From 6d8b1164b24c4ce9c66277d3857a0b09b8d02317 Mon Sep 17 00:00:00 2001 From: brsteph <96074545+brsteph@users.noreply.github.com> Date: Tue, 18 Jun 2024 05:01:55 -0400 Subject: [PATCH] Adding Multi-Region Network Deployment (#1608) Co-authored-by: Jack Tracey <41163455+jtracey93@users.noreply.github.com> --- docs/wiki/Deploying-ALZ-BasicSetup.md | 23 + docs/wiki/Deploying-ALZ-HubAndSpoke.md | 27 +- docs/wiki/Deploying-ALZ-VWAN.md | 18 + docs/wiki/Whats-new.md | 11 + .../ALZ-secondaryregion-multisubscription.jpg | Bin 0 -> 18355 bytes ...ALZ-secondaryregion-singlesubscription.jpg | Bin 0 -> 23310 bytes docs/wiki/media/clip_image080.png | Bin 0 -> 28841 bytes docs/wiki/media/clip_image081.png | Bin 0 -> 30143 bytes docs/wiki/media/clip_image082.png | Bin 0 -> 29883 bytes docs/wiki/media/clip_image083.png | Bin 0 -> 40978 bytes docs/wiki/media/clip_image084.png | Bin 0 -> 43579 bytes docs/wiki/media/clip_image085.png | Bin 0 -> 14840 bytes eslzArm/eslz-portal.json | 1601 +++++++++++++++-- eslzArm/eslzArm.json | 1340 +++++++++++++- eslzArm/eslzArm.test.param.json | 63 + .../privateDnsZones.json | 29 + .../vnetRouteTable.json | 76 + .../azFw-basepolicy.json | 118 ++ .../hubspoke-connectivity.json | 13 +- .../subscriptionTemplates/vnetPeering.json | 2 +- .../subscriptionTemplates/vnetPeeringHub.json | 113 ++ .../vnetPeeringVwan.json | 2 +- .../vwan-connectivity.json | 277 ++- 23 files changed, 3456 insertions(+), 257 deletions(-) create mode 100644 docs/wiki/media/ALZ-secondaryregion-multisubscription.jpg create mode 100644 docs/wiki/media/ALZ-secondaryregion-singlesubscription.jpg create mode 100644 docs/wiki/media/clip_image080.png create mode 100644 docs/wiki/media/clip_image081.png create mode 100644 docs/wiki/media/clip_image082.png create mode 100644 docs/wiki/media/clip_image083.png create mode 100644 docs/wiki/media/clip_image084.png create mode 100644 docs/wiki/media/clip_image085.png create mode 100644 eslzArm/resourceGroupTemplates/vnetRouteTable.json create mode 100644 eslzArm/subscriptionTemplates/azFw-basepolicy.json create mode 100644 eslzArm/subscriptionTemplates/vnetPeeringHub.json diff --git a/docs/wiki/Deploying-ALZ-BasicSetup.md b/docs/wiki/Deploying-ALZ-BasicSetup.md index e49bbc9779..8478a3fd14 100644 --- a/docs/wiki/Deploying-ALZ-BasicSetup.md +++ b/docs/wiki/Deploying-ALZ-BasicSetup.md @@ -46,6 +46,7 @@ On the *Azure Core setup* blade you will: - **Provide a prefix** that will be used to name your management group hierarchy **and** platform resources. - Choose between using dedicated subscriptions or a single subscription to host platform resources. +- Choose between deploying in a single region, or in two regions. **Please Note:** A dedicated platform subscriptions is in general recommended. However, some Customers have the requirement to host their platform and applications within a single subscription. This tutorial is aimed at Customers with this requirement. @@ -53,6 +54,10 @@ On the *Azure Core setup* blade you will: ![ESLZ-Company-Prefix](./media/ESLZ-Company-Prefix-singlesubscription.jpg) +Next, select if you wish to **Deploy in a secondary region**. If this is left as *Yes*, then you will receive additional inputs later in the process to deploy resources in a secondary region. + +![ALZ-Secondary-Region](./media/ALZ-secondaryregion-singlesubscription.jpg) + Click **Next: Platform management, security, and governance>**. ![coreSetupTab-next](./media/ESLZ-Company-Prefix-2-singlesubscription.jpg) @@ -208,6 +213,24 @@ On the *Network topology and connectivity* blade you will configure your core ne ![networkTab-fwSubnet](./media/clip_image036b-10-singlesubscription.png) +### Deploying networking resources in a second region + +If you selected **Deploy in a secondary region** in the Core steps, you will also configure a secondary region for networking platform resource in this blade. This secondary platform network deployment prepares you you to take advantage of capacity in multiple regions, and for recovery or multi-region high availability. + +The deployment will use the same deployment type as the primary region - either two hub and spokes with Azure firewall, two hub and spokes with your own-third party NVA, or an additional virtual WAN hub. + +![img](./media/clip_image080.png) + +You will need to specify the additional region to deploy to, and then you will be given the option to deploy and configure your gateways and (if applicable) your Azure firewall. + +![img](./media/clip_image081.png) + +For best results, use similar inputs to make sure that your regional deployments can both support the same architecture. However, if you want to forgo deploying a gateway or firewall in the second region, you can select the appropriate options. + +Once deployed, your regional hubs will be peered together and have routing tables assigned to the firewall subnets to handle routing to each other. You can add routes to this route table later, as you add spoke networks. If you have deployed DDoS protection in the primary region, it will be applied to the secondary region as well. + +Your Private DNS zones will be deployed in a resource group linked to your primary region, and will be assigned to both regions. See [Private Link and DNS integration at scale](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/private-link-and-dns-integration-at-scale) for more information. + Click **Next: Identity>** once you had configured your network setup. ![networkTab-next](./media/clip_image036b-13-singlesubscription.png) diff --git a/docs/wiki/Deploying-ALZ-HubAndSpoke.md b/docs/wiki/Deploying-ALZ-HubAndSpoke.md index 1b3b98fff1..c936f4d1d2 100644 --- a/docs/wiki/Deploying-ALZ-HubAndSpoke.md +++ b/docs/wiki/Deploying-ALZ-HubAndSpoke.md @@ -34,6 +34,10 @@ Provide a prefix that will be used to create the management group hierarchy and ![ESLZ-Company-Prefix](./media/ESLZ-Company-Prefix.JPG) +Next, select if you wish to **Deploy in a secondary region**. If this is left as *Yes*, then you will receive additional inputs later in the process to deploy resources in a secondary region. + +![ALZ-Secondary-Region](./media/ALZ-secondaryregion-multisubscription.jpg) + ## 5. Platform management, security, and governance On the *Platform management, security, and governance* blade, you will configure the core components to enable platform monitoring and security. The options you enable will also be enforced using Azure Policy to ensure resources, landing zones, and configuration are continuously compliant as your deployments scales with business demand. To enable this, you must provide a dedicated (empty) subscription that will be used to host the requisite infrastructure. @@ -74,12 +78,33 @@ Depending on your requirements, you may choose to deploy additional network infr ![img](./media/clip_image036b.png) +### Deploying networking resources in a second region + +If you selected **Deploy in a secondary region** in the Core steps, you will also configure a secondary region for networking platform resource in this blade. This secondary platform network deployment prepares you you to take advantage of capacity in multiple regions, and for recovery or multi-region high availability. + +The deployment will use the same deployment type as the primary region - either two hub and spokes with Azure firewall, two hub and spokes with your own-third party NVA, or an additional virtual WAN hub. + +![img](./media/clip_image080.png) + +You will need to specify the additional region to deploy to, and then you will be given the option to deploy and configure your gateways and (if applicable) your Azure firewall. + +![img](./media/clip_image081.png) + +For best results, use similar inputs to make sure that your regional deployments can both support the same architecture. However, if you want to forgo deploying a gateway or firewall in the second region, you can select the appropriate options. + +Once deployed, your regional hubs will be peered together and have routing tables assigned to the firewall subnets to handle routing to each other. You can add routes to this route table later, as you add spoke networks. If you have deployed DDoS protection in the primary region, it will be applied to the secondary region as well. + +Your Private DNS zones will be deployed in a resource group linked to your primary region, and will be assigned to both regions. See [Private Link and DNS integration at scale](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/private-link-and-dns-integration-at-scale) for more information. ## 8. Identity -On the *Identity* blade you can specify if you want to assign recommended policies to govern identity and domain controllers. If you decide to enable this feature, you do need to provide an empty subscription for this. You can then select which policies you want to get assigned, and you will need to provide the address space for the virtual network that will be deployed on this subscription. Please note that this virtual network will be connected to the hub virtual network via VNet peering. +On the *Identity* blade you can specify if you want to assign recommended policies to govern identity and domain controllers. If you decide to enable this feature, you do need to provide an empty subscription for this. You can then select which policies you want to get assigned, and you will need to provide the address space for the virtual network that will be deployed on this subscription. Please note that this virtual network will be connected to the hub virtual network via VNet peering. ![img](./media/clip_image036c.png) +In addition, you selected **Deploy in a secondary region** and deployed a network topology, you also have the option to deploy an additional Identity virtual network in that region. It will be peered to the hub in your secondary region. + +![img](./media/clip_image085.png) + ## 9. Landing zone configuration In the top section you can select which policies you want to assign broadly to all of your application landing zones. You also have the ability to set policies to *Audit only* which will assign the policies for Audit. diff --git a/docs/wiki/Deploying-ALZ-VWAN.md b/docs/wiki/Deploying-ALZ-VWAN.md index 321145716f..5f57b63d2c 100644 --- a/docs/wiki/Deploying-ALZ-VWAN.md +++ b/docs/wiki/Deploying-ALZ-VWAN.md @@ -34,6 +34,10 @@ Provide a prefix that will be used to create the management group hierarchy and ![ESLZ-Company-Prefix](./media/ESLZ-Company-Prefix.JPG) +Next, select if you wish to **Deploy in a secondary region**. If this is left as *Yes*, then you will receive additional inputs later in the process to deploy resources in a secondary region. + +![ALZ-Secondary-Region](./media/ALZ-secondaryregion-multisubscription.jpg) + ## 5. Platform management, security, and governance On the *Platform management, security, and governance* blade, you will configure the core components to enable platform monitoring and security. The options you enable will also be enforced using Azure Policy to ensure resources, landing zones, and more are continuously compliant as your deployments scales and grows. To enable this, you must provide a dedicated (empty) subscription that will be used to host the requisite infrastructure. @@ -69,12 +73,26 @@ Depending on your requirements, you may choose to deploy additional network infr ![vwan](./media/clip_image078.jpg) +### Deploying networking resources in a second region + +If you selected **Deploy in a secondary region** in the Core steps, you will also configure a secondary region for networking platform resource in this blade. This secondary platform network deployment prepares you you to take advantage of capacity in multiple regions, and for recovery or multi-region high availability. + +The deployment will deploy an additional virtual hub in the secondary region that you specify. + +You will need to provide the configuration for the virtual hub, same as the primary region. + +![img](./media/clip_image084.png) + ## 8. Identity On the *Identity* blade you can specify if you want to assign recommended policies to govern identity and domain controllers. If you decide to enable this feature, you do need to provide an empty subscription for this. You can then select which policies you want to get assigned, and you will need to provide the address space for the virtual network that will be deployed on this subscription. Please note that this virtual network will be connected to the hub virtual network via VNet peering. ![img](./media/clip_image036c.png) +In addition, you selected **Deploy in a secondary region** and deployed a network topology, you also have the option to deploy an additional Identity virtual network in that region. It will be connected to the hub in your secondary region. + +![img](./media/clip_image085.png) + ## 9. Landing zone configuration In the top section you can select which policies you want to assign broadly to all of your application landing zones. You also have the ability to set policies to *Audit only* which will assign the policies for Audit. diff --git a/docs/wiki/Whats-new.md b/docs/wiki/Whats-new.md index b2a7aa2a98..aaf3c6c82a 100644 --- a/docs/wiki/Whats-new.md +++ b/docs/wiki/Whats-new.md @@ -144,6 +144,17 @@ Special Note: Existing consumers of ALZ will notice that some "assigned by defau #### Documentation - Archived the readme content in the eslzArm folder as it is no longer relevant. Please refer to the [ALZ Wiki](https://aka.ms/alz/wiki) for the latest information on how to deploy Enterprise-Scale Landing Zones. To view the content that was previously here, refer to the [archive](https://github.com/Azure/Enterprise-Scale/blob/45d5c2bd8c1a9e19b1a46a3a0dabb311e5320b64/eslzArm/README.md). +- Added new instructions for deploying hub and spoke network topology in [multiple regions](./Deploying-ALZ-HubAndSpoke#deploying-networking-resources-in-an-additional-region). +- Added new instructions for deploying additional vWAN hubs in [multiple regions](./Deploying-ALZ-HubAndSpoke#deploying-networking-resources-in-an-additional-region). + +#### Tooling + +- Added functionality to deploy platform resources into multiple regions. In the Core settings, you will have the option to deploy resources in a secondary region. If you select **Yes** you will have new options: + - In the **Networking topology and connectivity** tab: + - If you select *Hub and spoke with Azure Firewall* you will deploy a second hub in a secondary region. You can configure the IP space, VPN Gateway settings, ExpressRoute Gateway settings, and Azure Firewall settings for this region. Both of the hubs will be peered, with routing for the hubs to the Azure Firewalls being deployed. If you select DDoS protection or to select the creation of Azure Private DNS Zones, these will be linked to the second hub as well. + - If you select *Hub and spoke with your third-party NVA* you will deploy a second hub in a secondary region. You can configure the IP space, VPN Gateway settings, and ExpressRoute Gateway settings for this region. Both of the hubs will be peered, but no routing configured. If you select DDoS protection or to select the creation of Azure Private DNS Zones, these will be linked to the second hub as well. + - If you select *Virtual WAN* you will deploy a second virtual hub in a secondary region, as part of your virtual WAN deployment. You can configure the IP space, VPN Gateway settings, ExpressRoute Gateway settings, and Azure Firewall settings for this region. Both of the hubs will be peered, with routing for the hubs to the Azure Firewalls being deployed. + - In the **Identity** tab, if you have selected a topology to deploy, you will have the option to deploy an Identity virtual network to the secondary region, peered to the hub in that region. ### April 2024 diff --git a/docs/wiki/media/ALZ-secondaryregion-multisubscription.jpg b/docs/wiki/media/ALZ-secondaryregion-multisubscription.jpg new file mode 100644 index 0000000000000000000000000000000000000000..af18ad250fb2ecf2c8affb6778412fc0bad9809c GIT binary patch literal 18355 zcmeIa2UJsEw=Wt5DI&dhq)Qd)T|kx$9K`^&@RP zZ2$oQ0RW6Y0oMxvO#tDI8-M-q2NC{vll10IBBGnONJxlDZ{NCooBS3zIRzyxH3cON zB{?}YBQ*^jJp%*7Z7L>aMtWvidItKxj1UmwpCP(QcJn3~Jq0-h{lELT?gY?~0vc}M z2nl!qH)se5X$Y=+09*h7!A*Q_|H|;c9t1b=c_bzwCA&qASE#23+#nz%yg@|xSFZ8e zLHPdxL^L;P??|c>(;2-a;qj)wAC{6&%BxY+#qewb%_n95I-KklBNHRr4o01QAZUHZv z4lRu%zKNS$Sv^BCDZDPsEojc$mms=@W6tt|P6Y;FIe z9hC&Nt=+%0|4^Sky$0mPUjqcL0lXRibA;Qc_wf2)cp}C?e!wHjk3^c_D7O&pf}%_gC_=1YnR*(` zEL%L_`Aw7Jyl-bZm0mvk^nNuWa?BDELWJWnKv}dZafP-%!Er|s_z0vn%M7;Y>UE|R z%s1Ut>(Lh3bss~}X-+_lO68(jozQEBa2W&VHFNjFUsbeA*2*J91FAEb{4+A?eD?-s zdOv#I)TXBy#%A{0k;^1Us|sKPk=FpGE~G=LKpNycp~lT;dvXl$QswhaR4PUcCZ8cG z3ObG+Bm{n;`t)1k1~yYG`FYw?^l8~k&P+wbO8v-(ns~izC5I2S$zr3F4AoCWEMcqt zJshUHn~0&#cK+6;22wc8tH@fZhvRmPInmFk2j(u{6Ou%BB-kL1Xp)|5z)f&T=P?!` zCLU7fdJl$5G&X3t=T_y!*00=hCrR&VHRS6F3n?K;Fs5A@0zu2gwlZNP9-$9o?4E(_ z_h6f&f^|(1`ze+S9@${w8T1BTj@L^N?pmtPY|hAm-NXVt-;G9E>V-gugrk}H?H!JV6b_z_Nlpe+VlQkbMk~I8 zxq7maK5$R8`9n1`IGulMwA@dUbKw$s!y3*N*)H9LzEnK1rJgMs-*lZ3Gmsuk zghuHct&xi_71do9l4Pv<*jXano8=-Q92b({RPFAR3-^2?Yxj!a~>wnu6+AVZGis$oy z)TPn^q6h(;YUs676Kv#~SDd9<_-{3GY(zJFg?DktyL7wp*0>cn|K`#B^XdVF0-#QK z-MI$G4PlyU6}Pn!(Zuwe`i~E(oGf#r%Yb>#57UMgHAe0s*fyN)TdX!V+xB1~9IYZq z2`=!h8IXGy`RWztu}PbpDq{nNC=JHn`?)6g?Bb!6y^f=j{UV`bp0Q?U2s?xUnMVPU zoDzp)K0}dzP~-riI>9^$g{bGFI$5?K!N5<`$QStRi|QWBetX>SL)FUlm(CwJx2O+xg);hkAp8PZ=+iq|W!#x$TR zn|}R;Lys+}rHWTTe%?aP!H0p5yIg|h^1-;(>32BfEeNHctdp>Pe~gQ|MY9CkY2Po&qt;@fhA-PTFy0wKDLs0Ws1(>lk)!eRj8IO8H3_{Rh!^ z93}Y!gMIEF&>h`*Y+#i8Hbh}{Kct6tPAxNlGqZT?^~`>%>;TOZ*n6=2w)>7@Os*W( zXRV5SCyO!y^V)#q7pFj4PacBx>T9vLGzv+N!>omCryk6wr->aYR`XbA+%Sv_VN<5S zpt>r4L0t1FoU1YK5U8Q=<~9SFm_b(IC87ExYwJ4+ImyuA6J)i@Ic!cFY&=dWcup1-^%{VuS2O`MX#v# zu~RiUE_c4bi`L$Yj~5@eF1p*8)^z$Lh%fEX5lq}|O+*@nsb9OGXBJ8Sz)maf5LBB;@&*evVsG)G$p zTi(AYZb(UVxOCih%fv}fT=K3Z>YHKY-u3p(zOk)9Zq!~lGXCmD?mH&!zWS9N;PGDD zoRdwZ#Pv^ZT_?9t?XUZ*PI& zU3RyFxxv?f{w%qKUzhGx?)}diCZuz?4BNCK_7m1do8NwX**Eo?$eWB@l0}%mRPfCHKJT4ANEJyQRi_)f^%4|@prH}5W&z;csfvI5!-3A zqNXNJV3Z`smCYeP^5S`wpK^@RX3G1>n-;NLLftscl430jctSyipwD=}Da^FAII3iz zJk6}VETAfAA3hc^Gq=sEodzlytf<)7KloB6s_2)nX)K%#C4juDteY{v3i{nhrMmfAXr;a1&p8r%!|@FE6wx*6A3V^!