diff --git a/README.md b/README.md
index 56930283eb..417482ee24 100644
--- a/README.md
+++ b/README.md
@@ -35,8 +35,10 @@ In order to render and preview the site locally (without docker) you will need a
 1) You will need to install python and pip
 2) After python is installed, you'll need the following python dependencies:
 
-`pip install mkdocs`
-`pip install mkdocs-material==8.2.1`
+* `pip install mkdocs`
+* `pip install mkdocs-material==8.2.1`
+* `pip install mkdocs-swagger-ui-tag`
+* 'pip install mkdocs-macros-plugin'
 
 
 3) Once you have all the pre-reqs installed. You can simply run `mkdocs serve` and view the rendered content locally and makes changes to your documentation and preview them in realtime with a browser at http://0.0.0.0:8001/edgex-docs.
diff --git a/docs_src/security/edgex-openziti.drawio b/docs_src/security/edgex-openziti.drawio
new file mode 100644
index 0000000000..b1f99f45f1
--- /dev/null
+++ b/docs_src/security/edgex-openziti.drawio
@@ -0,0 +1,453 @@
+<mxfile host="app.diagrams.net" agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36" version="24.7.5" pages="3">
+  <diagram name="Page-1" id="69J_8161vsEQFSDkU_qg">
+    <mxGraphModel dx="2074" dy="1104" grid="1" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="1" pageScale="1" pageWidth="1920" pageHeight="1200" math="0" shadow="0">
+      <root>
+        <mxCell id="0" />
+        <mxCell id="1" parent="0" />
+        <mxCell id="p4UTylEGOL3QZa_F2JF8-1" value="AWS" style="rounded=1;whiteSpace=wrap;html=1;arcSize=9;verticalAlign=top;align=left;spacing=6;spacingLeft=6;" parent="1" vertex="1">
+          <mxGeometry x="270" y="80" width="210" height="240" as="geometry" />
+        </mxCell>
+        <mxCell id="p4UTylEGOL3QZa_F2JF8-2" value="Controller" style="rounded=1;whiteSpace=wrap;html=1;arcSize=9;" parent="1" vertex="1">
+          <mxGeometry x="390" y="140" width="100" height="50" as="geometry" />
+        </mxCell>
+        <mxCell id="p4UTylEGOL3QZa_F2JF8-3" value="Router" style="rounded=1;whiteSpace=wrap;html=1;arcSize=9;" parent="1" vertex="1">
+          <mxGeometry x="390" y="200" width="100" height="50" as="geometry" />
+        </mxCell>
+        <mxCell id="p4UTylEGOL3QZa_F2JF8-4" value="Private Network" style="rounded=1;whiteSpace=wrap;html=1;arcSize=9;verticalAlign=top;align=left;spacing=6;spacingLeft=9;" parent="1" vertex="1">
+          <mxGeometry x="840" y="80" width="290" height="280" as="geometry" />
+        </mxCell>
+        <mxCell id="p4UTylEGOL3QZa_F2JF8-16" value="" style="shape=image;verticalLabelPosition=bottom;verticalAlign=top;imageAspect=0;image=data:image/svg+xml,PHN2ZyB4bWxuczp4bGluaz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94bGluayIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWw6c3BhY2U9InByZXNlcnZlIiBzdHlsZT0iZW5hYmxlLWJhY2tncm91bmQ6bmV3IDAgMCA0NTkuMyAzMTIuODsiIHZpZXdCb3g9IjAgMCA0NTkuMyAzMTIuOCIgeT0iMHB4IiB4PSIwcHgiIGlkPSJMYXllcl8xIiB2ZXJzaW9uPSIxLjEiPiYjeGE7PHN0eWxlIHR5cGU9InRleHQvY3NzIj4mI3hhOwkuc3Qwe2ZpbGw6dXJsKCNTVkdJRF8xXyk7c3Ryb2tlOiMwMjczRkI7c3Ryb2tlLXdpZHRoOjU7c3Ryb2tlLWxpbmVjYXA6cm91bmQ7c3Ryb2tlLWxpbmVqb2luOnJvdW5kO3N0cm9rZS1taXRlcmxpbWl0OjEwO30mI3hhOzwvc3R5bGU+JiN4YTs8bGluZWFyR3JhZGllbnQgeTI9IjMwNy43OTMyIiB4Mj0iMjI5LjY0NDUiIHkxPSIxMy43MDQ5IiB4MT0iMjI5LjY0NDUiIGdyYWRpZW50VW5pdHM9InVzZXJTcGFjZU9uVXNlIiBpZD0iU1ZHSURfMV8iPiYjeGE7CTxzdG9wIHN0eWxlPSJzdG9wLWNvbG9yOiNGRkZGRkYiIG9mZnNldD0iNC4zMDY4OTFlLTAzIi8+JiN4YTsJPHN0b3Agc3R5bGU9InN0b3AtY29sb3I6I0ZBRkJGQiIgb2Zmc2V0PSIwLjUwODUiLz4mI3hhOwk8c3RvcCBzdHlsZT0ic3RvcC1jb2xvcjojRjBGM0Y1IiBvZmZzZXQ9IjAuOTM1NSIvPiYjeGE7PC9saW5lYXJHcmFkaWVudD4mI3hhOzxwYXRoIGQ9Ik00NTYuOCwyMjAuNGMwLjIsNDkuNC0zOS43LDg5LjctODkuMSw4OS45Yy0wLjEsMC0wLjEsMC0wLjIsMEg5MS42Yy00OS42LTAuNC04OS41LTQxLTg5LjEtOTAuNiYjMTA7JiM5O2MwLjQtNDMuNywzMi4xLTgwLjgsNzUuMi04Ny45Yy01LjUtMzAuOSwxNS4xLTYwLjMsNDYtNjUuOGMzLjItMC42LDYuNS0wLjksOS44LTAuOWMxMy4xLDAuMiwyNS42LDUsMzUuNSwxMy41JiMxMDsmIzk7YzE3LjYtNDAuNCw0MC40LTc2LjEsMTAzLjItNzYuMWM3Ni41LDAsMTEyLjksNTkuNiwxMTIuOSwxMjIuMnY3LjljNDEuNiw4LjcsNzEuNCw0NS41LDcxLjMsODguMSIgY2xhc3M9InN0MCIvPiYjeGE7PC9zdmc+;imageBorder=none;fillOpacity=100;strokeOpacity=100;labelBorderColor=none;fontColor=#924949;fontFamily=Open Sans;fontSource=https%3A%2F%2Ffonts.googleapis.com%2Fcss%3Ffamily%3DOpen%2BSans;rounded=1;" parent="1" vertex="1">
+          <mxGeometry x="520" y="130" width="274.18" height="150" as="geometry" />
+        </mxCell>
+        <mxCell id="p4UTylEGOL3QZa_F2JF8-17" value="&lt;font style=&quot;font-size: 47px;&quot;&gt;Network&lt;/font&gt;" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;fontColor=#4D4D4D;fontFamily=Open Sans;fontSource=https%3A%2F%2Ffonts.googleapis.com%2Fcss%3Ffamily%3DOpen%2BSans;fontSize=47;fontStyle=1;rounded=1;" parent="1" vertex="1">
+          <mxGeometry x="560.0037500000001" y="489.9951292526846" width="210" height="70" as="geometry" />
+        </mxCell>
+        <mxCell id="p4UTylEGOL3QZa_F2JF8-18" value="&lt;span style=&quot;font-family: &amp;quot;Open Sans&amp;quot;; font-size: 22px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 700; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; float: none; display: inline !important;&quot;&gt;zero trust connection&lt;/span&gt;" style="text;whiteSpace=wrap;html=1;fontSize=22;fontFamily=Open Sans;fontColor=#464d4d;fillColor=none;rounded=1;align=center;" parent="1" vertex="1">
+          <mxGeometry x="560.6" y="440" width="239.4" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="p4UTylEGOL3QZa_F2JF8-19" value="" style="group;fontFamily=Open Sans;fontSource=https%3A%2F%2Ffonts.googleapis.com%2Fcss%3Ffamily%3DOpen%2BSans;labelBackgroundColor=#E0E0E0;rounded=1;" parent="1" connectable="0" vertex="1">
+          <mxGeometry x="800" y="430" width="60" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="p4UTylEGOL3QZa_F2JF8-20" value="" style="rounded=1;whiteSpace=wrap;html=1;fontFamily=Open Sans;fontSource=https%3A%2F%2Ffonts.googleapis.com%2Fcss%3Ffamily%3DOpen%2BSans;fillColor=#E6E6E6;strokeColor=#4F4F4F;" parent="p4UTylEGOL3QZa_F2JF8-19" vertex="1">
+          <mxGeometry width="60" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="p4UTylEGOL3QZa_F2JF8-21" value="" style="shape=image;verticalLabelPosition=bottom;labelBackgroundColor=#fbfbfb;verticalAlign=top;aspect=fixed;imageAspect=0;image=data:image/svg+xml,PHN2ZyB4bWxuczp4bGluaz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94bGluayIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWw6c3BhY2U9InByZXNlcnZlIiBzdHlsZT0iZW5hYmxlLWJhY2tncm91bmQ6bmV3IDAgMCAzMDAgMzAwOyIgdmlld0JveD0iMCAwIDMwMCAzMDAiIHk9IjBweCIgeD0iMHB4IiBpZD0iTGF5ZXJfMSIgdmVyc2lvbj0iMS4xIj4mI3hhOzxzdHlsZSB0eXBlPSJ0ZXh0L2NzcyI+JiN4YTsJLnN0MHtmaWxsOnVybCgjU1ZHSURfMV8pO30mI3hhOwkuc3Qxe2ZpbGw6dXJsKCNTVkdJRF8wMDAwMDA3NDQ0MzE0MTY3MzU3OTYwOTU3MDAwMDAwMzAyMTc0ODkwNzQwNDY0NzYxMl8pO30mI3hhOwkuc3Qye2ZpbGw6dXJsKCNTVkdJRF8wMDAwMDA5ODkwMjgzNjQyMDI0NzM4MDEyMDAwMDAxMDI5OTUwNjI3NTE3NDQzMDM3NF8pO30mI3hhOwkuc3Qze2ZpbGw6dXJsKCNTVkdJRF8wMDAwMDA3MTUyOTU5MjEyODYxNzA3NDM4MDAwMDAxNDY5OTkwMDc4OTExODEzMjkwNl8pO30mI3hhOwkuc3Q0e2ZpbGw6dXJsKCNTVkdJRF8wMDAwMDE0NjQ1OTkxNDIwNTgxOTg5Njk0MDAwMDAwNzQxMjYwNjMzOTIzNTk1NTA3NV8pO30mI3hhOwkuc3Q1e2ZpbGw6dXJsKCNTVkdJRF8wMDAwMDEyNjMyNDUyOTU0ODQyNDI5MDIzMDAwMDAxMzI5ODQ2NDg2MTM3MzIxMDUyMl8pO30mI3hhOwkuc3Q2e2ZpbGw6dXJsKCNTVkdJRF8wMDAwMDEzMjc5MDI0MDI4ODU0NTcyODYxMDAwMDAwNzQ2NDc1MDUyMTM2MDA4NTQxNl8pO30mI3hhOzwvc3R5bGU+JiN4YTs8Zz4mI3hhOwk8Zz4mI3hhOwkJJiN4YTsJCQk8bGluZWFyR3JhZGllbnQgZ3JhZGllbnRUcmFuc2Zvcm09Im1hdHJpeCgxIDAgMCAxIDAgLTU0MikiIHkyPSI3MDguNTAwMSIgeDI9IjE1Ny4zIiB5MT0iNzA4LjUwMDEiIHgxPSIxNTcuMyIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiIGlkPSJTVkdJRF8xXyI+JiN4YTsJCQk8c3RvcCBzdHlsZT0ic3RvcC1jb2xvcjojRkMwMTQ3IiBvZmZzZXQ9IjQuMzA2ODkxZS0wMyIvPiYjeGE7CQkJPHN0b3Agc3R5bGU9InN0b3AtY29sb3I6I0Y0MDQ0RCIgb2Zmc2V0PSIzLjkxODI2OWUtMDIiLz4mI3hhOwkJCTxzdG9wIHN0eWxlPSJzdG9wLWNvbG9yOiMwMDY4RjkiIG9mZnNldD0iMC45Ii8+JiN4YTsJCTwvbGluZWFyR3JhZGllbnQ+JiN4YTsJCTxwYXRoIGQ9Ik0xNTcuMywxNjYuNSIgY2xhc3M9InN0MCIvPiYjeGE7CTwvZz4mI3hhOzwvZz4mI3hhOzxnPiYjeGE7CSYjeGE7CQk8bGluZWFyR3JhZGllbnQgZ3JhZGllbnRUcmFuc2Zvcm09Im1hdHJpeCgxIDAgMCAxIDAgLTU0MikiIHkyPSI2NTEuNDY3IiB4Mj0iMTEyLjQxNjkiIHkxPSI3NTcuMDI1IiB4MT0iMjE3Ljk3NSIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiIGlkPSJTVkdJRF8wMDAwMDA3Mjk2ODQwODMxODc2NDMzNDAyMDAwMDAwNzk0OTIxMzQzNzMzNzU5NTA1N18iPiYjeGE7CQk8c3RvcCBzdHlsZT0ic3RvcC1jb2xvcjojRkMwMTQ3IiBvZmZzZXQ9IjQuMzA2ODkxZS0wMyIvPiYjeGE7CQk8c3RvcCBzdHlsZT0ic3RvcC1jb2xvcjojRjQwNDREIiBvZmZzZXQ9IjMuOTE4MjY5ZS0wMiIvPiYjeGE7CQk8c3RvcCBzdHlsZT0ic3RvcC1jb2xvcjojMDA2OEY5IiBvZmZzZXQ9IjAuOSIvPiYjeGE7CTwvbGluZWFyR3JhZGllbnQ+JiN4YTsJPHBhdGggZD0iTTE3OC40LDE1NGMxLjItMy42LDEuMi03LjEsMS4yLTEzLjF2LTcuMSYjMTA7JiM5OyYjOTtjMC02LDAtOS41LTMuNi0xMy4xYy0zLjYtMi40LTcuMS0zLjYtMTMuMS0zLjZoLTM1Ljd2NTkuNWgxNi43di0xNy45aDExLjlsOS41LDE3LjloMTUuNWwtMTAuNy0xNy45JiMxMDsmIzk7JiM5O0MxNzMuNiwxNTcuNSwxNzYsMTU3LjUsMTc4LjQsMTU0eiBNMTY1LjMsMTM4LjVjMCwzLjYtMS4yLDcuMS00LjgsNy4xaC0xNi43di0xNy45aDE1LjVjMy42LDAsNiwyLjQsNiw2VjEzOC41eiIgc3R5bGU9ImZpbGw6dXJsKCNTVkdJRF8wMDAwMDA3Mjk2ODQwODMxODc2NDMzNDAyMDAwMDAwNzk0OTIxMzQzNzMzNzU5NTA1N18pOyIvPiYjeGE7CSYjeGE7CQk8bGluZWFyR3JhZGllbnQgZ3JhZGllbnRUcmFuc2Zvcm09Im1hdHJpeCgxIDAgMCAxIDAgLTU0MikiIHkyPSI2NTEuNDQyIiB4Mj0iMTEyLjQ0MTkiIHkxPSI3NTcuMDAwMSIgeDE9IjIxOCIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiIGlkPSJTVkdJRF8wMDAwMDA3ODc1NzI4MDg2OTg2NTU3NzE3MDAwMDAwNTcxMzc0MTcxMzcwMDU5Nzk0N18iPiYjeGE7CQk8c3RvcCBzdHlsZT0ic3RvcC1jb2xvcjojRkMwMTQ3IiBvZmZzZXQ9IjQuMzA2ODkxZS0wMyIvPiYjeGE7CQk8c3RvcCBzdHlsZT0ic3RvcC1jb2xvcjojRjQwNDREIiBvZmZzZXQ9IjMuOTE4MjY5ZS0wMiIvPiYjeGE7CQk8c3RvcCBzdHlsZT0ic3RvcC1jb2xvcjojMDA2OEY5IiBvZmZzZXQ9IjAuOSIvPiYjeGE7CTwvbGluZWFyR3JhZGllbnQ+JiN4YTsJPHBhdGggZD0iTTIxMi41LDE0OGMwLTMzLjktMjcuNi02MS41LTYxLjUtNjEuNSYjMTA7JiM5OyYjOTtTODkuNSwxMTQuMSw4OS41LDE0OHMyNy42LDYxLjUsNjEuNSw2MS41UzIxMi41LDE4MS45LDIxMi41LDE0OHogTTE1MSwyMDAuOGMtMjkuMSwwLTUyLjgtMjMuNy01Mi44LTUyLjhzMjMuNy01Mi44LDUyLjgtNTIuOCYjMTA7JiM5OyYjOTtzNTIuOCwyMy43LDUyLjgsNTIuOFMxODAuMSwyMDAuOCwxNTEsMjAwLjh6IiBzdHlsZT0iZmlsbDp1cmwoI1NWR0lEXzAwMDAwMDc4NzU3MjgwODY5ODY1NTc3MTcwMDAwMDA1NzEzNzQxNzEzNzAwNTk3OTQ3Xyk7Ii8+JiN4YTsJJiN4YTsJCTxsaW5lYXJHcmFkaWVudCBncmFkaWVudFRyYW5zZm9ybT0ibWF0cml4KDEgMCAwIDEgMCAtNTQyKSIgeTI9IjU5NC41Mjg2IiB4Mj0iMTY5LjM1NTIiIHkxPSI3MDAuMDg2NyIgeDE9IjI3NC45MTMyIiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSIgaWQ9IlNWR0lEXzAwMDAwMTI4NDc0ODM1MTg2ODIyMzQxMzIwMDAwMDA5NDM5MjIwNzMzMzM4NzE4ODYzXyI+JiN4YTsJCTxzdG9wIHN0eWxlPSJzdG9wLWNvbG9yOiNGQzAxNDciIG9mZnNldD0iNC4zMDY4OTFlLTAzIi8+JiN4YTsJCTxzdG9wIHN0eWxlPSJzdG9wLWNvbG9yOiNGNDA0NEQiIG9mZnNldD0iMy45MTgyNjllLTAyIi8+JiN4YTsJCTxzdG9wIHN0eWxlPSJzdG9wLWNvbG9yOiMwMDY4RjkiIG9mZnNldD0iMC45Ii8+JiN4YTsJPC9saW5lYXJHcmFkaWVudD4mI3hhOwk8cGF0aCBkPSJNMTU2LjcsNzguNWMzMy42LDIuMiw2MS42LDMwLjMsNjMuOCw2My44JiMxMDsmIzk7JiM5O2MwLjIsMi4zLDIuMSw0LDQuMyw0YzAuMSwwLDAuMiwwLDAuMywwYzIuNC0wLjIsNC4yLTIuMiw0LTQuNmMtMS44LTI3LjEtMTguNS01MS00MS43LTYzLjNoMjdsLTMuMywzLjNjLTEuNywxLjctMS43LDQuNCwwLDYuMSYjMTA7JiM5OyYjOTtjMC44LDAuOCwyLDEuMywzLjEsMS4zczIuMi0wLjQsMy4xLTEuM0wyMjgsNzcuMWMxLjctMS43LDEuNy00LjQsMC02LjFsLTEwLjctMTAuN2MtMS43LTEuNy00LjQtMS43LTYuMSwwcy0xLjcsNC40LDAsNi4xbDMuMywzLjMmIzEwOyYjOTsmIzk7SDE1N2MtMi4zLDAtNC4zLDEuOS00LjMsNC4yQzE1Mi41LDc2LjQsMTU0LjMsNzguMywxNTYuNyw3OC41eiIgc3R5bGU9ImZpbGw6dXJsKCNTVkdJRF8wMDAwMDEyODQ3NDgzNTE4NjgyMjM0MTMyMDAwMDAwOTQzOTIyMDczMzMzODcxODg2M18pOyIvPiYjeGE7CSYjeGE7CQk8bGluZWFyR3JhZGllbnQgZ3JhZGllbnRUcmFuc2Zvcm09Im1hdHJpeCgxIDAgMCAxIDAgLTU0MikiIHkyPSI2NTEuNDgyNyIgeDI9IjExMi40MDExIiB5MT0iNzU3LjA0MDgiIHgxPSIyMTcuOTU5MiIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiIGlkPSJTVkdJRF8wMDAwMDA3MTUzODg4MTI5ODUwODMxNjgzMDAwMDAxMjMyMjUwNjI3NjQ0NDYzODA5Nl8iPiYjeGE7CQk8c3RvcCBzdHlsZT0ic3RvcC1jb2xvcjojRkMwMTQ3IiBvZmZzZXQ9IjQuMzA2ODkxZS0wMyIvPiYjeGE7CQk8c3RvcCBzdHlsZT0ic3RvcC1jb2xvcjojRjQwNDREIiBvZmZzZXQ9IjMuOTE4MjY5ZS0wMiIvPiYjeGE7CQk8c3RvcCBzdHlsZT0ic3RvcC1jb2xvcjojMDA2OEY5IiBvZmZzZXQ9IjAuOSIvPiYjeGE7CTwvbGluZWFyR3JhZGllbnQ+JiN4YTsJPHBhdGggZD0iTTcyLjgsMTQyYzAsMi4zLDEuOSw0LjMsNC4yLDQuM2gwLjEmIzEwOyYjOTsmIzk7YzIuMywwLDQuMi0xLjgsNC4zLTRjMi4yLTMzLjYsMzAuMy02MS42LDYzLjgtNjMuOGMyLjQtMC4yLDQuMi0yLjIsNC00LjZzLTIuMi00LjItNC42LTRjLTI3LjEsMS44LTUxLDE4LjUtNjMuMyw0MS43di0yN2wzLjMsMy4zJiMxMDsmIzk7JiM5O2MwLjgsMC44LDIsMS4zLDMuMSwxLjNzMi4yLTAuNCwzLjEtMS4zYzEuNy0xLjcsMS43LTQuNCwwLTYuMUw4MC4yLDcxLjFjLTEuNy0xLjctNC40LTEuNy02LjEsMEw2My40LDgxLjhjLTEuNywxLjctMS43LDQuNCwwLDYuMSYjMTA7JiM5OyYjOTtjMS43LDEuNyw0LjQsMS43LDYuMSwwbDMuMy0zLjNWMTQyeiIgc3R5bGU9ImZpbGw6dXJsKCNTVkdJRF8wMDAwMDA3MTUzODg4MTI5ODUwODMxNjgzMDAwMDAxMjMyMjUwNjI3NjQ0NDYzODA5Nl8pOyIvPiYjeGE7CSYjeGE7CQk8bGluZWFyR3JhZGllbnQgZ3JhZGllbnRUcmFuc2Zvcm09Im1hdHJpeCgxIDAgMCAxIDAgLTU0MikiIHkyPSI3MDguMzMwMyIgeDI9IjU1LjU1MzYiIHkxPSI4MTMuODg4MiIgeDE9IjE2MS4xMTE4IiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSIgaWQ9IlNWR0lEXzAwMDAwMDMzMzQ2MTMxNjU2MDEzMzg3ODIwMDAwMDE1NDY1ODY4MzY1ODI4MjY5OTc1XyI+JiN4YTsJCTxzdG9wIHN0eWxlPSJzdG9wLWNvbG9yOiNGQzAxNDciIG9mZnNldD0iNC4zMDY4OTFlLTAzIi8+JiN4YTsJCTxzdG9wIHN0eWxlPSJzdG9wLWNvbG9yOiNGNDA0NEQiIG9mZnNldD0iMy45MTgyNjllLTAyIi8+JiN4YTsJCTxzdG9wIHN0eWxlPSJzdG9wLWNvbG9yOiMwMDY4RjkiIG9mZnNldD0iMC45Ii8+JiN4YTsJPC9saW5lYXJHcmFkaWVudD4mI3hhOwk8cGF0aCBkPSJNMTQ1LjMsMjE3LjUmIzEwOyYjOTsmIzk7Yy0zMy42LTIuMi02MS42LTMwLjMtNjMuOC02My44Yy0wLjItMi40LTIuMi00LjItNC42LTRzLTQuMiwyLjItNCw0LjZjMS44LDI3LjEsMTguNSw1MSw0MS43LDYzLjNoLTI3bDMuMy0zLjMmIzEwOyYjOTsmIzk7YzEuNy0xLjcsMS43LTQuNCwwLTYuMXMtNC40LTEuNy02LjEsMGwtMTAuNywxMC43Yy0xLjcsMS43LTEuNyw0LjQsMCw2LjFsMTAuNywxMC43YzAuOCwwLjgsMiwxLjMsMy4xLDEuM3MyLjItMC40LDMuMS0xLjMmIzEwOyYjOTsmIzk7YzEuNy0xLjcsMS43LTQuNCwwLTYuMWwtMy4zLTMuM0gxNDVjMi4zLDAsNC4zLTEuOSw0LjMtNC4yQzE0OS41LDIxOS42LDE0Ny43LDIxNy43LDE0NS4zLDIxNy41eiIgc3R5bGU9ImZpbGw6dXJsKCNTVkdJRF8wMDAwMDAzMzM0NjEzMTY1NjAxMzM4NzgyMDAwMDAxNTQ2NTg2ODM2NTgyODI2OTk3NV8pOyIvPiYjeGE7CSYjeGE7CQk8bGluZWFyR3JhZGllbnQgZ3JhZGllbnRUcmFuc2Zvcm09Im1hdHJpeCgxIDAgMCAxIDAgLTU0MikiIHkyPSI2NTEuMzkwMSIgeDI9IjExMi40OTM5IiB5MT0iNzU2Ljk0ODEiIHgxPSIyMTguMDUyIiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSIgaWQ9IlNWR0lEXzAwMDAwMDM0ODA1MDQ5NzA0NDA4ODAxNzcwMDAwMDA0MDUyNDg4ODY4ODkxNzQyNjM2XyI+JiN4YTsJCTxzdG9wIHN0eWxlPSJzdG9wLWNvbG9yOiNGQzAxNDciIG9mZnNldD0iNC4zMDY4OTFlLTAzIi8+JiN4YTsJCTxzdG9wIHN0eWxlPSJzdG9wLWNvbG9yOiNGNDA0NEQiIG9mZnNldD0iMy45MTgyNjllLTAyIi8+JiN4YTsJCTxzdG9wIHN0eWxlPSJzdG9wLWNvbG9yOiMwMDY4RjkiIG9mZnNldD0iMC45Ii8+JiN4YTsJPC9saW5lYXJHcmFkaWVudD4mI3hhOwk8cGF0aCBkPSJNMjM4LjYsMjA4LjFjLTEuNy0xLjctNC40LTEuNy02LjEsMCYjMTA7JiM5OyYjOTtsLTMuMywzLjNWMTU0YzAtMi4zLTEuOS00LjMtNC4yLTQuM2gtMC4xYy0yLjMsMC00LjIsMS44LTQuMyw0Yy0yLjIsMzMuNi0zMC4zLDYxLjYtNjMuOCw2My44Yy0yLjQsMC4yLTQuMiwyLjItNCw0LjYmIzEwOyYjOTsmIzk7YzAuMiwyLjMsMi4xLDQsNC4zLDRjMC4xLDAsMC4yLDAsMC4zLDBjMjcuMS0xLjgsNTEtMTguNSw2My4zLTQxLjd2MjdsLTMuMy0zLjNjLTEuNy0xLjctNC40LTEuNy02LjEsMHMtMS43LDQuNCwwLDYuMWwxMC43LDEwLjcmIzEwOyYjOTsmIzk7YzAuOCwwLjgsMiwxLjMsMy4xLDEuM3MyLjItMC40LDMuMS0xLjNsMTAuNy0xMC43QzI0MC4zLDIxMi41LDI0MC4zLDIwOS43LDIzOC42LDIwOC4xeiIgc3R5bGU9ImZpbGw6dXJsKCNTVkdJRF8wMDAwMDAzNDgwNTA0OTcwNDQwODgwMTc3MDAwMDAwNDA1MjQ4ODg2ODg5MTc0MjYzNl8pOyIvPiYjeGE7PC9nPiYjeGE7PC9zdmc+;clipPath=inset(18.33% 19.33% 20% 19.33%);fontFamily=Open Sans;fontSource=https%3A%2F%2Ffonts.googleapis.com%2Fcss%3Ffamily%3DOpen%2BSans;rounded=1;" parent="p4UTylEGOL3QZa_F2JF8-19" vertex="1">
