From cb95bc2f6ae599279c127c664570b7ee1914c5eb Mon Sep 17 00:00:00 2001 From: chrisjlin <36452239+chrisjlin@users.noreply.github.com> Date: Thu, 6 Mar 2025 15:57:45 -0800 Subject: [PATCH] Adding security documentation for mcc-ent --- ...cc-ent-secure-content-delivery-diagram.png | Bin 0 -> 48925 bytes .../do/mcc-ent-secure-content-delivery.md | 91 ++++++++++++++++++ 2 files changed, 91 insertions(+) create mode 100644 windows/deployment/do/images/mcc-ent-secure-content-delivery-diagram.png create mode 100644 windows/deployment/do/mcc-ent-secure-content-delivery.md diff --git a/windows/deployment/do/images/mcc-ent-secure-content-delivery-diagram.png b/windows/deployment/do/images/mcc-ent-secure-content-delivery-diagram.png new file mode 100644 index 0000000000000000000000000000000000000000..b71f6bf5262f521a94861186b2cfa80dc858d121 GIT binary patch literal 48925 zcmeFZXIN89_ddL_A!0)mP?~}QO7Fd>6cG?Ry?5!o2NaYJN0DAd0a1$dPCx=tLQ_O~ zkqDt)?eDoBP^s+8XLoW{&oJCgzT&7JOdzPM|de$;f*-nV8vHxScn(u(ENG%_Pq`iEnLl9Y@FO|939TX9h#Ury1U7;xx3q#OIey&ikh06 zi}IS92%GZ?3YwennwSd<@|p_^n~RGIN(fmBnzHQ;?`C89zwsSh_tXFs!Vf>;7vvLw zMTUQu(sZ%008+q1$_dJlpZ{@Bh94H>UxLZ)-T`w3zx|^bSWW+E*TMm))D!5A=Vc-_ z1l6;uDqg+sWjH_Lop=#vFurMYpY^Wi&#Ecbbn2)>5|%bsfbB zOH&6uKIn0_(<+_W<8h=h?rfrg#|N3jvyJHd`sw1RD8cwfPvy-Q78le$RydgF>6I)t z%*vUO{(6@eT{s&(+nFDUUCG1w>u+1SYe{mSIdg_)%qupFE1YZv|NJ*zm(xc3&nNOP zb{dIPf84qKT;R_pnQSH;f3#3g`l$ZLjll5Wq(5#zXQ+fJ{%Yvt35OipgD zCh06>U1?ZEA98|KZo6STk7Yigsk1+xoWX0H-_6ql<3ZyR9@k=d$Z616AT%^oL<4g| zP~tMGV1H&%KV^K}X|H?Brhg6~G^qBI+N+jK785s)0uE6P}-%Q?kt&)l=qA?hU*~K$q3}wrkNDf zNT5pY>;k=K?DftFdgo>TSSOHTrojmp>jG-^ zp;pyIs%|Imbd_|RpsXzKN2Uv}U>YM}W0RcTut^6sI+RWf%YQIB)UhW{WP|{1rioZl z=w;NfK~U5Ai5csjv?dFVFf6OJv5?n4z8aPN&0hlMH5o$p%d;q+@sToYtC zs+bJl{zGXcnyNkNRT8Og)0(!gpR|GXP0#kvQc)Y|+5@GRX(jAQ;st6y96VjFf|e0s zBCxnu^ob`Rk*oA%c@YMC_JHMVKadCsT8i&BDu4&Ke(}SJq291aX5cW{po z0a{~vDxraKzI-saf{cIN+p(pDTngw>LDbdQZK3IOF^63n9AR%iz#uHhfipd$0h&%% zTvTnl2SMe1b8Ds&O!2vl9f-4Tnv9jZN?T02q6s%3IrdI}-IE+?5nvVy(wk{u+Ce;+wtG=# z$fMTHd(Hhp^QyxSKbcn^J+z-5_FM(EH#V~$ji5}?`1(Y&P7!=SaNVZQtCfk_IS@&?}7gMDY(t=(m(8mCuUi4g%;{o*3h>BYj^uQYPXqy zBxv@w@kr9Qs59`=WhMc5zySS4^`RQS{NIKWl-%ZDPw(}2xP&SC;-aee5h(LP zvdiYs#NCD6)P`&$c@B#!y#xcIyXK%cV826u_R=V?&lVXrh;~wX| z={HTr;{&#P;_C%NAw%nIiQhYOqE4C1r+KY=cR=}Sc z`Px?MVD;&`k8b3x^d0&Zu>hC*AtyN?i7>zvV4R${$7dAok*8YQjOT&^eE?X%jiAVI z0b1+&s0Tu6)=!0XWOvKA45GN7fnpzaRnQ6Cw@f!VCre!-h6h9R+^xk%qE=VkypLo$ z?*aG<0Pupc;+vN77Ly@?ymmx!vo%;v46^jA`=D<@+hiz)jPD00Da>hKqUF<%w;<~g z76QHkT~C4@OyblTz}m2>o^lr6y-)tXk#09YDfHMWCN)|gJG7tM8lJn-?8cTu-~q@@ zxu`GVhm&@C;nSMMgkxmKnzWe?=D|GL9J5HA z`l?g#p1}qtHR2U!)~5m4x$CN#EO5nJqZmwzS@Wwx3NS*|7ggu~B^IQRNG0+hIj6k- zHE-F2|1+V?6);uo8=FUQ>WP2xV6t{m=YMZYT?a3RbJ23}cdgubftvky8C-#r3Wz$r zv6ZF%_Bjs*^~W$d0OwDaC5e_!2nAJvW76qCAT{}lXKa8hF- zt;IFZKb4fD7M{h`77Jn7+77U>9SVA^0LBRH1p0oC^Y*TBKNNHopaEAB2>jcKtN%7F zNylpmdkW+%{Krnpebo&sde1g7SZrEV`{!eoaw)O+9H(yfSzp#hd zyHAp@B~nFdBrc^n86$L6{Ga|H=(a6T;!nk-#ulK6KVPf> zFWvw$-1)!^hpNA?*_&W6^>m!+72}J`GBF6GQTi^b>^4Z005dwpcE$J`cnBz8&)@IC zKWQ(uA5gybk}C50|Mi=PU@#?Gi+$La7COMt{_OIw35V02uOesEDa;ZqbigY8?=ofs zFCJ9uxzBTOK3t}&pp*K4&!BI>xU0^4r$-1qHi*M{zp>H%qu>4qAJxa7gbF=Y{Zyj< zhasxJ6rk-d7SUh_-X_vm_^G5_?BAB3$Y8?pf!!uqmzOrN3Rb|sjl2I0(5Q-Hl7d0# zA5N+Ype`;fGf?XDip;VMzb2XF?FkzRNcP){8uutp-w*nTSOCjeRDY5eaIV0oZdfC-Pv)iVX{ zivIN^a0IaKic2p0k}r0-z9;^BUS@!QRa|t~m&}DJ`2?cRzfnX$2uQ+1R){sv5dXhA zG)@KUqob&y5IgDZ&};PXCwAb;S(Lg0BfwZV`}nu?e8~c|61+eJ3lJWB|7~B9LEuTp ztcya*Pj83XKc1ut(2~=P0zS&J=!Jhnk-(#m>gTW39Vmm5?Ek>j_>)UYcTP{LX6og~ zQ;~|qaP$mk| zWZt{B$$IpVgNUkC@0!n3DaTzh<8#vT8oGDwB4s02?+?_>6t(QKj6D0h)Ne}X86Qtg zWxAT(ssmI+KnjE;<-Fra-~9@-{rrjfHFBhn>NWX=eLUa1cbUUCFm0*ALQYl+WqS#x z#hZ3j#Tp|_Mq=*LLvw4L;bNXxNkG%AQ}~#IT)zlG_sx*TC9}VY8$igThv29v)Af`b zP!!mygkLq!`ruRpof*)dd!i!5#VWGh>k`eF#3)lt0SOLVc@JY5mQc?K4SoW1bN{hP zsr>pM-~$0t!4r55-{%!#7Jo%QK^*Xni>jx#5u{ZmCi*Q$@z1Sk5v4rR+xh@@Y?3`@ zz5liBnJK|Z-FIMXg>)Trul}ySrrvq~xaih)!|i`ze&EBKWVBY;x}xq{jcxfV7eEXGB*Pm<9JMaGytq;ZUg`81JQxZ7Go}|>W3C%#EuWIZEXWU zMNs@>)QRW&dMFxOK9kc0K)N;V^{IFUgGFs^WggFCHlmD~HDUj{s`d}gG%gMv7BbMJ zgkG1@*wpaVZ11w6ZbLFv%=7^9Dwq+5Lf$V=BhLEN8y*d5UKT0)K5>&qCAy$Rm&Vz} zME2o#HcR?GGw1Tqr*Ujk36=8O9+R)~yw;oYygG$*CM3K1X}jcJq8enQN3LtZmd7VU zYP8-py4N3^ulpl8_csy%_3Bfs1ehpw@$WRQd@6wkP=J}5lTej)l9--OgoKYDZ#0u$ z)N6Df_ET}Wgpa8xT|9=>`*Ap%q1$A-7ru18HKJ&kmcPbSvu-*(uWJ5l-m=O*USnXX z|5C4hKH#Mkfg_X2)9cR4^iqm1sT61}U>2sBoP#(E>(irUKl=NGesOM&L_|IGM*ufOK33)$jF~sDEFus;GHSEM_ z!)f%?cZ?AWY@3Y-ReSEgq=IN)SR~oL(o;^PVm84ZQ|JNX0`iX>+i-=^j-h&Ul1h^H(fi-bFAbf(tjk+Yb6(lbya!TM$&@&g(?6l8K@nFM2m}WAM4<3 z4?cdf0P23Y54bbvwVj_HPhZJ{a;#grPyDf}|8s+0(zth6m0mK;HQGjM#srI@qM_pPCVo1 z&8YuoPK}<`rCF+X7yLS>*^;1H7?