Information Asset Registry¶
Classification: CONFIDENTIAL — Internal Use Only
The Information Asset Registry (IAR) is the authoritative inventory of all hardware, network, and cloud assets managed by GPUS-IT. It supports CIS Control 1 (Inventory of Enterprise Assets), CIS Control 2 (Inventory of Software Assets), and PCI-DSS asset management requirements.
Sources of truth: wdc-hostregistry.csv, gcp-hostregistry.csv, and meraki-hostregistry.csv under hostregistry/ — maintained by IT Administration.
Last updated: 2026-04-28 · Total assets: 129 on-premises + 7 GCP cloud assets + 32 Meraki network devices + 4 Phase 1 forms-portal data assets + 1 legacy database asset
Handling requirement
This registry contains MAC addresses, IP assignments, and system details. Handle as CONFIDENTIAL. Do not share outside of IT and Security teams.
Asset summary¶
| Category | Count | Network |
|---|---|---|
| Gateway / Firewall | 1 | 192.168.120.251–254 |
| Servers | 5 | 192.168.120.1–40 |
| Appliances, SANs, Printers | 8 | 192.168.120.41–64 |
| Hypervisors | 3 | 192.168.120.65–69 / 192.168.122.150–250 |
| Workstations | 112 | 192.168.120.70–230 |
| GCP Cloud Assets | 7 | us-central1 / 172.16.0.0/24 |
| Network Devices (Meraki) | 32 | Multi-site (cloud-managed) |
| Total | 168 |
Gateway / Firewall¶
| Hostname | FQDN | IP Address | Description | OS / Platform | Dept |
|---|---|---|---|---|---|
| fw | fw.wdc.us.gl3 | 192.168.120.254 | Cisco Meraki MX100 | Meraki | IT |
Servers¶
| Hostname | FQDN | IP Address | MAC Address | Description | OS | Dept |
|---|---|---|---|---|---|---|
| sky | sky.wdc.us.gl3 | 192.168.120.1 | 00:0c:29:6a:a8:74 | Primary DNS/DHCP Server | Rocky Linux 8.10 | IT |
| rain | rain.wdc.us.gl3 | 192.168.120.2 | 00:0c:29:e1:6d:e8 | Secondary DNS/DHCP Server | Rocky Linux 8.10 | IT |
| sun | sun.wdc.us.gl3 | 192.168.120.3 | 00:0c:29:a0:a7:70 | Prometheus/Grafana Monitoring | Rocky Linux 8.10 | IT |
| wind | wind.wdc.us.gl3 | 192.168.120.4 | 00:0c:29:1d:80:0d | ELK Stack Logging | Rocky Linux 8.10 | IT |
| ocean | ocean.wdc.us.gl3 | 192.168.120.28 | 00:50:56:a0:f0:19 | Imaging Server | Fedora | IT |
Appliances, SANs & Printers¶
| Type | Hostname | FQDN | IP Address | MAC Address | Description | Dept |
|---|---|---|---|---|---|---|
| SAN | solstorage | solstorage.wdc.us.gl3 | 192.168.120.43 | 90:09:d0:61:ad:7f | Synology Storage — Solutions team | IT |
| SAN | vmstorage | vmstorage.wdc.us.gl3 | 192.168.120.51 | 90:09:d0:1b:fe:80 | Synology Storage — VMs | IT |
| Printer | mailroom | mailroom.wdc.us.gl3 | 192.168.120.56 | 60:12:8b:f7:c0:75 | Mailroom Canon Printer | IT |
| Printer | fireweed | fireweed.wdc.us.gl3 | 192.168.120.57 | 34:9f:7b:58:9c:3f | Fireweed Canon Printer | IT |
| Printer | woche | woche.wdc.us.gl3 | 192.168.120.58 | 34:9f:7b:58:74:ba | Woche Printer | IT |
| Printer | payroll-printer | payroll-printer.wdc.us.gl3 | 192.168.120.59 | c8:d9:d2:cb:b3:ea | Payroll Printer | Finance |
| SAN | synstorage | synstorage.wdc.us.gl3 | 192.168.120.60 | 1c:34:da:0c:06:a0 | Synology Storage — Video | Media |
| Desktop | gpusresearchdesktop | gpusresearchdesktop.wdc.us.gl3 | 192.168.120.64 | 20:88:10:e3:33:ee | Windows 11 Research Desktop | Research |
Hypervisors¶
| Hostname | FQDN | IP Address | Description | OS | Dept |
|---|---|---|---|---|---|
| water | water.wdc.us.gl3 | 192.168.120.65 | Hosts Ocean | VMware ESXi 6.7 | IT |
| fire | fire.wdc.us.gl3 | 192.168.122.160 | Security ESXi | VMware ESXi 6.7 | IT |
| flower | flower.wdc.us.gl3 | 192.168.122.240 | General hypervisor | VMware ESXi 6.8 | IT |
Workstations¶
112 workstations registered in the wdc.us.gl3 domain, IP range 192.168.120.70–230. All managed via DHCP reservations on SKY/RAIN.
| Hostname | FQDN | IP Address | MAC Address | OS | Dept | User |
|---|---|---|---|---|---|---|
| noconnor | noconnor.wdc.us.gl3 | 192.168.120.70 | 34:48:ed:9e:98:7a | Windows 11 | Data | noconnor |
| hbakar | hbakar.wdc.us.gl3 | 192.168.120.71 | 5c:80:b6:2f:f6:8e | — | — | — |
| kacamosy-mabookpro | kacamosy-mabookpro.wdc.us.gl3 | 192.168.120.72 | 3c:07:54:7d:16:78 | — | — | — |
| macarret | macarret.wdc.us.gl3 | 192.168.120.73 | 14:75:5b:ee:25:e1 | — | — | — |
| nbarnes | nbarnes.wdc.us.gl3 | 192.168.120.74 | ec:63:d7:98:8f:91 | — | — | — |
| rskar | rskar.wdc.us.gl3 | 192.168.120.75 | f0:20:ff:2c:0c:8b | — | — | — |
| eprice-airbook | eprice-airbook.wdc.us.gl3 | 192.168.120.76 | 70:ae:d5:44:98:59 | — | — | — |
| kfrancis-airbook | kfrancis-airbook.wdc.us.gl3 | 192.168.120.77 | 9c:58:84:15:26:a4 | — | — | — |
| ksindayi-airbook | ksindayi-airbook.wdc.us.gl3 | 192.168.120.78 | 84:94:37:cd:f7:a7 | — | — | — |
| kacamosy-airbook | kacamosy-airbook.wdc.us.gl3 | 192.168.120.79 | 9c:58:84:6e:31:6e | — | — | — |
| lharris | lharris.wdc.us.gl3 | 192.168.120.80 | b0:60:88:af:91:aa | — | — | — |
| rocampo | rocampo.wdc.us.gl3 | 192.168.120.81 | d4:d8:53:4c:aa:b3 | — | — | — |
| tdivico-airbook | tdivico-airbook.wdc.us.gl3 | 192.168.120.82 | d0:88:0c:7f:60:c9 | — | — | — |
| nsmith | nsmith.wdc.us.gl3 | 192.168.120.83 | 64:49:7d:92:92:12 | — | — | — |
| arizocen-airbook | arizocen-airbook.wdc.us.gl3 | 192.168.120.84 | 10:b5:88:72:a0:80 | — | — | — |
| jharris-airbook | jharris-airbook.wdc.us.gl3 | 192.168.120.85 | d0:88:0c:65:14:6d | — | — | — |
| cpatters-airbook | cpatters-airbook.wdc.us.gl3 | 192.168.120.86 | 9c:58:84:17:7f:9d | — | — | — |
| gforbes-airbook | gforbes-airbook.wdc.us.gl3 | 192.168.120.87 | c0:95:6d:34:b9:7d | — | — | — |
| jsundius-airbook | jsundius-airbook.wdc.us.gl3 | 192.168.120.88 | 70:ae:d5:49:66:fa | — | — | — |
| folagbaj | folagbaj.wdc.us.gl3 | 192.168.120.89 | 8c:c6:81:1f:8e:0c | — | — | — |
| bloatwaretest | bloatwaretest.wdc.us.gl3 | 192.168.120.90 | 00:e0:4c:01:01:1d | — | — | — |
| asmith-airbook | asmith-airbook.wdc.us.gl3 | 192.168.120.91 | d0:88:0c:64:e1:cb | — | — | — |
| tgarg | tgarg.wdc.us.gl3 | 192.168.120.92 | b4:6b:fc:78:34:80 | — | — | — |
| lbigda-airbook | lbigda-airbook.wdc.us.gl3 | 192.168.120.93 | 84:94:37:c9:8e:fa | — | — | — |
| psindha-airbook | psindha-airbook.wdc.us.gl3 | 192.168.120.94 | 70:ae:d5:48:b3:d9 | — | — | — |
| kstores | kstores.wdc.us.gl3 | 192.168.120.95 | 98:59:7a:5b:1a:ee | — | — | — |
| taubry | taubry.wdc.us.gl3 | 192.168.120.96 | c0:47:0e:0d:6a:d4 | — | — | — |
| jfornber | jfornber.wdc.us.gl3 | 192.168.120.97 | 98:59:7a:5b:99:74 | — | — | — |
| aarminio-airbook | aarminio-airbook.wdc.us.gl3 | 192.168.120.98 | 70:ae:d5:43:fe:63 | — | — | — |
| ccray | ccray.wdc.us.gl3 | 192.168.120.99 | 14:75:5b:f5:a7:0d | — | — | — |
| tavila | tavila.wdc.us.gl3 | 192.168.120.100 | 98:59:7a:5b:d5:fb | — | — | — |
| bphelan | bphelan.wdc.us.gl3 | 192.168.120.101 | 68:7a:64:77:5d:99 | — | — | — |
| bloatwaretest1 | bloatwaretest1.wdc.us.gl3 | 192.168.120.102 | 00:e0:4c:00:08:be | — | — | — |