+          <mxGeometry width="59.67409437657008" height="59.99980761792453" as="geometry" />
+        </mxCell>
+        <mxCell id="p4UTylEGOL3QZa_F2JF8-22" value="" style="group;fontFamily=Open Sans;fontSource=https%3A%2F%2Ffonts.googleapis.com%2Fcss%3Ffamily%3DOpen%2BSans;rounded=1;" parent="1" connectable="0" vertex="1">
+          <mxGeometry x="480" y="430" width="60" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="p4UTylEGOL3QZa_F2JF8-23" value="" style="rounded=1;whiteSpace=wrap;html=1;fontFamily=Open Sans;fontSource=https%3A%2F%2Ffonts.googleapis.com%2Fcss%3Ffamily%3DOpen%2BSans;fillColor=#E6E6E6;strokeColor=#4F4F4F;" parent="p4UTylEGOL3QZa_F2JF8-22" vertex="1">
+          <mxGeometry width="60" height="59.99999999999999" as="geometry" />
+        </mxCell>
+        <mxCell id="p4UTylEGOL3QZa_F2JF8-24" value="" style="shape=image;verticalLabelPosition=bottom;labelBackgroundColor=#E0E0E0;verticalAlign=top;aspect=fixed;imageAspect=0;image=data:image/svg+xml,PHN2ZyB4bWxuczp4bGluaz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94bGluayIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWw6c3BhY2U9InByZXNlcnZlIiBzdHlsZT0iZW5hYmxlLWJhY2tncm91bmQ6bmV3IDAgMCAzMDAgMzAwOyIgdmlld0JveD0iMCAwIDMwMCAzMDAiIHk9IjBweCIgeD0iMHB4IiBpZD0iTGF5ZXJfMSIgdmVyc2lvbj0iMS4xIj4mI3hhOzxzdHlsZSB0eXBlPSJ0ZXh0L2NzcyI+JiN4YTsJLnN0MHtmaWxsOnVybCgjU1ZHSURfMV8pO30mI3hhOwkuc3Qxe2ZpbGw6dXJsKCNTVkdJRF8wMDAwMDA3NDQ0MzE0MTY3MzU3OTYwOTU3MDAwMDAwMzAyMTc0ODkwNzQwNDY0NzYxMl8pO30mI3hhOwkuc3Qye2ZpbGw6dXJsKCNTVkdJRF8wMDAwMDA5ODkwMjgzNjQyMDI0NzM4MDEyMDAwMDAxMDI5OTUwNjI3NTE3NDQzMDM3NF8pO30mI3hhOwkuc3Qze2ZpbGw6dXJsKCNTVkdJRF8wMDAwMDA3MTUyOTU5MjEyODYxNzA3NDM4MDAwMDAxNDY5OTkwMDc4OTExODEzMjkwNl8pO30mI3hhOwkuc3Q0e2ZpbGw6dXJsKCNTVkdJRF8wMDAwMDE0NjQ1OTkxNDIwNTgxOTg5Njk0MDAwMDAwNzQxMjYwNjMzOTIzNTk1NTA3NV8pO30mI3hhOwkuc3Q1e2ZpbGw6dXJsKCNTVkdJRF8wMDAwMDEyNjMyNDUyOTU0ODQyNDI5MDIzMDAwMDAxMzI5ODQ2NDg2MTM3MzIxMDUyMl8pO30mI3hhOwkuc3Q2e2ZpbGw6dXJsKCNTVkdJRF8wMDAwMDEzMjc5MDI0MDI4ODU0NTcyODYxMDAwMDAwNzQ2NDc1MDUyMTM2MDA4NTQxNl8pO30mI3hhOzwvc3R5bGU+JiN4YTs8Zz4mI3hhOwk8Zz4mI3hhOwkJJiN4YTsJCQk8bGluZWFyR3JhZGllbnQgZ3JhZGllbnRUcmFuc2Zvcm09Im1hdHJpeCgxIDAgMCAxIDAgLTU0MikiIHkyPSI3MDguNTAwMSIgeDI9IjE1Ny4zIiB5MT0iNzA4LjUwMDEiIHgxPSIxNTcuMyIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiIGlkPSJTVkdJRF8xXyI+JiN4YTsJCQk8c3RvcCBzdHlsZT0ic3RvcC1jb2xvcjojRkMwMTQ3IiBvZmZzZXQ9IjQuMzA2ODkxZS0wMyIvPiYjeGE7CQkJPHN0b3Agc3R5bGU9InN0b3AtY29sb3I6I0Y0MDQ0RCIgb2Zmc2V0PSIzLjkxODI2OWUtMDIiLz4mI3hhOwkJCTxzdG9wIHN0eWxlPSJzdG9wLWNvbG9yOiMwMDY4RjkiIG9mZnNldD0iMC45Ii8+JiN4YTsJCTwvbGluZWFyR3JhZGllbnQ+JiN4YTsJCTxwYXRoIGQ9Ik0xNTcuMywxNjYuNSIgY2xhc3M9InN0MCIvPiYjeGE7CTwvZz4mI3hhOzwvZz4mI3hhOzxnPiYjeGE7CSYjeGE7CQk8bGluZWFyR3JhZGllbnQgZ3JhZGllbnRUcmFuc2Zvcm09Im1hdHJpeCgxIDAgMCAxIDAgLTU0MikiIHkyPSI2NTEuNDY3IiB4Mj0iMTEyLjQxNjkiIHkxPSI3NTcuMDI1IiB4MT0iMjE3Ljk3NSIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiIGlkPSJTVkdJRF8wMDAwMDA3Mjk2ODQwODMxODc2NDMzNDAyMDAwMDAwNzk0OTIxMzQzNzMzNzU5NTA1N18iPiYjeGE7CQk8c3RvcCBzdHlsZT0ic3RvcC1jb2xvcjojRkMwMTQ3IiBvZmZzZXQ9IjQuMzA2ODkxZS0wMyIvPiYjeGE7CQk8c3RvcCBzdHlsZT0ic3RvcC1jb2xvcjojRjQwNDREIiBvZmZzZXQ9IjMuOTE4MjY5ZS0wMiIvPiYjeGE7CQk8c3RvcCBzdHlsZT0ic3RvcC1jb2xvcjojMDA2OEY5IiBvZmZzZXQ9IjAuOSIvPiYjeGE7CTwvbGluZWFyR3JhZGllbnQ+JiN4YTsJPHBhdGggZD0iTTE3OC40LDE1NGMxLjItMy42LDEuMi03LjEsMS4yLTEzLjF2LTcuMSYjMTA7JiM5OyYjOTtjMC02LDAtOS41LTMuNi0xMy4xYy0zLjYtMi40LTcuMS0zLjYtMTMuMS0zLjZoLTM1Ljd2NTkuNWgxNi43di0xNy45aDExLjlsOS41LDE3LjloMTUuNWwtMTAuNy0xNy45JiMxMDsmIzk7JiM5O0MxNzMuNiwxNTcuNSwxNzYsMTU3LjUsMTc4LjQsMTU0eiBNMTY1LjMsMTM4LjVjMCwzLjYtMS4yLDcuMS00LjgsNy4xaC0xNi43di0xNy45aDE1LjVjMy42LDAsNiwyLjQsNiw2VjEzOC41eiIgc3R5bGU9ImZpbGw6dXJsKCNTVkdJRF8wMDAwMDA3Mjk2ODQwODMxODc2NDMzNDAyMDAwMDAwNzk0OTIxMzQzNzMzNzU5NTA1N18pOyIvPiYjeGE7CSYjeGE7CQk8bGluZWFyR3JhZGllbnQgZ3JhZGllbnRUcmFuc2Zvcm09Im1hdHJpeCgxIDAgMCAxIDAgLTU0MikiIHkyPSI2NTEuNDQyIiB4Mj0iMTEyLjQ0MTkiIHkxPSI3NTcuMDAwMSIgeDE9IjIxOCIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiIGlkPSJTVkdJRF8wMDAwMDA3ODc1NzI4MDg2OTg2NTU3NzE3MDAwMDAwNTcxMzc0MTcxMzcwMDU5Nzk0N18iPiYjeGE7CQk8c3RvcCBzdHlsZT0ic3RvcC1jb2xvcjojRkMwMTQ3IiBvZmZzZXQ9IjQuMzA2ODkxZS0wMyIvPiYjeGE7CQk8c3RvcCBzdHlsZT0ic3RvcC1jb2xvcjojRjQwNDREIiBvZmZzZXQ9IjMuOTE4MjY5ZS0wMiIvPiYjeGE7CQk8c3RvcCBzdHlsZT0ic3RvcC1jb2xvcjojMDA2OEY5IiBvZmZzZXQ9IjAuOSIvPiYjeGE7CTwvbGluZWFyR3JhZGllbnQ+JiN4YTsJPHBhdGggZD0iTTIxMi41LDE0OGMwLTMzLjktMjcuNi02MS41LTYxLjUtNjEuNSYjMTA7JiM5OyYjOTtTODkuNSwxMTQuMSw4OS41LDE0OHMyNy42LDYxLjUsNjEuNSw2MS41UzIxMi41LDE4MS45LDIxMi41LDE0OHogTTE1MSwyMDAuOGMtMjkuMSwwLTUyLjgtMjMuNy01Mi44LTUyLjhzMjMuNy01Mi44LDUyLjgtNTIuOCYjMTA7JiM5OyYjOTtzNTIuOCwyMy43LDUyLjgsNTIuOFMxODAuMSwyMDAuOCwxNTEsMjAwLjh6IiBzdHlsZT0iZmlsbDp1cmwoI1NWR0lEXzAwMDAwMDc4NzU3MjgwODY5ODY1NTc3MTcwMDAwMDA1NzEzNzQxNzEzNzAwNTk3OTQ3Xyk7Ii8+JiN4YTsJJiN4YTsJCTxsaW5lYXJHcmFkaWVudCBncmFkaWVudFRyYW5zZm9ybT0ibWF0cml4KDEgMCAwIDEgMCAtNTQyKSIgeTI9IjU5NC41Mjg2IiB4Mj0iMTY5LjM1NTIiIHkxPSI3MDAuMDg2NyIgeDE9IjI3NC45MTMyIiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSIgaWQ9IlNWR0lEXzAwMDAwMTI4NDc0ODM1MTg2ODIyMzQxMzIwMDAwMDA5NDM5MjIwNzMzMzM4NzE4ODYzXyI+JiN4YTsJCTxzdG9wIHN0eWxlPSJzdG9wLWNvbG9yOiNGQzAxNDciIG9mZnNldD0iNC4zMDY4OTFlLTAzIi8+JiN4YTsJCTxzdG9wIHN0eWxlPSJzdG9wLWNvbG9yOiNGNDA0NEQiIG9mZnNldD0iMy45MTgyNjllLTAyIi8+JiN4YTsJCTxzdG9wIHN0eWxlPSJzdG9wLWNvbG9yOiMwMDY4RjkiIG9mZnNldD0iMC45Ii8+JiN4YTsJPC9saW5lYXJHcmFkaWVudD4mI3hhOwk8cGF0aCBkPSJNMTU2LjcsNzguNWMzMy42LDIuMiw2MS42LDMwLjMsNjMuOCw2My44JiMxMDsmIzk7JiM5O2MwLjIsMi4zLDIuMSw0LDQuMyw0YzAuMSwwLDAuMiwwLDAuMywwYzIuNC0wLjIsNC4yLTIuMiw0LTQuNmMtMS44LTI3LjEtMTguNS01MS00MS43LTYzLjNoMjdsLTMuMywzLjNjLTEuNywxLjctMS43LDQuNCwwLDYuMSYjMTA7JiM5OyYjOTtjMC44LDAuOCwyLDEuMywzLjEsMS4zczIuMi0wLjQsMy4xLTEuM0wyMjgsNzcuMWMxLjctMS43LDEuNy00LjQsMC02LjFsLTEwLjctMTAuN2MtMS43LTEuNy00LjQtMS43LTYuMSwwcy0xLjcsNC40LDAsNi4xbDMuMywzLjMmIzEwOyYjOTsmIzk7SDE1N2MtMi4zLDAtNC4zLDEuOS00LjMsNC4yQzE1Mi41LDc2LjQsMTU0LjMsNzguMywxNTYuNyw3OC41eiIgc3R5bGU9ImZpbGw6dXJsKCNTVkdJRF8wMDAwMDEyODQ3NDgzNTE4NjgyMjM0MTMyMDAwMDAwOTQzOTIyMDczMzMzODcxODg2M18pOyIvPiYjeGE7CSYjeGE7CQk8bGluZWFyR3JhZGllbnQgZ3JhZGllbnRUcmFuc2Zvcm09Im1hdHJpeCgxIDAgMCAxIDAgLTU0MikiIHkyPSI2NTEuNDgyNyIgeDI9IjExMi40MDExIiB5MT0iNzU3LjA0MDgiIHgxPSIyMTcuOTU5MiIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiIGlkPSJTVkdJRF8wMDAwMDA3MTUzODg4MTI5ODUwODMxNjgzMDAwMDAxMjMyMjUwNjI3NjQ0NDYzODA5Nl8iPiYjeGE7CQk8c3RvcCBzdHlsZT0ic3RvcC1jb2xvcjojRkMwMTQ3IiBvZmZzZXQ9IjQuMzA2ODkxZS0wMyIvPiYjeGE7CQk8c3RvcCBzdHlsZT0ic3RvcC1jb2xvcjojRjQwNDREIiBvZmZzZXQ9IjMuOTE4MjY5ZS0wMiIvPiYjeGE7CQk8c3RvcCBzdHlsZT0ic3RvcC1jb2xvcjojMDA2OEY5IiBvZmZzZXQ9IjAuOSIvPiYjeGE7CTwvbGluZWFyR3JhZGllbnQ+JiN4YTsJPHBhdGggZD0iTTcyLjgsMTQyYzAsMi4zLDEuOSw0LjMsNC4yLDQuM2gwLjEmIzEwOyYjOTsmIzk7YzIuMywwLDQuMi0xLjgsNC4zLTRjMi4yLTMzLjYsMzAuMy02MS42LDYzLjgtNjMuOGMyLjQtMC4yLDQuMi0yLjIsNC00LjZzLTIuMi00LjItNC42LTRjLTI3LjEsMS44LTUxLDE4LjUtNjMuMyw0MS43di0yN2wzLjMsMy4zJiMxMDsmIzk7JiM5O2MwLjgsMC44LDIsMS4zLDMuMSwxLjNzMi4yLTAuNCwzLjEtMS4zYzEuNy0xLjcsMS43LTQuNCwwLTYuMUw4MC4yLDcxLjFjLTEuNy0xLjctNC40LTEuNy02LjEsMEw2My40LDgxLjhjLTEuNywxLjctMS43LDQuNCwwLDYuMSYjMTA7JiM5OyYjOTtjMS43LDEuNyw0LjQsMS43LDYuMSwwbDMuMy0zLjNWMTQyeiIgc3R5bGU9ImZpbGw6dXJsKCNTVkdJRF8wMDAwMDA3MTUzODg4MTI5ODUwODMxNjgzMDAwMDAxMjMyMjUwNjI3NjQ0NDYzODA5Nl8pOyIvPiYjeGE7CSYjeGE7CQk8bGluZWFyR3JhZGllbnQgZ3JhZGllbnRUcmFuc2Zvcm09Im1hdHJpeCgxIDAgMCAxIDAgLTU0MikiIHkyPSI3MDguMzMwMyIgeDI9IjU1LjU1MzYiIHkxPSI4MTMuODg4MiIgeDE9IjE2MS4xMTE4IiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSIgaWQ9IlNWR0lEXzAwMDAwMDMzMzQ2MTMxNjU2MDEzMzg3ODIwMDAwMDE1NDY1ODY4MzY1ODI4MjY5OTc1XyI+JiN4YTsJCTxzdG9wIHN0eWxlPSJzdG9wLWNvbG9yOiNGQzAxNDciIG9mZnNldD0iNC4zMDY4OTFlLTAzIi8+JiN4YTsJCTxzdG9wIHN0eWxlPSJzdG9wLWNvbG9yOiNGNDA0NEQiIG9mZnNldD0iMy45MTgyNjllLTAyIi8+JiN4YTsJCTxzdG9wIHN0eWxlPSJzdG9wLWNvbG9yOiMwMDY4RjkiIG9mZnNldD0iMC45Ii8+JiN4YTsJPC9saW5lYXJHcmFkaWVudD4mI3hhOwk8cGF0aCBkPSJNMTQ1LjMsMjE3LjUmIzEwOyYjOTsmIzk7Yy0zMy42LTIuMi02MS42LTMwLjMtNjMuOC02My44Yy0wLjItMi40LTIuMi00LjItNC42LTRzLTQuMiwyLjItNCw0LjZjMS44LDI3LjEsMTguNSw1MSw0MS43LDYzLjNoLTI3bDMuMy0zLjMmIzEwOyYjOTsmIzk7YzEuNy0xLjcsMS43LTQuNCwwLTYuMXMtNC40LTEuNy02LjEsMGwtMTAuNywxMC43Yy0xLjcsMS43LTEuNyw0LjQsMCw2LjFsMTAuNywxMC43YzAuOCwwLjgsMiwxLjMsMy4xLDEuM3MyLjItMC40LDMuMS0xLjMmIzEwOyYjOTsmIzk7YzEuNy0xLjcsMS43LTQuNCwwLTYuMWwtMy4zLTMuM0gxNDVjMi4zLDAsNC4zLTEuOSw0LjMtNC4yQzE0OS41LDIxOS42LDE0Ny43LDIxNy43LDE0NS4zLDIxNy41eiIgc3R5bGU9ImZpbGw6dXJsKCNTVkdJRF8wMDAwMDAzMzM0NjEzMTY1NjAxMzM4NzgyMDAwMDAxNTQ2NTg2ODM2NTgyODI2OTk3NV8pOyIvPiYjeGE7CSYjeGE7CQk8bGluZWFyR3JhZGllbnQgZ3JhZGllbnRUcmFuc2Zvcm09Im1hdHJpeCgxIDAgMCAxIDAgLTU0MikiIHkyPSI2NTEuMzkwMSIgeDI9IjExMi40OTM5IiB5MT0iNzU2Ljk0ODEiIHgxPSIyMTguMDUyIiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSIgaWQ9IlNWR0lEXzAwMDAwMDM0ODA1MDQ5NzA0NDA4ODAxNzcwMDAwMDA0MDUyNDg4ODY4ODkxNzQyNjM2XyI+JiN4YTsJCTxzdG9wIHN0eWxlPSJzdG9wLWNvbG9yOiNGQzAxNDciIG9mZnNldD0iNC4zMDY4OTFlLTAzIi8+JiN4YTsJCTxzdG9wIHN0eWxlPSJzdG9wLWNvbG9yOiNGNDA0NEQiIG9mZnNldD0iMy45MTgyNjllLTAyIi8+JiN4YTsJCTxzdG9wIHN0eWxlPSJzdG9wLWNvbG9yOiMwMDY4RjkiIG9mZnNldD0iMC45Ii8+JiN4YTsJPC9saW5lYXJHcmFkaWVudD4mI3hhOwk8cGF0aCBkPSJNMjM4LjYsMjA4LjFjLTEuNy0xLjctNC40LTEuNy02LjEsMCYjMTA7JiM5OyYjOTtsLTMuMywzLjNWMTU0YzAtMi4zLTEuOS00LjMtNC4yLTQuM2gtMC4xYy0yLjMsMC00LjIsMS44LTQuMyw0Yy0yLjIsMzMuNi0zMC4zLDYxLjYtNjMuOCw2My44Yy0yLjQsMC4yLTQuMiwyLjItNCw0LjYmIzEwOyYjOTsmIzk7YzAuMiwyLjMsMi4xLDQsNC4zLDRjMC4xLDAsMC4yLDAsMC4zLDBjMjcuMS0xLjgsNTEtMTguNSw2My4zLTQxLjd2MjdsLTMuMy0zLjNjLTEuNy0xLjctNC40LTEuNy02LjEsMHMtMS43LDQuNCwwLDYuMWwxMC43LDEwLjcmIzEwOyYjOTsmIzk7YzAuOCwwLjgsMiwxLjMsMy4xLDEuM3MyLjItMC40LDMuMS0xLjNsMTAuNy0xMC43QzI0MC4zLDIxMi41LDI0MC4zLDIwOS43LDIzOC42LDIwOC4xeiIgc3R5bGU9ImZpbGw6dXJsKCNTVkdJRF8wMDAwMDAzNDgwNTA0OTcwNDQwODgwMTc3MDAwMDAwNDA1MjQ4ODg2ODg5MTc0MjYzNl8pOyIvPiYjeGE7PC9nPiYjeGE7PC9zdmc+;clipPath=inset(18.33% 19.33% 20% 19.33%);fontFamily=Open Sans;fontSource=https%3A%2F%2Ffonts.googleapis.com%2Fcss%3Ffamily%3DOpen%2BSans;rounded=1;" parent="p4UTylEGOL3QZa_F2JF8-22" vertex="1">
+          <mxGeometry width="59.68266577765835" height="59.99980761792453" as="geometry" />
+        </mxCell>
+        <mxCell id="p4UTylEGOL3QZa_F2JF8-25" value="" style="endArrow=none;html=1;rounded=0;exitX=1;exitY=0.5;exitDx=0;exitDy=0;flowAnimation=1;" parent="1" source="p4UTylEGOL3QZa_F2JF8-2" edge="1">
+          <mxGeometry width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="640" y="220" as="sourcePoint" />
+            <mxPoint x="810" y="290" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="p4UTylEGOL3QZa_F2JF8-5" value="Docker" style="rounded=1;whiteSpace=wrap;html=1;arcSize=6;align=left;verticalAlign=top;spacingTop=2;spacingLeft=8;" parent="1" vertex="1">
+          <mxGeometry x="850" y="120" width="270" height="210" as="geometry" />
+        </mxCell>
+        <mxCell id="p4UTylEGOL3QZa_F2JF8-26" value="" style="endArrow=none;html=1;rounded=0;flowAnimation=1;entryX=0;entryY=0.5;entryDx=0;entryDy=0;" parent="1" target="AkPibfd97T5wqIIckvMn-1" edge="1">
+          <mxGeometry width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="810" y="290" as="sourcePoint" />
+            <mxPoint x="790" y="350" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="p4UTylEGOL3QZa_F2JF8-27" value="" style="endArrow=none;html=1;rounded=0;entryX=0.5;entryY=1;entryDx=0;entryDy=0;flowAnimation=1;exitX=1;exitY=0.5;exitDx=0;exitDy=0;" parent="1" source="AkPibfd97T5wqIIckvMn-1" target="p4UTylEGOL3QZa_F2JF8-15" edge="1">
+          <mxGeometry width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="990" y="302" as="sourcePoint" />
+            <mxPoint x="960" y="390" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="AkPibfd97T5wqIIckvMn-1" value="Router" style="rounded=1;whiteSpace=wrap;html=1;arcSize=9;" parent="1" vertex="1">
+          <mxGeometry x="860" y="270" width="120" height="50" as="geometry" />
+        </mxCell>
+        <mxCell id="p4UTylEGOL3QZa_F2JF8-6" value="Edgex Service 1" style="rounded=1;whiteSpace=wrap;html=1;arcSize=9;align=left;verticalAlign=top;spacingTop=2;spacingLeft=8;" parent="1" vertex="1">
+          <mxGeometry x="860" y="150" width="120" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="p4UTylEGOL3QZa_F2JF8-7" value="Edgex Service 2" style="rounded=1;whiteSpace=wrap;html=1;arcSize=9;align=left;verticalAlign=top;spacingTop=2;spacingLeft=8;" parent="1" vertex="1">
+          <mxGeometry x="860" y="190" width="120" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="p4UTylEGOL3QZa_F2JF8-8" value="Edgex Service 3" style="rounded=1;whiteSpace=wrap;html=1;arcSize=9;align=left;verticalAlign=top;spacingTop=2;spacingLeft=8;" parent="1" vertex="1">
+          <mxGeometry x="860" y="230" width="120" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="p4UTylEGOL3QZa_F2JF8-15" value="Vault" style="rounded=1;whiteSpace=wrap;html=1;arcSize=9;align=left;verticalAlign=top;spacingTop=2;spacingLeft=8;" parent="1" vertex="1">
+          <mxGeometry x="990" y="150" width="120" height="30" as="geometry" />
+        </mxCell>
+      </root>
+    </mxGraphModel>
+  </diagram>
+  <diagram name="external-openziti-overlay" id="DHFsvudolL71fY8xKWDX">
+    <mxGraphModel dx="2074" dy="1104" grid="1" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="1" pageScale="1" pageWidth="1920" pageHeight="1200" math="0" shadow="0">
+      <root>
+        <mxCell id="VVJb0M9A3g1CXhi0Pu_m-0" />
+        <mxCell id="VVJb0M9A3g1CXhi0Pu_m-1" parent="VVJb0M9A3g1CXhi0Pu_m-0" />
+        <mxCell id="VVJb0M9A3g1CXhi0Pu_m-12" value="" style="shape=image;verticalLabelPosition=bottom;verticalAlign=top;imageAspect=0;image=data:image/svg+xml,PHN2ZyB4bWxuczp4bGluaz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94bGluayIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWw6c3BhY2U9InByZXNlcnZlIiBzdHlsZT0iZW5hYmxlLWJhY2tncm91bmQ6bmV3IDAgMCA0NTkuMyAzMTIuODsiIHZpZXdCb3g9IjAgMCA0NTkuMyAzMTIuOCIgeT0iMHB4IiB4PSIwcHgiIGlkPSJMYXllcl8xIiB2ZXJzaW9uPSIxLjEiPiYjeGE7PHN0eWxlIHR5cGU9InRleHQvY3NzIj4mI3hhOwkuc3Qwe2ZpbGw6dXJsKCNTVkdJRF8xXyk7c3Ryb2tlOiMwMjczRkI7c3Ryb2tlLXdpZHRoOjU7c3Ryb2tlLWxpbmVjYXA6cm91bmQ7c3Ryb2tlLWxpbmVqb2luOnJvdW5kO3N0cm9rZS1taXRlcmxpbWl0OjEwO30mI3hhOzwvc3R5bGU+JiN4YTs8bGluZWFyR3JhZGllbnQgeTI9IjMwNy43OTMyIiB4Mj0iMjI5LjY0NDUiIHkxPSIxMy43MDQ5IiB4MT0iMjI5LjY0NDUiIGdyYWRpZW50VW5pdHM9InVzZXJTcGFjZU9uVXNlIiBpZD0iU1ZHSURfMV8iPiYjeGE7CTxzdG9wIHN0eWxlPSJzdG9wLWNvbG9yOiNGRkZGRkYiIG9mZnNldD0iNC4zMDY4OTFlLTAzIi8+JiN4YTsJPHN0b3Agc3R5bGU9InN0b3AtY29sb3I6I0ZBRkJGQiIgb2Zmc2V0PSIwLjUwODUiLz4mI3hhOwk8c3RvcCBzdHlsZT0ic3RvcC1jb2xvcjojRjBGM0Y1IiBvZmZzZXQ9IjAuOTM1NSIvPiYjeGE7PC9saW5lYXJHcmFkaWVudD4mI3hhOzxwYXRoIGQ9Ik00NTYuOCwyMjAuNGMwLjIsNDkuNC0zOS43LDg5LjctODkuMSw4OS45Yy0wLjEsMC0wLjEsMC0wLjIsMEg5MS42Yy00OS42LTAuNC04OS41LTQxLTg5LjEtOTAuNiYjMTA7JiM5O2MwLjQtNDMuNywzMi4xLTgwLjgsNzUuMi04Ny45Yy01LjUtMzAuOSwxNS4xLTYwLjMsNDYtNjUuOGMzLjItMC42LDYuNS0wLjksOS44LTAuOWMxMy4xLDAuMiwyNS42LDUsMzUuNSwxMy41JiMxMDsmIzk7YzE3LjYtNDAuNCw0MC40LTc2LjEsMTAzLjItNzYuMWM3Ni41LDAsMTEyLjksNTkuNiwxMTIuOSwxMjIuMnY3LjljNDEuNiw4LjcsNzEuNCw0NS41LDcxLjMsODguMSIgY2xhc3M9InN0MCIvPiYjeGE7PC9zdmc+;imageBorder=none;fillOpacity=100;strokeOpacity=100;labelBorderColor=none;fontColor=#924949;fontFamily=Open Sans;fontSource=https%3A%2F%2Ffonts.googleapis.com%2Fcss%3Ffamily%3DOpen%2BSans;rounded=1;" parent="VVJb0M9A3g1CXhi0Pu_m-1" vertex="1">
+          <mxGeometry x="450" y="80" width="420" height="240" as="geometry" />
+        </mxCell>
+        <mxCell id="VVJb0M9A3g1CXhi0Pu_m-2" value="Public Cloud Provider" style="rounded=1;whiteSpace=wrap;html=1;arcSize=9;verticalAlign=top;align=left;spacing=6;spacingLeft=6;" parent="VVJb0M9A3g1CXhi0Pu_m-1" vertex="1">
+          <mxGeometry x="270" y="160" width="210" height="160" as="geometry" />
+        </mxCell>
+        <mxCell id="VVJb0M9A3g1CXhi0Pu_m-3" value="Controller" style="rounded=1;whiteSpace=wrap;html=1;arcSize=9;align=left;spacingLeft=9;" parent="VVJb0M9A3g1CXhi0Pu_m-1" vertex="1">
+          <mxGeometry x="330" y="190" width="160" height="50" as="geometry" />
+        </mxCell>
+        <mxCell id="VVJb0M9A3g1CXhi0Pu_m-4" value="Router" style="rounded=1;whiteSpace=wrap;html=1;arcSize=9;align=left;spacingLeft=9;" parent="VVJb0M9A3g1CXhi0Pu_m-1" vertex="1">
+          <mxGeometry x="330" y="260" width="160" height="50" as="geometry" />
+        </mxCell>
+        <mxCell id="VVJb0M9A3g1CXhi0Pu_m-5" value="Private Network" style="rounded=1;whiteSpace=wrap;html=1;arcSize=9;verticalAlign=top;align=left;spacing=6;spacingLeft=9;" parent="VVJb0M9A3g1CXhi0Pu_m-1" vertex="1">
+          <mxGeometry x="840" y="80" width="290" height="240" as="geometry" />
+        </mxCell>
+        <mxCell id="VVJb0M9A3g1CXhi0Pu_m-13" value="&lt;font style=&quot;font-size: 26px;&quot;&gt;OpenZiti&amp;nbsp;Overlay Network&lt;/font&gt;" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;fontColor=#4D4D4D;fontFamily=Open Sans;fontSource=https%3A%2F%2Ffonts.googleapis.com%2Fcss%3Ffamily%3DOpen%2BSans;fontSize=26;fontStyle=1;rounded=1;" parent="VVJb0M9A3g1CXhi0Pu_m-1" vertex="1">
+          <mxGeometry x="490.0037500000001" y="219.9951292526846" width="340" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="VVJb0M9A3g1CXhi0Pu_m-14" value="&lt;span style=&quot;font-family: &amp;quot;Open Sans&amp;quot;; font-size: 18px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 700; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; float: none; display: inline !important;&quot;&gt;zero trust connection&lt;/span&gt;" style="text;whiteSpace=wrap;html=1;fontSize=18;fontFamily=Open Sans;fontColor=#FC0147;fillColor=none;rounded=1;align=center;" parent="VVJb0M9A3g1CXhi0Pu_m-1" vertex="1">
+          <mxGeometry x="570" y="330" width="239.4" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="VVJb0M9A3g1CXhi0Pu_m-21" value="" style="endArrow=none;html=1;rounded=0;flowAnimation=1;entryX=0;entryY=0.5;entryDx=0;entryDy=0;fontColor=#fc0147;strokeWidth=3;strokeColor=#fc0147;" parent="VVJb0M9A3g1CXhi0Pu_m-1" source="VVJb0M9A3g1CXhi0Pu_m-20" target="3RlJnTQkYkgjORHTnBK9-2" edge="1">
+          <mxGeometry width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="640" y="220" as="sourcePoint" />
+            <mxPoint x="810" y="290" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="VVJb0M9A3g1CXhi0Pu_m-18" value="" style="group;fontFamily=Open Sans;fontSource=https%3A%2F%2Ffonts.googleapis.com%2Fcss%3Ffamily%3DOpen%2BSans;rounded=1;" parent="VVJb0M9A3g1CXhi0Pu_m-1" connectable="0" vertex="1">
+          <mxGeometry x="440" y="265" width="40" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="VVJb0M9A3g1CXhi0Pu_m-19" value="" style="rounded=1;whiteSpace=wrap;html=1;fontFamily=Open Sans;fontSource=https%3A%2F%2Ffonts.googleapis.com%2Fcss%3Ffamily%3DOpen%2BSans;fillColor=#E6E6E6;strokeColor=#4F4F4F;" parent="VVJb0M9A3g1CXhi0Pu_m-18" vertex="1">
+          <mxGeometry width="40" height="39.99999999999999" as="geometry" />
+        </mxCell>
+        <mxCell id="VVJb0M9A3g1CXhi0Pu_m-20" value="" style="shape=image;verticalLabelPosition=bottom;labelBackgroundColor=#E0E0E0;verticalAlign=top;aspect=fixed;imageAspect=0;image=data:image/svg+xml,PHN2ZyB4bWxuczp4bGluaz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94bGluayIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWw6c3BhY2U9InByZXNlcnZlIiBzdHlsZT0iZW5hYmxlLWJhY2tncm91bmQ6bmV3IDAgMCAzMDAgMzAwOyIgdmlld0JveD0iMCAwIDMwMCAzMDAiIHk9IjBweCIgeD0iMHB4IiBpZD0iTGF5ZXJfMSIgdmVyc2lvbj0iMS4xIj4mI3hhOzxzdHlsZSB0eXBlPSJ0ZXh0L2NzcyI+JiN4YTsJLnN0MHtmaWxsOnVybCgjU1ZHSURfMV8pO30mI3hhOwkuc3Qxe2ZpbGw6dXJsKCNTVkdJRF8wMDAwMDA3NDQ0MzE0MTY3MzU3OTYwOTU3MDAwMDAwMzAyMTc0ODkwNzQwNDY0NzYxMl8pO30mI3hhOwkuc3Qye2ZpbGw6dXJsKCNTVkdJRF8wMDAwMDA5ODkwMjgzNjQyMDI0NzM4MDEyMDAwMDAxMDI5OTUwNjI3NTE3NDQzMDM3NF8pO30mI3hhOwkuc3Qze2ZpbGw6dXJsKCNTVkdJRF8wMDAwMDA3MTUyOTU5MjEyODYxNzA3NDM4MDAwMDAxNDY5OTkwMDc4OTExODEzMjkwNl8pO30mI3hhOwkuc3Q0e2ZpbGw6dXJsKCNTVkdJRF8wMDAwMDE0NjQ1OTkxNDIwNTgxOTg5Njk0MDAwMDAwNzQxMjYwNjMzOTIzNTk1NTA3NV8pO30mI3hhOwkuc3Q1e2ZpbGw6dXJsKCNTVkdJRF8wMDAwMDEyNjMyNDUyOTU0ODQyNDI5MDIzMDAwMDAxMzI5ODQ2NDg2MTM3MzIxMDUyMl8pO30mI3hhOwkuc3Q2e2ZpbGw6dXJsKCNTVkdJRF8wMDAwMDEzMjc5MDI0MDI4ODU0NTcyODYxMDAwMDAwNzQ2NDc1MDUyMTM2MDA4NTQxNl8pO30mI3hhOzwvc3R5bGU+JiN4YTs8Zz4mI3hhOwk8Zz4mI3hhOwkJJiN4YTsJCQk8bGluZWFyR3JhZGllbnQgZ3JhZGllbnRUcmFuc2Zvcm09Im1hdHJpeCgxIDAgMCAxIDAgLTU0MikiIHkyPSI3MDguNTAwMSIgeDI9IjE1Ny4zIiB5MT0iNzA4LjUwMDEiIHgxPSIxNTcuMyIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiIGlkPSJTVkdJRF8xXyI+JiN4YTsJCQk8c3RvcCBzdHlsZT0ic3RvcC1jb2xvcjojRkMwMTQ3IiBvZmZzZXQ9IjQuMzA2ODkxZS0wMyIvPiYjeGE7CQkJPHN0b3Agc3R5bGU9InN0b3AtY29sb3I6I0Y0MDQ0RCIgb2Zmc2V0PSIzLjkxODI2OWUtMDIiLz4mI3hhOwkJCTxzdG9wIHN0eWxlPSJzdG9wLWNvbG9yOiMwMDY4RjkiIG9mZnNldD0iMC45Ii8+JiN4YTsJCTwvbGluZWFyR3JhZGllbnQ+JiN4YTsJCTxwYXRoIGQ9Ik0xNTcuMywxNjYuNSIgY2xhc3M9InN0MCIvPiYjeGE7CTwvZz4mI3hhOzwvZz4mI3hhOzxnPiYjeGE7CSYjeGE7CQk8bGluZWFyR3JhZGllbnQgZ3JhZGllbnRUcmFuc2Zvcm09Im1hdHJpeCgxIDAgMCAxIDAgLTU0MikiIHkyPSI2NTEuNDY3IiB4Mj0iMTEyLjQxNjkiIHkxPSI3NTcuMDI1IiB4MT0iMjE3Ljk3NSIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiIGlkPSJTVkdJRF8wMDAwMDA3Mjk2ODQwODMxODc2NDMzNDAyMDAwMDAwNzk0OTIxMzQzNzMzNzU5NTA1N18iPiYjeGE7CQk8c3RvcCBzdHlsZT0ic3RvcC1jb2xvcjojRkMwMTQ3IiBvZmZzZXQ9IjQuMzA2ODkxZS0wMyIvPiYjeGE7CQk8c3RvcCBzdHlsZT0ic3RvcC1jb2xvcjojRjQwNDREIiBvZmZzZXQ9IjMuOTE4MjY5ZS0wMiIvPiYjeGE7CQk8c3RvcCBzdHlsZT0ic3RvcC1jb2xvcjojMDA2OEY5IiBvZmZzZXQ9IjAuOSIvPiYjeGE7CTwvbGluZWFyR3JhZGllbnQ+JiN4YTsJPHBhdGggZD0iTTE3OC40LDE1NGMxLjItMy42LDEuMi03LjEsMS4yLTEzLjF2LTcuMSYjMTA7JiM5OyYjOTtjMC02LDAtOS41LTMuNi0xMy4xYy0zLjYtMi40LTcuMS0zLjYtMTMuMS0zLjZoLTM1Ljd2NTkuNWgxNi43di0xNy45aDExLjlsOS41LDE3LjloMTUuNWwtMTAuNy0xNy45JiMxMDsmIzk7JiM5O0MxNzMuNiwxNTcuNSwxNzYsMTU3LjUsMTc4LjQsMTU0eiBNMTY1LjMsMTM4LjVjMCwzLjYtMS4yLDcuMS00LjgsNy4xaC0xNi43di0xNy45aDE1LjVjMy42LDAsNiwyLjQsNiw2VjEzOC41eiIgc3R5bGU9ImZpbGw6dXJsKCNTVkdJRF8wMDAwMDA3Mjk2ODQwODMxODc2NDMzNDAyMDAwMDAwNzk0OTIxMzQzNzMzNzU5NTA1N18pOyIvPiYjeGE7CSYjeGE7CQk8bGluZWFyR3JhZGllbnQgZ3JhZGllbnRUcmFuc2Zvcm09Im1hdHJpeCgxIDAgMCAxIDAgLTU0MikiIHkyPSI2NTEuNDQyIiB4Mj0iMTEyLjQ0MTkiIHkxPSI3NTcuMDAwMSIgeDE9IjIxOCIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiIGlkPSJTVkdJRF8wMDAwMDA3ODc1NzI4MDg2OTg2NTU3NzE3MDAwMDAwNTcxMzc0MTcxMzcwMDU5Nzk0N18iPiYjeGE7CQk8c3RvcCBzdHlsZT0ic3RvcC1jb2xvcjojRkMwMTQ3IiBvZmZzZXQ9IjQuMzA2ODkxZS0wMyIvPiYjeGE7CQk8c3RvcCBzdHlsZT0ic3RvcC1jb2xvcjojRjQwNDREIiBvZmZzZXQ9IjMuOTE4MjY5ZS0wMiIvPiYjeGE7CQk8c3RvcCBzdHlsZT0ic3RvcC1jb2xvcjojMDA2OEY5IiBvZmZzZXQ9IjAuOSIvPiYjeGE7CTwvbGluZWFyR3JhZGllbnQ+JiN4YTsJPHBhdGggZD0iTTIxMi41LDE0OGMwLTMzLjktMjcuNi02MS41LTYxLjUtNjEuNSYjMTA7JiM5OyYjOTtTODkuNSwxMTQuMSw4OS41LDE0OHMyNy42LDYxLjUsNjEuNSw2MS41UzIxMi41LDE4MS45LDIxMi41LDE0OHogTTE1MSwyMDAuOGMtMjkuMSwwLTUyLjgtMjMuNy01Mi44LTUyLjhzMjMuNy01Mi44LDUyLjgtNTIuOCYjMTA7JiM5OyYjOTtzNTIuOCwyMy43LDUyLjgsNTIuOFMxODAuMSwyMDAuOCwxNTEsMjAwLjh6IiBzdHlsZT0iZmlsbDp1cmwoI1NWR0lEXzAwMDAwMDc4NzU3MjgwODY5ODY1NTc3MTcwMDAwMDA1NzEzNzQxNzEzNzAwNTk3OTQ3Xyk7Ii8+JiN4YTsJJiN4YTsJCTxsaW5lYXJHcmFkaWVudCBncmFkaWVudFRyYW5zZm9ybT0ibWF0cml4KDEgMCAwIDEgMCAtNTQyKSIgeTI9IjU5NC41Mjg2IiB4Mj0iMTY5LjM1NTIiIHkxPSI3MDAuMDg2NyIgeDE9IjI3NC45MTMyIiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSIgaWQ9IlNWR0lEXzAwMDAwMTI4NDc0ODM1MTg2ODIyMzQxMzIwMDAwMDA5NDM5MjIwNzMzMzM4NzE4ODYzXyI+JiN4YTsJCTxzdG9wIHN0eWxlPSJzdG9wLWNvbG9yOiNGQzAxNDciIG9mZnNldD0iNC4zMDY4OTFlLTAzIi8+JiN4YTsJCTxzdG9wIHN0eWxlPSJzdG9wLWNvbG9yOiNGNDA0NEQiIG9mZnNldD0iMy45MTgyNjllLTAyIi8+JiN4YTsJCTxzdG9wIHN0eWxlPSJzdG9wLWNvbG9yOiMwMDY4RjkiIG9mZnNldD0iMC45Ii8+JiN4YTsJPC9saW5lYXJHcmFkaWVudD4mI3hhOwk8cGF0aCBkPSJNMTU2LjcsNzguNWMzMy42LDIuMiw2MS42LDMwLjMsNjMuOCw2My44JiMxMDsmIzk7JiM5O2MwLjIsMi4zLDIuMSw0LDQuMyw0YzAuMSwwLDAuMiwwLDAuMywwYzIuNC0wLjIsNC4yLTIuMiw0LTQuNmMtMS44LTI3LjEtMTguNS01MS00MS43LTYzLjNoMjdsLTMuMywzLjNjLTEuNywxLjctMS43LDQuNCwwLDYuMSYjMTA7JiM5OyYjOTtjMC44LDAuOCwyLDEuMywzLjEsMS4zczIuMi0wLjQsMy4xLTEuM0wyMjgsNzcuMWMxLjctMS43LDEuNy00LjQsMC02LjFsLTEwLjctMTAuN2MtMS43LTEuNy00LjQtMS43LTYuMSwwcy0xLjcsNC40LDAsNi4xbDMuMywzLjMmIzEwOyYjOTsmIzk7SDE1N2MtMi4zLDAtNC4zLDEuOS00LjMsNC4yQzE1Mi41LDc2LjQsMTU0LjMsNzguMywxNTYuNyw3OC41eiIgc3R5bGU9ImZpbGw6dXJsKCNTVkdJRF8wMDAwMDEyODQ3NDgzNTE4NjgyMjM0MTMyMDAwMDAwOTQzOTIyMDczMzMzODcxODg2M18pOyIvPiYjeGE7CSYjeGE7CQk8bGluZWFyR3JhZGllbnQgZ3JhZGllbnRUcmFuc2Zvcm09Im1hdHJpeCgxIDAgMCAxIDAgLTU0MikiIHkyPSI2NTEuNDgyNyIgeDI9IjExMi40MDExIiB5MT0iNzU3LjA0MDgiIHgxPSIyMTcuOTU5MiIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiIGlkPSJTVkdJRF8wMDAwMDA3MTUzODg4MTI5ODUwODMxNjgzMDAwMDAxMjMyMjUwNjI3NjQ0NDYzODA5Nl8iPiYjeGE7CQk8c3RvcCBzdHlsZT0ic3RvcC1jb2xvcjojRkMwMTQ3IiBvZmZzZXQ9IjQuMzA2ODkxZS0wMyIvPiYjeGE7CQk8c3RvcCBzdHlsZT0ic3RvcC1jb2xvcjojRjQwNDREIiBvZmZzZXQ9IjMuOTE4MjY5ZS0wMiIvPiYjeGE7CQk8c3RvcCBzdHlsZT0ic3RvcC1jb2xvcjojMDA2OEY5IiBvZmZzZXQ9IjAuOSIvPiYjeGE7CTwvbGluZWFyR3JhZGllbnQ+JiN4YTsJPHBhdGggZD0iTTcyLjgsMTQyYzAsMi4zLDEuOSw0LjMsNC4yLDQuM2gwLjEmIzEwOyYjOTsmIzk7YzIuMywwLDQuMi0xLjgsNC4zLTRjMi4yLTMzLjYsMzAuMy02MS42LDYzLjgtNjMuOGMyLjQtMC4yLDQuMi0yLjIsNC00LjZzLTIuMi00LjItNC42LTRjLTI3LjEsMS44LTUxLDE4LjUtNjMuMyw0MS43di0yN2wzLjMsMy4zJiMxMDsmIzk7JiM5O2MwLjgsMC44LDIsMS4zLDMuMSwxLjNzMi4yLTAuNCwzLjEtMS4zYzEuNy0xLjcsMS43LTQuNCwwLTYuMUw4MC4yLDcxLjFjLTEuNy0xLjctNC40LTEuNy02LjEsMEw2My40LDgxLjhjLTEuNywxLjctMS43LDQuNCwwLDYuMSYjMTA7JiM5OyYjOTtjMS43LDEuNyw0LjQsMS43LDYuMSwwbDMuMy0zLjNWMTQyeiIgc3R5bGU9ImZpbGw6dXJsKCNTVkdJRF8wMDAwMDA3MTUzODg4MTI5ODUwODMxNjgzMDAwMDAxMjMyMjUwNjI3NjQ0NDYzODA5Nl8pOyIvPiYjeGE7CSYjeGE7CQk8bGluZWFyR3JhZGllbnQgZ3JhZGllbnRUcmFuc2Zvcm09Im1hdHJpeCgxIDAgMCAxIDAgLTU0MikiIHkyPSI3MDguMzMwMyIgeDI9IjU1LjU1MzYiIHkxPSI4MTMuODg4MiIgeDE9IjE2MS4xMTE4IiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSIgaWQ9IlNWR0lEXzAwMDAwMDMzMzQ2MTMxNjU2MDEzMzg3ODIwMDAwMDE1NDY1ODY4MzY1ODI4MjY5OTc1XyI+JiN4YTsJCTxzdG9wIHN0eWxlPSJzdG9wLWNvbG9yOiNGQzAxNDciIG9mZnNldD0iNC4zMDY4OTFlLTAzIi8+JiN4YTsJCTxzdG9wIHN0eWxlPSJzdG9wLWNvbG9yOiNGNDA0NEQiIG9mZnNldD0iMy45MTgyNjllLTAyIi8+JiN4YTsJCTxzdG9wIHN0eWxlPSJzdG9wLWNvbG9yOiMwMDY4RjkiIG9mZnNldD0iMC45Ii8+JiN4YTsJPC9saW5lYXJHcmFkaWVudD4mI3hhOwk8cGF0aCBkPSJNMTQ1LjMsMjE3LjUmIzEwOyYjOTsmIzk7Yy0zMy42LTIuMi02MS42LTMwLjMtNjMuOC02My44Yy0wLjItMi40LTIuMi00LjItNC42LTRzLTQuMiwyLjItNCw0LjZjMS44LDI3LjEsMTguNSw1MSw0MS43LDYzLjNoLTI3bDMuMy0zLjMmIzEwOyYjOTsmIzk7YzEuNy0xLjcsMS43LTQuNCwwLTYuMXMtNC40LTEuNy02LjEsMGwtMTAuNywxMC43Yy0xLjcsMS43LTEuNyw0LjQsMCw2LjFsMTAuNywxMC43YzAuOCwwLjgsMiwxLjMsMy4xLDEuM3MyLjItMC40LDMuMS0xLjMmIzEwOyYjOTsmIzk7YzEuNy0xLjcsMS43LTQuNCwwLTYuMWwtMy4zLTMuM0gxNDVjMi4zLDAsNC4zLTEuOSw0LjMtNC4yQzE0OS41LDIxOS42LDE0Ny43LDIxNy43LDE0NS4zLDIxNy41eiIgc3R5bGU9ImZpbGw6dXJsKCNTVkdJRF8wMDAwMDAzMzM0NjEzMTY1NjAxMzM4NzgyMDAwMDAxNTQ2NTg2ODM2NTgyODI2OTk3NV8pOyIvPiYjeGE7CSYjeGE7CQk8bGluZWFyR3JhZGllbnQgZ3JhZGllbnRUcmFuc2Zvcm09Im1hdHJpeCgxIDAgMCAxIDAgLTU0MikiIHkyPSI2NTEuMzkwMSIgeDI9IjExMi40OTM5IiB5MT0iNzU2Ljk0ODEiIHgxPSIyMTguMDUyIiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSIgaWQ9IlNWR0lEXzAwMDAwMDM0ODA1MDQ5NzA0NDA4ODAxNzcwMDAwMDA0MDUyNDg4ODY4ODkxNzQyNjM2XyI+JiN4YTsJCTxzdG9wIHN0eWxlPSJzdG9wLWNvbG9yOiNGQzAxNDciIG9mZnNldD0iNC4zMDY4OTFlLTAzIi8+JiN4YTsJCTxzdG9wIHN0eWxlPSJzdG9wLWNvbG9yOiNGNDA0NEQiIG9mZnNldD0iMy45MTgyNjllLTAyIi8+JiN4YTsJCTxzdG9wIHN0eWxlPSJzdG9wLWNvbG9yOiMwMDY4RjkiIG9mZnNldD0iMC45Ii8+JiN4YTsJPC9saW5lYXJHcmFkaWVudD4mI3hhOwk8cGF0aCBkPSJNMjM4LjYsMjA4LjFjLTEuNy0xLjctNC40LTEuNy02LjEsMCYjMTA7JiM5OyYjOTtsLTMuMywzLjNWMTU0YzAtMi4zLTEuOS00LjMtNC4yLTQuM2gtMC4xYy0yLjMsMC00LjIsMS44LTQuMyw0Yy0yLjIsMzMuNi0zMC4zLDYxLjYtNjMuOCw2My44Yy0yLjQsMC4yLTQuMiwyLjItNCw0LjYmIzEwOyYjOTsmIzk7YzAuMiwyLjMsMi4xLDQsNC4zLDRjMC4xLDAsMC4yLDAsMC4zLDBjMjcuMS0xLjgsNTEtMTguNSw2My4zLTQxLjd2MjdsLTMuMy0zLjNjLTEuNy0xLjctNC40LTEuNy02LjEsMHMtMS43LDQuNCwwLDYuMWwxMC43LDEwLjcmIzEwOyYjOTsmIzk7YzAuOCwwLjgsMiwxLjMsMy4xLDEuM3MyLjItMC40LDMuMS0xLjNsMTAuNy0xMC43QzI0MC4zLDIxMi41LDI0MC4zLDIwOS43LDIzOC42LDIwOC4xeiIgc3R5bGU9ImZpbGw6dXJsKCNTVkdJRF8wMDAwMDAzNDgwNTA0OTcwNDQwODgwMTc3MDAwMDAwNDA1MjQ4ODg2ODg5MTc0MjYzNl8pOyIvPiYjeGE7PC9nPiYjeGE7PC9zdmc+;clipPath=inset(18.33% 19.33% 20% 19.33%);fontFamily=Open Sans;fontSource=https%3A%2F%2Ffonts.googleapis.com%2Fcss%3Ffamily%3DOpen%2BSans;rounded=1;" parent="VVJb0M9A3g1CXhi0Pu_m-18" vertex="1">
