System Description

Background

The proposed solution and product vision

Technical Approach

Boundary Description

Users access the TTA Smart Hub application via cloud.gov provided load balancers and routers, ensuring that traffic is encrypted and routed to the appropriate application.

Head Start Enterprise System (HSES) serves two purposes for TTAHUB.

Users are redirected to the HSES login page to authenticate if they are not already logged into TTAHUB. TTAHUB then calls HSES directly to validate the token the user presents to TTAHUB.
TTAHUB retrieves grantee data from HSES for display in TTAHUB. This grantee data is cached in the TTAHUB database as well as remaining in HSES.

When a user uploads a file (such as for supporting documents with an Activity Report) that file is stored in S3, and passed to an internal File Scanning API that runs the ClamAV virus scanner. The file scanning API endpoint is not exposed to the internet.

System relational data is stored in PostgreSQL, provided by a managed cloud.gov service.

File data is stored in Amazon S3, provided by a managed cloud.gov service.

New Relic is a FedRAMP approved Software as a Service platform we use to provide error and application performance monitoring. New Relic does not initiate connections into our infrastructure, instead relying on data pushed from inside the application to New Relic.

The Continuous Integration/Continuous Deployment (CI/CD) pipeline controls how new software is tested and deployed to the environment. The entire process is automated to reduce errors, but gated by manual approvals via GitHub Pull Requests and Protected Branches. These controls ensure that only approved software is deployed.