11. Customer only
Customer 1 Customer 2 … Customer n SSH, ID/pw, X.509
Root/admin control
Customer 1
virtual interfaces
Customer 2
virtual interfaces
… Customer n
virtual interfaces
Customer only
Inbound flows
Default deny
Customer 1
security groups
Customer 2
security groups
… Customer n
security groups
AWS firewall
AWS admins only
Hypervisor layer SSH via bastions
Audits reviewed
Physical interfaces
12. Web tier Application tier Database tier
HTTP/HTTPS SSH/RDP management SSH/RDP management
from Internet from corpnet from corpnet, vendor
SSH/RDP management
from corpnet