2 3 4 5 6 7 Virtual Data Center Security Stack (VDSS) Account acts as boundary used for protection of mission owner applications. AWS Transit Gateway acts as a hub that controls how traffic is routed among all the connected networks which act like spokes. Virtual Data Center Management Stack (VDMS) Account includes capabilities such as Host Based Security System (HBSS), Assured Compliance Assessment Solution (ACAS), authentication systems, and other common services. Mission App Account is where core workloads are deployed. All communications to and from the Mission App VPC transit the VDSS and consume shared services from the VDMS. Connectivity to the Department of Defense Information Network (or other agency networks) is achieved through a Virtual Private Gateway (VGW). Typical multi-tier mission workloads use Elastic Load Balancing, AWS Auto Scaling Groups and multiple Availability Zones
