Network overview

Opsflw Connect uses opinionated network tiers to protect tenant workloads while keeping operations tasks predictable. Every deployment inherits the same blueprint so teams can roll out new applications without re-architecting connectivity.

Segmentation model

Edge tier terminates Cloudflare proxies and enforces TLS end to end before traffic enters provider regions.
Service tier hosts Opsflw Connect control plane services in private subnets with strict security group policies.
Workload tier isolates tenant-specific data plane clusters and limits ingress to service-tier allowlists.

Traffic flows are logged centrally and mirrored to the Elastic Stack so incident responders have immediate visibility.

Connectivity patterns

Outbound traffic egresses through managed NAT gateways with allowlisted destinations for third-party APIs.
Private connectivity supports VPN and Direct Connect links using BGP to advertise tenant CIDR ranges.
Peering provides cross-region and cross-cloud communication through automated VPC/VNet peering jobs.

Work with your network security team to vet any exceptions; changes should flow through the Opsflw change management process.

High availability considerations

Each tier spans at least two availability zones. Health checks run via Opsflw automation, and failover policies live in the maintenance window playbooks. Tune the probe intervals to match workload tolerance while keeping recovery within your RTO targets.