+          <mxGeometry width="39.78844385177223" height="39.999871745283016" as="geometry" />
+        </mxCell>
+        <mxCell id="N8KM49JTUpkI08OM-zGT-0" value="" style="endArrow=none;html=1;rounded=0;fontColor=#FC0147;strokeColor=#FC0147;" parent="VVJb0M9A3g1CXhi0Pu_m-1" source="VVJb0M9A3g1CXhi0Pu_m-14" edge="1">
+          <mxGeometry width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="760" y="360" as="sourcePoint" />
+            <mxPoint x="690" y="290" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="N8KM49JTUpkI08OM-zGT-2" value="&lt;span style=&quot;font-family: &amp;quot;Open Sans&amp;quot;; font-size: 18px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 700; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; float: none; display: inline !important;&quot;&gt;IP-based underlay traffic&lt;/span&gt;" style="text;whiteSpace=wrap;html=1;fontSize=18;fontFamily=Open Sans;fontColor=#007FFF;fillColor=none;rounded=1;align=left;strokeColor=none;" parent="VVJb0M9A3g1CXhi0Pu_m-1" vertex="1">
+          <mxGeometry x="890.6" y="330" width="269.4" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="N8KM49JTUpkI08OM-zGT-3" value="" style="endArrow=none;html=1;rounded=0;fontColor=#FC0147;strokeColor=#007FFF;" parent="VVJb0M9A3g1CXhi0Pu_m-1" source="N8KM49JTUpkI08OM-zGT-2" edge="1">
+          <mxGeometry width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="700" y="330" as="sourcePoint" />
+            <mxPoint x="1050" y="280" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="N8KM49JTUpkI08OM-zGT-4" value="&lt;span style=&quot;font-family: &amp;quot;Open Sans&amp;quot;; font-size: 18px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 700; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; float: none; display: inline !important;&quot;&gt;IP-based underlay traffic&lt;/span&gt;" style="text;whiteSpace=wrap;html=1;fontSize=18;fontFamily=Open Sans;fontColor=#007FFF;fillColor=none;rounded=1;align=right;strokeColor=none;" parent="VVJb0M9A3g1CXhi0Pu_m-1" vertex="1">
+          <mxGeometry x="240" y="330" width="240" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="N8KM49JTUpkI08OM-zGT-5" value="" style="endArrow=none;html=1;rounded=0;fontColor=#FC0147;strokeColor=#007FFF;exitX=0.5;exitY=0;exitDx=0;exitDy=0;" parent="VVJb0M9A3g1CXhi0Pu_m-1" source="N8KM49JTUpkI08OM-zGT-4" edge="1">
+          <mxGeometry width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="79.39999999999998" y="330" as="sourcePoint" />
+            <mxPoint x="410" y="250" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="N8KM49JTUpkI08OM-zGT-6" value="" style="endArrow=none;html=1;rounded=0;flowAnimation=1;fontColor=#007FFF;strokeWidth=3;strokeColor=#007FFF;" parent="VVJb0M9A3g1CXhi0Pu_m-1" source="VVJb0M9A3g1CXhi0Pu_m-3" target="VVJb0M9A3g1CXhi0Pu_m-4" edge="1">
+          <mxGeometry width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="400" y="395" as="sourcePoint" />
+            <mxPoint x="543" y="280" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="VVJb0M9A3g1CXhi0Pu_m-7" value="Docker" style="rounded=1;whiteSpace=wrap;html=1;arcSize=6;align=left;verticalAlign=top;spacingTop=2;spacingLeft=8;" parent="VVJb0M9A3g1CXhi0Pu_m-1" vertex="1">
+          <mxGeometry x="850" y="110" width="270" height="205" as="geometry" />
+        </mxCell>
+        <mxCell id="VVJb0M9A3g1CXhi0Pu_m-8" value="Edgex Service 1" style="rounded=1;whiteSpace=wrap;html=1;arcSize=9;align=left;verticalAlign=top;spacingTop=2;spacingLeft=8;" parent="VVJb0M9A3g1CXhi0Pu_m-1" vertex="1">
+          <mxGeometry x="860" y="140" width="120" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="VVJb0M9A3g1CXhi0Pu_m-9" value="Edgex Service 2" style="rounded=1;whiteSpace=wrap;html=1;arcSize=9;align=left;verticalAlign=top;spacingTop=2;spacingLeft=8;" parent="VVJb0M9A3g1CXhi0Pu_m-1" vertex="1">
+          <mxGeometry x="860" y="180" width="120" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="VVJb0M9A3g1CXhi0Pu_m-10" value="Edgex Service 3" style="rounded=1;whiteSpace=wrap;html=1;arcSize=9;align=left;verticalAlign=top;spacingTop=2;spacingLeft=8;" parent="VVJb0M9A3g1CXhi0Pu_m-1" vertex="1">
+          <mxGeometry x="860" y="220" width="120" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="VVJb0M9A3g1CXhi0Pu_m-11" value="Token Provider" style="rounded=1;whiteSpace=wrap;html=1;arcSize=9;align=left;verticalAlign=top;spacingTop=2;spacingLeft=8;" parent="VVJb0M9A3g1CXhi0Pu_m-1" vertex="1">
+          <mxGeometry x="990" y="140" width="120" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="VVJb0M9A3g1CXhi0Pu_m-23" value="" style="endArrow=none;html=1;rounded=0;entryX=0.5;entryY=1;entryDx=0;entryDy=0;flowAnimation=1;exitX=1;exitY=0.5;exitDx=0;exitDy=0;fontColor=#007FFF;strokeWidth=3;strokeColor=#007FFF;" parent="VVJb0M9A3g1CXhi0Pu_m-1" source="3RlJnTQkYkgjORHTnBK9-1" target="VVJb0M9A3g1CXhi0Pu_m-11" edge="1">
+          <mxGeometry width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="990" y="302" as="sourcePoint" />
+            <mxPoint x="960" y="390" as="targetPoint" />
+            <Array as="points">
+              <mxPoint x="1050" y="285" />
+            </Array>
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="3RlJnTQkYkgjORHTnBK9-3" value="Router" style="rounded=1;whiteSpace=wrap;html=1;arcSize=9;align=right;spacingLeft=9;" parent="VVJb0M9A3g1CXhi0Pu_m-1" vertex="1">
+          <mxGeometry x="860" y="260" width="120" height="50" as="geometry" />
+        </mxCell>
+        <mxCell id="3RlJnTQkYkgjORHTnBK9-0" value="" style="group;fontFamily=Open Sans;fontSource=https%3A%2F%2Ffonts.googleapis.com%2Fcss%3Ffamily%3DOpen%2BSans;rounded=1;" parent="VVJb0M9A3g1CXhi0Pu_m-1" connectable="0" vertex="1">
+          <mxGeometry x="867.09" y="265" width="40" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="3RlJnTQkYkgjORHTnBK9-1" value="" style="rounded=1;whiteSpace=wrap;html=1;fontFamily=Open Sans;fontSource=https%3A%2F%2Ffonts.googleapis.com%2Fcss%3Ffamily%3DOpen%2BSans;fillColor=#E6E6E6;strokeColor=#4F4F4F;" parent="3RlJnTQkYkgjORHTnBK9-0" vertex="1">
+          <mxGeometry width="40" height="39.99999999999999" as="geometry" />
+        </mxCell>
+        <mxCell id="3RlJnTQkYkgjORHTnBK9-2" value="" style="shape=image;verticalLabelPosition=bottom;labelBackgroundColor=#E0E0E0;verticalAlign=top;aspect=fixed;imageAspect=0;image=data:image/svg+xml,PHN2ZyB4bWxuczp4bGluaz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94bGluayIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWw6c3BhY2U9InByZXNlcnZlIiBzdHlsZT0iZW5hYmxlLWJhY2tncm91bmQ6bmV3IDAgMCAzMDAgMzAwOyIgdmlld0JveD0iMCAwIDMwMCAzMDAiIHk9IjBweCIgeD0iMHB4IiBpZD0iTGF5ZXJfMSIgdmVyc2lvbj0iMS4xIj4mI3hhOzxzdHlsZSB0eXBlPSJ0ZXh0L2NzcyI+JiN4YTsJLnN0MHtmaWxsOnVybCgjU1ZHSURfMV8pO30mI3hhOwkuc3Qxe2ZpbGw6dXJsKCNTVkdJRF8wMDAwMDA3NDQ0MzE0MTY3MzU3OTYwOTU3MDAwMDAwMzAyMTc0ODkwNzQwNDY0NzYxMl8pO30mI3hhOwkuc3Qye2ZpbGw6dXJsKCNTVkdJRF8wMDAwMDA5ODkwMjgzNjQyMDI0NzM4MDEyMDAwMDAxMDI5OTUwNjI3NTE3NDQzMDM3NF8pO30mI3hhOwkuc3Qze2ZpbGw6dXJsKCNTVkdJRF8wMDAwMDA3MTUyOTU5MjEyODYxNzA3NDM4MDAwMDAxNDY5OTkwMDc4OTExODEzMjkwNl8pO30mI3hhOwkuc3Q0e2ZpbGw6dXJsKCNTVkdJRF8wMDAwMDE0NjQ1OTkxNDIwNTgxOTg5Njk0MDAwMDAwNzQxMjYwNjMzOTIzNTk1NTA3NV8pO30mI3hhOwkuc3Q1e2ZpbGw6dXJsKCNTVkdJRF8wMDAwMDEyNjMyNDUyOTU0ODQyNDI5MDIzMDAwMDAxMzI5ODQ2NDg2MTM3MzIxMDUyMl8pO30mI3hhOwkuc3Q2e2ZpbGw6dXJsKCNTVkdJRF8wMDAwMDEzMjc5MDI0MDI4ODU0NTcyODYxMDAwMDAwNzQ2NDc1MDUyMTM2MDA4NTQxNl8pO30mI3hhOzwvc3R5bGU+JiN4YTs8Zz4mI3hhOwk8Zz4mI3hhOwkJJiN4YTsJCQk8bGluZWFyR3JhZGllbnQgZ3JhZGllbnRUcmFuc2Zvcm09Im1hdHJpeCgxIDAgMCAxIDAgLTU0MikiIHkyPSI3MDguNTAwMSIgeDI9IjE1Ny4zIiB5MT0iNzA4LjUwMDEiIHgxPSIxNTcuMyIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiIGlkPSJTVkdJRF8xXyI+JiN4YTsJCQk8c3RvcCBzdHlsZT0ic3RvcC1jb2xvcjojRkMwMTQ3IiBvZmZzZXQ9IjQuMzA2ODkxZS0wMyIvPiYjeGE7CQkJPHN0b3Agc3R5bGU9InN0b3AtY29sb3I6I0Y0MDQ0RCIgb2Zmc2V0PSIzLjkxODI2OWUtMDIiLz4mI3hhOwkJCTxzdG9wIHN0eWxlPSJzdG9wLWNvbG9yOiMwMDY4RjkiIG9mZnNldD0iMC45Ii8+JiN4YTsJCTwvbGluZWFyR3JhZGllbnQ+JiN4YTsJCTxwYXRoIGQ9Ik0xNTcuMywxNjYuNSIgY2xhc3M9InN0MCIvPiYjeGE7CTwvZz4mI3hhOzwvZz4mI3hhOzxnPiYjeGE7CSYjeGE7CQk8bGluZWFyR3JhZGllbnQgZ3JhZGllbnRUcmFuc2Zvcm09Im1hdHJpeCgxIDAgMCAxIDAgLTU0MikiIHkyPSI2NTEuNDY3IiB4Mj0iMTEyLjQxNjkiIHkxPSI3NTcuMDI1IiB4MT0iMjE3Ljk3NSIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiIGlkPSJTVkdJRF8wMDAwMDA3Mjk2ODQwODMxODc2NDMzNDAyMDAwMDAwNzk0OTIxMzQzNzMzNzU5NTA1N18iPiYjeGE7CQk8c3RvcCBzdHlsZT0ic3RvcC1jb2xvcjojRkMwMTQ3IiBvZmZzZXQ9IjQuMzA2ODkxZS0wMyIvPiYjeGE7CQk8c3RvcCBzdHlsZT0ic3RvcC1jb2xvcjojRjQwNDREIiBvZmZzZXQ9IjMuOTE4MjY5ZS0wMiIvPiYjeGE7CQk8c3RvcCBzdHlsZT0ic3RvcC1jb2xvcjojMDA2OEY5IiBvZmZzZXQ9IjAuOSIvPiYjeGE7CTwvbGluZWFyR3JhZGllbnQ+JiN4YTsJPHBhdGggZD0iTTE3OC40LDE1NGMxLjItMy42LDEuMi03LjEsMS4yLTEzLjF2LTcuMSYjMTA7JiM5OyYjOTtjMC02LDAtOS41LTMuNi0xMy4xYy0zLjYtMi40LTcuMS0zLjYtMTMuMS0zLjZoLTM1Ljd2NTkuNWgxNi43di0xNy45aDExLjlsOS41LDE3LjloMTUuNWwtMTAuNy0xNy45JiMxMDsmIzk7JiM5O0MxNzMuNiwxNTcuNSwxNzYsMTU3LjUsMTc4LjQsMTU0eiBNMTY1LjMsMTM4LjVjMCwzLjYtMS4yLDcuMS00LjgsNy4xaC0xNi43di0xNy45aDE1LjVjMy42LDAsNiwyLjQsNiw2VjEzOC41eiIgc3R5bGU9ImZpbGw6dXJsKCNTVkdJRF8wMDAwMDA3Mjk2ODQwODMxODc2NDMzNDAyMDAwMDAwNzk0OTIxMzQzNzMzNzU5NTA1N18pOyIvPiYjeGE7CSYjeGE7CQk8bGluZWFyR3JhZGllbnQgZ3JhZGllbnRUcmFuc2Zvcm09Im1hdHJpeCgxIDAgMCAxIDAgLTU0MikiIHkyPSI2NTEuNDQyIiB4Mj0iMTEyLjQ0MTkiIHkxPSI3NTcuMDAwMSIgeDE9IjIxOCIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiIGlkPSJTVkdJRF8wMDAwMDA3ODc1NzI4MDg2OTg2NTU3NzE3MDAwMDAwNTcxMzc0MTcxMzcwMDU5Nzk0N18iPiYjeGE7CQk8c3RvcCBzdHlsZT0ic3RvcC1jb2xvcjojRkMwMTQ3IiBvZmZzZXQ9IjQuMzA2ODkxZS0wMyIvPiYjeGE7CQk8c3RvcCBzdHlsZT0ic3RvcC1jb2xvcjojRjQwNDREIiBvZmZzZXQ9IjMuOTE4MjY5ZS0wMiIvPiYjeGE7CQk8c3RvcCBzdHlsZT0ic3RvcC1jb2xvcjojMDA2OEY5IiBvZmZzZXQ9IjAuOSIvPiYjeGE7CTwvbGluZWFyR3JhZGllbnQ+JiN4YTsJPHBhdGggZD0iTTIxMi41LDE0OGMwLTMzLjktMjcuNi02MS41LTYxLjUtNjEuNSYjMTA7JiM5OyYjOTtTODkuNSwxMTQuMSw4OS41LDE0OHMyNy42LDYxLjUsNjEuNSw2MS41UzIxMi41LDE4MS45LDIxMi41LDE0OHogTTE1MSwyMDAuOGMtMjkuMSwwLTUyLjgtMjMuNy01Mi44LTUyLjhzMjMuNy01Mi44LDUyLjgtNTIuOCYjMTA7JiM5OyYjOTtzNTIuOCwyMy43LDUyLjgsNTIuOFMxODAuMSwyMDAuOCwxNTEsMjAwLjh6IiBzdHlsZT0iZmlsbDp1cmwoI1NWR0lEXzAwMDAwMDc4NzU3MjgwODY5ODY1NTc3MTcwMDAwMDA1NzEzNzQxNzEzNzAwNTk3OTQ3Xyk7Ii8+JiN4YTsJJiN4YTsJCTxsaW5lYXJHcmFkaWVudCBncmFkaWVudFRyYW5zZm9ybT0ibWF0cml4KDEgMCAwIDEgMCAtNTQyKSIgeTI9IjU5NC41Mjg2IiB4Mj0iMTY5LjM1NTIiIHkxPSI3MDAuMDg2NyIgeDE9IjI3NC45MTMyIiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSIgaWQ9IlNWR0lEXzAwMDAwMTI4NDc0ODM1MTg2ODIyMzQxMzIwMDAwMDA5NDM5MjIwNzMzMzM4NzE4ODYzXyI+JiN4YTsJCTxzdG9wIHN0eWxlPSJzdG9wLWNvbG9yOiNGQzAxNDciIG9mZnNldD0iNC4zMDY4OTFlLTAzIi8+JiN4YTsJCTxzdG9wIHN0eWxlPSJzdG9wLWNvbG9yOiNGNDA0NEQiIG9mZnNldD0iMy45MTgyNjllLTAyIi8+JiN4YTsJCTxzdG9wIHN0eWxlPSJzdG9wLWNvbG9yOiMwMDY4RjkiIG9mZnNldD0iMC45Ii8+JiN4YTsJPC9saW5lYXJHcmFkaWVudD4mI3hhOwk8cGF0aCBkPSJNMTU2LjcsNzguNWMzMy42LDIuMiw2MS42LDMwLjMsNjMuOCw2My44JiMxMDsmIzk7JiM5O2MwLjIsMi4zLDIuMSw0LDQuMyw0YzAuMSwwLDAuMiwwLDAuMywwYzIuNC0wLjIsNC4yLTIuMiw0LTQuNmMtMS44LTI3LjEtMTguNS01MS00MS43LTYzLjNoMjdsLTMuMywzLjNjLTEuNywxLjctMS43LDQuNCwwLDYuMSYjMTA7JiM5OyYjOTtjMC44LDAuOCwyLDEuMywzLjEsMS4zczIuMi0wLjQsMy4xLTEuM0wyMjgsNzcuMWMxLjctMS43LDEuNy00LjQsMC02LjFsLTEwLjctMTAuN2MtMS43LTEuNy00LjQtMS43LTYuMSwwcy0xLjcsNC40LDAsNi4xbDMuMywzLjMmIzEwOyYjOTsmIzk7SDE1N2MtMi4zLDAtNC4zLDEuOS00LjMsNC4yQzE1Mi41LDc2LjQsMTU0LjMsNzguMywxNTYuNyw3OC41eiIgc3R5bGU9ImZpbGw6dXJsKCNTVkdJRF8wMDAwMDEyODQ3NDgzNTE4NjgyMjM0MTMyMDAwMDAwOTQzOTIyMDczMzMzODcxODg2M18pOyIvPiYjeGE7CSYjeGE7CQk8bGluZWFyR3JhZGllbnQgZ3JhZGllbnRUcmFuc2Zvcm09Im1hdHJpeCgxIDAgMCAxIDAgLTU0MikiIHkyPSI2NTEuNDgyNyIgeDI9IjExMi40MDExIiB5MT0iNzU3LjA0MDgiIHgxPSIyMTcuOTU5MiIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiIGlkPSJTVkdJRF8wMDAwMDA3MTUzODg4MTI5ODUwODMxNjgzMDAwMDAxMjMyMjUwNjI3NjQ0NDYzODA5Nl8iPiYjeGE7CQk8c3RvcCBzdHlsZT0ic3RvcC1jb2xvcjojRkMwMTQ3IiBvZmZzZXQ9IjQuMzA2ODkxZS0wMyIvPiYjeGE7CQk8c3RvcCBzdHlsZT0ic3RvcC1jb2xvcjojRjQwNDREIiBvZmZzZXQ9IjMuOTE4MjY5ZS0wMiIvPiYjeGE7CQk8c3RvcCBzdHlsZT0ic3RvcC1jb2xvcjojMDA2OEY5IiBvZmZzZXQ9IjAuOSIvPiYjeGE7CTwvbGluZWFyR3JhZGllbnQ+JiN4YTsJPHBhdGggZD0iTTcyLjgsMTQyYzAsMi4zLDEuOSw0LjMsNC4yLDQuM2gwLjEmIzEwOyYjOTsmIzk7YzIuMywwLDQuMi0xLjgsNC4zLTRjMi4yLTMzLjYsMzAuMy02MS42LDYzLjgtNjMuOGMyLjQtMC4yLDQuMi0yLjIsNC00LjZzLTIuMi00LjItNC42LTRjLTI3LjEsMS44LTUxLDE4LjUtNjMuMyw0MS43di0yN2wzLjMsMy4zJiMxMDsmIzk7JiM5O2MwLjgsMC44LDIsMS4zLDMuMSwxLjNzMi4yLTAuNCwzLjEtMS4zYzEuNy0xLjcsMS43LTQuNCwwLTYuMUw4MC4yLDcxLjFjLTEuNy0xLjctNC40LTEuNy02LjEsMEw2My40LDgxLjhjLTEuNywxLjctMS43LDQuNCwwLDYuMSYjMTA7JiM5OyYjOTtjMS43LDEuNyw0LjQsMS43LDYuMSwwbDMuMy0zLjNWMTQyeiIgc3R5bGU9ImZpbGw6dXJsKCNTVkdJRF8wMDAwMDA3MTUzODg4MTI5ODUwODMxNjgzMDAwMDAxMjMyMjUwNjI3NjQ0NDYzODA5Nl8pOyIvPiYjeGE7CSYjeGE7CQk8bGluZWFyR3JhZGllbnQgZ3JhZGllbnRUcmFuc2Zvcm09Im1hdHJpeCgxIDAgMCAxIDAgLTU0MikiIHkyPSI3MDguMzMwMyIgeDI9IjU1LjU1MzYiIHkxPSI4MTMuODg4MiIgeDE9IjE2MS4xMTE4IiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSIgaWQ9IlNWR0lEXzAwMDAwMDMzMzQ2MTMxNjU2MDEzMzg3ODIwMDAwMDE1NDY1ODY4MzY1ODI4MjY5OTc1XyI+JiN4YTsJCTxzdG9wIHN0eWxlPSJzdG9wLWNvbG9yOiNGQzAxNDciIG9mZnNldD0iNC4zMDY4OTFlLTAzIi8+JiN4YTsJCTxzdG9wIHN0eWxlPSJzdG9wLWNvbG9yOiNGNDA0NEQiIG9mZnNldD0iMy45MTgyNjllLTAyIi8+JiN4YTsJCTxzdG9wIHN0eWxlPSJzdG9wLWNvbG9yOiMwMDY4RjkiIG9mZnNldD0iMC45Ii8+JiN4YTsJPC9saW5lYXJHcmFkaWVudD4mI3hhOwk8cGF0aCBkPSJNMTQ1LjMsMjE3LjUmIzEwOyYjOTsmIzk7Yy0zMy42LTIuMi02MS42LTMwLjMtNjMuOC02My44Yy0wLjItMi40LTIuMi00LjItNC42LTRzLTQuMiwyLjItNCw0LjZjMS44LDI3LjEsMTguNSw1MSw0MS43LDYzLjNoLTI3bDMuMy0zLjMmIzEwOyYjOTsmIzk7YzEuNy0xLjcsMS43LTQuNCwwLTYuMXMtNC40LTEuNy02LjEsMGwtMTAuNywxMC43Yy0xLjcsMS43LTEuNyw0LjQsMCw2LjFsMTAuNywxMC43YzAuOCwwLjgsMiwxLjMsMy4xLDEuM3MyLjItMC40LDMuMS0xLjMmIzEwOyYjOTsmIzk7YzEuNy0xLjcsMS43LTQuNCwwLTYuMWwtMy4zLTMuM0gxNDVjMi4zLDAsNC4zLTEuOSw0LjMtNC4yQzE0OS41LDIxOS42LDE0Ny43LDIxNy43LDE0NS4zLDIxNy41eiIgc3R5bGU9ImZpbGw6dXJsKCNTVkdJRF8wMDAwMDAzMzM0NjEzMTY1NjAxMzM4NzgyMDAwMDAxNTQ2NTg2ODM2NTgyODI2OTk3NV8pOyIvPiYjeGE7CSYjeGE7CQk8bGluZWFyR3JhZGllbnQgZ3JhZGllbnRUcmFuc2Zvcm09Im1hdHJpeCgxIDAgMCAxIDAgLTU0MikiIHkyPSI2NTEuMzkwMSIgeDI9IjExMi40OTM5IiB5MT0iNzU2Ljk0ODEiIHgxPSIyMTguMDUyIiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSIgaWQ9IlNWR0lEXzAwMDAwMDM0ODA1MDQ5NzA0NDA4ODAxNzcwMDAwMDA0MDUyNDg4ODY4ODkxNzQyNjM2XyI+JiN4YTsJCTxzdG9wIHN0eWxlPSJzdG9wLWNvbG9yOiNGQzAxNDciIG9mZnNldD0iNC4zMDY4OTFlLTAzIi8+JiN4YTsJCTxzdG9wIHN0eWxlPSJzdG9wLWNvbG9yOiNGNDA0NEQiIG9mZnNldD0iMy45MTgyNjllLTAyIi8+JiN4YTsJCTxzdG9wIHN0eWxlPSJzdG9wLWNvbG9yOiMwMDY4RjkiIG9mZnNldD0iMC45Ii8+JiN4YTsJPC9saW5lYXJHcmFkaWVudD4mI3hhOwk8cGF0aCBkPSJNMjM4LjYsMjA4LjFjLTEuNy0xLjctNC40LTEuNy02LjEsMCYjMTA7JiM5OyYjOTtsLTMuMywzLjNWMTU0YzAtMi4zLTEuOS00LjMtNC4yLTQuM2gtMC4xYy0yLjMsMC00LjIsMS44LTQuMyw0Yy0yLjIsMzMuNi0zMC4zLDYxLjYtNjMuOCw2My44Yy0yLjQsMC4yLTQuMiwyLjItNCw0LjYmIzEwOyYjOTsmIzk7YzAuMiwyLjMsMi4xLDQsNC4zLDRjMC4xLDAsMC4yLDAsMC4zLDBjMjcuMS0xLjgsNTEtMTguNSw2My4zLTQxLjd2MjdsLTMuMy0zLjNjLTEuNy0xLjctNC40LTEuNy02LjEsMHMtMS43LDQuNCwwLDYuMWwxMC43LDEwLjcmIzEwOyYjOTsmIzk7YzAuOCwwLjgsMiwxLjMsMy4xLDEuM3MyLjItMC40LDMuMS0xLjNsMTAuNy0xMC43QzI0MC4zLDIxMi41LDI0MC4zLDIwOS43LDIzOC42LDIwOC4xeiIgc3R5bGU9ImZpbGw6dXJsKCNTVkdJRF8wMDAwMDAzNDgwNTA0OTcwNDQwODgwMTc3MDAwMDAwNDA1MjQ4ODg2ODg5MTc0MjYzNl8pOyIvPiYjeGE7PC9nPiYjeGE7PC9zdmc+;clipPath=inset(18.33% 19.33% 20% 19.33%);fontFamily=Open Sans;fontSource=https%3A%2F%2Ffonts.googleapis.com%2Fcss%3Ffamily%3DOpen%2BSans;rounded=1;" parent="3RlJnTQkYkgjORHTnBK9-0" vertex="1">
+          <mxGeometry width="39.78844385177223" height="39.999871745283016" as="geometry" />
+        </mxCell>
+      </root>
+    </mxGraphModel>
+  </diagram>
+  <diagram id="5SI9ZEX_qIpv3RfnfPZV" name="EdgeX-OpenZiti">
+    <mxGraphModel dx="1576" dy="942" grid="1" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="1" pageScale="1" pageWidth="1920" pageHeight="1200" math="0" shadow="0">
+      <root>
+        <mxCell id="0" />
+        <mxCell id="1" parent="0" />
+        <mxCell id="52DqXLeXgyO4iOZ6ny6b-49" value="" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#f5f5f5;fontColor=#333333;strokeColor=#666666;dashed=1;" parent="1" vertex="1">
+          <mxGeometry x="320" y="280" width="140" height="240" as="geometry" />
+        </mxCell>
+        <mxCell id="52DqXLeXgyO4iOZ6ny6b-15" value="" style="rounded=0;whiteSpace=wrap;html=1;fillColor=none;fontColor=#ffffff;strokeColor=#6d8764;dashed=1;" parent="1" vertex="1">
+          <mxGeometry x="520" y="400" width="430" height="280" as="geometry" />
+        </mxCell>
+        <mxCell id="52DqXLeXgyO4iOZ6ny6b-54" value="" style="endArrow=none;html=1;rounded=0;fillColor=#cce5ff;strokeColor=#FFD966;strokeWidth=2;entryX=-0.024;entryY=0.333;entryDx=0;entryDy=0;entryPerimeter=0;dashed=1;" parent="1" target="52DqXLeXgyO4iOZ6ny6b-5" edge="1">
+          <mxGeometry width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="660" y="580" as="sourcePoint" />
+            <mxPoint x="500" y="570" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="52DqXLeXgyO4iOZ6ny6b-56" value="" style="endArrow=none;html=1;rounded=0;fillColor=#cce5ff;strokeColor=#FFD966;strokeWidth=2;entryX=1;entryY=0.337;entryDx=0;entryDy=0;entryPerimeter=0;dashed=1;" parent="1" target="52DqXLeXgyO4iOZ6ny6b-8" edge="1">
+          <mxGeometry width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="660" y="310" as="sourcePoint" />
+            <mxPoint x="450" y="640" as="targetPoint" />
+            <Array as="points">
+              <mxPoint x="660" y="580" />
+            </Array>
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="52DqXLeXgyO4iOZ6ny6b-55" value="" style="endArrow=none;html=1;rounded=0;fillColor=#cce5ff;strokeColor=#FFD966;strokeWidth=2;entryX=0.001;entryY=0.171;entryDx=0;entryDy=0;entryPerimeter=0;exitX=-0.005;exitY=0.818;exitDx=0;exitDy=0;exitPerimeter=0;dashed=1;" parent="1" source="52DqXLeXgyO4iOZ6ny6b-21" target="52DqXLeXgyO4iOZ6ny6b-1" edge="1">
+          <mxGeometry width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="660" y="180" as="sourcePoint" />
+            <mxPoint x="650" y="450" as="targetPoint" />
+            <Array as="points">
+              <mxPoint x="660" y="189" />
+              <mxPoint x="660" y="450" />
+            </Array>
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="52DqXLeXgyO4iOZ6ny6b-3" value="" style="group" parent="1" connectable="0" vertex="1">
+          <mxGeometry x="680" y="420" width="120" height="80" as="geometry" />
+        </mxCell>
+        <mxCell id="52DqXLeXgyO4iOZ6ny6b-1" value="EdgeX&lt;div&gt;µService&lt;/div&gt;" style="rounded=0;whiteSpace=wrap;html=1;strokeColor=#36393d;fillColor=#eeeeee;" parent="52DqXLeXgyO4iOZ6ny6b-3" vertex="1">
+          <mxGeometry y="20" width="100" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="52DqXLeXgyO4iOZ6ny6b-2" value="ACL" style="shape=tape;whiteSpace=wrap;html=1;size=0.2562770562770462;flipH=1;fillColor=#6d8764;fontColor=#ffffff;strokeColor=#3A5431;" parent="52DqXLeXgyO4iOZ6ny6b-3" vertex="1">
+          <mxGeometry x="80" y="60" width="40" height="20" as="geometry" />
+        </mxCell>
+        <mxCell id="52DqXLeXgyO4iOZ6ny6b-4" value="" style="group" parent="1" connectable="0" vertex="1">
+          <mxGeometry x="820" y="560" width="120" height="80" as="geometry" />
+        </mxCell>
+        <mxCell id="52DqXLeXgyO4iOZ6ny6b-5" value="EdgeX&lt;div&gt;µService&lt;/div&gt;" style="rounded=0;whiteSpace=wrap;html=1;strokeColor=#36393d;fillColor=#eeeeee;" parent="52DqXLeXgyO4iOZ6ny6b-4" vertex="1">
+          <mxGeometry width="100" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="52DqXLeXgyO4iOZ6ny6b-6" value="ACL" style="shape=tape;whiteSpace=wrap;html=1;size=0.2562770562770462;flipH=1;fillColor=#6d8764;fontColor=#ffffff;strokeColor=#3A5431;" parent="52DqXLeXgyO4iOZ6ny6b-4" vertex="1">
+          <mxGeometry x="79" y="40" width="40" height="20" as="geometry" />
+        </mxCell>
+        <mxCell id="52DqXLeXgyO4iOZ6ny6b-7" value="" style="group" parent="1" connectable="0" vertex="1">
+          <mxGeometry x="540" y="560" width="120" height="80" as="geometry" />
+        </mxCell>
+        <mxCell id="52DqXLeXgyO4iOZ6ny6b-8" value="EdgeX&lt;div&gt;µService&lt;/div&gt;" style="rounded=0;whiteSpace=wrap;html=1;strokeColor=#36393d;fillColor=#eeeeee;" parent="52DqXLeXgyO4iOZ6ny6b-7" vertex="1">
+          <mxGeometry width="100" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="52DqXLeXgyO4iOZ6ny6b-9" value="ACL" style="shape=tape;whiteSpace=wrap;html=1;size=0.2562770562770462;flipH=1;fillColor=#6d8764;fontColor=#ffffff;strokeColor=#3A5431;" parent="52DqXLeXgyO4iOZ6ny6b-7" vertex="1">
+          <mxGeometry x="79" y="40" width="40" height="20" as="geometry" />
+        </mxCell>
+        <mxCell id="52DqXLeXgyO4iOZ6ny6b-10" value="&lt;font color=&quot;#6d8764&quot;&gt;E2EE&lt;/font&gt;" style="endArrow=classic;startArrow=classic;html=1;rounded=1;exitX=0.204;exitY=-0.03;exitDx=0;exitDy=0;exitPerimeter=0;dashed=1;fillColor=#6d8764;strokeColor=#3A5431;curved=0;strokeWidth=1;" parent="1" source="52DqXLeXgyO4iOZ6ny6b-5" edge="1">
+          <mxGeometry x="0.003" width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="730" y="620" as="sourcePoint" />
+            <mxPoint x="760" y="500" as="targetPoint" />
+            <mxPoint as="offset" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="52DqXLeXgyO4iOZ6ny6b-12" value="&lt;font color=&quot;#6d8764&quot;&gt;E2EE&lt;/font&gt;" style="endArrow=classic;startArrow=classic;html=1;rounded=1;entryX=0.208;entryY=1.03;entryDx=0;entryDy=0;exitX=0.8;exitY=0;exitDx=0;exitDy=0;exitPerimeter=0;entryPerimeter=0;dashed=1;fillColor=#6d8764;strokeColor=#3A5431;curved=0;strokeWidth=1;" parent="1" source="52DqXLeXgyO4iOZ6ny6b-8" target="52DqXLeXgyO4iOZ6ny6b-1" edge="1">
+          <mxGeometry width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="754" y="590" as="sourcePoint" />
+            <mxPoint x="700" y="530" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="52DqXLeXgyO4iOZ6ny6b-16" value="Zero-trust overlay network, no listening ports on underlay" style="rounded=0;whiteSpace=wrap;html=1;strokeColor=none;fontColor=#6d8764;align=left;verticalAlign=bottom;labelBackgroundColor=none;fillColor=none;" parent="1" vertex="1">
+          <mxGeometry x="520" y="360" width="420" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="52DqXLeXgyO4iOZ6ny6b-19" value="OpenZiti&lt;div&gt;Router (+tunneller)&lt;/div&gt;" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#FFD966;strokeColor=#4D4D4D;fontColor=#000000;dashed=1;" parent="1" vertex="1">
+          <mxGeometry x="680" y="260" width="100" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="52DqXLeXgyO4iOZ6ny6b-21" value="OpenZiti&lt;div&gt;Controller&lt;/div&gt;" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#FFD966;strokeColor=#4D4D4D;fontColor=#000000;dashed=1;" parent="1" vertex="1">
+          <mxGeometry x="680" y="140" width="100" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="52DqXLeXgyO4iOZ6ny6b-22" value="" style="endArrow=none;html=1;rounded=0;entryX=0.5;entryY=0;entryDx=0;entryDy=0;exitX=0.5;exitY=1;exitDx=0;exitDy=0;fillColor=#cce5ff;strokeColor=#FF6666;strokeWidth=2;" parent="1" source="52DqXLeXgyO4iOZ6ny6b-19" target="52DqXLeXgyO4iOZ6ny6b-1" edge="1">
+          <mxGeometry width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="860" y="350" as="sourcePoint" />
+            <mxPoint x="830" y="370" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="52DqXLeXgyO4iOZ6ny6b-23" value="" style="endArrow=none;html=1;rounded=0;entryX=0.5;entryY=0;entryDx=0;entryDy=0;exitX=0.5;exitY=1;exitDx=0;exitDy=0;fillColor=#cce5ff;strokeColor=#FF6666;strokeWidth=2;" parent="1" source="52DqXLeXgyO4iOZ6ny6b-19" target="52DqXLeXgyO4iOZ6ny6b-5" edge="1">
+          <mxGeometry width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="870" y="320" as="sourcePoint" />
+            <mxPoint x="870" y="440" as="targetPoint" />
+            <Array as="points">
+              <mxPoint x="730" y="360" />
+              <mxPoint x="870" y="360" />
+            </Array>
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="52DqXLeXgyO4iOZ6ny6b-24" value="" style="endArrow=none;html=1;rounded=0;entryX=0.5;entryY=0;entryDx=0;entryDy=0;exitX=0.5;exitY=1;exitDx=0;exitDy=0;fillColor=#cce5ff;strokeColor=#FF6666;strokeWidth=2;" parent="1" source="52DqXLeXgyO4iOZ6ny6b-19" target="52DqXLeXgyO4iOZ6ny6b-8" edge="1">
+          <mxGeometry width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="310" y="320.6" as="sourcePoint" />
+            <mxPoint x="461" y="559.6" as="targetPoint" />
+            <Array as="points">
+              <mxPoint x="730" y="360" />
+              <mxPoint x="590" y="360" />
+            </Array>
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="52DqXLeXgyO4iOZ6ny6b-25" value="" style="endArrow=none;html=1;rounded=0;fillColor=#cce5ff;strokeColor=#FFD966;strokeWidth=2;dashed=1;" parent="1" source="52DqXLeXgyO4iOZ6ny6b-21" target="52DqXLeXgyO4iOZ6ny6b-19" edge="1">
+          <mxGeometry width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="600" y="200" as="sourcePoint" />
+            <mxPoint x="460" y="440" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="52DqXLeXgyO4iOZ6ny6b-26" value="EdgeX&lt;br&gt;Identity&lt;div&gt;Provider&lt;/div&gt;" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#cdeb8b;strokeColor=#36393d;dashed=1;" parent="1" vertex="1">
+          <mxGeometry x="1000" y="140" width="100" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="52DqXLeXgyO4iOZ6ny6b-27" value="Redis" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#cdeb8b;strokeColor=#36393d;dashed=1;" parent="1" vertex="1">
+          <mxGeometry x="1000" y="260" width="100" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="52DqXLeXgyO4iOZ6ny6b-28" value="EdgeX&lt;br&gt;Config&lt;br&gt;Store" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#cdeb8b;strokeColor=#4D4D4D;dashed=1;" parent="1" vertex="1">
+          <mxGeometry x="1000" y="400" width="100" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="52DqXLeXgyO4iOZ6ny6b-29" value=".well-known/keys" style="endArrow=classic;html=1;rounded=0;fillColor=#cce5ff;strokeColor=#FF6666;strokeWidth=2;targetPerimeterSpacing=8;endFill=1;entryX=0;entryY=0.5;entryDx=0;entryDy=0;" parent="1" source="52DqXLeXgyO4iOZ6ny6b-21" target="52DqXLeXgyO4iOZ6ny6b-26" edge="1">
+          <mxGeometry width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="750" y="160.6" as="sourcePoint" />
