule:evenodd;stroke-width:0.62500000;stroke-linejoin:round"
d="M 8.7185878,4.0337352 L -2.2072895,0.016013256 L 8.7185884,-4.0017078 C 6.9730900,-1.6296469 6.9831476,1.6157441 8.7185878,4.0337352 z "
transform="scale(1.1) translate(1,0)" />
</marker>
<marker
inkscape:stockid="Arrow2Lend"
orient="auto"
refY="0.0"
refX="0.0"
id="Arrow2Lend"
style="overflow:visible;">
<path
id="path5594"
style="fill-rule:evenodd;stroke-width:0.62500000;stroke-linejoin:round;"
d="M 8.7185878,4.0337352 L -2.2072895,0.016013256 L 8.7185884,-4.0017078 C 6.9730900,-1.6296469 6.9831476,1.6157441 8.7185878,4.0337352 z "
transform="scale(1.1) rotate(180) translate(1,0)" />
</marker>
<marker
inkscape:stockid="Arrow1Lend"
orient="auto"
refY="0"
refX="0"
id="Arrow1Lend-1"
style="overflow:visible">
<path
inkscape:connector-curvature="0"
id="path5082-4"
d="M 0,0 5,-5 -12.5,0 5,5 0,0 z"
style="fill-rule:evenodd;stroke:#000000;stroke-width:1pt"
transform="matrix(-0.8,0,0,-0.8,-10,0)" />
</marker>
<filter
id="filter6098"
inkscape:label="Inner Shadow"
inkscape:menu="Shadows and Glows"
inkscape:menu-tooltip="Adds a colorizable drop shadow inside"
color-interpolation-filters="sRGB">
<feGaussianBlur
id="feGaussianBlur6100"
stdDeviation="25.0075"
result="result8" />
<feOffset
id="feOffset6102"
dx="0"
dy="0"
result="result11" />
<feComposite
id="feComposite6104"
in2="result11"
result="result6"
in="SourceGraphic"
operator="in" />
<feFlood
id="feFlood6106"
result="result10"
in="result6"
flood-opacity="1"
flood-color="rgb(0,0,0)" />
<feBlend
id="feBlend6108"
in2="result10"
mode="normal"
in="result6"
result="result12" />
<feComposite
id="feComposite6110"
in2="SourceGraphic"
result="result2"
operator="in" />
</filter>
<marker
inkscape:stockid="Arrow1Lend"
orient="auto"
refY="0"
refX="0"
id="Arrow1Lend-9"
style="overflow:visible">
<path
inkscape:connector-curvature="0"
id="path5082-3"
d="M 0,0 5,-5 -12.5,0 5,5 0,0 z"
style="fill-rule:evenodd;stroke:#000000;stroke-width:1pt"
transform="matrix(-0.8,0,0,-0.8,-10,0)" />
</marker>
<marker
inkscape:stockid="Arrow1Lend"
orient="auto"
refY="0"
refX="0"
id="Arrow1Lend-6"
style="overflow:visible">
<path
inkscape:connector-curvature="0"
id="path5082-5"
d="M 0,0 5,-5 -12.5,0 5,5 0,0 z"
style="fill-rule:evenodd;stroke:#000000;stroke-width:1pt"
transform="matrix(-0.8,0,0,-0.8,-10,0)" />
</marker>
</defs>
<sodipodi:namedview
id="base"
pagecolor="#ffffff"
bordercolor="#666666"
borderopacity="1.0"
inkscape:pageopacity="0.0"
inkscape:pageshadow="2"
inkscape:zoom="0.52"
inkscape:cx="302.05752"
inkscape:cy="814.03271"
inkscape:document-units="px"
inkscape:current-layer="g5128"
showgrid="false"
inkscape:window-width="1280"
inkscape:window-height="752"
inkscape:window-x="7"
inkscape:window-y="360"
inkscape:window-maximized="0" />
<metadata
id="metadata7">
<rdf:RDF>
<cc:Work
rdf:about="">
<dc:format>image/svg+xml</dc:format>
<dc:type
rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
<dc:title />
</cc:Work>
</rdf:RDF>
</metadata>
<g
inkscape:label="Layer 1"
inkscape:groupmode="layer"
id="layer1">
<rect
style="fill:#aaeeff;fill-rule:evenodd;stroke:#000000;stroke-width:3;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none"
