WPA Engine · Workload Placement Assessment

TRB-PEMCLAU-WPA-001 · SHOWCASE · DAY 83 · EOSE V11

WPA ENGINE — Workload Placement Assessment

The sovereign recommendation engine. Given a workload: what is the exit floor, the HA tier, and the cost to get there.
Source: DA#66 (Westpac IDT, April 2019) · F5aaS IaC pipeline · HPaaS Migration architecture · Author: Kay Joffe

↗ GALAXY MEEK HA VIZASL DRG GALAXY BRIDGE

"The WPA will output the compatible landing platforms based on a solution's specific requirements. If there is more than 1 feasible landing platform, a cost comparison determines the winner."
— DA #66, Westpac IDT, April 2019

That is a car recommendation engine. You have requirements → you get ranked landing zones → cost comparison closes the decision. For EOSE V11: workload profile → HA tier assignment → exit floor → cost delta. Sovereign. Named. Ours.

WPA

ENGINE PATTERN

PEMCLAU

GRAPH MEMORY

SOURCE DECKS

1K+

PEMCLAU VECTORS

233

TRBs IN VAULT

ARB1s RATIFIED

The Recommendation Engine — How It Works

WORKLOAD PLACEMENT ENGINE · DEMO

WORKLOAD TYPE

HTTP/HTTPS · Stateless · Container-native

HA REQUIREMENT

Active/Active · Multi-site · <30s failover

COMPLIANCE

SOX · Data residency Canada · PCI-adjacent

EXIT FROM

VMware (legacy pet) · Manual config

↓ WPA ENGINE ↓

AKS Canada East + Canada Central (A/A)

Pattern: P1-HTTP-DualSite-A/A · Meek HA L2 · Traffic Manager

~CA$800/mo

RECOMMENDED

AKS Canada East only (single-site)

Pattern: P4-HTTP-SingleSite · Meek HA L1 · Self-healing only

~CA$400/mo

FEASIBLE

GCP NE1 (cross-cloud fallback)

Pattern: P5-L4-DualSite-A/A · Meek HA L3 target

~CA$1,100/mo

PHASE 2

The Full Chain — HA → WPA → Migration → Exit Floor

FOUNDATION
HA Architecture

→

ASSESSMENT
WPA / CSA

→

MAPPING

App/Infra Graph

→

COMPARISON

Cost Matrix

→

DECISION

Exit Floor

→

EXECUTION

Migration Wave

Source → EOSE V11 Translation

WPA / DA#66 Component	EOSE V11 Equivalent	Source
WPA — outputs compatible landing platforms	PEMCLAU graph recommendation engine	DA#66 slide 11
CSA — Cloud Suitability Assessment	Workload profile scoring (HA tier, compliance, cost)	DA#62/64 CSA Dashboard
Cost Comparison (fixed vs incremental)	FinOps delta per landing zone (Azure vs GCP vs bare-metal)	DA#66 slide 13-14
App/Infra dependency mapping (Alfabet/CMDB)	PEMCLAU 2-hop GraphRAG (app → service → infra edges)	DA#66 slide 18-21
HPaaS exit — migration waves/tranches	Fleet migration waves (VMware exit, bare-metal → AKS)	HPaaS Migration deck
GTM/LTM pattern library (P1–P7, O1–O45)	Meek HA tier matrix (L0–L3 per workload type)	IDT_F5aaS slide 23
NetBrain — network source of truth	PEMCLAU qdrant + fleet-sync git	DA#66 + F5aaS
"Not to drain the swamp, just map the way out"	Exit floor per workload type — not migrate all, just route correctly	DA#66 slide 20
AS3 template factory (15 min not 15 days)	Helm chart catalogue per workload type	F5aaS slide 34
Venafi — SSL chain of custody	cert-manager + ADA vault + RGATE verify	F5aaS + DA#66

Landing Platform Matrix — EOSE V11

STRATEGIC

AKS — Canada East

Primary cluster. Meek HA L0+L1 active. master.dev + pemos-system. All new workloads land here first. Sovereign, γ₁-anchored.

P4-HTTP-SingleSiteHA-L1CA-EAST

STRATEGIC (NEXT)

AKS — Dual Site A/A

Canada East + Canada Central. Azure Traffic Manager. P1-HTTP-DualSite-A/A. <30s failover. Meek HA L2. For workloads requiring site-level HA.

P1-HTTP-DualSite-A/AHA-L2NEXT SPRINT

STRATEGIC (PHASE 2)

Sovereign Mesh

Azure Front Door + GCP NE1 + AWS ca-central-1. Cross-cloud γ₁ routing. PEMCLAU as SoT. L3 HA. For sovereign-tier workloads only.

L3-MESHCROSS-CLOUDPHASE 2

LOCAL FLEET

forge / msclo / yone

Local GPU nodes. RTX 4090/5090/5080. Dev/inference/validation workloads. Not internet-facing HA — but γ₁-anchored fleet nodes. Local L1 self-healing.

LOCALGPUFLEET-ONLY

LEGACY (EXIT)

VMware / Bare-Metal Pets

Manually configured. No AS3 equivalent. Pets not cattle. Exit target: AKS strategic. Same problem TD had in 2018 — 350 pet devices. WPA drives the exit wave.

EXIT TARGETPETSNO HA

CLOUD (DR/BURST)

GCP NE1 / AWS ca-central-1

ZERO-DR, KRSRHONE (GCP). CATHEDRAL, JAYRHONE (AWS). T4/A100/V100 GPU. Currently burst/DR only. Phase 2 graduates these to mesh HA routing.

GCPAWSDRPHASE 2

PEMCLAU Vectors — What Goes In

New vectors from this NAS folder (Day 83 ingestion target):

· IDT_F5aaS_v1.1.pptx — 41 slides · F5 HA architecture · GTM/LTM patterns · AS3 declarative doctrine
· DA Pack 66 v3.pptx — 87 slides · WPA process · app/infra dependency mapping · cost comparison methodology
· DA Pack 67 v3.pptx — 48 slides · CMDB configuration management · service mapping · data flow architecture
· DA Pack 62/64 v2.pptx — CSA dashboard · placement exceptions · continuous compliance
· HPaaS Migration - Consolidated.pptx — migration waves · landing zone scoring · POC constraints
· plantuml.md — F5 architecture diagrams in PlantUML (direct graph edges for PEMCLAU)
· DNS Requirements.xlsx — GTM/DNS requirements matrix

All of this is ours. It goes into PEMCLAU. More vectors. More graph edges. The WPA engine becomes the recommendation layer on top.