| iherod-airbook | iherod-airbook.wdc.us.gl3 | 192.168.120.103 | d0:88:0c:6c:63:59 | — | — | — |
| alwhite | alwhite.wdc.us.gl3 | 192.168.120.104 | 14:75:5b:f2:89:a1 | — | — | — |
| hbaar-airbook | hbaar-airbook.wdc.us.gl3 | 192.168.120.105 | a4:c6:f0:27:de:bc | — | — | — |
| kmelges-airbook | kmelges-airbook.wdc.us.gl3 | 192.168.120.106 | 9c:58:84:70:29:f5 | — | — | — |
| msedita-airbook | msedita-airbook.wdc.us.gl3 | 192.168.120.107 | 9c:58:84:72:49:f2 | — | — | — |
| tgregory-airbook | tgregory-airbook.wdc.us.gl3 | 192.168.120.108 | 70:ae:d5:43:0e:69 | — | — | — |
| mlopez-airbook | mlopez-airbook.wdc.us.gl3 | 192.168.120.109 | 9c:58:84:1c:2e:e4 | — | — | — |
| jclark | jclark.wdc.us.gl3 | 192.168.120.110 | 98:59:7a:5a:cb:f7 | — | — | — |
| scruz-airbook | scruz-airbook.wdc.us.gl3 | 192.168.120.111 | c0:95:6d:3d:b1:37 | — | — | — |
| snicolas-airbook | snicolas-airbook.wdc.us.gl3 | 192.168.120.112 | a4:c6:f0:2d:88:38 | — | — | — |
| dwinprogpii | dwinprogpii.wdc.us.gl3 | 192.168.120.113 | 00:15:5d:06:1e:01 | — | — | — |
| jturner | jturner.wdc.us.gl3 | 192.168.120.114 | 68:7a:64:74:5e:91 | — | — | — |
| mbringas-airbook | mbringas-airbook.wdc.us.gl3 | 192.168.120.115 | 70:ae:d5:48:56:3d | — | — | — |
| dwin11progpi | dwin11progpi.wdc.us.gl3 | 192.168.120.116 | 00:15:5d:06:1e:02 | — | — | — |
| mcarter-airbook | mcarter-airbook.wdc.us.gl3 | 192.168.120.117 | 9c:58:84:20:1c:e5 | — | — | — |
| dwin11progpiv | dwin11progpiv.wdc.us.gl3 | 192.168.120.118 | 00:15:5d:06:1e:04 | — | — | — |
| staylor-airbook | staylor-airbook.wdc.us.gl3 | 192.168.120.119 | d0:88:0c:6b:33:3c | — | — | — |
| jchristi-airbook | jchristi-airbook.wdc.us.gl3 | 192.168.120.120 | 3c:22:fb:db:4c:fa | — | — | — |
| taubry-probook | taubry-probook.wdc.us.gl3 | 192.168.120.121 | bc:d0:74:23:b0:af | — | — | — |
| ddellprec75201 | ddellprec75201.wdc.us.gl3 | 192.168.120.122 | 10:65:30:ff:da:44 | — | — | — |
| dwin11progplll | dwin11progplll.wdc.us.gl3 | 192.168.120.123 | 00:15:5d:06:1e:03 | — | — | — |
| tbekele | tbekele.wdc.us.gl3 | 192.168.120.124 | 00:09:0f:aa:00:01 | — | — | — |
| kflynnja-airbook | kflynnja-airbook.wdc.us.gl3 | 192.168.120.125 | 10:b5:88:79:89:af | — | — | — |
| brichard | brichard.wdc.us.gl3 | 192.168.120.126 | f0:20:ff:2b:fe:fd | — | — | — |
| testmacmini | testmacmini.wdc.us.gl3 | 192.168.120.127 | 4c:20:b8:e9:a3:6c | — | — | — |
| ngreen-airbook | ngreen-airbook.wdc.us.gl3 | 192.168.120.128 | a4:c6:f0:25:c4:0b | — | — | — |
| mridenho | mridenho.wdc.us.gl3 | 192.168.120.129 | a0:80:69:ff:32:32 | — | — | — |
| msimons | msimons.wdc.us.gl3 | 192.168.120.130 | ec:63:d7:98:8e:fb | — | — | — |
| ggirgis | ggirgis.wdc.us.gl3 | 192.168.120.131 | 68:7a:64:75:61:42 | — | — | — |
| dpadmana-airbook | dpadmana-airbook.wdc.us.gl3 | 192.168.120.132 | 70:ae:d5:4b:e6:2e | — | — | — |
| testwin2 | testwin2.wdc.us.gl3 | 192.168.120.133 | 00:e0:4c:01:01:0c | — | — | — |
| ljurca-airbook | ljurca-airbook.wdc.us.gl3 | 192.168.120.134 | a4:c6:f0:2c:8e:91 | — | — | — |
| smckenna-airbook | smckenna-airbook.wdc.us.gl3 | 192.168.120.135 | c0:95:6d:3c:fc:42 | — | — | — |
| hharmon-airbook | hharmon-airbook.wdc.us.gl3 | 192.168.120.136 | 2c:76:00:ec:c7:ab | — | — | — |
| tbrooks | tbrooks.wdc.us.gl3 | 192.168.120.137 | 5c:80:b6:2f:01:cf | — | — | — |
| btaylor-airbook | btaylor-airbook.wdc.us.gl3 | 192.168.120.138 | a4:c6:f0:2a:f0:6e | — | — | — |
| hlambert-airbook | hlambert-airbook.wdc.us.gl3 | 192.168.120.139 | 9c:58:84:12:f0:d6 | — | — | — |
| loaner-e | loaner-e.wdc.us.gl3 | 192.168.120.140 | a4:b1:c1:4b:19:23 | — | — | — |
| ewhisena-airbook | ewhisena-airbook.wdc.us.gl3 | 192.168.120.141 | 00:e0:4c:00:09:0c | — | — | — |
| visuals-macpro | visuals-macpro.wdc.us.gl3 | 192.168.120.142 | e4:50:eb:b8:37:9d | — | — | — |
| sheidenr-airbook | sheidenr-airbook.wdc.us.gl3 | 192.168.120.143 | c0:95:6d:37:41:52 | — | — | — |
| loaner-f | loaner-f.wdc.us.gl3 | 192.168.120.144 | a4:b1:c1:4a:93:22 | — | — | — |
| carring-airbook | carring-airbook.wdc.us.gl3 | 192.168.120.145 | d0:88:0c:6e:10:a0 | — | — | — |
| bavila-airbook | bavila-airbook.wdc.us.gl3 | 192.168.120.146 | 70:ae:d5:45:31:dc | — | — | — |
| sraman-airbook | sraman-airbook.wdc.us.gl3 | 192.168.120.147 | 84:94:37:ce:42:c0 | — | — | — |
| mailroompc | mailroompc.wdc.us.gl3 | 192.168.120.148 | 04:ed:33:c0:94:af | — | — | — |
| jdragon-airbook | jdragon-airbook.wdc.us.gl3 | 192.168.120.149 | 10:b5:88:77:26:92 | — | — | — |
| sseipelt | sseipelt.wdc.us.gl3 | 192.168.120.150 | 14:75:5b:d4:13:81 | — | — | — |
| btrewin | btrewin.wdc.us.gl3 | 192.168.120.151 | 04:ed:33:c0:33:93 | — | — | — |
| jmeisel-airbook | jmeisel-airbook.wdc.us.gl3 | 192.168.120.152 | fc:e2:6c:1a:01:dd | — | — | — |
| loaner-d | loaner-d.wdc.us.gl3 | 192.168.120.153 | 8c:c6:81:1f:67:8d | — | — | — |
| chull | chull.wdc.us.gl3 | 192.168.120.154 | ec:63:d7:98:39:6a | — | — | — |
| sherrado-airbook | sherrado-airbook.wdc.us.gl3 | 192.168.120.155 | a4:c6:f0:25:69:d2 | — | — | — |
| dkhoury-airbook | dkhoury-airbook.wdc.us.gl3 | 192.168.120.156 | 9c:58:84:79:dd:16 | — | — | — |
| sbullock-airbook | sbullock-airbook.wdc.us.gl3 | 192.168.120.157 | 9c:58:84:14:61:4b | — | — | — |
| ktoruno | ktoruno.wdc.us.gl3 | 192.168.120.158 | 5c:80:b6:30:41:07 | — | — | — |
| amoas-airbook | amoas-airbook.wdc.us.gl3 | 192.168.120.159 | 70:ae:d5:43:60:4b | — | — | — |
| jumoss | jumoss.wdc.us.gl3 | 192.168.120.160 | 04:ed:33:2d:cf:e9 | — | — | — |
| ahemphil-airbook | ahemphil-airbook.wdc.us.gl3 | 192.168.120.161 | d0:88:0c:66:10:59 | — | — | — |
| dwatford-airbook | dwatford-airbook.wdc.us.gl3 | 192.168.120.162 | a4:c6:f0:25:0c:45 | — | — | — |
| knelson-airbook | knelson-airbook.wdc.us.gl3 | 192.168.120.163 | c0:95:6d:3c:d1:6b | — | — | — |
| cprieto-airbook | cprieto-airbook.wdc.us.gl3 | 192.168.120.164 | d0:88:0c:63:0a:28 | — | — | — |
| fortitest-airbook | fortitest-airbook.wdc.us.gl3 | 192.168.120.165 | c0:95:6d:36:c6:3d | — | — | — |
| kreyes-airbook | kreyes-airbook.wdc.us.gl3 | 192.168.120.166 | 48:e1:5c:da:d1:ab | — | — | — |
| kchungya | kchungya.wdc.us.gl3 | 192.168.120.167 | 30:89:4a:ae:1b:8b | — | — | — |
| sk-airbook | sk-airbook.wdc.us.gl3 | 192.168.120.168 | fc:e2:6c:15:eb:9f | — | — | — |
| d-macbook-air | d-macbook-air.wdc.us.gl3 | 192.168.120.169 | d0:81:7a:ab:ee:02 | — | — | — |
| lpratt | lpratt.wdc.us.gl3 | 192.168.120.170 | 5c:80:b6:2f:e7:d4 | — | — | — |
| fvonsuck-airbook | fvonsuck-airbook.wdc.us.gl3 | 192.168.120.171 | 9c:58:84:1a:ff:a9 | — | — | — |
| jstuckey-airbook | jstuckey-airbook.wdc.us.gl3 | 192.168.120.172 | c0:95:6d:35:86:4e | — | — | — |
| sladwig | sladwig.wdc.us.gl3 | 192.168.120.173 | 14:75:5b:ee:27:08 | — | — | — |
| hbasioun-airbook | hbasioun-airbook.wdc.us.gl3 | 192.168.120.174 | 84:94:37:d2:58:21 | — | — | — |
| asterlin-airbook | asterlin-airbook.wdc.us.gl3 | 192.168.120.175 | 9c:58:84:74:d4:ff | — | — | — |
| jhocevar | jhocevar.wdc.us.gl3 | 192.168.120.176 | a4:c3:f0:56:53:f6 | — | — | — |
| gsmalley-airbook | gsmalley-airbook.wdc.us.gl3 | 192.168.120.177 | 10:b5:88:74:ad:be | — | — | — |
| tdonaghy-airbook | tdonaghy-airbook.wdc.us.gl3 | 192.168.120.178 | 70:ae:d5:4d:aa:81 | — | — | — |
| jejohnso-airbook | jejohnso-airbook.wdc.us.gl3 | 192.168.120.179 | 9c:58:84:7a:ac:b3 | — | — | — |
| amorales-airbook | amorales-airbook.wdc.us.gl3 | 192.168.120.180 | 10:b5:88:72:da:01 | — | — | — |
| arincon-airbook | arincon-airbook.wdc.us.gl3 | 192.168.120.181 | 9c:58:84:13:04:ba | — | — | — |
GCP cloud assets¶
| Type | Name | FQDN / Endpoint | Description | Region | Dept |
|---|---|---|---|---|---|
| Cloud Run | gpus-status-site | gpus-status-site-1056766133984.us-central1.run.app | Infrastructure status dashboard | us-central1 | IT |
| Cloud Run | gpus-status-backend | gpus-status-backend-1056766133984.us-central1.run.app | Live data API — SSH/Prometheus/ES polling | us-central1 | IT |
| Cloud Run | gpus-mkdocs-portal | gpus-mkdocs-portal-1056766133984.us-central1.run.app | IT Infrastructure Portal — https://infra.greenpeace.us | us-central1 | IT |
| DNS CNAME | infra.greenpeace.us | infra.greenpeace.us | Custom domain → gpus-mkdocs-portal; SSL: Cloud Run managed | — | IT |
| GCS Bucket | gpus-infra-backups-wdc | — | On-premises backup target | us-central1 | IT |
| GCS Bucket | gpus-infra-tf-state | — | Terraform state bucket | us-central1 | IT |
| VPN Gateway | gpus-vpn-gateway | — | Cloud VPN — peer: WDC Meraki MX100 (38.140.146.68); tunnel: ESTABLISHED | us-central1 | IT |
| Artifact Registry | gpus-images | us-central1-docker.pkg.dev/gpus-infra/gpus-images | Container image registry for all Cloud Run services | us-central1 | IT |
Meraki network fabric (Wave 1, 2026-04-28)¶
Cisco Meraki cloud-managed network infrastructure — security appliances
(MX), switches (MS), and wireless access points (MR) — distributed
across five networks at three physical sites (Washington DC HQ, MDEC,
OAKEC) plus residential APs (DC Apartments) and an MDM-only network
(Major Gifts). Managed via Meraki Dashboard organization 395909
(license expires 2027-11-28). Full per-device inventory with serials,
MACs, EOL dates, and lifecycle actions: meraki-hostregistry.csv.
For network architecture, uplink topology, GCP VPN integration, and
phased roadmap, see meraki-infrastructure.md.
Security appliances (MX) — 4 devices:
| Hostname | Serial | Site | Network | Role | Criticality | Notes |
|---|---|---|---|---|---|---|
| wdc-fw-primary | Q2XN-V4XE-UQKX | WDC | WDC-Eye Street | firewall-primary | critical | HA primary; VRRP master; GCP VPN terminator |
| wdc-fw-secondary | Q2XN-LXCR-EJEW | WDC | WDC-Eye Street | firewall-secondary | critical | HA secondary |
| MDEC MX | Q2KN-AFKR-5EES | MDEC | MDEC | firewall-primary | high | Single uplink, no HA |
| oakec-fw-primary | Q2KN-86TU-N6CP | OAKEC | OAKEC | firewall-primary | high | Renamed from Justin-Bieber 2026-04-23 |
Switches (MS) — 11 devices:
| Hostname | Serial | Site | Network | Model | Criticality | EOL Status |
|---|---|---|---|---|---|---|
| WDC-STACK-0-NOPOE | Q2HW-F8RK-KULW | WDC | WDC-Eye Street | MS225-48 | critical | EoSale 2026-04-30 |
| WDC-STACK-1-NOPOE | Q2HW-HMCF-4LJ5 | WDC | WDC-Eye Street | MS225-48 | critical | EoSale 2026-04-30 |
| WDC-STACK-2-NOPOE | Q2HW-HKLA-DPXW | WDC | WDC-Eye Street | MS225-48 | critical | EoSale 2026-04-30 |
| WDC-STACK-3-NOPOE | Q2HW-FN64-HZWA | WDC | WDC-Eye Street | MS225-48 | critical | EoSale 2026-04-30 |
| WDC-STACK-4-POE | Q2KW-3VQQ-DE9H | WDC | WDC-Eye Street | MS225-48FP | critical | EoSale 2026-04-30 |
| WDC-STACK-5-POE | Q2KW-TJTU-B2ET | WDC | WDC-Eye Street | MS225-48FP | critical | EoSale 2026-04-30 |
| WDC-STACK-6-POE | Q2KW-VRUK-9LS6 | WDC | WDC-Eye Street | MS225-48FP | critical | EoSale 2026-04-30 |
| wdc-edge-1 | Q4AA-B9B4-HLZQ | WDC | WDC-Eye Street | MS120-8 | high | EoS 2030-03-28 |
| wdc-edge-2 | Q4AA-VRAQ-2GSF | WDC | WDC-Eye Street | MS120-8 | high | EoS 2030-03-28 |
| MDEC-access-2 | Q2SX-HDV2-2UTV | MDEC | MDEC | MS210-24P | medium | EoSale 2026-04-30 |
| Oakland Warehouse Switch1 | Q2SX-29PM-F7KP | OAKEC | OAKEC | MS210-24P | medium | EoSale 2026-04-30 |
Wireless access points (MR) — 17 devices:
| Hostname | Serial | Site | Network | Model | Criticality | EOL Status |
|---|---|---|---|---|---|---|
| wdc-wap-1 | Q3AP-D6NB-GY3G | WDC | WDC-Eye Street | MR57 | high | OK |
| wdc-wap-2 | Q3AP-VVT6-7Q7T | WDC | WDC-Eye Street | MR57 | high | OK |
| wdc-wap-3 | Q3AP-6SSC-Z2L7 | WDC | WDC-Eye Street | MR57 | high | OK |
| wdc-wap-4 | Q3AP-2YDY-XZQZ | WDC | WDC-Eye Street | MR57 | high | OK |
| wdc-wap-5 | Q3AP-T34T-45AG | WDC | WDC-Eye Street | MR57 | high | OK |
| First Floor AP | Q2LD-2P6D-FQ9Q | MDEC | MDEC | MR52 | medium | EoS 2026-07-21 ⚠ |