id="rect3818"
width="219.94656"
height="146.42062"
x="-1391.7836"
y="-15.267624"
rx="7.2910466"
ry="6.0923982" />
<g
id="g3887"
transform="translate(-604.1739,-665.88962)">
<path
sodipodi:nodetypes="sssssssss"
inkscape:connector-curvature="0"
id="path3889"
d="m -461.83095,1032.4929 17.17824,0 c 28.5344,0 51.50616,22.9717 51.50616,51.5062 l 0,41.6121 c 0,28.5344 -22.97176,27.0723 -51.50616,27.0723 l -17.17824,0 c -28.5344,0 -51.50616,1.4621 -51.50616,-27.0723 l 0,-41.6121 c 0,-28.5345 22.97176,-51.5062 51.50616,-51.5062 z"
style="fill:#e6e6e6;fill-opacity:1;stroke:#000000;stroke-width:3;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none" />
<path
transform="matrix(0.75680036,0,0,0.75680036,487.24955,1274.1958)"
d="m -1176.1879,-357.11319 a 66.532639,66.532639 0 0 1 -66.5327,66.53264 66.532639,66.532639 0 0 1 -66.5326,-66.53264 66.532639,66.532639 0 0 1 66.5326,-66.53264 66.532639,66.532639 0 0 1 66.5327,66.53264 z"
sodipodi:ry="66.532639"
sodipodi:rx="66.532639"
sodipodi:cy="-357.11319"
sodipodi:cx="-1242.7206"
id="path3891"
style="fill:#e6e6e6;fill-opacity:1;stroke:#000000;stroke-width:3.96405721;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none"
sodipodi:type="arc" />
</g>
<g
id="g4769"
transform="translate(-978.89992,817.78805)">
<path
sodipodi:nodetypes="sscccsssccss"
inkscape:connector-curvature="0"
id="path4691-4"
d="m -306.08776,-630.04373 c -44.4834,0 -80.5625,36.04785 -80.5625,80.53125 0,0.49501 0.0224,38.15846 0.0312,38.65135 l 11.65625,0.7224 11.65625,-0.16997 c -0.0124,-0.49113 -0.0312,-38.70965 -0.0312,-39.20378 0,-31.62407 25.62593,-57.25 57.25,-57.25 31.62406,0 57.91431,25.62593 57.91431,57.25 0,0.49413 0.0124,38.62766 0,39.11879 l 23.28125,-0.46744 c 0.009,-0.49289 0,-38.15634 0,-38.65135 0,-44.4834 -36.71216,-80.53125 -81.19556,-80.53125 z"
style="fill:#ffff00;fill-opacity:1;stroke:#000000;stroke-width:3;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none" />
<rect
ry="6.8937893"
rx="6.5289483"
y="-512.20892"
x="-404.24753"
height="165.68073"
width="196.9566"
id="rect3818-0-0"
style="fill:#ffff00;fill-rule:evenodd;stroke:#000000;stroke-width:3;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none" />
</g>
<g
id="g6423"
transform="translate(-613.27916,252.81162)"
style="stroke-width:3;stroke-miterlimit:4;stroke-dasharray:none">
<g
transform="matrix(0.41806376,0,0,0.41806376,-367.27289,-69.315998)"
id="g6366-5"
style="stroke-width:7.17593908;stroke-miterlimit:4;stroke-dasharray:none">
<path
inkscape:connector-curvature="0"
style="fill:#ffff00;fill-opacity:1;stroke:#000000;stroke-width:7.17593908;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none"
d="m -327.71875,840.21875 c -21.09354,0 -38.0625,17.00021 -38.0625,38.09375 l 0,84.3125 c 0,21.09354 16.96896,38.0625 38.0625,38.0625 l 65.59375,0 184.1875,181.9687 40.96875,0 0,-87.2187 -45.65625,0 0,-45.0937 -45.625,0 0,-45.0938 -45.65625,0 0,-45.09375 -31.4375,0 0,-81.84375 c 0,-21.09354 -16.96896,-38.09375 -38.0625,-38.09375 l -84.3125,0 z m 4.09375,17.6875 c 13.51815,0 24.46875,10.9506 24.46875,24.46875 0,13.51815 -10.9506,24.5 -24.46875,24.5 -13.51815,0 -24.5,-10.98185 -24.5,-24.5 0,-13.51815 10.98185,-24.46875 24.5,-24.46875 z"
id="rect6255-62-0" />
<path
style="fill:none;stroke:#000000;stroke-width:7.17593908;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none"
d="M -39.434801,1180.1853 -236.60881,983.01133"
id="path6358-8"
inkscape:connector-curvature="0" />
</g>
</g>
<text
xml:space="preserve"
style="font-size:40px;font-style:normal;font-weight:normal;line-height:125%;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;font-family:'Open Sans';-inkscape-font-specification:'Open Sans';font-stretch:normal;font-variant:normal;"
x="1465.3846"
y="825.43909"
id="text5074"
sodipodi:linespacing="125%"><tspan
sodipodi:role="line"
id="tspan5076"
x="1465.3846"
y="825.43909">HTTPS</tspan></text>
<g
id="g5205"
transform="translate(-198.07692,284.61538)">
<rect
ry="0"
rx="0"
y="-116.86858"
x="-371.15384"
height="632.69232"
width="2296.1538"
id="rect5203"
style="fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none" />
<g
transform="translate(8.5763742,13.321209)"
id="g5137">
<g
id="g4707"
transform="translate(-32.635698,-25.733833)"
style="fill:#fcffdb;fill-opacity:1">
<rect
ry="15.900414"
rx="15.900414"
y="41.336704"
x="155.45932"
height="341.10699"
width="848.854"
id="rect3818-6"
style="fill:#fcffdb;fill-rule:evenodd;stroke:#000000;stroke-width:4;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;fill-opacity:1" />
<g
id="g4683"
style="fill:#fcffdb;fill-opacity:1">
<g
id="g4662"
transform="translate(11.784024,0)"
style="fill:#ff4a00;fill-opacity:0.78205127">
<g
transform="translate(-8.1589244,-12.238387)"
id="g4582"
style="fill:#ff4a00;fill-opacity:0.78205127">
<rect
style="fill:#ff4a00;fill-rule:evenodd;stroke:#000000;stroke-width:4;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;fill-opacity:0.78205127"
id="rect3818-6-9"
width="252.3513"
height="227.34058"
x="169.86487"
y="139.30081"
rx="8.3652372"
ry="9.4593878" />
<g
id="g4573"
style="fill:#00cb00;fill-opacity:0.78205127">
<text
sodipodi:linespacing="125%"
id="text3631"
y="184.79655"
x="295.83545"
style="font-size:40px;font-style:normal;font-weight:normal;text-align:center;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#000000;fill-opacity:0.78205127;stroke:none;font-family:'Open Sans';-inkscape-font-specification:'Open Sans';font-stretch:normal;font-variant:normal;"
xml:space="preserve"><tspan
y="184.79655"
x="295.83545"
id="tspan3633"
sodipodi:role="line">SSL/TLS</tspan><tspan
id="tspan3635"
y="234.79655"
x="295.83545"
sodipodi:role="line">Proxy</tspan></text>
<g
style="stroke:#000000;stroke-width:4.44857025;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;fill:#00cb00;fill-opacity:0.78205127"
transform="matrix(0.67437396,0,0,0.67437396,600.49372,62.650235)"
id="g6423-4-8-4">
<g
style="stroke:#000000;stroke-width:10.64089012;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;fill:#00cb00;fill-opacity:0.78205127"
id="g6366-5-6-1-0"
transform="matrix(0.41806376,0,0,0.41806376,-367.27289,-69.315998)">
<path
id="rect6255-62-0-3-8-9"