*Jh?kJO8F$wDC*+w8`l=dG69f6O(UV^Zzaqlq) zcc?jG_BX zA?u+)%eIpCefG!L+k@jzr9q9~L5<>~Dls2U<>`JmE<`wYpe-l*hjmYnW`(jjNYU-?zt)7$Dx+f^~fu!c#jr zeUms~g~JLP>GH|L)&Z4;&V^894giflvJ3($d3t~Yx@{0|f$#upq!5&*tsNtNtEvh|>uN`%7j>`5$H9XuG>1t*nauf#156*)tuG+8DH@*^`@kz9f@aVC zKEdy35Zc9Ta9JKDnVM)6<2hDyvbnZ}938vq_8o_;>E(w~t^&(q=b#9T*iC8QA~|v2 zvGtXm=wlm2iZmwkPE09!F&o2DtUVh%2^qTZxS5Ypj8Hcpot^C=ptHy*ekk%;FS&k^ zZkZ5Hzzoru{x;;cFpT81jPU9zSaDvV>0*ap6iEZxf;=(=Xmu53_Cc@XEOf}J9C##f zf!h|CoV}c!AMWnv1-?czu;SY|`iTb4@4F===$J{lI%J(8)3qJx2*J8ay$^C<%qQ5`~Dr%B?cZt-3PLcL4luvcSo4(JOo5m`65P$ zoMx$aW`o{(Epg6=zG2bRu*Wm`lFT(Td1Oip_Vxqn?R^n zn{*_XPr$n=@LR!2kboq4N(>nr0VaZr2s_?zwn&3>nDLJ$A!H6qB4VDjFUVz|2kTP&>KobCo1Teji zr-06Ro1U)n#-XT@bF4_u%ME@m1;m0q3IWOv9aipq(AyZ9E_T%y0Gx?1RDaknK8j?@ zkgj1;qG=6ot&b^c1h|9EW|At8?Zv84#u9>>{$o}VtCrv0^pOo^zT%=(+mcYCYe zIo+9aEr`szphutt3W_Ws^MD}co~J35e{E7<(+dp!9M9iO;#(-ZHstjA)?vY$eLsbP z+KOd5g8h0PY)yz8`Fb-AE=}+;9Nan>`=AdOAiw~K0L*A>3^#6*8QDuvK+a5Kdi@TW zw+zq+u<814N}!tA>57nt6T%x|LUTW(L$oGxDC66Dz%^1G3dYnC+)Be+ghzhUolgnf z1`jd$uQhkJ@5%^P{*$~;gSw*#U`2g8@IV@k}}W@8><#x|xUrhYPv zP>z&f36PLw1Xu11Xmm(di{QK8fNJdTT|*s! zKDZ*lMnvE`IkiDl&QzQjEk4OwWp)9$b~*7R?+UNhQpDKSbMCgD#^ZmaVDh_c*g}I^ zc)@YMz-4z?px=E{H|xUQH;NyM;n88iccboSv2drKR2GpiTiPr0qrnC@?G; z5WNoZc2tT(V$|eX7EyrN)pYb`-kvbPG#QEyL1lXBxGzf^&7#+sZoJ z9Ezo$n@rfVW>^>sDAV$P)u9jXS>)F4zuau->QbRGVYs7+3iF1;7<>f+zf;VlfJOj> zXKaHT>h1oTg(y8aVOrKI*9%7+N5$%yjr6&Z`sC&yB?N_QP}&C(bgzmOSS%%mWFg@w zHI)%v69bq_=h9fwQ{h#l&%Mi-L%VNf-UG^kZkxd+QgFxEF1n)#T|}BJ2BD~Y7<;yL z1~0ti#kR90E=xz6DvE9isCO2Vb00HJ)z{}orjk3!EC#8)EZAf~AOl)&yf7as-o$kOoy{YyoFV8GLD)@JOEVHbJ3uf;95qdAPge% z)y~TOlu%hu>s4kj5<{-%h!lOZFCC`m_GjWvRPLf)q_`jPK5;xD;<5^s z4C2;PLIF~a1*j%Hat>K_as{KbX#pcJh|!POTZa!{@DxVLWVpP&{Pn^OMf#U(bZkKn66-nCq+*zRlkKS0O*cjejV{Ddm0KwOdR$o5Mp)c(^KJ)s z8LwK#nzk>zWY>UZ0n0n~Wi{<8WDF{7rEqzw@kTy9O@K?Y`tSxy7l3hVVWc#xUR1!= zjv0O(nHF^~0@(5;a##8<#SSLv(OB>M2KE~v=o|;8gzR$j{VI#Pp&O%OTItV)nM~j!kADAa`ECc2Ft4)C+^a(dwvGA^*~z%MTmsI)L9FuBi3RS6YV+BQ+pV4I&H4PL!_j@9-yaNqSULhyAQPlOYW%Ofa>DcowH3dSH3RKA zZd;|gwbmp;tY%s`Ew$}r0uOoU)T@70*YjXx#GzV6*xioB;i`i;!6Pv9CBsl@7K6)` z&d&t#_-H*#Y>d1tEj(|e9XXhu2aXS_B;uYdjPJvAWoeD;K%N76Fi`|9{0%ww9ef4o zA;)xC?oi>#n#hd+XF0^iYfdx!dg3e@J~J_7KQl_7Vj^!XM1td7=Kw!~>^QqzDQ^Km z-p(6TcDBq<_<$8uwny`-BupG*l|Kt&_U0wB{uR)6`8(D$LDaGE7U+c3^*})~?lnt} z0~k~|vmw`TinZPs5g~fy*lPrKq_U$mV?^d2;w+h$c3)t8Z>~E%Jpne)j8|ds=-vmX zf3S2`RX=uG2w#hPc~40+zr}g2L~4lJ8^^VODfQuKv<9pN$~?F%`jxRA%pWC!+rti^5@YTF|1CRMon~NdlEYGB_~MKP zK|es2KrUAoR1!pg3wVtWOUnh&TGzp?RYMb^^Teh2ayTalG<&0X3Uta9T|zvYHa zSbLv`>NWX5@@c?@Y$qGI^)l zfuW%QR-&tWL)nhLmc=%E@}q({A7c1D$r8Z_Gs0AoCK+7WKc&8Oc_V29R__t)C|O59 zJxBfb_!-bH*7GOf5xgSrTbX0{&?<|?Zu$ z8K!jG-odG^jMvw9PrhMx>Q(jq2Sy1wxTP4!fG?NuWBxr&1S|dkW#X`>0iFDYK|)Ir zVrlYu{rW&InzY@l)ta%>@2VL?+AxygFC-#}cA79s@J=;?;-*67$o90$X(bZ|GiKGhC@p=tGh_IPZG7{XAJ-0UsfMSd z&ya@H*K=nwgY=Vn;&(>%6^G3=`j#jp@r?6!m*JVd9SjZ)WLTLP+pg4VCE>TVP+iEW zWx{5kK8rm59cDts&|`X)uu~+@Ft(GWrWxZ{Kl`HU_i{Zx^}27{o`xTR{3A@i>pS_F zhZx5vo}s!YQx2FFzX|TteczH`JlAa}D{5r@*ZiZ?G|!yxV7qtn2)}U)F-x0+`|;Q! zKTG255381??d~{yMF5^i_{3i)Ah%)5AH6|pr^d#RHdnBoh+hME>Y{2H#7~Q^P*yLg zcYdE;*IRlMmUxjeWP6zoRaH!4ygCK!*sw?oQRU2W#(K(owEyiHv6@! z`d;2FknszTtw1`kcx%p&UP*A52uCioj>@X~jks>K*dp<_i9}nzn6a%_+*kv7?*~Uo zee|uhh>3&v48&?R-jReqgO4q$;X(XjJke5V=pPoxO%_0+Xr$qpy#PZQ(1KczTOSE& zp_3B<^S*W^HXxb>ZJiMRjy27WL6O3VFcU zLRz6iU$SDNs;!+Jleou~{K&a+f}Izd6SK?ehxX2Lu9cR~Iy)QRoobg#vTTvPjUA{X|9l_Sb*gC74}yr`u;RxiLP^B6co z7X)%10SXQ2YS#;?C*S36POf?NimG6G%K9JstJY1uKaSd{|Ea*VGq~Tm<#8^iSrAM* z_Pu6-wqz-tpwVe(ze}bb*`Wh$VcE|Nj#k{;$_l;i%f>fE>ujxwdUY}E`aPO1Kc8E5 zpFQ@hw$Mo8MrH5X$1l4j4)sJ;gN5(K41F!Km%3Kq($367umMM-$*K|OK+^H1fgoN|;^@Z|lbKnAY~T?-b+NAuk96;)_xA zi0h|pxhGZ5hSYDdMUS#LFE|#q7Kc>sG$=3<4uTDeJ;N9ipPgf^$2UocRX$A5Q93@a zIZ=yTRsfUdi|X_1&Bjk~ugA&%%mVfx({RrD5%0w3Nj4TEK2rp*sYTK9Fa7mPO8V<= zZ@dT6Loqooyw*oUF&m2Ww%^@dA``(D+q=0H{`NN*I2<~GBOc$rIBYj?w#n!j#5|4) zzY!bprHmv;Y|odsQqL=hIwQCRZw|Wn?C*aQb^eeR)#IF`Byf(lNP;Q`*J1PliqwR0K_-CyC4nzWX zhWDL2Q#Wbw(>GD{bZpN!BfQXHuje~DqH0|m6{4v$EJ5$Qbn_Hv?BzR_2f39_X%=$e zv$HQcq-ajimeMRq)8H#O*+;$WLQiB|nP}Z)TQrE2XwcmmBFEnjj<(d)3VD98`4eve zj=q57T*)_#vrP30H8I z0;JyT8a)QyBNQ($DVf-Fad3mPx+Us?RJ6acf_$-qOLbQa{U;yad@tdGU)Q|kjKQ}M z9?wvkSz6Q+ofH-IeYnE<>Jg6m+iR-%1ut1GnAR5~ynaQ8dcJw@OnhE|$^2;J_A6rG)-S6$z z_AVW(ZA#u=SZCa@brE0){dJ{ZTjaf(Sah+s|A(|17WUETjHETrc5^l{R&B?x%Etzk z6RWp^lh!V_zp<@x5eEs&+lZXB;p&sO4)^vk%6YSm67py#ZLWB2u4L3W{fy(U`W5K> zK0D z`%Cz<6NMP!gQH!0a@p1WU>nexg#b23G7SxX*KOZ94R#oaKPwl*Yz=GW3%wV12wMDO zwXgB_iux-jy+*h<&~t{>@`%|pTb;lCaOdPn$yP0_JJYV*DoMh&G^}23yrVmxeEi1E zQ6ukFc^1dm+w7{IvW0EMzaXsIp?qUh^gT;LYw6j)54*zYCiIr-j^#Ee@Af=5O#tUH zbmG11A#mcud|u47{i5nQt%Uth+4F5dU;~RVmAa$IAk8Gd7G6J@yPRd$V79FpFth`U zm9{2Xc@9Y!NkA7Nx=KyEytCTYLaY2MLMvsf=$52d@ZIUM#SL9HjbgrTm%=pLm5Bqf zO2YzrD0~_}ikzHwGi0?