|U>==PW*4@lz zh=0wp>yB`7cebPMbc&&PLdv(F5zq`GO0v!0BLvDK$j!QrrsNBM)UEj zh{0C_nOa@{KE5#V+uw)#T{W^}*I25Qs=%0#WK|X$2+ah937O;7i?E(?ojp%1$8pw6 zy0d;_rqzGdxRAle#pm$T{!6MRqs;2bZJ~m=2lPf-fd7-iAe!L=^SXVc$)hfNC~T_1 zaQc~}q+JPBP+8Wks^mq9Feq_j1$D$o>v4_YM%tW7)54B^CKTPz1-u|#{$V_qu(`ni zE=xTe_fVycc!Dl-w_KdGWP|cPs!gDh-KmQZaXIKNqG>6ksedDB0`FMQ1V`Xtie9*w z_Hs~&T{}j$Lbb4TY->qB;qy(Cr}s*~%bPp}+>!?XL|mR+15#~JR2R2*I?j2{o2%U( z8I0^swcGB&@mxcw@5{sCLxkPAzJi-jL5<}99m^uI%gH@0^HxQ5^x|1-8x+2FZ@$Z0 zX^;cz6i=V1*L|1o^X=Q8r*8>;xe@p8kY+AYch=zCtm)j+SxJlC44#P+XslBzk6_e` zE|w2+_relkhc5L#Q>Gs_cZNQNn2k3XbXyPXhSdGVu4oeD*_Ci1wLkZhe;xkC(scdB z(!^2W9#>k%Ei7o_g79n%9=FVCHJ-t6{~LoL^$j+q|qbbg#^W_7Js`9l4niz*qH%cvvmhzNS^_UTg zn?D}iz3@$24>xRY3$mi}NdNO9?GLUT?^vuWbpLJ8`%wsdy_eOSlugKE7^v)zfxe5p z{fnM1^vV4ok;TeufP)upNVjHS{!XwMI=AiH4x+6+{`*N&QLI&?WaIPLaVa| zJ=E5jjGkas+T{FH$?MN(Aoj;p9U< ziRa8?sP9kUVPbt;x7fciNW4iQl`d*z=8#Id6e(}q_dxkP4vrB>@%plt`6j5c#-XZ< z5M-lcKt~?fMD*dfFcD40yQw}PKhUM{;a}ZOzh()Tim^4;8)eAarBVR2q!_8F7{0GW zwp1cY{pHs4FzA-3l7lqC;NQGdOGW2QP>4&Zfohe@*FkscRFStupW7B(IIW%K=QRVa zkXoI4xgv_8w?wKiOfU|^F0p#95!89orYyI1A;vqhBBV^$;?@KkIt;$AXexFyqGZi zJtDiJH!TRQpB9rTAI@Tm+T%-+FYODNG2|7-I$phIT7AWxcieBJo4tOvm@$_Vb4X7U5~0D&`)nOmocv&CiH)vnH!~uwW-w-4<+&VV8^YB$;tHYx!HLdWdXENNM*bGv~cB zuK5Fphw}Dv^q&1B9Y3E?e*VngJbqqk@I3Cb|C>BjBRd_4##M#~atcox3C2ht-h#-t zSHtVs#58-QhBpPMoH+b|#mOR~cUXnD+caFcS>H|20!E-V^G6 zw|&Wf)?3tcN951GXyUDf0@?-KHGqUK;nq{@15OjIpgZ4#2Qz}{us{s$HK4~<489MsK?a#lc8lmc_=rJ=q@5pL zG?ZHu+eF=GCP>@#K>ZleJk`Sl)h=6DxLI=6qbgL&XN}O6dCFs@=Gi6B6Lc;4!>SMB zaMo3Iua?460m_f!&V`Rp-;Q72K^vkPYJyN)l-RPKT&`BQM}Z>$(nQdG(C-TVQyL> zQOXAZOq>Yfq+{N&hqdU9N;O6%wdpxbzvgs=6QoG^R z2oQBh=JssGb#m`qtD<6LHs|}i4(A`fNXsREnq%?7;m40;2?+5#&WXfL zo=h77M4d8?vqdhl_0Kf`YG3oZ=~IW#Iy!+*h+mv8r>#uCcctbU5C;)&=WlGpFhxPM zDzM)BnZ^^+Z_A>a!(3jas2y_a&M}I-ue1md-ylMTDhtG&$HO{m+mg~&JL1s0=U*dG zUM$jXK)Fmi;N)S^kHlL|u4{3|(T@DA&u^3RvD5Xf1P`=}Tm3lM=QYL82*lR! zaXebko0bL%Y#MuiT{L_j?wrAw_~D+At)SoSdxmcS=yQ=hD#A;0G)V-G!(EjdqcR(f z<7v-9wJGT|gIF(~zO&N2lOj$XWlql3Jj4^FVN4LSDAK7a2~qQk457a?M)HbS3#5gJ zL5(Gc^r#gQlL=EJ^*VQ536l!qgaH3ZLg>?(Nn?RsgTcpy)rl+pi%*W*J2 zIQI5ztWM+LnWwcalP6$^SUyXV6orE4=^@FCl;{qG|f%|Y~4Zkl(A`}-wuj=gJTx~Kou*QE_gV#a%XzH`A3*bd^b ztZ{$~E97BsP=Gl)ulq^|7D5MIBG$Kg@-~^XzX}{BqEw-6r=XX+;q1+S3G%!lT>2pa zgrKm2;}o{DREyD8`smE~JNR_N9Wfad0pEZ%cKpp+E>}g#?x)2+KP0~tEfb(8$kiQz zC};tK8dmBVn-I!$$(%6GZzMf%A~_?Qo=oa(7kB2Au$!XsJWggbIbYb5M24i7-t<4X zs;>w6bf0muWOXmtcC^%hjGyV-C^}y40WvM->8K6U?=2{M+VRLiiq*$xbnjsao0j@ihlusn;+-&**GzAKNQN<1!*!7+j9QE^J-c>_K zW0i0WB|TSkI_R9Qd4XK99$%-wOm4QfN(kmjpWeThx<1CD&N#O|_v(JjYgI)&ssl_w z-(Cm<#2EYA#cwU%Mn@gQqhv>AbqxR(TDHja)+r)NK?%bqpBfx%h(4q0uK})hZ0@#f zn9RNuR0#Wy6jsAPS{->vv9LR????QtSs>i?SE1MaW%EVdeI?!kIx2Qu)~Yn`w!?}kvtHhIWvsM z-2-y+OhfF-u+japir0WB8HpRf@i~M+Rj;?mBR;6y`*@!_sdqn?F`8;Q3qPSGW6o8; zCe+$p8fDsG4x@h`Mj~=PldWFenzamH`&CDFM>dL_$o|y!u^UPQ(>uT`){+;w{e`Lt z-=007nCY#3w)|aAsp=VJX))0a^mM%4!_%+6S@&&6)Dey_U5mm$*{Sorfq9)Pbi0gp zH~fMm@bhg6&@n=YrWduAcaUFTg?izlEwKG5O_7wE^w*=>PfWpb#N5Z% z06JAED{LA*sXh=%H>YYt_@9H5A76E4is2RY0#^P8kF1RNVrt84#Vs5LGw(DstQz*c z0`FNjpbci<@wP4Chovj`y=*2}9CGX+8jsWFPRhsP?4ZOs$dDVCnr&Ej)P)Lf zk6f@Ayf|y^VUw;?Yl>)1fcK46g~%=AA0KW)KCi2(QTDob8?|G zBV`Qi*NoG8+LkFMbwAlkeYMKyb;CRrfO8|g*3l4vRmZJsU)wKN}=9ooou z2L9wUc_W;5*4UuPx+%S6d7;(Jq!_f(o7j2t;mjn|D`Lt?SB7DF@objX+Iob)=ZIrW zwA|w3d1|0E0Rz3!gPZ?dT(KeMAQFrE4)Y9eItaR^Glf)m+pzF1FQ$A~7e_( zC&ES6{BwHs;5uA|-Lr;FI9&$vu%Pqv#bedN!yhd+ z+Z#iN^*9k+ZiZlcYo<|KQ%g?cm~x_M;_mQk!%g>DXhtd~JZs%xk zZVO*C#N0CP_ui_l(-C!^G+j6%_>l61tc!#QJk78nyM8cc!q4CsB$$s|u;sC`3GO$K zx2S>tCIdOw8Q#E#+YsAGt23p(@3|0MB1;Aoma&H})QvbBTs#4)^1waHm0u!r0(vn! ztZ;WrtE^o=o2-; zvKF!WDne>@RHai_w0|6RK0PvL3%D2n_*rPwY!ULAu!Oib zX%EU{o;*rcXz)&0H5;aXN-`PDgT0=W&oig7&yXpa! zrraDq!$;@A^t>h65dK?4|BBIlK8beT%cG?3_~YsG<1@PLuc0#a63NZ|Q3qUxSfI*m zsIm&dJR$IPpkn#}*U`-8z9esppD?rbkM2?qPp}s%p@UII-|IHyaSLmYVnRH~9Tne8 zQM%*v1Cb_;U6H;Mv%((PZqqB)#yalxU`4(fzVJtPT7!fza3n@~8%57J3b+_vPZ;J`d-(Yut^wqPkEik{*EBT9RmA0ao9azt zJ|d*L&jwkz#}fX9Zu^UJ`>!D?lFWB9gQAvt2cl4+@cS6uy??`L) zuu(`P%g<8e0|v96JZ2d&2aP<9NoWOc*EvO(u}{f1;~{f1;&lPAC{Q3>eO+YWCl$9# z7V=*wF`Kzaz@g* zO5yhkt=luVtfHT#PJYi#w3weie852Spwomv=cW07_niLAT#b=Y`mw1(DMcCDw@M57 zW90!XXjWfA3>SzimH>C{Uezwadv2^et-8dgHSqS64C40!e=p)Y1NwrSu7bOt;>*sY&>p)+aW8XaX%Mgys6pw%!fuAo5(38i&LVeN z!O|olttV2JJ>s+3cl=_odefXWwznb`O2*CjRfv_oZ-Z#h3=N4~&x{rU@#Lk`EHgVi zzJwb>y-yzSIj~&=xNv-6E~HDpSNv>)0g6MXk9DKtRC>l3(Z!kP&Yr7pAUs^h!f#(w zIVJh!S-{0pu;xLX3ABqM-6Q)3RmzY2RdzO_iC~K|>UuqauStq|=L^x|?muD6@Ss z^x>M^rGVm-_FRE+sQV#pRm@47ra^VXkEX!}{lJ$^VI_%g1WbC$wY|gTs|?W+{dfHm z)leZlL1wT_(_lileN8jEt?ygpv7ftqVp~DrM{?2165qH_2x_0ORMJ2C-792%Z}VbV z`y;9@)x6906djpDfbf$M`_Rm*{5Hf7N3wjIXgr^0SA2uRFTjBNOK-OuK zjlfE7U&?^{37(L&&uhw@>D%vda8BlAlv7?zVpP?s5QG5lMVINU_ihH2{Ys=nD-Q=+ zCHdsc;W(#mW2kOiO3&i>4Bm1^Q+%=#n$gcr)OprW9nL*ULy&>eg^Tt8T51i|wJXs5 zy{ue4f@qn|WJPd=_)O1EjH!;4tnBx6ek-LgB3e@JErz*Ea!h|1gv|w|hJEDWNnGb! zE%2#KAi}A#-!*QdMAIdZN5i7?DW6i@>gw&!+m}YzUVMEB0zbToq)nZ#(%vG!3X0m8nc$0c{gmWK@=MZXjY#J+)hkMh0C$WXQlPL1 z%ckF!*4H50PB5|J!&DN1mw3E_!zh?R(wprmO09%JHY277#HFe#MNh60;@1R zd(;kX8^3f3K!LQ`d=m?goSWmEk{CtFo6HB4!f$x*b&}wj&r>IiS5F=d*xM7@06*c- zw6KwNX`T}E@Z2EdiBAFDKH&Sb_H3S}5E(@}z>{Wt^%3&2)IFDvlNnwxC7q~>#}z)| ziElE8l`o+w?~*e1dGuwc?LPLiu#BpR!1=CX;MlL?9`)`hLqhtDY zjae$%2z__}X-bx_>`|F4o9l;rMgwDPsw7w6+Uc-nJ@F`csDUZW=xv+r=DErd_90d&1SuBQ?p$uFcXwY|s}z@e`G*MRvmODlK(ovR9$(@*8; z0n$65t-#?ge%`rg0N`HoDx`#(o+6Aoh!Piuk&->75rxTNj5=!YSXe zPr;Mz_a|FTFp4M`%=izE68(#2`wa`FIh#50guvTO(1E$%QWgMT*7!xnpNe2@|XreOX(3a211i~Ek% z4T|vH2cD+Iv_@>|)whoO51`=&l;sv&@mU5jJb`|*f} zIp$*ZGdd8}{sG&Ifx+?!A;vz)w);Qv8`q5BzG}A+>h2<%JYA|e{+|5d8xhpWjc)Jr zPk-<#JGUaZk~=6bnZAQzCg|_rlBdm>s0v^}kb618N{chcivzLrsHXYJ=BCD)Tb(F3 zVOrV)PMbA+1?fjI!6;bIOfZbm3>7(%D04eD(4)x%{ku#0JcjJ|Te{6}ha=VTlj1DL zmSI@>WHUtskF#T=r%!Gj%`3aB6inrGJeX0JJETt7D1I0vxi!^wI6b z;t9S&5Y6wFy}Y}$wnK_VPhu=}QRW=F^HI-!nbVSWhmBIjiuryM^Qc$3<5VBMv!0|+ zwtmb?Mh8@~BYaK07p|?%%)aKmyOz4plQnV{BRyhf0PUCpZP{q_o96x6RB+MOvz3)M z)3EvUKq>0g^Hs);%g4>8c@8g&fwR2Na+fwT_MRqM*rzOVlQF*_Ga);RA=Ijwx z?JVEApxgG1PXgTFZrOVVvEnp>d`v7#%A9; z_l6{g$a;hQu%3cos)6UWs^YA&)R(<;+3dHcAUWG8r66spyIfD=eD zu;-c3&tKCk$C^r*p3p=D)T$O>J1!K!O8U(h2XK79s!n{l>GJ8Z-ITIXv324Tl(u&B z!^r|Q_rwpn!}*`$J(R_@0`2yx(0MR5su%Do2(L@o(zaZHF${>hTi>Gctluc{#=fIF z`2E7rpcv5)KO&blpEuF_6l;l=D~48kOX8;oomLeM-+aF89JvW`3%|SuJa)ak-)NuY zs6a@<8#jbG>yu!(d|VHO&U#f?{+t1d^VGq87i?5lM$!eka zya=%YJz0hkmuwa7HBPHzR1ldE4g*lZ5WBIh8*Q?znShp`!ZTi?gi>otd1+|Xd^B?8 zEb>yabY<`UHaV(IaqU@s+qAMvk=56Pj{6IIGjKj1Tc`Jj;CBx^0XNjE?zCNf`5o9w zRRA~})gm92`gkKizYAQ9t< z@}4pvWnI3xn}loaYZQw(cR&oS)Vmi_16x^ulfC4yU}7}x$Lbh?8{GYjQvqWTnLcdU zo3mdF^!Kr;{X_H7lINJG3^H1GM=;XZ^4=vO)@w~gzfaLHvKXVC6SR6|IXZc?X3^G= zE+Z1q!dNG5R746|r|e3%C}v(g9tqSc*(Y1ulemSzzEN@GbpX0~fIRu(6^`u6s>7sc_rrxrN| z_Ws$bk|x;a6v2|9?O?Jv=@zQB_>Y%@C~&KS%(p2J&Ee&w#&GiKvpe&(b{}Hp_H7*& z{Tt1$J_WO0s>4kxixPg68q}7 zV)(BC55wf__%!&kH`Eij30?oZT~i(>8TStEZzsd}*MG+bz*v_XoxW|Wir1s3ao@`H z2^Vbog>`LR^UWvng(s?SP0I7KC#*_6zDf^f1E=+KGE7#;>?JCSjCk%nZim0b_$OD` z>3d`x=`*a`IWos@#+3E*G?0t4eXGjr@6Y4pLkv$~qg(}NWX$VZ=D&msEgjlByKb63 zzey^(c!w}I-GA*g9@DcdRE^;aU=>U1aPk(LvdqXqR>)5JXFPQBPbp|L7T0V%A6fkT zdoxrex~rqk5H=QP%QT^E_r(^Rr-i-@U@dSvRZQ${TUxBKScrvLHEXdJ>XvxUm?56L z?g~6;WkZ*AtFg5ME|n*tg=JV5nD<`ROvzi$if@)f-VNlg^OH(nlSre`OqARCWF80P zX-6dyI0fuhr=n+i2{yzo^Kl(qqG$?apF|pCQIw!_$9_P+j2qzq$>%U_$UZH=eqhsJ zMEq{}L>%eEKa=BLyu)Z}I&-Ak;?#4myC&T`XW)66r@cDgI^lFxh;v?a29CW0^KnMp zaRM5|XtiYAjWCPz9kF|wwEm>JyWn)1l`l@6r(yG5?Jw_$_d4IV&n&e|0?=w*=f13w z9TCb-tN86|KdPra87*k^$Ap!dg+&wDOIaLAOV~q;Q0>}vSNY1ouX|MAfXA*`*0l(| zm)>3_U@wCPXiFIGB!F>Zp)%Vt?jmB<@h{~#Ri|qhbuISCiq~-1v z?IcKf!h6kI(cMzQ;wHu_qy!I0;{NT{hyQ=w`>zl~Buc<7DDfO%Iqy)RCCu-;8+FeG zrbC{VwzKZ7%;9*dFDQ1R zls=vsuwx8v$N%7uGoLR^VfJ;jm*-U=4prFw-}>gm|IYU!{)5l%1=C}HE_4Q~!e!p> z1xiR)3qYsDklcD=Md(&0(jqi-uV|=CLW*@dJplrHfqYW68fAqIo4FKutq;WU)g)$( z?khpA0bSh8OLQ;C(K?llFtsSpNd&f|_p}aZO90=nI1sOV+T+I)9WXBz5K@ux81&~g zwd`qk+=enghOXC^AWN@R5(RRAr4He04FqsjrXk-Fqud%}TVGazXP;h##Q3%8*tYkr z)Vl?|wjN407}fhi*vBc*f~ku4>!4oQzwoaJQn~6|&ULJnYEWa8**%xozpc!%N)_pE zNn|F8P3t_cj>1^xm6Nq=R&UND*lQh9bR5FEK=VfJpBM2nYyBk*+jBdhbOUWTL_~zdME}ehfA&lK z`v78k5{5g{8l;TIj%0j3Ofr$_?{D!xZ0Kh;nMMo9I{8MCQ?RhIv2zIC6%rN^m6KOc zysxCJ`AAD!M_2E$=~FXv3rj0&XBSsDcMnf5KmUNhAXsonbWChqd_rPUM&_HW?3}l` zc_pP~^!E+@+x#lUX#xFbQD2HUOtjN570S|KV%eaU@(#LgU zS9Zi`YViF@Z}0{|K)xL#a{gOH&bsJ4(7DpEN~>(Y!*3j@YFp2)b<3&@N$DayS{VX3 zy%4Kv##(IIY_QtG%r^!&eq9T<+MRi%duBHO1UD&I13LQ#MYjEK|Ec>t%=?*l2ug~R zjvuvNj0=!Z(E~3(uW0S~)SiU;UNOCEP|Nl-CAX!TWhauYm{zQ$Bb)*!fhkIDy6ilm zhUwU2s8e!R{QSy2Gi^r+Mt-Vjmq~G*AwI)pk%rKbye?~t_@N(@Xo=^*$;Q zGP;jQQptpp0AETvL(^h<_?jCOX0gy=BkWtRiE?g9LsG4@uO3~)X@0?!pbmP8lDnb2T#`_K;k?#ewT_ zy67LVI8ZTooiy6AlLh?23n7lF@pcXZi02bA@IR*>i~xCUm10e|C?`3eF3O!y9){$^ z%Pk9}{;+PIbqm$)`h3Qk^|WO3*}Fnnb*=*DZX_)LTZCf%wGhUF-mOL1j5(jVwodlL#(Otow(>jIpNgozo zDxBj-toe_jb9<&mDWE*0b7}$dYrpWDL~p2nf1sp{Z03juQC>;s{V)o+X8WxFq&6=B zEYD8u>B>1})ATWwMd+K3zfTxxvq<7*d0-?w@n4XT2dv zk2i#8j60b-bvqLP_0^u{EL3=m@{gFK(&jli5W@;A`O>PX;&a>g?WE;0L`@>oaBEi$ zJ1A?1sQFElUlL$*uWrx+tGIOopgpt>OaBPt9m?~rt%?VWQBLxqM2@4V+EW$Oru(if(In$JU10aT_ zPMFO%`X6$p+(jv!NH2~*%r6_!StF|j_%d14z|_vIuti(k;2{p6D(!;YnuXR(kwsg> zoc}~s1#BcxJAqH!<#qL~xd^t>XK3&@B)YEkMaO5Y(v2@2x@%R9*6l2sfnO&_kFTLQ zyQ9E>VyX_Y+L;~}Y{{8j>+CUH8YO(jq?lP=moC0YkI?V#>isR&(LBCt}^08rn>O^?y-yoJ7!15QH=O2E+>#&28;eoy~*kam(y?QOI zCffT1^}9Fuy5CP`!y`oB%gA!YDnA!mc4i_U33#R{{rXwND9|}?I3KB)DuJ_Mjdevs z6ZkN|54)o!JvsNg{rgp7R20)Ap7?y{0PG0Y+Bpy8ZNztJ+>QRYcM+Fcr^7dN;kr{j z>|58zY|04ed;LXyREeh_XI-U_;GP?e0E`H`Zx zIAg7VtSD9t(C6<|NnMsww{$!N2SA){lEZT=_RnReeDi5|rTMZsLH74g z)Y+a|G-7$r!Sg`9vP0j)AjLxFdAWk1$J0VH^}iOa=IdRTxaXJIDX0`?dKE%an+LFI z$o29H_>)B-bD2f}N0g75fG2z{^Fvdt0YG-U~HF?)?bvsQIX^MVHw6c)S3s`-S}*;QDzI2JtnRjC6603 z=O=r|`?wh&A!t!Si1L;jK&&5Xs!7XRay$N#<}gHEkI)3z6(eY~yWjt-n1&%~2EXUy zn!{PV^egv5%+5cDjm=QnsjmHa^YPW^=ju-Y#F?oi{ysQ5Y>Hf7mk*X`m_ao)@ZfQW z{J4V7Gq{05*va;tp64(8W+Lu?6f0}Px^GcB+!{r-<3wr)k-@jfYsV`MS`4!h(n@ym z5~KEAX5HY;KWT79aK)O}`YjAk4&=kv>~mTBeMP$R)jF9(dKZG__}h|tN9tU$%-=0> zK#Y00PcYOSS>SXKs?v;)#gycB#qDmwpYBs;z5XOhcdEZ} zKCe&?e==m*{`Q?QQaH^GmAe%vUHFS&Xxc6yr~d}Pb6|eaJzNPm}rL z&}mOm`RhX`nbHhSVv5>e^wbDPc+4ioa4}YX0!jsH{jyLoTcIza$R)X)^i%0}Wb`D! z@2Q3UCN=9|&ut8`IS>DW`~wz*Z-b^!`M%Fad-_`dI}ZxLnt4Vll$v!Evhg#g{01=K ziTCTbu+GCFiwSVe%}aJ~_hu+{*~4?!3;|sTuCv`PnLQ+n>^7hh2!L;B1x})?ZKm^w z%zFgB15Hc35QZ7+`Le~G!Cqehp&2KfHbZ_x`3?e+seV>HV)$!MOMqCm#pe9uj3D*C z5V!fJ{aO<^;K?9g#3~)^Hxt3+wA~a=RE^GSO9w;^gARx64DS|k|4P3BJk#w``AJQl zQYQP*hNAIx{@X1Nd95%8ED~qE&g?)6i|l&R@V8Qn!}bOMA%Asz@8`xVzjyw{G$u*E zYn{)b7=<+SrS?MEr}?x*d1|La-EfMQOwo1qXOV7_7AoJ26IVVxqx!+z=h;Js;c0+Y zf-3ho%6}=Rj5juBAin6a9Bcv%r0FU{BXqvB15<^G7?OTZv0hJxiJ%=KaDvqb9DxlG z6o}3%h{FqJ|3fdEa||KPu1zr-noAr_`6-k!ZzrwaApwkvM3&;+3oU(fFJdI^D$VD7 zkkn`QuZrT&Db9vh-^tjuo>xW#HG~qU;uasy-td3ph_ve(g>mNw-Wf3cHE>U_9j~;fPYOBoF_b_7@_0jKCMY_>p-JZzYEFKB3 zmoom10e&%J(snV@{A|GUVjAnDjZEYXAn8ueym%RUy)Gxu7A$|&Y57>7NqeQa+^+o< z_e9hZ@4er(o;|m4TCH#GY>C*F`k45UgLXT^>f0N@!maNW4$zmyTipPkrxs8! zS`npnT>imx0S_s<%v9f3#DWiXn{2YP=kBdmJSBfK#?BcrRKk+F$PkdIzDa{=M~0%tXor(SC3G(IRz~R_Uso*e!9YR|n+}Q_?cu5!OzTmV8&GgPjdq^MRFxqTpIJ z9w&Da1E|&X3PXK2H>=X=>NJk>0NWmQH-OEJz7u9#;6k&6>_7`1a1=R9;C?z~eHRtE zBg>(*z70`VUtM*p+V3R|yA4)Q&e|>7bYR%9+HV{u`90i{?jsP`sB_&Q==zX82OIq? z^%udYv2_?P`db5PV)66$U-?IF7(UOu4Nyz)w&mi9(o^Ci?kNrXlufne(V?E(*ciAV zDw*4+FK6^|=e&{E#nXndePXG*#J+6fR7Q2j>)2sHusri(W&a7!c=6I<;$|9sOJW#i z)boR6<_kz2k2X2S=-tUWs{}K^y9~f?cah#zG%lPrxy!g5n`yXE<9|ZCpIkLjwb#Ks z{I`3x%AE62xWMDTzPDD}qVcam_1Sg{?&->+dA8{3rc1|1UPdfNSWpZ*+#$0%~Ah8U4CY6Z4# z5UcWg242+sDFk4&%9IVlyh{Zxs4~jDU z7P&k<2BeP;S+lFHt4B_P4Z6CT=EVu4f<~FUFop%E^*O?J-I`R}uyQ7X^V*`(lQ_fo zmI&A*n8QFXIu-WukL3)c%bB!|(WR!AYFZ(epL(L{eX1+J_jejaqHxevr7G`17-zEf zJX8+U>Q%_rJ6kW<-Z;0Y-_(|A99ndz=bOp41|J>4s|F&EXJL*G)YIy`HizLHUGiH{ zO4wlEMNuM70-1XvS0FQCh!KjfmCu#?3po-vqBjAk;p|!KiTKsJcz*GHK|rD5xt88@zD6ER-A%gP%|a$Bx_j^+NN9>&w-72m zRjL=sKkaWPWZu-%bc)lcvQbuK_LU2& z|Gu_g`u2U2(wQ@TF3xny$b;xuD)wSAUX=j|d$A+mToH=ltQ;O}h>W&o2 zsJ+P?%4lCdu&oKz)O*!Hyr>Ah)Pg;Q+4Nf%CWdb2^U}efIvq24c<A0Td1+?2c%c zmJnl^;<Vmi4(IO z9`0%hV(15gh%wT7eCdxH@7=#0J$C!NnD+TqKF$JpMKd*&=bi-AdB1mCi|#oEaofVeL1>|*0I|h*yH6b* zJ-tnZyGp1mj$3Q&*LHORE)R6q`qa3M)p;GKFq(bqqSImAX;|w+qyttPZuRjnCs3;L zfM!-l;v}E=(_f=T_O4IrG!}%W*<49M3D-(+Af_j`>X3(TzUgoR7W;cQ@x8Ux#tK-$ zWC|vzAk!$dzN*|nwc;dFF78%-NM4w>0L_ui zcW~;NnQsQ$TO6}z%bn)g(`ZlU6`iYNlgkcR)hN2;E}EuLZ{e;VycVV3ZhNw@&K5jc zcjUB6jvhH$-o98Iuk1stjB+BD>#8_G5EG4Z5ci?Yiqv|B52bW86hp3%H8#dxbH!>q z*Cqc^_S#mpI*}G7q>W%Q;LGRGWyrLo4@WxsMcd4nEZY*?|_0a(j;q8C70Z2&C`49`7D%%`_s_5y5A5|FSiN%U ztM*we9QLyR1lk(}r6-moCZ??Jyx`q_PIQ`ysl_`Fss4>usw7w`p{QTrlLR_gg9O|( zpnkH}a%rPR`MKMOC1IMfKvsFy8hg~pQ^+?|Fpm-nlxQ8;eJQ=C%Gy4^+k?@nPpX$! zsy$}0aE-Ej8eHg1UFn~nNbtE(_rzXB3-Hn%ZGplEIH00Cn%86wX9X>@gWcV-OfzZ7 zn86$a+C6zhoIH>&uAFap-`x{BPMR=rD6niP)O2ycd;h^k`^3=|1FUzd@sIcp= ze8FcnA9BXCAEGqK*EP8|8NfT%!bC?Yep?oUDj(z?(98~XNESiywBf`I-L%*dko^$> z$(lR$j@3c%XY7}ZVj#Y<-)YFA!@k+epnpVO3wVXNCkJpBQY<#DOwvB>ZPv>*XJ`6Z zU?h1yl*o>EfVAqc`rG(rv$3cKmLkR`>&`X@OBK!zo5G@|4BF{e45)kKj{;aaVv|Yw zIjKC1^_+Kp^$)9ouF6!oH9lG!T=T7Pg%rK2WA7RC8wy(K84I7k0ZbUAD%WEm_3<9X zw7yq4@Zk3_*=rVwie^*=8s70Iu43kAfP56nF0(5=z37hBd|=!-QN;`LKGng^8$cQ_ z4Nhz`6cqQT=k_eza0hFCs1Id4Fb~PwkF)X~?)%I~&%75QyxjfNH*9w`3EP+iI9E${ zVB%X;6@r0GWng|rjp*OCSv4|P!+<+P{lu|Z4P_I`m_H6DHBl?gQqwVR>B z=>tBLTWh?L2baybXoMAu0YsdDIKo#(G#2o(xeVux1r=kXjWX!DXRcyt1O^3K|jQTSVLVMS%$S0&#lq$YIE$SO>2KGKXL9tur=E zA2;hg%VU%nl8`)0d?U@~db@Bah?v$A6F)LVfJH$Q?0H)-A=nTp23XL;rWOoSi-jAl z!Z-P|BO%Kz&xcA|zS@0ne(*D&E);DRfQ=!yuhM=hT=eFia~_$vG&HrHjx#W~6=aBu zaO$n~_Z_I$SkaC0-$6Wn$6dn~M*Je20&uZ4%*)%w(@TZ3L+VR0=zZ`q#!4BWcX}GL zTj{BtEbG2DempjsV9>rKczfqrDX!}oUaH^J7N!ujA)^VVoNM|lj`fjW+WSr$ z`vyH;?Drz5pn`9mIa7kue%=63lu`^~8-W+=xq&mDt=D|>PzmpJcFUoC-#w%a70nC{ z4ed;iV>Lpu{R0gAG}>fFp0ZZVI3kmI=glP5^ft4Koi6|F^!`0VLe(y;CMKt^=#~q5 zH|HbnA&4Wl%ha!a?U2rLBiK5GQ{+8K7uMV&&;1R{QVr?4RmYset+2arA+%!TQCa>_ zAnk{V&6O+3Z7*=m)JLt*`9}9ZH2m}{w}Sqn%>TBl9cR%4`qUghT-wn=7pT|(575@UH`+JnUVqt*EwK` zL`hb^Xqw1h<^Cdp%Nww5C-_5#TV94o&0+i-Xt2z*y#(W0JXvpn%93rFZ_FAjPlC zyozcv;1D1_*n0aPevoi&YlWnqEBe?CJdr(}V3fK4<6{GJIc-Gq%Ft&87EOzcgBksu zXuU#}<&s$0?%h-tw|EcY^xGz6_ebRj4mJqGgs`D~;k>_Z0E`=6DHWcw)(88Z!Avrl zJs#zj_o~Ws1asa|1q}z`{bra7%s~eWLLV=1PLb_hi=$nC|J>^lkGB^-5ifL_BAfk#sHcd?V`%S$Ou3~ORQx9qU$?HL=r>!~L6QFf_wz&Xqt{#U%- zDTgIPlTOgt-`f6GNdq zm&kBfiDs5z-=^c+ceG*-3G1wwA5mc}WsZzv< zmHcC5*(}9jjg7R%jf*&j-f9TcJ~L}+v=#Qg=S%GuCW?U$h9|BwH8o?PLlUAB78w#U z1GDDn;N4i&%O+UWPxx5Pw2otF_ykrX`V4FvPA7>{IDBHIJD?4nl>e`HZwk%a=ec;P_E{b4h5I9Y5hLWkqcVL zzJ^|OFVe{lDe{m_&e6}&0aWY0hkHm7YoQPIXYXQcEDz~nq}0T#3Pr#pXkcE_mk&|- zwgT$+ez=jYp4ZD?Rlr?0r`SDPEH1n|9qX_&XQpi(^L1THH18o5YuaXJl7dmcpN{$u zaSzb%Y^6Q^dz}QhIOau=^`ARX?9564wIq5zg|X`(=XD{+^gS!*11F^Dx1-rlY*cjb zPkH5?Z9ya9uIN-+QqUGbF}QV|YF4ftrxD;DB;aER4v= zSu|W9=Rm2-zSlzqO)&PdIMu5ilx#2CwB7_Vc8>k}3aH+23M=J`#S2 z+DH*QoZbgDmAJ0fj2S)uYJU$syRXngoiT#(t}V;HKkb~GOVXA^n4eXeHQt9H)vJHK zhv$1Z4NNHV&Gj8@_ZDS1_sS}0%aGyQ`sgD&$zQfMU*lFMxQ@RkMDiFTj8_$v#3DE; zhi(8|K+Y{tQaHDhs(9w(S)8XMbzwRxvDVvO*o2>xO+YK9Lf7?{vx>9RJylzaaXBNh zrE5lP|7I^OP9CpRI%DEv173y>gv=b6Bc>9My0o~<`|s&A9HnG0hrci#CxpFW0#q4i z-RBX;)*_|2;7SX$NpREmb_br$AM{F>v4Nvc8|TEKl9I3Dmi48U-5SE|y0&&>Usq8) zrTA-)hjqN9xJT2!K+Bb**Nla@(b|KHZ~1fjdO%3&n8pLOUVyEv3;gt9tUFwUbzeasXrsqt*Hr~|y!Ax!j>mO5hk2N=DVR=VQ9_r>mf}na zdLy=C)*E-X#Ujcwo6Vi!e!BDJ{nnQQ=I*Z*)t@#1;N*6G@MoAUtO3lb3xc|f9!nnM z5Sg!29p3q&0xY;x_|YP*&K>@PMXgZQC(X>vZ z%!U?QvU^#lL|xT-DGZguBTaW2;L*B|+E2FIYw>}g#Hs9V90Z=&{~ka z9-JMJD)F9Xb8w8^ww^LWdUUMGSbZQ#xR~(2A3gb4)_@9_!+G!=@Xf?VA>YiS9h z)1)JJ;~>`z5X${^kNES*wo4*=>JwHrqX(=8Sk2-}9Di$%5L&WGvXr#72JzRrK2ies zfP1pTv++yx&+lW`{(QP;TvN>#e>l^2A$T%A6@laC9g!l&$z%L^IMKD0iRN}NJBj$% zXSvYZttr;>X$CPm%xeRGW3*qXLW&!nbDj6dU>}qtR>nW>@sKynsS4p`8A@odWAOnG zOLJp3YU>EfJ=s4!`!)KA{1)+W^QR{-Zf%{7w07M=8LACh%z~=07J3+46P*S~b0U;K zRrcM9Da41;y;WT2fiTfY4%Via&A&RurVrs=fVqvOmvWl+m!eqSc)XYrvhOE6E07^v zS$H4wHeW>*^5K+(3-rnj{UaJjgb^CHh7O9^NezVrom0u!U>ExX7qnG!f!l>1&)LgU z*>=oKKQXimM7}PA7hqISsnr-$%f_xbi5mYEL)C8&RG!QgW@>$uQ zqysC=W)DdSJE?W>Fg?2VTEsJt`ecw>@0SwLta7;cKni{RZ9><^?$TOuuB7et#;Dw* zdooeO5kj70yzk^ph)zzTJC3uez{+Zg0_csHCdwm96kM6PcA@C~@(M{~7FY0-K=?M3 zU1N(2S?MWwX9_{t*CRiRv#NuY4qfxukque4!L41z_K*183-%EVWz26Wv)5C*?4zV3UYBuK)qb99+ zN5CR^MFL8FPUimCq70nvyFFFt) zg!VFGMHdG++~eic$Y5TagH;oidtl$Nd0z{saq%44Nq&fJtQ}H&Ya|#SN@|hO{T&7! zizB^pJY49t$=>9WhS}#g03=V-EXjP#N6cExqeRtdCei7!%uh~iRC<#hFbAYi_(zSqILw_2BNCoDz4Hgut^LYyFkS+01ukn-e%K>qWiPXjb+(ek5IU z!z54oRp}vOLk`qM=5uxY-yzOj*_h%sALS=iJa>cJI}P;mml9em$+qH7+#z zKt~IsGpI)E*-M3L4?w5H(w9e7_}kn)##4MZBz2h29@w{!&bLD65@UTP<^VR*Lf;FC}cOK>ae=Z>d>6ureXF+ zYkdDFSRUr-aiC-lO#{L@Yb-Ra`!!%hY_7}wQguIXBcV&pd9#RQ`G5tXI5cr+=Tj@b z<>TqRJFu7YL}!Au|L*jiR zH81vCoXk#%KbL9LMk~ynDT*=w4Wa|os8M1mAUd{5v`IzOaI6c!1NgGHk7O4&;b}1JU9Z-{FR;%qgRBN7m96 z+;xr~%M_gj5y9U$j3^yP^zf1+(xH!9c@X9LI~fKB&BHmXV58=Z_iV6|8mf}x?N{RI?n>-;dsy&}@E5u;2TAF`04GPs=0xMfK461}Tk>9o#Qr``gv#%% zJ`9bC9Uhd*<@^|X=Xr847I=Zhr;eR@^jz-?Y4n8ijnlv@ae2g`+N)#Y5Gu{JmR}mc#WBr)a z*lPU2z42jepvW-S;^{6O$t(z0&`(DRaDfpd!x^|@t|g;NfH2d!jfHFyRD*knd0E4_ zJXF~+E``z=h(Wy@KuqAGft?QMQZ7Y#9L&KtN#!dZ>gEb;A$pgG<-?=<%FUj95oHTxxM2B9uu@yBFUMuLq#$86j7%eS|R?U z#9a0bfTmgZT4KMDvlCCKy7V_y>`1A-KuSJx%C^3G)L+pgSF1t+!I$KV$2Q<@p2R|kYN|NNHxkrh-hk0e{W++}+{Ak95HTxnw@>qi_ z@Uk@XQh9s=Up&bTLP}^3nt0yRAixm3(Se8|Zp|})HIaLz5W&HVtS`dRqVsLjw$9@> zC7w{rjM}GJ#4UtE%(V)?>#|9wI*25^@M-$kqNn0ZZM1ML?Uk1n^^2Bbzay*wnIfdq zaXoEZnwVizz4l&fZbpy4;k9rd!puU*D+vXK*2#;FA0Pk7J~&2cXM67Yp6dSe#e*h+ z3_ZNKN%Sje3MmzDeu6wMNAVI{jep3mr_=C()?oQ&2RFRpR1~tMWWJEOx|-XT)o7+q zaf1qR(&&?Tyhg^~r;69|_>u0ISK}x)xkFAnnHA9Id8ylvLhrk_CYmc*%6 z{h>yMS8gq@XU=;Bo3C=Nnd_6glsu6T*da%5(Uazxl9^@grNE}_h7$276VVaL>2dt; z3P-iDex>8+Kab{s@|#zz*4UU{8i>@d0!c#|&Wi4WdIA0Xw8lo6HG_1jh_UPLSU6rz z3VY*qP20364p+oeQN_61pacaq+6+6D!3&Exya*HJ_mXe5$@*!d4pqiT{9T>|eWc8L z@Fe{CH8;9wa4NA-Xy%&JW^Y~alO4s{7A7a^==nNlF7Y@J?Ro5$#FTEv=`PZi*%|>x zafn1-5Nze!6z~r8a?3doVJ&nS>^$u`7kV3hozNiGo}ayLUQJ|AT++^6Rg2@(mmKgj zhUK2XWoeH%ksHKVQ>_jgX7t)m4vE&dTFEo|SdJZpnqV^D4@`< z19q1vm8z`(wt zz}x^_`_jp!Scq;@l3!|^Mt*VB09@dLtM>nJJb54B9Kf3u01?v^4<-YDxD%&CM$D5n zhkJ~DUxhR1m@%BpN=>WqI2Wn(>`={al&F0tsy9H+z4}>N{M+%@q0CB2d}HHXV6ktl!bS00R1>#TQ%_MaL3=NkQI9sN()Yi4s@w=9W} zC-lO{gZ2?y8@x{JxILnbl4hLqd#PBQU7g2-NP++1{?DPZXKkt4hD(2jU5p5{n2ZSQ z7ty`Q-l+N>D)6-u#w;!2cW_O>$^$-1YBH0kuZ@$O4Zbcd`F@0L6w>d0*E7|-VFNBT z9N^M;>f%6w4YF9oJwTh*nP zVurmS>$U9Syzbbw?t_PHkkm)*w+4N)+^FCUXZHx};Ii1W&6kROJsfx(n%V?09Wr!9 zsT_HqYDbB^U7GOXPkNZ~xF=M+SViaVyyJYTZryyZ*9qauf&HzPRBERm1~W|(P^~#= zEl#D<(=Z>Il}*X%`AALVpnR^dJn?SC{rui#d(}( z#(qLAzPrT2E*abJ+TBy;@36@@b73Ht(r_K+Z?WYo9@!lQ-`f4;vtshh8(c%75<_}D zx(4X4(`AtwD%{Z_6vsIFOI<9qj}9l<*z##!9xO$r+U{A^)u06tKhHU4w&&8jZDkH@ zFnPhbL#451T|^b`;SgU$vW*_eDo$fOL~z&jDs)%bA6UPvZ63&UmuNETrr8Rdl2DN6PcP<@gW4^=zqiUHsRw%sf9%UD!m?K*4+#JY5ja@6jLXo`@ za^y$NjQJiR?}LbxWd|J{(2M(V8ex zo+o#@uv%04JVuGnVC+61wO1bClLzg`m+$o8gI7!kC+GcN3P~tfS;ss?;zwI5?e8h- zu8f+`qCDg&Y%cV3W@T8~EtPO4SiDxxbRK6t^)T~7Gsjw=VGYf6#AZBx&n;Avx1G&K z+qK4oNy0ewu(CpN&A%4941LADx0=8IrWXCCZ$r84LgEdP=e=jUQcUscdyT7It4qOh z-HGj0c@M{imjgqWK7=eOEujliX1%QED3R5Ou$-ii=n-Vh$+G#f`SW4hw!+UUGG@%; zxgJJwu!s#?p+@7GdC4e3U|d zz2^nLNA{v}_t6AGupqA1HAq0Fgv|e)mh8)S9}6abJVy`+vB@76ie8n3vFl;TP_(K3 zyjX)3D@^R$ne{KI1;m2NEdh_NzZw1o%R4J{(jT-aMzf!redzT9#lJo@0;v|&VG9pU zn&Th;<8R@LIIq87T_5dSC5%e(u>r z?j{LrI~Ek~?cs+>p-%ds35ypodFN^G5i2lf{cIFsgfjU}Ta*%A z|%1g0NJfSkbTcSS>;H3+ywo2qB+~G?I}Go zWWceV4OhIqpjvyWjBPx7THxPHrB}Rvp66QlKF9|}OSdG^rT?PzOJHX>AJZ8*r;`wD zf1G$R)aOzgD`pzb0t>OR3mY7;=%H;uSL9YnG$|?`NC;RlSZ&H`7b$JLZiGjBaDF^V zRr3T9;Ed2Ic%<|@0j^c*DZA`3Mf$G-D>48gV;**kQYWd8?o;7T3rRi7XfUc zT@FIoF6LczV#6q+Z! zT)mT6ma*P%E7vM$vy=X3TQr`i;#dZLavp=tEyr16esS!klk7B?g_xxz>d$FqevMk= z_ltGo)E6058Z{CYQBi5~<>5n5ol|$etM%iG^CxpU9tURVe7Psx8a*{R^Xa2iU1i%; zzFfvma=}l~*N~!mqSLC6A|JFB@;g-;=3o4-Zby2aYU+z^RCN6PgzuL91}I4q{y!T; zHQ0h10KZ_-Ris?nm7ke&O`$zOKy8^BNUvhe*5M7uITxFqR+$`C7VL#vk4MjZi7 zSu=x6CsnKs1wWsFl|~+qDsKtfX}G8bL_B9O8#wztjpZD*SSOhmEL<0c)<~ih5OFzy zlr|1F8I)S0Q8Y3HRJUAQ%}v-f095F-$lp@z;huW#+bj5%(%Rsc;epq7-A&FFyZwI) zJ|z{ixIF{NPc1^W>J!Wn3k6W*3H5#>EVTc;@ny*aW&KFtBI9d~!d;{4-7x~uUg4+q zOoVp%iN!RZQ9p25;T+*h-hXZYI^Dhj3vhhfM@Ib?=#qN<2C(<1?#chK24xlfUS_Pj zt&QIA0wS|~qqv#%$(@GzttcT&CtahTV9#4B^nPan6O$Go$}pqyMa<|B@j1AGg=4 zKf;(Td9m6!^`#$RF#6e*kBeG??^7evoW$mFxFPC+g=GPY$ZyJa@9jsIA7_+&$yyBE zrnLY}#{Yj9_Vsvvf@F;kIElHyw@(_PQb3Ppo4QRl^jSKdB=fwNs~44xyV{u}P+!t9 zU5EgdB>h(7z!A(hO*#*zV(WM+B;&Uk)w#@=tAJ9q3hALAQ}}TEfu^;!^M96$#-iN5 zEv;diEjN*RQ_M4?=p6fnnqP|Ojd-|O?dryI{s(?LLJc0^hEzaj>6m+(59KZd^!5nf z{vTJ;++~d94(hx3yl>Ax9l%Xws$~I|FqzT!%mUqh^MZ|N3DwkGAB!*1z;{c+HL9_i z_A|dYYm40HrToW{&H1n|&$Hf$x%l1-W+IrFwv&pzX2%YWa=bkH6Au)r1D`9XVgC4) z@6XzfLi?fXG9r|HLhoLP2w=e|ESv{uB@`Rbg#JuN+J^8S7|K{7J30S(xgllWWkjZ^ z72pdO#0-UTH)4pevP0y>8$ch#K}z{I32*jqbCx^H&B;6f;_Y7_0@9+x)X>Kb75mEd zkzINfULCoP&d$MQwptI?SG`ZuU(0Ust7zbjO)Kem8IBBkg%b%Xw>}J`U-S>HwLF?d z&dDtohYmb`^{}pZd_wrI-=FxZx)sZ-T(~RpBwjhJ`=dw5aRG`Guk(aEBCt*;+IeE_ z{jF!_F4XamQDG(_LC}LLqOq#FZ(E!7Lt-GhyU}V9I76B?^ve(a<8q;~?H-yCnOjNT zA{nGVoq=XzQ?b`Fvt7nyadkMsIs`TeN%d);(etz5Y620%1i9U|BiA-9QZ+6@DNihX zAe^?#bZfsdd60)=0jML;Rt$-ZyUp;4h zC+Ir>4Moyn6K@O;5MwyG)04beMDO*7C5YP7k2x+ActU)bF@683pzX6A5I<>qiYBOI z23q&L9#ZkSyCwa7;W|ntLyIqiogF0F7j+95B}_;m1|AHdQm*Rk>}dx}hz>I!yFXgr zZWtKl*e3kx7op2$F0g4n-;<0iqL=SZeb-T#_Hp%tX`C#7upUaK zEWa{WA-9G0a^KZ`6i0-vWol{78|_2b4fVRsN^L7D`bNK!we1qe7xI1PdaP5ibpSrF z^F#7R(Z=Bm1*gTuAzP7YEBp!K4S=$fGgZu}z1}ya`lc_ZN^VTM`=^&56u++5Jw7-0 z`m*NWFt{aaaH{lDSM=TbnWt}g$&?$UBqg(%-U zprPH?=qEO#*f&f0G1zXkD z1P}T)G|e4(A7wy)d1~lnJoxf>EaJr6_MR&nFz@f<@2{-iC}ectdgZ37OO^EQPr*9X zrcOOj9`!Bqy~{i!ytD`Ql+!5-pDqY1+UvlDyy*P}d7JuXmAgfrU^3E%FL>dC|i7!MI~QB^V#oIPOv zHS!r>!S7M)SmWT;u@JjCGUMG0!B;JYab|+%YRuQQQcwza-PV7)Bs((1LVgGa=I!eA z-2ec?o2{7csUe898tHftORl>p%vRyOJQ5`1fmmHjnCE*~Hg@-Ub{}yP0F4mauP$0T z(MNx^o?lE>y{(W{X?2*btd%uVRFeNWlza7|rKCa==C89e;lUFN>ZonNcUbhf`lnfM zc@=7v(QrgZMLfz*Z7^>p+=ZF7VImb9DVcmGd`5z*GW!V@gs||ZzEZk1c!!I4uc=P zLRMQQQ0)Gc`t?*;Cx}&ep!Q*PZDZv!@^9w5PM6k+*hv7qKGhcMQyG|!0mdOs z2p?7x;f6IEd**oobum!BRMdhWdGKA?(S+O<$EfVTqhHkTwp>$RPvW&O=D5JJ`oab@gfuF5u9 z#=d09D@A(tr{_y2kM9M9Y5xQ_dNalZZ^=Zo_={=eV%^Z8DZgbU{f zxJ#6{AS0=dqXG}k{Yk)1X7{J0+GNSm#ombwk9$vU@cZfHOhuHa=A^y>YG>Tw`|~L3 zVG62hhAfjO8r<1^T^5;@BI*jc_cHAKCmm{E!t_pmfH?0NT|Uzon7IH&L$rWVXPCAY zrCAJ1DH~bLwj3KPJon;R{x54+8-Yz>YfGya-No!e9ASRXoae@lGY4YBdKAZiMR99w zXvtwH8q|K>#NR&_sPns5RtZQTq|ZHT;voPT7~Zhr9Nb{{^X1!l2-!K(J}8Z|XO4bl z19<+^403o(4D?UxdCcmpKlv_GR)$D@B>qY(JU&v#sEX0f}?`kZn#A~Z4syOJx^;LlX0E!jLrNVs8m-yh%dM*W$ zZw&Xe@$d8Pq$+y4vXF^suE97o;>XGu$;gT>-mhfU7wfDFmZF3aZ8tV|FK#kh+r0dS zBOhlTx%d3X%i+1w?sTf`W;C%D!AtgNA167@WIMTaJf%SA7VGpH+m}DBI^KwLtbQi2 zvJX=3imT+!_gjgst{R`{?)toEf{!5V775xMr)o$gEr|5X4vl%Y*gjkz#HFi=>+!{a zN-2Ot#X1Gm1gvDf%!W>*ib#IFO~Z=0>s1{Grb7-X2pp(h2$VL-_#p{+1f~nP91D$G z8=s&eLwr3N>oc>bvscMK8lPo0k=@s_$ts7nw|WS6<_T&I|78;O4bsIWa}=4*Fk9q< zfsuv#C^XYN?f}p)5jZvU>PuCSW=odcNT9cF_c2c21@+Sxcys{FIBS?~DfsqRr4VU(q(GWV* zSIr3Bqz-64S?NcrOlfe;X)P&(eGtQBc5{Nu0XT`FH{31eS|Ss!>pY6JC(IyxfVvm6 zvjC`S8d;-X>y36F`g`=^PUWjU<(^QDYsouy2LmxMmh|m?P-94dahD@<&+i2}b|Fr3 z+4{_b$f)3gDlbTWq#FH*K#ADzxd@0?4~Z=iJJ@0dFC^A2o7I&SfTx>xV`tj6b3PeZ zp`{y+8!upM65myTZFo1ig3cSnKC8^1hv_ASX5=SwKN<9t(HmC=~-#_Wo_7OCp0 z$xz+dF66Eq2IfBcsk6c~$&!XiAoukEDz)Rf1W<3f4#Gs?z^itwdx5n{sviPWKH zR}qE;5fe!^EpLVm!oa*`XAj4TJ%!PPpkIY+@^1|qH1Ew8L41D8B0x6hwhG?~YPTaY z%jLTSxtTC-LR#}aNbM3+wj4p*er@bTQD%p~d9PY}u+xsEQ0AF;3K9(;O}X$veG74p zSIhzoP>ZmawpEz4A;$5ksOLq#<`OW^GM3Oy1$PKqNA#HF`FguYmQ6h7t^+1=s2pq& z8N{5svnk=VJBYtI=)6b~>c}!_xuMmrA3vmr!3ULNBUk`xl@NOD@dWL&GU2D4zz^eU zcMYX^XiMq;Y(52Fj1g;5NEIWbOG1M}NZ4Isk&~uvL(c_}(CT@iBVrz9l5Ag^4=;la z^Hc7XzrGI&J_*vqFH?@V(ROqIVm9^TuJ_SnNWF|Fgt;8qYaw~Dhd74uB71hUD34k= zPyi&?;Q;^2M=E_$pIP}TGlRoUVb6GF|3M@)M|Z6565D^29PMX#C%3dt1W-Fx`P+-Z zD?bU(8%U$yTVnL|O9^=_Tl&o$ym_cu(c=cSs*KqUc(toWf_o+HbWFdPa{nyd|^)k8Mc zGJ2Gg7|Www#lN7~_tPl(=hFs_r;#~lhQ>rkVxTet%VuD5+6L}P$T-$~0e5(*&@}pJ z7``l1ZDvi6WFB*-;JH8CQCITiA64nJU$l^l zaqW|?N%8SK-FeS1aqHHFrhSlvEsMy3$pF6-x0d+mC#V&xBXfrN2IFll&nQadT?Pa| zUNmzaqll_69zoUId0gUhp`}K1A=TMun<@>K@qdanq}t3>;*Jwx9w5J?U=Wea*3TFl+? zADw6J{PlfATNDd^?Z0g1Z|VQBmUgx2?3Jrkji;=IMem|Cx8Tv4yEib!PLoCwq3iv8 z*~#sB@GR9bxB8CUlqE8c0&)19lEZ}L3ZQ4c)-leG-|C{SHu78t*Y~x6SXdb zF&wZwSxDiC2fs#$FGV0B_)8k;zKmt9DDO}mO>c;1NRDphSVH(dNIDGdb_dB!5D(xL zMR{%Pl^t(yY2Wpq3_Yjd<=N(gPN54Wsq?JGrJiB|`0sl{CPK=nTxKa=1Xvmbb>c2= z3>6|LotE5B)f*6=QXZVS9D0cG#8WxF|A32&NXdWj?&%>Tzs7On7PCIBK1^hlZ^U(N zE1U5Y+@Xh-%hZ9wqnGn2Mh}wJ2Xy)mrFrS4)l>u%4}!Px^sUAST1aA&zNV9WI~;l<_F8vC-k>h zMxaBQjV(!HFPo)t%sd!r)^gy3jiMFynp%@#R&zpHud0O#%kW4*T(TW)jqX=merj=Z zigLg7wYaLok^~5ei2wLAH5Uj_0+h#%Z>C@knY%bCUxY34t8Mj+Mppl5>4MIOyyP}H zx{ZRS($-3EN<3gPK-4noyEKS?m;hUE=Lle5(ReeIUghE)B=l6oB0uA&8k5WcFZ}3{ z!mM28#(m7?;mH@rn{kI3MjlsMTYh)fD-VA9TFb;CF}L{kq1EKk zq-xBcXyu+rDYk3fuqZSQM+xOw=Zb2EX8DO8zsXS4x^eGx5isf`{12V+Uv`Ak()KP@ zV?2CF6V338D_6!j2&{bJZ_VyQb7yO-q=xL-@MZoe-#mS9C3fUE*>&aDn_%Xg8Dmdv zUA&DmiJa#|QoCacWCV=Ad>MKf1D%-Ngu`7pnoS?SFziog72!1VhqWvJq0H}}$`=2r I@9a(c5T) z=!_W*hEZnDct4--Ip@!F*7}`u)_K-q8S7ckJo~=)zV~(A`?{iD>S@s3;rxuZ>$KviHJR4X*?yW8oj$q_&{c_s;f#wR1;5gWkXK*O#SJ_ z8&4vl+g>+6#LFK5endo{lr+^_E;r;`{Rq�^@{J`zo=~T_0+#y~R_~mauO;4yS#&ogAe|VjJtW+;{0^<`wruY~c%r=R@vcuNb}MT% zy_S0O_y_{X>MpOSjsbtxH7x!L7Ei^*p6U`Xj=By z=8$z2(#@1gEY0)R>cm|*O}!?=Lt+8;{b4>`=VQS*9tP#BYDZz%=3;}B{Zz{rcY8so*JUFMPOt9`&Zi{dak5>BPT-c=3ah5GveN$FZJ4{TqsMhF1Edri zlvuNB>yVS3<=#4Zt;I$cyEQ2D`eFp?X}kjZ%U#Qk){H9nC+?sVgA5s$%ty+}>$aU?Yi}4=Ma=qA*t;{9aw~>IGCB9}%nBLP( zr9;ad0h^+-*L`Gvs9K%b-hK*M0&ZK>I>AI*wsQmC4<$dEta6cWv7O`Mt?uv}=<}F) zZIS^qEY(XPq~HyRkooCy6Dw2~p7=?ziRjceC)}d*5@Ws#dgt3>|67r~HF~<@jp4#? zl0F#zv{mS0jfPp>(%T!9kK2yM3#DCQZy$5O)wV`+ggXMxQophYX1b5p+G$V8#oj~J z7{m{%Qoc^0!JY8!&Q@kgM!qmMHg?XbP%s{MaHGa-EKEwFzO`Sbd8HZ(kXJetxObSY=pQTe9r`EtfZ+;o+N`KaSgc*Tl7Z9?$jpC zDmZbb+$1X~Cack9ez6!7cJX1cn(ob;1|7Cc){)FCsVr$H-pIQiUxd!zslHnLl9f17 z2$1#mT5bo9nu_Z)N5DaCj@|fsKBSTUs}OMZt9j*{%KPj!A(wUQxhVk$9VWGPb-Lx7 z+M*qQ`@(~osDF#+GhoJ)w<&=R2G0_rXGfoF$fPQDTn?<(Q9?*MtTsp6P~QmUW5LV* z$@acyk+JcJ>G)gVQhuCI0J+)1(?(NdF|Z zoSK9|@kDm=hXId0eIjzPi4fZ(h9uwfox=EGe@2A|>GGI4`bi;H{wlMEpDK*I5enbS zp}#`xhZamf1uO%%GbDNqzb5I+J!!o9*g~kEo11Btapc9pDW?e8feDwmxDn--nf)Yh zg&CX$LpNhNW#t~R%?kP?dHrV67^wGMPNcz|Yt#)_FGdbV&~a{@i$Jmz%Ez{YU56;_ zqylCuOz&NDKB*l{95o6aQ^aRGmMQOUBo*O56OYaXMqz?6jV=-aquHjv+D#f=;U6*L zTW^{^=Xu0r~+R9v&OeXI8uov7YZ_N&Gn0We$f!CXb7f z-v8+dmyj?{J4)_}w|eru&8YS=lCXLH_@UK~pjZ05SnBJ>{P*_8#t^_Zgx(C!#1H%V zdMeO?xw2vB;xme#%102lg4fJxZP+~QWk_QYG#=<$30~0@wj#t?HyXQrtQ<{g>2PYn zp2b#qWU6Op?OHjjk`I=odafLi-OoFD>_`%WTcu7n|gt|9oA}i@)CJs&$3S*;n<9hXxHjDjgWk zkSv}tsN6W~!gsI-tHXIVnrhl*oabIH2OKCG8oTM`I-7m15%!M%A;`|oUh6Qyc7#@m z#$TKwMw~=-;}j;B)P=v0SKqomui<)us8$n{x9#%^Fn}5h$yP3<^D&VjMcWTUcRRfe z_9;r%@W_By-yHCzrEGeD#YTP^2G{z-_Z0d%9zMu#`pVd8GQ4nRlb9^g9EF#Q)(6fS z3)k1>#wnod%fW>Pr{NK*JyXUmkDrE3dXxVXbA|E9ks50bxMhT;d${vLy=I&uYR=E< zqQMC^)Bv-v@BIEOvK-thz3zbI#Po6z8%=mJ>0XBA2p zJzMq#@2=-kp)YqU^mW*7*Y7pCt>}TS+)JrnFspu2z+}|a0*_gDSAsvE$ekM5e@%DQ z@_Ay@j4jEsyKF>$xDf5ay~B~3HBC*OkS0&ny?>xbhBiJ8Y|6pwa@NH8hv92jDBGNKuFZQuqxU>c&o-= zR6aJn7jz{vT*8|R06^v9=^iY;IM2zI_x5~l2mGX5L%ZdAL`DMums{58vS@28iGR{c zmf@=CrY8;;?>Tqa(kRg$q~^=MCv4Uz)y>y>@=u8I_8DQeo~$bc99kbE<@uwBhdFBP z4{}ND!c+f@n9F2!?pK;|v4}F%I|D#|bjJ%&GyxJRFEq}dJqgw0lGlvokRG}REO_2-SrvmRPY#~|0O4x+9(>+$ZMJDXWA>jLSUmddRV}&S`Y0%X9weQ3N0U z!elCkTzKldBr5|D{5}-dwd9wi@Ci@q(Hko}P&cOJq;&X&L3nM^Nx(#D*emN7nnxo} z3h@4Ii%0Qpru(osQn%~l2@-^k;?p_&$M~3lO2!96x<;~O2l;A%6UA$@=C0C?%J}%; zznaVDYVFFe&`{A=U`xf8fZuS5kJJ2)Q(F%9AFHv)+t4*PHtlFuVI6C%fwOtiQ9q|! zdKK3>#hsHkd1qa~nyhah(Z5I;2CC&FGTgknWudE!AI9Hxy239^85a$5L0jx~!h{5L zwHO>8qw0O_W`3qjw&?@v;B%dcXK_;S+~uG%izNJ7C})}`SWjXlKkS;0YB&s|Y^_|_ zr8or8|7X05>y)JO{D;QQau@>=Cu%ISb32@2rGN$WCzSjHc5SYo9Wa~_#mv|5dcHTn z<-26#%Ab@ng!>ob{k%XF^@yo@zuE7;N&UZ@D ze*8_?##bmJkn+sI&9?w^;0Uo~x3XQ9cpAMGhWuiFGiJS`iV|6}N zI7Wtmx3e!WizT9%dHXzJX$i@Zrc3^-0X8MtXzP=9&oRl$OV6!Q?-Je!W8euBBvR9U zBy%%{j#8Ds^Cy$+1A96-Xkaz_3hhbO%H4OZO;^~l;M9tRH?P>gZhLllDe~MZeCLyxRf!8x89)a7VTUqWujVnK3G{$A2MYpWnTRz!< zwA-}m@kehW8SDccT2)RJJHYQ}2k@E3^=s>cze;pDhv@*T2%QN&Zouq}61J})HXQ(j zY)c=~DX=i;RY7$H{#&jl_ohdOJS`2yIpw^5y!9NBuCexxcN;#SZ81kF8P zZPP&@C(l9vBqfuOf9LbV*bor)9Yz0o>}R(#Zp96l)meHe?Nmv}x{ff&fn39vG0V{>S-BY@$_ezn?WS!tdG+|mL6=O%Ln*CB*QsIV2txGba_o1GwnuTNn)j~&s24!{2ieGdOj;{>t7!7py0jH3uw|$N;~c1TW#6me^N}NmBIr5<+BB< z3bD;{EDu?CBnSTGzyhsC>mM-_{|otWe!W~n9XcD<_i+TZFe>=(*P@Z_lKLtB-XFE5 z`cF4DWtY=-0i!-8$#HTlFgb9KZS;SLIf-aHrfL|suU+=?d+78}130^RW6iUFsri5h zbS602HD~e3fjSP?lT~Yn@Y!{LN|_;coy@RxO?ZBq z&iDVJ{zg?nZSTW%{ID)lqRKoxgm+R(?ov_i`1)dfMcb^j?IE)0=$p?T^xN#Q+qc<2 z#)TnT6u&-Mn} zc^r4sw)k=N71e~2+Cj2!jJ1{KvRgK{r%Havt50Q%y1Tpp)Uav4*bn-^|0u|xTa>dC zWP$?7OtY)iEwgXG*}8KEuYeU@PmE-X8{J*<9v2Dj3UZ(63wz&p_2|R=+CL}N@zLKz z(9wZutQBMBF=ADZ_naKv^xqh~@}^C|^t+X0;Rgk(uFYP(wB&CxY8;91`eZrRvBeDB zJUC08M!Fr?Qf0$8~B+qiRNcZoE>zrNx)4&Zm>GFg9|fyT0} z$l3mQ{Fez=QRu5mFqNsFnt5%mpU<~xhY9GF{_hUup#>ln_9^bG{CLOVerK&0mZQwH zG&=iqdof8#BiX2P=_}$Y9AW1Ec5!Jp`#924BB)=eZ0Se9j|*cv@I~1mNK3RMV$QB zk8>^#l#csZOe$^t{#qh8g@Vi!a7h??9)ETR>>DVFJ57Ew8dMrDbz<=SIvwh!aE}fg zNVdrUOc%R|JNLRoaZc6H$7ndI7th7UvVmQwhf3w)O;&g9W~1#A;uOJF%i_ub3Mv8+ETzP{OM*F0~?Zo0y0qu}{u(V=;#W}!;&kMh%JUM>4 z>(q6%F5PdFX|e2jC-Nc+SYL5HH0IXcAwrAsPf!lXI$T(e$oIA#w-X1)O>K5tHkH`a z!N8X0Ct=Tum4mw>_0nS(9BMB?;wyA%c|3G`c7ywl>on6`7OY{4%gag@d08u%Iq1SE zItd9hWiN>0RfC zwQf%>>kyIelBrN6J0#cetZu=z`+p2=h3stilJ&+T)UQyp9wP}6ag-TtOn*JZjvdWrY1oQM*a zwD_zXN?%K)1n&J_9eM{2dtn^ACxHbpu%$Ou2wVzZL~{RW=ig5etXm5Mf8KQQDOVDp zH9NM-LA%v4mz$J7$nm#&&y9!;-W3K0Zk*<_j8vMX^uCAAI@e`i|Dc0DpeqV@yhw*C z;xL!Fshp9y_5vJwt!z1-t+eOsR>SosrGeIyTFJ^A-+@UK9~S6*<5FEM;=~str4nUk zLmc&Evi`QH%=7oDYa-uVOB;JXshjMZE%gC((UK7X2{EB#e_!&wV!=xpHoX2i&hl#V zX-lKyj8raV^XVSV@cP~ut4OMBY0!J_6eVT%pM!#p3_tOWKe1MVb*-AEj_VibqkVGT zjw(n~`~hE^^DnTTbsp`Lro4F#%XqtMblyJbHv`C;+j;6j*IeO@XA&b|QsFdr$~KsO z1kO0(mrUkrd_o%l7yA?S=g8Z-%@=hw?-`t*+uX$LxcYo40{ukX81wm>q&2VgZd!0J ze#BRM1pj^>!i0`!{TyfmIOn2qO$UepD2hyqhrWNvUhxs!H%#U#`F>RcSVB?qDCOnFX;8QlA4an`NXl%S_7Cdz}~83esfw7M7y@S!++#NfVAtF zVK)4#AkaG?k!?eBn~rDaj;7ZrQ5(v}Qn4zr>Qe4>^fE6UkC1T{KOM2qhZfWVb^!Zu zJhy}(;BQiSZh`V9++NJlrvzV`WHy%>$TR8`vTl;)b(ION=zG2pldg6biRSvCj(P2Egm}Xc9 z{-Q2(MP_a_(D8lvMSTkhPEK@1e?1$R8mmbXM~9y5U;l&D09q>@{$!?l&eR+m;I7ra zv~)G}VE+1iX07-Lc#SD6in4EcXVGlxp!D(szdT(Pa}6vOT|L!v?kK5r3J37xm$Km{ zsEapkpd5?0uLKJE&Rm)izH5b&mz(UbGk+-JPOFk?C#;3Drf&kBZ;g zby?{&uo@Wdu5v6Tcd_r?Y)&Prqdn#HIoDdYqh#Er>ZXWd#_tkk}I zdU{uu4Ql)su7pLm7iAd}STLap9anP8A8ms+@h>LPb{)ra8_*12W|kTZ{nzy&vJaMx0H{?aA&F-6XcU|5ZANRs9Q)K%JV(21bQS!;FW zkE}t`P188PH`*b0go2aV#Xr@;ByhPFr#=Ps?pu zB)a%24v~*A0=^ILXY_I`CpSylXZ^e;*In>#?I`s+ooYNY zTtgjm_8V&gx%yl07>R*`mY?K5ZuZQfzk3-qJ4cZ*ypG^rOUXee^O zmfMm>N1augOT{%Y`Xl+AgI^|KmxrHhZ6xh!HvWw%v}$Rc>Tg^t+J9{s<+my65WJfH zo9B&!h~jpPWq2#OHFy2O+1~Qt26c#XtL7iYo$%tvJ3el6^}>gy)h!5lOWV7D8!}wS zC8>Ke2pcyO_w=!{StvqSAT@6}dQzE|+YllY^(dRWscL7TMyr}%eJm!3EtHpT&&-JJ z+d^}e-;nBII(YvU+!xOtY8j#P_FbC`&=nLMqQC5Qt$Z#^6{GP>c`GC>PD5CB% zeVMyfW!dVEV(=|*=8WJ2oJV5;$zAuTjNCu%l2hR)z>>6GflueWm{VM8_dRHx2GKLT zVkdjb`_ImN7Yj2pVVPqkv3nU3M+^FMATK`ZTM`qL%#}<#_)O<&t5=r>^P6A2@4Msx z>>^e*-8{z8-{F4M*Zh>qsQQG1WyLs#2IbJ!=l6CVi};9lhm!yy{&B9rq9=b4;SX7M zf@7+L@)skJ^o9}nr(6KEiC=7L5n-}>t0Ddxl|-%otpo49GNqq7759FLi+|gVazGClm7MxMOT|W zlRH#qOmmKmkxur;mAxZQoI^thM_q{??yRy}gh}lcx@0rv_@}Eph6R(sIjM3$n$7Un z=%dGa^|^e#%iJ5~{Q9rk{c?hD_Yp_Mv5R8FZ*Tp#)VOwGo*uU(=LwH>lexiUIhNir1QZfj(Gx6?BpIGiVa+b%{2u#bG@zKxp_KV_EuM1T0wt=Z62uNq2Qvb#E&^V$eRAYn6(o4x} zP(}MT*^HVB-ZJ@7KhF*%_WR{yO`|h0W!L_b2e(wQqFV4<+L!#cZAj$lw;wUT4zfRk zhJEHshdLNKI*WgUs}>gJJkgRL0IL*6*ctJzlch^@Fm=>C(boWRu zoZ)3b8&`fJ>AKizL{E9#y5i`QozRf$eN?E8_SPIN6bx!PPI2H;1$x3fyP8QHS4m-y z0S+9GJ8J?>L5qgB+eeid|Dya`?t{^|__v*GVi2TZ#rxJe6V0kAe;G=z@6o@KfNk#@ zvpV^fRHTY@d`i6!Ox_KX0SvI%U1Nn^ud591h%#zmGDBTDaN&m`5Vp4x+ zx9=Yyc`?7mxuB#LWi}Y2-5quB5dCYudVzmz|WC427_a?a# z@12s$Q|xBVQP%Dj9v6WF-O=KhHQ?@)6J$S^YX}E)n(|_7jdo2s{)A2V#U4`)ErKk} zs;j;|j=!%MC~Rdg*;n(L15(p-p@sGniIcehK){vugzKTVYRs)bH|JQ^j$!;-vX)rv z0le?!Qo)@$!`d&Cc``lBPiqyX(TH8yUM59%M%jl*iDxU_I=>bR=50F+%y;qqLIkH(fC0mmG z2R@l@U5^EpM|!V+lj2X)c9swjC!umIMgVaAtkZTuDh=1smI1WHUUraAs#@;5^as$U zQ{q!{>;pias`{Oon8#`Z(OB9tso1`}mtG$JvRt0^p82gfoXup4_+&7i;jM z1+M@<9_78bYs-Fy$;a7rElMdS*Oi3HIl_V}3qMPFx6iWcz-*tl99QluEM77nzhf6> zKI?2ewuQZxSH?)7kPY$5@DFF5)N;I1R(HJGq_~9T!N|S~FD}%{{_#jyFIdXa=I&M> z=AEUmAg$?h8w-?Yu?ct7*RLTUTJD;aPumV}n%tvr=;m72f^p@L&1AbK=}n6!W4YM| zey&N;CGsWjd4K(pXonrBWi*InmXzh#dfaQV$(7X#Gf`?Kp?p@!7awuzL{KO2YL+gu zWt=hFc7v~Rv*n^K-O5jspo%sJ{jpQh6iT8zMc*J%p5-m$^43Zzx8qlg zp=oK3{k5Y@+rBv6vGrxU-{!L}1Z+7D%qp7Vi5rK;FeE88_KG;^!U&BDO3TGCx%40H z?l!&PKkpV!*y}ca-VeKtGStyHESy@p)I^N@8PQ9fKV}__f;9P-{2nScG{4z;a#y16 zmULQpAE~U=cIzYJ+3}g|c@8Tr4Ih^Wu7ngY+rL138MZVKsY!qDA<7Tjz8OSAlZwl5 zMcUJiwugeljijTLi%kc~Je(VNT0C`4Ybc;GqiL1%Sm_PuavZEv9Rxa^{g4N#7K#(E zl(*RvpF6fu@qhjE?#F&?N@;EUeP_}}^2PTw3kUqn?a$v34Y4aL$GiRm!fN>YT=!fg zGKjulIK6%RM`5KBD!!$_z`n~;40U(e_)VOa;r|bya0*Q=z?@};b9d&GtLlBKRAZG$ zQT0gnEhz4ZX)Veb6g|I)-!(;K(+@xP?yR!#I_lOy}zTd;Va}5yJ-k% zo1$53aJ!15?(!$`nQsZMVZk2C1@Cs&kI53+Y*LVg)XMo$8JzqdT*FujTP_?HGX=yV zYK-3A*`b_kyw+$Ta6;!KG zr!ec4eBRwF4%U?oX?7LVL$}gzjFjJ9nsr-vhg*O8h1t0{#)}}iaat~P4vr%);}{^F z?3Hsbm{urs7C&%@+_giKnfY)eJnVInXDo`)1S}?H)h$l5n~y6UF67P%$4P<1hB(<| zkj!ye_dO@{s`bUI2%HX5YIEuA)1jIf`J05SLLUkbnkw#@mL1eS7Um=avB zlXX9P9cCdEMpM_>g-(qeQ96?MnXOuRKQt0_ckz>s(|E*Zd|R>L`X%w@ibcfW;X>qq zwgL3FQv7c1TtxNh9Y}#9;GSZ3(+%xBeES}tMg^+A8|P>~F4H;&z7y%)d~CP9VsUT? zz#fKr@A9qlGs2^D@~g7-Eev0XmS_M~%IR zbV%d(_7lI~xT6bc;}J;=&yF{fW0(~ey&Nm@Xik41vJK>Sv?%MUdP=rm>v=5ypOk;L z)pd*O*|)lUyUQlZ$ihN;o$$%ySCszu&8L8x?``^(nKSEr^5M+fdi-^zv7(2jfAMh# zWk=d|n1%GHl*eungL`xTZbw@->CrJ8@yt<^+I?rEF|BoOpdLOYb5P5CA-t;zkpMP+qr3^pCrPZB4Z_l-=u4pC;V~()H}?M z`v!b_NEd~9gf7CWaG?ujO&wIHjFm4-1i!!vI1o1WY?zLJd7XsYXm+sr?EZO*rhqDOs%{B4 zDSGX-=<7L8roHMQ?gp$256M%ZFi#>3_2ld|V{)*sKPW*zJFiAzbjDI&JSFEtfrP>1 zNbII^#(Hb>IoC1O#p#xT+w*p*A8B?&n$YrRQxxH@bE*h2SBmSnXW(Pzp*cZo{l6W8 z**5(dx6BUsGOiK-4fbDuYVwud^}cK|I6Kd2p^IM;aEM_5$ zV$xMskoNv(LkKcQ&g*pot&cJ0qFCBJ}+ z;J_xn88rPuY4d8~GhM*?I#U;5TF{xstVUNG^Nr>E9>+PCAjodLlZXdTRgxxTz8*sj z=|BqX%ysv%9>C*wQYc*baz0f!FJ}sic4Dg7%xK1Lb`^~l zfGw#whV+a9wJB8)LRcsPHJh-3Tmm6Y`Q zuX{udm+leY<2PHq2i?RcQtxG-C%H^O!WlwRF~K?!R?CUJdLqqK4w-(=QA&}n%|!Rc zE`Y=;E2r;6m6iF~$O>HIKYp}yTAi*p=y=M;{Z{D6bVh_S@UgZz5j>BEUnFn%`oZo= zB454hpMtF>hO0(<%X%fJmG^$=kgjyj95Dzzi2<35rLddBll}Qq)4?c$BTNyf)Uswq2w{BzB>8rzH;!6leX*^7M(@p9?k3(JKeLqAh)>6IFJ5N&9SsE+9RGmp(vl9{ zas2DqxOlw#kKXNE_n%LEs$*RT>aL%Ji=8NJcnh^cY?WsS-8RI8Q;3qP`V(?Rmm}uJ z+yH7%96HGXPch*~On1)#u3yp~wRC4k{!?Tevn=<>!wa#$wz$sLl1bu8kor@CMTJxD z5^5&lSsDtCO25CHS}TZraBz9Sin?+~Pip+Q)00gbibm-%0~XL9;XP5z0F@r{w^P5! zAEYoa{3(EyYi#?OPslv4nzum z+J5-O>O!XIyG4D1^4sZgG)p~0d*gPLy_IfDdl=@?Mcl$-0u_eR%v5~U`wnQ4!${_Q zb#Xj;G)7;|NwCDGYpubDSv4Va_L=gW&&l^0TV%2;moAq_8a2f<4ebSPc~K-yqrZK% zC8zn^{x^xp73JIUDO+Mo_ok;m^Cd#mPg$=cj=Ft>qH9$$c4`UGpn2Q;>Kc6xgn|`V zF7E65y=!KVmy0>hmmk-xC!G3wF9#*9rUmcP!)-62h4rJ5eW+XD zuL?@is+3l@t11o4C5ZZ*KWfVtcZ+8N=Y9N@?PckguLA!kwuhB>6EOc2s(wbE{pr)> zSCVWUrUXYK)xqv(^pzDt%C|^QAMWcqK3E_!yz7W$*u0OY0*NX$b-nc)`SMiOR=plS zQ+5aS0oKnNgbvrpaVU${N{Bb+JHe~d2t8y_CAu(i(&jO6R4pWJt@#HjVLY3hc2(#^ zJ$goqjw&FC0{Z6T>BUzK__%@3$we%8IG9s7(^de9TFeDtW%L`oM1_CJzMG=e%$9bYH&E{*Uh9|1EhsK^9>00_th`@9DL{ z&sVYK+Ct-C|Ccgh|2W}Z&i_*F!2iR7{Fi1q3vYmDq$j&5+uC{ifA9Lo$Mpk}Ii? zb1y0AIQSV9&JzfC5pq`WDm*oi0!ujU{j-{xv1j<{|5DbBhT@!;OhwMuu^z{|!HEIS zmxN8|xdcj2cX?6-UVCiayO{~C1ho-CJ^1uZyI+lvd83e0`;Fv&xlwj`K(Z_Ch<&Sz|T7@evI2Hl22pA;0#KHy-(%ugnPIlEW-{Wq%D zT&uGid70p1qpS2f2)oJlro|(r{SxKHF6-LvC0~;z^>KPYhv#OjUtb|x!>pZ0_vc>; z3PRb{j4-haIU;VGMiRmobeNLCf0k&0@=dRV4jBOZFtCZfgv6xXMZm#eZb!gKb4(1a zr)R+-)OSqrtUY_WFtVulVK9#>VLX>G+jvFZO0x!!<%d3-DJEJgok2OieQsT66B+1eUi8+#UX1St#+Xr^s7NZd`H4; zHXrD#@0kXR7VU6A7h}gamli7ykjP%^14ErDbhnhnb4Rl~6j!)2@=4u##nuWvwI>f& z%sLyDOST7sSbU)dK$aps=ktml?%muPZJDBQyut3uHOdz~0l~X3Z(g3ltn98Yyhqyt zm2u~V&I|4HOLqv42m>sdpu~f&;4rd|^R>m2{Wq3~2c^0GKch6Xw8|(hs0!q~Q9?<4 z`Z5Phehpt()CtMffpOPktUQs@xl%fReJ0-1 zeoT7ttds`#H_!7JG3W#E%+J??j0phu-%MMY2_=;;DQx>=5?vM>GiuGzy$qwtL063$ zY1dl_@Q4&`Y`nA3YXKAYR3R$lf$*78g3C8PN%{pI2vYHd$2)LRVoJ(GXqvF^@}~TL zb#IaHK9R3^t5?+Eje96X)N^|@g%BqZo9f_ha<=s5?QG9c@gsB1M@K4v?y2UZb)E7@ zp%urY@?&H*RE>;Z9uQg7J0xbDrI_$$s4yJ2l-?gu6Wb;4{`=PMpy^>rg0cT|Ax6}A zcl#JT$7weDMC_hR1yt~*FHKS>ovN@a8DoAA!4ILOrx%yO1~lz*?YL3Y@vg!YfYe%) zSB=z_i-XB|JzjJrHB|&jxz>o8^!j4F`{yg6^T1B8y}60@CYvDM&s8hG+9AP9WowQk zLmZCxA8T;Tb;f@fm0Bcfr5k8Nr4f|KeK04^Cmuzbd^?^Tpv5qBZ)dNPQ6T`}qNKmJ zx!NwZ%S3~6t4tU4{T61sO4~tThsa^>T54m>`k?!s=l5+u76{zdxP|D_{wn(gR-Y+^;f@-#CFi}_MUZc%5 zg{0d9Dqf}&$Coq?iW*P}lC}aZ-XO9cRE-lk&zhVF#*Y$di|uDG=Lz-=W+A5p1S>C> zG9mlAKd)|gV+!rK5U}=pR-n8F)5do#)U!u_6CLY-B=OYrB+g`K4t6kPZ@bI}I}nx{ zEb34OsqKxR^X&hdax*e0GU!e}*b(UA>K``@t~T*_cOd#=ETyjoHYoSwX>)I-zw=^k zlfC=_VWarbo}nDvNsWQTahczn(@0Qu7|(x2js8B}in{mW`OD}kd50Q}gm6}4WaD?z z*2=5P6}$}m)&6H=QZ-R3R&ibP5EiqpXr4J;-XLc_*IVPSe=m#BF0=;Dz6l#{EWD%% zwGp+MJgRds_xYZckdM|TTLfEp?stQwx!@j*73;kZpVS1lAAx1x&rcS6tVQu__Q>T;9K!vLxtEYp@8CRIz z5Ar{Y(pL-isTT-PwT}9wo5xCIxo)mYSmWClRd6KxGA*^AA>XDbL# z5&{04dpqDbmB-H5hoMLatYDAQg1H-~c2=~Kb10wDwdyJ9iphR5S@4YJ*bGX$SbDuh z4D557rn%gWVq1D&#IbK1KqUM2_%$M&hAlIl z$=%SgVWa#;toiNoBH@~>TiDEv>2JQh)~CrrcLUQbKp9K^$CX>p^NXaM7IZGMXU&bl zX2Q@^(X>kQCau_E9mkcH# zQ+~Z85a!CT@Knd>Z9SB+l{4ji0>cXEtWp7Y?l2`yhd|C3woRA&{^N+$fHnT0yn#|i z{zK0B@dvM9t}J)PT`1u8T5^nqJ8GX@@TRP-wBNG~$4$IhO9?)PjLR;3#xLB#SX`1O z!AWQpd>kv8aCm^};ei;uy=znF@ z%uFfGvl>FX? zMyWw>goMMm3UIYMl5kfIf}SZwpnl_DRq!oJ*sxJvsO0}Wm#p1#@*~5IS#vk<(AOX!QnF&!oh}0G?PQad9hR3_eVXBL5kf`Wz19~!VogbD)b39J zz64eLk&_Sj^T>Fy3XrZfuMAvh&q<@e&{uc3bDAq)iW* z{VfA*xLgpj0XCE_Zu_3F6A|24kK>CBWIBYt^rZkZ4=1?z}6bssW5-;wPEiB%Ft$7>BE3L4FRGHN6)yhBxz z2%7V@RuU?#JoqdHCk`w)eKZ`Yutz8yJ{exfh1Wi)CCBB(eNGZWfSPVIoVcqx&;3Xo zj2X-Eg&Wgx{~|&q z@2xL4@%lcl)s*7Us*QP9Dj)~7nIJ3wQia=#gJL8}aT%;l->-OjV)%-uE`k=Iq>$Sf zkb{x=quiRVK-jB3WVW?Y%_34Xbb0t)HYgnt0pn<5UCv8d=w9Q(6(&5O!wh!|acDNG zH`bB8HDWoNi>lI2>kq9`Hv`PbSwfbu)ljo3pR|x1s{oLIT>a<5%V;j=H0dx3ItdH^ zeNI}@AIdw+Nf{aJU^mb<^@9g;Vkv(4U<>bY4?8okhsS2K9wfv4bAHJ)XzGzt{eez^ zMy8bGnvSjl*WOIIy%~Pog&gs#5Tu|uj{CVI^N;l{w&!ojCi=*y2;OJ)S+KcVe}l`) zXglPbuzZ#@Tk@T%I-YMmzV=Q;5w-%P4%3s1ox+jefE*67cL98z65^eDWE?jTTSu*v zB2W5pr|StR4!AuQ-p?~OP|6iZ+IUHDrzFH?$zLnSG>qq$DGjC1e`Ip00!$%Ju#25zqbUVNe^>bG03JS4iM>Ig0 zjvZeX64z|)BAZrZ4r&5I4=1rql8L&QvSd}^S`LAbmstTdLK_>*ELbPb77?@et zWCe6tN$uBtQXWfg3vU0m0%nEU04?~WDpr17X;fngj`R!|`!4&dF4dr8j&-pSZ9>!N z7_f^wjq1vTeO7RE0#`8uAu{*IIL04XcyX$5i&g3$DDnEuoZ84IR8h>zf%X;+AM){) zsvIIIWm&1j@?yx#Zf)979<;Q1+MzcFw;DKSTUL*;N3OYB$c8+pDkU#A_{PXRaHqcS;&+Za)wARFMDvNZEYKyi=;cQmFt3_u1qF!%cxx)skzq>;4`hRF| z6AYhBbsJtsEv!W-tdr2EkD+kiD;q(Jk=R75wk5_NtC|#zqD)Kb&WnweDq^AeZ2E>h zLJU5#f@JfAZnB3!Tz%L%lBR-9pJX4*q>f$fr$O`)&Kt9=up;I)3Py*>G*`!31QRkW z%T6J&_U!&eIoP6Y7TCnFN87*dXcFSjNz*f-+-Y2CM%Y(W+O$#xc(1DwDhY86$O4+! zr}?qhslykmH{MSnZ;t1;yA_&u37r?TVL?b|V^0B1s87(Z&#Zp+zx~O-aBMs+*tKN5 z6NJA$3!g1x1Je4%x?59T?p%abaqUPj|Fv)XMj=C`iN4F43D|FY+ONUwxTOZI*m{=t z;+%Y7fG5<^i)X^lYdm%P9w#dq!3HU|VMn7#L6y`=nQWOpz|4r%Zp1sNoSjkRu2)elc7TkW(Ew_I% z)N9X3fJ-OI4*Bs!OvE+v`A^5c7<;Sy3P%ZYJT5qpGjmlXwd^8{JpX}M>txI0#c{bx z3vcV|R_`rk5>2{&rn_rfzv&Pfc#{!I68$WtVxkI4Vu8?0uK7ipdI5wX{V&Y-KrzvN z(#htFpXIvj^Xo|=N|@%kMZ3>1{B67K5@=T86qK*tE0f#1KM9VjVEP zttdpOErh6eW$L8r?-DmLENJyifTEVXC)>`1U#TIE=x)mka7pl8Qs>S#&3x&lz!qcEtOB z8$~L5xbXH1HZ~7J$iyl%NUI6xEz_l6%8T=<@~5KjL4!xJkJBRKccCU^(DKLhXmX=qNtO@)sIvRO?UTHm2$(jAGf^UaukNzMC(hn4sCV1_?)zB3K(uYryqAQ@&OQ2TO@} zvM*5wk!R%^|66zG{nga^t$RS4(p5ldp=^pEAfSMBq$nT)BGRNuS9(bZkkABFgrM}^ ziwXitClqO+cL^GwPJUaEK^bYz?4JT!LSE&d zCxEz!@<%`g-+y)CN-I@-`}~<2#tz7m1VMPMOoRnno2WGT>6|^3vX4Q4%ksf&dE;-{ ztpij^Vc2*=+hwWihZ8y{*$%M{tCTZS*Y|`UQuhJ(D`0$b$Ay&h@N1lbmO0e+lLTKa z%cv_SK<$`E!>x zU(F6Wni4))nX@bi+RvoAyo92!WPOt#p`6erorfKCOr|J;9B%)<$g?iC|MY-fI)~b> zX>tgB$D~`+)HNgE?1%(gZj~xB{Mq^;j;hkZi~<79MxIuxSlvtuJ1RxSUs|f@R>j#D zV5>y+jUjoOajCb+tnNeViTt3{VDtLjc`^`vo7ZjEEvnnD%jo+0uD%dILTnwIGKxz+ zH)0P%0HIp+brfyaSk~B<>bA3Cs88RAiDY$dOhNg8vdlrKOep~1PJH@D8NA6OZrMa+ zynW;^(OYa@@4I9_nXM6B05D2#L=HL zNwxHOBOE5-Fkl3T*+mpv59KAhyegDyZ)_g}`ssTL$5qDRJRqkA64Qt)!72;$C%As8 zpYlUyjV@^t_cF}V1za09h)CaD_|E6WPSYH>9>wr!_mn@29jVo$-SiDwlm)NZ;ECIR zD^5=;7pH-Mg2@;nT^T~nCOxolDZ}NVVPUCmK-09sLN^V8WAY2(hIh}F#)tZIcexkt zN5H^;R$o>`|9e}Z)cf^T>^I9;`GgH)O*5upbJ&YDTmjY)WF|BfBpRGN?zxnB;Bt{T z+0!#I1uN8ZDQ(xiY`Zet%R@~XRl9zHV)-W>8Olrir zVSKUCCbG*u!F~YDSwg9>V?L~6ocZ{vfeChW(LJOS6y~~ReGqdaW#){I>Zls1spb~n*S_<%=SX*)24q^jy*LLDj1)qd zNWZ{ct){CVYpFmPEa+uA;BsZ6%j7yGzT$OMzTYZu!ZCS}P<% zy?Gq=O*o|FJ4x5tXpTBNJKd)@LSP7flR~-<(-!r}_t$&)g9}(pmR5E{3P^#S%4=3& zPze-7Lt;W&<6xyWYkHObZk8XV$|OB4hvTE`l0-82T%U%_w4KQdnzuHZa-hWeI5T79l32HkAG?52`?+{2H_TUv%eq4N>h%+hChh- zQayapX3HKjm=ivJCZn#XP&UNw0$2Fb%J6)$2Im0(iwsxvE`Ly%R{>F!LB!h8!|FJ$MUDZ&ui#&mkapO+W@ z=21YJfz?Sc8I^y)+bgdY@{-Q)SyyR2lqr!&JGU|@)Kxy-TNMVlM?iy8CyoN-YotCU z@iZTKPYu70;Q{1@&uklAtQUvWixy{HnNLt(?n%3L!zSVGN$oB8;$HIW68HA&lCL1O z$T^3K3!~>xMX8f5`4f)y13$zvpRus z-3IAgxvK+)UvFO(2XH+xQ>icRe;ao18wsXQuA0(UuGC2Hk#<0^RUL44zN@FjLK+Ea z{(CzCsgNW1>As9&!fmtK)`cV>MSCmo5m1^8i%oce;NqKj$12z#(7^Z{)C1GgKZ=wf#XBFXD4q6| zLvlR}`j+Y^r^Y>d14wso(EFFXsCoKo^ot|OVOS(fl8dAR^r0cM8NVgFQNr}~|1&<3 z9;pEP+>ss@T^wUl7C6=Yf9(iaW$h~znbp()ZLe_Yi-r&|JFroua7;M>gcWdE&E6+1 z?aX4~t;&n&aZb4)#(Ah7A?reYH}Ihp>y+v&UlZ*}+3ngH%QX1*LKYzLd7#rEj7F7r z*`9GtxfF5;rL1p^|7oaka|aNF2WEgM;}2A(`Q5{nu)AGk*m1gopu(8kJ} z9Q8*2)GO{i=&??>6^i$pzP+%pkm!B#Hhm2!#zm%DmT|qZWXv-3Q1}>G^buoQJ?tdIVi; z?#<%L9MA=Z;fxtt{63DTI!NI1e;P7;{Z~N9H2h{A(6COE0mr7Am8HbdoJk4&In}F1 zvSSC>L#d>wG?})#P0OZmcjD6{G%DEVbd+5wGb;Yb77*u5Pk&T7$03nO9}t}M{7*gP z#ZXvBzz}NozIWRIJruk84k`sYqGY)HWPF;iggyMPfHPd%k_PEQ0Jg6ouwmYvz4u^6 zCtbYl=0zt+_4@6LIil?uGAL0q+Gj4Ldee3JmP>E4WQ;<=e*CYm&%3`bcH3e{i=XmH z=ucF+^4EEI*aBVZ-C-TY`<{PxIWp@^5Rve4NI#2HI{mDMvPKKSihVLGq+DiA;QnFe zmG3YD_-MDgWC82i;QnXGgZs+A?uLu^7RJS{MF1)NCTh#<-3$< z@84^#+F2MK&u>826|cz%zHi+uRK^7RGfV@p;X-^^+`R=gZx7f<|1qUJ^ZMNWYyEG7 z%Ksy(=f4n@WK2bx;h)7{oP^q^3+}It#O6n0JG)(xqQi=*8;@_XdkcQ^HV;MpLl_}7 z_t`K@Ivr1Vn)QI}vq4U+M5WU|9FvcW@n6pcFfvu1)9+4BL#1rHM>mG%-_VL%%}owf z=*u3Vav`ao^Fsa(xvFZ<@^-U^2b>N!(1p?%ilfG99Bcc8{piaE1dydUn*GB#PWpV=;q^7loX4P zj>?o85jd9&Jk8J|Zn37X4z}CCA^Lq6w#@z~pdK+|T!9RAQlcXRq9ZSXbb|`p_b50D zi(b8ttiXM9dKKU$VSM;I!UKSiq>7!H!|)2@08iw|W%RXOjm`cl6j_w0$U9Qo6>Plq zL1MC~L@YMm22T}dG1e%}=jJrF4R1kjb)B|^$yjTGb}Iqf(k=8)oA@e3#n7kqoqEMx z2P%_*#FI(Zk5vI(Q|g}8=!VYS*i>J#fGo3OTQ#;uHioni@I@5R+OgEjs160v0P zpH|$3RE5{fz4LPMm)45V$GVL%y^RT(GPzhVMYoY?7uVpizVPzgb{|ECW^a5!S1}Jt z+FEnwTK|(zEW*A?=br`EcH7!u@VzghwyTHFJ5xd3CTH$FjLZAsnoqJ}22<$OLbGr$ zzbW)h!NPTlV{bnne5Xalz9H0SP4dWY!=;80S=?uoAQ-7CesDUbd;_pV7>>G*aci@p z>AbVq0EEiZvL^|LcV-a*AH7+tIsp3&qn6S)4^MFSC)=-SkZ04GBC~wG--Hkfr=MvhTK&_y;TRAdDbV&JNqL)oD4lCUB!CTMp_owyYeqpA;eOJ$~U2T z);|*3{C!-vbPg&fpg(Yddl)p2Y+B~V!K4V~ggu~-*A~@Bb`+Qy?f|_M1iB&k*&5f_ z5hNjjId`>z_9!n1y@`#McNO2iQtC27Ly%c8d_FrJuG7}{ahNYkaxvUvL{87jwo&bT zfCsRs*L&DL_upnLMW&GBhwc0YXM~NpmQS)0pdcne+x=Gt{#zf!FfP9*DuhrcM3*wJ z&Peac)tojI^j>(!co7Jsxk6H%F8TQp*b^05K;{$d_Fx%oC$ppiNe7@Nmtld$=5>QF z{P+79QFw-1^tsd$p?Ae=tiK6wR`a|)E#@>Y2Zsj~o*O6~;~CD}~U zhac__1DR zlJra8q(GRbKKt`mBaX@66t<2Dri<#B#U%zErY|aRVF_ub9oR1mLIKlRU#!1$e0b_){|Frf zEm*9hOlW+)KJ`w#{cZ^^veL)*m$TnEV2Ts=g1LcOlu@B+Oi|Ws{lFd1+v%H zGua&ZPfMJvN>qS(Ep(QUi?6OPT|;{;sEYymot4ochu# zwLCZJfwVhf7ALH7y}WS!`o^lyjh78kATyO^tSTuzf`)+ck}-#h!x z2A!CnXl}2?o)p}ZDK<^OUmm6oc5Wk6KA;#-=B5_rRghf69IdSkuZL;04h);&h9F4FGUJ7oy5`3C}xbv13^9w7fi78@PlE;fi zOZU%o-O;eqSE6ntQIzh=j|y7|dq z>xR3FpF2hr7KDoXb@+is;V=I-BeIM>M#6Kc5KCpESuBm7adJM2C}P*!*(U?fR` zuzz=%+m9ed*GE-|8v~7nkLfUHOj?-x!hHP|6n*>lw1#zb&6=>8xJtqeoGicJpsiSD zRNc%ZD$OiIFRaj0nxjb}zB%3gs&fKbLFFbB>PY&g`9A%!;ej{xFc2{u&Hdah!ppyr z=4BChe)%qj;XaL)adznFeN&;R1zwBur`xiRWAG6NYG@jMx)+D^vnt|oOmQ5L6ltaM zAwLbTofc~u7~=lH>}sobGft|<0(I&Pk!qeN0&~1 zdYl~nm?(>%A`kJXOytCMusq1-c}cv7ZuavM%q+4iyqxxPtQ9_n)#SU|Q*c$Q@|bvt z&8YD+%D};{5P#lRT)V;6oh4KVw8G96lJy8r6ux*N5@MHZ3EFa3KIH;uk*&MdKO(NB zGw6DBK%+Z2F_z^VL87d}4IXD+{2^gP+gC4OFH~jQ@Wf~I=MI{ zR^qlGJgi>qS5nl!>2e@vl_YrEO(b#{mW zA%{<9r&bhRefX@{Hxc(_4)k=87*XK%vWiR8=NTg9N>9i`Co9v8kXdpv1jWt`T7IH~ z9D`IMJ*MMFbcn9tH{(F`>_02zJyZVj>?@p;X;l57=5=F%Een4|il7q}bP) zkq?E^G1|>Ege%33pUWM{F`P&#Xy%n1MQgvM%K8HBGgoZ-65#P?oLf_o7*^7c@R zWVW8*x_hF4wj$h{D-H*C_XI&q!Zw@qL+|(h^}}p)KW^!0jBf3It@`-n%C9ss=s_KA zsP?6&#fG0BaJ=_rm(h(oQc`rCms^etr~e3_ZtqVuJk#BA51enR6q0`8A)U1{uOuqH zGbfgfPAk(Eg&Wb0Qur){GpRMjytxD0V0go=;~T6z{rwfYi+N7yCE_nj%u<}4m3V?Y zyxpu8W5VRcKvyT+nS1$N*Bwd{i5Ej z82+K=Kq}%V3zD&nyBV4hH1TR*k8TzmygjfwnB<2?qvj{7#F>q9!#$*H7e6k|y`f?n zQkf92w}qf^A@EtBzar0?I!Ose{OQNzu!VqRB}m};I|y9NZMZQRwGnMc;Esl zZrVQks*@P_oy zGxwddN?OyIdTG$XA^oTPh`VlF-~`ZY9lUb1>z=5AGNIM1FK}MsUrdSIQfu(7@^!!*P0{A2Ji6!hd*Fop zr`!rtuxs_&B$m|P>7`Gq6WZ#9TL>`ply0RED`6hqX-a<}nS%tN{y!wVGfJ^wR|GtU zJopAXWXn0Bo5$KbTIbAAy6`E$(iN~T2>spNrqz2_vE!Oc?Vi7{W>plK$$Uj$=5!4L zk-Z*JWrLNpY*1a+3sqRCE^9@0l)x*y>rZ`#ypAI25}k+XKJaK$`)nKqy}}x`!>KeS z-nyDS`i(T3+O{E{L^!K*&>PV;?BRW)U4~`mz0=EhCqx=y@hkpCQuT>pi!;ywi-}Fx zV*F$IR^Yg#A+o)y=&U=Ah0m}C^o`$}8vx^Y)`{Ne%FBfcom&=vTb8gdE9@YH$C1ps zI3tbMkb0b5Mp6|z?pv==r}gmn#ju1IQkNPxKOv1H9K zwAImbA)lDdC9;(Uf_#tnc&ZYKZU!kkPGkVhzU(>uf|t8u&f~6w;WXzl$PyHQNg1#8 zL_AJk9`p_43^=o<-lZe*DgVGkNq$t`n04>6&LRGxAp@Wqh%WLBgvV`ZO(O}am7?D2 zZ%?fDWF)RT^v)bY;aX?$YJHUNugaN^pddH43mFlK@9-2}puyU=C`|QgD~~PEkNBSH z?}c&ic1k#ps5%t8?XRQI@W2!G{e*5hY$fJz)h9i7$h*M*A6FGc^vXYuv+UeE1ELQH z6fsyK<{fPiYh#kj*_NnUugcis4h^@^lFoR^2sa@Luqg8`+h$utCViQE6!P}% zic*`>OpqlFsL(UO{&w&^e?_4)3gtWDnIeP!yu=nshB;~_r^mmbz`=~i!gfWjD2rY4 z11@&1MQP?!y>-FS`0gn~(I3H&k)QlHp11pXibXul@nxU#sd;9S!Q+y~=ivoJhidw# zp)XEeZZ^|de1MEM$t4+rXR$B5FJz|{j*-G2 zZ!B&%K3{T8yEQ!lkTG;nXZs2V$KLE?@DWfN-D1emoyLYLTuvj)TMOCsnL5)T=!SSH zs?I76EI(5FUR;?4ECZGYC&bjlx~8i%hYge`11$vG@8%-*IpuAayX(*YRLU&7AAZ7t z$8z19de3anzO5T>=XxwG1Q{lQdI3ytvGF(e zmf9uz9fXrE3aOaoDT{+m24+NZNSxh^F$d5c8Y$1Usfy|haOz9;m=v&rM0`8Kj%_!q z8w#_BRE*ImLdIucs%PW zpJ~{p*OzDapONEbZ>7`1AH2X(b{z0~GAE;rXx(@|rqoT2@JR0*;>9H@Q=1VIRv`aM zw=(4Y4W0{DE$-6GM^uYp9?Hii7MLLESvytievVG#UjS0mS8hOkJ96KOrOUCS=2Wix z@~~bBMzI^Q(b+rh+{IdY2I!3`84yGGB$1hQx4f9kCk>FIN;D{D=s&k=( zbF(kz1I{s^nfG3h{8)rin*N!O_wSkuv@IBu@1wYT-jnQlhVCkIIh%wVHMEm*P`;wy z4yf|VyX>;fL99r^pIdcTat08a5^YO2(FJe^lB=Og182X`DuTAHmsHLAoK4rmX44UC@B0yRvs1Cxwo98 z@HU;@-%QMzBj#B$1=xc5{(5JWd&ppuP&o&MXp}crDg_;VjjBkGE}E~B0jgfx8E=*C z}{E(!Rr9X6JDRCVRQV!cnA5r`X{`8Z7!(cV&T%lHhyYXpK=WE zw_l9Pe7UjWr=Gb13i3qA(ahV%9jqj6Hseqw&ZX(4J13)&@uprW zL$F{Mkbo;`KIO^w>pXLe2GM-E7Uj}wqnYz6(7GIR9(Bl&GLhLW9?X<9cV-)yQ=lE( zxYPIe^V#H=CHXZJKr~IwJIP{XcN8q5@}`%1;X>I{!OF09FJ12N@7gVZ9#5*GDrWN4h`oqVkMcc(}R zK9EWJAaDCLe;Q$7CNry!cA94vlEB<$2_W-&V@P^JzJa=*zaenF&yLONO`~o4sN zn$v~BddfSZ$M^WVOu09m)s3g&8=*@T!acS7c7iJ{!?V94DT@|i zKWGJP;DyMGj?z!cV+tW8=z>6iA-g-)ewXz53O*BbRaGgTfvV{49Tm4&4yq63_pW!( zUWx{Qbi=u!n>-Fyqh|wfdQ~%7r`XHY^tmI&W-Uoqsegh@oV{U(y6duA0dtRqsex56 zBgMU}3szvJkM~R2s^9P!FT?TMuPIoei>2ff=|bQ_RQRB%7HyKQZdwIBCV)>O-ypif z_1Zs*^P^4o0Nv0}3aEQb=20t6Cfwl$RIMpB=7%gtB9E^6X<6O;*Z@VnA);@`wMZE& z8EiEol#58|_?a+mE3)q_QF+j-zQgms!lmm%Bo|VWv z%lXP$*@Ez64L;lef-rYi!t(;~^K@LTQStc3%uG@jZT&5G3VUFV=foU7e`zQ4Tlspw zx4v>AXywcNFJAH>>Dm)H@g*|PAJLRcD2h(^;kHxF3rmm;V~e*Kz?VNK3JYX0``GM7 z#w94|)z-Ysdt(8J?Qyi^#}xGCg=3R_7|uQ)>gM(uNJ8hmm0en)l;wAAcM|4yJt-xe?! y7H|X2&D-kpe=e4x<)2RDf5R`|d8nR&x}p;|ant9qz~=>tG}NA`etTdU{J#J&)w6y8 literal 0 HcmV?d00001 diff --git a/docs/wiki/media/clip_image081.png b/docs/wiki/media/clip_image081.png new file mode 100644 index 0000000000000000000000000000000000000000..85ee27aac83a065b57fb310e3689f5a39cc89e9d GIT binary patch literal 30143 zcmeFZc{JN=`^Fnu)l#*0QLVAFqG+{fX+o=|sCjA)2}O-D3t}pr)v&t_QEDh9=F}85 zgrX>_<}pZBO^Jvph8S|5bieO!I=^++Iscrs&RXY>E-PIm-#mG~&wbsW>$>yGKu?p0 zONa{sf$(VEy=?@6u+t$Bww!|p!2j%g4AKHW*nEsMZ$XN`i_C)u`yFrU-h@C(V!3y0 zIl$vXo_8PkKp;nbS^wB39*GA)AbuuVw{MyRz^UWh?@R{X(snudt8dO_6uMq~ z9%TIA4?h+3O7l$Mez^(O@lCCXSoBI1$UGhlTp?ilc%oU$l)vhB;! zEwgm5YCa}w<>We4TtOvP65pKBT*!PaTk1YuJ(6+riQC#-4<1c-Nr8n_Ctxs~*=!KC zYH%U;CapWcLAKvTf;^gn6sO*vKrIZH*tEY*R`PH+7E5_J#PjL9Skk2iZEc+=lHf8$ z_tPQr8qhUd?MkG~gVHZE-&2L7ibg(pO)V7HES9R!YU9L$AP|@E3^BEq8@p?LsPdiM z-2g`HlgoMAljY(T9miy-%dO(PEno>uSnv77`;>bUrnQG@FV=1_&eh2>Va)tOGk zfbJhQ_XMI5^`Qhhc|iL3KFH@S*3)XtNh(!KDn2+8A}@tq$;Y1Wy0IITkeE1{Yq+uB z?i2*W5gDB$3*LtR> zq;okTKZ4^>24SR-jS-3T;D^o4%>(f2h15f2WZ(4ay#a|fvWeP9uRe`RcygK>AyLM1 zX3%=|`7_GhFO{dP{A;UAUkzGH{_%Fq{8EtDcM<>lIsDux>+#QN3<8B* zBHqJQ4i%N5s6-B*b2%%@&P&k0qnnc}TnqKnVX^}3-Ml*U*Vp{sujEUZ)>Ve?JUt}) z**pVRKh%?@p~;L*uD7Y%7Vah0IbpeodddsSEaMWz+}K-0QUlPOZg+m)<*Y|YRGd~yCRr{A?;9-5j+}z_@*unthGgA|j+st*# z3Ks{Ytj82gm0331R?i7}$0wg?jFU5<#|x~{XwU8Xbc5yU#F_oZ`lcyq7w-;URYiO% z4uB2|ZA`upPxJDApSD?ATI#fYd)oJO=3~`2>w$p{SSe24V0Ugo8DD64-r76f8oQ(* zbDK9&WFx892+j0k8Gb`@K6qr`;7r|BrRv3!RcQzHtK(tELXKdM=fYGAo$G4h$uk@J z0b!e7ljw6OIASA$gFDl&r3M|>E`L>K4DSg|mbf8enVy5QsA!MYiU0XwrOv$*t9-V0 zY`BzB=oMP+QGf`o^$s2Vmi|3z5jTu(>gd0Lsn{#C(MCy1NqN`vTe8-t*U-x1VbI2+ zU)a>>1o>4x9Z$?8`fjaE4_3IE`MxF%8N$WJaa_HP+txdEcgv&fw{Mu5TX{WG zIZ*9S3vDUMU`%D(I0a{x^AJ>bmYNjpS`I7et}YPkRndj6;;yxFO3u9>TqHuCc!;^h ziN9UQk@grH60Z67pzKiw}yS$Q?42-uN}U;%BbcqjD&4l1&V)> z`WP+oE@Eodbj$N|QHBXLh&-7h?+^*y81r%5|4g1z^`Jsqsn@%SPz^IM&6s?0#G2l% zrGAYnaZdu$PTe3dlfin8hNf^SRe5R4b?dNw7iVs24(a4M_>;#*keo%UNtf+1DaBr+ zj#62>$KXl>1qGL2si#hi$1Sbi{Y!e(oy%sbNVC-8EOFN2g^5$u@_LG(9EW;`Zan_| z_605_x0i!?fjN4qLeN3K8v#<-T|U@I|DhzDx%25z%T`%qy6bpZPib}st6B`!2CmxN zL!0PLo9bK7(Nud9u3BGSZnbjO$}=@F`_u)FgPN!VbaJ-22Z8-=y6n#1KyxuJOOc$`>* zG1wu3qxH&$TukPaapC$Ri4x-%-M40r2vL}C6Nf-XPTSoiu%DsV=5v~{4P(s)fVOC~M19Z@Mo#B#&v?7`9P;2wKa#>swFS)oFr2-f_zx z?Uz6?0qBUI@QyJuLNmBZR~k=lY68_9Jc z*6_eupKHImD!vfdCtF{tTvM7aWMr_%n=gOy6p!A={`Yj=j@1(_#B*~xa zk#`xL@eB&BaD=vn*XpIepjt1=uzl3>I;ROpH9^?eLFx_0I3sF!9^DM{9F#XEruXbvOiPW zB+`5vBGWZ-o`2-qLTjvP)sjX^2c7wNE?-OPdbb59UCjl$i|^JU%#x|*De>)7LxxHXQWC^I`EvKs8MMpmnW1&AA;HkU zUy#Hm`NW|Wv;BF-J${32vF!Q?_`KX?8d~s%X8Vf{dy7nm{_-vb>+NpwC)JbY&c=D# z@e%LQeA&n^c&*i7uV37iNBGW22*^gCzmUbZZ=BzWJ!vd( zHg&M{j!w|VxIeW=Q@oyPG7`4q&FF%j}XKx^RQ!cIm6X6-JmFy zt*xanX8MAUj-PzJme=~p=JVqy(n(=6@eZ{nqtC^B)cRdweFZLTmm(W$O%oanU`pHlocd0R;__r@Xsc z50o|JyCV>(5Qtjh86fO{?j8$FH6~5BOH&yXT-iF6NNg5FxCN~*_;qn1%1|<@5#VVa z7xw(PNeI2CMP9u=t(&4)aZ262>_}Ko!!fxB4>@7Xv1A3;M}dLVBFC<@#gS2uqReyPn@$@&d{4$RKdSA#-FxQ|_YsR9*H8uNTY zAnYkM7$opX=nXH9*F?ORdciA>582+}REHQ1taYsvHGeuMdzblhM7YSCTDCs@o!3fD z4n6d-#r5~C20kGdteJlOeE0h&MGtCPc7N4`lC8r7W7D9>&812Av6jYLDQin-l{^;8 zd7cRu`qL)dEiQ6U?OLNM=KHWUfu=crl))Z8NKdJBd&jtM=TMPl<=m?~QY$Mfg&#hh zJ)WNl-+Hh9e7`zYK!AD>#&-7^dd`Qo^(=LGhgQ5XUU%czJ*|`Szc;*bAZX9(EI8;Y z{)^=TxFXMVdK{B$6oJ^P4&fiWU+vWMP%w(*PYQ9o*QfOvbOB?t_xEuf7$#B%M?ke4 z``DgaNbdH&-Lbc|FtS)SL#zv_@oT5eJvV+2-!e%sH#?9H`EW~836bdb(e9btzfWBt zGZ^HZcML^LrI%7-Onq4J)pL&)b$p7DMEqcdj(JC0X9=`sW516?PKLDvdvo?cP>-pZ zpVRfX-Z%UD&9=MFP}%+x8s{$%VYD+hXa8NarGoR}o7!oDddvI3U1Bhs5lY$%!Gra4 zYL5z=Z!v~ipT`EqRJf94leT@A#B>NNoJT}n5-D)h$8Rzcd?wbNazEKrby1+-}dSC2I}5SAS8cPjby4Z({Xp zx!-RRB9?z;(_jjHYut0#jxQF=22@L;riDHBtDAB$HYy`mB5e+;>8=fHL#NN*3lHkpKE~SauWs*FnVvZV zPL0js&v2ks^4r_n$F%C}UvPrn&ouQ3`h==&1jPYS7rb>sKl`n6g_P!?zVSqG<~#H> zu?umDl%tz6Gh_M|X<1p#xHA2@;R)V-oVY$t3za}OXOQQWu*Odr2%@UDw^y7@^hI$s zmo*VI6fa-6rOTUoWXA4JOU?W#DO#Fi`g6gVTAQt{EiI3vjXdQNrYal6vp9ESw!dH_ zWF2gX1NS+Wd9sN^)g#oV=cDPUy|zdl?S<7Y)k-{a^ggL>=zidxY#Dg%aEwSEdcXMN zWXXz|rPyll{^MQZF6CmT1W=pl`5S|+1rlN$Xb`dE0$ofJ2c-@(h$dA8=uXqp%;N`z$5mGLPN1IG*U!)#*Kd zlks}g z&K@nSceoz5`UKzyj>TziiBG~0{q_}3C|Jp4#Qug971<}Pq3a3n5l@O^u`X+@b(1ST9-B%We$~lzZ{#O&_AO2G)MgA`V)t~*KPC_2UWc489GwSvgzUkS;0FrKiEHzHMYXjzF7QAgy)3wvr93lBZcyfT#F5hW~L8la%$a7^rB9z_2s` zM{?RtlCrWWoIY&p%VG@;rUVDI@mQ)x{t?Izt2ZbEoSbHe7DMh1vlruZevaD=QT{f+ zYnA?-D6;K98va5YuBJs<1H?v=Y?pPp_kU+pOcjk-A>_YcnfV;(W>C7ri}p-J5_NYC4emo#>3i8|4P%(s~blw)vaMX|x^mGj733(URV%U<*W z^SG8b=XZ??L+|Iyn!xEFw6~pBX{s+5a1%Xn1{=pdH#^(+EG5H(`v+j%2W)K2v%st< zvvqb=H7IQ-2=e**sWbCRjE5mh;haSw@F28O*J%z(F0;|uX%0J~nDsLB-3n4u1CIT} zpJy~~?~{6`8W|ZmCf7X3`iy+}F^R(ygdpnf2FahW{4XG69+N1CaJQ~ORRHQ&CF~|B zYvJUBNG8tV`q?0V#Y9c_OTX-!rbX=Sj(fUQzoz}UK9!Cp=ehL7WfPr})8(u%b$=>MI?1zU1Aw zx~+N4#Uem;n<`u*epRG~x{L2GAExGeg`Th#S|_#*L07R?vgqeWWlO01(W|XlxQyxU^RFnAl__Oy?kB2cgoeZY;<>VP-HHg?BTF~yYN1fhu z9bM$WW(}>5=w7?5;r}3PrtFHfM@EaZg9hC>bU<7#U8!gDets5cew>oS@i&&))cD~x1`+PUhmI@vr3ULb{<#9aH**G1C6Pv#uGHXx1bVURe&Ux7p-UKi+OW6{Rcnm z#dy|=O#b-^;7KE>;w)=hkR$R1O6k%ymn2bsR0JR?OA1>Na1R|HEwCO5)7kZ9U4L zdR~T+u~-N^yq0WmlA50Qx7Mo|O{6;gCyiJymvm(h^$k`1x8L|%>w3&pwE!?AQASI5iWtIJCKdQz&B|+jEtR*(*r-7eJ%U zblKn3A8C*mJejxAKf6LPwK6fGc0f&C>LV;T?6rsPo`+jPInrU-=XO@+kHT_acFyWv zo#<1RgqSj-bDYNo&bAyF%S0wFDlQR~AIN$qML2PcwCRcQcNYweigR)e_Y*~82Q`&c z7+0m4D|y#p_v@x&R8EI`XA>Ch1?~u5k!#)bVM>y*W&F>~32y{^yOA5)`c!|vykyVv zaoC^Hrp7|XiaoKa&_534CX}u>Ija_47SQZdNS`sko&Y-B`Hs5=xF5QNkJa%-85#|7 z=-LpR_YK&cnHC8o&&YIWE@6IWa0BKe0 z`5Uittun2C-RD~KJGxYW*p-^xQ9i+)Zgb(QZoe@uuw1{wy^dfD-tQ#N<0G#kb0XTf zD+qXyV~(OeCFXMdvQ%#U4uj9Qpwqsm4N|0)^IrPjVDNEK_jQTuC_mcKO2)t040#(3 z+(GJh6|-tGBV3H11AiXVqjgiTSHfKM_vW);U19Q!@BfZi{?IdCY21hWuN-T%}W z)2JWVqxAxf64?J*@A1_I{iSkhg^Kez zXxEiUE@HYvihb)#NW`kyie1%Z+IG0``OEFnglU1894Q{owUCp)8gEuIqo8)ZXMW6O1&joPw+WK3eJFA&3Yrp^lUd zjUTLjM72oU0$1UgR+TYu4s+u~Fic{uHSz$Dh!c*mZgFX5p?mc^!kUq9J;;y`noaeO zC~-sp%NjY?eQFS^FCOGDFKouYVHD{5=fV!R5?W`xIm0 zH+L7UYw~x0E>zk73%9+o39SeTT(Q5jUT#)oF_LtdR4O11uguKMw7J-QDH%_3??lIb zqL=HiA&*h3j+Xx+#wJF}7%&Glxch|Pm6A$I%vDVe9LvowyfIiAOCl zumUQ&IVCMp*!@$(1e}>-liU7^Pr_|u(Hii$rWd@#y4~$3r!qnncFTfYFT1}=RffAG zZUkkS7KaShjctXeDx<#W4%IwYfd6w+f$LTQ*Ufml8~yCrV4ksrFf91f?rfO5-;_Yc z`rJrgbl=s^tiU_rv^m2pSk+=6ELD+aO(T<5z5&@69sbx$Xw3 z_KvLSYCp;`o)31IEk^rL5eO%^TbyPYd4OYf0V~fv`&_pB7R!X49;kzb;9eb|mN|BT zCazM0h;qP4Q+v%Y2NX=P_&Ln&U1hR$(_}_H5byZ+o=;Nte##-rQw|*Q?a(%b!_yM@ zF@Th?$f&Tg{oPBx7KS}BKllv7tax{!^&k0CnBy$yxzJ(P5WoNQKW`Ylzy`@pwa6xw z$L_~urZAABW5UpnVwon2U7Da(W94-``Sx(j?a$W;&ga z&>)eq_v`Rmm;Z$x_8uW?MjfA=NPuOo@o|*1ymI$$5tdGMX&b}LSb(;;$Q4s8du^gD zC{|i9=f@7{YiXk7>P5#G!Jb3R?Y% zKYNe*Kg>eLOA21qMPhaX?W@#6dUZ<#Q8gn{%&GJzmrZ5A*0fthrP*P2np#n9eCbvG zJg&h>znS2(;)r<YJ|6F&C3#d`uWIOaZqvK{ zP~U?5P_yR<#Yi3fMzAjMSS~NRy>po)lb`6F^_ego!hNQJA@k-$M1AU4u-)q{Y{Vr& zazw(kx;H2OdYJeTaKaRnN1!=6tDOfpC%GaWS{>6Lco`aA6@=bnD~br4?%$S!cW&&` zLP&}N?%v_6>U2397Zx_r=E zy~5YMKTQAn1rT(zr6xEguCKja`R*}M^5)F*8syA;&TxW9?VpED4H*V^0`FYf-_Hxh zuY7T&0G8hAfu8fdBrYvKq00+4Qe1v%sl2qx{bPi%-*nRg(AA+1*_w;V#hDp&mOnK` zw+i4GnKU`Z{2-)j99m`MeKoW_UJ|wWx=EH6ymBUPoF}_3%DYcOgFR^A0Utg01txEY zp6pF-D&GO-_y|azWOZ!lH!t`3UMWb&PnC&!`H;_{z~&SQN>@)m#Cb%l+>bJWr-g2) z^hh5y)vv!EVw%OQ*gb=+YfIF?A2LW^6Jf*!?fr4swCdw3PXl)IA-144C@n+?p0s+a zG0vw8OWrhJFfIr92{k(wtDmaNwJvevQiE9fO2FFl;pg2{*YSmQTXm|w3e&#%+`09w z*>p>yBC^nf-wNcvB!b%6K7-#$dBi1kSCUe^@3yzdS zRZENKNmy5(&Z&RlS^W+x9pHhp6bvCJ6tk1_9#l&mPmw(cas;Py_0|!rSY2C{~s`D@Tdd0AC5@h5=~$pbv%M{)c=PE5ZJge6j!y*MY;H z5~Q@fn1uWp8gtqAOkLW2fx17%KpUoEkp39G3Odl1Px{Slo;iHY!V8VE`<}d)LM$?d zW4;R`CGa?y=$Iyp*(ZzTfc%uAZ-nJ1+b7)QT{#^J?Y_hmIv9Cz+$N>{j4K=D>j4&3 z`nj3tFt{M6`PRDo#&P32;XzxChh+WXRV(NrPd7E3Hw)@^Fb%9XG1>I}`AayZZ4+f^ ziFAVS%6~k=uQdIIFYA>TXFWpy_;-6G!!b`T!5!YsEM1|_$|ZRKQSdsa*DLNKz(!3# zk=Wk@^|lcBN2rIZ^~91!Ohk!-D|`uA^RY{*D0tBtMGgoA5ih{X(g2^zdR+T(`H8Gr z*9m!gl*zj*xBq{h`oF{s{|it3f1-~7+4N$;?RTe)sg3SRL~yv4@}(EO-cJkr2&nXZ za7)~Y*u{-Jvp!%^RxjcpfvrH%CVqOTUH4JR+VF!Tr7w2&rcau z(>tBK3lTB<3c)9cT3PM20jlpVCo8yT$Q$z7OK0KBOjzY_%glAK_6HGVo952zn00$F|Zu9-(=H0()0*Hr|QuEYFXL-6CaF)?j<27YDW(6 z3W-GJWiC^OaFuWZn#0aT-_P|#KA&Un`p75eta0G`fj;(G$N5nVtTELe*HOlb@zd<|Fy{cFY&~~{}E5bub+qBXj43PtlD96p=W&nHMo8N z(l7R(fyIwAN>E?rq*#Fyw44{Yz+Y?b&DJRb{#qu;XXw6jnx3AP&BaO6PgZuhdH}(4 zq~(X36yP054>W}>V;$%My2D1BMEZR%FRu#o99hGHN?lA>*UUMOfg-=$PKT*7+mTWS zuS)DFD=DXVU!@82HI6FSshNCh#<|9I+fgSY>o@iVu65n1O@73JZ-ReUnSOZ02C$lH zCeX+;9GhHgcUm)Qi;&J~I z4|=OUc6fQxJ2^*L@Z$X+Ia?0TI-bs&*IZo~YQvT|)utoT3HHdCqJo^#DT#Xrb4;|% z{B<2jVa$+%!rXFK?qVL09qlzONMn?$J18y^rwWa+dW#An3}0cDM{X6&FT&CxRdYJD z*sz_f?Vs)!%?MkMe1pi@I=x&L#dQpF)Y^?SU9Mop+Pr#l<5uwloedF2wdXW_pQ+>u zfzEYQ;3>u94%-sYxLHiiPQ)cup{K4El)<9kcJ%1q7|ebJ(;=9goDr!QC~g6Bt4T7z z$u-=!Kr{eAAa_4{E^MHHaSqSJP+gf5)Ep1kMdVF-R(URsy;tWfxFF}>M}k*=2e#uQ zU>@J5%nz5?Rm8;uqDurxIrnO#zd_<~D0*n=b$xITLy-RybG3Z0ZS>+~waI!;_`WQn ztd$vVY)qu4d?35ns6X>xBks2F(jVq&0~frT+rh z|1*KfH$xJ{B<@eocO%t7(Gf+}-lxO!^t%j20rMM|vAnqe4BpCTua9XEGrTPlbEFM6 z=$qb9^t$h~J;<%DuipLRqPEU;-#G){abI~uGqXq3(Mq4DQV?~XJ5<5$t-C=THTl#g z6>Dk{+Pd=rx!&mKTtgkN8IqC47k)##CsKaAvG*G?8SK-F*UJGJmAI03=#aoX?6-|j z3b)im_I=g8JZxINB6Q4>U#D*;c(U4;{m+!N46imLv;I0@MqAdnBP%)xB~-ecjLL-f zPPR+W4XJ{T)w(DrF@!!cZ82lZt`Fh+0FL=Ze=v15mb~7v3=MU${IsE;9&%zCIq3N* z6}`2NZLjRatom*9vlEV5H@`w+ovZ?g&xyy1HK!Y!N~qmy!||`~OVKFnMD@mwXqkd8 zp;_$q`u23I^enb>Xa3vVUSyFH3UNf_+NGqwMfDctK;TmtwLneRj981bxu9WRnY62qgWHgz|Z#_tm3#X9{__<3t!U zpmHHJ%v9jZ;s`+^sV36Ha-l5(Xa4*3)|0DTZzi? z8s7}k($XrIxOk6B?yoAN>>BC+JvtkdcQtq_T1i8WS6cM^n5!wDwfxYl==S`mQS5|L zh53{`-IsH~4+M{D@KOhpwifOQesHRlrBldH@LA}EU|KqyF$S8zA=epl8*Oe7;cZ#| z5^qc?g102s{c=63cdEM%+>n+PyR>ISNiH|PW=&{Z+j>ZTqa
r=9MNa%Qo)bkbz zZBqAk6R)ZpOZD|#?E?Mq_*KzW*=Hx^Com~josBBusv4Ad@olm9P<;cd6w1Jj$&h(s zeBTX;3nQDXRE{7jFZA@vba5(b4fQ*u zQdVpA)}lL(Bm%En=|Rc>-u`E5 zK<9k`<9Tz=4K|1oi>K>M%j4L^#O>#;!vktXHtaD4chW=t$j7uu z8$>w{i#AvO;J-HqW9JZZL2Ukd#De9@3bKYcTjfT{{iFUMOUiMj zjykH8>1U+&Atc_7*Vi{@pKR63^*XQkk^AQ^i^Cq7=xs{` z_ny#e>wfi`G+452MD3Q3SAHWC}1It3Cps(!a6p}@6o5bL>Z4m;mjDJ>|FoYvTvYOve^@Gmwe0SvLvwRToFH zhox(L56u+I!g-_jvdrItg%zkJmqkbs_=C4TUr3Blpr538*N%P=?(YA-go&>!1R~=Y3!>|6e~q3)oBxnipl(-3Vj?GFs{-bQwa>g9I{yljmf@#EpHT&f zr3+=_ub4Wv`YLsJFOj8~Zt>bgih4W|Dbm+>c%Q$^ig z{rS&Qg>}_kVFw|oC=NQ;%e8a4V)OQxhyKCq4-7J^0|*b>B2I@@Ss;$XFr?XzR_>^^ z>B99blOxPt2Zm=C&d9!>m|EyxdEN!HVqu37kmL9u%Woxh=R)maf(GCd_;B7t+#7w82584o%r6C@Vdoy zSWW_OZP8LxIbl&0%yiw>#H1E>miRTxO5+!PX`Ts3M}pF0Mtl%vnam4#*@;7Bf#dnJ zS_C*l|9V14?PM)7p{uJ4x9+=NE}>&U+wM2Xm*>MBIfV6l`Yec%P*C)_9UC36w^E{? z)x9#1bGu)*qHAL(O~$1LZ<(2<$k7q_CN7&5f29J#3Bg%7-foJ|~c z!Hr}fN!19qtyK75UW_Y7*v$IEwjT12I!lz>`8%m85eNX=! zD5oimt70ts{F-pyTgKpBtJBYGlU^d@X10EQ6?EU$i+X4BY3*G`l-}WZ)E~5@sO)L7 zOE?L`AbKiUJu=iI_^+%QNv8*46r2YeWkc-=(}&StWam6}*Ss+QnN1u@a;nesf3Pj$ z7>mc@eWb!9AdkN!2h*hku@PPLTj6igj%L=*-wSz=7OiYp@7svwljCS9k$``N>k|Dc z9}zT%pQRo!`5hG?1I@)su7Q4GP~ing(AaNkj6DDOPbRiSSMnlxU{LD>+iukzwxH>- zZy(Rpi#Wev=J_wJrA)ZrpE@)L8tJIQBjkifnZA74TNlP(JifGj;hdJ_MQ#5{DQ=K< zrS=Cg0ELG<{-!L^%cA*@S5N%+JdZzow%@;MMZ0E?K`9K`UPmoA3lh_yLE~2%hYGDJ zp{UHb*?9CkwzZhn5b~j!2pAv z7*PeN~x+hx%4Qb+lvnO03JpiObVj{{7) z262eq*cb1fg=yJxhH+?`q^A#c(Y74q0Hj}BGa2)2;#ps3kN{}bdw0#Y#-GLo5DhGN z7=Tpq!)$j=S;KT7{j=b-Wyo4(DpqwjZ+CB_z7h;*eVYHzo%K)Z6-o#G!bb(yp-*t7 zU9MdARWWGL=+b1<__bZ-xeqTSssin>$O~gOgrE&n-$O|!ag|4fy6Ld-&H{N5a*auY zyiBwdhB?&k)NyY#38buxj6*e* z-f_{}vH7*7@~kUhjVW#@);jvke&_kuNe#T0wSnu{y3T3jSakLjO*0l(27<(n@H1tZ%%b5=M1=#=#y&S9Vs}%!#t9OGSAHY2|0TN!U>BWYm zwcK~C9Mh%=VJYE;+`FHgAcdOo{pK#ver~MPPy7ic8FXtw)%WyPMO=sKtS@cM|9~c< zr-8})N97P6bn(CoAQhrwF^#VmuMz?3@Pz8|!oBw*H5G0+*LBkoG|5W^J7*&nRSs zF!Zbmt113&zg|u*k|VGw56$bAH7=QCXM}|nT)-WC4(Y!gTVz#(LS8aaVZE5Cnc0jU zWB2!K;lOKkY#!pXlG_HLzAHeg6HvtQn)IC7t=re>?Um_Zbg!depjN63BwWnHazw5L zbPpB<5$m?cX}595O`y9ozL5s3x~3=VUYh-8df(mXG<95%75Ns3&?o~&8!>f0G5140S7lCw1#1&%z?VTOeU^IZabdh}u+v>!v45|8Ro~3Y=wW);UR4FMuZ6Kr zXla+0LN5Po?$KOg%Y7T+kUcSAnoqxAFl71}SX0%~kFzwRf6Hz2g97CMw|4j)bb>)m zT|wY#aR$u{Gssan41qY^Ju#oB->Uvb&L+DK@C^Pa=i@}?$MLiv_e34uUd&GC6V4F< zb6-!wCgZ0>24`;;B9btd`TC!6t~go0Kju6h)E^U-PGE&I|Dt|J8{i}ip2`Jn$X$53 zo}*9>fWb%(X>TxOgxOL5y`ou8uB2$k9%>*Bj;BTcGr!jY`7hG?aw6^w*C>UOX90m+ z{ZJ;>Pgy~2=3PT)-m^P6$7VnHKSD_VPNr^)m*nIAl?{dN9{614Jksl+h+cDYov01G zbRPPfJ>hqF`}}yIcswjEp97+%4h9zf`V*KnKJ~hnr%NRNy_-jk{wfyRZtuq39BMVL z0PEvK-vg7gv$ENQ+Ld-`Jh-P*RQ%m9;U7)4M3>bpR(CAcuIfq4$?>+ZgDG3#MYkJxLv2!V3vSPZxu_j-^@nrPv?P_7OR-Fw%5hW*^pb4^l~k{q z1SnkZO$N{7C@D!9Kj@;2WqCQEU_)YHw3b4w^!RVZl69oL_@6V(HHb*$NNIM^f0+pR z?>W?65Ow_jRt`183~fEo@tjB41x$Ew0TlK4_7O0FD{WR-9t+#MaNO7*5OeZEiKObs z=GO>(=FgutU`yZq;DgmebwT}!SFY?`2fy@z1j)TZ@8$z$|6f8Oj*l2*#s6Nd|HpXv zztXqGW;b_PAy6=(+%p7_NrdDp9x$b$=sxNM+G)_vFZ6oDwtn#q4Yr&_rEF1isHK6c zGY4E9!GZ1uN?y-&{WV8D?QP@oXx89l6xEn?3@Kc(&oOr0OWkd%RXl7bs(xQ|0k6+# zO2L#)>j_|uC6|Li9QI0H!Z=7+y0gkDPBfjGi;-*h)jJIGea>JjR08J`WXe520U5v( zU;cT<4fv(M-F*;1ji?fmL;54bsGM(=JkqQ~=mU#TJ~1$R4baCAd?z^0B1*0eJ!Kxr z(NA}`Yl+Ikd=9dK=@2WB%)dx%p4&rq! zL4eDmw_|STm=y&bJlmBn?o4x+o+GIy8TnWJg=U9Ug-e1opPulBI^Pn-14GYACh!>p3)^y?U`Zh>Fd zDu@0o!psigfZ2_rAS=&V(LArKB0&h#y%wRbzuLU0AI**Ben!kU4@mjqPF$*HbXnlr zw|4)`+3J@?RFdldb`sWF2wj z7LQ;uhSoa}d%b9lpQPlmFy=1Mihpc~8j%2ZPB`}d@dJd@WQHdHyKlj$92u+fZfgti z4XW25mZs2ivb_&OUKlB}j;){R%MPFyzSx%phRC4Me5^c~6*9=~$Sv%3DBsH`Vvo9AyjZTqtIsu4Opq@A)JV5M z(I&PA ze}7*A8M}mjW{m2GQM*9Sd>D)>7vd*iqMEoZ?iu0-t+@OO%PAUAL|0-s6L5vOz7hdx zdW+iH+GC{yX2^Z@x@*O@VTT9L{yR|Vwt!!{nFY$oU|aTCqQ-K}HY+wU)f#hx@?2p; zeBWffs%VP9^mLE+c(vc_Vx0wf*3^+7b#y@2)oD}@OxZrB=0%65OSvBQJ8^K;aq94^IiEAD z#W(UuLnd~%dGqPA12^uHee7;%|Hh^s~54@pOa!~rQeuEsRx$m*hxZvV0D zF;KXFJ*O8tY^e>chGUF;cf4IPt!(PuVK2>ULN4Xe4L>GaxNr7XM%*b8gTs?Zddi9YiX>R-!L6=IyL&XQkH!Q}b)p9tI%zNnR?a&*P*kANhJO>& ze7lt}x`sNNyGHzuOCcMjX4FzZ?v^wZjj&ODBi$_U=YZzS7YjH3!Isi4jFK0+<* zXx0yP{;LdrjsZXCg8b6AMk&-cQG=FH>h?N~yTwG*r+5~2FwylW?0sKBW@cmR@!X>2 zm=X{Rsk9Esu(EWS{ql;>`ce_~hq3M7$gE=P>K0_&Xr^Kw(l%Ltwcxw`(IQuME~e-g zc*U#iiKSttvHRHT|SsstWtNr&6;tLqYMg?rn){dud#R$k&l$>jsv5qISy8 z-8cNQmCIwxd2WY?lp@zC&+21{=Lh2EZs#o6JgA6E3;0=7plbN_09R%OPa{!BZWr`g z1|lDFFUB-4 zclY9;r?wYE!leyN-AfQL5xul9+V-N4Jj_9zdXRh8yr4KplO#;Ar{(Qh@TQNx-*N|& zbs;gD4gzOg>Z;cl&d0e~zGC01t*yQL7wT<_dH6!{-IGD9GD?~>>6cXcpz@utBa8qMU-qSoyh)b)mMqDsXX(pkv}ME-nuC?rFr6yV$_G~P7}%pt=8|ND@t*;!63U~Mp3j_D#=y0!eDHJ?2L&- zQMNIb8B9o)F}BQD#_;=|uCC|4uGjCr@8@~_{<)t&e*gKyIA_i|o#%0Uj?d?PG#IOD zOkV7u3~Jwf#UUA|6o)P~vt(E?|wk6(*!t8Ol1sFu-;Op!K zVGDYS4VVVoF1qD`T3<)SW%l*p`fLp5U{o_%{$pjPD02`@OSD^}PqR`iTlJLI)@NIA1VO4Cqki&JAri)CKm z0Eo#zxh7EV`3??9CWd|x1i@)1&jMRPzHwlhA4uP&IjZ(0mH5tM|C!UEECh8W9MqMN z1ppKVgO<8s*GE&`tl>$gn)v9YK|gMaoEi7kIgpa+D?(6eHU1%WI&EdO27_sn4+gc^ z?X0Zf2oaCM@}BkM`*OU88+fRMU@HalQJ~?Jd9JTHZUYB!sc|L4XkhZY7_J3s=i*x_ zm`3jJU>sU9^ggosHelT#0ac~Hrii2>;86&sz}1K%fs$C!Q{A8%o(92GFzC8u%yprq z0Gb>tJCu72q)F_>eQarY`)v3bm_Q#(xO)A33W>{J+<6HqMz}E6&p=NF=~%Vu{^! z33eTtSVMUM`)c3Pr2YecJd>{TQv42^T(u<#*+c43+=h9ubp1>xkUzOz7v=hx5Ixtm zs30w*x2UP@HgM; zRokG?84cxoxkodKKDvpxnkSIf)FLck=kWEF7Zk(1XF8>P~efVo`X{9>vF(U^wI z4Z!?}i9T?$h9d7U`KR*^ax6$U%Y+?*-q>7@kBK~R9(WO^z?@Zk1g8Y#0>2r|tNHKz zAVo#Ptc5KD!?uztzS*5xMJA_8{oNGzD`bjGKHRlVS$i7yIME$(V;THe9Ve?9Z7uBJ zV&B_a)gq394XV#Q9OyU8cZs-$QkErTP~*da&<@Lrv(ndtuWFX7d5w#YkMC;|U(ecz-a^;5%PORN z99-+BdTfvQ%-tG&=r!ol0dk5t2-^jIIQUl4JN*Rs;ZDT)zr)D>!&%S&Y>y2Rt~%k? zwIP+7YfB?QORWpvN(Cxsenmwu;d)lE@XXjlRa%moPa3Hk@8C&5F?lmHYInq&+GwXv z8XWDLKNAhAu6W2Vq+CWLEkUWs_)T0lQayUsDhF7M*1GmSi`>_1MNQ(ltotSIeZ`Jf zyyY*}E}11Sy0;6Z*B(5@IW|FD74aUZzaIV@VO2dhny;^Q_M}2!yCby%;na_Qb6Xs< zbnW6I|7T<{BRnDloilP$WtKb}XRL*||A%)Q0=-3xX|6;$>HP2mZ4hYP#R9ar>$$nP zRXqAnt8%{9g|p&PR~roV{r0CRO6M+{Crm~Og-F=Jdqo5KuT@r7dZ3C~!LD?W!U{hG z9E=nGjMP5Hq60#_V1PeLtr|3Wg1h@6nN#Q)97HN^HwyWpNkVCxFK|Da%SOMt1^!Q_ zxBCIPtL}Lf6!%{o1pWBE7SC;<r_{FF1}Vhoz25%92&k$d$sUO ziYC>6x_^IEekX9Qw0!zh^x?5k^)&{&v(t=DBN9beS}Ws6L{8m|3Qp)<{&mN`uVE}@ zx9*A|faD=lO5Mg#<1qV(?-u*x1<6=-i-5cvE!#;Upmg^o#g)=XdUu}3$5#e$>97E% zYDtboPhHJo$Z73~(u6(}b!@b+EZ;8O;j-d#$0u@xNIKv$6m8tpG=ALDhjoRsh4z%Z=A1BOHiE;{Sx9PWi@ z{w72aU!*_%s;>g~461o968$)#D!oJu8+`&AP58>5O0pcz!u6LRNO{P_GL=Pa<*gIO zjFk`DiC)0$-WC*{FQ4>cBnu}iJk!$9S(Ous0ZBosNyQsVSx1T2v`656SEti_=YFi1 zKflltlaE(H2n=zC5+=$60)rdNtnjn7Ok_vRFg5SmdSB0*<&aAA<+A(bO%S=PAT-e7 z{)aM{Qftpp#9+D$kmdlQ<1V5dnz50&q zNYhmq?SCVNZY)i=Fco|N}Qda4c%9NL#t zFy@!ARdd0PuKYRyREl%_$1B7T1K%tYUl#+lWZGWp(3K%modX3~e{jU6Gi7>8?8-gl z0!>Xa^jTF`cFW}=AY@=-z)URx@{hG%mN%UNM>;bOCMhDGH677bXj`Gww6v}yC>ObX zoAMe+HTydc+ecRb^S@OS0O?(I#OH3RYLFN1$udrLfgn{yAl>N0(9;dMMs_ zQ(Z({IJ9*JyP$?e0yGUpZ*HgAFX2ew-L@wHr7eKbdHc8TD82KH=OE0R4~T7s`p&5m z{MCf|uDzvtey&wzLm(#;Csw_u`iozb7-u+JMBD$fwdw)6gl5`f7p>$QIZ2sxSF@f1 z`+*Xl`}2MA&5EGts@UY?^qNDf^ci!JHny%|xh2J%6g|atr*SMUdOel-V9U(;MhoI5 zOU;FH-Ns6>l{ERVB4(DQYP0n3rmtV$Ib<4(I1H>f*AMbO6Lh&3TpoXm{o`wkK^;D< z9H=e1-q((7`jMs!OyRY8yQE2@^h9QVo?}$sqaMo&E~NvzUH3mUd)#$%z~QwR%5*pW zpwZbIC%A2SKdx3`57)St>LFnwx-Ar-Kn%;Zh=62+E1?7<5@{ipTLN&7zn-_iT@Z;E zKY(*6sd@B>*G-g1@v4b%pHNx=?ME((tQG2=&dGd!!jx@cgs}6&@(Tlv&W7EVY7n?q z(T*{#Ug(^|qMuJ{86Wo#{xDMhl%gKGwwlpYpdC?9&txpFwxtA+-b>uAy(%3lk0HEo zdSZlOE+!zm-ZOd*8HjGLdTK6FixD}N<`lR%Jy6&Fa*ynh7xUCb232UsvAysV7V#b| z=qQ}c48?i8B6~?QHgRl(~&)aDHFKK?9VEHzh z#Z=dFxpfwxt6fmhyUYbkq)k|xjMU9jQND`|Z4P(7pEsf6tcfK*+NKfzmyMhHG#RoVY{Qm{3iD zf50A-GwG^ARO%;KaF?QdNXsJ)(+5F^h$^RjpBQ+5F~%Ry!^SvZAH zF$0j(Y_@5TKD2nhEa>;|j{_9>>F$H)y~`xCu4;A-5pNA#U2#}vI)JQ(x}35WtHSbK zeh3Q)Ab?;HV{C6>#=*&*-&E<5jU;_v@VAVqiNX55kXWJ0OH1ci%9*lDcVLGl4NaOp z^;h}~te+G%VqG@m(&4D1mMSGovCX>8$&~7{N1=**(|*8o!+g zI9WFDTRLUpjEg(`&F_e4?Vpur&aXJysJ#<>`gMtH1uq@GT&U>vRj0>k=9kOdZ>tvT z6YQDa6FoxE9sVpUg9S5@QV(#dlsmkA4O|Jj)Wdy6xk|^9UB+h)ex7+8C?Vp!wIwI{ z_lER|BIXMJ{l-Z!sP>srKe>l9@NI0Yy2cyLTGSmU1CQT0zk7YjfUnO)wrP5rYKe3< zOSLJpY6tUqZj?7w*KeXIz6xhaHMPPC+~_Ge6HU^)P?7(MqJ6FYo@>(svAD_rPYcTH z%uQUvvGejq74K>hq~k14l6ILr-xF{C7l6&+8|Ecn5@t2JKjFpmsst_e9ZLr|V7b*Q zjIO%YWQ&dNiG*$0(}8v4Uf;#-(C9bngO|`eBef3}e>hz}kQ=YuAyjQl-$p`74m4zO zYcjiFa;IS?2lfWPFQVK=NT%Z*^q%h>Y1IJHD84EfY0WzHP>hh1s~H_n$-DJYCeTuz36Ks`m18N76K&H| zyqMS7GUBLZfwutEN720AX)Kg%qNm=n1Y&uYgr2x*kxN}V4qHJr1Bk-bh}?)P73X@Q zDcwRWanPK*9nNZpvVHM_g5=I^0#W1Nb-6=OQmVaK>5^Oz(Wv(T*w~cw?x>dn-x3=(1?Z@u{Z!_-UpDib%=2To7W^%gM^<}MB{srMFdpYAnz4UwnD zQS=K&@3q>y^d%5$`vR9o6JS^H%}U&za(FdwgC&j)Nvp?K^b&7|vZ3m6e2@$?S4Lf` zo$qO_NAhQbWOXt*ajKWBd3*?2pz{OBC zW^}^yqS}wifnEAoP6{Q5{}Iv?Dk<#FO6DNb&XW*-M~urve%s`2Bh#7e z&S%dj%@VTsfbMaFKMa)w3#l#k&V*H}f`0MqRh@sdIewY6o8$es$-Y(42&tiOO;(?Z z3k0)Hb-JI0JSg9?gFnlFxt-A_&Lcq?Forr6FhdLat&6rgdY{FNGh{5^Yyz%4y7y?j zKZn^CXhFd;aExqSs zsPg=ZJxLyE;xUO+gaCAZbKPjlb-;|eR+qO=y{HS%*NgjT12vf@ZJ=lt4_-ZK2g0oR zkG51bOZ61ioW2z!((U#K#@SI7{;xeX*1YclPp)fcuauonU4lR3)Aqc>^J*6Vjx1Ll z2M!C8%^*cs3u?USNHpLk-+)TG?Vp1erVt?d8ZZJv6_o!63(a-=z?_GCFid<(32V3vn9*5fFtHgJaBcT3|B`DCq2E!#=~e%1V&88YNiR8|etwN<0X86AlC)BC>9 z509AEats0cwCaNMf(?_ski4?+GYo0PjyD((sGg5j1<^-t4%<#Q=su$l_CpY~LR<$) z{{!m_AUA#i?x>9vhU&dvw(g=-`FT+>fz5We8b904lN#jwuim?qb(nqsM1|NqihK`MLZUgF9UWi zC^*i=#mpT9EHog$p1o^`xlyd&_GvHRbP*?e+G;Um3;!W*!~DFw&su9s+DLjCvhDzQ ziO&1ebdcLzvh%E#-KQwDaMN zRoVenRW7*+Mp`gmQiq6JQ3&f#W$BdOCybEWtx4naBKqp#w9p|2)@sV%ELa&%->v^6 zqKO^EPbU99v9t{6NCUx6{|4(dgw7?to%Qd;ut>u1i}<*7j(34u?v%;PXg2FKy$cr? zJPA+Ov8e%wQdKfeenT!k^cyrgwmDEV0j!}){zG8hd0@1(e}dJgUWuM+G_&DehS#7o{O0JH0etj* z9dk@*;43CVxmiV-4HsX12Y6uvwR0sizzTBp<*TD?YVNL?+QkAsVI|3ZIig@4L@AbN z$4K;g^&%8Oe6XIFdeSLE6F9M$Rnc5rr|lG3j$l%Uv+1AZ-(ehN^LXK$u$RvEqU9L)7J`WzFSR~go$>{#|Mkp;U#yI zv8(2rB~96!W1+Z-;?TSs5|^$4w5_k7UNKWBKan;Fb`6~B3C}a0u8VNdesjes0R?k|KfE4&(WMUiP7Vyck)T4g`>a)X&?9xA?xrmZEsBewuJ z#vA#56*O_P4a6{A8d=-echp0|p6%pz{3OS2iktc-`Sew{1J&Sedbg~qYSRljyGaT& zT7!5kSv{bvK3c?H)7A5|-$iPMO8tbGZ9p4sJa=x$Jl=XjjDOCBof8=h=(%;jlLSJ9 zcILTSmr8Z1NpZCf6v*e~ zCigDo%AzJR+Ecld{DBSWEySCA-jun;sWTmN6i=R$P*K0jo2tNe@&dsgFkdPepUXt1 zPU-=NakLEq#Bp+tLzIM&uV;ncN&jwPl4wxT(*ygODRvnA3KC8e#UUlw0l$^0MbAM-3A;qh#Or6age%xRixJuUidjwzQ`AU9C#fg%f043S&0@u|m0_in~_} zfW7G|unZ>P$J#@9Yezb?%-)I5+%RI-m-~Qh*mUoL=8v?mgARJU4mO|ms>|U;ypp3u zROR-?2?NlnbgCQ&J<)KYCfPS^DpsGc>ib1REcFx75X>*lzy~fO;CQp0f}P*jMSI8k zrKg+e*Drj?16zA+-Jk5!Cyij`vv+d8s=Z{VSu!+eCeONg1v_?>u4m-mrwwzp4IOQf z@mz}_)*hnB;QbNSo3Py{%Oq?VTWh`Ip{jp+u&%r|N5jA z(VHHB;xs$x+r4wXG7HAA*{=WiGL zW?{yA=A^b<(KFr8JzGR57G9rkk*{7Xa%!aH*}NV8)o>{B09s^~biH2So|J_yp|D6` z77__Ct6i~-PJQ|O7p=oROkyjje~%%JIkF;nkC zi$yHjd33_}W%Fgb_iR06((1==6-|kfx8P0pzFP#Ba^kT12-_v=_G<4bzo_wh7OF)n z?32FtFHbmXwfA61W#+NyG?voMV_2*|06%Rk{{eHc(o5p#u9b^MW~(D|%z|stJ-z^4 zWdSHGT}FRe9CQxw*8A0;ygl4-%E+Mg*W@iL3)$|*yCyo)Bcu1J)fW(_Q5#5HP%nTz zJ6$jjUzoeS4@k*yoz*l+U)ecHcEX!yuGoT6^G6JG1^AL5N*OyCZ#I)Qs_{JrI;RWc zIA|7Hd;pMkK~4TAEB;Re?nm4u+p4QUSo=_pUw17!xcblLUTq3g1*4JS;6=h8x$^;U z=+oCzlb5x*lwH2+1T#u|!cN|bOnH{(;7*Q}nusi(JpX^Au4Ew!7K6A(U+)D8s_9Ho zP45QQ)PTry=$)Y7WNC$Out;PkT(?F>IO48vPVk*GpP>T>7Wqfm68q z;9s&v)}$7VL}fRG|7vz}zrziQN2I<+7Ja`;xhosH(vY^biR#tdSB z-B_;4R-W@DrtvW#ql@q5m}LPVp0+*Wm~<|D##%a89nF!JFM_hs%c~_`l@Jx67FnxV zMA9X$PGlhf4r_Sp@mh3_K4TaDZRf2J(VVvJ#;}(!wUhS`u)vOta_0)!BEN~Zlme@o z3FXS62$3lUlgJa1lXUuaJurU??yyh`St?{uiL~S`UswOc(F1NsC3m!}cEA z>Oa~0o9f2m0f1iv894AQFfs(Yh+x%{rHv^9_M2Dl|Aq&@)%8mAh6y(07#Tv2*D|pFNfq8QQ0A8_q8+m2JSb@j_ zz#LXc(L1Xc6cl7>c6ATH^?ZA#?>_$I5YXv$bv61Gy)fRI3yZ7uM(%3?xd1f10qfZF zGbXq}-th0_on*dc^1?mEQPtZsnP!f;jztc{%k3`{o!+J-3VudHVIn!%BO!a97>pKO zv8(b$C~g=B4~8rdp4CHH-$WR*#u?p{>{z|mj`#WexBQX)Pi zkXEvjrur*M7%{bLyT6p9+5Y7r#KBjz_2=vV;B4`<;gM;`bmUQ2+IL#$SEFawvv5%_ z@C^Qz@?$kIC{WLjcXz<3T^CJ(Kl3MA>(x)RRyT0cJ8m0Ggy<$M&-ncFX0eV2t{}RI z15e+}4iq&ew3FwcZCwc*v;uOM&F^HxSHX@0ZXZkTbjTUmKtJbam~^^>yYPzm98SU3 zgQ|jrisN+LF%W8+K@Hf?_-Et?`_J6|f#SWVOsFV9&AbJP{7GHoi=+{9;!Y&LJrA%P z1eFYw5BevTwzc?>N(NSWbQB*_()>v3EBw!^s$L^pBb!q%y$C9ta#XnYl}Y5+|ywk*Cjx(@pV6 z;Y__1t=ruy@mD6-2Q;zlrd8KuD>25G@`uc|m94Sl(4Y+`?d~fhgY$mrB&076{KZ zq`+O$T-xKknov9ck+@Enseb;(3tqX|1`m_|cIW^)aBuJqKVOVhC@V5pp@~V22 zfHJa5UALvZc=%y?42J3|dTJ<{R^xQ!(vE=G`~_dwRI}>fwul@Tn&oq=-W1JJV%Xg& zY?EcmlDj>Ka4o-%JaU(974~LQ2~K(so%Cxph^P@uW zs@p^`Y;8f^teI~?qgtWS24sB1RC-h;Lws4h(mw7coR$+@bCP!oy%IIwK6o;_rSAt$eQlJq2wEAd zuF0mXE}uM!*73$R1MZm1MrR+Q=zhZ){4f8`VT>}IkkH!= zLaeycsnDa?kcyTC7QyRmyPrg~NgUq*9R@8y(Asa>K5e$yZ8-zX8;W(o<8*T+DCVmr zl9sNbZlsjum)!<=vkacsMH;3xb#haR3g8d9GkpAur-=W!(7GblLZ$l)>$sU~J;~%b zlLQHS5Pg$%jR!o>qQB7>c>C95xt7>f4&$( zC^Y~^W`*yoB;xW}h0I5r7aw8Q6VNBq@jxq`5iZ!ok8Dv(EY80|2y>=OLngfai1PXSg+uJ{Xezo`eo?${LX^q)&40S(|VFuA?n z3Eq2>@?T0L5W{wV`(j#c0rm6O>Cess*)<1noIurO6O;7E7S8{S@$G;8QS)xH)_-YN XxEZA^bpk}*xVZFmjV=_Na}4`Gw`(gq literal 0 HcmV?d00001 diff --git a/docs/wiki/media/clip_image082.png b/docs/wiki/media/clip_image082.png new file mode 100644 index 0000000000000000000000000000000000000000..39139bada3b75883d84bff967b8a4ffb48c7f20a GIT binary patch literal 29883 zcmeFZWmHt(A3h4wA}QS|(hbsGN{A?((v5VdfHbIdNeM`Imq>T#5YpXUcMtx)>;B)~ z7x%?o>+ZE+7-r7QIeUNhC!Xi|oRGJQGH6eUp2EPupvlQfzJq~*Uj%YnDmCsY`QhY?@? zH@e>tcvAoO$}u+L;(srEY5d&A``-&xtOoyY9YXW&*LV7~#Fpn+STU)xC}XcH3lCm@ zcMPOC*3zJ{Z(OBPHbfM>y7Uul@{&utchF8tS)h!HEQ&Mb9fTK@k%SH-edx(``@J+r zeSJzbK=Ybk&&|^{QSjcQK(NVCGHs!m;&@Z6Ret2->s42JTKnT&Y;Fmxkff|kLB2iK z2kTS{rNP~23Biw-zF_vO84C+*CPXONWK_-eU7LAxkc7MKZAb&ac zT~2Sg<&;gLh);92V(M(lYaISXpNA&hp-VY%cBj7{4QWB00GSfHOqGU7d>v&8A3Wp= zuUBX+&Yxn_D^fZ9I&xoek#BcM=)x_8+j+XPgc^p&@;$Y|IW#INYP{ek=1<7;F3%d$U!v7UOy4_G_>C?3R45?*GSgglwr_!e)G3m+&5m?Zwy-Z z#0tc}FVG!Gxz;YytfFyP@1M1{UGGm^A3qEzY>-dn=qb;6W8B^uvHm`DSOUi7_&Yr| zv*vsA(b}^1ADrOplqEYJm#i!^n~^5!VZq`am!$q%5Y3@UTVrwkkB>U)rs{V`UF79X zeX3}pt@yS#R9{4`4{Z%#%%@W1VOtcQ9ifh?EW+%nFb#$DWgrQS4M~We6EK-7D@`#O5%2B zDw2nq7pPidrDUj_UTEH93@nNdPFR+*6plS#XVrc=RkDbT_vLakD~d)U=oyitL=*QL zNWGKM#IFzhq#JGz_g)-E-I!=`Gq1nCDswzo(7AQljTU*hRoRfLnfSEQ8Mt{@Xq8y* zuCRA_5ijI%o}ePNGnjEdztH5d260)8-4}8<jTqhAT@ES9fpR)dQJ9!S)uRnzv=Dgwn!z*AH-{Ombj(RThoHesvbK~ju z#G9!2Dk1QB!(NiZ&$+vu_vdMS?#|-L<^oaiWVc4e;7Y3>@IUIjiDMdZDm8d)M1ZamwEXjNOy zU|(jSl4l<-JN^9=@@~4Ml#fpNk3S+-vD#elUe!+F$i<5?qO9{SlqiW{^q%XpoouB8 z;jf&giYK^YGtFcX1GiTv$wTm_bB9vxvv@?7%vzP>(l3a6za`;xF61&FmCTe5VL?z(;tx%>wYspIarG9m_9;Q?%}V(RD;BvrsA zTYV%GnAwv40kNL!%@@(z&y-SQxu3=!G++E3h~u4mgHzK98h2j@A6fPlIB|;L@y8yG`2=_I42>H<>n>zhmW^#dPXC2?Qh!BN5ZrKVGFjZYg=lO%!^# zyU<&z3&mxuzQkjoX>M*_pN|yszI{1;J|{vZ?3s5$#z~Y1YHQdeGo@@{>ex(=|GHb0q7{$j1(@=LM1>*k75oc<#PtiFbsK z<{20^Jv3jfTMqmX->WY-?&}R*>!VdjsvPZ{_C|eT9zn!2evzHg9u%6Mo<0~Qlm9L! z$9d1!ilfoiaeG>M(Pgq&%W~HT7eZ$_gFGt}hNqxeWzI|+u~)XX@?2@uRF)3d_T<#k zG}@+!sL0B9uL~V|FH3iH-+2fp7%W_DRi zyUa5eg3nGDw}B?4KL{gp73KWlQE0rbPapH1%r67fZM=>ctu^IkhFzmUFwJsZ!B>rL zC)-(OF;pDR^Xhf3SLIis@r>SrD{#ppc2R_54rmnaLh`9R+=ul8-{?ws6eo+c=un=& zU?Y;=qq4#u1=fdEyFHy@xb*2a+>FVY@Gm;c$>I@dtFZNfwUZ$cUOg-vq64$qIHnJ; zWegoz}?x~w%sCt>_y*Ue+l#LpPlHCK%3m^oj>JBrw6Qa)wWan)oZ=+ zyy+;1yEB{`%~o#uYBK7LMrA2{4w?a9g3(FimfO=@Y^B)778mt6dpS&djTF7mVc$L@ z@;!S}jiAwZ`3^>``sjJ*&P}rM+VPtGT_>8Hl~r>*;7tke88yGwtv_GTqty3Bnjd^>0xzCA3P_dyFlY}# zw?yOfZ#9ifnc;q8xIIpv#QYI;D~tvhn z{8Zo{m|P2s=e~?%Q>H@ulP37-U4Tnq_>|M$><74a`(LoAe@aH-DKv=l_gzc;~) z7y2^9fY`NMU%;8L>)C~`S2e+c?JnnKsh;T&BK#pb$u#+HbDjNJ=)Gi(jt7|G37Ax7 ztLKvr1Jn5MCsvSV2N^PgAxbuUT6>&S)lz-fl~-NEcV%caPpa2C&n&M!%U65)^I@Yu z1n>W>W)pehukOA25|$k0la)&L>m0F`qE7zZWo}?YTn|q%lTJ4F`K>4=2>k@SLtcXf zz9f_lVR4wCSSz>K`!Z3;G%}o6WYBZHV;BMt(Hxe7(@|A^PjD7{Xt0Pq`ti5Eo*iLd zdFc6HVpU5ruIZxzdyp+~Cmhe&wrt%_lWFZ2&Jj9hh>jQ(u;9k|W&Yj_HDk>VEQP%> zoMs zU$&h~Fxa|8O=L9-cXqDKFqcO=W=-EIpiD@$`#Oo+A&yLITu6fYkM|E0_?)t$Fnm_$ z+M>XxxZkbks<+%~o~U9SC839;dtb}(*e(=8s(RxYO%>5BmVZml<~)b|5H>#v;hW%g zWEbxY=jFDXlqX&cMko9J$*?O)CE#h4$5Zj^G|bt*my=ZiJ1A&QMp%EVT&K~a{m%j` zWrbcf=vgn$QGd;SAc^npNyT6}G8;O1mKJS)MpTHpb4p{>Ql#B1UQrpXV?^w$7`Myp zbs(-!I922nSrmM>u)MND9fD0e%KvGzIF!f=S+Yc{Mc12}}Q04=i1M+RMu#B|DwS$1d;gTQ0bKS6*+w&tL2L zMrVJPbfOtlW3w>I?}ofN{W~5(twfvi!F@l!Owjf8GUomny%GGZ$MI!|px3qh&|*cd z(m?(otz61`pTBp#_pg?ZbOWDWdlGS~4EpbYg_-T9gDE4%+O>ANmPbZh zJJm4$FDaQnqg{ISPqS;DJe@Pd<&svm5>k1-EF&{S!QJ#?dDUP0qo^_>EC=Oq#T`jX`MU=I|w-;47FWmn@N>4Z?7E$uc5 zWxCnB2TKmT{d3D$+eJ6olcmGi-=h2M;KeNM zsB66um#y`<7q38#|nb-9B`epaI80;DO&3#@Q zx=Sd^%AAEGYFo|e%keNbWr8}>k~B@dUy?o8{0GH44H1Y^)P$!e6seImn2X*Qse_AE zJNWfXE>nBRaYx=o7gbpPo%tUm2@rnFRau&HWy3u&UQ(pA5*;X@3JmMMI@!np9>lM& z)AFqq8Ja_$UP&_xej6H&aA!R`dE8>&C+Z@#fKJXh)1f)wcifw;`07=oKLo5%7{Ucs z?_FKtPX0iuU#BpntNf*!|0`=~IU(iMr_mH53XSsBuN=ltx6ZwI(RlQIFlj1kW~LG0 zwf}aWeR@S9n*TM2%dWf@^{{AP8@bsnI-FfLB4`96hklea zlj-VqUlK+~+ac);d9Eg7>O@m~l)~&Xq-Qp1!07FN>8^0^b^V<$5DIF1L{&LNs}dOQ zuJ@qRuat0E)>7g!x;fo?o~@YD(D4~-+-$BoHS*MKCz_pH7*ms5TAZpfFx;AQ>9a4U zuzIGLCF-0R_ioJcUq#B@cR8=kW86t9{6y|>jJ&mwtH(WCetNUrolWUgEgPX~=m#KT zOa{3vQw0V*yTh0^wZ$_=AGor2F0xvz*Wqk_3x{-LEvAZdj*6yeWDtnxue|7Wk?MIp zlRIm7a~HK3fRI?lGktr-VZ43vWOmSMrcxt-q}#IsGWk&|>~&BLrv>8HwG-?d(MYkm zOU61@q)>hK&7TMmXKcnQ4=aNZEuke(pko-V!*09aIkVrQ0}!_?NHr#mY`kzP zU%X|8P7SjsvXIMt3gVJxl?81esb?uXyudvD=hTPPTcTY)`^ztVHqC^bM#HvWN0!9V zIAqXwMSdi5gQ{b^pHORosn@Cxa2e1U3w>5pSS7=~-XXMxx zksV>j)tTCMmBM44q`NWkOLeR`oz>rFATRiQEnaWiDbyx{l;3$cb7%9#7K@`>(b@e? zQWGC=^7>uKzjxB?FN7!yJC1Zv-o&`uo!5WaY$`#4 zG>YWi#igdB5L;#iMM{;BTmPaW!%G6kP^7bJO-aBF5YT+Rmgf5i4@`}+YCDCS%RdvA z7**BUZFd2Fa9>|2F!0&GD#_XCE??_AMSbeXSaT2>X$hj+0+AikGxyT@Tl*(EMthd| zs`>9eNQV;?x2!ybfS6#3$gpiYyFiDmyL^|GcO)Fn@7Nd5%9|cit6HL2w1#uMF+`_F zaM9!igMJW|M@Oi6`K-dBOYyEe!#luTtQZ8VF(r|2^61j`P8+v@&ZKejolar>U8ozR zQF(8GCE$#FroS}Fxmii>8y3BQ_w=pYuwggAX_R4mO3pKqL#b6=sM$(@FfcOFN1DNG zWQC#A`__mg;!rR5;a8Odo2>s{u#pR@K~~>0j?!XX2gs!u`^u{_L(43Zst+V$0nZ{# zxo(e^r{Z|SI3&yl<0~u?B0S&=cN^01&dywm*mDovX`7l><+7Nvc1_E`$0{**q4C&Z9*~#dr7_yB^MA&i zLI*#R#A{1N!#IqK6C`7YE%r(qDevF{Tz>FNUsIG#n^{e`!jtu(*jPrjq#<}*-HZ3G z_+2ivOj6sakP@tkZ=3>aMGRFC3O%YWDIOw@FAKzu|Q~q*xJtoprK&x4e;# zWR6GvBn-LJAThyZAc-Ye2_ILpTecQqw!NAS@EZ0;;*Str^a6&3K+CVJ@eNdOGX%2!&{%g2ff2)SzraH z49F^nd%bJEBR>ye=aiMt@ZFAA^Ctz%fiWx(HF&brove>#Zdid6d-;jA~PF#zPk87iErs@g7 zkEOxXxuoU5RrmwkxxQ0d{P zhZQ=v-9zQ+jMy@Cr|YYRI8CYka_^y&NH~g!^JYhLnaD(3OL3|kuMcE(+(GO zRkj7qDk%{0qQ{~9eI~6b_10i&PzRlpn0eVrDbVGUr`qp#*$WeQM9MACC5(;;N(xf>DL+E-{Jy30K_W@WypffH8bu64bjlf?i|q&OdRtStylP|h zhrT#;PKiD1#p;2}7Rn?XM$P^dYz|~ypCc)?B7=}!B_l3F;$dcD$nmErMFNq9l$)#D zZuCx`6(QV{T!m!SMHjHy4F>5o_cOM-$ol}f5pmIOdi?pPZ!`g@s$+ z<+4Ao@!%6m%p1ANecr*Z*79(k?0I87{iNrW_ugF1)U(524DwCBR(6S2RB9S>VUk9H zx<|(k!&q^57}L&A#P`U?P{x= zL(xwa+KiOaS*NQk<3CxYy9hCBX6JdcEiNCF_=SFfhgc0y3~#$@R;nwb{mKkV#QhW2 zJ>@7%!I&W)_>|~SLX?SS82QF&wnQ@?MJJBKsNYQZImav23X_3R3aj4t^xS!eRLI8@ zc^VRW0`{xO*01=V|8EDcIWfK?$G+Hb`f7$Cd~61T-uIiM%*s~W8A=B@zI`TRmkQjh z4$`{VA(~#2!9Bx=UuL8dJJ$eFUCaUYcb#(9L8Kc1h(Ss}R-wZ+8A?4pv}Sd?bVC?I z_@-#Db>wQefHNFcUG2p;rDz0o_yL~J$T(h2^XT7~t#oelXq_0&eM*NfNOaqb_8hG) zDkeX`a$UOM>3kSE*DG%{)6%Lj&)Tu)ibnpq%-3)DiEF@r%}^*3araXd>9ojh?p@vX zaG7DWW*BQdPs$!D2O_&Vz*pVQ+(`6DOpV0(=g1$kHRXju_Nz=L`NuMk29$a5Jd?#5 z1v5$mT3i^nqByGiIM1coUB+A7?H-!vo1aIce1wu|?IS!oN2-*Dp0fAGr)C3)ZgZEd zQMRrSutme+J*mT|W}{flc0lfvWWDhVv#KOL9kJkW?=($lkh4J><=>Ku4nLi-1v$xN zajv)2Z6)J8&%@q22^JC&QC?tRaW3G^Cilzo62BDE_7&JG2>90v=jDHvUTOlg#AM*C$?`Z`uDngXgz>-asar#J zM(O8=d7nBdpShk#!(MRiZGiSF{(l56VOjuFqt&HVspHl=uac*4U=q5?EP8O6-o9-p zm^BH5vb$1_2KzFBBTtVa*q^Z7U7y7(rV5zD&ExsAEqdNWnAm^*EYR`!V7{q{ke;Au z#91HCam;f1M}~>XG%861volFivQgjjz;G;Av(aq1(v|3!22=yGb#5y^O-5_Akcl-U zgE2@am*A_>Zp_-8Gqo5)38@LHEY28G7fQvl^aG>H(v;?^#tbX$Ctjl=2O>7dxYX#| zn+>YT?oO9U>{u+%ofm49Ti|DZxo#t=`aW!2DjD+kD~p%=)yb+{6FL(BNxZR`p7$jR z8wMdR$E=0yM^kQPnuvA6b4VQ}d3IK3nxrs0$|MOJ)|iPrL>dt**LW zkxFi)dpZ?n=&T$o_Ww2tf(B2CO3ZciD9n5<#_G&B8SIU*53D2z6IhLiB^?}&8n$nj z2K-0dKivTa7P1yEB}o~$`&Sx`cq?9Rr8B~%U=k9Z!{2G0>G)bq?**7_fm9;>|*OC7({ zP0MJ$!oneKmlq+{3hX!|5~{x>iLxRp@MZJPtVZFm_kOsGYGo1L$NAl9d3|<(|0)_F zQ{Gf;!LXzsyCRBCGz0VYP{|Fwad@O%hy@RR4StZVeT+1WG?=BY9516I;X_$+H$#b( zMG~|iM#|4f+K6t76T!q*2g2ajV`yBwBAd=7_u0+$OCr4&$hMwy&e%Qi2Bij4r1p*$&1il(WhRk_(gw?6YgTkhH3NhnDDSlJ{ z5_&K1qGy)Q#V+Mb&Q>!)av}Hk*mSS61NX|b->9P!X3Y^itu@q#=kixRK}2&P$&Dlx z=&e0k>F0wmenvx9tTZ2!HW^Hy2a#xkpCu0=Aaf*dg41?iFcrg(A71qObSrBHiT+*o z_!`x7v_yuy9RJ_ls+eq*!<)`E`sEE9jM>#zvxSRa=3G|7&Ft>1XB*`jK4gadjVsdX zH%$vOo2q0UkCK2HtnX4r+FSHFuvDn4-kaUpEUZ2Ynh)INf&aEkSsG+{J6)DVBr93- zx{w@Je%=9@jjD8=VKexq01%wlL?k{&b{aR!yI8}i+_(GmE(^~El}Q$3r;22o8rV3t z?li2|7N#|iPq)*tnbmMZKKO)RIzs4$A&Q8C;ZXSnDAU8H8pD+psEM?R5uP??IraQ@ zXU0C;oly}vS)zLkp)dZ^(lm|ER$1l-CSU9>WWiDZ&kP-z@dMO}wvw#G7H#i~wKaTd z4mzQd4Cpv5XSfL?R8+PfYgF8gfoejQJepDhvCiY7c(Pr* z&Fz1$XMXWbv_0+p{UrfVV59!00E{zO`cGX%MPdTg()=54D4hS##YO0~qByVsS(5{_ zCNt0!#HzC!_BQ!E#0t3VcLyM0^z#9H06I25v@Q`V!((%r$kS_8hvP7)i+=p`#az*A zA7r8B#yfa3)z%FFz#LD3qS(-Zg&SZii6seW?HtVshNL~`zkg8pJTJeb2)HP+=rl7O zd3w@#-(G%Y)f1)%G-{puS!jQ%fZm{9t$uUTzb^$$EaKv3Yz&`+38Ao6f>C#Z@(cMC z3X$`>5zqArJZ_8k`8qdnJ>LXs3iVpVc&rzgF7_du>1gO}b+c6#azFbMjQ|f_Zm=SK zLioS=3^fxJUJ?g8cok4cKxQMHuUYkr@9gY-wY&x>&P#4Vav(<56-6Eo5a{mQJ>l3_ zpZ+E|c#!+6c=>EH-rwIR@daA9Dc##GF4mJNpKB@-IP$f*A zm%!4|<_L99G-ZI}ePhKfmz{nsd=toCm|7ImS)epLHjOOB!~IQ(O<#L32Cdvzns$CiJ7G%ZiNSn&;6-4sN4uGW}hth<;b%e$DHhbOVfb0JH z>eI*nduC(>i98uqeuf+M#Yq9kkLBWEF)!4|*0HsM#r^CYM@EQPk%Ke5%F&a#%dsitN(+WgAjPX$Cflem)LrgsM6_rdR z6)uBn^m97J-eqc;{(P|WN`=|V(Ly)QD^SiG z0S%J<>1Ir;yeSl9K|j&g{kNK0WEjnqE7m7JBW7QUb;jCK>YdE+_La2UGXU-(4pf

