oabrivard
/
mdp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c28c888404'
${ noResults }
mdp/Graphics/Azure_Infrastructure_Topolo...

553 lines
47 KiB
XML
Raw Blame History Unescape Escape

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1800 1320" font-family="Arial, Helvetica, sans-serif">
<defs>
<linearGradient id="gMgmt" x1="0" y1="0" x2="1" y2="0"><stop offset="0%" stop-color="#1A237E"/><stop offset="100%" stop-color="#283593"/></linearGradient>
<linearGradient id="gSub" x1="0" y1="0" x2="0" y2="1"><stop offset="0%" stop-color="#E8EAF6"/><stop offset="100%" stop-color="#C5CAE9"/></linearGradient>
<linearGradient id="gHub" x1="0" y1="0" x2="0" y2="1"><stop offset="0%" stop-color="#E0F2F1"/><stop offset="100%" stop-color="#B2DFDB"/></linearGradient>
<linearGradient id="gGreen" x1="0" y1="0" x2="1" y2="0"><stop offset="0%" stop-color="#006B3F"/><stop offset="100%" stop-color="#00944F"/></linearGradient>
<linearGradient id="gTeal" x1="0" y1="0" x2="1" y2="0"><stop offset="0%" stop-color="#00706E"/><stop offset="100%" stop-color="#00A09D"/></linearGradient>
<linearGradient id="gPurple" x1="0" y1="0" x2="0" y2="1"><stop offset="0%" stop-color="#7B1FA2"/><stop offset="100%" stop-color="#9C27B0"/></linearGradient>
<linearGradient id="gOrange" x1="0" y1="0" x2="0" y2="1"><stop offset="0%" stop-color="#E65100"/><stop offset="100%" stop-color="#F57C00"/></linearGradient>
<linearGradient id="gBlue" x1="0" y1="0" x2="0" y2="1"><stop offset="0%" stop-color="#0D47A1"/><stop offset="100%" stop-color="#1565C0"/></linearGradient>
<linearGradient id="gDark" x1="0" y1="0" x2="1" y2="0"><stop offset="0%" stop-color="#263238"/><stop offset="100%" stop-color="#37474F"/></linearGradient>
<filter id="sh"><feDropShadow dx="1" dy="2" stdDeviation="2" flood-opacity="0.12"/></filter>
<filter id="shL"><feDropShadow dx="2" dy="3" stdDeviation="3" flood-opacity="0.15"/></filter>
<marker id="ar" viewBox="0 0 10 7" refX="9" refY="3.5" markerWidth="8" markerHeight="6" orient="auto"><path d="M0 0L10 3.5L0 7z" fill="#546E7A"/></marker>
<marker id="arR" viewBox="0 0 10 7" refX="9" refY="3.5" markerWidth="8" markerHeight="6" orient="auto"><path d="M0 0L10 3.5L0 7z" fill="#C62828"/></marker>
</defs>
<!-- ═══ BACKGROUND ═══ -->
<rect width="1800" height="1320" fill="#F5F6FA" rx="6"/>
<!-- ═══ TITLE BAR ═══ -->
<rect x="0" y="0" width="1800" height="50" fill="#004D2C" rx="6"/>
<rect x="0" y="20" width="1800" height="30" fill="#004D2C"/>
<text x="900" y="32" text-anchor="middle" font-size="20" font-weight="bold" fill="white">Greenfield Modern Data Platform — Azure Infrastructure Topology</text>
<!-- ═══ MANAGEMENT GROUP HIERARCHY (top) ═══ -->
<rect x="40" y="62" width="1720" height="52" rx="6" fill="url(#gMgmt)" filter="url(#sh)"/>
<text x="80" y="84" font-size="11" fill="#9FA8DA">Management Group</text>
<rect x="76" y="92" width="200" height="18" rx="3" fill="#3949AB"/>
<text x="176" y="104" text-anchor="middle" font-size="10" font-weight="bold" fill="white">Greenfield (Root)</text>
<text x="288" y="104" font-size="12" fill="#9FA8DA"></text>
<rect x="302" y="92" width="230" height="18" rx="3" fill="#3949AB"/>
<text x="417" y="104" text-anchor="middle" font-size="10" font-weight="bold" fill="white">Data &amp; AI Platform (MG)</text>
<text x="544" y="104" font-size="12" fill="#9FA8DA"></text>
<rect x="560" y="92" width="140" height="18" rx="3" fill="#5C6BC0"/><text x="630" y="104" text-anchor="middle" font-size="9" fill="white">Production</text>
<rect x="710" y="92" width="140" height="18" rx="3" fill="#5C6BC0"/><text x="780" y="104" text-anchor="middle" font-size="9" fill="white">Non-Production</text>
<rect x="860" y="92" width="180" height="18" rx="3" fill="#5C6BC0"/><text x="950" y="104" text-anchor="middle" font-size="9" fill="white">Connectivity &amp; Shared Svcs</text>
<!-- Azure Policies -->
<rect x="1120" y="72" width="620" height="36" rx="4" fill="#303F9F" opacity="0.7"/>
<text x="1134" y="86" font-size="9" font-weight="bold" fill="#C5CAE9">Azure Policies (inherited):</text>
<text x="1134" y="100" font-size="8.5" fill="#B0BEC5">Deny public endpoints · Require tags · Enforce TLS 1.2 · Allowed regions: canadacentral, canadaeast · Enforce diagnostics</text>
<!-- ═══════════════════════════════════════════════════════════ -->
<!-- SUBSCRIPTION 1: CONNECTIVITY HUB (top-left) -->
<!-- ═══════════════════════════════════════════════════════════ -->
<rect x="40" y="126" width="370" height="360" rx="8" fill="url(#gHub)" stroke="#00897B" stroke-width="1.5" filter="url(#shL)"/>
<rect x="40" y="126" width="370" height="30" rx="8" fill="#00897B"/>
<rect x="40" y="144" width="370" height="12" fill="#00897B"/>
<text x="225" y="146" text-anchor="middle" font-size="13" font-weight="bold" fill="white">sub-data-connectivity</text>
<!-- VNet Hub -->
<rect x="54" y="168" width="342" height="304" rx="6" fill="white" stroke="#26A69A" stroke-width="1.2" opacity="0.95" filter="url(#sh)"/>
<text x="66" y="186" font-size="11" font-weight="bold" fill="#00695C">vnet-hub-canadacentral</text>
<text x="310" y="186" font-size="9" fill="#888">Hub VNet</text>
<!-- Azure Firewall -->
<rect x="66" y="196" width="150" height="54" rx="5" fill="#FFEBEE" stroke="#EF5350" stroke-width="1"/>
<text x="141" y="214" text-anchor="middle" font-size="11" font-weight="bold" fill="#C62828">Azure Firewall</text>
<text x="141" y="228" text-anchor="middle" font-size="9" fill="#555">Premium SKU</text>
<text x="141" y="242" text-anchor="middle" font-size="8" fill="#888">afw-hub-canadacentral</text>
<!-- ExpressRoute -->