>C*;_0V%xo>y47ExY$+KSt<2A+EYBtaZwuKL20}P^&8%#o zh54hn>K-7rfNJg`&T$Vh89N}5^Kn`Wl5;EZV~Fivr4tDaxbS5o*=AE3d>&^XRufrv zPMn9M*k$Hvz=BB6&5O=krl4`0p<$)YtuNQ_JG|_*O#M{=N3fP~o8Kcif0f!{)&RR9D0AWerl> zfZWDU-MWQWl0BSx0H@rg=_2c2awBd3c~L0<>)(ezgMi+ z)Qy>5WHF#GTh?%p-8hu$*vh}%SX*}kYb-vWadRRb8-d^7a{`VNTCM*dyjYpCVcB9b z?|CAUv@)3&vAnc19y2j!w3318F%zCGB4IPCFC%`TjkMBPQcl!idGYmQo9~ua58D3j zW2JHa^}ZonMpTTn#ZS6MoGRMkpPY&Kx>`h{B!%>~pdIV-WMt{awq~_jC`UKrmsgc+ ze)o;7+FSP^cXAxBr|hh$P*=RtApK5hI3_#Rhm7sBqjxa<`MTjAzU{IbZ9 z*W^kpp_w%GVtLiu{*1B1#tx1}C&sACVP}v2 znA3jS?5Ci2&@XCkGCu!?@s)Ft-Qa0Mt&!d`GZez|d&U{zYA!}@b1{4D0Z0M$dqN*R zwg&cI8xoj8**^9+F~k*QwTFhLAnSa-I4pkVY!g(cR ze35*Nn;m4>ZTBJrach^!ry#(YwfRtiSY{gYeNb7*892YM`7z#*M~HvVCu?h=Y_=u% zXwqqAO67ak?^H%?cGs9xJ8_P`sO1u6!OPE`BMsW9=ab9i5>jIeNVRwjz%k3xtRIQ1 zKC;eJJz~EZ0;w;xzd3c41Dtaw@3PeVplnzi*P+NP-tG@`ajWj#vY70u^sXCEvO*`g z&d~@{rhdnMfdFkHs zdFQSNeC-WbZal3~WsywBf&Uu;akY2!NBYMcVw{<6pI6PN@9mICcZj_kX)PZ)M_+{g z?YbV{BZhbzE=0!NOn*3o!TTHeo(G$)E0HOzqdIjp4?=Yi0j0}0X|tE|1e=YqYK9h% z6CWj+boFASmkhv;BdkLGm(D1Spr%Zj7KW%tz3ou}RsswtCy8MXkTv$0ozC!NLcMFe zbyzse%O|cqCvFTJ<9f#E3SM+W%Li;)+(F&LXB2P0HLaa?;hv1)4QS}VmZ(+A`FpPJ zOiKK|DT~nTs~t_Tx2?n@LthU#(Lm z+cbwI?JBQXO12Kq=XX`wr0NdKW!93STdFo9s3&duzoxH+cHPPdH`83SJE#rMJW%!R zy~Mst4<2?56B0WvSjHi>dX@7*y5DD_)B&F&Z}g@TmVU(ksSF;Kd~SI9Wx#TY73!70 z>gmx6|JuzTt|4}~aK0{1)z0nV41VhEz^eqmCXI@Ql1PvMe>x3-=e zy?7vg;o&hZ8k(zLLNx^rA3h=>&?PJ@>`tPP?bPp)9qBPRk^63R$vdsj_P6f?cP%Z? z3@P`tIoAd-v(rkP`vTPMmlhLZ-CO75!~U`?9hlcuDAni7y%Z>WK$ud!THgWFdl~Ei z+eg!Yg+GK@N()dtnsD=r-81_VUjL8lLI%^z3LFk&k*W<-u0tjvM{_+>z7-mDcum(1 zO?2vsqxNq&MlnmV9j{oZo!BXI3~!|uM`^Nr*B~#3b%uvq1rsx~hMJr9osWt4W-Jx% zNzf*S8&3sVi=4Z2CC=^h?(W{iPh3aDM%{8~S-UIP`t;P5%FO$iOvyML8R}&@)Z{)l zEIAsff+&++++1!Y^f@|2qgjSnYCWiIjz4*xR%=H5j3@NfinZF4>I4z%J!vx<>-}t1 zkAS4)o%*8LO;FvUY&p%DU#sB#|$!B#M!S^gqDc(g;DDv$J#m0 zEy|0yQ#Hd|>-_Qvb7YZtamV-df?Dinl~yd}SpT^(!g7w+_|}kV^Rv7lpVgeZrDr=d zq_Itoj$!4M4v_)XuC6khr3O7a%RI>ePRQMJ%=dI^J?wRpOFi6vya{lB?VF>1T;Oa| zyWDqckt}^am4b(AAt1oXe}rqGL6eD>*qvK+LRyN|p1qzKLy#=Za+*5gINQgT<~kO* zmu%;94Dg>$RJ7DrI)>NIGERhy4V=@I6J+TKvORF~>Prt%v#l;Pc5A~SnxC|E%z0~2 z1OMx~w3{-#5dhU>_0F}I@TjQ?u%|7iUrwcZb3l0On_@!yL)KN``$#5f0RKnRwK6Is z5OWqGN~LEj%xmY0{iQ8$ovD$z4Y>+s-@V-Fz4HlS@B@X3^1qwb`|C`` z0^zL?NFi4}xcgj`@=x!ET<_DTH9&%ECno*X|G`7b{uE&QqjM2rEb`t?zQk!gJ#2%t z7`m^|A<{7b)D20}dK0fGD_dwa=R*thp6K)$# zsh%YHE2uevGI@3nEqv>`@%HkS!K1wL1AJt}>_^XZjLcXq9J^kdB3NeYDN?x*-e1REAtTAsMKo8D zS$}QsOp?``NHH2Y?TN6t?zc(Zg&OQ~3>|V9Vemv)xDJ!j3h<>F^Py2)^WkY&rJWh_ zB5w07gy&s8y`4V-W7(@7?voc12ey`F5-N7Lv~?#^Y3Wh!MG``Y&Hl|VcCC$$l-$Rx zZ_$tHZxXjNaMyB$a|Pr^BRf(&T7Gl3Vsm5WLoV}b z3p$WK_Be0hGNPrCWfv9=YXuuNdo{>nO9N109YKmBR-3K%r=1{q=@AL&p$VM)2unwl z^y}(P`l0R$13{4n>1Q4qNYToLL0m&ehqM_c7Q5x3DKj*%{AI~8YRTVK&2Ou)!}m$N zQN8>1;dNwsbSr&&7#uwo0ERo*+C>(PRZBK_cf}K$wudIHu@QHrjO zq-`Ukv0|Ke(iQVvUu@Ve$MFs>*^2oJCV8I(__3hpiJsD^ok#+f(1j>rPxoY_HCOm*0D{jae7 zfJRx<$HIYpexZP0n#ZB)=d=Va_~{p>?f??HuQFQ`QeI4h*}Fw? zNMjSf-^*C+0>3<4GR^*S|Fth^_+Ayy9L>)!fqXe8?e+CI;&p5tElx$4?YN#m>TxoQ zS3nsW2u)ItkN@-@tvLU|iQ{PD-O`!CS|yH`RAoJ35y}&#I2L;D7=4BzPhZLD;LYpV zRaV;-Rn`ma#m;`7QcN^7)N~0G_O{9sgr1wlwld7w%*sG{R26*)KIQKQ{^}K3Ws}AtAPWAj)C(Fvpogl5*9$#jp;ml9AV7GSZ*k`9Yi zCU5I5O_xiWBK2B06LpNYy~Yomjxe^wQCZT(8gtCQ*DV0s2R3IRC^6emx>}g=*5PC6 zxfS!_wmYO4G-*ki@$0Jwx5X8e2}eF@yDoI>LGGTI+?tO2l`)|N&kSFoWi9>)t@Jvt zjG@DpLRwFfT7Fbz)*b@i^3i?$X$u@vxRLD|t%UR18W%km^|tqszhu#uh^F?r!dkxX z`8u)jzJt7#!>8UqEVzmB&ogih&eExWWgt)Tz$feYUAK8`dJ@xi4qpCjm1gtLk&1H9dE=}Z1O7cfaT9L zxDtcHjtA7AzW9XgJ=xrdQ6G&@wey^R1-MF$&B9>04cJ$PINUeY5?TYcPISeH7U|J( zXCRG9ie{|#MkCy*l4&ANk^>}8*PXBx?1#;cGJR|0&eu)+gjtALOUZNXHE!zQUH8?! z*tNoyfU!B72)`z!SBb96hUcjtkXVllK5o`T-=Z7U%PFhzMNO+iM#5~>Yf2vTQ4|7H#rR=qBPIQt$ z;sIf5MR14@zNQ~gE8oO-8c7Q^c&t%lrvgYsZTH__8TjJ9w#LfVj^L-ghVh@GSBK;P zSx@L0D8`OA+!C)R^#9mysCJ-L*wVEEcPiZoowfU;DrEJCTkjE{=%Kw>FFwxEPuG~ z*xJXp25xToGR{}KJigXppW_J$Dy=<^u6JV(^5y>a62fA!vNWBkv%Z((ZWfyk+#ptt z$?zEZ%{xgQh5J*u#ziZY3qUkmGM4&D6MN!-1&pGnpHsaZ`p zaw^ywmTNIsvm#kBK54Ma_bc?dgn8B34oiF`zkHop#?qVuMf;4p`&bw$CME`5Xi&TU z&9|3TzwY8g9!6CRJRl^Kd;f|~=|N`j^;6w_64u!ufm4rgQ-1v=)TKH#oU9*O@Pz$aimyH*nhh=ld?t5r45@fLTA`g(+z%FyDAk?wPzsG2owvBP$B ze}yZ_8*^zTWa4d0v!KxZaN6T33CBHAYVi&uE2Pi+;(ST+$82wTq|EG)dU#i|);D>5 zA1N)?tLxEqPAaMG;1g0^-O!;J+P@>D#to%D!%U@#0xue7A3Xh znpr0N?Gy911FzVf7gZxBjv-yN>*S@SmZ@U~9DSF#W5UOzwnD2W@|)SEEu6I~o%5BT83SX%XY-X4mGDc0eoi|~SUpY=|s7rOY; zVjx|idsMGTLx)W2WdrCHNSAj8hU6}8?w)JzuAS;gp^u>B z9bCcd?@Iu)E9qLP=~0<*&pnYlna-X%;BA#I!Ou&Mp$7MZZ%-*QxUz+MXa1VhSEuVw zo&GQoT|_C|n>U6G%LL41koMbw-$BNfA!mL-3O1G$4l^%eNyR5 zf%;XNeMz@PV9u0hw!Zl0awb*%=d)GEK|W?6{df0kur^kvG+6&iz2cU1h%dKvV?k5e zl1pxrmHu>&@09r%#=QJnxCQ&iB>NKMH>a0)_``%XQ+GVUwl9FfNQdAeu(%>A8jsZz z74PhD91wXWPG#wFqgwwK`0~VU?I>k-vMOV>KNw$Cq~4z}@SwCQ2#f8PqCMYSUI z3LXwQ0;;|hEcsLn9+Xloo<~(}D-jU$l-pSIje%MZc%m8gCMHAD)(wRI&(cD-)(OX3 zfjyj0mE7N)ZJCNEdgG(D_`)}g>MrtaPF|mwzMi%NyHFt8?EON81a%3C`d=Gaz8t3$ zgk9~w<-zAcrytmOxxVX$tAD3Q>bzG>o1XYL2UF7CR(F){`(>$!n(InrEs{4w_&r+7 zs#*oLm_fk;S<$MA{vSH>6*GseZY`j2$65jiy$A6|e9}ClzCR`;Hhyjj4iB<|*#VHa zmZnX5X_0iBV^wfO_*G(RmMyKcG~f*>_19B;DMj6T0Tao5OUI|r5W?hgLpNP$Z^lXa z@jlyUSIp+ectTUgsw4~pTI;;Pjj7Y${P4xi#j{%LCvJ8AEN*}4G*znnOwIYXGdq6D zm97=dr+1FE!Of;_G4de3uBDW;Np|Zr!Qw;j(t?FdoTk&MS|;oa7y*S{hjqXpLL2*% z)2<@{xtc8^&Ks6pbY7Qe`EBz_mE&}wU;4k1|5aU{(tSgc{r8p7eD+MB8QTQ21C(7 zW!R-;CX$L!Dw%g=Dnlakuu~nPsH0?OY(Nu|d8Q1>Oy((M%GAz0zw3UsI_LZSz3(6I zb-jPQe|(?oI;U;#=eeJISZm#D_^fq{8*KvK2~u2k@jKSvsNVa*L}qu8e(#hRnwhD; zos(>zfSkUmBE=r?k(?umv@+66_)r{~;SlsWrhTLQRBbAU1F5jzkTxhGdm=EHC&g?9M6Yj9E{tinwCzBj9-n2{8RW%R+#k3mv*Irj9<&G|@)>`gM>yt?vs zox{wDNvBez_K|p-#%*qB3$h6IXb3Y{QuHf>0Gg6*#{Y5;%7Im4Lvq=a^I{3zI?0A$ z)>6Z9S@Lq?zUGSS#F+5inUM!qf2`-Ct%L-&?X}hd0s;=7 zcKMCYyS~Q93sU;^f|FoQ_oXyDy=0r+D_?v6M6yHX?9Qqd1$!48Ln&S@o@`NGSyOd6 zr!S>*MGjhJE}BbjOIEEClphbmd&^_nP5YklP$mbe=YHxK^bK4e>67nXvCduC$69hF z|7YLab007Mm6hasl!h_c265C;Y|7u+f*HiyCB4wl8#DqDOr3v*wJMLvp`v6KYFww_ zmTdDP-*w4WbUcsE%%J&;z2Y2+(Y^Z9YMV}3Fr`Aw^aJ-)#~O^W6{=iW4?dwa)ZthZF2U2l=@ zAGsBH+MrFfVLvJb7D+g8;JudAq*71C&HasD@vpTk-!Gmzzb`;B)AdB|%3Bks-JR{# zJr>aIyzX?jqB-yOxZ8b{slUf4-=4PjS^C-DQ44P2VCBo&!z*QBwnT(EUhazyvX9PG z$an0m>02yQN=8|!s;ueAE?Kj|s~*ZBthSxoe3m~+ zI7}br3-obZ%*K~syOvE5Pfk14v?gU;v1||;i6T7&Qt<;)0X}V_13ryO6I6aei-^VP z!>3QjMGP|uqFQ@49F61SyIVdkt7jW0m@{!HO*3;embtI_SU6=Y#5=#nd3Cb6Y&O`( zyG z@!T&R2QKmPeL9;F`C1{eeEhIpg1@)rJexyfx!Q~V8$X_l%JwGldJ87z&nCN8H1pjn zWe;x%M=fJsFZ2`i`{=o~6V3-7d;TEwh9p~Mga9LCgVrw6qat2Iw|aVdF1){Vf@Q-g zuK=2LEY&o9 zRNJZI{ZxbVDYSTe)i&ZMw($W7r2+AN58} zxA#6v3ob6DbPfYTN#ufIKt{s0JAGRFN)jnf51qG?xhS7p1QZ@m+?@{AT5+UdP=^;0 z$V{oV8?M;h-O<$XFtl&sN;g}xiN|$)yFk^7n&awhY{}-GUe?yZuXtTDUIbr%J@INs z+@fB3Z?eT;(p?kTL0tiU)BaY=(%VT=ig_n0@&@kd9_tH|oqZLn$VhbWzm_$Tbn=P0 z9(WK^S-1;>cw|jIms*($^J)&q4o1}n%br$Oj3VfHz1PoJs+JEf>D016RY5mgZ|+xW zFXv;O>omM;c$3kd7JNtoY7r6{5+P8(*hZia;3{FxbYv8(u1y zxMKOHdBA^}JJ9}n1?7M!zP`~;we&Im+g&=g9e$g&$L@loPVP#TZppKL%VIQX2KEI4 zd3&&0x`CQ#zR7_q^@_zXn_V0e{0&mq}_I;$3YCC2p@)n}pxZLjPHslxHG zi{=z2{Or!UUC@>N5Xo~dT$-OWqx6>SKX734e!mz{OTynuf~{cx+WkR<*W8EHgSC?5 zmrEzQCPOl(EyEjj!AmWQBIGcMx}dv9()3TMD+PzGw?6--F=$n^8C>qSOKw;)Syb1r zg*0m8!8&+&@=tj0A0vMqI*f*$x^%L$z_~gp?oTXcgWyP%wBDv`@7pv^Id_*|mN@iy zF})%>!5})6q03dGch&XltGTv?gyBu_;*?98yd=#O3nq6H2>%bd>3$$9Ey4hmqXy6P z0RokT-c?~95{Yp%jdXjStKjklDY@UiEB8X?)t;zvvcw@hCG;wd>jkgAt4>Z&x7Tk5 zFk@3Bh0LcIf=X$I3BZKDXiJWJ*|1A2CJ&r}V3Q^njDbxW>c#%!?U|HT8$fry)zws> z(-{1JZ=Oa4)o=W7>lAx+IqmWX+OTBcpRI^SM9Zd|^92$MX1=F(a0Z4(KM3XLH?7EC ztgq+I=<-(UaGTAub~`4x=q=b4f!&>RZ_dY>x4o^iItqfT!WK+*fr|I3a#!1uqwV6oy{ksKe94S^Y8(?hZ{$Oa zzzsZUyTh0&ZR4BDQh2_)ARS>2qp?9G~IEl@a~%By{jqLobYY%JaXO9u_M>r4Db-W1kF$w zvx$SZq0d+&l9~<1tsdDy&+t`;QCPcaMj0Kv_BDwatL&hv_Un?Z)%L6`l!e##=!IAG z#$jZ4KH+@B=2|}x5bdj7JMJCRTDSSB?s^Me`asBa zCzV6E3?gS;5?JkNB)pe8EfvV2vti?Zbnz7oH=ya;0+h%Gz|ktd^J0GA0OxxosM~1!^rF*j6M>kD1GzIwrA; zO1huzIvfV0R=eK~#94FQ8WlB~OP(DJ@Xwqa_n4jEiiPEfds*s;v`d0U|D#l%rpiOo zM$29@q5MN=NMnGeu;V~b%K?si_8y5aEd!rnS{Unth;i4C6E3W|{VTxj53iS2*?1XV zPX<3M#5@}gV5wEp&Bl?TGjpGt^MM`X^tj*8`rZ%jo*MQl1<@|u{~)s8jQkCC+Ccr5FlLt1FU99-R+H5k025R zAv0j{gWG3xYn6S;5-|o~4HFDLkU`BvT88MUkq^2Nd|dgxOPMQeZ)Qb0!Y*+99a(T7 zZ(ac;>UhRb-(+;2G?KtmaZr@1V>ZN=l8}>Le34a+JMFp@PZwBL^Fj8@BGp-APo)Oa z{d!#r<{P|d!x`DzMj4(~lBF+KT;*P|+LJ$-X6w+cHM2@qfW<{_G9o8TZ!MEvXzZUv z(j~p7^lI{fGqp0lo?XUqsoPjg;O!*=+_J_Uc=}&`-9*#1p!7c@Twwzv=5{*p< z@9EX?CJ0I%F4?8%@7fjmitdTWB1}>*%osb&7&-HMS6Sa{55C~XNk$o#i;*6@?Up(4 z-R#n8O;bX!qCtkj@q?eA&QJN%JKy{#HqgTyxt#&B2sgu4 z$n8%QtWBK$OU6QZL~2p;9-@jrfiv_FV;WPQ95yD0&fwAk$tZmWEPKd=w_|&Tx0}w= zR5g!7Wyr_mtCoB6%I}_Xs*7kD_jVtN8Vg}f4AxS}RH#l=yx*13f9pVeI@}ZFc1?2c-52zEbSBq9l zydyp|vfvt|ZSyO5H^c*;LK_QKNZFS^ckh(LtgQime)CY}E@Mg#HtpLe_x#dJ zxF))`W^|=XN9A6z6!E$w9MpA?