Skip to main content

Learn about the infrastructure

This section gives an overview of the GovWifi infrastructure. A diagram of our infrastructure is available on Google Drive under “GovWifi Architecture Diagram”.

Environments

GovWifi has two environments in separate AWS accounts: Staging and Production.

VPN

All connections must be made via the GDS VPN. Please contact your local service desk for access.

Elastic IPs

The RADIUS servers are deployed as ECS Fargate tasks and respond to authentication requests addressed to Elastic IPs (EIPs) configured on the Network Load Balancers (NLBs). NLBs are deployed across three Availability Zones (AZs) in the London AWS region and three AZs in the Ireland AWS region (six Elastic IPs in total). Organisations which use our service allow-list these IPs and use them to connect to GovWifi.

It is critical the EIPs do not change since this would break the configuration between organisations and our services, thereby removing organisations’ access to GovWifi.

In order to prevent this from happening unintentionally, we configure AWS to deny any request to release the EIPs unless it’s from the GovWifi AWS account. Deletion of EIPs is now managed by terraform in the aws-billing-account repo and protected from accidental change.

Bastions

There are two bastion servers, one per region. The bastion servers act as a gateway to the components in their respective regions and environments. That is to say:

  • To access any Staging database or server, you must access via the Staging bastion.
  • To access any Production database or server, you must access via the Production bastion.

Databases

Currently there are 16 databases in total:

Production

  • Admin, MySQL 8.0
    • Primary in London
  • Sessions, MySQL 5.7
    • Primary in London
    • Replica in London
  • Users, MySQL 8.0
    • Primary in London
    • Replica in London
    • Replica in Dublin

Staging

  • Admin, MySQL 8.0
    • Primary in London
  • Sessions, MySQL 5.7
    • Primary in London
  • Users, MySQL 8.0
    • Primary in London
    • Replica in Dublin

Development

  • Admin, MySQL 8.0
    • Primary in London
  • Sessions, MySQL 5.7
    • Primary in London
    • Replica in London
  • Users, MySQL 8.0
    • Primary in London
    • Replica in London
    • Replica in Dublin
This page was last reviewed on 16 October 2024. It needs to be reviewed again on 16 April 2025 by the page owner #govwifi .