{k73)@Xs;ja%Grl-31qrLg+r1j8Fq*Ns#MLN~`)I(Szq!9XFmvW4 zyCfYuBw253bVbvJ*4L7f@MNgXls8W`Y&N~?>?aszD&4-}ef6o)uG1HTHLV)8BF|G% zoi4FkY9!{d8Xlq8^EzuOal9Xq25fJoxeA~AX&w^?kyy8QG9XrNuQt-lz3=#Y(u5lL z;$@*Kq1dt_RWGjbd}0oxFZ*G1`l*}ei4@+RcLH*M{~WKW>Ggmb@X1ujwcW|aQ2c1l zn;pUG(gUc{Xa7sW1(>3*fFMUGSPZiHiG1w#q`C~KGyb+12HS{ChMh$b^D4f}mNgi} zh3P`+LhV93F-W%){G@HoCqNF8>k&gg!(jm3IPCv$zt}J8>x4n|HP+Wq|0(3ScxycV zvPsvj@Q}Y>U~fuqZLemLXT!ZY>Q!6<#$37EiAgZ`b)i>fTnLi)g=EbX(7f!JB6xjd=3dJUtSj0Uu;qWmBZKt;_c!&z!EKe(GFm{ zcdM5kb!EmT7VYU2#@3=a zUgHNpxN_5>G>Rwy;95!`&Iodv3`See)g+c6lfpl^pKj7OdpAS*XrMqUSCsHw>mt9A zJ6Q0dQApw<;+m~-DJfgXeb?mfv^74xesxUoBgGXNp2+tKDO_?FSaZHtAS3vBGnrwCbai_&uTgV)MhVzwtznajJoNeIatXRYaY_AF$%O{1-vaQoBzQ zhi8+g-fmeu#HNuomRU>nr(&vw@N;{xW5R&>?1nx@j#HBp?ZW{xGl~SiS>8OqYVW(p z#5e?>HSIgYhhDIDU`2C2Wl6s)P%WZ}5>dLRXE*E|FZ5&2>Pm13)-5;cp*8Ns8Qr_F z(Yz@%>iJ64`U~X5zH7%`R0tC@H3+DYqRRb>;pg!5c z7iE9GnR@J}!ne`RqdeuTpnV6hwjDkVEzZQuCpLts7?^LxQmd7OuOw@Tf#nH#oQ=2P zy#CIFm4NcaI*rZSAN|yKh2LkP@ofZ`R*pTckRmeMvieejekyWdB)N$06e@D4(?1aj z3$W1-*K4)Y7oNQ7baZlt%9?s5kst9dfCglOFT95V0?RcKD3Y_a< z^AX8pRN)&-a(3286ryp1z`dqVcR^S2hN?AV_|W?1PuPy(y_95zAH~e~o^Mq~Fy+%$ zob&U6|D>}$FeK1KV+ z@?g413FLMk(qJn5+#Ln`&lF24kkO%Nla>Frn9R%Y`wf&&z4cBzj{MM!V7)(;8WiT~ zI81LT-V+*aj;ce{?}sxaXkF3-HG{1OQ~0ju0sp_+aL|nU?i<=%mCJ)JR2i79lsuS1 zG#rcRH2bz>U@{{hcom5Ih{olUX!7|!7|maP8qJb%8OZMY%3VO#p7SQ&Vu?N*`-Nhj zhS`I5U1ryB|2-*H!g|vuPl7g^J&sr92!%b>qa6anI|4d+n$IS+-j(VPC&@$(c7f=& z2DDM=J8;*4kJ=S;RH~ZX>qa8?)F%m}A*$S)D99bN+yKH$+?L;gX9N*f#`4i#KtdH_ zHCro&{X(ANpz%2-yu8US+#u?Dh0Y5OS~|rPvwK{`&T?|Xi(tlX{%4n0@;>}0t3A)7 zoP=JutDtc%)Z{9qvlw~jSDpXIP(}DvIcDq_kGEt0K9cT9>^{k<&^KLiJh>O0ou6HEzovAhd#&=fNhtFzx$ZU`) z`IX&J+ToYwX8kn?>E`&qNd;VbquTN9tfn97tF@oiY5P?M!~5rE)Z11|D0!5zQ> zZ%j~{nzBuOO7L59N%OCmtvqt)`BzG+^-*eMNZHP!@Xri zD@PLjX$tI6{Vt5C3x@Z@8)MT&LnBu(@KcyZ0AklHeJi#%>3(~OGE+U^wkHDbrHp|F zJJuKfz@Ez=RNRDI43P7|WoNAb;YQJ(BbbsYGAhCig@YL5#jm{#Q>K{y7r5{K$_fJ&~29P==k! zA}2S6Kar#|0S%kYSC=Ey4!;aRlp0RoT;DeHDCz=gb0^_Kd>x;;YD+rcLC2Y@qPD%V z34>lq8#rAaD))S+|Muq$MXRX#ef~T1QUW*`%$OU%a!>;G^)r=-8vHgWP0^=P_~3A) zdz)FvFGC&h*w~@`*}AAnH4?}ETI!?2 zVZGvap3L%jxaWTeqv&2cXwiueDb7X4S@+o>t+QYIWd*69NakR0EvZ=F zqdAzQV}zA$U)eO7WjV#_DBO2!+y}ZHFsg30lBz60+2}gD{*A{^!#$(Q<$!D;>GTB6 zT@T)1(%s?1$)3;(S>x@Hi2ZuMhQm{=KpaHz!;=%#iM*ftzxhj9lrWkxK`hNztx9_T z>-|iM_@hU~l1uQnMHc>1K=H)(<#{@&ae^@%jV1MSKUptbHx7#jog__`l za2P_YWLYm%>!WA0h?3+L&*;K3fa!q5(Y|!_e5&JakMeTre-!bbh#hJ^dw7x(>aIu& zM7{laH$hb-w5laLT|1#zubM*iXX$yJAPJxH%7!DqB+}{;>~sKj4e<*GsSB8EoMg^1{Nf+!MvxD99wmx>cGi+O2?En~(*T08>u&Tjzh1=0zYHpK6(%~@~o z))BPf&d>G%u2$GZKJ)DrqCu7S9U|#!rgD3bCfqP7pMz0+Z!Cj3@2uC&d9q4KH|gef zWSb$FXk(Fb2leF#jZ+vNC_HQtL%r-TxTP%0a^VBUkLmHXs_Wikt(h{p2D;VTXqZvocV09Heht zqSI?(EcH5Jc+6ilDoo5f({Q^hmIyw69tD-nR(A#z07jC2N6PQ`g+?w#61WWdG4E89 z=HF$FSI3*1d3kLnsYq6qlZ6^iKY~Fd+4k(_N#-*Diuhw#2p={Z^p0%a0s=E0kfDyR z?03Sf7Kw(>aA1d3auw^IZO$g~8U7?ACJ8=IubQ$h9o!hFSD{ra_SGjU&H*0PA`bb9 z^`>~}ibX2wu1EFmOeN#X?+hC6Wa6b%$=2J1Be~Yas@JQFv~npkb@dvY<~+xfT^#r`>h@< zh~JJD%OoB|#I0+yWTLij((dp%9{tB^^IN3F;Xp2l&S(5D{aRXD_$KNAfMj<50gy^p z*?V-eQiy(dI4Lq0A8up@wd-h{cc-ssKdp52lp3^ixdIK->%HF4rD>4jh6nXirgo7M z`2JAXQRM)oOr6_K9O6~!U^pSC1zQ%Nv}QLCY2b_5)Stvf?XnoX?+C|zBOOUVpUi`V z!Qu4)xu{3mbWRrXaP}e*w0jFg_QZRU7N}k1u#${0p(A`pt?c4(+n`G=p0#;%+kWZE zE62lVo_c^O{pf=0;`{n3(k?}_$|}EWfWzQ7{MLM3#V({l4T-ATayN?m;h^R2#iI93 z5ua(d^-R4~1+SgXQbO(1&DnNQEIpsQDw63Iy^6EayV~k#T%M1A?9d3Fl&_YuZtfG( zzXORKT~rz>2`l_k^X_$Qq&g}<8AtczVyKLlxUUXcE><_vz2k-&9Nm_Wp5+ts+V*zG zWEou)Lq;p*o)7rHNvGU=nfK}ifqI5)%`vyRIYXtm|#NnrZN8_^7 z^r8^DfMbV&$mQE_|NhW8S*K({@wGW{6_M%G?k5;o0}RzHggnb)rRme*Qrqb7fB;EM zsC#P)p~`uk_}h)vh3cuA*(-cN{Xy&Hw(Yr^1AvBJR7F1b&j)$mS5g7z?#NVuss;wE zK(uB%QMu2DtNBhJ;m1IZ*atcpa-5QRl8$%|H_~a-qM~lO4(R}}QOIX{=mtxRDgBJR zm~duivSf_atB_R#vr$6B5Akeg2OnOC-z5%>n0MRZpG~E)MLEBgObcM?Kn3l2Z4yDf z$7_s6i}zmkn}-I8=R1ysZ2CV=$=O6fGelP_aZE5p!*p}xPhN!aa8LdFH4Ws*fdqCP zxU-04uE}s6wO{XxsX&v~z%1ZX1%Odk=-ZXM8{DJ4oU z|K#kMT8VBJ_u1RGq%(Aqs~Y&MnU-#s5tyM)2B{1FLThaU+L@7gUSh2(r7dNH*Q_ z_w@NX4b@ljcKIqflQB6Zx~TkLqJY}Kc8h{5Pv9Snp3$x}2B7rLC%iylWo~kf{}rLNO*Vhzs}3a-q?a{5Fpm|7J{KC&*Rklo^*{c z%gtwW{ken1TYQ$3scSnqY&!N__+TO@kh8}jT{HpI;IS}J0LVA6jk3WsK5D3=0_9Ai zN+S|z`7BkmZC^rJ=~9Y@BB5XoX{?jDfJ$(0(M43|!}-aHLjq~A`zO$}gAJ^IrpzJu zv5D}@m-&CaiX)v-2su?-s4y)~u9WA4+Eht~v&9K&yK|t0vp$0d_VJ z+W7e8i+C`!W!8Pg>0nYphRS-TJcqBt;ZZk%Y`f{rZ!k&&bZC)$w0R&Z%8o^e#2LSd z?*+nC8bBLCLH-a>=M}0qYiknDMY=tH;>%O$cKe%nB>=SzMu7No7#|xY3VYRulL}0x z5b+>4PL$~B0Yn6wrE1~dA%7qHTf0BQ%$H_JtQ{`5j~1x0LOX4)!aW|Fbz_dsHEzzI zHA43@R#V&b-gnTt{Fy=n2x-<@WTGnfHO!>NIxG)0nc(_9{$o-$2Ri$qt=LFUaT#6? zB-dbyh=^#^JLZGrR*Lg4i*6%90#@*|8qf`E7DOzKSoA*stJPw&jtn>2K^yMB)B5=F zu|*oeQ3~`*rd;A3$AWt6btp~`t#o+8^*n&-SO0drvEQ9$KLXavs8;;(C$K3n5Za)| z^>4()m#+UGPXJ}~=m)^BRocg<>3?r?LjlCfe?#~8|9SlXf5?CH^8fi6lYG3zz=;b; z1$jf$OGz`KYX;XQ}?zF56{7_jk_=Yk9(Xt zqktanpN*A}dk#j)<`_eL%m2pz3wJTtM2i=2v6(3~2!Q4qy>ZNzie5sEgEx<-R}zFw z>WO;nSJ$6>;#X&w8wr|RK4~<$SCPR{QN00*RpYC2<7={`iHBy6+|fQ90cWeL(=jDu zki6LgECt$-f3^WsaM_}MPu8_z?e2q~5mMb;986u=kpYj&0JvASjYkqUb1Fi{-_}h2 z^e&_1^5&)wrDEAH9sB`urAHR9ISrFQ(iii_`bIR%0yvao^9Cio8$(QNWSnVoYC*fA z-PtNFlYtakr=7`9?uF71$6D(Hg)u{pNfZH-N(h z4wGlYeo)g{maG=(=?yNAo}6S!GU&+an=UiV0T|O)F7tPMHjU|fGZivEoq%Te+ZAOy zNDpP^Qfu7LwvR853}=TU5;g7ai0*?!b%UY`+-1_^2r+wZH zs8c~s;fJ+84|*Z^Lo%Lso)L(fQ5-J&+INsd0``xx?b2wKlso7o51_V^ZSlUN0f6r@ zz*$?Zzu++^v6R@w;3M_!Lr`lwQ-uJRObtk(i4zgGW22dBujH%VDJ8!r2i?CBPyy46 z+ds(_n^b~iT?y(8pkibkVo7E>XI2XdYugLzN@t}fHvrl7ip<6s1-9+Sxk(k zgX6|n^_g6K6yjM@5jQY>LF?M3e5iDwy=gPhM152>`9$- z>90$bV4HBh*&|QpvHmU_Lj_PoEhxmeUZAUVv_czwO2{D#`j-aizq5O}%O%l-NQRR1 zq==U=!Vd#3gA&@>?+H2ulVJDy0Ww^4zz4JaN5Cx zswBV?z2;<*V9;y6CBjMO^-0rBt}eYlXueT|Dk~LHQb7&_?n+?13aVqxsV#60F7ok0opvG_1TWWf8pp-yIQ)=TFE5qyQ_(>*$ zZ#<;{WP^M%zTn0fZ-B3hz3w$BESU?Xl9`&dQb)y3XhjoSj=XakS?qo(xwP8 z)j+%EM0#2Ey#drG4_4vV!C8W8hB!iM%ZCEhYuxdJvFuwBe(XFm^ z*0rDP$qJH_pYR^E)|rpjW|&|o0=?Bm2U+CSDdAX^0DB~7ByD6>*3RTT|JHOyR+>^H z;?(U|+BcQ3`(Gy5YKomwZt|tGa3WMZCcTUX!qQ)E9&FdwY?DN$v*~ia7|WKUZn-;8 zZeFOjVcy?832WRGMl7hNusF#GB0opi(Js~Z6ShU!0&O>5jcUQpSJ?jl z)!SKyRo!iCpAt}5f~a(t`q14ip(vuDbO}f-KxzTfAt|YnN`n|kN_V43ry#A=qPsa` zx!wD`pWkzxv%cwt0{@tEjB(%hZ{`s$GZ{nU&$qJlqfmhW*aa`da-7^!F<6r9dutQ! zshM$f)`Lt$REa+A+DhXRFCOBq`J5f4X5EWdQ%e@l9*i1+in%y?2lTTaA-wPXT(dtl$lw+^G1;GYrmP!Wr7tf$kPqc?dP|X{9OdCGsoI z-c9w~3@xQIA~3m7J3aOrXdRY_H%bvS!SAO-NCqx!Eu=QCA8|Kij;i zMj3%Tu9>vt{aNXyF;B!LSo$xGT!uGCQtPwzLo4;V+OAnnbOT0Sjcw-J$ z4pdyt(Fm)~QQt#(gYemq+yaolm%JYvtxi;3V+*5*_roQ?r%#PuF1yy1DDmjC{tX|R zh+;@1tDd^j4$DyQbX*_D7ZjAS+bo1sso-hB$=Y!4V$nN&%c&#`Xu(0hzrC^qDKuh6 zk~wmbflvR~^F*-YTpQKcbEinO3+UTwXelAsm?qfmVT>O;{}=wxDHYf@d4_R2B~ zC4*w3fL`$XCE9{K6rR9~t6cv8$K_(tMLfOFM+;yt5?_OHCL6Rh;O-Q6%A2ycouY2= zz_K1Q@hLEHlghiHs=fQeP-WFrk1xXGBeal8vl5>s^d7}qyH3jd+dv@VgI8G41=$ZI z);Yz^&)7nzg18slF5=)`@VKO2p3&bpYuM;<`!Sale^1ea<>Kz`Bt2yHwdqkMSQ;~$2r|c7 zJ#bE2MPBDI&LXx9ssS58vxjXMRaYpfKe<2CDohye1^&R0CtD?!KltsB)|0?Wvv@LC z=i`$cghj=8naao1Ks0iyt8~`ecCxmH{vPKiSQY)ow9C{CI=k9V{y1tT0(dNXGqJHn z&FTZ$v4ZPq_$SsY@}PY#asY!@qLvYi@b{;rOpftvJw@yWpqG73QzFxG%iZ$ zgOwmNj)5r=7SoxUG%_lED#vYD%VQ_Ohl}1|~T0cSz69 zR@vb^qXj{;OH&z%d`|C9BTgDs-lhjC$(=Lxf=NNFXa$+36*7MKJ z>ZBaHe)=&Yy0~!g|BNH>17&A_-FSuajr#WRAJy1@^717p1)hWp-|5Xp^)=sumvN0z zF0KF*sC><>(K?b>%s;A4vfDsjntyB7w}CSV!SL?fsKZ<2!25KB6|xHEZsrA3D%EZq zfLP+}+v(sDs={rn17FUl6h%o(?j4T$XO;s6g->+7w>pRYhTVS@nVYw4{`S{>M#zfo zZ)jOPQRib6AK?`Ctk9N{b87oTzj!K3xv+f%@!_-R6kNRJ+LKiYFL<^IJESGZULK8* zT_au6qJd!>@y($HzBi9_&C1C9)>LzBCiBHX5da8N7Rph4?>{>U$q9 ze|TcdL}*8&Z&=}&?cn1aOEdg*AvhFlPTw#y*683|Gf%!vW^JB{HHWBKuQ76*doaEq zoQ&am;c>CSxO(r$P(qVr`$t9DrDWF$z8w7EToJrN((5T!$CCvh5^N>MSzh&Y(M-mRcAQS@(G7C`vV`AHcIHz@YXo&R z&E_D1Dq>uf%4fQI@)tPL9o4;pPxwpGiDb-5x-p zy0t8)Jq7Lhw3S7Z#m$rO?U%jOtKx*owWuRZ!=E6D=Cgh3PDjW8QSMrP@a~Q*Z`;sq zQyB^_eXu@|?i-eRRz!}38AoQv^{TfXXai#8d&ZdC2L7#N}B*_1M5*<)#H+|TZ`6w|$p+Flx`h@zDy zV|ANGl%n!omVe$*_?{aKznNtxm0*$$fP~u18He%DM~emc_rpA~KbK%EFK0nIH0bA~ z&j}stK0e_$#*W8H4wv$c>eQka~PJ-%Z>7 zIo{n8C{pJ%=X-dOTVJpBy+hGJ_n9L+(z9St>KVAvx}Gkk)y^c_pRPb~H>#!LChsUc zb+%Q1)>Y>d{Sx;QF`@UL$4b9_sJlmnux9ug!x9V-0Dk>QdI{^(ouAn+;p*$}Hyum`+luz!Zt?w@~YlY4v)(nzS#Q@yKM{!Xv#RDu$}u z&bDV3R-oW>Yo_nN27T8wqewr!V%;sbdF96T{EO$qHO{lGs1-YFqBXwu?WRo@<&E|+ z=|p=YrlwBeg@8%8JfD9Ay)O>7xs6v{cY26KXhzVAJwR7836M2ZLR`Yi3fq&(_zi0D zyDv8G7dvWywf*R#(ek!vgf&gM!Xx%BSLmv@&sdKLq)BzQ!~*7{(<9K6A4#l_WR6c^`Ovk-^3Pe7F|yy#}>t#7|K1b zN2YS~ci|(-B6;tHtpLs3^%VSR=qW!Z(zhQM;n?#W%Gx5x*W)@`>-D;6aFtkodQ&~Z zcKgKVYxiQ5vYcGq>FXPNKPFtnPQSW^)m9vrdkoNy*i?cdexIHYB%P3wfd=yW?i&%S z);QbY{>EBwcS%x}0)IC`LX(1XR}z%{(iXvap{UXFk zy8bO9uY2&*FyXS=5p(;Jd;wxCiu-lD=+Z<@aO9(CFYwyL&$PTiDljA} zQ||QAO`~|mtDkY)R6P1B0G)eA$;2`fR`6^puV=P%_A7ca8t zy-WGSInUVJGek}ciMP^Ydli?Kv1;^NcqCwYPQUOkzm=jj57SvU^qZ2#_qX5HMf>^k z7d^P7{hWZre^>++40o1TZ-BE!7}Mt6Z}#oB;JHvg?Sv6bjE?GQ+$7I6UT7>i$SM(5 z->^Lkexh_A+H`nAWzh@mpkFDREZ((T5V7o0r;)Lg{bPPH ze`{Wvo{n0xYe)Ck{HRu}Lg*UYi@EQ|{kffA_Q{*<^g;x~z^N=j)Bf(*Q`Ch2IU>uN ze_UyP!%Mx|=*{GGVVtS=?yh2wrQ(oI#?AAnZH-S=#wv`2!&$dXYo;%~mh;MsjwB3~ zKWa}>csH=XmlRyvF(>=`c{I$A@vPDH#B z+3{8kpl8X{mD}oB-Mu{1x2HpD}9@)qDP1Tp9{DX29H$Xu1{RB@X8OsH1Z%+v4t0^px2&KYk2}UrM`31nV-kiYH&-cL`%%b2n072!M_dleU13EG-=!#%hwpU*CZ#bkPrOOsl3ynL9WqjQJnRF+P?VEmF9 z);VE(_ig)qcgb9A+*}m9mf;X_nv;qU>zTjmOl+vdP!7 zo(5&{v)qt}%( z`R*=(ywt^1AAEl=y7PIZ(|ehD;-#eVS})bd)QI|<+}0f}g47#sP8V#42rKK--(0H{ zfPvo6>1T~iE?8Ky3S|I2OkxTheX<}P8FT-0ok6}-iKerth zajgmW2(2dgVK;PrVByq?M9$OfKC?=Y$M>bM&^=-0MB7Au^FCR6|AR<>=xokLVT^+0 zB^}T1Jx7=LS^HvbJK-Y5gD&mnR0&1V&Q2P9Dco13KSzC942buOeI)!y=*z=FoR|3=l#ql zcdbU!Vq91Zczxsw>;k$NO)W=S|oi)*Ll_p zH*@arP&&UQbXf(+tow|9#t-V##9UcFZP5P&D?j7TkM&V-wxZ)7w(GVWcTF8y!6>i5 zm`u8UYG+|7ER8B`fLS(#`vdsK&kM`oE6UHk{d7b-RtWy-&I>>Zsz*s$_ArjS)Nj-; zWDu$_b94$D2cIZ*N^l5}ta~H&$(rI|T{^h*%h}n6k9uF3!K?X?D3%f5exW}7EeVeO zerUHlU;^D)aGsKa3#c+F%|jQ)$N{LGrZ1aovBQktPQ9?lH=TaF_J_M`P!)Jy`K;K&MjzYYm%y7g+M6L-doP+c+WAM=B?1l-(Z>a zh~kD;bfSN~YRm1bC6|yy!<-Y&Jy<(?lkbj5bvxpC`spvUJXT^>W#hc4-~oi{f}v`T%2Is+=zUV_tIb?9?+7 z&Qgif_t9-c8)mErVD)@^_-WeV9@B)OdiPrqNKHyQoVbx?Km}Y zV-kss14$Wp_;5Gl;D1}Rz=K-o`r?QSEe))WZ8&EZlETsh(>vPnC3a?b%nMX~JdPOU zvt5GJ_Xy^oLeC(X{e@uT$L3v(L(E?&@B;a3@CRAdP(SGJF+9CeWDObcVBmGU)Gl@}!4Fa&0VgQZ=#%D$ zTmvyWhtkOuaf{O1vD|cSpS6dHs2?$SYwIE15p?_mzb&tKP3dRyg&QY$8RObZJwCIq zF-{&j6tSJi4S1|y=g?Fhr(AB6m9DCR9LZ4?A$zsZ{#@nYe-Ii`-+ zL>V~DpWymcB8T&kwk_}wEP9r&^6BOkFSC07@b#5v3&uXzJ)yeo$Taf2GKsJty^0M- z9ttHi<@{xq=u!N6kDaCLA4YCS#rZy3?qI4@>scYT(+O+Nn>rs^0}&2wKav)= zv}s7_+y}zxT12atmaV9s`czHqh95O{6i6Ma^qKdOM}CJLc}z&+FIMBXX>i*&9S107 z1BS>(C=>WJz)?9tDeD5g^VXd7Q_-ohU6|D`NgIzvcW&|0;v?uXwSPjl32+LvF z$Fp>EJ(wX9vlOi66KBZNxuVjxP@Wkv8-+YnM66LX)C754-1*9FRLco1YTphcR*1L_ zp$!lw4CkdhR&$pHA_>w=UL26>|19;Y5_~$b9N30qzeYmIE4#MW+$t2n_>eU--DcyL zbd?iB)lAnBL2ayD0DZs1J!3CE)0USpEJ{lYO_5U_L5qafDfjf(ef=%g*xV1IlLH$F zFI>5vHcXnA^SC8!(aR*+RgX~GWSvHz2BQMrNfbbbd?h3`(c$s;xHw5xyVWI8$qgP0 z`5M_{9~%-KBqb%j9P;}M+h(C*$hRRv^hilLb&9g2gMCZ6kPJju|G8q8{P3e@Z{E`G zQRsaYzQd2GJGm%etuom^e^8IM_xb&es=&6K#1{7%)3^(f|H*#e`L-)tv!{*065r7_ ze;hy8J)v^vc{M2*^C0`q#`oi745xiVA$4MNM`SYTPqPim9V@ff#NLuG5#}-b^Lfhu zzslv$5a|QqfX#OF%bd}l@3&o9Kkw-|5p_MId23_Q?o{pOCD|;M7*@5nqA#!CXa1wb zy`VRMRMtN*ViyK+`d+=)!_{$q$BjPo3KTl-uZ_si92_zjUEgk;8-!$$oLc?={Njcg z34ErvVSJaR-he~KqI3sF13(;)=F%%`FSQ*LvXs4PGCz;z0QoZ(1YZc*VLl5FgTl+e z0@Lo|9F~`;~He9O{-({ zW55N}aX>`zUF(k_{V$mPTrb@7gUt?}-ymr}$W%f&SvNm~3=JpFwAA)2D`o>=GBZ7Rp9dTghq7x1dzA?Go~Kn~)q2S471vF=}+ z98l9Tz>2iM2E)xT&G*`JaAj@;N6|tT8!K!}4T^t7Qv-$Z#PNaS$|&jvn1cSG)-czY znHrupLw|@qs$kNxJ4u6cucw%)&bBS;qm1cgyltwzBMNi%b+`W5&oKWW1hrTx80pN@^$HghQGAC%eA zIptwdVmmekA&Okr3~%VY%N5%ZBfe-4E2z#F%NQ}X1>^)Ek{3Y-w3`PZKI?v_5(byr z^;QSW5*hg?=={2Eze%6vqfD_jCs0sRzNg9cZ}7u}Jl1hrxF5j_b^)hZgYd+q}u#vMns_td!2RMUHDXFXpvIU6 zId#j`je^ZjAR_A?UJ2O9;S8=Z^!YJK2+v66yU}^iJUwzE)va*)J=A-<`>hyK?fmL? zq5vS2-JY#a`H8WK>JR^S(iC%p;NCKyN3C~)A_dq>IkIbNtbrE}k~C5|9({Rl)}3OI zH(Ac4S7y^|b)8ejp^w$7zp{k&_G^^@4v*dC7#J$wf{T{rx+c8|8F6%Viuzxfs~Mad z;OWa^Q5Am$)(t8VyIjprkM3e9-VL;Pk292`xPLgAiOgT<0lztwq+0>LH%9e4vY+pw z8=nU_0J_MAX++d;2$ss*Ta)QQF(t%u8;CCseXjaqIUzq^ zJYqKn>AwIQy;o6hp1X}jpWg+Heb&>-+Luk`tK3ExNA88sPy-JXx|YyzDv3uAa@1^V zXTW(*GT;c1QcQEzFEB}AAt7ohooOeeB-D&k9^!(F{C8MPWa>RCK8#~ zm;@*sGm!=H&^{2MFnIy6+bBza+>5Dr-J{TxYgza>sYMe;A7GkzbLXvSucvT1yi!Kc zbA8g$gj!*6rEwR-J}2kax9nnj0FiqukWKI*?E_46&ZcU&POt%^s0g`r3wSUv^JNUo zd}#_RfguWvsH!WY3=5vH+r_d+yjfUl3L<&c*vi);sV!5AXsCzC{MUGcI%4u;OzIWl z^oo_<2icHTxn)hg1@_}RkcQ-fVP_14xp?QVe7Ilyj@|>$)*fzQA^kGJ?lmw#xG(?o z^QDX|1S>kml!0r}PJSnbInepPQ>W)8^R%_<7>*W^G$K~Ha(C=YY#;S-WQ{$lGxYiZ z^!Lb%VJD4+twr`~G(vV+ZTLE2$r31Gqm7?n2H}FxS)Xk~VKWkcn}HEt;$dQeWo7M_ zNIE?`{W_D=-wA^&+lqD* zZ%}QabYY|byI`X(qxV$3pCfGi$#zsy?q7~~$JP#YEezPk{g$&K6`%^={1+r+Vaoin zW+x6mhL@+Pi?h9}7%@8dQAeY=Dvr}I1DlP=P{4HV4&b1J%(`O~aBq*q>#q5v`Nf^v zqG$(8Q)flMQJM?at!PHST>V1k5zmpJ)04vvI9~&jH&2F5t)BkgygFLb=g*mM-Vu*( zPiPnYqM4_CA3}Z3QlfLE1u`8GzsrfR`S2RLVS9N&X?=D%!qXAnQBN1)E+5kUnxFc zn7qIrF>BYbn+iMbRMm^vvxorJd`o55!3`7+_*Lx5U3EGDz`fk|5H2|iIkqDJjr0Y`%)9^;v9Dde>z_JQ0>I)HgH&DXvO@8_Tr$$m zH(nmYs|3ONdaG7JgaaxNs>-OwP1 z*7j57Jj0522KNdjwRV2Ux);QNpXIj>PkTgE{Jfkq zBd$tB?(a9hf@F$iC-+zzSiIO_#q0Hb07Gil`!mgC|H4Cm*-aJzYsf3NjoFTXV3Oa5 zCCIsfDTq@~^X>=u4jeemch zWz)M`$)lNLL8c7XTx>d971%Ra7K9_v6m9*dx^M_X+|aWv_RmfU(lrP1ms?BE9ovte zTxnYc-^t%X6vmt}&&2{QPAYds>H2`R7hXsPlW}}XCHa!(aH^(b=+9e6YpR$!+;Q<9 zkCxhkTfO8J*h#D(ku8u%XzOH$7G7X5*cRqfgDd; zz3QJ^eZDr=m1mkGGUYDgee5||S5zP73L~h*8r7|}NgVjFmF^;AQ0x)`h3mah&psuz zf4bg{${^-`C*^N*a>ZMc z%v=XF?I*73=nwh%`A|ma9iNmTg%dIUcU=wys{eM}brUtj#{wf0L;|h2n|jqbW~^XY zT7PazxqkYhl?B$ONg~cAd(?^d}{vn6iLzJnMw7B>ODKoB_<7Z0= z^kOcW0eVpSJ7_C($6YI10kGUCVrbA|Z)fY(>l+$>0RP=7HE^7hQ+IhO3|Kh9^%@5| zU4lk{xZ`$$=SgRo+$xJ6rX2w<<=0A7BzhDhe8H!;V?JhTtcy;fB;MyrePC%^Yi}f?H*uq(`^Ph*GRAAhO z635gl-#m;pHC2HP$A&or$p{;h+Vhh!%hwU=jN>wTN2Lm-Q#`d0a!FA2WpijYWUl&7 zi+2zApu~Y_g>SDyFX}24s`R7ghksa}0phX7B;7eoB%1ptY18ps`=^RJtI@eLv}yMPfW>K6}4P zr_1woYi|2I9Z9=iV196T@GS@4s|te(Yx4p>=Ee>{E`8xP$P7ZTeRvVBuIxD1&K=9~ zu&*)*`V^6zKS@o@ZaW(TlQ;@WeQazzv-jyV|5Rp<%G+lfop~osKW7}yP<#R94;#PF zspm@EKA5NbxWh1qJKYiQc>BXih%wkMb&G*?j%kYeN3&a)6Kf(P zLs6W9Lqd)N*AZ^EW0gV$-s3RnGVe?p6i;ie$Hv8(Z#&Heh<<<@j1>l+nE>rCttvz%5F_V8t+~$C)#ODwn|>oel$I8&#%B`67=!`h)47X_E3yfR>NLpRdBxTDtgS$1~*a}wA}9%QdPD?4rMa; z%I7c;)J#Blrz->{7Q|*)g=*GwMT?R=t@yv?1$KSoJaI~5}OZ7R_kzVU# zD?l@Ndjm8SLswrZ3dwtsz%XugzY5Xt7J^0SYU9o*?p(_0%O$P6KBHf(ghYiNHxoLk z#Xy|?76kaB16rMlhkOsfMau-0;p<-0R+TqHpZ}CcKhpzp3)JYu+u{BDHS~E*cbmb$ zl8B9q?{gXBiitJ^ZdtF|$qv_oOU)YV!Z`aSPL|EA$YgPN(xqcN^-5J< zwPLgM)T;HcRk>}<0E7b@Q>6c_^-`vnEYHW*!(+U^_OvaMuE=y=Z6)tN%(2uq|EHJP z)uQ{dZ+F1r@(WD9@IpMpUuprO?=4&n)3%7%T9ajOnwaz>mv?28aU%|okzNhZv!UAy z+h6|8IAmzOP_9gVyp9{*8furIO3uTVLspRkJuyFcc#Lt4j2T~m$WDZBS1(lRvZK3| zID8qO^GBuan_R;hCG;=YAH)6rp6!^SrTJc95)7Jblb$CflHQv){~VIEyPQZ2ZXKnh zOf9mCPvDi_1kRN;MF$Z@R|k}FJA1@beJ_9wR^fG2iir;<@}t5IF8tm8GD5g+OERRc z&aK(qiWmM|ZG^_X1qUMN*SJ4~2`dW(qWM$V949M^E!ZBszK+S3-b#@SyvXm%odCUC zGy*-mI7JLjE0KBje{ZP!l8?6jO_d7?@!wSG{QL967hH(^b5`QNzVv_ZpvwQ7<1qh+ e-zA^)Kt>9!i6dCrY77UCV%<_yyO}3%?EhaHILgQX literal 0 HcmV?d00001 diff --git a/docs/wiki/media/clip_image083.png b/docs/wiki/media/clip_image083.png new file mode 100644 index 0000000000000000000000000000000000000000..c178c9d5fb138f02b49de43584875caf62a6fd06 GIT binary patch literal 40978 zcmeFZcT`hf*Y6t(7A)8R1pzB42v{geRS^*s0cjGNs7P;8LQ4WFq9ULopg{<|2q7pv zl&B~u2!RBM5JIFA0tqD{ka~CcJA1H)_K*%D~E0=7-UFOJJ8zn>e!Ucxp#@}MvmKXO{ zI|ZAne)%0|7EHO!cX#mga(jNA|M0M8O99*~H}?AT>t4C;bb*FuHFA9c-|3;n*F9EN zyML^Aq6?ejSDmozD38hCzc0i`G3FzO+aiX7Cx3G?8NZ_qDXXxls_h5#iu=|9eFDXp zffWT3qQ5}O&%P*#e#eL(o!>0_Bm3JH-r7aQr`N+pAApo!{%^UY%>C!zOQ?k?&_(02 z3f`hWTb~_53aHH_-6xonvoAe%qBKLv-{Q8BX9p_Ddy@_6bS_00T00byk|FHUU9bUq zQhWsHQt>PIbmxA#;NNHH-9{3jaNd{#nGB)K$w!Ru*7oTyJ27oPZ+QRbuG$|`j&-k( znqbtUN4EJdj{l-h84By8*ks69J@8%GX25f1AE_ZPpQAGgZ4D*XMHtf*#d>Mi=raOE zGS~+-(fabh*wvT&M{eqPeTe!S%N+{<+F43A*@1(8SdXzmG4kHY`eDhB_|`Ws{BRB* ziKC-xhhJcS6)w;*G&T0154wJv+Pm=wT^~lWA|?k`9D(LG>ma~w;|ZC9>*|@aJ1>my z(uQ)F;hsS)Pj>{{I|aqb>T@jVybZvWTVf4C%sVp#c$*xg4#}VOpr<+dKaWqV<kC5nc}d zZGm1=l=U#rBsnRb>7+dr__%@5%pH1=;U^_Qy+JC8*V1|zmD*LEMw0W?PgQ?wh{?!$ z^VI7tn|YZv?UWOo-<7I}tKW1nbl1v;ixLIMSptFESBrhEVc2QEgiaTKt9(1m*fOiu z(lP(hx@oUB>zg0Y+Q*u$-nyK7@OzrMsFH~ZKE4n1L}dDSJcCJ7;x6hnVYdLi?c>p^ zJGDr40zTKo@c8-YKNaDg#E~S$ZeH3}@?4$zbsBuotEfJd=v>RMo=9`VGzdc=dYeGZ zgBt~)ZX-V|Ijo1l)P6i!x=OqrCwPC(1LFk@X`=SP{pVUI$x)0Z@-iuaAs;pSDg4@5 z$x+*PhNF&@7xAFJAZkH6CQ)nfXJ+W6!@{dcpvN#%{DsFaKp_1ew-inp zxR%p;T>xX)5?{oLi&$r-X>*My(|kJZ8H#jx=GEL!pPI5o4zse59e~8IMDoj_5Jkb zl3^XH((nw`*}OURqkj5Kvxb{bxM~5IKfD&+D@gs_h%+}VNLS%tSz?-pS8>oRzpG(( zwBIGl4>Fdh{a{kUu{OW)gCZ^n8R9$8fw!e)RQn6GeE1sJyyhqyrt^8{*HvnlJ6KDx z0$Sx{KnIik9vVO!vB;=$&ZY7fu8eUc*xRRM)uciB<+=i$_X=UtZlNsb=ag!-_0zDB zk=ujn@`AX7(>FQGbF!>Uew#$|tnJyz(V=bXjk}!p_6`YtDP;xH$|`ThuP?j3tD;@G zw61A+Pz94VJ$QC8_-I~3oPlJBlJn_b=146R9}~=aTS{)`&dDafzR~$Xlb)AsAk*aS zjIR3NgKp~Y%+#%gUH~hh;CRjJsap{bdW)@k>ZF~ct@b&sPVMkxBOY(64#;z{FyvRs z>W29iY5X$cPK~EnB+<*fT@Vb%fToF?{GO5mbcq>bEZJ~aF6#Fuxygtw9Im83X|sIz z#VU1QQm=Mo%MR_?eHxR_0R@?