<rect x="226" y="196" width="156" height="54" rx="5" fill="#E8EAF6" stroke="#5C6BC0" stroke-width="1"/>
<text x="304" y="214" text-anchor="middle" font-size="11" font-weight="bold" fill="#283593">ExpressRoute</text>
<text x="304" y="228" text-anchor="middle" font-size="9" fill="#555">Gateway</text>
<text x="304" y="242" text-anchor="middle" font-size="8" fill="#888">On-premises connectivity</text>
<!-- Azure Bastion -->
<rect x="66" y="260" width="150" height="42" rx="5" fill="#E3F2FD" stroke="#42A5F5" stroke-width="1"/>
<text x="141" y="278" text-anchor="middle" font-size="10" font-weight="bold" fill="#1565C0">Azure Bastion</text>
<text x="141" y="292" text-anchor="middle" font-size="9" fill="#555">Secure RDP/SSH</text>
<!-- VPN Gateway -->
<rect x="226" y="260" width="156" height="42" rx="5" fill="#E8EAF6" stroke="#7986CB" stroke-width="1"/>
<text x="304" y="278" text-anchor="middle" font-size="10" font-weight="bold" fill="#3949AB">VPN Gateway</text>
<text x="304" y="292" text-anchor="middle" font-size="9" fill="#555">Backup connectivity</text>
<!-- Private DNS Zones -->
<rect x="66" y="312" width="316" height="56" rx="5" fill="#F3E5F5" stroke="#AB47BC" stroke-width="1"/>
<text x="224" y="330" text-anchor="middle" font-size="10" font-weight="bold" fill="#6A1B9A">Private DNS Zones (Centralized)</text>
<text x="224" y="346" text-anchor="middle" font-size="8.5" fill="#555">privatelink.dfs.core.windows.net · privatelink.blob.core.windows.net</text>
<text x="224" y="360" text-anchor="middle" font-size="8.5" fill="#555">privatelink.vaultcore.azure.net · privatelink.azuredatabricks.net · +6 more</text>
<!-- UDR label -->
<rect x="66" y="378" width="316" height="34" rx="4" fill="#FFF3E0" stroke="#FF9800" stroke-width="0.8"/>
<text x="224" y="394" text-anchor="middle" font-size="9" font-weight="bold" fill="#E65100">UDR: 0.0.0.0/0 → Firewall Private IP</text>
<text x="224" y="406" text-anchor="middle" font-size="8" fill="#666">All spoke egress routes through hub firewall</text>
<!-- Region label -->
<rect x="66" y="422" width="316" height="34" rx="4" fill="#E0F2F1"/>
<text x="224" y="438" text-anchor="middle" font-size="9" font-weight="bold" fill="#00695C">Primary: Canada Central (Toronto)</text>
<text x="224" y="452" text-anchor="middle" font-size="9" fill="#00695C">DR: Canada East (Québec City)</text>
<!-- ═══════════════════════════════════════════════════════════ -->
<!-- SUBSCRIPTION 2: DATA PLATFORM PROD (center-top, large) -->
<!-- ═══════════════════════════════════════════════════════════ -->
<rect x="424" y="126" width="778" height="590" rx="8" fill="#F5F5FF" stroke="#3F51B5" stroke-width="1.8" filter="url(#shL)"/>
<rect x="424" y="126" width="778" height="30" rx="8" fill="#3F51B5"/>
<rect x="424" y="144" width="778" height="12" fill="#3F51B5"/>
<text x="813" y="146" text-anchor="middle" font-size="13" font-weight="bold" fill="white">sub-data-platform-prod (Production Data Platform)</text>
<!-- VNet Data Prod -->
<rect x="438" y="166" width="750" height="540" rx="6" fill="white" stroke="#5C6BC0" stroke-width="1.2" stroke-dasharray="6,3" opacity="0.95"/>
<text x="452" y="184" font-size="11" font-weight="bold" fill="#283593">vnet-data-prod-cc (10.10.0.0/16)</text>
<!-- ── RG: Networking ── -->
<rect x="452" y="194" width="240" height="68" rx="5" fill="#E8EAF6" stroke="#7986CB" stroke-width="0.8" filter="url(#sh)"/>
<text x="462" y="210" font-size="9" font-weight="bold" fill="#283593">rg-networking-prod-cc</text>
<text x="462" y="224" font-size="8.5" fill="#555">Subnets, NSGs, UDRs, PE NICs</text>
<rect x="462" y="230" width="80" height="16" rx="2" fill="#C5CAE9"/><text x="502" y="242" text-anchor="middle" font-size="7.5" fill="#283593">snet-dbx-host</text>
<rect x="548" y="230" width="84" height="16" rx="2" fill="#C5CAE9"/><text x="590" y="242" text-anchor="middle" font-size="7.5" fill="#283593">snet-dbx-cont</text>
<rect x="638" y="230" width="42" height="16" rx="2" fill="#C5CAE9"/><text x="659" y="242" text-anchor="middle" font-size="7.5" fill="#283593">PEs</text>
<!-- ── RG: Storage ── -->
<rect x="452" y="272" width="370" height="142" rx="5" fill="#FFF8E1" stroke="#FFB300" stroke-width="0.8" filter="url(#sh)"/>
<text x="462" y="290" font-size="10" font-weight="bold" fill="#E65100">rg-storage-prod-cc</text>
<!-- Storage accounts -->
<rect x="462" y="298" width="106" height="50" rx="4" fill="white" stroke="#FFB300" stroke-width="0.8"/>
<text x="515" y="314" text-anchor="middle" font-size="8.5" font-weight="bold" fill="#E65100">stadlsbronzeprod</text>
<text x="515" y="328" text-anchor="middle" font-size="8" fill="#555">ADLS Gen2 · Hot</text>
<text x="515" y="340" text-anchor="middle" font-size="7.5" fill="#888">/bronze/{src}/{entity}/</text>
<rect x="574" y="298" width="106" height="50" rx="4" fill="white" stroke="#FFB300" stroke-width="0.8"/>
<text x="627" y="314" text-anchor="middle" font-size="8.5" font-weight="bold" fill="#E65100">stadlssilverprod</text>
<text x="627" y="328" text-anchor="middle" font-size="8" fill="#555">ADLS Gen2 · Hot</text>
<text x="627" y="340" text-anchor="middle" font-size="7.5" fill="#888">/silver/{domain}/{ent}/</text>
<rect x="686" y="298" width="106" height="50" rx="4" fill="white" stroke="#FFB300" stroke-width="0.8"/>
<text x="739" y="314" text-anchor="middle" font-size="8.5" font-weight="bold" fill="#E65100">stadlsgoldprod</text>
<text x="739" y="328" text-anchor="middle" font-size="8" fill="#555">ADLS Gen2 · Hot</text>
<text x="739" y="340" text-anchor="middle" font-size="7.5" fill="#888">/gold/{product}/{ent}/</text>