<6~dSL|iMAGP!0uuXssa_+O^O0xFbmMzVcP5PwBa zbh}y^*tCauwI$nG%d+s>nz@cRt7<&@swipy}!KMKD2U{Z%ATY0hX{k%NTiDN+_ zWR#nmw7mJmWa&G=KH3r}d8IS{6RL6(mLDBP2f#qG6?UG`oM<$@x%qQPo~&tk`co5VLu=pRrA*3{oMQ7|4j&q>}x%}G_Z60ivBWp zdi&0myYBah1H0YFzH$)LHT4f}UhOuKRWNq`_N+xTtd&hgC3bFLA%XH)T%LQ!#!Zz= zkvr6S=l9V|$eLd=F8a<(ncGNt1GH`$EGdq1M1>MnYpb$+f0&ar%XX z&JTWBVV9ql8b+_aiW+ns|K5hX0iw<>L{xqoOr34E8+2q`j%n5$ul%d;f>o0D28*VZ z`8%KNm-Y0!%618`m5GqK*w}KO)Kqtha&HUz$hiSP^FiOvTJGT=katO(AdBXhj#L}5 zRr&WkeG2MTYaFGe%Y*zm6oR4*{}K0ZkPupBmLQMVX4uI|I{qw-8BR-^Sa!`74U@h= zFEJc?e&PyLBNjc=bj7jQm=(PD5>E{T3CB4%u$FulV7)U~#kcWvYW3Ct|M)VOk~X3A z(&{}?Q%@iG>r`(Ky6tyNE~DCCa^D73o6b#?KKqFPp7#3Fr0PkF?F+%GJ0UBxWZhV( zm}^*V^=*~}WBLP)vxJM1-4zKL-E2siW@D4co+vhx3M&yLymTM?R&68o*X^0_WyApu zWpZkhd~+_LTF(2(|6yR%L@bGOT-40p5nL4^N3f!o2z=V8$hbeacXQK^4$l9yTiptC*WqT7v`?`a{jDLuC~rRo-}lem2#M}?5G^*_y>|LTpq?XpJ!uYJbC z;Ld^5hQ4H{K;l5hbQ`xrLB7RI$kSB9C->oC*f59e!D#>o1z>VHN<)S1U_F@Ug2ShD z%^mW@ndTGH906hwL%4+y>O-MUD_-wm#F*-?cI*Yi9wnwcWrCylM$r05{A|_qLp~r3 ztlJVC$|4)YmSEEN-KE1SAEEF&*7>lyKr5Xb!bnV~kHd%%mmiNk{|5FMs2#nz`qql` zavFFEN5)4!9rLNEHrWRHsU^*Nho((tv%7Ci6olPISPc$bIZc!5%UrR z^sES`F^s%j(W|3X01WxnVJ?t`Ll3E%Qm5NfBE3Yk*#mGeYG3NV*1E`v&3vjh$r}7V zj<^HVeeJDyG;B%+_Rq@Vp&={%C+s7)u$Vb`P6z24(37VREBaIE3o-PhWnEeEhhWe% zECLlVlCqWDJ899eT~J38Q%c$|#9C;R_B=51s^I`LDk^N@Q9+&ES)!)Rt}@%%*e2EZjjuOd=d`=LDBU_2@Hg~<{TJImsQKMx;OGi0;EPy){}wp&H1*5o zB)7gtb(wwDsoc0RfGgcDUl0c*`AnX(mIf`m6sflQc6T%tSCx`klxH2wUj2u>o$fZ~ zZQT>t@Lt=3rqi*Cxv#R1>xH>YrNa@I4Nz}3_1J@1^TMgh@>ONFfp0mK7MbNGIwyly zXHTl%ZUUP-VFh^%)9Dq+;s19S8V>C@vl5M$5B-$Ws_;TiyT$oKDJJVJ{(yP184BYn z{?XEXG-3Ls)0i_xqYT(~}hEH-o$j^I6}`fyZ>- z%+B9T=S*%~9Cn_R(FSM2#Z7<`p?lMMcWXCivX?>ejA(k0je&r(O`!j)q`=y{{6;o$* zL4ba=E@=5iVlLsZFE9uu|7jgk(1in*nxa+V-e*g%uGhH|9jSN{!X_LqAaMnVIg>#l zO!~N}3%D9q>Tpnayg59HUol##&sBJ9!`qS-YxlDcSbV*S+Rl4jXO-E42f@)@97>_) zwoKA#0(aM8m7Rr*5@|DFqqyrOoR^rV#_QoGuag5b{*t52ZEU;!j!4uNX#@fUjO1PW zoe2esV^+EIuf}L?K&Uq*wX<&;Qx94~TpLk9A!c2sKy-3CC`!X<9aEDJYlUIUh2QqU zt@z~xzA@Wj<-reQn6?}p&zhD4(&6821O=%$K8|?1S?l|5GnoGSqiOll z4TVGa(0LjX-|0NByMKd3^AP0s0I9;#xIB%63o6AW8W1cB&U6BSzL4`AK8gsjmm{l2! zOeNSYP4}6W=bn+F*V(@3QSV=Y!S{6Yt~$t|7$cT?I!9RxCJZ1M`V0#Xk8RMlq1%D# zmksHTWh$dYuuhkvpQ@DG8KS|@Ib}=Arb2mSxTm}Ic;9H6JlO~@fg^yL5`)MTLn)mL z%nT|yO|)%(N>^A$_1c}sP(iP3a9V={2K32zu?zXa`5v9t6a!1XsEtLux)Il1J7yDg z`h5EX>vy51VpQ6;RljY#+{Ab!`iidW`^ZJXtq0dSWGQwGCbzaANMDZIhcXe(w>mY$ zb=3KDuTvO}^MHe2@tAHTcXSruQ z%6cUR2_8?lVL7qRDs?PC4?c2yye+Q383`!#A6LG%lH>h^g?^RiEA171Q7-w%5v(8h z;yzO2^VHB){_VnfanrF6Jipx$5?-un@lt$FdXjf_w z5q2)6XyBc$RcM5TH2ScFqNOVqJdwYsO6k(&-BPi!agW2Mh^sBRu0GCAp0l0e0R~;3 ze~-UHFV$9xT(2~(BQ?ovGN+uo)GrC&Al^g1%t=-S?Je^WLc!di~OAnyWvY$L&fVH{0G>oz6SuFv2Pc6+Fqzp$6p$-Uhmp=ECEVlt(l@4Ar4AA#$Z6On zV>WNXi&7WteNa?_xKVcW-P|WNh0VG~*U!m(c`U>BnY(a(tAb3LxZR^8UR9%iiah`= zsCKYT9@UCca=6Fxh##<8OTz{7lH+cJfu_rhy2YZp5nG#A+8#IzILL@{){)D2HsgPy zxnE#S^w060csN(9T1G{LDY4=>O;Lz`n9xgalf zEUZ<%9HcerJov@Bn1LHNA(tO_(7AZ=ds?}6dL5J1TqUJ#;w6fC%j+mYTzu?ryyt7B zE>j946-HkJ6pjo1J=fslVYAfGZn9}aF_RzlxR)K^pTObUp)t(~ARX}7#Nfe4h+a?; zT>9gC)OfC+h5nR`n5-^1`O`Rzr8OUmJ#zxEtn5!KUB^eTghN*?&x;-dq0VqxNYD;Z zp1k@1YYF1CiJG7wpzt$tlp7`iLJIHrzZc}mt<*G&2X-q?eEOuR$6c{;%ch9H=bWsn zz~pnwlR z+b#Rf7q_%ri11mNAKv6O9Q@dEB+RUwxTPZEQp| z<)^s?!!n6DS%+sh1`Dz`6k1gN-%A?196 z{+354{|u7q^@pKOzJHu2QVN89SEBm3-@?hLLGa4UHd$T7cWlu!mnFliQd??dvLnIT~EnS5)R4`yBH!FYKbF#W+6ftW>wuYohFvqsyBpugWoP2!hl!2|zxK zTf8+WFso_l+u>509=VwB=jHS9Cj|DIQI_;4|sRL}e0BIeaY4fib(ePfo_9ivS7x3*n5QiY_q<5Cgd z5}1WrA}0BA3O^qN7xzCliP|`QPp(F`%kZgw!c0fEyX?-Hq* z7Be$o663|T<~Wt9msb+A1Yr#N<4o*6&^~B;-9rAY350=L#^3*9&eOoTq!3p+s4aIs z9(23-f$R~!9h@CP%mQH+s86z zjOPQWBe$9MGn*?9vYbUNlPtGfr2T!k1cTA(k7PzO{)bI_0L_V-i;uW=Qs!uI=Fqdi zXJ=j&GYLi9-i;#wNbmkD-UV4*J7?pxRup$GK8y*hXFeFb{1 zK32V9*B|3=Q>p`?SC&z37BXKX*^P*cMu1RMSK5KAvn(;1n!dPrMy)V5vG!DIGIl3s ze}Db*>|Sd!tt_RO9nG9r?vD>nFKrmgPLwmI{nYc((@Khel$g z+~p%$?_q`@hOQ*#Ns8(yA)H-ua`J^d_vc}$B#84s74nVADf#TP0Z#f`cqJRm?sGtR+m7AR;6vu9rcT3XIm0r;fU zg>0nb;Fl8Rn;S1cV<2VJ&s{m;{D>8CG*;Zp8f{h;#xw7o{KayXepZ0yQrue-*zh#H zd@^^Uxs=IVd3FQ7#%t|BS9HPPj2es5d($Y>MjSbp2}Z`U5;pOO!G-nDRjJd?}vG;ohv~5PwD~IopPw-2mk8&p$v-!Sae1!B;}PhBoB2 z$)_~*R04@L8#H_and*nrb|;q{1vFwW{@v;q0A15=u7L!_m=0G`QvK z*Cq6*_Y(nb^pT!?Sc6Sl#ssgjU-mW_l0H6I?eR@lsa3Qqt_q=P& zj>h6E*6Oq%voe~Gp(_J@H~0yBthELpYuV|;hhDUf5iWp= z1%z?U;N0FvnG4_FG#p4F$jNad;t4O94~G{`Ulw-czxzs7aEg^Wps4VnTdnUgdSU*x zh7Y5L4?x2nf-=^coL@$rF1&>e=pcY|DZOZt=ldVWt8l-7g>or8g)^ znLS8xkz^|!o$B6Nt3b^%S$?