d="m -327.71875,840.21875 c -21.09354,0 -38.0625,17.00021 -38.0625,38.09375 l 0,84.3125 c 0,21.09354 16.96896,38.0625 38.0625,38.0625 l 65.59375,0 184.1875,181.9687 40.96875,0 0,-87.2187 -45.65625,0 0,-45.0937 -45.625,0 0,-45.0938 -45.65625,0 0,-45.09375 -31.4375,0 0,-81.84375 c 0,-21.09354 -16.96896,-38.09375 -38.0625,-38.09375 l -84.3125,0 z m 4.09375,17.6875 c 13.51815,0 24.46875,10.9506 24.46875,24.46875 0,13.51815 -10.9506,24.5 -24.46875,24.5 -13.51815,0 -24.5,-10.98185 -24.5,-24.5 0,-13.51815 10.98185,-24.46875 24.5,-24.46875 z"
style="fill:#00cb00;fill-opacity:0.78205127;stroke:#000000;stroke-width:10.64089012;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none"
inkscape:connector-curvature="0" />
<path
inkscape:connector-curvature="0"
id="path6358-8-0-9-8"
d="M -39.434801,1180.1853 -236.60881,983.01133"
style="fill:#00cb00;stroke:#000000;stroke-width:10.64089012;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;fill-opacity:0.78205127" />
</g>
</g>
</g>
</g>
<g
transform="translate(-8.1589244,41.417253)"
id="g4599"
style="fill:#ff4a00;fill-opacity:0.78205127">
<rect
style="fill:#ff4a00;fill-rule:evenodd;stroke:#000000;stroke-width:4;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;fill-opacity:0.78205127"
id="rect3818-6-9-0"
width="252.3513"
height="227.34058"
x="730.30627"
y="85.645172"
rx="8.3652372"
ry="9.4593878" />
<text
xml:space="preserve"
style="font-size:40px;font-style:normal;font-weight:normal;text-align:center;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none;font-family:'Open Sans';-inkscape-font-specification:'Open Sans';font-stretch:normal;font-variant:normal;"
x="856.27686"
y="188.87601"
id="text3643"
sodipodi:linespacing="125%"><tspan
sodipodi:role="line"
id="tspan3645"
x="856.27686"
y="188.87601">SSL/TLS</tspan><tspan
sodipodi:role="line"
x="856.27686"
y="238.87601"
id="tspan3647">Client</tspan></text>
</g>
<g
id="g4657"
style="fill:#ff4a00;fill-opacity:0.78205127">
<rect
style="fill:#ff4a00;fill-rule:evenodd;stroke:#000000;stroke-width:4;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;fill-opacity:0.78205127"
id="rect3818-6-9-5"
width="252.3513"
height="227.34058"
x="441.92667"
y="127.06242"
rx="8.3652372"
ry="9.4593878" />
<text
xml:space="preserve"
style="font-size:40px;font-style:normal;font-weight:normal;text-align:center;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none;font-family:'Open Sans';-inkscape-font-specification:'Open Sans';font-stretch:normal;font-variant:normal;"
x="566.15894"
y="251.15263"
id="text3637"
sodipodi:linespacing="125%"><tspan
sodipodi:role="line"
x="566.15894"
y="251.15263"
id="tspan3641">HAProxy</tspan></text>
</g>
</g>
<text
xml:space="preserve"
style="font-size:40px;font-style:normal;font-weight:normal;line-height:125%;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;font-family:'Open Sans';-inkscape-font-specification:'Open Sans';font-stretch:normal;font-variant:normal;"
x="356.27304"
y="97.768028"
id="text4627"
sodipodi:linespacing="125%"><tspan
sodipodi:role="line"
id="tspan4629"
x="356.27304"
y="97.768028">Load Balancer System</tspan></text>
</g>
</g>
<g
id="g5053"
transform="translate(1388.3769,-829.49065)"
style="fill:#fcffdb;fill-opacity:1">
<rect
ry="15.93363"
rx="10.717546"
y="844.73724"
x="-196.3822"
height="341.81955"
width="572.16315"
id="rect3818-6-4"
