Skip to main content

System Diagrams

Current as of November 15th, 2019

FxA universe

stateDiagram state "RP" as RP state "Amazon S3" as s3: Profile photo storage state "Amazon SES" as ses: Amazon email delivery state "Amazon SNS" as sns: Amazon hosted email/SMS state "Basket" as basket: Send marketing emails, hosted by Marketing state "fraud detection pipeline" as fdp: Should an event be blocked? Hosted by SecOps state "fxa-auth-server" as auth: authn/authz state "fxa-content-server" as content state "fxa-customs-server" as customs: Fraud/abuse prevention state "fxa-event-broker" as eb: Notify RPs of important user events state "fxa-payments-server" as payments state "fxa-profile-server" as profile state "fxa-support-panel" as support_panel: Allow support agents to access user info state "gcp" as gcp: logging/metrics state "iprepd" as iprepd: Should an IP be blocked? Hosted by SecOps state "memcached" as memcached: store blocks, rate limits state "Mozilla Data Platform (MDP)" as mdp: Send marketing emails, hosted by Marketing state "mysql" as mysql: auth, oauth, profile CRUD state "redis" as redis: session/profile info cache state "Support agent" as support_agent: Fix user problems state "Zendesk" as zendesk: Hosted support management User-->RP RP-->auth RP-->content auth-->basket auth-->customs auth-->eb auth-->gcp auth-->mysql auth-->profile auth-->redis auth-->sns auth-->ses auth-->zendesk content-->auth content-->gcp content-->payments content-->profile customs-->gcp customs-->iprepd customs-->memcached eb-->RP fdp-->customs gcp-->fdp gcp-->mdp payments-->auth payments-->profile payments-->stripe payments-->gcp payments-->RP profile-->auth profile-->gcp profile-->mysql profile-->s3 support_agent-->support_panel support_agent-->zendesk support_panel-->auth support_panel-->profile

fxa-auth-server

stateDiagram state "RP" as RP state "Amazon SES" as ses: Amazon email delivery state "Amazon SNS" as sns: Amazon hosted email/SMS state "Basket - Salesforce Marketing Cloud (SFMC)" as basket: Send marketing emails, hosted by Marketing state "fxa-auth-server" as auth: authn/authz state "fxa-content-server" as content state "fxa-customs-server" as customs: Fraud/abuse prevention state "fxa-event-broker" as eb: Notify RPs of important user events state "fxa-payments-server" as payments state "fxa-profile-server" as profile state "fxa-support-panel" as support_panel: Allow support agents to access user info state "gcp" as gcp: logging/metrics state "mysql" as mysql: auth, oauth, profile CRUD state "redis" as redis: session/profile info cache state "Zendesk" as zendesk: Hosted support management RP-->auth : 1 content-->auth : 2 payments-->auth : 3 profile-->auth : 4 support_panel-->auth : 5 auth-->ses : 6 auth-->basket : 7 auth-->customs : 8 auth-->eb : 9 auth-->gcp : 10 auth-->mysql : 11 auth-->redis : 12 auth-->sns : 13 auth-->zendesk : 14 note left of RP No. Connection Reason 1. RP → auth verify/fetch OAuth tokens 2. content → auth authentication/authorization 3. payments → auth update subscriptions 4. profile → auth canonical profile info 5. support_panel → auth view user info 6. auth → ses send email to users 7. auth → basket notify of user events 8. auth → customs fraud detection 9. auth → event broker notify of user update 10. auth → gcp logging 11. auth → mysql authorization CRUD 12. auth → redis profile/sessionToken cache 13. auth → sns send SMS messages 14. auth → zendesk file support tickets end note

fxa-content-server

stateDiagram RP state "fxa-auth-server" as auth: authn/authz state "fxa-content-server" as content state "fxa-payments-server" as payments state "fxa-profile-server" as profile state "gcp" as gcp: logging/metrics RP-->content : 1 content-->auth : 2 content-->payments : 3 content-->profile : 4 content-->gcp : 5 note left of RP No. Connection Reason 1. RP → content authorization 2. content → auth authentication & authorization 3. content → payments redirect to update subscriptions 4. content → profile fetch subscription info 5. content → gcp send logs end note

fxa-customs-server

stateDiagram state "fxa-auth-server" as auth: authn/authz state "fxa-customs-server" as customs: Fraud/abuse prevention state "gcp" as gcp: logging/metrics state "memcached" as memcached: store blocks, rate limits state "iprepd" as iprepd: Should an IP be blocked? Hosted by SecOps state "fraud detection pipeline" as fdp: Should an event be blocked? Hosted by SecOps auth-->customs : 1 customs-->gcp : 2 customs-->iprepd : 3 customs-->memcached : 4 fdp-->customs : 5 gcp-->fdp : 6 note left of auth No. Connection Reason 1. auth → customs check whether request should be blocked 2. customs → gcp send logs 3. customs → iprepd check ip address 4. customs → memcached store counts & blocks 5. fdp → customs inform of block 6. gcp → fdp notify of user events end note

fxa-payments-server

stateDiagram state "fxa-auth-server" as auth: authn/authz state "fxa-content-server" as content state "fxa-payments-server" as payments state "fxa-profile-server" as profile state "gcp" as gcp: logging/metrics content-->payments : 1 payments-->auth : 2 payments-->profile : 3 payments-->stripe : 4 payments-->gcp : 5 payments-->RP : 6 note left of content No. Connection Reason 1. content → payments redirect 2. payments → auth update subscriptions 3. payments → profile get user profile 4. payments → stripe get payment widget 5. payments → gcp send logs & metrics 6. payments → RP redirect after subscription update end note

fxa-profile-server

stateDiagram state "fxa-auth-server" as auth: authn/authz state "fxa-content-server" as content state "fxa-payments-server" as payments state "fxa-profile-server" as profile state "mysql" as mysql: auth, oauth, profile CRUD state "gcp" as gcp: logging/metrics state "fxa-support-panel" as support_panel: Allow support agents to access user info state "S3" as s3: Profile photo storage content-->profile : 1 payments-->profile : 2 auth-->profile : 3 profile-->auth : 4 support_panel-->profile : 5 profile-->gcp : 6 profile-->mysql : 7 profile-->s3 : 8 note left of gcp No. Connection Reason 1. content → profile get user profile 2. payments → profile get user profile 3. auth → profile notify of user events 4. profile → auth get canonical profile info 5. support_panel → profile get user profile 6. profile → gcp logging/metrics 7. profile → mysql profile CRUD 8. profile → s3 store profile photos end note

fxa-support-panel

stateDiagram state "fxa-auth-server" as auth: authn/authz state "fxa-content-server" as content state "fxa-profile-server" as profile state "fxa-support-panel" as support_panel: Allow support agents to access user info state "Support agent" as support_agent: Fix user problems state "Zendesk" as zendesk: Hosted support management User-->content : 1 content-->auth : 2 auth-->zendesk : 3 support_agent-->support_panel : 4 support_agent-->zendesk : 5 support_panel-->auth : 6 support_panel-->profile : 7 note left of zendesk No. Connection Reason 1. User → content file support ticket 2. content → auth forward support ticket 3. auth → zendesk forward support ticket 4. support_agent → support_panel check user status 5. support_agent → zendesk get support ticket 6. support_panel → auth get user info 7. support_panel → profile get user info end note

A few additional diagrams

There are a few more private diagrams maintained by the operations group about how we have our cloud services set up. If you're an employee, you can see them here: