Skip to content

Game Warden Platform Architecture

Game Warden Platform provides a secure, scalable, and compliant environment for deploying SaaS applications to government networks. With built-in Authority to Operate (ATO) inheritance, observability, and CI/CD integration, the platform minimizes operational overhead while maintaining strict security and compliance standards.

The following sections provide an overview of Game Warden's architectural components.

Customer-managed components

Your organization owns and operates the following components:

  • Software development - Application code is developed using standard development tools and frameworks (e.g., GitHub, GitLab, Bitbucket).
  • Container build pipeline - Use a CI/CD pipeline managed by your organization to generate a Docker container image of your application's code.

Meet 2F Workshop

Second Front offers a secure, pre-integrated development environment called Workshop, designed to help you build and deploy apps faster within Game Warden. Workshop includes hardened containers, built-in security scans, and ready-to-use CI/CD pipelines—reducing setup time and helping you meet compliance requirements from day one.

Second Front container registry

This is a secure, Game Warden-managed registry where validated application containers are stored. These containers are processed through a security and release pipeline before being deployed into the Game Warden Platform.

Game Warden Platform

The core platform is responsible for securely hosting and managing the lifecycle of SaaS applications in a government-approved environment.

Component Description
Virtual Private Cloud (VPC) The VPC serves as the isolated hosting environment where customer workloads run, ensuring network segmentation and policy enforcement.
Kubernetes Orchestration Applications are deployed in dedicated namespaces, each containing:
  • Customer App: The containerized workload provided by the application team.
  • Container Proxy: Handles secure ingress/egress and traffic inspection.
  • Network Proxy: Applies additional network policies or segmentation controls.
  • Dedicated Database (if needed): Managed databases for persistent storage.
Cloud Native Services Game Warden is cloud-agnostic and can run on multiple providers, including:
  • GCP (Google Cloud Platform)
  • AWS (Amazon Web Services)

Security and compliance layer

Game Warden enforces strict access and compliance controls, including:

  • Government IdAM & Load Balancer - All access to applications passes through a government-validated identity and access management system and a centralized load balancer.
  • End User Access Tiers - Supports varying sensitivity levels: Unclassified, Secret, Top Secret, UK Official, etc., ensuring appropriate data segregation.

Observability and operations

Game Warden includes a built-in observability stack for operational insight and compliance monitoring:

  • Grafana Loki - Used for application and system log aggregation.
  • Monitoring Tools - Tracks performance, availability, and resource usage.
  • SIEM Integration - Security event and information management.
  • Managed SOC and 24/7 SRE - Real-time security response and platform reliability support.