style="fill:#fcffdb;fill-rule:evenodd;stroke:#000000;stroke-width:3.28743052;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;fill-opacity:1" />
<g
id="g5036"
style="fill:#ff4a00;fill-opacity:0.78039217">
<g
id="g5016"
style="fill:#ff4a00;fill-opacity:0.78039217">
<rect
ry="9.4593878"
rx="8.3652372"
y="930.81921"
x="-176.58664"
height="227.34058"
width="252.3513"
id="rect3818-6-9-1"
style="fill:#ff4a00;fill-rule:evenodd;stroke:#000000;stroke-width:4;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;fill-opacity:0.78039217" />
<g
id="g5007"
style="fill:#ffff00;fill-opacity:0.78039217">
<text
xml:space="preserve"
style="font-size:40px;font-style:normal;font-weight:normal;text-align:center;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#ffff00;fill-opacity:0.78039217;stroke:none;font-family:'Open Sans';-inkscape-font-specification:'Open Sans';font-stretch:normal;font-variant:normal"
x="-50.616062"
y="976.315"
id="text3631-8"
sodipodi:linespacing="125%"><tspan
sodipodi:role="line"
id="tspan3633-0"
x="-50.616062"
y="976.315"
style="fill:#000300;fill-opacity:0.78039217">SSL/TLS</tspan><tspan
sodipodi:role="line"
x="-50.616062"
y="1026.3149"
id="tspan3635-1"
style="fill:#000300;fill-opacity:0.78039217">Proxy</tspan></text>
<g
id="g6423-4-8-4-2"
transform="matrix(0.67437396,0,0,0.67437396,254.04221,854.16866)"
style="fill:#ffff00;stroke:#000000;stroke-width:4.44857025;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;fill-opacity:0.78039217">
<g
transform="matrix(0.41806376,0,0,0.41806376,-367.27289,-69.315998)"
id="g6366-5-6-1-0-3"
style="fill:#ffff00;stroke:#000000;stroke-width:10.64089012;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;fill-opacity:0.78039217">
<path
inkscape:connector-curvature="0"
style="fill:#ffff00;fill-opacity:0.78039217;stroke:#000000;stroke-width:10.64089012;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none"
d="m -327.71875,840.21875 c -21.09354,0 -38.0625,17.00021 -38.0625,38.09375 l 0,84.3125 c 0,21.09354 16.96896,38.0625 38.0625,38.0625 l 65.59375,0 184.1875,181.9687 40.96875,0 0,-87.2187 -45.65625,0 0,-45.0937 -45.625,0 0,-45.0938 -45.65625,0 0,-45.09375 -31.4375,0 0,-81.84375 c 0,-21.09354 -16.96896,-38.09375 -38.0625,-38.09375 l -84.3125,0 z m 4.09375,17.6875 c 13.51815,0 24.46875,10.9506 24.46875,24.46875 0,13.51815 -10.9506,24.5 -24.46875,24.5 -13.51815,0 -24.5,-10.98185 -24.5,-24.5 0,-13.51815 10.98185,-24.46875 24.5,-24.46875 z"
id="rect6255-62-0-3-8-9-2" />
<path
style="fill:#ffff00;stroke:#000000;stroke-width:10.64089012;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;fill-opacity:0.78039217"
d="M -39.434801,1180.1853 -236.60881,983.01133"
id="path6358-8-0-9-8-3"
inkscape:connector-curvature="0" />
</g>
</g>
</g>
</g>
<g
id="g4985"
style="fill:#ff4a00;fill-opacity:0.78039217">
<rect
ry="9.4593878"
rx="8.3652372"
y="930.81921"
x="103.63408"
height="227.34058"
width="252.3513"
id="rect3818-6-9-5-0"
style="fill:#ff4a00;fill-rule:evenodd;stroke:#000000;stroke-width:4;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;fill-opacity:0.78039217" />
<text
sodipodi:linespacing="125%"
id="text3637-1"
y="1029.9094"
x="228.33511"