<rect x="462" y="354" width="106" height="50" rx="4" fill="white" stroke="#FFB300" stroke-width="0.8"/>
<text x="515" y="370" text-anchor="middle" font-size="8.5" font-weight="bold" fill="#E65100">stadlsstagingprod</text>
<text x="515" y="384" text-anchor="middle" font-size="8" fill="#555">ADLS Gen2 · Hot</text>
<text x="515" y="396" text-anchor="middle" font-size="7.5" fill="#888">/staging/ (ephemeral)</text>
<rect x="574" y="354" width="106" height="50" rx="4" fill="white" stroke="#FFB300" stroke-width="0.8"/>
<text x="627" y="370" text-anchor="middle" font-size="8.5" font-weight="bold" fill="#E65100">stadlsarchiveprod</text>
<text x="627" y="384" text-anchor="middle" font-size="8" fill="#555">Cool → Archive</text>
<text x="627" y="396" text-anchor="middle" font-size="7.5" fill="#888">Long-term regulatory</text>
<!-- Storage details -->
<rect x="686" y="354" width="126" height="50" rx="4" fill="#FFF3E0"/>
<text x="749" y="370" text-anchor="middle" font-size="8" font-weight="bold" fill="#E65100">All Accounts:</text>
<text x="749" y="384" text-anchor="middle" font-size="8" fill="#555">HNS enabled · Delta Lake</text>
<text x="749" y="396" text-anchor="middle" font-size="8" fill="#555">PE only · TLS 1.2 · CMK</text>
<!-- ── RG: Databricks ── -->
<rect x="452" y="424" width="370" height="142" rx="5" fill="#E8F5E9" stroke="#43A047" stroke-width="0.8" filter="url(#sh)"/>
<text x="462" y="442" font-size="10" font-weight="bold" fill="#1B5E20">rg-databricks-prod-cc</text>
<rect x="462" y="450" width="112" height="52" rx="4" fill="white" stroke="#66BB6A" stroke-width="0.8"/>
<text x="518" y="466" text-anchor="middle" font-size="9" font-weight="bold" fill="#2E7D32">dbw-data-eng</text>
<text x="518" y="478" text-anchor="middle" font-size="8" fill="#555">DLT · Streaming</text>
<text x="518" y="490" text-anchor="middle" font-size="7.5" fill="#888">DS4_v2 · Photon</text>
<rect x="580" y="450" width="112" height="52" rx="4" fill="white" stroke="#66BB6A" stroke-width="0.8"/>
<text x="636" y="466" text-anchor="middle" font-size="9" font-weight="bold" fill="#2E7D32">dbw-analytics</text>
<text x="636" y="478" text-anchor="middle" font-size="8" fill="#555">SQL · AI/BI · Genie</text>
<text x="636" y="490" text-anchor="middle" font-size="7.5" fill="#888">Serverless 216 DBU</text>
<rect x="698" y="450" width="112" height="52" rx="4" fill="white" stroke="#66BB6A" stroke-width="0.8"/>
<text x="754" y="466" text-anchor="middle" font-size="9" font-weight="bold" fill="#2E7D32">dbw-mlops</text>
<text x="754" y="478" text-anchor="middle" font-size="8" fill="#555">MLflow · Serving</text>
<text x="754" y="490" text-anchor="middle" font-size="7.5" fill="#888">GPU NC6s_v3</text>
<!-- SQL Warehouses -->
<rect x="462" y="510" width="172" height="46" rx="4" fill="white" stroke="#43A047" stroke-width="0.8"/>
<text x="548" y="526" text-anchor="middle" font-size="9" font-weight="bold" fill="#2E7D32">SQL Warehouses (Serverless)</text>
<text x="548" y="540" text-anchor="middle" font-size="8" fill="#555">sqlwh-bi-serving · sqlwh-analytics · sqlwh-etl</text>
<text x="548" y="552" text-anchor="middle" font-size="7.5" fill="#888">snet-sqlwarehouse (10.10.9.0/24)</text>
<!-- Unity Catalog -->
<rect x="642" y="510" width="168" height="46" rx="4" fill="#C8E6C9" stroke="#43A047" stroke-width="0.8"/>
<text x="726" y="526" text-anchor="middle" font-size="9" font-weight="bold" fill="#1B5E20">Unity Catalog Metastore</text>
<text x="726" y="540" text-anchor="middle" font-size="8" fill="#555">RLS · CLS · DDM · Column lineage</text>
<text x="726" y="552" text-anchor="middle" font-size="7.5" fill="#333">External metastore on dedicated ADLS</text>
<!-- ── RG: Ingestion ── -->
<rect x="452" y="576" width="240" height="62" rx="5" fill="#E3F2FD" stroke="#42A5F5" stroke-width="0.8" filter="url(#sh)"/>
<text x="462" y="594" font-size="10" font-weight="bold" fill="#0D47A1">rg-ingestion-prod-cc</text>
<rect x="462" y="602" width="100" height="28" rx="3" fill="white" stroke="#42A5F5" stroke-width="0.6"/>
<text x="512" y="616" text-anchor="middle" font-size="9" font-weight="bold" fill="#1565C0">ADF</text>
<text x="512" y="626" text-anchor="middle" font-size="7.5" fill="#555">adf-data-platform</text>
<rect x="568" y="602" width="114" height="28" rx="3" fill="white" stroke="#42A5F5" stroke-width="0.6"/>
<text x="625" y="616" text-anchor="middle" font-size="9" font-weight="bold" fill="#1565C0">Event Hub</text>
<text x="625" y="626" text-anchor="middle" font-size="7.5" fill="#555">Streaming / CDC</text>
<!-- ── RG: Governance ── -->
<rect x="832" y="194" width="330" height="130" rx="5" fill="#F3E5F5" stroke="#AB47BC" stroke-width="0.8" filter="url(#sh)"/>
<text x="842" y="212" font-size="10" font-weight="bold" fill="#6A1B9A">rg-governance-prod-cc</text>
<rect x="842" y="222" width="150" height="50" rx="4" fill="white" stroke="#CE93D8" stroke-width="0.8"/>
<text x="917" y="240" text-anchor="middle" font-size="10" font-weight="bold" fill="#6A1B9A">Microsoft Purview</text>
<text x="917" y="254" text-anchor="middle" font-size="8" fill="#555">pv-data-governance-prod</text>
<text x="917" y="266" text-anchor="middle" font-size="7.5" fill="#888">Glossary · Classification · DQ · DLP</text>
<rect x="1000" y="222" width="150" height="50" rx="4" fill="white" stroke="#CE93D8" stroke-width="0.8"/>
<text x="1075" y="240" text-anchor="middle" font-size="10" font-weight="bold" fill="#6A1B9A">Purview PEs</text>
<text x="1075" y="254" text-anchor="middle" font-size="8" fill="#555">pe-pv-account</text>
<text x="1075" y="266" text-anchor="middle" font-size="8" fill="#555">pe-pv-portal</text>
<!-- Purview scan targets -->
<rect x="842" y="280" width="308" height="34" rx="3" fill="#F3E5F5"/>
<text x="996" y="296" text-anchor="middle" font-size="8.5" fill="#6A1B9A">Auto-classification scans → ADLS accounts → sensitivity labels → UC tags</text>
<text x="996" y="308" text-anchor="middle" font-size="8" fill="#888">DQ sampling assessment on staging zone (pre-Bronze Tier 1)</text>
<!-- ── RG: Key Vault ── -->
<rect x="832" y="336" width="330" height="78" rx="5" fill="#FFEBEE" stroke="#EF5350" stroke-width="0.8" filter="url(#sh)"/>
<text x="842" y="354" font-size="10" font-weight="bold" fill="#C62828">rg-keyvault-prod-cc</text>
<rect x="842" y="364" width="150" height="42" rx="4" fill="white" stroke="#EF9A9A" stroke-width="0.8"/>
<text x="917" y="380" text-anchor="middle" font-size="9" font-weight="bold" fill="#C62828">kv-data-platform</text>
<text x="917" y="394" text-anchor="middle" font-size="8" fill="#555">Secrets · API keys · SAS license</text>
<rect x="1000" y="364" width="150" height="42" rx="4" fill="white" stroke="#EF9A9A" stroke-width="0.8"/>
<text x="1075" y="380" text-anchor="middle" font-size="9" font-weight="bold" fill="#C62828">kv-data-encryption</text>
<text x="1075" y="394" text-anchor="middle" font-size="8" fill="#555">CMK: ADLS + Databricks</text>
<!-- ── RG: Monitoring ── -->
<rect x="832" y="424" width="330" height="78" rx="5" fill="#FFF8E1" stroke="#FFA000" stroke-width="0.8" filter="url(#sh)"/>
<text x="842" y="442" font-size="10" font-weight="bold" fill="#E65100">rg-monitoring-prod-cc</text>
<rect x="842" y="452" width="150" height="42" rx="4" fill="white" stroke="#FFB74D" stroke-width="0.8"/>
<text x="917" y="468" text-anchor="middle" font-size="9" font-weight="bold" fill="#E65100">Log Analytics</text>
<text x="917" y="482" text-anchor="middle" font-size="8" fill="#555">law-data-platform-prod</text>
<rect x="1000" y="452" width="150" height="42" rx="4" fill="white" stroke="#FFB74D" stroke-width="0.8"/>
<text x="1075" y="468" text-anchor="middle" font-size="9" font-weight="bold" fill="#E65100">Azure Monitor</text>
<text x="1075" y="482" text-anchor="middle" font-size="8" fill="#555">Alerts · Action groups</text>
<!-- ── Private Endpoints summary ── -->
<rect x="832" y="512" width="330" height="68" rx="5" fill="#E3F2FD" stroke="#1565C0" stroke-width="0.8" filter="url(#sh)"/>
<text x="842" y="530" font-size="9" font-weight="bold" fill="#0D47A1">snet-private-endpoints (10.10.8.0/24) — ~25-30 PEs</text>
<text x="842" y="546" font-size="8.5" fill="#555">pe-stadlsbronzeprod-dfs · pe-stadlssilverprod-dfs · pe-stadlsgoldprod-dfs</text>
<text x="842" y="560" font-size="8.5" fill="#555">pe-kv-platform · pe-kv-encryption · pe-pv-account · pe-dbw-* · pe-adf-*</text>
<text x="842" y="574" font-size="8" fill="#C62828">Public access DISABLED on ALL services · NSG default DENY ALL</text>
<!-- Subnet summary -->
<rect x="700" y="582" width="462" height="38" rx="4" fill="#E8EAF6"/>
<text x="710" y="598" font-size="8.5" font-weight="bold" fill="#283593">Subnets:</text>
<text x="770" y="598" font-size="8.5" fill="#555">snet-dbx-host (10.10.0.0/22) · snet-dbx-container (10.10.4.0/22) · snet-private-endpoints (/24)</text>
<text x="710" y="612" font-size="8.5" fill="#555">snet-sqlwarehouse (/24) · snet-adf (/24) · snet-services (/24) — Databricks VNet injection requires /22</text>
<!-- ═══════════════════════════════════════════════════════════ -->
<!-- SUBSCRIPTION 3: NON-PROD (bottom-left) -->
<!-- ═══════════════════════════════════════════════════════════ -->
<rect x="40" y="498" width="370" height="230" rx="8" fill="#FAFAFA" stroke="#78909C" stroke-width="1.2" filter="url(#shL)"/>
<rect x="40" y="498" width="370" height="28" rx="8" fill="#78909C"/>
<rect x="40" y="514" width="370" height="12" fill="#78909C"/>
<text x="225" y="516" text-anchor="middle" font-size="12" font-weight="bold" fill="white">sub-data-platform-nonprod</text>
<rect x="54" y="536" width="342" height="180" rx="5" fill="white" stroke="#B0BEC5" stroke-width="1" stroke-dasharray="5,3"/>
<text x="66" y="554" font-size="10" font-weight="bold" fill="#546E7A">vnet-data-nonprod-cc</text>
<!-- Non-prod workspaces -->
<rect x="66" y="564" width="150" height="42" rx="4" fill="#E8F5E9" stroke="#A5D6A7" stroke-width="0.8"/>
<text x="141" y="580" text-anchor="middle" font-size="9" font-weight="bold" fill="#2E7D32">dbw-data-eng-dev</text>
<text x="141" y="594" text-anchor="middle" font-size="8" fill="#555">Max 4 workers · DS3_v2</text>
<rect x="224" y="564" width="150" height="42" rx="4" fill="#E8F5E9" stroke="#A5D6A7" stroke-width="0.8"/>
<text x="299" y="580" text-anchor="middle" font-size="9" font-weight="bold" fill="#2E7D32">dbw-sandbox</text>
<text x="299" y="594" text-anchor="middle" font-size="8" fill="#555">Read-only · Budget cap</text>
<!-- Non-prod storage + KV -->
<rect x="66" y="614" width="150" height="36" rx="4" fill="#FFF8E1" stroke="#FFB300" stroke-width="0.8"/>
<text x="141" y="630" text-anchor="middle" font-size="9" font-weight="bold" fill="#E65100">ADLS Gen2 (dev/stg)</text>
<text x="141" y="644" text-anchor="middle" font-size="8" fill="#555">Isolated storage accounts</text>
<rect x="224" y="614" width="150" height="36" rx="4" fill="#FFEBEE" stroke="#EF9A9A" stroke-width="0.8"/>
<text x="299" y="630" text-anchor="middle" font-size="9" font-weight="bold" fill="#C62828">kv-data-platform-nonprod</text>
<text x="299" y="644" text-anchor="middle" font-size="8" fill="#555">Non-prod secrets</text>