@4YP|KgHt7X`E=Q8&p|YNjwZ+Ppy|o$aHjJ}L?g7W zKb9;Pw6a@nIb*_t{A0O8ubtGMAQgSQhh^=R&8jFrX1eOUdfcg8eQw18l9|&3m-A`m z5NZBVKM{N%T_Fn%H|`*M?9h%_e3+)!*7VfJ5DXrCcqO9v1|h<4Nj{3c8&&IP{l3co z34fW4)^{!GczrCh;qA>Z-;y`uefF+%73$RjFvKszw)h$5R`K?7uVai)o9|GsD!@-k zVsev@cKar7=_2$xmSjIF6Xz=PWWnn0tnu57ssOYusFH`ee!69x-W$Dhpn4SyzLZk!{!$ zZ&dC2EOHnb)e@fTUOZYTCH7rB_tfb(XgHrHx8BUJl#{L0>Dtk+^K8Px_UQ^CSyo#O zd=;!BwT%N`OhJZhDbqCcD}CzV(yjBPV@F(Da;vp4!o28jcj30j-*OknCp3(cqL78U z(_bFz%rTBs8N#_FN)5X9t+`KL#K*;w=}hK8r3Yki=fvKLbk`dn_Dcl$f2-e{E7Yl} zg1H@ko)q8A=Uk-*r0UgBG|T<0U*D7Xf=>Xp+sG4=YVq3-?16iq0%p8=$D=EnY)w;0 z)pxAXbd=lVHvg}W#1@Liv%mcgcYDAqhdFeZlAZ?gZ4cS|tTQ}x4ny#~^yHDaSgKE1 z{Z*bH?Bl+zjG5-eMU@`m*`<`zx6>}5JD<~kPHjC>g~GIWlZqPJ++@Zb7-bFp>Qg_{ z+aSWY*x@i-3F>}y zdBVCN)fVAtc#`2@dE4f7<3Z(zL$aOLDE+r>yzIIYnJOV&^QnMY^!6C^QPA6O?47jI zEgFg>q2!jYhx?v1vzk6~K^-TWX8l!PTssp&MoqodiippZ zGWWCG+h;rq*)k85&X`Xjzc8VdT=792rM~$=9?y@tEhI9Ibj%HTI?tzc0W%$BCxo}ZF4d0*glo{)*ubbU-&k+ zEj_g=i8C~NZ+E8t!pfL`f@;k(L(Mc`PfE{;F1Y+LNmkCV1{s<~Tynoh{R)D+${a4_Nkcs>A<%ZzxlpgP*Aj7puDl{VH^DEBd_sKo3k+psTC#7 zbiyy^>bKsP!&<2x_m|IESB$Xd2<)>#qu-ZTpKG?@pZB!-+;_dy(5=`v?O3Vm9Ad0A zTw#%;#silt1WIX!Ok1*lsn))jw5J^qcPAXZ;VOyHaN=63J1*N|`F=%+s6=!^shXJs zw7cqt_+`Y+xUHQg5#=W&x7h45rF9ffe2gid>xKw0o(+-} zX;k*fc8iY__JgD<%sH!4EV>_MN3ktPz`CS$!RFEKJPr|?G)&U*j3y79Fqm%}l*OsZFT<6`?Xc#mD(Aa52U)9gL5 zL+q_iP1s;i(Qk=XZ*5F(1;`g`qhx<|oiz2zOHWnt&8!Zn zPVUQXfnUp2{{BtsM54hm$j06|7Jj?5G+p6K3FFOrs2ETD?7nB?5uOR+*FK)^{x!%s zMZI5~@JLPBjne*rE&1W>1Y#OX!CH~>+Ck2~)i<0Q_hrX-a^5IkeBtfqXWr#OCwQjxyJVw zfl@0nZ65xIVgFkL<=fQ#ReY`G=}%T8%Rg(z2>qAFd|YlRT4-}`UojB{?A&kC&42rW z5IX$YJx`b@-gzp{RvuRrQ)s^~4hw}<@bY5LmOQk*^s@Y1E8>Tu95Nzlpz(9sy|0Pu z%dc93`+_}mB{~g#Imj9(VYp^Zr*VVzpU}_S#mq3vak071jxW0FuT4cvm>SAe@x7Mp z=iR4%RPnsV6hk+>JL_&1W&ALle>1~XUZ=21&M}}eG|KYCpf;k&f6p-#?u{k0jtF=5 z2+_apGwOPbp;)4Xl08ZLum@jn?4E%0t#u}Gum|U^PZ&>_`o;TK_38+FgJ;(jmt)q$ z#mohnH?jSSY{ zQSGm(*s0E=We0!d4n~%qCu9Z|INt7FIBDLeaT>+=i0=t_epe$CA>)m8$oZoD;LW~H z!u3(W_DhtAHuEgKfy4vn6y@>z5lCQ;OBXa21jFp+cTXzlCUa0m8VZ`v*(cE-&zh=+ z^6r?my?Q$FT4`7J!w{FA3$5ti{Tkk{^FWHY>fatyQt$!s$dKB~_aVHQ=9j$jGMSSfDsj(iTBZ@GB_yiIN@rz^ z+W4`N>Z&05c1Gu*;B#zi-|C=zx700ptK%N~c}f$Io-hsxk>8~Ed7-r@l$dnJ*+g0m zJgqh8*@C!~GaYGZQGYByE% zDA0?xA=NfINVmOuv@sEV=x2cW9VjXR&s*%@S+rICwp(}lRE~-JDnwo;XPDXdL4%75%RC*Bd5W_cC$ZttOYQa9xQ<8u8)jbrKtmgTy_8*o=SYZ;46&zBwlKx`wd zyz&Jwfxwn>`5u1<0e>6ux=1$YRBj$p$eZ&2{%p5Dn@n(=*_X2ltbl+6Vd=x_6;I1P z!ub;X)C4*eVl1-}{QA?kmPPoO!bU_^W&7uAWmgde_W&3x0 zDmR0PL3VrZ$OqxU?bL&(y+-pfh;zhTpLqRLL)^o@QB&u4zJ{JM&a{xOPR!1eO}&vF z6!rEEtg3OV>)FMr?}+MPjk2_fbm6slpAVQ*agsj)FEnmI4fH??U&#$(|m3qgk zIK6zGD}Tn`dV}*PKTFJ?;1G@G!o5O0RKKM|s>)TW&YdqYJKNq(mb?IEy0)|@9s?&m z@-DC%_UO0|jE>5*9l{gZ^7)xuy77|#n@9rY_3R+(#WqKYCaIc&=g4?p*N;CE6#mkh zo~k-kRJ3$vKR6f#`dIQ07T{jCxmPksu6Q4OO$p*082TpbLhys4^(m8iUwQ)k%l0QeVRQ14TNd4xD3@mjLw;G(8eTo%Qds|%U8mk3kh{e3chIbY)zsz%eJlKMHVWLqQN zTFhJW&1@yIxfSmqR{U7PAUr6i!Vdxdrtu0)dcZyF2mQQkj*50)HBHqKFimOie@y0? zo$Szdi0HXr@ag26BEoV&oxa0rwjJUyxrPKQRMl5%Fxq+HySas@`Ds@7tQ0%WN&H81BiXq>`Yp#8YG`iEUfu}=9mEt?oPAuU*3+Z$VkJ#?m z-0r>j?kd%KJgE+^H`{9BA<9(s^|S9=2()hmiS=D@G3C`;j(mi8o)rs zX@#2v%k!sM$<~P&We~3!{AQoiiQ8r~q@urn7dzCG1=6pzu#Hf$L``>M%AJ32xrliK8RH%Ko+(3Q z9*itG@^>;LAgOhCBC=yT{AIU#+49M1i-m$gc*Cm73|KUZHl4ajhje^G%)ImNU(;vA;k>; znN2%n_KER7-o{(F8vrpU06_q%(yrGe!g~6fW8v#CM;*t%`T*}hppfc9;Rn~$X(i8I zRX0=N#_emLy6;|@%AVxU#Lo)9%dUN*zs{WhF9=9q0az4ZSvLT)h+a1P0W2kYNnZWC zh7d2t?f&;AdVSc~NY%=hz=MR6+e^zv?QX-ww1t_g^v?QVazf>UdLhr_lAhFB`|CSn z;Tul;r9{$D{jA2+*a}=LN90FR;*@3-|*S5;|)LnYqAChdqdB+{ggw$&fhwEpF zSS%=JlC~Tx{F!+b6AXhTWf=G&bk}H3m_jMK8KFB~8eeDc8u5c1(xK`<+!(Q-tsrwY zyn;I_jh!~&^i-1r;JQEbSxoB%?X|vWNJDwFZY&%QS<%K)1p+pkgcIa7D;+Xkj(A z0%p5d-P4QRNzobI!tN(64cXc|%Srs|$Kywvfz@0O>tKaSI|W+l?E}e}#PY06RS^q$QQX-=ke<_haTnHZGGO&zD*387F?fd^~4Tq1_1l2$Qo&_PDhlc?Ouslkz zdSJl`co56uLksF&EjzScB34}?WY)qf3DsIBLr5!iEKk_n-*2Zqf$$mnvTg%Oe2VtN zXkGT1ogDPzAvp-IM}O%zfo_fDyyf;J!^Q>7BE$N0SJ(w{j`6=9hp>XUNdTTHJJM{k z0F#nWTu?fwps4^|8HvvmtmFzgWg{by=AJy0hN7&X*{L(mi`hPjz2iM1{^)l0LJq%7+PKPtw1EH=`6wcz^KF- z&;h;@ihXzfjQr@(lVGJQLJ7V3m}%_#C4gFVl7qN&^s;lf7f+vO4GO38l3S5@uLA&l z3bDDU`7z|(X}3qR=L54z&}8yhP69P23Shh5QL!s&8394Sw8Rbppez^XUiP`Yy(fUF zWTgPMJ$2(tg;uB9Mdi{~Bq&>tMO6@vEzs-6k`fT}L?fV|2n7i~VAYYDnz`pv7B1vq3pr>nv>#|)UUr{bh zeX!=-gkM|g;b~CH)B5{Vo`VBRbko5QR>(|NT5n`$(OfjJ;$$#QW>esfxtUd~$@ zz!s)08vXiv$hbE{+O|5#^(&UnJw=Z^uod-P-Jwoc7=LJYyh2Y7gP*89JPnY`x$sj{ z{kMY?r-dr&*gbspZ)rV!lbum2k!Qo+^xKv0yC(Sh#MaJ5lT{=H9a1N!5(!*&Oz|h| zp4?Th=EOQ08gwnz(th8OrH$RU)+l$#5Ot-rDC%fr65Z)czZ|vBvg}PLY94(&%)CQ} zQhw6SIMMuifjGv@C_oo`dMR$&4KiaC0A=vgDH_;Qj#upo0dBOZiuONu9w*ns_1I3l zt)TXSP$D_^k@4{6)rkV&z6f|z@3&I8P~boEEzWTF>|fwhQ~X=PeTu1o7vRuNhq>_WI#vv`qxjSCB%;}y-tok7P)IwqUYReB`LjmB)ib9&x;{_~%`;^(De3p!>{2@;@A#tpcg=_wE`82Ax51{fAl+pK z2Ze$bvmlE>jKZJ&8 zG&KR>e3R5q$|tBdO$O!mfIyfRclVOt_HOv@^U34IaWMvlPIb6Hvh<@)K3CUsW$)y^ z5MlzE7w5^s(undFU$yd5x@RoL}@t&k#TOSWpkO<8&OKb zs8h}uqHkk~mwQ!qIaN7$?n5~da4oyxgxBJhGlpJcRQ{K~&8-yJwWUhM%Kl_)Ny0x_ z0`;Ggo+) z*EfEy{W}+MxhA0#9B_~3HRc6pb`0RVmLu?I@%={Ve2v$ElnHa`4EQ^RMK$|V>QAX& zq-hJEvBAYtJ2aD;h>6l<&z^JdJ}<_j9B;WSdkvc|?M79~#TVLv3;obfmMWu*LMt@P z5nUcjY~oj>qTgx+-ciVkpzxOy`&GOIrZUw5%mE7=n0k*w;xP@V(FkMOTXwjaSroK} zf6|l|4J5^`j8Tie*n_dtVRhu+!8l^7IXFI+~W1 zWgG^?7HvjSDv|md5ji1$(I8#bpEVEMVM0N^;#-+CjU=JZx{s%>c|Y=MNhxF(po*SO zc&$gc3wW#a(F8aZz!|EL-)Br3b{~BTiJbrYxkF7BHTB7lA|bE$-8p0dJ(Ll!c*hXb zS2URv2FxWeE5RlXC3!7TawF@yO4MAneTaeKYm^c$AMlzhwmXA>&V3f)`dO$ehA{d{Fv zw^TH%?Y0q)N!Xq!oiEkBhDe_*rA?I>>Qoar69r5I!O9q^+@US(-P8p`!=g!@8KtOd zAOR7w_abWP+hxcw%WlxCacw8eYB$1!5p%t;KxASEu`QY*FR` zWi4M3lvgJIAkT`sbBW;&09*U>$eFGJ_#90JRrkoHyDBq@A@RoRxZA;u{QK6 zo1j%b&CrXu@U}nBdZ}lbgx2p%Nvoc%Wx(dRXHn70;H#*64Z}>kzp(aSMO6wWUTu%i z4&2sb1<8}PlhFu8+(JHb$Zl}(yjhgk;#ga9a@)!)Y?m&hF*syaMK!d!;+|t$YOAUE zw>gjRMK|gdIj#xidoczFL;haU#6i3wTq2B6>-G(C7hNP`A9%0G2_vWPmp(W*f))$$ z`1pzYV-*_+p+IZ7y;{hJV>fkr_-r@s$snzdL<+ zCW=as+auNiGe(R1M1T_{-8vRFY;jbQJYC&o;Jl5;!cI&&=6-8XIOG}GiNiKi%U@w) zsnR~}-C>SwtxoMZH5(W4cJ;=;-B7Xbr(`D=CW-tx4_{G10 z-tVT@bJpfG+ISuK_KEWnwz4)mAu#^7@Jy_ZAd@2vAWOpc+w||p-#KfaIxzlB-(^7p(X}_b|s00Ej(84Mfr89K*VSezLe0dd#>y{^Ge%hrj5-+KLDE)lkf# zKbMHsjl!>+>1a6gwD>GsPw=uPfuBgH0-+9MI3isZ&Up_Upy0cquDAf)yGoJ| zLfIXNI&h^e_dV&zKBpDPfgdo%+TXk@B&kg=mo3TpAcK6rK4)u^0Xb(o;Ses;gIo=( zSKVK1ym|@ZoI*c>$Y<^9bmiXvGLxXvhhHpO4jOb`OVdBUg!P1p*L)ipd1#czo-MD$ z7YAUQtqg3z4h7Gbt@X7nUyQrE?*HlOBxWo=;|p`gpGE7f=KlQTY!Rs>XHvZ!An(pj zd;*-{qdx}m>7Yml+Ljb{_*qyws2Y4tMhRz-n$Np8^{V0*RMpIN!a)vO4bDC>#}mIk z0hQa}rn9eJetl=Jd#o@cnBvJm-c!%4Yv%N!!!U=K$F@nU1zH#`RW-1i4NW8#2p%BM zr(S+>DSDk*9o^BI!n0*x(3jJ*uy?1zSq`?RC#8!u%Deax)8%#Iww?WD6P_7;+V-8- zQ12@dr60dIi7Ef|Q78rZcZP@7qPGKCi=B5JFxNdhOHv|hCz z|3jx!oo(J37~?NbELKFJ7VBIGUZ-PpPhb-|RZwx4UW=0}Mo*R;zv?22sM|YqJbWlc zTQj&SjQCUogaL!K%dy&2G7DJEkM!OPlydKJnxNA0(X=@YOr7Sj5j zvFy502KeReu}7dkHJiaYqGXLZ8VzI!PP~%fhKL?|kGyPTU%RaMlMvszsf)rBD-fyleW*5+-_-U7n#?8_WBlhEm?! z3T*WuHA~&RmO`OdM_-LYrR_bE(>Oij54rp7zPD91HDSuT9AlfeNPg>62S?y7Hv7Q` zd6FUE5q(woV4bNsvFOHoyx?#3=@kor&xgea(fn$X5SgSih0weR*uxIg9-@coCsvR8 z!(uE}c|Gq?u_yRrTui1?ewN;G{$y?BvhBn@F-%XL?#%vQ1utP&nqyvO46e*&Yg2JdAnTYN2R-D^xjUkn}MT~F7R2`K38M4{2lbBf8 zvv`ti{Gn_bO>tCu7Cg%QgbN4%>5~`c)mvj|;7G zs_pFc3esU=I1%1<=dL7Rwx0;>$Hfll9mnl$OLr9X3|mn5v|0KyVSDutmrJ;`nzw-Iej~X`w4oI?>>$y zmJMCIYjMe5rhqSiIfyS-$-}aJ0h780-5u-8D9WGyM1ICp%YDyPv|+6FrcZ_6!cd7j zX9r{>O|$L|ddl0KET;0!wsF;lT-_Zeu1Tp{uR45lPh0cEXYbEv_pj)Kvg36Ye;&=d zObcq0OFxiZV0AG!+ZFOv@g^V>5c_EQ^(`#eDfK$+RWj#w&2=Qb3TL}JyKo7km{u>f z-nLZ^P{M)4Xeoe-OfVmBSa;@L>p1K$vUQEq>}75!j;A}NK@mEZ5KG7%| zJMl@SO@rISijCo+a1aqc@)Vksltgum_%$_z8sRRUwV@dy?VDW!~J^n9T za=YWz*T-OyfbYfa2i2j@4D;scNC`Q5+JTiI;^OPR!A;8#>5tjYG^{H`p^;M-6)>s6 z9^NY)GYE%X)sqA|`%$EtRKBtfj+9G!*hHjsHL?FB(wn9P#3o_;-ttg^k5xDNFV;P- z&l#<$^}LnZG~m*6K7p>EETWe&FOJM_2JRh3+u)2P-wfWyxIk3J2uFX!!c;q$51|IZ zb+m@D9{;Z>r3Q!sVheNPUED%8vzY0#q@?GK#}LkRQqlrk`j%w=~iEZPzaH^KRyN?Ao4Venv7rzN21DE zDErZz2_X73St3M>TJI34>i!WFBEyQ{@7F0n_{%y3RN(9e{~y+Z-J*G7k-O$S?Pco; z*Vywd5)BDzji=?`&{y^*K`iuHZ)No(L-g{eFe6W8hoEfolokMs!moweM3BBOmMz}P z)3}!fiYbr)rW4b$$6^_UC68`iJwDBUP9`tj^AGNTJ$&oq5Ohc5#u|cz?g3PSe&3zp zV&URU%#jl~+51u@ccx9N^as`aTrG0`h5>rb=a4*<)8P>5b_Hg+;wlN<`KQ{x=GIb|K!f)%jTA>FZ? zS;ck$@EE@YKz;q*vl|TQ!|;jcE7m4WhBZb!HOIm5HN~TtMaxqOh;@;9D520IdHuO+ z5a@HGUQ`W$A@9UD=9+zOPq^Axr6Q77?VsTn>*(7)hD+QnV$zc-TXl03@M+?1Nd4JUW*Ufofd;wbY z{ONJ4z0s`7ntziI7OQ4~3Hv*fS!=XZX+Y`6IhxnAK2tT+GhF|)Q8=NbhfK2>#XIE9 zy*FHNXDfnIvJTvV{+hF$9N0XVmQVGC`pLBz2x>ABE@Pgnkf9(GjZT0E9n?%E!X4Rx zFoPYHRhnt7g3=q65w?4tQ#8LL7FAB$gBZ2)J#c7$AU5>zj@n7#$C$yumL2B^ju9*% zt_{+it-D7i%k!Xebabwl&o^EkAQE4*tEV{Gx%$qH*!1-k`LKSejU^Fmz;#aaJ42iy zBIx`YDSM!L&-}@7M99};+R(u&Prat{tcTSk2o^ea=8Z_6+EWK4Lp+&yZrOu*a91_a zg*MrhNoroB1Sd~eyFdCbsCs8Cx+V$$wS%=*0PKMcCd%p7SR?LR1!C@eeRLCdqg(DF z`J{bJhC3F@PH62}1ddcw#k$|UiZUmMfy4{|R;1^avzgrjJDGu+H5^TIvAUb!5m$o5wyrJB_73Z3&1r66u>?yJH;&1qeY}UO)SjF?p zAe4LT6M<_-YVMfIA>?Vd%S_9QNbvR(&lWdWi?PJd%Kl2ro7%YFQAsQl?12QITcM!~ zC%n_>+Nwk*0xA3*OG9IatE;N6NR)S6U)suuOjr*VD+7n64fw75j4yj#Wj?5dJ>uT} z)+hI3RH7#FS^Rj4jcI;}&5!RNh?8~pF0kV=50-3Ux0*kLC@1u*Ty0(-@}f%N7uB1X zcuzz4)X$@1IX{XY{=(%A;!Gp3Tjpx>qtSE?mdyzeC~c?6nHoXoXDZ8yG8x~II*|+o zb}Qp^L1NLWx4_*&!Hev!8K$H?>oHfmeZC1`#3uqZOjEZiMi)Eke@;uO*)hUV3Agcy z&5!S0H6KMihxYuv9h>jEF2{YPbFlIWq*c}w@(b0_ay&)-IlV5Pzp&ITu*ohH-|d%y z@2OE8+Kj*&IL4?C#*05|VQz8UmT&bJ{Q~*9_^41GVNFS@L2 zT1-qUZ7ejCGW$srdUzu(a^t0fKw@kqvV zVNjDcsdVnfu!{U*j>M!MO|ZnBjWMS9G~OJXT(j$K*I?GA8o|%yTiGi8IPh1*qZ++$ zQlL)!%ZcJgMzL7>5$#c>+*d3 z{1TTFtR~_X-^qhYgd^m@f_Myg1!rB6ju_#Rx8ObHn7l3e*pV+ABwogAU431JGLGo8 z05Yj>)+RaYEA89|SO6C1u`@Y7ggHzJ2x8nA>}%q}i8bsAqR5j#kyn6y7dUS3>s8sm zkg+Q3b9s(kX-8PfzxbOzD8pjd1s>3jz6^mz~kkw)pMS|(xpp%-XlB>)% zA=C22#Y0W!;r`}?>0h%S>rQY2^%`1e>W-=)W@V83fO8N(H}(-0EWzr?)osO;`m3IK zxtxmeSdpkFkol*#*kL$a4KJajyTs$(#TK(2q_8>m>G{5;;~LK3+W4v|jeM&VxUE|8 zp4``qg{Yny4t7t@y^Ad&H;&l`f_ zKx949iQ)P}e1L~}RCh1=f|ht0^B{=z!(eJ^sxBC(Uu&%pBsR2s?m>TmG6v@S15?GoOg zyT${BvoDu zdx%>pl$YpK#}Ft|Of37)4*wpc`m^};Kq^-}5>++&qNtUz4%qX#!szaLiQ&)=x$vA| z6r+Ld%EQ(OFU*9dQztmSY}MK!m?0#AzFHpz8FXKe27<_9aX=h!G4535Af_C*(?nHp zp}Ecfr97T3P_d}%UqxSFf8|a8(V(U$^#GVFu>X<4yI=P%b8Jn=}RxcQ+`>!-vRhtdQnk zPgMlO4v^6jpp%xyz?WGb?oewe)17>GZzv~Tenzm;W{3d_Zb&iFjq48fSWE@-&%%(RmT7!W{zL+ZVBgVcBa~?y~qGTZax*3|HX#P;W zdF3w898=v7?f?{jt%>{3e9H{MpJ#vBz;2@eeaKe+&+!GaMe<_Yq7M&WG|Ye7Mg~+C zlJFGsF)~n5Lk9whU}>k*zdAo$XaSS}l?$~ZJFgcFuSAh9Kix%VKY+^14xR?MPaTs;D&(dvPVKS0MIc&DBNN85Wrk+AmO63 zPj-o@tVtZ-cf+-lD?2jafee-Pugl?%D;ZMhSY(4pW@7t=A-eT{DKJvMH-7UdxkbWo zHY;-GByjiXa8DB;&lf$(2HJQYTnnk0x_r*BW<3jr`sFp38aZ9GLGn*P&A_lx&JfCl#h*ZO6Uh3lUptay_+m<;fQ0j?MPdQ4O|#xD z@Rk7Xj0^)p;ADhQq=oQVbMTs;-G@Y#XDinC)-tvKfw#fEs(+ig^kAU;$rDZn!o)Sp zo>)75onYm-)&;upNvZ!3LJAAFd z+FH4qEhBzZfBDb7o=iB4NC8w-fB*uJDI`VFP_=t9mI5j}wR$v6$-sAjEM?b* z^M53c)kbKpDxAJ^QSbhl(tUq`;nC$qBRPU(IbE&DX{7ufU^c{ziu}}O?kWyW7Zn4B zQJT(JG!mnMlDAri!W;Fiof+Ed0_MN=fXJUn{!<|kh6NFd%xUxaz>Ej&BmCdQXY*hf z30Ec7nL-vxLkcaB@)D~4e=6MQFI36{^Gpf2&R1DQQU5Eb6}rgsF zx-%~d1^@a=`H@K#Tp0J@B8A?>rXXWKxqvL#5M+2NYrqqK}kHTibT6%x#Q?;L&Y!uzZhO8?TSQHfsr^`Gx3Vh&Q)w6+F zJ_DmCrZ&O*>nAqXqEa* zJ_k?dI5F9SWWs-Q5F6^nhudO69DXH>m$tRarxf&by~ zhtg}E&qN~g-N(=uhym3r)-as|GZ(Mxocwq(_tCF6YEN>ftOQgwC7+vRAk5w_(`(j! zjc&0+Z`2I40&N@}>N@A0B|>FiuDpp_D6r4Nv2GmzDtC)3`Tf6N?3rL!H14O@V)Z#8 z%mdY`su7jN{s&fS%W5G!wSm%r&}i>5T7ZY%kD&MNq{&))-eIgyKqH}(H|1L^r0a%? z4;tu>rU3MFmHvB4Ejd2BNJnT-tV``D{mMKIyQ{a++3&l5d{AuZt~rxAi#dB{w2uAE zhmv5WR|P#p`$d-v$}Rq%sGI1o+mK$^a=TBn*43Yl@URUtef;&pOGiIA`d{Q79(Yb{ zr2B_^Hb;$AL&yiTn@9YiNKV?_|LLUB5tGJH_NVMxz}yna?v%fdRPyka$JnA_RJ!)am59{9_s`@Hua9fc!% z^-B8nzA;+-DjsN1F8JCo4gC!6LixTQ2(Z8_Ku8Yuy4%7u^X|Gw;Ep-zjKs@vw#>k9 z3ERLVe?n#mb9!gTmbPsU+Ph`3c5q|AJeP=NkHPZ@Y+5BtO4e8%TEzOG=jK#20aU~D z{4)7&5d;&$pJfh#>uczpwd|m7eQd`!7GBW5=r?TYE5~vr(Thyq#lKlbqp(fi+~X)* zlA?^^2ec{?nO^YNFV8S>PTTQmO`D;-cR^++!DU1TQN|lVmtqB`q+7{g(vgT(K$JVE z5s4jo$R7>RU1WRR0{i^=>dLuWv^pSY-$UO9*XbnTkc!m(onVu_NtKf^wqpVKf#m_- zY;YDW=2P^(tP~#8Az=CyVrknFG)qsa5N${agt>ufP<#XhH>FiJK+CAY9Un3@F!xz9 zl~GdhJLUw>h%ZP`b)-<6b`aqi!v;mDgl59oH;Y#XYvO2flgAzXduY{vIDa(UvUb58 znPwz3Sm;%29%f{y^K-6=wzH?sO~&US+=X-SW3>VlOpGeWRuImrn)^D=Ru+81&gMtE zt@7&v-~%W;+!(@_G&H{6(9?jh$6@RJdII=9Ofd8z3!3jsgu<1 z5#mGx)TiSzlcQle7;yMH?ljr2f$vuw`oVK3pLd^{a(pO$Bzkdn%u*zlD_vmmUL1)C z_9F1QwqxcU9jN_gv*Hf8$j=GkoUv|;yr$P z@{=|={tH#5yN&{c(>bk5gO!b&|IYJL-k!_NuA7QRBqb6g*`Wu86E zaS^fx4A*(`c@f3JZfjiE%jU|x7{q?BI;gt6Ye;1L-ng9~733lBWcg%5?m}1d-;dLG z=hUw=aDtxO+Chtq+#n{{FICX9RWmBE2 z29LnAIPf^U$Kz(Z%k#WVo&!L7T&?5MX@j`|O-AAkrsF z^T%j|vWyo+#ZZH8VcF7ih5)O#$Mz|#%un{^Vm$tK#5cS#wRy2!1;Z`WKM3{Tm${7> zogJN*(BPNQJ2-sIlnb5`WI_%~C4YK1AuJ0{K4F*{fq%CgY}9||uJ5ozTUyd3xk{az zP}4R~)Y854H?x-RA@qprTn8`w0{5iWm!F_0EBFYDdNdp&pcHagh*DgW z10|u&+77f^Dgi5t2hSW))N6|IZnj2zD z++LEpT+@_>Cg2OK7U{J|h))_PYI5IR)luXHx3~(H!+CyF!6tZvofGe`#`5~GdQC>} zIZ9K`yY;cTp2JRv5bPK1)pPLGaUE!05r?Fb4l8X7c+ukwXH6;aU86!UB(&S&Sf$~q z@1>V7Dw#`mcl4^M-mWN~tlSXt5FdA|V-KIQq|#>02nEgj?f&uWY(4NVCG^o3H@_7> z4z|dMzv-RVCO997p6eB}lD^jPXGYjF*7dx`mBJ0VRlWMBa(7iy?u1vpPSC2@x`OvR zf9ieHFa;Yz1GuKXu3njb2d~GUGOpFXG1Z2QY&HUo|6k<2XH-*L`}T{v*(z*hyJ=e# z*eZ&2l_oVJ(o5(_C=n4MRFwb*NMb`21e7Wu0qHG(v`CGDih%SIAcTN)LI@;;7LvRR z_w)S6d&c>2#yDe~FXvs~2qA-!dC#@xyykWNZZp2;N%Lw*vHZlW_VR|+&BcR0(wo{W z?T)S>xA=h{o5^LW4`UafcqO~${L@Q!ezRe%=ew(q29tE>^oQ?IX5ZNxCpE#cW1cC1 zDfvv7%6rxu8ZjgGks)2}3GfI?vwz`$Jxg;%9oBBG+#`U+VpqKc(Sm456G`^nvvxvg z92Ztorj0m9iTGO-dR=ggjpsl{V2ilDkV--iuaN|o`x6|)KhRlG zr{EdSOO+GnH(_j^pX07goa+QTayXlt!Ie!#u(qHV9YKCDvNv>Rse(JMCXCuZVuFXR zdiKOSRh1v|+-6iGPq;a%{Gc~~8&(TE{Zh^h!CXdh2Cm9J1gXz_ z-3;yzZ4gljM>1?sOWIZ!Bmb`nC}WPH!OhN9oQ9MA80h?q%Vx7{8xt+w;;_l5;#IyEj>qkiA( zBlm5R^54jwd^K>r%W_;m3=_QCr5yWhXVv}ijrL0P;NnJ*67@B@-)W0~kAL%Pmg-jX zw(Bw81z-5R#T)rQ<|U0g;hKGWhsZ@d*$2aJ9!ibk8xFZuU~N(FBc15e1?O45BRmOX z84<&ld7wd`e600cL#YFNbDHnZBeR4qF5g*_TmkSGPklU+4f%e9xAxPKY8C&Mk8}A! z$Nv2%_Y6PboZTIwu+{UWvXrAKJ!iUYKU+OKT%2+#UIty94GVQ;tT3cZm4$EaSKIFb zVt>vl`DZ+_?OGUDlu6J{NSSo@uXBfssx`eW?8x|C30Mj5`uR0MYMMDUuy&k(VT$ik zVJE-+?d|kn)DcF_rnQ-w*>WcHSA`_pm?75GWuh^hdr3Gf^95ZG6XaxV!q^}b{`hc< z_*x~fYwLmx*H?@?an2p}mqjj2q4zmm!ddq9ZnC_4AudheCd!cpc)~27n^SkrHtInCJaMXW?JyD%I1W9e8 zODO-fs@~Dy#u@+?(};1^>{odnHY@Mm0Hf~sF;Fb+aNCS#?|t`~XB1D?Rg3W^1I9q8 zSo@Hy$1|}sMW$?!#p}G8yg#(IN)3D;wt$HOP75vCgNtv6KV;OP-(Xq192#2-m8dx9 z$f}-u8z|ODsW6}4qNe7>AhCirDP^rst+VqQ^I&Y0U1`aMD8m>tRKR}w0 ziM$0xHP>C-Okg<|+?M4Q0&^`}TOh=@1#gI}gWAV6f972bRB7n7#v(C>qQ5uZy66r0 zc*{D83{BUO<}(j|KqXdyqYm0mZkP~h5Jx6@B=UP;hqY28#ldjArqdRc4&j>Trr))9 zyNG2XZyo`>YG=&DdB;m`d>>zhAaX}`r0$3!=0xXC&BZ%&AENDe91dI;Me%xffBXmV zXs76i(0@47--UP1f7NbJ;R`Ie^C9{iTfo^-g|YWhYSsdzwYrkeE@x+5kgJd*muRdk zNuwH@VYu`ccS-j0C2uIsH!!~UMylxVyy$KV6a|52z%#*fu0yc4{D8r%#s$V{qUU*P zhT)u^iB`Fk%TKwIwr4lj1Z_+D3z7qov{JS=U}_pR{3y@S^r zGbJMsbVJ~~&4a;1Z-idA`($P2|Ug7c$a-8$v4~9qRd&Ud8@5k8M-3JA8!K$Id9Bb~(T@_*fjopzh zdNOo+xXg1np+*rgr*XHlGef$n{6Or8aC?X{!(eRYtN`!J5x(w1_u3~t+6~JOkIvO! zP+?p>;p!Y5I}AL=bR5XxjUVjqN~$YE<*5zODXw9=Zt^k4yz+X+x5`5bOSkwkz7}T} z#zgU<3alg1;ylX)KgJgATYi7$RlGo`F*%ANSJz{(I$Io~UhEX4LxlRW4R~MV-5*Hz zPcsY%S6Bv@p(<-fic^3mRV@93Y;BUIq*FOG95akoWl7cz7l`{rpGwv($rnfW%r4#@ zdvQHszVO1NyV&B*p|zYne%K^`J>P+nid(8B8d{Ko z*#Yhgu)m1CNMv$e?4PRw&4f!`xt?*nTE8c32H(7&>yHgyJ)z2boS>JL*pU17Y7mwAiJTJQF z%3O3)bh%l|*>>~XJ99_5Vz0LvtZ!gE8q?@*lJw3Xmm~#!pGhD4w{UImn>K@6RbrWn zo(DDi(|DJo$yx+4C#MrBS5fS}nJd;K86H zL+J59!}7+?k>9!-6t~&;H=rQo1sIu9y}GgVGbI%pj|uamcraue*(Ma}P^fw_@?^+> zt>&rlw=OBbFd0+s!sI>qwccy9T`}Hs3Z=YHuw-Kes5&HwxPA9bOS^C27V3PtNo@&qP^xGv0-p zzZGRVA%-@?i@tyGjKuW%bBi}cL<`au+6~RLq=$2w^1W!@$l6ImVj)((ERBk+A-5016?%k3%imOL-0Q^}^l#eE?y#|IlT+i}VuF71lX+))KNirDKL zZA_$%ZzY6&ni%Uq*?lb}KcBqtv9igr=8rVBz-B_z-eFSmn`A`@IC!oM=VE)K-}g!W zd-S_e?Y*o^1l4}p0+UllpfT7^9;V63lSGTdul~Sqdhflz z4B_syZ@YRdeHv$Gf9U_(v70>#j@q_(tcrOq^K|^7fX=QR9EW=~?C7ciiR(7&awOl^ zdI=i~3&WEsTcDXyU2#7cw3kvmU$z(qWm{%bx?^aya7HE zR8fZ{RKq{sA9+It7B~9qoEhK4GCE*85HBsY4MC$?%wEQM83CBH{XfH@RiDEosjrWl zikcmct(NK$NKd7|!P7z~-EW3}E_0YH3f48rIrxNc8Fj#FMozNmC8qYSw+hL^_VL(= zy&ib<5B1&;e-3Ocx0N1z4;&wRBXs>eu)wyZ7nW60pWEWNTe6lO{7OipPNker$M^Wk z9#5V&r__*QMIUTRSWS} zxdg|Rm#b=V2N&ha>s5Dq3O#HVj@WDZXy@bTY4nV4IdJ`1iguzSCismuLVre`5tb

=-Ok-# z?cF^YBemHlNQh1s^$e4)?q4%r1tWVyK5+T`vYSl|o|`n;fPsjm?$7uOFs?-K_G4=A znHi9B+) z<624dfqNE?n9i^~CJzUnO5KYM5c<0iKd;p6Yl>TxaOAY>rn! zUqayJ@}u8NS-*4qAz7I}A(C8s=Rdgt+IK#{xHqTjwAZt!6_!Iy=v|qfZkQ#=7LIPn ztDGg-O$_RiKP6zk*0b_efF3?w2jEcmFOret#yaifW4v`A z=$08_0IjpIi*4CvgmXi%yY;$kv1@{;s$ZuQj||WJ7gYMNwYK3rBfkuTRAX(4MUel1wSop&1mK8yK%kRr`DWJjz#O@%ON01fZ~IpZFj1!a=T( zkD?B>t|MU4=x}{=DCx68dN8`MfGlRzM$PYiuRZgu<}_LiU;22GMJ|?m(jfJBH?+G6 zA2eFDh>tCt_SvNhm@T(j!I9Xb>43!dt-*A(sWmwHUZzS}{9xe^fEBXUpMjHuH4cu_ z<5-)iBw4m2oB&-Pw4^i*@O2r@jP5aYC!`UZ&P5|?k!0yP9W$*{(k@%~B&N4eVXStO zs~9Q&nFn3W7(DwmNb*!Kn4c=w?5B<7e%Emf5d#m{~IwH?{fw39nls~83Y zZIcU+rCtIp&Q&~BupRV~0F=7?5x@d}`Z1bMm0!FCFdNK+yc$mhG!mF6>1oF;>V$<> zKT;j~?=?$=&B}x>rf#j=vl)1~@?9T48>i)YT_p~%U5&hS94xCd<$8~)b?=381d)Y^ z3P66?q-{ViV3_27bZ#~+s$G2E5WQ8i89ewvX>V*jU{514*WC+xFPZ2$`{KB0=@p9a zzPPrDkfYX=<6Lz=(E@YPB;L^c= z)JT9rNye(fjaj^H&tUJVBQ0jc3#x}4f^OxfxuqL+Gtr?lq*V~VNW*8}<1gCb0jz1~ z1{9KYW9L&u$QS8c?!LI!&wZUz8ngAK1Mdsn0*)2rc6$^baX5I|W4r+@&%gX@gNXO3 zg`RLNQ$akedW88ug5%^k-naZiy4G}2g#pX;Wj*1;)3NLniNH37h_~ zg1x&*0u`LOrT)!vZPbHF;dNXLV;K0P%v&__JAb^vcYJ|`?eGeJ1Ac9IG6hBMMY5mx|sf`yho9siv?G*@^c{g6Y9 zuCIi%UxOaJiFo-UVxXx=dqJq#@hfq*G{A@K7F%elaSF_GByP_;Gl*N*fh*mB#Mz(> z78^wEK~R7678}GvkH%X!*C^SoQ~BG?G*b+AM)A7Oi5Q^BVR(XO9k8^%8s}z0%(w&S ziYsvWrES~sj3z|hqUPdh?)RDA8w5=>B8AJ${094WSyI-y=esGM#ibj=TQ)0-bJ)%Q z6+H!(E(W$JH9}X!6k;uj5K2-ormtaEraE$gB83>d)HErB&p$>88`3PWct{=Gz2i#Y zNz$K!CLAo4%woI0hS9Kn#fd3=ryBmbIhD`dZ30e?&Wp6R#^Aiu`#sR7n;qX9O5b2v za)m3OMe_6mJElfQ*U<0{G$5Y^LQ{dtP;U4n`!E@(S0SriMoK@o)@TD{eolDAh|1hq ztp1j!9@wHq-{y)UMO>5Y9(_+x3G^>j^lR9DCJF^9)R0Pk9OW0OZPH#~db_fhgoJ!t z*&E!OL{`l;{h6W%#=<6?uUlH}Top0sQqFZO-)3EWuQrYDU0>JDG#$rx2GyY%D>y3~ z&vpz{Lvj2%epRzacN>s~yK`wz-y&02|791PkFn$+no1PckkLHg5 zWAfihNxS!O;KN10?mT#*Y14DRP>l8q=3I#@OuT>KM%G z&F8i6b%*JYLFwUl&+YE5fm0f8l~m?=7Rpq&=%Obz(@Ou8{QZ-Nwp^^=>EVmcdgP)J z^?ebESR4}%{eEQdde^`e;Xk)UGa-KDQFz1RaS4@w_+&-oU4(?S{Ye8O(3zT=n!L%{ zzDT!7DH8KiT}#Ow?`L`1w^-^5{%m&2mw~N`_4W``TV5icdFzzf+pDK`g} z>i9N32{b6%M4y$@YVpZry&|35=*2x~ZyqGZTQ{0{v+&kFnYIJ;ri-LK)1tF*%u(D| zaFq7ayDuZ^6NPG-9YOLLc{65%`L1U40w=78T(9OlX;Qw#ukyn8hTP)Dx)xxL0|WNR z_Vv=?=V5`YW~cUuB6E$lJNeL?Z*qc%HKpf{$t2Kxsi_dc;@v#|u`8zI4HwyMGi4*X zG6~NCa?ksF4<|jwpDp}hmY7Eodqh97XJ#rp`pj;yV;oL9S)u!NNEz&Hi`+SX(DP^se8Sem zKThpcGC^*=8FvwJSP13jop2-s(@?W*(L9`d?X$DBCqYlh-05|i(BJC2Zv&IGmkJqa z2dzp+EBSapS1oNWkfZ1>xsA5t^D@=K9bSlmOW2hR6>ZvOg=vj*;QE8t?*GQI$csr+ z^lA9G1LVPWZbw0eU-NweSc1=2A35QJRnOU4;K>ywZ#v5Z#e{#hA(rx~rH%vQ_ZovH z+$o=r;0ZrlBItXN%vV*f6P;{O=O(U|ADgQSm|0nD(e(w5*(-G8$LNp z-r(BL77oL`+VHvF1FN^yuIsdC%n92ck-65foCPt%%v_OUH=d;?%yu{ek0>cqFz*f# z<-;gq#_E>R!R@ymzEXtAzV;QrE++DO2eUE=BMDbwG&%QvDBDX3!CCz(!qO8987d=r zoa{i1-B#1GyIy6vhRNgmp&Il0h{4{9(KTn~J1~G199&pKUG=OB>wW4(Q01BXb6fo- z+Fh}0_qwO*P8DQ5O!YQ0mT#Ox`Y0u4r255V=8mc_4k4ZYlBA({>eldWN?Gf7qZA6E zat&{g{^N}zJnMmGPC@(7k)SgQIv&Sjb8k@DmpMYBxba9m%;C;dKrA1Rq5TL zjEGkUDTI!