style="font-size:40px;font-style:normal;font-weight:normal;text-align:center;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none;font-family:'Open Sans';-inkscape-font-specification:'Open Sans';font-stretch:normal;font-variant:normal;"
xml:space="preserve"><tspan
id="tspan3641-3"
y="1029.9094"
x="228.33511"
sodipodi:role="line">API</tspan><tspan
id="tspan4959"
y="1079.9094"
x="228.33511"
sodipodi:role="line">Endpoint</tspan></text>
</g>
</g>
<text
sodipodi:linespacing="125%"
id="text4627-7"
y="901.52484"
x="-64.831879"
style="font-size:40px;font-style:normal;font-weight:normal;line-height:125%;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;font-family:'Open Sans';-inkscape-font-specification:'Open Sans';font-stretch:normal;font-variant:normal;"
xml:space="preserve"><tspan
y="901.52484"
x="-64.831879"
id="tspan4629-9"
sodipodi:role="line">Service System</tspan></text>
</g>
<g
id="g5116">
<g
style="stroke:#000000;stroke-width:3.414608;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;fill:#0040fd;fill-opacity:0.99358976"
transform="matrix(0.87857813,0,0,0.87857813,223.39858,-720.07043)"
id="g3887-4"
inkscape:export-xdpi="90"
inkscape:export-ydpi="90">
<path
style="fill:#0040fd;fill-opacity:0.99358976;stroke:#000000;stroke-width:3.414608;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none"
d="m -461.83095,1032.4929 17.17824,0 c 28.5344,0 51.50616,22.9717 51.50616,51.5062 l 0,41.6121 c 0,28.5344 -22.97176,27.0723 -51.50616,27.0723 l -17.17824,0 c -28.5344,0 -51.50616,1.4621 -51.50616,-27.0723 l 0,-41.6121 c 0,-28.5345 22.97176,-51.5062 51.50616,-51.5062 z"
id="path3889-8"
inkscape:connector-curvature="0"
sodipodi:nodetypes="sssssssss" />
<path
sodipodi:type="arc"
style="fill:#0040fd;fill-opacity:0.99358976;stroke:#000000;stroke-width:4.5119009;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none"
id="path3891-0"
sodipodi:cx="-1242.7206"
sodipodi:cy="-357.11319"
sodipodi:rx="66.532639"
sodipodi:ry="66.532639"
d="m -1176.1879,-357.11319 a 66.532639,66.532639 0 0 1 -66.5327,66.53264 66.532639,66.532639 0 0 1 -66.5326,-66.53264 66.532639,66.532639 0 0 1 66.5326,-66.53264 66.532639,66.532639 0 0 1 66.5327,66.53264 z"
transform="matrix(0.75680036,0,0,0.75680036,487.24955,1274.1958)" />
</g>
<g
transform="translate(0,9.6176845)"
id="g4743"
style="fill:#00cb00;fill-opacity:1">
<path
style="fill:#00cb00;stroke:#000000;stroke-width:2.37661695;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;marker-end:url(#Arrow1Lend);fill-opacity:1"
d="m -113.58447,206.74109 245.3682,0"
id="path4889"
inkscape:connector-curvature="0" />
<g
id="g4769-4"
transform="matrix(0.26948105,0,0,0.26948105,91.498642,327.15999)"
style="stroke:#000000;stroke-width:11.13250828;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;fill:#00cb00;fill-opacity:1">
<path
sodipodi:nodetypes="sscccsssccss"
inkscape:connector-curvature="0"
id="path4691-4-1"
d="m -306.08776,-630.04373 c -44.4834,0 -80.5625,36.04785 -80.5625,80.53125 0,0.49501 0.0224,38.15846 0.0312,38.65135 l 11.65625,0.7224 11.65625,-0.16997 c -0.0124,-0.49113 -0.0312,-38.70965 -0.0312,-39.20378 0,-31.62407 25.62593,-57.25 57.25,-57.25 31.62406,0 57.91431,25.62593 57.91431,57.25 0,0.49413 0.0124,38.62766 0,39.11879 l 23.28125,-0.46744 c 0.009,-0.49289 0,-38.15634 0,-38.65135 0,-44.4834 -36.71216,-80.53125 -81.19556,-80.53125 z"