+            <mxPoint x="901" y="399.6" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="52DqXLeXgyO4iOZ6ny6b-30" value="" style="endArrow=none;html=1;rounded=0;fillColor=#cce5ff;strokeColor=#66B2FF;strokeWidth=2;" parent="1" source="52DqXLeXgyO4iOZ6ny6b-19" target="52DqXLeXgyO4iOZ6ny6b-27" edge="1">
+          <mxGeometry width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="790" y="180" as="sourcePoint" />
+            <mxPoint x="1010" y="180" as="targetPoint" />
+            <Array as="points">
+              <mxPoint x="970" y="290" />
+            </Array>
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="52DqXLeXgyO4iOZ6ny6b-32" value="" style="endArrow=none;html=1;rounded=0;fillColor=#cce5ff;strokeColor=#66B2FF;strokeWidth=2;" parent="1" source="52DqXLeXgyO4iOZ6ny6b-19" target="52DqXLeXgyO4iOZ6ny6b-28" edge="1">
+          <mxGeometry width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="810" y="326.13" as="sourcePoint" />
+            <mxPoint x="1030" y="340.13" as="targetPoint" />
+            <Array as="points">
+              <mxPoint x="970" y="290" />
+              <mxPoint x="970" y="430" />
+            </Array>
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="52DqXLeXgyO4iOZ6ny6b-33" value="EdgeX&lt;br&gt;Bootstrapping" style="rounded=0;whiteSpace=wrap;html=1;strokeColor=#36393d;fillColor=#eeeeee;" parent="1" vertex="1">
+          <mxGeometry x="490" y="140" width="100" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="52DqXLeXgyO4iOZ6ny6b-34" value="MGMT&lt;br&gt;API" style="endArrow=classic;html=1;rounded=0;fillColor=#cce5ff;strokeColor=#FF6666;strokeWidth=2;targetPerimeterSpacing=8;endFill=1;entryX=-0.028;entryY=0.513;entryDx=0;entryDy=0;entryPerimeter=0;" parent="1" source="52DqXLeXgyO4iOZ6ny6b-33" target="52DqXLeXgyO4iOZ6ny6b-21" edge="1">
+          <mxGeometry width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="790" y="180" as="sourcePoint" />
+            <mxPoint x="1010" y="180" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="52DqXLeXgyO4iOZ6ny6b-35" value="&lt;font style=&quot;font-size: 8px;&quot;&gt;HTTP+auth&lt;/font&gt;" style="rounded=0;html=1;strokeColor=none;fontColor=#4D4D4D;align=left;verticalAlign=bottom;labelBackgroundColor=none;fillColor=none;horizontal=1;spacing=2;whiteSpace=wrap;labelPosition=center;verticalLabelPosition=middle;" parent="1" vertex="1">
+          <mxGeometry x="1000" y="200" width="100" height="20" as="geometry" />
+        </mxCell>
+        <mxCell id="52DqXLeXgyO4iOZ6ny6b-36" value="&lt;font style=&quot;font-size: 8px;&quot;&gt;HTTP+user/pwd&lt;/font&gt;" style="rounded=0;html=1;strokeColor=none;fontColor=#4D4D4D;align=left;verticalAlign=bottom;labelBackgroundColor=none;fillColor=none;horizontal=1;spacing=2;whiteSpace=wrap;labelPosition=center;verticalLabelPosition=middle;" parent="1" vertex="1">
+          <mxGeometry x="1000" y="320" width="100" height="20" as="geometry" />
+        </mxCell>
+        <mxCell id="52DqXLeXgyO4iOZ6ny6b-38" value="&lt;font style=&quot;font-size: 8px;&quot;&gt;HTTP+auth&lt;/font&gt;" style="rounded=0;html=1;strokeColor=none;fontColor=#4D4D4D;align=left;verticalAlign=bottom;labelBackgroundColor=none;fillColor=none;horizontal=1;spacing=2;whiteSpace=wrap;labelPosition=center;verticalLabelPosition=middle;" parent="1" vertex="1">
+          <mxGeometry x="1000" y="460" width="100" height="20" as="geometry" />
+        </mxCell>
+        <mxCell id="52DqXLeXgyO4iOZ6ny6b-39" value="ACL" style="shape=tape;whiteSpace=wrap;html=1;size=0.2562770562770462;flipH=1;fillColor=#adb893;strokeColor=#4D4D4D;" parent="1" vertex="1">
+          <mxGeometry x="1080" y="440" width="40" height="20" as="geometry" />
+        </mxCell>
+        <mxCell id="52DqXLeXgyO4iOZ6ny6b-40" value="ACL" style="shape=tape;whiteSpace=wrap;html=1;size=0.2562770562770462;flipH=1;fillColor=#adb893;strokeColor=#4D4D4D;" parent="1" vertex="1">
+          <mxGeometry x="1080" y="300" width="40" height="20" as="geometry" />
+        </mxCell>
+        <mxCell id="52DqXLeXgyO4iOZ6ny6b-41" value="ACL" style="shape=tape;whiteSpace=wrap;html=1;size=0.2562770562770462;flipH=1;fillColor=#adb893;strokeColor=#4D4D4D;" parent="1" vertex="1">
+          <mxGeometry x="1080" y="180" width="40" height="20" as="geometry" />
+        </mxCell>
+        <mxCell id="52DqXLeXgyO4iOZ6ny6b-42" value="Direct access or ZTNA access&lt;br&gt;to non-zitified services" style="rounded=0;html=1;strokeColor=none;fontColor=#66B2FF;align=center;verticalAlign=bottom;labelBackgroundColor=none;fillColor=none;horizontal=1;spacing=2;whiteSpace=wrap;labelPosition=center;verticalLabelPosition=middle;" parent="1" vertex="1">
+          <mxGeometry x="780" y="260" width="190" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="52DqXLeXgyO4iOZ6ny6b-43" value="" style="endArrow=none;html=1;rounded=0;entryX=0.5;entryY=1;entryDx=0;entryDy=0;fillColor=#cce5ff;strokeColor=#66B2FF;strokeWidth=2;exitX=1;exitY=0.5;exitDx=0;exitDy=0;shadow=0;flowAnimation=0;align=center;verticalAlign=middle;fontFamily=Helvetica;fontSize=11;fontColor=default;labelBackgroundColor=default;" parent="1" source="52DqXLeXgyO4iOZ6ny6b-26" target="52DqXLeXgyO4iOZ6ny6b-8" edge="1">
+          <mxGeometry width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="1150" y="180" as="sourcePoint" />
+            <mxPoint x="1491" y="719" as="targetPoint" />
+            <Array as="points">
+              <mxPoint x="1140" y="170" />
+              <mxPoint x="1140" y="660" />
+              <mxPoint x="590" y="660" />
+            </Array>
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="52DqXLeXgyO4iOZ6ny6b-45" value="" style="endArrow=none;html=1;rounded=0;fillColor=#cce5ff;strokeColor=#66B2FF;strokeWidth=2;exitX=0.506;exitY=1.004;exitDx=0;exitDy=0;exitPerimeter=0;shadow=0;align=center;verticalAlign=middle;fontFamily=Helvetica;fontSize=11;fontColor=default;labelBackgroundColor=default;" parent="1" source="52DqXLeXgyO4iOZ6ny6b-5" edge="1">
+          <mxGeometry width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="871.95" y="630" as="sourcePoint" />
+            <mxPoint x="870" y="660" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="52DqXLeXgyO4iOZ6ny6b-46" value="" style="endArrow=none;html=1;rounded=0;fillColor=#cce5ff;strokeColor=#66B2FF;strokeWidth=2;exitX=0.5;exitY=1;exitDx=0;exitDy=0;shadow=0;align=center;verticalAlign=middle;fontFamily=Helvetica;fontSize=11;fontColor=default;labelBackgroundColor=default;" parent="1" source="52DqXLeXgyO4iOZ6ny6b-1" edge="1">
+          <mxGeometry width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="730.7" y="649.76" as="sourcePoint" />
+            <mxPoint x="730" y="660" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="52DqXLeXgyO4iOZ6ny6b-13" value="&lt;font color=&quot;#6d8764&quot;&gt;E2EE&lt;/font&gt;" style="endArrow=classic;startArrow=classic;html=1;rounded=1;entryX=-0.024;entryY=0.5;entryDx=0;entryDy=0;exitX=1;exitY=0.5;exitDx=0;exitDy=0;entryPerimeter=0;dashed=1;fillColor=#6d8764;strokeColor=#3A5431;curved=0;strokeWidth=1;" parent="1" source="52DqXLeXgyO4iOZ6ny6b-8" target="52DqXLeXgyO4iOZ6ny6b-5" edge="1">
+          <mxGeometry width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="699.6" y="628.8" as="sourcePoint" />
+            <mxPoint x="780.6" y="570.8" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="52DqXLeXgyO4iOZ6ny6b-47" value="OpenZiti&lt;div&gt;Tunneler&lt;/div&gt;" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#FFD966;strokeColor=#4D4D4D;fontColor=#000000;dashed=1;" parent="1" vertex="1">
+          <mxGeometry x="340" y="330" width="100" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="52DqXLeXgyO4iOZ6ny6b-48" value="Remote Connection&lt;br&gt;(Browser etc)" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#fad9d5;strokeColor=#ae4132;dashed=1;" parent="1" vertex="1">
+          <mxGeometry x="340" y="440" width="100" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="52DqXLeXgyO4iOZ6ny6b-50" value="&lt;span style=&quot;color: rgb(0, 0, 0); font-family: Helvetica; font-size: 11px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; white-space: nowrap; background-color: rgb(255, 255, 255); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; float: none; display: inline !important;&quot;&gt;Obtain JWT from IdP&lt;/span&gt;" style="text;whiteSpace=wrap;html=1;verticalAlign=middle;align=center;" parent="1" vertex="1">
+          <mxGeometry x="590" y="640" width="280" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="52DqXLeXgyO4iOZ6ny6b-51" value="" style="endArrow=none;html=1;rounded=0;fillColor=#cce5ff;strokeColor=#FF6666;strokeWidth=2;" parent="1" source="52DqXLeXgyO4iOZ6ny6b-19" target="52DqXLeXgyO4iOZ6ny6b-47" edge="1">
+          <mxGeometry width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="380" y="190" as="sourcePoint" />
+            <mxPoint x="530" y="290" as="targetPoint" />
+            <Array as="points">
+              <mxPoint x="730" y="360" />
+            </Array>
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="52DqXLeXgyO4iOZ6ny6b-52" value="&lt;font color=&quot;#6d8764&quot;&gt;E2EE&lt;/font&gt;" style="endArrow=classic;startArrow=classic;html=1;rounded=1;dashed=1;fillColor=#6d8764;strokeColor=#3A5431;curved=0;strokeWidth=1;" parent="1" source="52DqXLeXgyO4iOZ6ny6b-48" target="52DqXLeXgyO4iOZ6ny6b-1" edge="1">
+          <mxGeometry width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="419" y="588" as="sourcePoint" />
+            <mxPoint x="500" y="530" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="52DqXLeXgyO4iOZ6ny6b-53" value="&lt;span style=&quot;color: rgb(0, 0, 0); font-family: Helvetica; font-size: 11px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; white-space: nowrap; background-color: rgb(255, 255, 255); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; float: none; display: inline !important;&quot;&gt;Zero-trust data plane&lt;/span&gt;" style="text;whiteSpace=wrap;html=1;verticalAlign=middle;align=center;" parent="1" vertex="1">
+          <mxGeometry x="460" y="330" width="270" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="52DqXLeXgyO4iOZ6ny6b-57" value="" style="endArrow=none;html=1;rounded=0;fillColor=#cce5ff;strokeColor=#FFD966;strokeWidth=2;exitX=0.741;exitY=0.25;exitDx=0;exitDy=0;exitPerimeter=0;dashed=1;" parent="1" target="52DqXLeXgyO4iOZ6ny6b-47" edge="1">
+          <mxGeometry width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="659.9999999999999" y="309.9" as="sourcePoint" />
+            <mxPoint x="439.83" y="309.91999999999996" as="targetPoint" />
+            <Array as="points">
+              <mxPoint x="390" y="310" />
+            </Array>
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="52DqXLeXgyO4iOZ6ny6b-58" value="&lt;span style=&quot;color: rgb(0, 0, 0); font-family: Helvetica; font-size: 11px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; white-space: nowrap; background-color: rgb(255, 255, 255); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; float: none; display: inline !important;&quot;&gt;Zero-trust control plane&lt;/span&gt;" style="text;whiteSpace=wrap;html=1;verticalAlign=middle;align=center;" parent="1" vertex="1">
+          <mxGeometry x="460" y="290" width="200" height="20" as="geometry" />
+        </mxCell>
+        <mxCell id="52DqXLeXgyO4iOZ6ny6b-59" value="Admin Workstation" style="text;whiteSpace=wrap;html=1;verticalAlign=middle;align=center;fontSize=15;" parent="1" vertex="1">
+          <mxGeometry x="320" y="280" width="140" height="20" as="geometry" />
+        </mxCell>
+        <mxCell id="52DqXLeXgyO4iOZ6ny6b-60" value="&lt;font style=&quot;font-size: 8px;&quot;&gt;(local identity)&lt;/font&gt;" style="rounded=0;html=1;strokeColor=none;fontColor=#4D4D4D;align=left;verticalAlign=top;labelBackgroundColor=none;fillColor=none;horizontal=1;spacing=0;whiteSpace=wrap;labelPosition=center;verticalLabelPosition=middle;spacingTop=-8;" parent="1" vertex="1">
+          <mxGeometry x="330" y="300" width="120" height="20" as="geometry" />
+        </mxCell>
+      </root>
+    </mxGraphModel>
+  </diagram>
+</mxfile>
diff --git a/docs_src/security/edgex-openziti.png b/docs_src/security/edgex-openziti.png
new file mode 100644
index 0000000000..8593097fa0
Binary files /dev/null and b/docs_src/security/edgex-openziti.png differ
diff --git a/docs_src/security/external-openziti.png b/docs_src/security/external-openziti.png
new file mode 100644
index 0000000000..428b44dcd5
Binary files /dev/null and b/docs_src/security/external-openziti.png differ
diff --git a/docs_src/security/zero-trust.md b/docs_src/security/zero-trust.md
new file mode 100644
index 0000000000..21d8d5d50e
--- /dev/null
+++ b/docs_src/security/zero-trust.md
@@ -0,0 +1,597 @@
+# Zero Trust
+
+## Introduction
+
+Zero Trust is a set of security strategies centered around the fundamental principle that no network is safe. There are
+numerous vendors, all using the "zero trust" adjective to describe their security solutions. At the core of zero trust
+are a few fundamental principles:
+
+* Explicit Authorization: connections should be authenticated before traffic can be sent
+* Cryptographically Verifiable Identities: connections should be authenticated using strong identities
+* Least Privilege Access: identities should have access only the minimum set of services they require
+* Continual Authentication: authorized connections should be able to be revoked immediately and monitored continuously
+
+With version 3.2+, EdgeX Foundry can now secure its core services with a zero trust configuration. EdgeX Foundry has
+integrated with [OpenZiti](https://openziti.io) to provide secure, zero trust connectivity among the EdgeX provided
+services based on go. This includes the core services, support services, application services and numerous device
+services.