| Garage AP | Q2LD-K2TR-N97R | MDEC | MDEC | MR52 | medium | EoS 2026-07-21 ⚠ |
| Second Floor AP | Q2LD-SCPN-R4KY | MDEC | MDEC | MR52 | medium | EoS 2026-07-21 ⚠ |
| OAKEC-AP1 | Q2LD-4DN3-3BT9 | OAKEC | OAKEC | MR52 | medium | EoS 2026-07-21 ⚠ |
| OAKEC-AP2 | Q2LD-L3GL-NG4Z | OAKEC | OAKEC | MR52 | medium | EoS 2026-07-21 ⚠ |
| APT 707 | Q2LD-5XJZ-2SZC | DC Apartments | DC Apartments | MR52 | low | EoS 2026-07-21 ⚠ |
| APT 709 | Q2PD-KDPN-SBFR | DC Apartments | DC Apartments | MR33 | low | EoS 2026-07-21 ⚠ |
| APT 611 | Q2PD-PN66-3P86 | DC Apartments | DC Apartments | MR33 | low | EoS 2026-07-21 ⚠ |
| APT211 | Q2PD-GKDC-PVLG | DC Apartments | DC Apartments | MR33 | low | EoS 2026-07-21 ⚠ |
| mdec garage | Q2JD-29US-5JXK | unassigned | — | MR32 | decommission | PAST EoS 2024-07-31 ⚠⚠ |
| mdec 1st floor work room | Q2JD-2MFW-39AG | unassigned | — | MR32 | decommission | PAST EoS 2024-07-31 ⚠⚠ |
| mdec 2nd floor by the bunk room | Q2PD-L4QQ-9G54 | unassigned | — | MR33 | decommission | EoS 2026-07-21 |
Network breakdown:
| Network | Network ID | Devices | Site | Notes |
|---|---|---|---|---|
| WDC-Eye Street | L_630503947831890190 |
13 | Washington DC HQ | HA firewall pair, GCP VPN terminator |
| MDEC | L_630503947831873852 |
5 | Mid-Atlantic Direct Engagement Center | Single uplink |
| OAKEC | L_630503947831873855 |
4 | Oakland Engagement Center | Single uplink |
| DC Apartments | N_630503947831910695 |
4 | Residential staff housing | Wireless-only |
| Major Gifts | N_630503947831998386 |
0 (SM only) | Donor team endpoints | MDM-only, no hardware in this registry |
| Unassigned | — | 3 | — | Decommission queue (see lifecycle_action in CSV) |
Compliance: This Meraki section satisfies CIS Control 1 (Inventory of
Enterprise Assets) and ID.AM-1 (Hardware inventory) for the network
fabric domain. Per-control mapping detail is documented in
meraki-infrastructure.md
under "Compliance Mappings" — covers MITRE ATT&CK, PCI-DSS v4.0,
NIST CSF 2.0, NIST 800-53 Rev. 5, ISO 27001:2022, and CIS Controls v8.
Audit findings (2026-04-27/28): 10 findings logged through Meraki
discovery (MERAKI-2026-04-001 through 010) — see
meraki-infrastructure.md § Audit Findings. Critical-severity:
MERAKI-2026-04-003 (2× MR32 past EoS, decommission immediately).
High-severity: MERAKI-2026-04-001 (Sedita stale full admin),
MERAKI-2026-04-002 (no SAML SSO), MERAKI-2026-04-004 (12× APs
hitting EoS 2026-07-21), MERAKI-2026-04-007 (no syslog → CEDAR).