<rect x="66" y="658" width="308" height="26" rx="3" fill="#ECEFF1"/>
<text x="220" y="676" text-anchor="middle" font-size="8.5" fill="#546E7A">Dev UC metastore · Masked data · No prod write access · Auto-terminate 15 min</text>
<!-- ═══════════════════════════════════════════════════════════ -->
<!-- SUBSCRIPTION 4: SAS VIYA (bottom-center) -->
<!-- ═══════════════════════════════════════════════════════════ -->
<rect x="424" y="730" width="380" height="242" rx="8" fill="#FFF3E0" stroke="#E65100" stroke-width="1.5" filter="url(#shL)"/>
<rect x="424" y="730" width="380" height="28" rx="8" fill="url(#gOrange)"/>
<rect x="424" y="746" width="380" height="12" fill="url(#gOrange)"/>
<text x="614" y="748" text-anchor="middle" font-size="12" font-weight="bold" fill="white">sub-data-sas</text>
<rect x="438" y="770" width="352" height="190" rx="5" fill="white" stroke="#FF8A65" stroke-width="1" stroke-dasharray="5,3"/>
<text x="450" y="788" font-size="10" font-weight="bold" fill="#BF360C">vnet-sas-prod-cc</text>
<text x="680" y="788" font-size="9" fill="#888">Peered to hub</text>
<!-- AKS Cluster -->
<rect x="450" y="798" width="330" height="152" rx="5" fill="#FFF8E1" stroke="#FF9800" stroke-width="0.8"/>
<text x="615" y="816" text-anchor="middle" font-size="11" font-weight="bold" fill="#E65100">AKS: aks-sas-viya-prod</text>
<text x="615" y="832" text-anchor="middle" font-size="9" fill="#555">Private cluster · Azure CNI · Entra ID RBAC · Auto-scaling (26 nodes)</text>
<!-- AKS Node pools -->
<rect x="460" y="842" width="148" height="44" rx="4" fill="white" stroke="#FFB74D" stroke-width="0.8"/>
<text x="534" y="858" text-anchor="middle" font-size="9" font-weight="bold" fill="#E65100">Compute Server Pods</text>
<text x="534" y="870" text-anchor="middle" font-size="8" fill="#555">E16s_v5 (16 vCPU, 128 GB)</text>
<text x="534" y="882" text-anchor="middle" font-size="8" fill="#555">24 pods · Actuarial batch</text>
<rect x="614" y="842" width="158" height="44" rx="4" fill="white" stroke="#FFB74D" stroke-width="0.8"/>
<text x="693" y="858" text-anchor="middle" font-size="9" font-weight="bold" fill="#E65100">Programming Runtime</text>
<text x="693" y="870" text-anchor="middle" font-size="8" fill="#555">E32s_v5 (32 vCPU, 256 GB)</text>
<text x="693" y="882" text-anchor="middle" font-size="8" fill="#555">12 pods · IFRS 17, IBNR</text>
<rect x="460" y="894" width="148" height="36" rx="4" fill="white" stroke="#FFB74D" stroke-width="0.8"/>
<text x="534" y="910" text-anchor="middle" font-size="9" font-weight="bold" fill="#E65100">License + Model Mgr</text>
<text x="534" y="924" text-anchor="middle" font-size="8" fill="#555">D4s_v5 + D8s_v5 (HA)</text>
<rect x="614" y="894" width="158" height="36" rx="4" fill="white" stroke="#FFB74D" stroke-width="0.8"/>
<text x="693" y="910" text-anchor="middle" font-size="9" font-weight="bold" fill="#E65100">System Node Pool</text>
<text x="693" y="924" text-anchor="middle" font-size="8" fill="#555">D4s_v5 × 3 (across AZs)</text>
<text x="615" y="950" text-anchor="middle" font-size="8.5" fill="#BF360C">JDBC LIBNAME → Databricks SQL Warehouses (enforces UC RLS/CLS/DDM)</text>
<!-- ═══════════════════════════════════════════════════════════ -->
<!-- SUBSCRIPTION 5: FABRIC (bottom-right-top) -->
<!-- ═══════════════════════════════════════════════════════════ -->
<rect x="822" y="730" width="382" height="242" rx="8" fill="#F3E5F5" stroke="#7B1FA2" stroke-width="1.5" filter="url(#shL)"/>
<rect x="822" y="730" width="382" height="28" rx="8" fill="url(#gPurple)"/>
<rect x="822" y="746" width="382" height="12" fill="url(#gPurple)"/>
<text x="1013" y="748" text-anchor="middle" font-size="12" font-weight="bold" fill="white">sub-data-fabric</text>
<!-- Fabric is PaaS, no VNet -->
<rect x="836" y="770" width="354" height="190" rx="5" fill="white" stroke="#CE93D8" stroke-width="1"/>
<text x="846" y="788" font-size="10" font-weight="bold" fill="#6A1B9A">Microsoft Fabric (Managed PaaS — No VNet required)</text>
<!-- F64 -->
<rect x="846" y="798" width="160" height="60" rx="5" fill="#EDE7F6" stroke="#AB47BC" stroke-width="0.8"/>
<text x="926" y="816" text-anchor="middle" font-size="11" font-weight="bold" fill="#6A1B9A">F64 (Production)</text>
<text x="926" y="832" text-anchor="middle" font-size="9" fill="#555">64 CU · Direct Lake</text>
<text x="926" y="846" text-anchor="middle" font-size="9" fill="#555">55,000 users · Power BI</text>
<text x="926" y="856" text-anchor="middle" font-size="7.5" fill="#888">~$89K USD/mo</text>
<!-- F32 -->
<rect x="1016" y="798" width="160" height="60" rx="5" fill="#EDE7F6" stroke="#AB47BC" stroke-width="0.8"/>
<text x="1096" y="816" text-anchor="middle" font-size="11" font-weight="bold" fill="#6A1B9A">F32 (Non-Prod)</text>
<text x="1096" y="832" text-anchor="middle" font-size="9" fill="#555">32 CU · Dev/test</text>
<text x="1096" y="846" text-anchor="middle" font-size="9" fill="#555">BI workloads only</text>
<!-- F16 -->
<rect x="846" y="868" width="160" height="46" rx="5" fill="#EDE7F6" stroke="#AB47BC" stroke-width="0.8" stroke-dasharray="5,3"/>
<text x="926" y="886" text-anchor="middle" font-size="10" font-weight="bold" fill="#6A1B9A">F16 (IQ POC H2)</text>
<text x="926" y="900" text-anchor="middle" font-size="8.5" fill="#555">Ontology POC · Customer 360</text>
<text x="926" y="912" text-anchor="middle" font-size="7.5" fill="#888">Time-limited · ARB approval</text>
<!-- OneLake shortcuts -->
<rect x="1016" y="868" width="160" height="46" rx="4" fill="#F3E5F5"/>
<text x="1096" y="886" text-anchor="middle" font-size="9" font-weight="bold" fill="#7B1FA2">OneLake Shortcuts</text>