_0HjyU4ZfGdPbS}H*XoS0F@!X747+~D^su(BkMW(6q zr`sG?6X5TCR}!1K+&9^Gx8WpPAM*5w_eL!Wh%NR}Tz@1R4GR}4Is7TMvB^)-p^t{k z$41Y^M4#3wyglDt*YM|G8L|EHD?f}T{8*6k@6UvV zQ8iWI4TwFvH#Sz;F}Kq|aNvy0{`mUxs{q^Xbm>MCEq^LjJXWQ$@R6?ZHooN{wLX7= zAlQWB051b+_7%4YGBVkgosrWnC5_0rEfJ^%-c}ND^bMlLe&DFlo_hfN>7>2S#OaGg z9_&=I5j4i}ig^U;tLBktu}DZZC%HNQ$IM@bAtv!0`Nm1 zj0$((l4uQIx3h5PyPZhmB-u&uv9i!kQZSCjv}WTSK#bPpJnrjXPJ?XftydR6<%cme z6#^&+?j@&S^jnW|-a@agwFXK&a!G-g#Qz$|4unsvd6W)3lVI<4MW11-6)qx1Rmv)h zENIq~sQpcio_EF2yDDI}M!SjmW24ZG8*-DA_w%UI2=2nSMunzCqwvtJ7$*rEt?@;e zH%!0EQ?76YNJE8%7vSWF?tv+L7vJmVf)~9 z4KPL}wg|^+X*8&*1}!Z=hU(bI#@ms0E%W`Q(|VG>FzzKD)rA~-*n?mI7gW@uIX*Uf z3HE+*lN5pk9_V_~XX{?#vpTUV-!+>*TcYK&(BNdXGs30I4Y#<(GQavdt#?14RK?~| zC6a&RJ3fn*Q}y5I7zfjny7~h;FvqFrm61~p+~NLY>RVNrWGb+kwS z_;FR{%PcaiU`Cb6Si>f?dy!~uaJe~&4o)QS$Mb~ySJoBPP| zvMQv5dwJ_|uw6lEshE0-1bn)2f(L>KZdPjVm}$)E{rhn0;OEvP!}*_cA4j^_lH_Ll zhc{_l*)$M`s~u6HG^AU7zT?|(4f0vtRzfsOb#$ICl^Iy4yRVhmlskZh_d^JUU_ z@<}r?mCb_XC3$GSVxWk=GK2lMuoCQz)M8TdPWr6}f#=|=-GF!-q#nuGc{uhl+6kWr z$?WC%t_Rz%CfbIVry2kT8@FE@7ffHjUf4uCCCjXY9u@{+qEvu5uD}%}C}M=w$5RM=~fM_do}EY~-vb zLtn_U0rxs!VZhrYxsg=-{zBkh;W82^W$Pfg@fV*1l-uP_hMCG?RlhkVY(Z99|7oSn!-N$4f`n zYyXA83R-8Ly%9(eMS9a*UobR4bx&h4=FsKrDq36;GTZ=(-ww|g ziX*OqcXK-wv%$L~yk=UFbVGVE%#{etl>~02#Ec1o#CEFRSL2mM?LP|#^#3r(7}Bzl zTmK_?s{Y!p+^_4zk)J2Yz3~nBmIsJC@dyN(Cj6@1i}aLnmjYQ)mqsuG&=ljQHw{5; zO`8yd`Yu5J+lXIT{=eYu3u}=nAd(l5ZV76d=q%vc5D7ul;LZ^#tw<^$-f;cRtA-4C zEDXc$!<1ORs^zwCnDAa`h(@$quvAf?;g|jF{F@R+#krzX7P?mu>&mm>>;|_s*u%)g zVvBBKZpknmK z>t7Bv8?y7we^N8;`EYx96U&R=8o|3jyjW5_B+?9Z+x2f+21+YFLO)c=3dT5=v>k%2JTI1>0x+UOvLEa>oB02_{FzW|UYxJKh@)~H=$Ve;+W3%G#)4L4Z#y9DkQFTIFzCFP#4SE4b9(#03ZbG@SWoK8&a#F zIYY;)L)P;ol)wtpiF7%T?;Cf_;Re$0Tb=4Z+-62b5ei$pP|-n(7x<9l%&}}D1Pt+- z!6@2AjB$%bI|+W(8Vg0anxZZ2#|P$yr^|-d8_^8ZAHa+b{GjTUhu5fr`hZn3A{Zpq z+y=_giM@N zmfF>mvHlO{*(SM;R;FCP6khPPbaWWWHJ4)jBm0I4V+1+zCyMjl zqf1jc0_nDzV9l78e>l@IRXtC67ILz#gAC~iu@C$w#V>m(03AnaPN{r6pHMLO1BlougH~MVDy7-ps_)7c~mwL8t+jgg5b+I5At#%$0 zff*nuqlZ!ugrQ+A+DlrIJjflZ5`4G*Q?Ao3$;;#1!2^E@2|Nj5#QaXOm2vOqm{dF2 zqna&ok}cUQcbk@N3y-Wz>~rj9xq&K1Y8nPW3WhnJ{&t%`sDeb^`!gTnOJ{t^wb8(U zJm5~Fo`W;pR+FqHc-jl?->Dn1B2qJ_I{ zP|Fny%7$3*3}FoI2!Zjh1&$I3%K~E?7aj0BM%s3*j+$0T+yrovKjBU}3pM^1wMcZKj*F4u@ESt*|@Sh8J;tD2_kFy3@O4O_H3%vxpUZ~zJ z7#WMm1mySV*X-xS2*sW;qIA~^Lk+j6BK4S;MD`T!iB%t1ME;oNni{41-V(8}wq~OqzaUBe=fqt+@+Xuv#wn zi+1JPF=8B?eu;vAaNf%Old)&?_W}UZ@GBD>+K%uBYBoWyfjn3X`4Q7Xd6?@)5CLxc z6ag6sHSQOOZx96uI-GelSgpFdD2V#XyV9?FcbsHiQVuoe{1c{|?&BgKq}Co71cc*0 zBQd;-q$2`h(i?>C!zvy5n#YPMSxUjFrPOQ4i@H^hzJY>t&+EWL0(gPv`gl|)=OQwoBBl(DgVWci8(T&H7Al3SJYSf+I!PwCr(z_ zQa(Qt4;EjUj&JxGF}2XQirg=&QzrKCQwpB+rs=*+nO#swZRYctD#HIsnox=NSaO_? zJcN24@@n8wz$b^Tsb!xomKEoI3 zW9=%Bq@9uF^+~Gfn_cLenD(-Q9u3{Z|1s|N)0~}S9dJnp2LfPeS)ryh3UKM{l(DEL z?F)lhTTawPBsWFpSdA$u?oXnwJPUtOdC zQ+QzN%^K;2lN}kbg&THAOGJdexiVsxE&;+#kW~zcCy{VkEbQsE4cw?vxNd3?CU;6D zqb7DtI6}A|4i4g?r^npSgqn-ZAnpUYK3G(FGX~d>F)ZPm@-|FK9FCD*+pvi-YiW#W z$DXr+xr+F1YPUTT4VGP#3zVY{CS{FrZRW2fUMzpFu^z?}1;rQvNL9;Nd3sB95Tp-P z9H4g8cUBU^N{C(Cu%RuDm(wg&sAItr0K3fW78Ot3cf-=)Aa4m8k}?EZs~_RKj>)MJ z979umq1Wz_w_&s;e-CDDJc}vq0ssy^l2LWI0nWEl0;6+CFMB@?#-WpE?DCcY;|RdP zX)t9g^b&)Gy(sBIS5Jcx(>8RA3J0nC$C0%fHN+61KC<)MjGH^=S z)crfeTW(fZ4Eq|$2eUXvNLlw@#L*NN8YJ*_%RQ-zBf%navfro#Zl?Hk6>VN#L^3B&4VcYF@zqQj+a=%NK%FTEY(6wY~$O zu2mUC-g=l*j!;BM%W#5&m1H=$Z>vtxVGW<(YpfObjZvkSFc7J66nY2T{UKSK4~y|J z*Go4!-XM1f+jPQG;|2&lxJXS@(Ay=u-y#XCJ=C>8gR#T`(SRz=&ktUfoOlLo>T%x3 zP}n*=6gWS0=w=x@i_lkoI{FS~#{CGwkzq=F1hsRXzGPc8qnFdr{MI`BR?RWG3b%-r z9(nPr1SmGzeDt{6#Mhr)(=8*kf*z|uQpQ^isqzapnHWX#^Sug1m6F%a0DB12+9QcR z16k;b^b$92_HeHd%ir5*ZE_UrG!x3MO)|=9nyA5&hc;j&V}1~R%jMkX(Eg;4s`CIz zl7fEb^8(v4lV!Id_ySAp7XbPKiHJ{xj?VEr17( z>C`oYR*vhj;B8IiTuy7FC|T^Sahyy>H(_+g2`MVsUi|QJE4N-Kp0Wh3r9q+PFt=JL zNDRq2=J=fpVMGhYEM>T}mI;+N!Cw+14kwa*3N*9SJszUzD(7$x|`O6g43Z$lqkL+3Kr|$hriU!T}$V%Q?E+@zRELb)76N>phv{+Q+^Ut6->Fk7eSt#=Y zMY%CU^8^?!{{xidEsGu0O-ctV-S`)$MV2TE<=-7_;sz|+K_k?mH4I@p(5W|;5^__Sc#Zm zDmn-6BM=9Z#SENRiprA3XsvA#H?6d@Pi*`=i_?8=4ZVa%7_xzmR83OgFd#RRD z`@6C;Od7*8uA#&cyjDA@`8Gm;gYNO=SA|^Y{&9jM3F^H7+7M0=M1t?V2xPLu^;P=b zvFAxSCub&SVPirHD~RR0(NNND%AmQ@oB0Xe4vS2Y#>_4>@)U`>KO4?bEd%}MCLit& z+@q2{;7zu~985 zB9S!neOkNkpUL!6B7|5&0fQOjsw^lexKQBXn< zb+E>{+(t4y8%`vE%jr18bhD&eAqbk^E`+|pbl5Au#V}dXVg!HO2;hbJrLIv-6~g!2 zf|LU4h)nP_A%1QaAt*#OXcUB%jZESD zOC=^ts!L7w%jfmuZm+caEZS3=GV%|J(s7jDWL4N&@mO4|LgK(fPGUL`GQQVAocWX= zFqWl;NG3?