style="fill:#00cb00;fill-opacity:1;stroke:#000000;stroke-width:11.13250828;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none" />
<rect
ry="6.8937893"
rx="6.5289483"
y="-512.20892"
x="-404.24753"
height="165.68073"
width="196.9566"
id="rect3818-0-0-4"
style="fill:#00cb00;fill-rule:evenodd;stroke:#000000;stroke-width:11.13250828;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;fill-opacity:1" />
</g>
</g>
<text
sodipodi:linespacing="125%"
id="text5074-8"
y="292.62906"
x="-55.656231"
style="font-size:40px;font-style:normal;font-weight:normal;line-height:125%;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;font-family:'Open Sans';-inkscape-font-specification:'Open Sans';font-stretch:normal;font-variant:normal;"
xml:space="preserve"><tspan
y="292.62906"
x="-55.656231"
id="tspan5076-6"
sodipodi:role="line">HTTPS</tspan></text>
</g>
<g
id="g5128"
style="fill:#ffff00;fill-opacity:0.78039217">
<g
transform="translate(-27.196415,-9.5187452)"
id="g4817"
style="fill:#ffff00;fill-opacity:0.78039217">
<path
style="fill:#ffff00;stroke:#000000;stroke-width:2.37661695;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;marker-end:url(#Arrow1Lend);fill-opacity:0.78039217"
d="m 986.92963,225.87752 245.36817,0"
id="path4889-4"
inkscape:connector-curvature="0" />
<g
id="g4769-4-8"
transform="matrix(0.26948105,0,0,0.26948105,1192.0127,346.29642)"
style="fill:#ffff00;stroke:#000000;stroke-width:11.13250828;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;fill-opacity:0.78039217">
<path
sodipodi:nodetypes="sscccsssccss"
inkscape:connector-curvature="0"
id="path4691-4-1-3"
d="m -306.08776,-630.04373 c -44.4834,0 -80.5625,36.04785 -80.5625,80.53125 0,0.49501 0.0224,38.15846 0.0312,38.65135 l 11.65625,0.7224 11.65625,-0.16997 c -0.0124,-0.49113 -0.0312,-38.70965 -0.0312,-39.20378 0,-31.62407 25.62593,-57.25 57.25,-57.25 31.62406,0 57.91431,25.62593 57.91431,57.25 0,0.49413 0.0124,38.62766 0,39.11879 l 23.28125,-0.46744 c 0.009,-0.49289 0,-38.15634 0,-38.65135 0,-44.4834 -36.71216,-80.53125 -81.19556,-80.53125 z"
style="fill:#ffff00;fill-opacity:0.78039217;stroke:#000000;stroke-width:11.13250828;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none" />
<rect
ry="6.8937893"
rx="6.5289483"
y="-512.20892"
x="-404.24753"
height="165.68073"
width="196.9566"
id="rect3818-0-0-4-9"
style="fill:#ffff00;fill-rule:evenodd;stroke:#000000;stroke-width:11.13250828;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;fill-opacity:0.78039217" />
</g>
</g>
<text
sodipodi:linespacing="125%"
id="text5074-6"
y="292.62906"
x="1017.6614"
style="font-size:40px;font-style:normal;font-weight:normal;line-height:125%;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:0.78039217;stroke:none;font-family:'Open Sans';-inkscape-font-specification:'Open Sans';font-stretch:normal;font-variant:normal;"
xml:space="preserve"><tspan
y="292.62906"
x="1017.6614"
id="tspan5076-8"
sodipodi:role="line">HTTPS</tspan></text>
</g>
</g>
</g>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 32 KiB