update docs (#1273)

Azure · Jul 14, 2021 · a17fa53 · a17fa53
1 parent 90c0f93
commit a17fa53
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 7 deletions.
diff --git a/docs/images/terraform/simulatedenvironment.png b/docs/images/terraform/simulatedenvironment.png
diff --git a/src/terraform/examples/centos-e2e/Appendix.A-SimulatedOnPrem/README.md b/src/terraform/examples/centos-e2e/Appendix.A-SimulatedOnPrem/README.md
@@ -1,11 +1,8 @@
 # Simulated On-premises Environment
 
-This folder contains a simulated on-premises environment with the following architecture:
-
-![The architecture](../../../../../docs/images/terraform/simulatedenvironment.png)
-
-The components are summarized as follows:
+This folder contains a simulated on-premises environment.  The components are summarized as follows:
 * **VPN Server** - this is a VPN Gateway with Site-to-site configuration, or for more realistic example, create a [Vyos Image](../../vpn-single-tunnel-vyos#image-creation)
 * **NFS Filer** - this is a linux server with NFS enabled.
 * **Jumpbox** - this is a VM with access via a public IP address.
 * **DNS Server** - this is a VM with access via a public IP address.  We deploy a DNS Server instead of Azure Private DNS since we are connecting VNET to VNET as described in [Azure Private DNS configuration](https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-name-resolution-for-vms-and-role-instances?toc=/azure/dns/toc.json#vms-and-role-instances])
+* **Proxy** - A proxy is used to enabled an "air-gapped" cloud.  Studios have found that sending control plane traffic to an onprem proxy does not get impacted by latency, and the tradeoff is worthe the "air-gapped" locked down cloud VNET.
diff --git a/src/terraform/examples/centos-e2e/README.md b/src/terraform/examples/centos-e2e/README.md
@@ -132,8 +132,8 @@ This step setups an HPC Cache or Avere vFXT with an optional DNS server for "spo
 Per the [security best practices](../security), it is recommended to perform a simple threat modeling exercise to know where vulnerabilities may exist:
 
 1. Azure Access
-    1. For vFXT deployment, Azure deployment requires a variety of Managed Identity roles, described in [Managed Identity and Roles](../../../src/vfxt#managed-identity-and-roles) require owner or user
-    1. The controller and vFXT used managed identities.  The managed identies are scoped to the resource groups and roles described in [Managed Identity and Roles](../../../src/vfxt#managed-identity-and-roles).  To further lockdown, user created managed identities may be used.  For more information, refer to [Avere vFXT using User Assigned Managed Identity](../vfxt/user-assigned-managed-identity).
+    1. For vFXT deployment, Azure deployment requires a variety of Managed Identity roles, described in [Managed Identity and Roles](../../../vfxt#managed-identity-and-roles) require owner or user
+    1. The controller and vFXT used managed identities.  The managed identies are scoped to the resource groups and roles described in [Managed Identity and Roles](../../../vfxt#managed-identity-and-roles).  To further lockdown, user created managed identities may be used.  For more information, refer to [Avere vFXT using User Assigned Managed Identity](../vfxt/user-assigned-managed-identity).
 
 1. Secrets
     1. no secrets live in code or printed to logs