<text x="1096" y="900" text-anchor="middle" font-size="8.5" fill="#555">Zero-copy → Gold Delta</text>
<text x="1096" y="912" text-anchor="middle" font-size="8" fill="#555">Direct Lake mode</text>
<!-- Anti-pattern warning -->
<rect x="846" y="924" width="330" height="28" rx="3" fill="#FFCDD2"/>
<text x="1011" y="940" text-anchor="middle" font-size="8.5" font-weight="bold" fill="#C62828">⚠ BI SERVING ONLY — Fabric ETL / Warehouse / Spark PROHIBITED (AD-03)</text>
<text x="1011" y="952" text-anchor="middle" font-size="7.5" fill="#C62828">Capacity growth for non-BI triggers Architecture Review Board</text>
<!-- ═══════════════════════════════════════════════════════════ -->
<!-- SUBSCRIPTION 6: MANAGEMENT (far right) -->
<!-- ═══════════════════════════════════════════════════════════ -->
<rect x="1220" y="126" width="540" height="590" rx="8" fill="#ECEFF1" stroke="#546E7A" stroke-width="1.5" filter="url(#shL)"/>
<rect x="1220" y="126" width="540" height="28" rx="8" fill="url(#gDark)"/>
<rect x="1220" y="142" width="540" height="12" fill="url(#gDark)"/>
<text x="1490" y="144" text-anchor="middle" font-size="12" font-weight="bold" fill="white">sub-data-management</text>
<rect x="1234" y="166" width="512" height="538" rx="5" fill="white" stroke="#90A4AE" stroke-width="1" stroke-dasharray="5,3"/>
<text x="1246" y="184" font-size="10" font-weight="bold" fill="#37474F">vnet-mgmt-cc</text>
<!-- DevOps -->
<rect x="1246" y="196" width="240" height="90" rx="5" fill="#E3F2FD" stroke="#42A5F5" stroke-width="0.8" filter="url(#sh)"/>
<text x="1256" y="214" font-size="10" font-weight="bold" fill="#0D47A1">Azure DevOps</text>
<rect x="1256" y="222" width="220" height="56" rx="4" fill="white" stroke="#90CAF9" stroke-width="0.6"/>
<text x="1366" y="240" text-anchor="middle" font-size="9" font-weight="bold" fill="#1565C0">Self-hosted Agents</text>
<text x="1366" y="254" text-anchor="middle" font-size="8.5" fill="#555">In vnet-mgmt-cc (PE access)</text>
<text x="1366" y="268" text-anchor="middle" font-size="8.5" fill="#555">4-stage CI/CD pipeline</text>
<!-- Terraform -->
<rect x="1496" y="196" width="240" height="90" rx="5" fill="#E8F5E9" stroke="#66BB6A" stroke-width="0.8" filter="url(#sh)"/>
<text x="1506" y="214" font-size="10" font-weight="bold" fill="#1B5E20">Infrastructure as Code</text>
<rect x="1506" y="222" width="220" height="56" rx="4" fill="white" stroke="#A5D6A7" stroke-width="0.6"/>
<text x="1616" y="240" text-anchor="middle" font-size="9" font-weight="bold" fill="#2E7D32">Terraform</text>
<text x="1616" y="254" text-anchor="middle" font-size="8.5" fill="#555">9 modules (networking, databricks,</text>
<text x="1616" y="268" text-anchor="middle" font-size="8.5" fill="#555">storage, governance, KV, SAS, ...)</text>
<!-- Terraform State -->
<rect x="1246" y="296" width="490" height="38" rx="4" fill="#FFF8E1" stroke="#FFB300" stroke-width="0.8"/>
<text x="1491" y="314" text-anchor="middle" font-size="9" font-weight="bold" fill="#E65100">Terraform Remote State: Azure Storage (blob lease locking · versioning · CMK · CI/CD SP only)</text>
<text x="1491" y="328" text-anchor="middle" font-size="8.5" fill="#555">Separate state files per module/environment · Gitflow branching · PR-gated deployments</text>
<!-- Manta -->
<rect x="1246" y="346" width="240" height="70" rx="5" fill="#E0F7FA" stroke="#00ACC1" stroke-width="0.8" filter="url(#sh)"/>
<text x="1256" y="364" font-size="10" font-weight="bold" fill="#006064">Manta (IBM) — Tier 3 Lineage</text>
<rect x="1256" y="372" width="220" height="36" rx="4" fill="white" stroke="#80DEEA" stroke-width="0.6"/>
<text x="1366" y="388" text-anchor="middle" font-size="9" fill="#555">Cross-platform code-level lineage</text>
<text x="1366" y="402" text-anchor="middle" font-size="8" fill="#555">SAS + Databricks + ADF + Fabric</text>
<!-- Sentinel -->
<rect x="1496" y="346" width="240" height="70" rx="5" fill="#FFEBEE" stroke="#EF5350" stroke-width="0.8" filter="url(#sh)"/>
<text x="1506" y="364" font-size="10" font-weight="bold" fill="#C62828">Microsoft Sentinel (SIEM)</text>
<rect x="1506" y="372" width="220" height="36" rx="4" fill="white" stroke="#EF9A9A" stroke-width="0.6"/>
<text x="1616" y="388" text-anchor="middle" font-size="9" fill="#555">Security events · DLP alerts</text>
<text x="1616" y="402" text-anchor="middle" font-size="8" fill="#555">Anomaly detection · Auto-block</text>
<!-- Dashboards -->
<rect x="1246" y="428" width="490" height="56" rx="5" fill="#F5F5F5" stroke="#BDBDBD" stroke-width="0.8"/>
<text x="1256" y="446" font-size="9" font-weight="bold" fill="#424242">Operational Dashboards</text>
<rect x="1256" y="454" width="112" height="22" rx="3" fill="#E3F2FD"/><text x="1312" y="469" text-anchor="middle" font-size="8" fill="#1565C0">Platform Health</text>
<rect x="1374" y="454" width="112" height="22" rx="3" fill="#E8F5E9"/><text x="1430" y="469" text-anchor="middle" font-size="8" fill="#2E7D32">DQ Governance</text>
<rect x="1492" y="454" width="82" height="22" rx="3" fill="#FFF8E1"/><text x="1533" y="469" text-anchor="middle" font-size="8" fill="#E65100">FinOps</text>
<rect x="1580" y="454" width="148" height="22" rx="3" fill="#FFEBEE"/><text x="1654" y="469" text-anchor="middle" font-size="8" fill="#C62828">Security &amp; Compliance</text>
<!-- Budget / FinOps -->
<rect x="1246" y="496" width="490" height="84" rx="5" fill="#FFF8E1" stroke="#FFA000" stroke-width="0.8" filter="url(#sh)"/>
<text x="1256" y="514" font-size="10" font-weight="bold" fill="#E65100">FinOps &amp; Cost Management</text>
