WDC Office — Overview¶
Classification: CONFIDENTIAL — Internal Use Only Document:
architecture/wdc/index.md· v1.0 · 2026-05-12 · GPUS-IT
The WDC office runs the first on-prem cluster in the Greenpeace USA estate, complementing the GCP-hosted bird-named server fleet. The cluster uses an elemental naming theme; tenant VMs use nature names.
| Layer | Name | Role | Status |
|---|---|---|---|
| Hypervisor | water.wdc.us.gl3 |
First ESXi host | Building (May 2026) |
| Hypervisor | fire.wdc.us.gl3 |
Second ESXi host | Planned |
| Hypervisor | flower.wdc.us.gl3 |
Third ESXi host | Planned |
| VM on Water | ocean.wdc.us.gl3 |
KACE SMA appliance | Building (May 2026) |
| VM on Fire | sky.wdc.us.gl3 |
Planned | Planned |
| VM on Fire | rain.wdc.us.gl3 |
Planned | Planned |
| VM on Fire | wind.wdc.us.gl3 |
Planned | Planned |
| VM on Fire | sun.wdc.us.gl3 |
Planned | Planned |
Navigate¶
- APC UPS Inventory
- Hypervisor Rebuild Runbook — Water
- Snapshot & Backup Schedule
- Disaster Recovery — WDC On-Prem
- Incident Response — WDC On-Prem
Security Posture Summary¶
| Control area | Standard | Status |
|---|---|---|
| Hardening | VMware Security Configuration Guide, CIS L1 | Enforced via gpus-esxi-hardening (Ansible) |
| Logging | Syslog → Wazuh + Splunk | Required during onboarding |
| Backup | 3-2-1 (NAS + GCS) with monthly Tier 1 restore tests | Enforced |
| Power | UPS-protected with PowerChute graceful shutdown | Enforced |
| Access | SSO + MFA, Strict Lockdown Mode, two-person rule for break-glass | Enforced |
| Detection | Wazuh agents on all VMs, vCenter integration | Enforced |