+
+OpenZiti also offers a novel approach of embedding these zero trust concepts directly into services through SDKs. By
+adopting OpenZiti, EdgeX Foundry core services **no longer have ports exposed to the IP-based underlay network at all**. 
+After enabling zero trust support, the EdgeX Foundry services will not be discoverable nor attackable by standard 
+IP-based tooling whatsoever. Any attacks will first need to be authenticated into the OpenZiti overlay network and then
+also authorized to make connections to the relevant EdgeX Foundry service.
+
+## About OpenZiti
+
+OpenZiti is an open source project focused on bringing zero trust networking principles directly into any application.
+It accomplishes this by providing [numerous SDKs](https://openziti.io/docs/reference/developer/sdk/) that can be
+integrated into any application. EdgeX Foundry has integrated the [golang sdk](https://github.com/openziti/sdk-golang/)
+from the OpenZiti project, enabling secure connectivity through an OpenZiti overlay mesh network. OpenZiti also provides
+clients for all major desktop and mobile operating systems that allow applications which are not OpenZiti-enabled to
+access the overlay network called tunnelers. If an OpenZiti SDK cannot be integrated into an application that needs to 
+connect to services secured via OpenZiti, such as the core EdgeX Foundry services, these clients can be used to provide
+access. These applications are known as tunnelers.
+
+An OpenZiti overlay network consists of a controller and edge routers. The controller, as it sounds, is responsible for
+decisions surrounding the overlay network such as authentication, authorization, management of the overlay, etc. Edge
+Routers are responsible for creating the overlay mesh network. One or more can link together to form a fully redundant
+mesh and routers may be assigned specific roles as needed. The full scope of what OpenZiti is and how to use it is
+impossible to document succinctly here. To learn how OpenZiti works or for additional information, please visit the 
+official docs site at https://openziti.io/docs and for help, ask in the official support forum: 
+https://openziti.discourse.group/.
+
+## Integrating EdgeX Foundry With OpenZiti
+
+EdgeX has adopted and integrated OpenZiti into it's microservice architecture and can now be enabled through 
+standard EdgeX configuration mechanisms. In order to build a zero trust overlay network usable by EdgeX, an OpenZiti 
+overlay network will need to be available and configured. The EdgeX project provides a docker compose file that deploys
+a full EdgeX Foundry install and can be optionally enabled with an OpenZiti, zero trust overlay network. If you are 
+already familiar with deploying EdgeX Foundry through the existing docker compose mechanism you will be able to 
+enable this additional security mechanism in the same way.
+
+#### Overview of EdgeX Foundry integrated with OpenZiti
+![Overview of EdgeX Foundry integrated with OpenZiti](edgex-openziti.png)
+
+## Securing EdgeX Services With OpenZiti
+
+When running in secure mode, EdgeX Foundry creates and uses strong identities in the form of JWTs for services. 
+When enabling zero trust access, those strong identities are used to authenticate to the OpenZiti overlay network by 
+leveraging a feature of OpenZiti called "external JWT signers". OpenZiti can be configured to trust other 
+authorities, such as the token provider EdgeX Foundry uses (Vault as of July 12, soon to be OpenBao). Once the 
+appropriate trust is configured, OpenZiti can use the strong identities created by another authority for 
+authentication to the overlay network. This is how "external JWT signers" operate. In order for OpenZiti to be able 
+to verify authentication tokens from the external provider, the JWT provider must be addressable by the OpenZiti 
+controller as it will use the JWKS endpoint provided by token provider in order to verify the token.
+
+The OpenZiti external JWT signer must be configured with an expected claim which will be contained within the JWT. 
+As part of the authentication process with OpenZiti, after the JWT is verified as authentic, the configured claim 
+will be inspected and a corresponding OpenZiti must exist with an "external id" set that matches the value of this 
+claim.
+
+### Example JWT Verification With OpenZiti
+
+Let's look at an example verification process to understand better how the JWT from the token provider is used to 
+authenticate to the OpenZiti overlay.
+
+1. After the EdgeX Foundry security bootstrapper completes, a token from the token provider for the target service 
+   will be available to the service.
+2. The token is read into memory.
+3. The token is exchanged with the token provider for a JWT. Here is a representative payload section of a JWT 
+   delivered to the core-command service:
+
+       {
+         "aud": "edgex",
+         "exp": 1720809046,
+         "iat": 1720808146,
+         "iss": "/v1/identity/oidc",
+         "name": "core-command",
+         "namespace": "root",
+         "sub": "790fd597-f773-21a6-158f-ee1158875115"
+       }
+
+   Notice the fields contained within the JWT payload, both the issuer (`iss`) field `name` field are important and 
+   are used in the OpenZiti `ext-jwt-signer` configuration. The `iss` field must match a configured `ext-jwt-signer`.
+4. The JWT is sent to OpenZiti for verification.
+5. OpenZiti makes a request to the token provider's JWKS endpoint (as needed) to obtain the necessary key material 
+   to verify the authenticity of the JWT.
+6. Once the JWT is verified as authentic, the configured field (in this case `name`) read from the JWT.
+7. OpenZiti scans all identities for one with an `--externalId` set to the value from the JWT (in this case 
+   `core-command`)
+8. If an identity is found with an associated auth policy utilizing the expected value (`core-command`), the 
+   identity is considered authenticated.
+
+### Authorizing Access to EdgeX Foundry Services
+
+OpenZiti is also now able to authorize connections to EdgeX Foundry services and when configured to operate in with 
+the zero trust security model, this is how service authorization works. With zero trust enabled, traffic for any 
+particular service must be delivered, authenticated, and authorized by the OpenZiti overlay network. It is no longer 
+necessary to also provide a bearer token to the service.
+
+This allows other, non-EdgeX Foundry services or clients to access services without passing a bearer token to the 
+service. Instead, those clients will be required to have a strong identity and be authenticated and authorized by 
+the zero trust overlay network. OpenZiti does not prevent services from implementing other, additional 
+authentication mechanisms. If a service provides an HTTP server and also requires ancillary authentication in the 
+form of username/password, bearer token, etc., these additional mechanisms maybe be applied by service authors. The 
+EdgeX Foundry services will not require additional authentication when operating in the zero trust security model.
+
+## Listing of EdgeX Foundry ←→ OpenZiti Services
+| EdgeX Foundry Service | OpenZiti Service Name | OpenZiti Configured Intercept Address | Port | Service Attribute |
+|-----------------------|-|---------------------------------------|------|-------------------|
+| core-command | edgex.core-command | core-command.edgex.ziti | 80 | core.svc |
+| core-data | edgex.core-data | core-data.edgex.ziti | 80 | core.svc |
+| core-metadata | edgex.core-metadata | core-metadata.edgex.ziti | 80 | core.svc |
+| ui | edgex.ui | ui.edgex.ziti | 80 | core.svc |
+| rules-engine | edgex.rules-engine | rules-engine.edgex.ziti | 80 | support.svc |
+| support-notifications | edgex.support-notifications | support-notifications.edgex.ziti | 80 | support.svc |
+| support-scheduler | edgex.support-scheduler | support-scheduler.edgex.ziti | 80 | support.svc |
+| device-bacnet-ip | edgex.device-bacnet-ip | device-bacnet-ip.edgex.ziti | 80 | device.svc |
+| device-coap | edgex.device-coap | device-coap.edgex.ziti | 80 | device.svc |
+| device-gpio | edgex.device-gpio | device-gpio.edgex.ziti | 80 | device.svc |
+| device-modbus | edgex.device-modbus | device-modbus.edgex.ziti | 80 | device.svc |
+| device-mqtt | edgex.device-mqtt | device-mqtt.edgex.ziti | 80 | device.svc |
+| device-onvif-camera | edgex.device-onvif-camera | device-onvif-camera.edgex.ziti | 80 | device.svc |
+| device-rest | edgex.device-rest | device-rest.edgex.ziti | 80 | device.svc |
+| device-rfid-llrp | edgex.device-rfid-llrp | device-rfid-llrp.edgex.ziti | 80 | device.svc |
+| device-snmp | edgex.device-snmp | device-snmp.edgex.ziti | 80 | device.svc |
+| device-uart | edgex.device-uart | device-uart.edgex.ziti | 80 | device.svc |
+| device-usb-camera | edgex.device-usb-camera | device-usb-camera.edgex.ziti | 80 | device.svc |
+| device-virtual | edgex.device-virtual | device-virtual.edgex.ziti | 80 | device.svc |
+| app-external-mqtt-trigger | edgex.app-external-mqtt-trigger | app-external-mqtt-trigger.edgex.ziti | 80 | application.svc |
+| app-http-export | edgex.app-http-export | app-http-export.edgex.ziti | 80 | application.svc |
+| app-metrics-influxdb | edgex.app-metrics-influxdb | app-metrics-influxdb.edgex.ziti | 80 | application.svc |
+| app-mqtt-export | edgex.app-mqtt-export | app-mqtt-export.edgex.ziti | 80 | application.svc |
+| app-rfid-llrp-inventory | edgex.app-rfid-llrp-inventory | app-rfid-llrp-inventory.edgex.ziti | 80 | application.svc |
+| app-rules-engine | edgex.app-rules-engine | app-rules-engine.edgex.ziti | 80 | application.svc |
+| app-record-replay | edgex.app-record-replay | app-record-replay.edgex.ziti | 80 | application.svc |
+| app-sample | edgex.app-sample | app-sample.edgex.ziti | 80 | application.svc |
+
+## Granting Access To Services
+
+As shown in the section above, there are essentially four groupings of services:
+* core services, using the `core.svc` attribute
+* support services, using the `support.svc` attribute
+* device services, using the `device.svc` attribute
+* application services, using the `application.svc` attribute
+
+The initialization script will also create OpenZiti service-policy entries authorizing identities to bind services 
+if the service is configured as a server and also authorizing identities which need to access identities acting as a
+server. Policies authorizing bind should all named with a `.bind` suffix as in: `edgex.core-metadata.bind`. 
+Similarly, policies will be generated ending with `.dial` to authorize identities to dial services.
+
+Generally there are likely to be fewer identities needing to bind services. Instead, it's more common to authorize 
+identities to dial services. It's worthwhile to take note that the dial policies leverage attributes, allowing 
+identities to be authorized to dial services easily. When creating an identity, assign the appropriate attribute to 
+and it will be automatically authorized to dial the related services.
+
+## Controlling Access Through Policies
+
+OpenZiti has a flexible authorization model based on policies. In OpenZiti, these are known as
+[Service Policies](https://openziti.io/docs/learn/core-concepts/security/authorization/policies/overview/). Service
+policies allow the operator of the overlay network to authorize individual identities or groups of identities to
+access services, also by name or by grouping.
+
+When EdgeX Foundry is configured using the `openziti-init-entrypoint.sh` script, it will precreate all the services for
+the default EdgeX Foundry services, regardless whether you use these services or not. That way, should you add an
+optional service later on, the OpenZiti overlay network will likely have an existing service already.
+
+When initializing the OpenZiti overlay for EdgeX Foundry, an initial set of services will be configured in the
+OpenZiti overlay network. Below is an incomplete listing of those services For the most complete table, refer to the
+`openziti-init-entrypoint.sh` script itself.
+
+### Example Authorizing Dial
+To better understand how authorizing an identity to dial a service works, imagine a new device service is being 
+developed. Looking at the `edgex.device.id.dial` service policy with the `ziti` CLI, we can see that device services 
+(identities with the `#device.id` attribute) are authorized to access `core-metadata`:
+```
+$ ziti edge list service-policies 'name contains "device.id" sort by name limit none'
+╭────────────────────────┬──────────────────────┬──────────┬──────────────────────┬────────────────┬─────────────────────╮
+│ ID                     │ NAME                 │ SEMANTIC │ SERVICE ROLES        │ IDENTITY ROLES │ POSTURE CHECK ROLES │
+├────────────────────────┼──────────────────────┼──────────┼──────────────────────┼────────────────┼─────────────────────┤
+│ 4lj78qsu9ffrPxsLgs2LEq │ edgex.device.id.dial │ AnyOf    │ @edgex.core-metadata │ #device.id     │                     │
+╰────────────────────────┴──────────────────────┴──────────┴──────────────────────┴────────────────┴─────────────────────╯
+results: 1-1 of 1
+```
+
+When developing a new device service, when creating the identity we should add the `#device.id` attribute to 
+authorize this service to connect to `core-metadata`.
+
+## Accessing EdgeX Services OpenZiti From The Network
+
+As described above, EdgeX Foundry services protected by OpenZiti have no listening ports. These services are not 
+discoverable by IP-based underlay probes and are not accessible by IP-based tooling without an adapting layer.
+OpenZiti provides software called ["tunnelers"](https://openziti.io/docs/reference/tunnelers/) that adapt classic, 
+IP-based, underlay traffic to and from the OpenZiti overlay network. These tunnelers are provided for all major 
+desktop and mobile operating systems. These tunnelers are purpose-built applications leveraging the suite of 
+[OpenZiti SDKs](https://openziti.io/docs/reference/developer/sdk/) mainly to do one thing: convert IP-based underlay 
+traffic to OpenZiti overlay traffic and OpenZiti overlay traffic to IP-based underlay traffic.
+
+When using OpenZiti to add zero trust principles to EdgeX Foundry services, in order to access those services using 
+tools that are not integrated with OpenZiti (classic, IP-based tools), one will need to have a tunneler installed to 
+adapt the IP traffic to OpenZiti traffic. Accordingly, the tunneler requires a valid identity exists, authorizing 
+the tunneler to access the desired services. To add an identity to a tunneler, read about
+[enrolling an identity](https://openziti.io/docs/learn/core-concepts/identities/enrolling/#enrolling-an-identity).
+
+### Intercepting Services
+With the tunneler deployed and authenticated with an OpenZiti overlay network, traffic local to that operating 
+system will be able to be sent to the target service. Accessing services with a tunneler, requires additional 
+"intercept" configurations. These intercept configurations are used to instruct the tunneler to adapt the host 
+operating system in a way that send the IP-based underlay traffic to the tunneler, where it is converted to OpenZiti 
+overlay traffic and sent to the target service.
+
+The `openziti-init-entrypoint.sh` script configures each service that acts as a server with an `intercept` config,
+making it easy for an identity with authorization to access the service. The configs all follow the 
+pattern of `edgex.${service_name}.intercept` and have a configured intercept of `${service_name}.edgex.ziti`. 
+Should [CORS](https://en.wikipedia.org/wiki/Cross-origin_resource_sharing) configuration be needed, it's important 
+to have a predictable top-level domain name, so the intercepts all end with `.edgex.ziti`. Configs can be seen by 
+reading the script or by enumerating them with the `ziti` CLI tool.