<rect x="1256" y="524" width="156" height="48" rx="4" fill="white" stroke="#FFB74D" stroke-width="0.6"/>
<text x="1334" y="540" text-anchor="middle" font-size="8.5" font-weight="bold" fill="#E65100">Mandatory Tags</text>
<text x="1334" y="554" text-anchor="middle" font-size="8" fill="#555">Environment · CostCenter</text>
<text x="1334" y="566" text-anchor="middle" font-size="8" fill="#555">Platform · Owner · Domain</text>
<rect x="1420" y="524" width="156" height="48" rx="4" fill="white" stroke="#FFB74D" stroke-width="0.6"/>
<text x="1498" y="540" text-anchor="middle" font-size="8.5" font-weight="bold" fill="#E65100">Budget Alerts</text>
<text x="1498" y="554" text-anchor="middle" font-size="8" fill="#555">50% / 75% / 90% / 100%</text>
<text x="1498" y="566" text-anchor="middle" font-size="8" fill="#555">&gt;100% → CDO + FinOps</text>
<rect x="1584" y="524" width="144" height="48" rx="4" fill="white" stroke="#FFB74D" stroke-width="0.6"/>
<text x="1656" y="540" text-anchor="middle" font-size="8.5" font-weight="bold" fill="#E65100">Reserved Capacity</text>
<text x="1656" y="554" text-anchor="middle" font-size="8" fill="#555">DBCU 1yr (2035%)</text>
<text x="1656" y="566" text-anchor="middle" font-size="8" fill="#555">Savings Plan (1525%)</text>
<!-- Alerting -->
<rect x="1246" y="592" width="490" height="46" rx="5" fill="#FFEBEE" stroke="#EF5350" stroke-width="0.6"/>
<text x="1256" y="610" font-size="9" font-weight="bold" fill="#C62828">Alerting Strategy</text>
<text x="1256" y="624" font-size="8.5" fill="#555">Pipeline failure (Sev 1/2) · DQ SLA breach (Sev 1) · Security anomaly (Sev 1) · Cluster over-provision (Sev 3)</text>
<text x="1256" y="636" font-size="8.5" fill="#555">Fabric saturation (Sev 2) · Storage anomaly (Sev 3) → On-call page · Auto-retry · SOC · FinOps escalation</text>
<!-- DR info -->
<rect x="1246" y="648" width="490" height="46" rx="5" fill="#E0F2F1" stroke="#26A69A" stroke-width="0.6"/>
<text x="1256" y="666" font-size="9" font-weight="bold" fill="#00695C">Disaster Recovery → Canada East</text>
<text x="1256" y="680" font-size="8.5" fill="#555">Tier 1 Critical (RPO≤1h, RTO≤4h): Gold + regulatory + ML serving · GRS/RA-GRS · IaC redeploy &lt;2h</text>
<text x="1256" y="694" font-size="8.5" fill="#555">Tier 2 (RPO≤4h, RTO≤8h): Silver + SAS · Tier 3 (RPO/RTO≤24h): Bronze + dev/sandbox · DR test: annual full sim</text>
<!-- ═══════════════════════════════════════════════════════════ -->
<!-- HUB-SPOKE PEERING CONNECTIONS -->
<!-- ═══════════════════════════════════════════════════════════ -->
<!-- Hub → Prod Data (peering) -->
<line x1="410" y1="260" x2="438" y2="260" stroke="#00897B" stroke-width="2.5" marker-end="url(#ar)"/>
<line x1="438" y1="260" x2="410" y2="260" stroke="#00897B" stroke-width="2.5"/>
<text x="424" y="254" text-anchor="middle" font-size="7" fill="#00695C">Peer</text>
<!-- Hub → Non-Prod (peering) -->
<line x1="225" y1="486" x2="225" y2="496" stroke="#00897B" stroke-width="2" stroke-dasharray="4,3"/>
<text x="248" y="494" font-size="7" fill="#00695C">Peer</text>
<!-- Hub → SAS (peering through hub) -->
<path d="M 225 470 L 225 486" stroke="#00897B" stroke-width="1.5"/>
<text x="96" y="494" font-size="7" fill="#00695C">All spokes peer to hub</text>
<!-- SAS → Databricks SQL WH (JDBC) -->
<path d="M 614 730 L 614 716 Q 614 706 604 706 L 548 706 Q 538 706 538 686 L 538 640" stroke="#E65100" stroke-width="1.5" stroke-dasharray="5,3" marker-end="url(#ar)"/>
<text x="550" y="700" font-size="7.5" fill="#E65100" font-weight="bold">JDBC via hub</text>
<!-- Fabric → Gold (OneLake shortcut) -->
<path d="M 900 730 L 900 718 Q 900 706 880 706 L 760 706 Q 750 706 750 696 L 750 640" stroke="#7B1FA2" stroke-width="1.5" stroke-dasharray="5,3"/>
<text x="830" y="718" font-size="7.5" fill="#7B1FA2" font-weight="bold">OneLake shortcuts</text>
<!-- ═══════════════════════════════════════════════════════════ -->
<!-- IDENTITY LAYER (bottom bar) -->
<!-- ═══════════════════════════════════════════════════════════ -->
<rect x="40" y="988" width="1720" height="80" rx="6" fill="url(#gBlue)" filter="url(#sh)"/>
<text x="900" y="1010" text-anchor="middle" font-size="14" font-weight="bold" fill="white">Identity &amp; Access Management — Azure Entra ID</text>
<rect x="60" y="1018" width="200" height="38" rx="4" fill="white" opacity="0.92"/>
<text x="160" y="1034" text-anchor="middle" font-size="9" font-weight="bold" fill="#0D47A1">Entra ID SSO + MFA</text>
<text x="160" y="1048" text-anchor="middle" font-size="8" fill="#555">Conditional Access · Compliant device</text>
<rect x="274" y="1018" width="200" height="38" rx="4" fill="white" opacity="0.92"/>
<text x="374" y="1034" text-anchor="middle" font-size="9" font-weight="bold" fill="#0D47A1">RBAC Security Groups</text>
<text x="374" y="1048" text-anchor="middle" font-size="8" fill="#555">sg-data-engineers · sg-scientists · +5</text>
<rect x="488" y="1018" width="200" height="38" rx="4" fill="white" opacity="0.92"/>
<text x="588" y="1034" text-anchor="middle" font-size="9" font-weight="bold" fill="#0D47A1">Managed Identities</text>
<text x="588" y="1048" text-anchor="middle" font-size="8" fill="#555">Databricks MI · ADF MI · Purview MI</text>
<rect x="702" y="1018" width="240" height="38" rx="4" fill="white" opacity="0.92"/>
<text x="822" y="1034" text-anchor="middle" font-size="9" font-weight="bold" fill="#0D47A1">Service Principals</text>
<text x="822" y="1048" text-anchor="middle" font-size="8" fill="#555">sp-sas-compute · sp-manta · sp-terraform</text>
