Skip to main content

Learn about the infrastructure

This section gives an overview of the GovWifi infrastructure. A diagram of our infrastructure is available on Google Drive under “GovWifi Architecture Diagram”.

Environments

GovWifi has two environments in separate AWS accounts: Staging and Production.

VPN

All connections must be made via the GDS VPN. Please contact your local service desk for access.

Elastic IPs

The RADIUS servers are deployed as ECS Fargate tasks and respond to authentication requests addressed to Elastic IPs (EIPs) configured on the Network Load Balancers (NLBs). NLBs are deployed across three Availability Zones (AZs) in the London AWS region and three AZs in the Ireland AWS region (six Elastic IPs in total). Organisations which use our service allow-list these IPs and use them to connect to GovWifi.

It is critical the EIPs do not change since this would break the configuration between organisations and our services, thereby removing organisations’ access to GovWifi.

In order to prevent this from happening unintentionally, we configure AWS to deny any request to release the EIPs unless it’s from the GovWifi AWS account. Deletion of EIPs is now managed by terraform in the aws-billing-account repo and protected from accidental change.

Bastions

There are two bastion servers, one per region. The bastion servers act as a gateway to the components in their respective regions and environments. That is to say:

  • To access any Staging database or server, you must access via the Staging bastion.
  • To access any Production database or server, you must access via the Production bastion.

Databases

There are 12 databases in total:

Production

  • Admin, MySQL 5.7
    • Primary in London
  • Sessions, MySQL 5.7
    • Primary in London
    • Replica in London
  • Users, MySQL 8.0
    • Primary in London
    • Replica in London
    • Replica in Dublin
  • Concourse, PostgreSQL 13.7
    • Primary in London
  • Concourse Grafana, PostgreSQL 10.21
    • Primary in London

Staging

  • Admin, MySQL 5.7
    • Primary in London
  • Sessions, MySQL 5.7
    • Primary in London
  • Users, MySQL 8.0
    • Primary in London
    • Replica in Dublin
This page was last reviewed on 25 October 2022. It needs to be reviewed again on 25 April 2023 by the page owner #govwifi .
This page was set to be reviewed before 25 April 2023 by the page owner #govwifi. This might mean the content is out of date.