+
+### Summary of Configured Intercepts
+
+| Service Name | Intercept Name | Intercept Address |
+|--------------|----------------|-------------------|
+| app-external-mqtt-trigger | edgex.app-external-mqtt-trigger.intercept | app-external-mqtt-trigger.edgex.ziti |
+| app-http-export | edgex.app-http-export.intercept | app-http-export.edgex.ziti          |
+| app-metrics-influxdb | edgex.app-metrics-influxdb.intercept | app-metrics-influxdb.edgex.ziti     |
+| app-mqtt-export | edgex.app-mqtt-export.intercept | app-mqtt-export.edgex.ziti          |
+| app-record-replay | edgex.app-record-replay.intercept | app-record-replay.edgex.ziti        |
+| app-rfid-llrp-inventory | edgex.app-rfid-llrp-inventory.intercept | app-rfid-llrp-inventory.edgex.ziti  |
+| app-rules-engine | edgex.app-rules-engine.intercept | app-rules-engine.edgex.ziti         |
+| app-sample | edgex.app-sample.intercept | app-sample.edgex.ziti               |
+| core-command | edgex.core-command.intercept | core-command.edgex.ziti             |
+| core-data | edgex.core-data.intercept | core-data.edgex.ziti                |
+| core-metadata | edgex.core-metadata.intercept | core-metadata.edgex.ziti            |
+| device-bacnet-ip | edgex.device-bacnet-ip.intercept | device-bacnet-ip.edgex.ziti         |
+| device-coap | edgex.device-coap.intercept | device-coap.edgex.ziti              |
+| device-gpio | edgex.device-gpio.intercept | device-gpio.edgex.ziti              |
+| device-modbus | edgex.device-modbus.intercept | device-modbus.edgex.ziti            |
+| device-mqtt | edgex.device-mqtt.intercept | device-mqtt.edgex.ziti              |
+| device-onvif-camera | edgex.device-onvif-camera.intercept | device-onvif-camera.edgex.ziti      |
+| device-rest | edgex.device-rest.intercept | device-rest.edgex.ziti              |
+| device-rfid-llrp | edgex.device-rfid-llrp.intercept | device-rfid-llrp.edgex.ziti         |
+| device-snmp | edgex.device-snmp.intercept | device-snmp.edgex.ziti              |
+| device-uart | edgex.device-uart.intercept | device-uart.edgex.ziti              |
+| device-usb-camera | edgex.device-usb-camera.intercept | device-usb-camera.edgex.ziti        |
+| device-virtual | edgex.device-virtual.intercept | device-virtual.edgex.ziti           |
+| rules-engine | edgex.rules-engine.intercept | rules-engine.edgex.ziti             |
+| support-notifications | edgex.support-notifications.intercept | support-notifications.edgex.ziti    |
+| support-scheduler | edgex.support-scheduler.intercept | support-scheduler.edgex.ziti        |
+| ui | edgex.ui.intercept | ui.edgex.ziti                       |
+
+## Healthcheck Proxy
+
+A great example of an IP-based underlay service that needs access to EdgeX Foundry services is consul. Consul is 
+configured to check the health of services but consul is not OpenZiti-enabled and requires IP-based underlay access 
+in order to perform health checks.
+
+When running in zero trust mode, each service provides the intercept value for the service as input to the consul 
+configuration. When a new service is registered in consul and the healthcheck starts, it will only understand how to 
+make a classic, IP-based connection to the endpoint which will not succeed.
+
+To allow consul health checks to succeed another container needs to be deployed. A new container is deployed when 
+running in zero trust mode found from ghcr.io/openziti-test-kitchen/healthcheck-proxy/healthcheck-proxy:latest. Read 
+the [README.md](https://github.com/openziti-test-kitchen/healthcheck-proxy) to learn more about how to configure it. 
+This container starts up and waits for an identity file to be provided to it (which is done during the 
+initialization phase by the `openziti-init-entrypoint.sh` script), authorizing the container to make requests to 
+EdgeX Foundry services.  This identity is created with the `#edgex-healthchecker` role which authorizes the identity 
+to connect to all services. The proxy is then configured to only allow specific requests through. By default, the 
+proxy will only allow `GET` requests to urls ending with `/ping` and only hostnames ending with `.edgex.ziti` on 
+port 80.
+
+In order to capture these requests, the container leverages the docker network it's part of and has an alias 
+assigned for each intercept (all preconfigured).
+
+## Operating an External OpenZiti Overlay Network
+
+It's common to expose an OpenZiti overlay network to the internet. An OpenZiti overlay deployed on the internet allows 
+identities to connect to the OpenZiti overlay from anywhere. Once connected to the overlay, identities authorized to
+access EdgeX Foundry services are then able to access those services securely from anywhere. EdgeX Foundry supports 
+operating an externally managed OpenZiti overlay network, but it does require additional setup steps. Most notably, 
+the OpenZiti overlay network will need to be able to communicate to the token provider in order to verify the JWT 
+tokens provided during authentication to the network.
+
+![Visual Representation of an External OpenZiti Overlay](external-openziti.png)
+
+Here is an overview of the additional steps required to integrate an EdgeX Foundry deployment with an external 
+OpenZiti overlay network:
+* Set up the OpenZiti overlay network
+* Configure the OpenZiti overlay network to tunnel requests to token provider. You could alternatively expose the 
+  token provider directly to the internet, but if you have an OpenZiti overlay network available that seems like a 
+  bad decision 
+* Configure the OpenZiti overlay for EdgeX Foundry support
+* Enable zero trust mode on EdgeX Foundry services
+
+### Set Up the OpenZiti Overlay Network
+Setting up and maintaining an OpenZiti overlay is too big a topic to include here. Refer to the OpenZiti 
+documentation for installation and maintenance. Optionally, if available find a vendor to setup and maintain the 
+OpenZiti overlay network on your behalf. Currently, NetFoundry can host an OpenZiti overlay for use with EdgeX Foundry
+see: https://nfconsole.io/pricing  
+
+## Configure the OpenZiti Overlay for the Token Provider
+Assuming the token provider will be running in your own private networking space, the OpenZiti overlay will need 
+to be able to communicate to it to verify JWTs. This will require a tunneler to exist on or near the OpenZiti 
+controller to provide the necessary access. An easy way to accomplish this is to deploy a router near the controller 
+and enable it for `tproxy` mode. This will allow the router to adapt IP-based underlay traffic from the controller 
+back into the overlay network, eventually sending traffic to the token provider.
+
+These steps below will expect this topology. The edge router near/colocated with the controller will be configured 
+with `tproxy` support, and it will tunnel traffic to the token provider.
+
+### Set Some Variables In Your Shell
+Correctly set the following variables for your OpenZiti overlay in your shell for use with the commands below. 
+Either set the variables directly, create and source a file with these answers, or simply replace them in the 
+commands as you see fit. However, if you choose to set these variables, you should be able to copy/paste the other 
+commands easier
+
+**Variables to set:**
+```
+ZITI_USER=
+ZITI_PWD=
+OPENZITI_ADVERTISED_ADDRESS="your.openziti.ctrl.example.com"
+OPENZITI_ADVERTISED_PORT=1280
+OPENZITI_CONTROL_PORT=6262
+OPENZITI_PERSISTENCE_PATH="/edgex_openziti"
+OPENZITI_EDGEX_ROUTER_NAME="edgex.router"
+OPENZITI_CONTROLLER_ROUTER_NAME="ip-172-31-47-200-edge-router"
+EDGEX_TOKEN_PROVIDER_HOST=edgex-vault
+```
+
+**Variable Explanations:**
+
+* **ZITI_USER:** The user that has administrative permission to the OpenZiti overlay. In order to create 
+  configuration, you will need to be administrator.
+* **ZITI_PWD:** The password for the user with admin priviliges to the OpenZiti overlay.
+* **OPENZITI_ADVERTISED_ADDRESS:** The externally addressable endpoint of the OpenZiti controller management API.
+* **OPENZITI_ADVERTISED_PORT:** The port assigned to the OpenZiti management API.
+* **OPENZITI_CONTROL_PORT:** The control plane port assigned to the OpenZiti control plane. This is the port routers 
+  will use to connect to the controller.
+* **OPENZITI_EDGEX_ROUTER_NAME:** The name of the router to create within the docker network the rest of EdgeX 
+  Foundry dependencies and services reside. This router will offload requests from the OpenZiti controller to the 
+  token provider.
+* **OPENZITI_CONTROLLER_ROUTER_NAME:** The name of the router to create near the controller. This router will be 
+  responsible for tunneling token provider requests to the token provider.
+* **OPENZITI_PERSISTENCE_PATH:** The path within docker where the healthcheck proxy is expected to be mounted. An 
+  identity will be provisioned and copied into docker at this location, allowing the healthcheck-proxy to proxy 
+  healthchecks from consul. Generally speaking this will be `/edgex_openziti`
+* **EDGEX_TOKEN_PROVIDER_HOST:** The address, relative to the router near the EdgeX Foundry services where the token
+  provider endpoints can be reached
+
+### Create or Adapt the Router for the OpenZiti Controller
+
+Configure a router adjacent to the OpenZiti controller with the ability to tunnel and operating in `tproxy` mode. 
+Ensure the router was created with tunneling enabled. This complex looking command will use the `ziti` CLI to query 
+the OpenZiti overlay for the router near the controller, send the output as json to `jq` and find the 
+`isTunnelerEnabled` value.
+
+**Example illustrating the router is tunneler-enabled:**
+```
+ziti edge list ers 'name = "'"${OPENZITI_CONTROLLER_ROUTER_NAME}"'"' -j | jq -r '.data[].isTunnelerEnabled'
+true
+```
+
+After confirming the router is enabled for tunneling, locate the config file and verify a listener is declared with 
+the `tunnel` binding and with the `mode` `option` set to `tproxy` as shown:
+```
+listeners:
+...
+  - binding: tunnel
+    options:
+      mode: tproxy
+```
+
+If editing the file was needed, restart the router to pick up the configuration change.
+
+### Create a Router Near EdgeX Foundry
+
+Connections and data will need to be tunneled from the public OpenZiti overlay to the private networking space where 
+the token provider is deployed - generally within docker. Add an OpenZiti router to your docker compose project. It 
+should look something like this:
+```
+  openziti-router:
+    container_name: edgex-openziti-router
+    image: openziti/ziti-cli:1.1.4
+    env_file:
+      - .env
+    environment:
+      PFXLOG_NO_JSON: "${PFXLOG_NO_JSON:-true}"
+    entrypoint: /openziti-router-entrypoint.sh
+    command: run "\${HOME}/\${OPENZITI_EDGEX_ROUTER_NAME}.yml"
+    volumes:
+      - edgex_openziti:/edgex_openziti
+      - $PWD/openziti-router-entrypoint.sh:/openziti-router-entrypoint.sh
+#    ports:
+#      - ${ZITI_INTERFACE:-0.0.0.0}:${ZITI_ROUTER_PORT:-3022}:${ZITI_ROUTER_PORT:-3022}
+    restart: unless-stopped
+    networks:
+      edgex-network:
+```
+
+Reviewing the docker-compose service shown above there are some things to take note of. 
+* the container uses an entrypoint script found in the `edge-compose` project. Clone the repo or download it from 
+  GitHub [here](https://raw.githubusercontent.com/edgexfoundry/edgex-compose/main/openziti-router-entrypoint.sh)
+* The router is set to use 'human legible' logging by setting `PFXLOG_NO_JSON: "${PFXLOG_NO_JSON:-true}"`. Remove 
+  this to use json-based logging, which is better for log-shipping
+* The router service mounts a volume named `edgex_openziti` as the path `/edgex_openziti`. This is where configuration 
+  files will be stored
+* The router service mounts the entrypoint script from your current directory. Set this accordingly or ensure you 
+  start the router from a folder with the `openziti-router-entrypoint.sh` within it
+* the `ports` section is commented out. If you would like to use this router for local zero trust connections, you 
+  would uncomment this block and set the exposed port accordingly
+*  The container uses an `env_file`. The `env_file` is expected to have the following values set properly:
+     ```
+     ZITI_USER=
+     ZITI_PWD=
+     
+     OPENZITI_ADVERTISED_ADDRESS="your.openziti.ctrl.example.com"
+     OPENZITI_ADVERTISED_PORT=1280
+     OPENZITI_CONTROL_PORT=6262
+     OPENZITI_ADVERTISED_ADDRESS_PORT=${OPENZITI_ADVERTISED_ADDRESS}:${OPENZITI_ADVERTISED_PORT}
+     
+     OPENZITI_EDGEX_ROUTER_NAME="edgex.router"
+     OPENZITI_CONTROLLER_ROUTER_NAME="ip-172-31-47-200-edge-router"
+     
+     OPENZITI_PERSISTENCE_PATH=/edgex_openziti
+     EDGEX_TOKEN_PROVIDER_HOST="edgex-vault"
+     ```
+
+Start the OpenZiti router service using docker. When it first starts, the entrypoint script will wait for an 
+enrollment token to be mounted into the container at `/home/ziggy/edgex.router.jwt`. You will see this message 
+repeated until the token is put in place:
+```
+waiting for router enrollment... please mount or copy the router's jwt to: /home/ziggy/edgex.router.jwt
+waiting for router enrollment... please mount or copy the router's jwt to: /home/ziggy/edgex.router.jwt
+waiting for router enrollment... please mount or copy the router's jwt to: /home/ziggy/edgex.router.jwt
+```
+
+Once the token is in place, the entrypoint script will enroll the router with the OpenZiti overlay network and then 
+start the process router process.
+
+To create the OpenZiti router for use with EdgeX Foundry, perform the following steps as the OpenZiti administrator:
+
+```
+ziti edge login "${OPENZITI_ADVERTISED_ADDRESS}:${OPENZITI_ADVERTISED_PORT}" -u "${ZITI_USER}" -p "${ZITI_PWD}" -y
+ziti edge create edge-router ${OPENZITI_EDGEX_ROUTER_NAME} -t -o ${OPENZITI_EDGEX_ROUTER_NAME}.jwt
+```
+
+With the router created in the OpenZiti overlay, copy the enrollment token into the container at the specified 
+location and ensure the `ziggy` user/group owns the token:
+```
+docker compose \
+  -f docker-compose-zero-trust-just-deps.yml \
+  cp ${OPENZITI_EDGEX_ROUTER_NAME}.jwt \
+  openziti-router:/home/ziggy/${OPENZITI_EDGEX_ROUTER_NAME}.jwt
+
+docker compose exec --user root openziti-router chown ziggy:ziggy /home/ziggy/${OPENZITI_EDGEX_ROUTER_NAME}.jwt
+```
+
+Finally, remove the enrollment token from your local filesystem. While only good for one use, it's useful to clean 
+it up. 
+```
+rm ${OPENZITI_EDGEX_ROUTER_NAME}.jwt
+```
+
+### Configure OpenZiti to Allow Token Provider Tunneling
+
+With the OpenZiti topology in place, the OpenZiti overlay can now be configured to allow the controller to tunnel 
+token provider requests. This is a standard OpenZiti configuration task as the overlay network is deployed. Here, 
+you will:
+* Create an "intercept" config, allowing the controller to send IP-based underlay traffic to a predefined url 
+  that represents the token provider via the ${OPENZITI_CONTROLLER_ROUTER_NAME} router. Notice the `addresses` field 
+  and `portRanges`. Whatever values are entered here must match the same values used to initialize the OpenZiti 
+  overlay network. This example uses the values from the `openziti-init-entrypoint.sh`
+
+      ziti edge create config "edgex.token-provider.intercept" intercept.v1 \
+        '{"protocols":["tcp"],"addresses":["token-provider.edgex.ziti"], "portRanges":[{"low":8200, "high":8200}]}'
+
+* Create a "host" config, allowing the ${OPENZITI_EDGEX_ROUTER_NAME} router to offload traffic from the OpenZiti 
+  overlay network back to the IP-based underlay network. Notice the address and port here must be accurate relative 
+  to where the router near the EdgeX Foundry services are deployed. The 
+  [container name](https://github.com/edgexfoundry/edgex-compose/blob/main/docker-compose.yml#L1305) or the 
+  containers `network alias` should be used for
+
+      ziti edge create config "edgex.token-provider.host" host.v1 \
+        '{"protocol":"tcp", "address":"edgex-vault","port":8200}'
+
+* Create an OpenZiti service representing the path from OpenZiti controller to token provider
+
+      ziti edge create service edgex.token-provider \
+        --configs edgex.token-provider.intercept,edgex.token-provider.host \
+        -a 'edgex.token-provider'
+
+* Authorize the router near the OpenZiti controller to connect to the token provider by creating a `Dial` 
+  `service-policy`. Notice this is done using the attribute of `#edgex.token-provider.dialers`.
+  Any identity with this attribute will be authorized to dial the `@edgex.token-provider` service
+
+      ziti edge create service-policy edgex.token-provider.dial Dial \
+        --identity-roles '#edgex.token-provider.dialers' \
+        --service-roles @edgex.token-provider \
+        --semantic "AnyOf"
+
+* Authorize the router near the EdgeX Foundry services to offload traffic towards the IP-based token provider 
+  service by creating a `Bial` `service-policy`. Notice this is done using the attribute of `#edgex.token-provider.binders`. 
+  Any identity with this attribute will be authorized to bind the `@edgex.token-provider` service
+
+      ziti edge create service-policy edgex.token-provider.bind Bind \
+        --identity-roles '#edgex.token-provider.binders' \
+        --service-roles @edgex.token-provider \
+        --semantic "AnyOf"
+
+* It will likely be necessary to update the router identities, authorizing them to bind and dial the service. Notice 
+  here the router near the OpenZiti Controller is marked as `public` as well as `edgex.token-provider.dialers`. This is 
+  because it's likely the router near the controller is being used as a public router for any edge connections.
+
+      ziti edge update identity ${OPENZITI_CONTROLLER_ROUTER_NAME} -a 'public,edgex.token-provider.dialers'
+      ziti edge update identity ${OPENZITI_EDGEX_ROUTER_NAME} -a 'edgex.token-provider.binders'
+
+* Wait for the OpenZiti components to recognize the change and confirm a new OpenZiti terminator exists for the 
+  token-provider service. This indicates the router near the EdgeX Foundry services is ready to relay traffic from 
+  the OpenZiti controller to the token provider. You can check for this terminator by running the following `ziti` 
+  CLI command:
+
+      ziti edge list terminators 'service.name = "edgex.token-provider"'
+
+* At this point, you should be able to ssh to the OpenZiti Controller and execute a `curl` (or `wget`) to the 
+  configured intercept address and reach your token provider! Getting a `Temporary Redirect` result indicates you 
+  have successfully tunneled from the OpenZiti controller to the token provider.
+
+      curl http://token-provider.edgex.ziti:8200
+      <a href="/ui/">Temporary Redirect</a>.
+
+  Alternatively you can issue a request to the JWKS endpoint and receive a response. Using the values configured 
+  with the `openziti-init-entrypoint.sh` script here's what that looks like
+
+      curl -s http://token-provider.edgex.ziti:8200/v1/identity/oidc/.well-known/keys | jq .
+      {
+        "keys": [
+          {
+            "use": "sig",
+            "kty": "EC",
+            "kid": "b536965c-316d-3ed2-f830-b4d2e4e7ae3b",
+            "crv": "P-384",
+            "alg": "ES384",
+            "x": "wMnzI5rCNaQLml3kK36sLGDY6en8OVU_564ADhHb3okJYoHo_PCQEsTyFMdbLxW0",
+            "y": "bxxGM2r7_rcJtWsH4vhCohlDBdwOyFXZq_RmY0TO64VKE0lGF1CEmOGHE9nEXZgG"
+          },
+          {
+            "use": "sig",
+            "kty": "EC",
+            "kid": "969cef78-7b05-c0d2-388c-12a3a9c1fad1",
+            "crv": "P-384",
+            "alg": "ES384",
+            "x": "h8m37IqZ_6u-NnRx1OF_olJtnJQJMAR0bQa6rmRjLMgBrJ8CR3DTucM9SYfUN27-",
+            "y": "FT9M-MOkUf7DbCdOr6D1LWtRINLeri1mYkkEc-CB6koFB1gRtydEAwqF0SX5UaR1"
+          }
+        ]
+      }
+
+### Configure the OpenZiti Overlay for EdgeX Foundry
+
+With OpenZiti being able to issue requests to the JWKS endpoint from the token provider, it can now be configured to 
+work with EdgeX Foundry services. EdgeX Foundry provides a convenient script that will configure the OpenZiti 
+overlay for use with EdgeX Foundry. It is not necessary to run this script within a docker container, but it does 
+make it more convenient as the `ziti` CLI will be installed and on the path by using the `openziti/ziti-cli` image.
+
+    docker run -it --rm \
+      --env-file .env \
+      -e ZITI_ADMIN \
+      -e ZITI_PWD \
+      -e OPENZITI_OIDC_URL="http://token-provider.edgex.ziti:8200" \
+      -e OPENZITI_PERSISTENCE_PATH="/edgex_openziti" \
+      -v edgex_edgex_openziti:/edgex_openziti \
+      -v ${PWD}/openziti-init-entrypoint.sh:/openziti-init-entrypoint.sh \
+      --entrypoint "/bin/sh" \
+      --user root \
+      openziti/ziti-cli \
+      -c 'chown -Rc 2002:2001 "${OPENZITI_PERSISTENCE_PATH}" && ./openziti-init-entrypoint.sh'
+
+Some things to note. This container runs as root in order to write the enrollment token for the 
+healthcheck container. It passes the `ZITI_ADMIN` and `ZITI_PWD` variables into the container to be used by the 
+entrypoint script to automate the configuration of the OpenZiti overlay.
+
+Remember that once configured for zero trust, the docker containers no longer need to export any port as there are 
+no listening ports.
+
+### Start EdgeX Foundry's External Dependencies
+
+When the script completes, the OpenZiti overlay will be configured and ready to use. Start the EdgeX Foundry 
+services. 
\ No newline at end of file
diff --git a/mkdocs.yml b/mkdocs.yml
index 7b705f699f..97cf65b71d 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -335,6 +335,7 @@ nav:
       - security/Ch-CORS-Settings.md
       - security/Ch-DelayedStartServices.md
       - security/Ch-RemoteDeviceServices.md
+      - security/zero-trust.md
       - V3 Migration: security/V3Migration.md
       - Threat Models:
         - threat-models/secret-store/README.md