<rect x="956" y="1018" width="280" height="38" rx="4" fill="white" opacity="0.92"/>
<text x="1096" y="1034" text-anchor="middle" font-size="9" font-weight="bold" fill="#0D47A1">SCIM Provisioning</text>
<text x="1096" y="1048" text-anchor="middle" font-size="8" fill="#555">Entra groups → Databricks UC · Fabric · Purview collection roles</text>
<rect x="1250" y="1018" width="250" height="38" rx="4" fill="#FFCDD2" opacity="0.92"/>
<text x="1375" y="1034" text-anchor="middle" font-size="9" font-weight="bold" fill="#C62828">SAS SP: ADLS restricted to non-sensitive</text>
<text x="1375" y="1048" text-anchor="middle" font-size="8" fill="#C62828">Sensitive data MUST route via JDBC → UC</text>
<rect x="1514" y="1018" width="230" height="38" rx="4" fill="white" opacity="0.92"/>
<text x="1629" y="1034" text-anchor="middle" font-size="9" font-weight="bold" fill="#0D47A1">No shared secrets</text>
<text x="1629" y="1048" text-anchor="middle" font-size="8" fill="#555">OAuth M2M · PATs disabled prod</text>
<!-- ═══════════════════════════════════════════════════════════ -->
<!-- GOVERNANCE LAYER (bottom) -->
<!-- ═══════════════════════════════════════════════════════════ -->
<rect x="40" y="1080" width="1720" height="52" rx="6" fill="url(#gTeal)" filter="url(#sh)"/>
<text x="900" y="1102" text-anchor="middle" font-size="14" font-weight="bold" fill="white">Three-Tier Governance Catalog (AD-05)</text>
<rect x="60" y="1110" width="460" height="18" rx="3" fill="white" opacity="0.9"/>
<text x="290" y="1123" text-anchor="middle" font-size="9" fill="#00706E">Tier 1 · Purview (Enterprise): Glossary · Classification · Policies · DLP · DQ sampling</text>
<rect x="536" y="1110" width="460" height="18" rx="3" fill="white" opacity="0.9"/>
<text x="766" y="1123" text-anchor="middle" font-size="9" fill="#00706E">Tier 2 · Unity Catalog (Enforcement): RLS · CLS · DDM · Column lineage · Data contracts</text>
<rect x="1012" y="1110" width="460" height="18" rx="3" fill="white" opacity="0.9"/>
<text x="1242" y="1123" text-anchor="middle" font-size="9" fill="#00706E">Tier 3 · Manta (Lineage): Cross-platform code-level lineage (SAS + Databricks + ADF + Fabric)</text>
<!-- ═══════════════════════════════════════════════════════════ -->
<!-- LEGEND -->
<!-- ═══════════════════════════════════════════════════════════ -->
<rect x="40" y="1146" width="1720" height="160" rx="6" fill="white" stroke="#DDD" stroke-width="1"/>
<text x="60" y="1170" font-size="13" font-weight="bold" fill="#333">Legend &amp; Naming Convention</text>
<!-- Subscription colors -->
<rect x="60" y="1182" width="16" height="14" rx="2" fill="#E0F2F1" stroke="#00897B" stroke-width="0.8"/><text x="84" y="1193" font-size="10" fill="#555">Connectivity Hub</text>
<rect x="210" y="1182" width="16" height="14" rx="2" fill="#F5F5FF" stroke="#3F51B5" stroke-width="0.8"/><text x="234" y="1193" font-size="10" fill="#555">Prod Data Platform</text>
<rect x="390" y="1182" width="16" height="14" rx="2" fill="#FAFAFA" stroke="#78909C" stroke-width="0.8"/><text x="414" y="1193" font-size="10" fill="#555">Non-Prod</text>
<rect x="510" y="1182" width="16" height="14" rx="2" fill="#FFF3E0" stroke="#E65100" stroke-width="0.8"/><text x="534" y="1193" font-size="10" fill="#555">SAS Viya</text>
<rect x="622" y="1182" width="16" height="14" rx="2" fill="#F3E5F5" stroke="#7B1FA2" stroke-width="0.8"/><text x="646" y="1193" font-size="10" fill="#555">Fabric</text>
<rect x="710" y="1182" width="16" height="14" rx="2" fill="#ECEFF1" stroke="#546E7A" stroke-width="0.8"/><text x="734" y="1193" font-size="10" fill="#555">Management</text>
<line x1="840" y1="1189" x2="878" y2="1189" stroke="#546E7A" stroke-width="2" marker-end="url(#ar)"/><text x="886" y="1193" font-size="10" fill="#555">VNet peering / data flow</text>
<line x1="1040" y1="1189" x2="1078" y2="1189" stroke="#546E7A" stroke-width="1.5" stroke-dasharray="5,3"/><text x="1086" y="1193" font-size="10" fill="#555">JDBC / indirect path</text>
<rect x="1240" y="1182" width="16" height="14" rx="2" fill="none" stroke="#5C6BC0" stroke-width="1" stroke-dasharray="4,2"/><text x="1264" y="1193" font-size="10" fill="#555">VNet boundary</text>
<!-- Naming convention -->
<text x="60" y="1218" font-size="10" font-weight="bold" fill="#333">Naming:</text>
<text x="116" y="1218" font-size="9.5" fill="#555">{type}-{workload}-{environment}-{region} | Region: cc = Canada Central, ce = Canada East</text>
<text x="60" y="1238" font-size="9.5" fill="#777">Examples: rg-databricks-prod-cc · vnet-data-prod-cc · stadlsgoldprod · kv-data-platform-prod · dbw-data-eng-prod · sqlwh-bi-serving</text>
<text x="60" y="1256" font-size="9.5" fill="#777">aks-sas-viya-prod · pe-stadlsgoldprod-dfs · id-databricks-prod · sp-sas-compute-prod · pv-data-governance-prod · fc-bi-serving-prod · afw-hub-canadacentral</text>
<!-- Architecture decision references -->
<text x="60" y="1280" font-size="9" font-weight="bold" fill="#283593">Architecture Decisions:</text>
<text x="260" y="1280" font-size="8.5" fill="#555">AD-01 Delta Lake · AD-02 Databricks primary · AD-03 Fabric BI only · AD-04 SAS Compute Server · AD-05 Three-tier catalog · AD-06 Retire IKC · AD-07 ADLS shared · AD-08 Three-tier DQ · AD-09 Fabric IQ (H23)</text>
<text x="60" y="1298" font-size="9" font-weight="bold" fill="#283593">Compliance:</text>
<text x="155" y="1298" font-size="8.5" fill="#555">AMF · OSFI B-13 · Law 25 (Québec) · PIPEDA · DAMA-DMBOK · EDM-DCAM (target Level 3 H2, Level 4+ H3) · Data residency: Canadian regions only</text>
</svg>
Reference in New Issue View Git Blame Copy Permalink