{H9}km$o@aLDmkc(uoa?fsc@hyU}GT247Cz4_mgS*TRu^xG0iU!T_!$! zJ*sXrVK6VO zlfk4`edj{eut;4n8#3E#p=9#O*uTYKpy}1!HNm=D)9()O`IaE+&S|()4Y${14Pj>Y2Q-pCCZk z+|I29h!4b2*Eu{)vcB^RG*@R;41^l_1vW)ZprXrZdr>mq)Z5m-)=LovcP^-fn(s%> z8*7?HzJ&)w9!kd*wWFi63&{Xfkzbwl_)uKJ3ss)Oua7j9lnX^eJ;6UfG(TasO=0yK zQlS*FdK3P0*?>5DPH_)`qKBg8GXi(f>q5@FdKikye6YR*?*Nk&rw9nvadhqgPt+XW zYM;*wbNwL{NLuPQSuxjV5Wbs5FX2~D%K4*V0Cwzr*WbD}l)rx-0EqD0Ldw9?-+2;iVsb zig&fVzUu(R&%Y^Hcryns>hMsSg=18vnu02Ovr9gJd;kWT*~W;)%xch!UDtwTU^s>A zw>&)u4=lel6qEH~sr*!2vg^O5%e?>dBZtYV!)5BmKmT^}mv;SngR%GXzND#@?ZUZ? ze4d0*ag(S}%cF#l8|V!Ym)KkAG2z6#n~&Ke>u!U=LplQ9WT(J}Pg4R#8pJqIgfV>; z0{hSwE@M|JD@9!Wz%;xm<;N$1;9}V>O3<92&zzsr`WR5cE^ZXm%#9WL3d*{yHP~=X zVe1Wof`Z293osB;h54X4+c|6}d!ynH55ZZebY;B-ZQiBwzyG8>W%UvU1mU3(Qgw_$ zhMm#UN5v(Tr8>Ul({kWM8zz8}W}zIuCgZkYq(KeNmr%#QbFeSZUZQmjL{m#N$Y1H3Spy9{=QN>47qaX zFr}Qz=?mu&fa=#p3Jo7Ibpdbk<1F4ckoNNHd)O|o#YZ}$nvNvpu#x1~Ft`6)q7d#G zEP19H2u@VYsS!T(=1x|tS1_vnXWOy>PU_o|@4d3@2lNgb^Sag5VKiG3WF)sx)kkV8F}BEOnB+YTFccWXml7@$Zt%2fR-_-VM9&h7T? zfv5onx>iaW1S_O|eiCT-`4-6R_dQtcdE}$*p1aqLJW91}$YY$_v%&s&MT+1*js1xD z<*nns_G#BzBmf)o?_OQ*4p!MHy<4>A$?s{douyBJ7i5c9yw6-&7(snZZJcg4;REff zUz+XrNEVFWa2djl1X&bz?nV0_n(TDf#rAIA34m#UQwoPrQF|+=c7F%>^bn*L!DHBy zyvD9TAQPeq&G|EF6o{`M-l(|r!^x_e>gS`<7Py&z3&2Os=ZS*38)-48V|m6X;E=gE zo`aeQOG&9wkX@Y!b-x#nbYth$bwK1I2m!JLQQuQb3rVZ)X!A<>ncbWxrZAgTQ?icB5Kwey zse+C=zD_)IKuHbp+2q0>-2Tli;>% zdH|Hdv%GUxz+qH52&0`FwN%{UvpVY&4XUM*p(mw;QhGRlf7e{;;Zi7?Cez{ki={wQ zr;6L0wV)v#oyaenkwiO(?-4C!3Y@cD9`-Pyg_z7_r9_|61R#|ld~3vXNfUQV!?=Wn zi!@>kB96s%1I+ye*t1A;20i0Gq8f+Av5bjU@0H2u_`|@XtfEHQ2aPEKx}&YtimOXg zf<`!)1zPzf_$qhS9%2vM2|0?j9#Nh@%jeo*8eE5-`t?3gc?Y$oGimfYM~7vVAm>qf3;Adnk4WfaVJc`O(>~G4Z)GN z)vZxWOpH?{eRhfUB?c(4hWo>BC=5>H0Oc^zUyWm=8*x{7S)!019Pfw)4mid?Zne@2 zWwI{95WE%Ab{Wu@Vf%keLE=~3k--8*t+s`8WR&P@C8wsS`4l*4zO4v0p$X zx5mvmAp3n_G&98rL>#lIh1yQYUfDKu5rSl>Vkv3~OL>L>5cpMS4AqgV$+c>0#_o9> zx{3dE9Jd+0Vt!kUqC&rg8i5IF+d8+z`KdLkfIEGaES~g9AkNLk`aU2&w zaDd4IA`Pqz^`YO5UB#etDXm}R+1(3^yWdd#qX@c=w*~)`fLixg1v#kpC2}Ew9SWDI z?*GFpr$C27rreE<74JpBVA_bcq@*_d&nxfaw&tswf=;KQiX9HcMNK+I{E}bmV$ErD+aJz-XkN9MzduFWV*2SIv&%XAQI>koII9_5rRz%0_RHTt=!yJvY z-NLwAcY7`h{@{=}&|#Tys7c@K?*8h@rLMv>El)S@ zvM|R0(4Sz%MbT;M|Gu6zPyE&a@$X4jKKy&#M*rQZzg^b&i`iOe>3qvIk83q|C5-%nBjjj t@xPh)pFZ)62L3k_|C@>bUuxTRJ37e`j~%WHnVWindows 11 +- ✅ Supported Linux distributions +- ✅ Microsoft Connected Cache for Enterprise +- ✅ Delivery Optimization +ms.date: 03/06/2025 +--- + +# Microsoft Connected Cache for Enterprise and Education Secure Content Delivery + +This article describes how Connected Cache nodes facilitate secure delivery of Microsoft content between Microsoft/CDN endpoints and Delivery Optimization clients. + +## How Connected Cache nodes facilitate secure content delivery + +Connected Cache nodes act as transparent content caches, meaning any device can request Microsoft content from a Connected Cache node without needing to provide authentication of identity. This allows for efficient discovery and connectivity between devices and Connected Cache nodes on the same network. + +Connected Cache nodes only download and store Microsoft content from provisioned Microsoft and CDN endpoints, so there are no concerns about the cache storing personal or sensitive data. + +Regardless of download source, the Delivery Optimization client on each Windows device verifies the authenticity and integrity of content using its metadata hash, content hash, and signature before installing. This ensures that the Windows device is protected against man-in-the-middle attacks that may attempt to tamper with content while it's in transit. + +![Diagram of content delivery between CDN, cache node, and DO client](images/mcc-ent-secure-content-delivery-diagram.png) + +As you can see in this diagram, Connected Cache nodes currently utilize HTTP to communicate with CDN endpoints and Delivery Optimization clients. There is work planned to support HTTPS communication between CDN endpoints and Delivery Optimization clients in the future. + +## Security considerations for Connected Cache nodes + +The security of each Connected Cache node is dependent on the security of the environment in which it's deployed. + +In order to securely function as designed, Connected Cache expects the user to have taken steps to secure the different layers of their organization’s network and devices. + +The