Forms portal data assets (Phase 1, 2026-04-18)¶
The Forms Portal (forms.greenpeace.us) introduces four new data assets that are not hosts — they are Cloud SQL schemas, GCS buckets, and KMS keys. They are tracked here rather than in wdc-hostregistry.csv because they do not have an IP or MAC.
| Asset | Classification | Type | Encryption / Key | Retention | Owner |
|---|---|---|---|---|---|
| Forms Portal Database | CONFIDENTIAL | Cloud SQL PostgreSQL 15 (gpus-forms-db, private IP) |
CMEK via gpus-forms-cmek + per-submission AES-256-GCM DEK wrapped by gpus-forms-dek-wrapper |
7 years (submissions + audit log); automated daily backups + PITR | Director of Cyber Security |
| Forms Portal Attachments | CONFIDENTIAL | GCS bucket (gpus-forms-attachments), signed-URL-only, ClamAV scanned |
CMEK via gpus-forms-cmek |
7 years with GCS retention lock (cannot be deleted before expiry) | Director of Cyber Security |
| Forms Portal KMS Keys | RESTRICTED | Cloud KMS keys (gpus-forms-cmek, gpus-forms-dek-wrapper) in us-central1 |
Software-protected, automatic 90-day rotation; IAM grants only to gpus-forms-backend@gpus-infra.iam.gserviceaccount.com |
Key material retained per KMS defaults; rotation verified quarterly | Director of Cyber Security |
| Forms Portal Backups | CONFIDENTIAL | GCS bucket (gpus-infra-backups-wdc/forms-db/), pg_dump weekly + Cloud SQL automated daily |
CMEK via gpus-forms-cmek |
7 years | Backup Admin |
Change log:
- 2026-04-18 — Phase 1 cutover: four forms-portal data assets registered; database and attachments marked CONFIDENTIAL, KMS keys marked RESTRICTED. See
forms-backend/RUNBOOK-CLAUDE-CODE.md(provisioning) andforms-backend/RUNBOOK-COWORK.mdTask 10 for the addition rationale.
Legacy Forms Database (in_formfeed)¶
Tracked here as part of the Phase 1.5 migration from the legacy PHP forms system. See Phase 1.5 addendum Task A and Task B for verification and right-sizing work.
| Field | Value |
|---|---|
| Asset | Cloud SQL MySQL instance, public IP 34.171.123.238 |
| Project | [confirm during migration runbook Step 1] |
| Data | 260 KB, 5 tables (category, form, field, pulldown, template) — 772 rows combined |
| Classification | INTERNAL (no PII; metadata and form definitions only, no submissions stored) |
| Purpose | Legacy reference after Phase 1.5 migration to gpus-forms-db |
| Status | Read-only reference, no writes since cutover — cutover date TBD (Phase 4 go-live) |
| Retention | Decision pending (see addendum Task B — oversized instance / retirement decision) |
| Access | formfeed@34.171.123.238 — credentials in Secret Manager (gpus-formfeed-mysql-password) |
| Network exposure | Public IP (34.171.123.238); authorized networks restricted to three /32 CIDRs (no 0.0.0.0/0 present — good) |
Authorized networks (confirmed 2026-04-18):
| CIDR | Description | Disposition |
|---|---|---|
113.199.192.121/32 |
rchhetry — admin access | Retain during migration and through Phase 4 cutover |
34.121.207.171/32 |
phoebe — legacy GCP VM | Remove after Phase 4 cutover |
34.45.99.114/32 |
catbird — legacy GCP VM | Remove after Phase 4 cutover |
Security finding status: No 0.0.0.0/0 entry — instance is already restricted to three /32 sources. No immediate remediation required; phoebe and catbird entries are scheduled for removal after Phase 4 cutover to retire unused legacy paths. Record removal dates in the change log below when they happen.
Change log:
- 2026-04-18 — Legacy database registered ahead of Phase 1.5 migration cutover. Authorized-networks audit completed (3
/32CIDRs, no0.0.0.0/0).phoebe+catbirdentries queued for removal after Phase 4 cutover.
Maintenance¶
The IAR is updated whenever:
- A new device is assigned a DHCP reservation on SKY/RAIN
- A new server, appliance, or cloud asset is provisioned
- An asset is decommissioned or reassigned
Update procedure:
- Edit the appropriate registry under
hostregistry/—wdc-hostregistry.csvon SKY for WDC hosts;gcp-hostregistry.csvvia repo for GCP cloud assets;meraki-hostregistry.csvvia repo for Meraki devices. - Increment version header (vX.Y → vX.Y+1) and update date
- Update this page to match
- Log the change:
echo "$(date -Is) IAR updated — [reason]" >> /var/log/asset-inventory.log - Run AIDE baseline update per Post-Change Checklist
Information Asset Registry · v1.2 · 2026-04-28 · GPUS-IT · Classification: CONFIDENTIAL — Internal Use Only