diff --git a/README.md b/README.md index 86fc86cc8..2d79aa3e8 100644 --- a/README.md +++ b/README.md @@ -50,7 +50,7 @@ Mission LZ has the following scope: ## Networking -Networking is set up in a hub and spoke design, separated by tiers: T0, T1, T2, and multiple T3s. Security can be configured to allow separation of duties between all tiers. Most customers will deploy each tier to a separate Azure subscription, but multiple subscriptions are not required. +Networking is set up in a hub and spoke design, separated by tiers: T0 (Identity and Authorization), T1 (Infrastructure Operations), T2 (DevSecOps and Shared Services), and multiple T3s (Workloads). Security can be configured to allow separation of duties between all tiers. Most customers will deploy each tier to a separate Azure subscription, but multiple subscriptions are not required. Mission LZ Networking diff --git a/src/docs/command-line-deployment.md b/src/docs/command-line-deployment.md index e5533d76a..c50aa7039 100644 --- a/src/docs/command-line-deployment.md +++ b/src/docs/command-line-deployment.md @@ -172,7 +172,7 @@ For saca-hub, run the following command to apply the terraform configuration fro src/core/saca-hub saca-hub.tfvars ``` -You could apply Tier 0 with a command below: +You could apply Tier 0 (Identity and Authorization) with a command below: ```bash src/scripts/terraform/apply_terraform.sh \ @@ -180,7 +180,7 @@ src/scripts/terraform/apply_terraform.sh \ src/core/tier-0 tier-0.tfvars ``` -To apply Tier 1, you could then change the target directory: +To apply Tier 1 (Infrastructure Operations), you could then change the target directory: ```bash src/scripts/terraform/apply_terraform.sh \ @@ -192,7 +192,7 @@ Repeating this same pattern, for whatever configuration you wanted to apply and Use `init_terraform.sh` at [src/scripts/terraform/init_terraform.sh](/src/scripts/terraform/init_terraform.sh) to perform just an initialization of the Terraform environment -To initialize Terraform for Tier 1, you could then change the target directory: +To initialize Terraform for Tier 1 (Infrastructure Operations), you could then change the target directory: ```bash src/scripts/terraform/init_terraform.sh \ diff --git a/src/docs/getting-started.md b/src/docs/getting-started.md index bcc714427..861665c65 100644 --- a/src/docs/getting-started.md +++ b/src/docs/getting-started.md @@ -16,7 +16,7 @@ If you are planning to deploy from your local workstation, we recommend using th If you want to deploy from the command line on your workstation but do not want to use the develompent container, take a look at the [`Dockerfile`](../../.devcontainer/Dockerfile) and the [`devcontainer.json`](../../.devcontainer/Dockerfile) file for examples on how to configure your environment. -The develoment container is not necessary if you want to use the Mission LZ user interface for deployments. Docker Desktop or Docker CE is still required to build the user interface container. +The develoment container is not necessary if you want to use the Mission LZ user interface for deployments. Docker Desktop or Docker CE is still required to build the user interface container or you can download a precompiled UI conatiner from the [Releases](https://github.com/Azure/missionlz/releases) page. ## Pre-Requisites diff --git a/src/docs/management-groups.md b/src/docs/management-groups.md index 6c21d6bbd..75d0566f9 100644 --- a/src/docs/management-groups.md +++ b/src/docs/management-groups.md @@ -4,7 +4,7 @@ ### MLZ Structure -The base Mission Landing Zone (MLZ) tiers (SACA Hub, Tier 0, Tier1, Tier 2) can be deployed across one or more Azure subscriptions. The mission workloads (Tier 3) can be deployed into separate subscriptions per workload, consolidated into a single subscription, or a combination of these approaches can be used based on your needs. So from a management perspective, there is usually one SACA Hub subscription, one Tier 0 subscription, one Tier 1 subscription, one Tier 2 subscription and one or more Tier 3 subscriptions. +The base Mission Landing Zone (MLZ) tiers (SACA Hub, Tier 0, Tier1, Tier 2) can be deployed across one or more Azure subscriptions. The mission workloads (Tier 3) can be deployed into separate subscriptions per workload, consolidated into a single subscription, or a combination of these approaches can be used based on your needs. So from a management perspective, there is usually one SACA Hub subscription, one Tier 0 (Identity and Authorization) subscription, one Tier 1 (Infrastructure Operations) subscription, one Tier 2 (DevSecOps and Shared Services) subscription and one or more Tier 3 (Workload) subscriptions. ### Management Groups diff --git a/src/docs/scca.md b/src/docs/scca.md index b2e51a07f..1889636f9 100644 --- a/src/docs/scca.md +++ b/src/docs/scca.md @@ -16,7 +16,7 @@ Each component has a set of controls. The controls for each component are listed - Some of the controls are implemented using Azure technologies, but are not within the scope of Mission Landing Zone, e.g. multi-factor authentication and AAD Connect. These rows do not have a ✔️ in the Mission LZ column. - Some of the controls are not implemented with Azure technologies, e.g. BCAP 2.1.1.7. These rows have "N/A" under the Azure Technologies column. -> NOTE: the mapping of controls to technologies and Mission Landing Zone implementation represents our opinion on how Mission Landing Zone implements SCCA controls. The mappings below are not defined by any DoD organization or Authorizing Official. +> NOTE: the mapping of controls to technologies and Mission Landing Zone implementation represents our opinion on how Mission Landing Zone implements SCCA controls. The mappings below are not defined by any DoD organization or Authorizing Official. ## BCAP Controls