following section is intended to provide a high-level overview of the security layers to be considered by the user, and additional resources for learning more. + +### 1. Azure resources + +The first layer of security lies with the Azure resources that your Microsoft Connected Cache nodes communicate with. You should ensure that your organization’s Azure tenant is using role-based access control (RBAC) to apply policies that enforce least-privilege access to the MCC Azure resources you have provisioned. Only trusted individuals should have the ability to perform create, read, update, and delete (CRUD) operations on your organization’s MCC Azure resources and cache nodes. + +You can read more about [Azure identity management and access control security best practices](/azure/security/fundamentals/identity-management-best-practices) and the [Microsoft cloud security benchmark (MCSB) documentation for Identity management](/security/benchmark/azure/mcsb-network-security). + +### 2. Local network + +The second layer of security lies with your organization’s local network. It is recommended that your organization adopts a Zero Trust approach to network security so that your organizational data is protected even if an attacker breaches your network perimeter. + +You can read more about [Azure best practices for network security](/azure/security/fundamentals/network-best-practices) and the [Microsoft cloud security benchmark (MCSB) documentation for Network security](/security/benchmark/azure/mcsb-network-security). + +### 3. Cache node host machine OS + +The third layer of security lies with the Operating System (OS) of your Connected Cache node’s host machine. When using Microsoft Connected Cache for Enterprise, your organization may choose to host Microsoft Connected Cache nodes on a [compatible host OS](mcc-ent-prerequisites.md) of your choice. + +Regardless of which host OS you choose to use, you should ensure that it meets the recommendations of the Microsoft cloud security benchmark for [Windows](/azure/governance/policy/samples/guest-configuration-baseline-windows), [Linux](/azure/governance/policy/samples/guest-configuration-baseline-linux), and [Docker](/azure/governance/policy/samples/guest-configuration-baseline-docker) hosts and that you perform regular OS updates to keep it up to date. + +If you are hosting on Windows, your host machine will use Windows Subsystem for Linux (WSL) to run the Connected Cache container. You should ensure that your deployment of WSL meets the [recommended Enterprise set up for WSL](/windows/wsl/enterprise). + +### 4. Organization-managed Windows devices + +The fourth and final layer of security lies with the organization-managed Windows devices that will be requesting Microsoft content from your Connected Cache nodes. The Windows devices that are connecting to the MCC node should be secured according to your organization’s security policy. + +## Frequently asked questions + +Below are some common questions you may have about the security of Microsoft Connected Cache for Enterprise and Education. + +### How often is the Connected Cache container updated? + +There are three scheduled MCC container updates per year. These updates included minor security patches, feature updates, and bug fixes. + +In the event of a new Common Vulnerability and Exposure (CVE) being identified, Microsoft Connected Cache will publish a critical security patch to the MCC container in line with its SLA. + +You can read more information about Connected Cache container updates in the [Connected Cache updating documentation](mcc-ent-update-cache-node.md). + +### What security improvements are included in the latest Connected Cache container update? + +You can find a list of security improvements and other fixes in the [Connected Cache release notes](mcc-ent-release-notes.md). + +## Related content + +- [Understand Windows Update security](/windows/deployment/update/windows-update-security) +- [Understand the Delivery Optimization secure workflow](delivery-optimization-workflow.md) +- [Understand delivery of Win32 apps via Intune](/troubleshoot/mem/intune/app-management/develop-deliver-working-win32-app-via-intune#the-flow-behind-delivery-of-a-win32-app-to-the-client) +- [Microsoft Win32 Content Prep Tool](https://github.com/Microsoft/Microsoft-Win32-Content-Prep-Tool)