}9>SxF%(DUR=O2Thz;P$vw92*g!b{F_c$;Ik}CrEm7i9I>+KN^iqZoWxhxT!X+x!C+X zKT|R$FAbkLy?;Yx1O&Q`A9lCpLY7?*i&uv@x+n#sD}$yIuFjv5kzubisryv)8W2Xx zymFJew@iF81A)33fe_A$r9ChBe%Uoxln!th<<2=>+LG(7d9RK(QpB6h&Z zgeo6@+kqxku+D+aNtUF~_sqZZgKhfWPesfedu|x%-{|ecQ?;)*so?&|&tF&S*+tcG zmesObua6c|S1A{2<15(Kr5zbh9#!`G14adBV@h7?(WfVL{#06N!~)qflkuz4;yRjQ zN(!VTN4WO3z`4$Ifi0z54{ak~uNtDlN-Y3w6yT2MPqLQg3(=D`gSu9qd(p-j-w1;B z3}dYe$+&!n79i0S1pUiDgKvCS^|==&{5?{em!)Y~t1Wk0$pp6JL`%kS+O!mSemK8n zqBRTwQz8~PQ*fN$uGRhtLb?tvYR?|N10&|cR&J{KNUTUg!zw%!6&}eY+)W7an{#S! zB4*rZPl{9Euk(`>vhUUW+aK4n9=4NAGFyJDbS`jr>;t==3Q8^&c1?@Ol2V|qh>`4J z8E}lTv*=uSqnc2Ek&22z{L<@hj6z0*FGMo=X-xo6^qI8^J>Fysb%@e3&2B>~ciuXz zwS;`wOjIND)}UYIq){%%d<1XG3-z7%2R|gV-P>r!M2D?cRK&OVKD$E6Fcdw{>>c>p zH=j?nzLZb95oyn43>tj;c7n9jm9rG85tqRMgan*>RgE9nb>dkdU{<} zlEHW@D_{Yg@`Yww`sBrCDYklbavZ!pdUbhbC(4=jvPCr317vV#<}@Ig^oJPRG{{`C z)BO&q00{Gz$>Hw%qgu_*KIp7-!28!-gi+x7v3WN?a$ob|sAbG2!p&QBxMV7s(CG*q z+o*_a?1XMo|HcNtQ?a!{jR0crRbRHWdb}d|ob0|-uS9@jo zQ)iXM9+lr-xXA0vXPOR!f$CE3Ktg%#ZvuSDVA0H50@s9(Eir8N0y?JSKn=pecZD{* zRM%Z0#oWT7psl~n;`qvao@b0SoxG-T+PR#qhwxlo-TbW<)hM~YK?F6t;tO;qTQQYv z-3z?&)cnWk#HFJQ&kT}#N6r+VO8WrHulR|JYy8k&V>IEAYzR-b#*w{#PrG~73(})z z$Y)&}#NQkEgY7>wMa-^ql_dDG-A+5lG+r&D)k417V_)KRYAlc=O7(O@S&IYNpZD#* z!1d{`>yrPVJ{||!yDO~#9rj>L5rOI48`Ik5Eszd+5$oq1R#~Vfil@os!J?BI&}OV?MD`k z^KcED;Vtaq?-4Y0rdHF5qw7>B(Z+`8mvfF34HQlV~bED_c&o(t?M_q}SD z_Xkpi|1s!Mf%PZu5*XPj9=>vUH7JYKbgH38v!9lF+|{dy=$We2a9=ue_PF*G4{o`n z^sDXu-+2T7lgf~RsN3Rxj~w*}g>Tkh=O+RrKZ+uQXUDy(VD5WLGMff)@_?_4ge znEw_hPEp(5ZYO=k?^QA)4!4JW`{xaH*Z^-pq_D$1kNDjP;di^pF5R zs)zPS0uYVy-Wsw6*9%%+JtHyjrUebeSaP_!89n5GnT>z;d*#5|BiCM^c}mih-t3|7plIHsSbv(5%MgJ|*hEkSI@R~c_nsch zy~_b=9|?d1!`_ll7RJ*ytnmLEI+X;(qD2LG6N+uzx7VguF?E#KaxKI5H&3`gvP(-M z!Ebq}SX@@KN1O4(8{)bLGx;6J=DFu5J3QF$?nHbz6FYNeM`khW>irx5ldnsIK*9`Z zJI^cTenF{#Nd;YM{Dds+y&h^t+Zw0s;t89ycb??n#tl|{VW3jK*>sNQJ~xgtFL%oc7qc$xgz4Lg3D;V3sGEEdkqS7l-ciV z^&rSCLl6)*x@Xv&BohH0ewJ@Z$1c#-WOB*))<&RnF?#veTm2=f3Ed&E{6_i}! zu<^a%L(Q#h1u>(ptILf>1`G=`xeuN!#!-Ux%*|9@bVg!|!nEe{!~VTi|D(vh&0SyT zdx3?;Clw?=a?ZI9kGF#icR3&`e5r8-p!SZ)) z-Qep6t1sH(7ytaS-29|&pVZe(o=XI4pHO{TZlE{tUjTqE7Ne8hcpYWsDfD;N1G>!W zs7GAvx8dreY7_U`EI(({_93$00G^*wZt7$p!1P>Q1t|pBlw70i$N5#1oDTDy z+Y7<4y(539nFGt*l2@k+;x}VQL$ui&gZ+bJZKiQmtgfPi2CRVnUP>FCqMaZV0KWot zdO->X%!DmdIHnc*9kd=FI^5u2H+BJ&5wzd5MhG6TqPjF3B2(cV@xgPKrLRPC-3KOm zXCnCmHb;Zvy|wmKwqRmRBL~Rt&V`pFU|1=$|3NKjyv`O4_lZIZ&!04toTF)ngy9`G zZg4Zg@eAKJT>sV?r~L?JHB1I?(x9Hn$)pVb_S=6AzXo(%rwcnnjBlrc_QBO+=N{^|HX6sZs>JHV<01D5_r8tQH3;Iv@C~*;;!-nhyW^-ncm|lBx zoU%B%#HwgZSe?w*ZkVL$cFae(>N1>e9_;Pa59qM;QvF(Vw>D-O_nk;P|y|*tUGN(z4{L z)h(|BTla&KqWNcxuIsuAC4wY>Vwt>Wv<)P@4yu2kf zl@a&5x^Xv>MLLZxfH@|NR2ceYdWL|cn!Lo%90Z89Qe6)4>;eGpUB_)|~}rI%el+eViuw^FsI@CcS7$_3Dk| zgYdNo{kT|U5~lm;Ti0KcSf*2u73j4P@MY?vkZiL=@;(s?H>^H2 z103R#n^;DT#&bhAUVc;7170){Go`Q0sgh7k7ogNG`*x=PSFZOuOb!W97k!c?b+lcXqKZJ zVs4T9P9ugfMrhfrE&8jZ)LU!lrxEsO*}?4Zi91-crx4{E$=(yx!#uZ&JwJ0RP|VWf zpYf6#lvJKDfUAD2vG#6gxPazb_GY#*?+xDjBhr)TViVklTi>2!oD~w1ySi#Bax*1= z2@7q>G8~zmEW8HQD}Lfu%ky1-sdRlfVj>F<@xAy+sWZJx-Fb2^(IEM6ks`T1=*L^` zcAs-p>>gEk7Uf4B4C6gf_v7rI>C@Mk^JfrS_HLcZPF>x;Euym&l9tQ?#0f4C$~M&z zw^tjT@>rGZ)e!}zet*4jh4gqFf9c+bSX4stwN74SLm^w{nMibV|oGM7K>PrkoD zR0wW=13CUIIR>burQ9i~0*~-sU?a6I^9g4ko-R?n0Q1g(`2K~OdVKf>fJhq@cde6`hCCw1qFqGm41(z_hWYNb6T-Xv;Y)U z&Cyl?k&*-I3}+>=rNOpV*?|XIWPcNyq5=3oafs6Bl~Z$_auu%zIPbEu2Hz)NOST9! z>+05BKZlU2qQ4KTE8|>q#vBTTNXDt`* zyV@m|0qgh}=Z`h9sQ@g#{N=pz56WcX4Pp@=zr9OQ>$P?rVEc75iwot@Q&-jTI~GID z4qzIsLl3W_vgY`x1ho`)F_U!P+Uk^A?D6x=uOf}7GQOs(MRo6dZTM3v_>i}hY6sZ2 zr-Es^44LXmpDa|di{Z=v;FDu_;Li}OaZcw6;qjZnE`)1WQddj z;2wXO)ybO8FcH!{>r- ze|d3TV6v;^pT0e&FAv}5shv-HK#*9xq4+*<2R2fd+y`hjj0I0FQjd#qgs?KUBINr( z+pMMPXJ9GEPd<93Pl}cX3xdOP8YON!QjX5aHWjz(=~Z$C@A6fa1qNeKYl!o_k$`VF z_wdIZ3v=cT6gG84i4vEPj*+{1EbCnbA~R@HV_jO5H0{W<6Z2A#DCe|SE}UTZ@^wnf zxa96qbPg{w?AI3*pJ#7)krbSY21tN##^m0mPXsjYo=-vmmgm)gx{Q@12o>>OQN)lj zqQ8}A{TXe8vEIGdEB`X!@7jq6ME`&(pvwY#i`>gx8kCkuH>YSVo3V_fM=}ChWF(@? zZ`Y1-Tp2)@#0GubKlZ=504wqJ!mkLhUL%Gc*q)$s_?lk01bVwoGAAfiqGrKX^kD6^ zzAeL@J%9wTc+awrWee6(h0Fub%+mr?^94iy7!a^qfAo5Fk8*;cx;= zeKj^2$hzZUN3urDD5(a#o~r7@uCiRmzl4UI4mc!>xu3soW94_?{YV?v0+C6F)M#=%-i>JWX}e2*5%G^G;;@EHFQ->J^04x#RZmffLpcxVr!IX0aYOQSYLy; zlL1VOZTiR?gUUBJ2{H0DxkV|;s@Wse;$s?O;k7%Ag~k{qPX2yCed2QaX_Cm^G1`WF z9MGy(&1W3#N8EaPSOC_Qh4YT$r0h9*<>rsqpNO?2iLxTD(rX$Y6UPA!LZY@?zmm9ne;)sH+R; zxHxW!32anfXkH3qLcSf7P#JC3^oq++^G^?7e2*VyDnByIRkoCr49);nG1qzrgy%j! zC$9%e@m}WJWmc*_L1n8^W+dxwFUrzzybLs(^7I!a86<&z-UwjdNP}RVIp7sVbFX{rhE5;vJr3VZD+MnGb|)k|W8H-xcngn?GmZwxT8pm$ z+9~jpAo5>i$TfX{{kH%6Us6Ngq5Zw#FZjAN@Y=?2viRcDxV&F@xQ%`7V_(xa3P7rO z!j2>p?NGKF0VXqmR@8Thxk@5Zab(o0U`D`S%|K}Q+E#%Un{T%QSni)k5wiY|j=2B- zFnRtz+Gg#3^K4aA7O~9W=}hQ;CGo(UWklmc0Z2o{UPrwvm-2Sob?ZuAui1Lz`6#Vl z9D_#^v`=mA2A??<70um9_;;~&tNotNz?J>i@d*|qpuN|R+M~%Otp9oBKmB%eTHO!R zmNv(N4-*;zBJqo$z-D$FYXr^xLcMfb4o6(T1(SC>Zmt5hh#`Mgad)meNp+DX`=4|>=6(KoRQ2fQxjK06=IN#5TJvz+k|CwB z_c-|q=Xc$I-FMgGH~P+j8v`Z63&Oc5`1xVf1&ic<;!2vs; z{e4?je$v9wU+OuMK>;Kkm##I*`V@c5Y~a=hT(XNK1KKy5rgL3r;8u?o_a*2vp*d?A zZyrdf+IiE1)zFrB4W$e^YN*c?Z13;Mc(Mz%c3(W5_)e{hd$RW$H9{Lrl>X?X)cZ0D z4&Hm01=i!LNo(SkzpX!tbAWzGbw*EB1?&d#|2%UP(>PhHt9Aa@AoE-!{9M@6?$6{T zWuplSDWTOpP=bX{Fm-X*H!Thv;)mntTB|=UY1nl1`sj$+mIMZ|E*5C1K?*!QH5tYM z2lSV*auF(>4jF-qn6%x-=RMVpnn4q9#0T86k_$|Ut6w%dhMbjNM)A0swSO-KPh!H# zHoj;RU(Mh#@IDoiD!VmUEVAYPviK5Npv(;Q78$p+Yh-$?g{80joE@xb#}Pj1WI z?Dd{RZ(GXMdxk3<-;BbNdyxpDaPF1~M2(Xk#CC`QB^O?Q$tMky7Gb$bcT0(tU(=%2 z=2_M>WTUn!4^2=*!NJJq5#M5Wzr9>n@9wu%I%}3;xGJqBl0dI_i#`52dU1K?QsDHB z8E@nOUyJ9KHp1_heM8vWklS6c{&O~z4G9OtbKk0OfO3)~ohKKNu)<^9%bAd4-kjjb5)Xryact z<=#eZiSQ1-E{K2*-EO0*H_7Bp9uTH^YIqel@n~DWO0WV!BCYjBY_TM#g1IcrKc$q5$96nd5a$KEXp*v zPLZ!nC9XHZD|*pnYWS)jZuPP<>7y?+KI*PjA1FJbvb=E?$ztBean?~=EN708{XvzS ze>iP3B7`;W_R6@0XY0J-f8yhyBoz#{H2qvAJNHAtT(ZLp4kcXmWF5^f{hnrq*XTQw z(6fW-cgIxPk*uzOWR6?|rD7Wvb=PQ`?xQN&2?2e$V5ElOHm5A9NAcm#nPBH46VlzB z#YVL^*!hB}(KCSh2i6RON8L|M5$#cey}RcOW_>=fuHNB?fw4@Y3k(v=r1X>Cf(GZsKAow8H=qmk~8=8V+=#B@S55Yy%qj+@^3RQ3!0MhyDSS|vb1;* zki!??3;>=e$$-SzLT-9tH{rQ+7;%AiT1|F0kTIzCOy1xBbcUCM=BREJZ14WSQ2GUb z9eUqGpJR>%f1WPL><<}lkiu4cpqi!|U3};D5fr_m?$On&Sw}dfDHV(|Vb!m+^z9N= z!j^)*kEr`kLU5N9{98;IgO&f6Nc=<2W+X8|Elb-^XJFpem#ES*0(9`oL+dC{*a@;X$wIfi9kmad)ghir*8WVQY z!A&rBrUE=3;S-x^u#`XY&;%=5z4;PPN(tcXE|Am_`3k*p9rqf6wr6Y)=-~M7=tdpJ zX+awf1=1L3E^|g5&^&$aKXq6oaXNGJxnb*#KljNCtNCL=ITt?dTSLqDEs{mex{_$; zxa05k&(j?R(c;hkYf=ptl(4_H(lk@~@YUCZZ-cB-B~2a8e}=Q5-B@yjFKPoyF3o>j z;Ox65W<7ZR*dRLX;RxD@+f_Mlz1(>zbdng5rQbrHTrrkTrQ%4kVg++cT)<^`5QEFbS>zjRg$5`T+xQ&$1^sqLj7I?y!@moRgj-&zKBI)^GjV@q+X3_qd zL&l~KRhhsFTA$KyjVK$b#EqCR`pt;%MQl?PApw&fiZ5j$J=!pH*8R727Gi;1Qs{%j zNJid|f}|2-+qu<68b+iWOf2+YW7L%&a^%uCyrE+u?Aa!{pMi->+FP+tw}7tqz7cbm zg|Aolz-oJ*j<*E0OA_66Q0PHYe<k z^nwKKdQK#S?1_-T7n)FV$KcwW-XuoOgLG_ZXE>)RdbT4kc%&&h#a}8=Y*uhVC9Awq&uwQfHe!3mwBh`8>m&J?d29SGV#%0IqyxwZ$fI0?l0 zpt))IhzFT1{kCjsvKfAOM*ZvJv-g5yI{u>W)}Mdwq*ZGQMaK-h98A}NhR?|bpbaVHTQ85 znb1TbjE^s))YjG43kCS)O{E)Oc)Q6yyTfY}Yb=nD8(=TqU#RIdk~Yiyp6LBi_}T^+ zaIDh$s`5r!Eacw7PV;VfdbdowhOr51!o_=42WRu~%^JIbNh#w3({+^Uy03MvBJwwf zrq2?Kg3SaKl?1RAn`7tVL4)pD@e-_=MPPym;Qzr$$>{iLc4?WoVHja5acEszKq)^7 z!lTQm&EnMt18$K&mju|&NbYmH%D&7~!c~cUVY+i3ATBhRM72IJEPK9Y;%vK%F(qu@ zwhDFZ)+ZMEAH$g}9LhIPKz%LmVairQAaeLc&1?@+#oAT&gqiK2860B^i6p)av8)D= z3y4cgV@jPkC(5)f#@ZkcYpY{7eR9< zoTO+9V`i#nn;o9Hny#dKEF9_3M0Kr(qMK{X?F)4GGx5}sP*V@In*sgK#~u?{DQ(X~ z(_&JkBv?^C%v|Bt5YRC6uFnhc1VcshDf}DD274vb()!GR=j|rG!iDo_hIdbN>;R8!er3i}5*) z)rj|*%`jLh6!gNTFIi!kgCRcQv3yphUZpjcfh>9ZKKfX+P@b6=W%+h`_d95O6KpKd z#4lM_ge+~P0p|3s+CYEjwjJVCPw!K98p4xbs}b`ue~uXpC|R8pcjlXD^(Ux})@5Ac zs^2D6B^|x3(((kwTQ$CF*dGyGeuVb-PQrlxAWTarDgQ(82+4j-AgU5B}bcfDZvcB zt=L4PH@=YvEqxWSBfmE!(#(jGo?DIc3l*uEhuL(eB5%weg!;)Ui!>E_Z=?YMZDOLS z9-WDgna!2b)E&Td+26@}*6#Dhqxw}|kiNut$`#LGcpyn>4NW7jXTW9f<5>#r5&D|- z#lM544Kh!&|FLSTTFuMvKdO!mv`Q(9c>z9Lj4gB*O4Qi`_FUo1^xMUTS{AtjxhoxN7FcA4Lw2#zfZAg9b3#J!8y_-sBA%*ypK}%i zQXABZ*9ux+WA6VHHKi8-2G}8#BRWi2s%zq~ zSTP1&gM{BDVi<3X#y*V}E~#cg+Oz1jZYILfu!MP-9z^3>z9y{X<_boSbnUh*-A+nLVU}g_iH@Xpp*@-1 z)aZ@xxj$O4jyCRYS*lGb+M*`HSIf9>xt)yaFlL#vG7Rl~YURmTQA~cm2P6@lnb-;+ zDs{-xZEPz-0eh1GS7E!GeI&=yKl&aPOx6(Y7jIbKvhJ0)9sh+boY(5^^(3RqF zvo}a$NSB}iZVTqvK2{Cv5+TNnPR)0F{Z!vs3P|;t-kXOOnClf9 z3!-z^?PAjGI;OJVz$1FaKrLFo^V3Qkz` z(B*pzvt^1A4rz%GG04(`Xd6aDm||<^j0x-O{7E$!W3JwK{C@tYsv@93{~*2R%b*PN z!Gk~B-AfRXN`3#!vE8;;L{%W3?u!ewV7-~!ttF2U{+nH2%~O%3CKv4A#Dy=2S!>wP zE*CnuxVr%@uMKFO3)Y)^Nj0&Z0;op|a@D7q!j9beCRm}!*^<6;oRZHQ3g8^YGS}oX zyaw)jV-*w9M?*vrTLy3MhE=$StSm>A(#>uDDfew8`#CQJil>(N4b|rV07uJ`BT08& zJzvtoU%6~H<{SAukSa~D{E1201x`-X z&EnQi=+4IUKjnDVmd+?>USw-|j~^EHF2fme8k^f$d91-9IdvORYz(o;Qtgt$YjW{px&vEb z+xD0z-~kj+;Vc72WlUqYa_LUtTx?lP-l%3&C^gBlHvN05E3RrKXZ5g}rUbiO1i}H* zg@f+My(hSffy1^ZvZ*!=&v!1%=-k+u026EGDBF_{pT4*L+`~5`yHn?M(aN z??a7I(G=bB{H?J+oBlK}Gcb4phIfiNn;%1OPPSKZf&H)I&i$Y1{{Q3R$}$)2y@+HVc(5i?zX z58;6Fa?Af3?y9AeW>4(Ahi0-95R{PDov_RGA4B~P$x@n%NtqY=jwj`Xy@MRf9Mno% z{(eIlSEU;&NZJ-$Z*de$Y@bQ7n7sVg48Z#$gG5A!QNSf>6m(?j<5RvT zpv2Fz=irWf62;IpUV#QMZl~;n`1-U%T=_g>;?cmdzPbjP(v}?VL2N7lqZBpT5f5>- zxQf6Eie2woDu;4Z&8MRc8PBxyZN87I5-+U3PUO7Kl2cRtSfbMy8VE-(#aTk#Jd|cx z{^ZAz7d3GO6f5tG-KfCauN6v4Kx(x%t+oT&4y2O-u3vO$2mstXXB1=fPCO`D?K9Q-!zV!DTg0-;1HFO7!X^)az`& z+kxObuXwG+k4-f;!6R{9f<^N9EseH*%1C`pW4W2z zgn20dKWNkH4d>QEPATxHO%lgI+3g48M$kG!fKS>2#E-b(;fVI5p3Amp1u<5RRT*o) zb92Q7yrZ|=u7>b0-Ri&r)Z#bYDzk+bNr%ep=GOax`reAsABxt@?oY0}cFSsaoXD1$(x&~vJfG^KH)i_o zI1rQ?v!7U*=Z7%;C87kr)S{M3x7CnaQnf zzA+7$_9ib;zU_*QnPXRbftY158SRyHtR(A|(s%l&E7|RD+pCm<-7rO&vGWZV^)h{` z4#x(v*x5$*iT(S!$KBbX;Pu<`TX=xUi+e9txe zkO>lyUUyk;UkP%5Q&gyBP_6@wtG2b?5)tHSum8DTBEGgAE@+kT)Sy$dZ&n!HqyNK- z2gJy^P#EOq`^W0HH=0Dk_=Jd!S~cTi735Wq-bM`=4I;>&?CHK|Huht7NQ>3i_}tNb zcNWZ-fv~;)G=&sYUE11f=PwD7v)C%uLYhSJSGVA-2h5=tj%@|G{>-hWsaGGBwdXA) z!LdEXeVHW}F50|YohpIzu_xRDI0$fY>qK|&jg{ge2M6Ap@xvW%jQ(ZJVDz{-J!-^s zO;EjaWKm?gItq^gXlCKaNK`EsQ^NOIZhMP%hFDBd3}AQ?m>L33uiXb1tR7Cm(=dT0 z74wrNNND(n%6T)Qgd8?b0c%z#U55g)lp6jU;WL6ry?QRCTYK*j)5oJt!twHwPW}Y} zfg#$)FoRn;2?%s5%ne#Sk@u_<-6nsyB>s91A-W9S5)OX zZ-`wy-a*vtB<)M%X*<#CM0j3i0WTrHqgT(ZUI zywpUs|7#h*ZHvU}lU;8?k&l7tqEJAK$h{Y=lB44Ik75+~pIZAp;_mfJCLzok~LWfB2NJ{^QQp)vog55y`OqrSf-0bcYpj*qrh6*8QNBB{0`2jbs8nF zbnDSi_;jo<4mgzw#kC2p-!PE)y?xZF+;XgIBCW~g_bV7g7Wxd^GT06cyJup?K0J+>1y#Z+}a!N0=%HfDT zd{}kU)Z$X$k-u^~?G{4w=aUz*3x2cbxi`63_@#H6%+y{9*4X8|&Z^EI_A5Av$6E5O zT&r%f^};mJQ&|J|Kqsx*Ppg-5C7AkI70EL0#p7E9;pdtmn_Rp{yzY$%QEVOE704!5 z>3PE-8}GDOg36FEfh^4jQXq$Bs>C6gh%@&$Vb;MkQEWoe&aA_j*jB`{J$v;Y4`|(8 ze)oX#0E8@_@06%2NdO;Hao$j+K{#8%6%O(x(a7TjosKr3fnXS)rF)iOfY!hG=8Fbe zAbtcg7&?LodJk5gllX2yCAq7#KJF--6%$J>uqY-b;3Qe4+&TTY?x+p>V8I!c{mVmQ z_cBBVq5Y-D9jq0kS{JOJLiBS+p$?<`RbG$yk?uZyg)@@}N**r-?jE`IGQtNvuEJsfd3ZtCqLmI#fDPjq z313p`3bd-p^PS~anqfd^wUjEra-_jLma?BsDA2`zDecK~?uli6!Jj`O*-Nj+DY2{PoKMVRc2zN)eA${X7{=}oeI zcQ-5Chsc+|;qLm#NH738|C)+zo3y|5P$>Zy@C1Ili^^8?m1f*G6ZV#)Dz-^q#>3_*0xh5`5M3*!UpHHxeke3kz`0S33&6jm0vb=H<@n#k~~~ zM0zw@v(5*)#<`9Q;B4fsj)V%g(51^tSAWi4a%>IuGFCG=<}FoZRX{T zC;Y*sypD68)|gNr3xbrjSD1$52az^gG|R6UyMkMZVs+up#EvIs6jjS@4}TSC`rn|G zRG8)QCI%s+)16JTzc^`u98vfD}!vTh&$ zU|xPAaH_LRj(5iiKcIO3}1azK`&(nM{O-}q4?qKmK!O^nZfV2De1G1GPrlrVmL%Xb^hyS)b zbR4&e+Tl|5%G2j5A=GKLD*4~5#4oqp|Lg|o7#M`9R=7I4Op?%Mb5T|bOpTb7I_lZh zq5zzC;1wTHjerj*TdZkkhG7YEpD;?9`PVG34=36DnaF9r6%A*GORC7QBqY_Ej?;t*w_p5aZn{#sy|L5kCmlIis z;O4JLmwENmWt z|EgDqulp2yLs}acq$xWACtP=9U)_YLU?`YzNks)dnR6;b%k#jipg1)IrJNbvaW(fr+Xb(bCdX!)3NXQ`BBM=cLVmcNgt3^YoMww-SfT-Yi$vc zAelLLtFoI6TtM{5E;BdXXf1c%x1B;2wP`J;VEDB*ald>2_pl^(xbWWWf==BTx9zmk z9gn`v4b?hP?z>;hUFfdmXbme5_=xWaVZg|pAAeXdL|ubXUK!t4a;&DycBGWNT@ecS z5m;8OMA+pVyM7kj^)3e9oL>{lJKvxqe0VOuhxT^5nqmO$U>y_j`SWUgYA%e3vrD~u zD5oI7Z`@`bivgz-3QQ;v@CvUqe24@!eawo~dA_V!o^^zKDc#{*e%Df!w7q1+K;h)| z-N&QcLj+cJK97EDn~RH%D08QXar^afu{ZN?HOR<5Z7{0#f8$-4SaN!Z#JYbfR5AMJ zRvHrc&RYkaUIR3V(A)1vA0K|@Ek;QZE4nN4*|We!{m}j3gQh}ROk+&?75--L^e9Vf zL!72bT)$*R42&(8G)Gl#9MZTZGTPP?J3QXPrCSXZ6{yz_SeRY_vF5W0ZYBd6^@2mT3 zuI{TXvwO$i#Y$x>pVrHql`D}Jd)=WSu~1b4d9)KGDO;)!QltiX8*xGM$tclJZtPR} r)GFNAC^!7O4Mie>`oB0`YQ0$Tr|Ia=sO>r%@8o26_Dr>{f5LwN)FI{c literal 0 HcmV?d00001 diff --git a/docs/wiki/media/clip_image084.png b/docs/wiki/media/clip_image084.png new file mode 100644 index 0000000000000000000000000000000000000000..79e9e1be214e128bc7836f0df51b01118f37cfcb GIT binary patch literal 43579 zcmd42XHb(-)GmqwqDWJuNmD^Usubx(1f>_Hgqny*limp>Gywqx>AiO;q4y@eSE->x z=ry5*1ahNaxxenrJ!if%bKaRuCOdEP?!DLAdp&FI=LywRS0E*ROpJ$zN2;VK{{asV zpA--8Hu>E)(DeD`NJ5CtPo?bC{_@lP{DL!}vd|{Gl9(Wt)dqEl{k$~T|5DK1 z&WSSm7z=OEI81{NB?%5n9i<97$NU1Q3{yY*cQNOsV&(r`>9j%=4{+D}CwEByH9Yzz zi~qOb0pX{y*Z*4l|7UJlBYr$0iBxUy89S)-IQcYJZW3rSU#--7xpp75zV7Ri&*6D> zam2SbT^f_n^TRp#k)$!(fC8vk*N4+I-A8vs;z-is7shJ7x~Lg_*t8jRL1?ypEvI$^ zD7jRG+#oX~b@f|!eJ2nnf zJN6sc<$^Xpvz{r76EGVP)%tl*H7XsW6vNhkx+BQS!lG4nI4*bCfM&9=xk=SOSFK`H zj^j-2$#xz=g_6`;`RSVjU5_Af&Bzf6#MK^DLM|+r7|u07XOa3;Nl9sh;_pOPcI&J+ z?^`4&>FUNyBDPr&=w&Q0n3SGP%IiF~>8Jsg6kxOLgD#c4+RkxW_VImbcGgKwlxx@0 zI5LaTZ?q|@wwin=?zYcS41l@?Q>O+Jkt+{|8w~sqS=uHE1;Gd6R8#j-n!EZdm8@HUsYSI`nMRU+oqTPuXp#6*R1$OALt`_k=J*EDeZS zF$fh@ugr}}zQRS^UfG^)eqhsKt4izDF4rWS=%lD5Bx* z6{!CxfzdQHMyRC;OvQ2y(1^Pq+Dy}RKHV2rPZb@H<=JexTnir-4HD?N$}x&!Pg7`O z4|-9c2MfW?b0KRemt`VylR?aFKM}LqDw9Yo#pzHBxxVV}B$s(cM@NU4HI3}wpR0m* zP}2;^butOWZKMz_aJw%!hJa-(Mi{^cH8UISILn(43xU@{+2LWl#;VL&mm|rA_TrVgZe%P7`w&^PQ&V!eYl*rhT^_V{lfL| zn%=_FP8Q~S_G?N2dr$}Oi|RxSi!3MFe#dh-YIRX6jx(Po-TRqrFy%t|WuZJusmi1? z_(QFYzJ9|OGo!t4?dC&?7Q@nwpSp=H3KMlBOvt4z4XBrX5CqPWV=m*gfVJefP2#;H zHDK%*ahU)=>19s9O;l2G5w!K{7jE_D z`7A5uoqUtT^szW?rMV~bN{ATw25PI7J}mNk6(1>mHLE=_p0{4H=PRU_hByMKz-Ri8$ur}O$^(aUN}t1TBxf`hVeA5nE? z+?;;0qAha48Tu6<=npCQjeGi13pDQN85JCay_(4%8uLUT2Ys26u=I2SpT9Mq?^;I@ zA39h1pvkPJoAp0mEloW6pg)ahZ_Hk6ao$pAhf}(S5*WSu^5-Ymc}ux%`DS`ZaR0YS zrD-o&L+;{pw$a^n4QXMsKmmis&q}!;Ao+iaL8Ekg_7fXQ`Gl*83=prB*O^oB=C_*b zi-Scjl?0w}?bgWtbSbYP;T|Da>$UL1ySlI9E_;5^D=D+So^A1R7y9{{OWWK$-@Epz zs(#v0pSAEcSCrwAwU^4)AYX!p%(eErcjso+>6a&5>@N4h-O+!e8kL2kyGF8Y zJ>;R+21#omms=e`BBL_#ONsiJ%h;Npsx{rN7y5APdM%tU&+}||bJuC`K3_C$Z43~F z%lx#3)rx7Q-33fT>(_|&t1Y8aeSf16;UG*03Dgltic(^Q)>zNPqmWxEmC3K1^BV$w zxQao0z|qms&v3CJES|{VS*`uD-I7-k2%3JcPxl>XC-H^UN2#CFa~5&V!C^b|Il{Jc zHf61*$$Auc7-R-k$oP+47=c{gsOVAvr8SzJJtI+i+Sc{+V**=C{x>S>=I?^N>o4Uf z6@~2n%o0%Q5xFdfSuj=r?Wj1le=$mSl_1KHNHM%=Lg~Wi~ptf0)jN$UPwweFNk_y&)hf5?7}w->5ZmH)p2&4< zHW(j8c%McdbfmzUv^^cbb-9%WU;%W~x!Ek67~ne)f{sAAekEI3MV(fuetf8M)#~ER ze7kG~ror)Ly2R=$LV2@SNM|PqB-QeDnn_VO-=PJ^XFI`LC!O1#bPo6~DY zduH4;Wv_9UW!}>0_)Tf*V9E#Nle|dXsSM=W^!PNMeX%TftBd*ONE(d5g}xK(FT z@O_)ykD|Mytj29OZn7>?s@bvEM-8`QkJ^@5LdcoplV4d6H4w7QSSqaHgL@8~12G!XFFKhXo2L&2vJQly6^@7;sZYxa}R-}oJTM^kFvSQd3$Umu=ikjO@}M1f|Qg%XwzY1U-ew2 z*as_lLc5a?=44*ZdT_n^qIiCGsa1%-LhT3`sW$0;jf1!e196;51wt<{PZ;gw-*unQ zv|ZI$x$4z=HwX#~S5s$dNZD-|SAGr^6k^b}Jh@aSc;!>JXKKgUOPM|*Syi&rfoxj7 zR{v0(HxLXJP7FIOe6Nx8WPQTzAQu1yZt~}EUj-^(_%okN6fuRIo@`{l%JAh)sJ69E zchJsy^R`MVAe|x>;IY3`kg-{fSEvVLz6jNQMmDeCP)jNmo$j2ta{c%0MgL8T+?KRR0`HJU{|+Ql;B39W z5$}(mmKB7r!S+}T!9Q1F+H`v4tF=Npt9@DT^AGNsj!|?Z@|z9~PccfkM&leac{&n| z+!QyZBnNDb!wDlFUZ2D4^NbptCMrzX#nAgz8+?2>-7W`NF(LmDqxvh7$8TPX6m1Tt zq!jnolds|8aDrg|#}%bFkrA{{X+SPf4fc48K4VmO+O}RgPIQee))anp_#4#5i-P|v zK^vH10fhbq`h^>&|FgN;|4zooQRG?k$7ahX^Si0p=jCx?CvJ&;x;Ota$PU>9{k1ldm3NnnjDGQokSfoN4y&D{h1#2C&`L5HDWgZ_@ z{^infmhi!}=f==BiL3c4_qOW#%vMRvpXJY>EAmZ2!vD10a|7M!r(0=?u<#V+gX%8= z=mT=qz0THCe8lyViv>5zNe@2i;^_D4uot^BzmQCqIKVG1?XRPji$D?od`P|;k z)5>+<5xjo}I8J{IY1#??tWxS!CVAE&^Lfu*BJF8VasA?5pNW9r+;?rE1f+|p8of0o zaoo)IBTmwc2`%OUeKS}`X&mOlp)QcO=Lg!FM$bDWTujAQKx}i(FTsuaTsD!=RM;Ps zyostWDsodtv(dFx-mL_zl1?k!NB2f$Gvb2VnFRf*pTugeBunt?!{06B^YEiOp2K>S z_#C3&M$rD*Qz@HuOl~;l*>Vu!Ad-`XM5XJ-V0KSS`_UiiJBnUg^L4{mkLO>Ss2|1B z4Dj&nnahcb@-bYwRj6LW*596cDI@i@+vF-3&+UyYfv80`!WZw+q}{rgvT{zSR9+?C zR}iO0D>FZJwSh#eozfXv{3yVr_e9(Tt@Dh-ezO&wrETSuw;dr~wrMC- z&ZL0DknL@{hh62rl7MoyeJgCWIR|se`Oy18(HorOaMn01rCIjHE;`-(hcZCkQmM$YlY0ILv17@(FHl0EK zuOH7dd=Y`8NQrV+<03OLPsu5JB_A=`gQ(g)xbZt3<8oD56%lJSys{{l0`w+V&ae|d z`9wv**`P#zuPEaYFqn8CBrJ})$C~No58$iDLNLqDTuqA-v)VLm!AtV|aofmIj~y?y zQ6TjV(E(+n&k3{DHsZ7ebaTSg`ErEUUWBCcCe*6B$SKr+Q~PnU$qJ9-;(J5$oGLBhZVu9(kZ>h%7leAs*n%Z@QSK&($5)))%*bQ|6eiW&3})$8Lj-Aa?@0mJsUXxjOagQ+ zOgKbyzHmR0sq>_xk{_DJoHnhF&*x>h+Tyb`25%&Uvv5l-uSrZ6ll-Ld@@kyvTsm}< z=8u$O&Ua@PBwlx6b|}cQg2C6#w|=Jqn!eMFg7woOF6Ftp(hBA`*BTA^d6ZNTl}`Ov zsUqyjo?c&0;andfDU0)dY2>9OlNN2JZr_|a;}e99?FG~lD1p~?k`f4}(X{E(PpB$5 zS_(bn?dJS!^X+5B`|H&&Mx`*nWm-9~BHJ_O1>N^B`SfM+z_#l^IuW1qCbm*NlpNFJ zDX3Y`BKnxtYWeV46-1HJ%9M`w0&{8Qlyv62V|U(|X@o)0X*5E;Vn=i`kR&Z@u)h{K2m zXChXIE6sGmN>fB_3Dh`|>pu6KCkNKgOMeVwFIT&R`4uwv4yZN?K}EVtto2&GB%QWG zmmNvfu}qwE0=TVbr9}E??+Fe$#L^9r?J)$m*d$(Jj<*HMmt-&wW6oY5WgMaG6R$Px zMd`Pmh?l{)b##WMG=8z4(gSy`GPnG_u#E?;@7Xs7izNVw&U}c?rBOivf#GJmM#zywFEQ{VGvztB zb7|{+tp|#c@1)~u*F7IVcbVo}&b>hcFWw7pexf06ODo%}SmJzV7R{7Dwf=agv8`b9 z#-ak%X1jG^?(2M15No(fL|Wjr48@BZNMma;%y_=MFSbT<;*fk1$ImxE@5d*)?@;Km zB1k4Kg{NsU(l->Q`zBytP39wnq>I#QHGyF7ZR>X%(eYdHw=Ul-*B$x&DfLM&A~ETm z;>&=A-1K82<775gD+-*mt<|6gQ_5_j6M@vn%%DTazU#dKi&+=Pmpua#>aVZ5gNVUS z$~%^36qteWaDc%9WPU+g@#d9dIi%@k z@IJB|C_K=qe!p{z=W@*5D-%;CK%V3?GwKd=SE~7=Y>s|%ZC`s3i~PWqGMac4PHL$7 zoP}?HU2%pU#9c?eZ5s?`yf3`C>=^N0kx%NHsK{`yIT8J|wkV!4J_zNKaohX%odYkd zF(Q;Mzn8q0E6}W5sfZ#ZLgzbj-kl%w3$z$x4W#D;a)>mSgBoR6q%MTz4Kg4% z-S-BGtDv4IuwG7WQJA0<^oYO*in>^unFYf=g9UChc3Y}kkl&{uF8-e{n|0nu>im(t5bK#?g z?iiWxo%i0r3&;xq(ymD+lRwyx63Hf;P;sUd?gp0X-58J6mKmA^w0wYT7fmcA*cD_a z%r0@^)=@3X4p%W08Fl>>)}4k8n2mtIcY)N?RA}>N&?yIbo41!OdA;?lrL!4Trz2J0 zaM`13J8)|=zkAd@hGRO=htPfN@Ux!U;7rrsn@h`!9s40G(h)jitsy>C$d91z1lEaZ zXQO8k@F$R7J6f=q?)ACxzTkN?*uQvWJ2`VFQzaa*^3WPYDtE!33Ru`NNxN>PTr)cw zlwA|6LmlM!HCrdp?b~}&F>cAEn(_}VwmfG#m!?0T{jLCPb#C^6mrjULNe#}C573&G zIyA2Y!~^^e>(VG|q-6s}WDb$frrDRob;tO(Tt~+2YzL0&$*$6~9f)Nt6_+=f#ok9F zWyT;_RLhfxZwb|*`74|WK4#C}vs>?PSawvUbl?Hz#z@TDfZya-MIU%D%A@)-(1Rn_ zV&4GLH52s0i}JChAhF<}7>?w}2WQ9Dz#bh9qwb;<-Nj}F>5~Sl^~Q0o1R(6*9<#Pd zTAO8(SQPy1t1$&^9BQ;^WoqmgaKQ=HYevvjOF5`!&(W!Mh+uFfCS&H8qz06YE;go! zuTO3p|30QWRpET#(&D~9Pw&A!yMUHhGNtXRV!mQzuQ-=7Qj&Wa#AoO2zbD4~px4Rd zuHn1O{U!I44jl!OPVenEQ8bpTtMoF7-aF6yx!lK?VH85f?20X%bk66mGZ>gaJy!BN6&(9Vl%a$>w zoH85!`!F(`O_t$L;m;@HJ-&T&VK z?@MeTf`%Xt$WVA?7L45{q7Md1KecJB7!U@!i3Qh~AVu<{cczx-!|jf!X@p)Ly~-fn z{Uc0;=-aAi@^wg`^&V~{~AWCq;E9;ylvh7Bbmd@Cx+cyzJ z+#JolRAn#GPtQpg3mnoNnb}RwrBowPFM%m*fryL@AFlB=Dc#?Hjp0Rtzo@b9Z~IMX z-|Ok8iVL0nl)~7jSPv89a;ey5Y4gd`2*$y4jQZGxYzKEQ&(ICk9nSVb)-OR6%V|YA zqpyx^Ik=#@xgKAogpmVFZENrZ5gvqrsBaB)dbf|Z>D~7of(UnhFi6SXS#+^= zNoA_1jfDKFH)QUFS}xBsFvz0r2bAe;%R#}t{%4TB7++24btMrf7yyCOlB?Qp-Qtsy zUFn+6(}Hcs(4G>6?3^&6x|Hsf^R&05IY2u~u@|{X(%<4=#M7L9C91=1NcGC=I%Rs) zc0!Xo@6GE!6#@<&pm$pD@{@@~t_JhV99A>=uISETJ0n|R_;9F3dAq20g{Lup7mbyh zTP-*G(iuqyl1z%?qo@|$AiA<%U!vq@hEc<42QRqfpnNY}@L#`GERd_CG+GVFyrvjq zery)DdiM#%=f=nwJzQW{_*ekyqlm>~_6<#}GVDs~T3Ugh;vQV4QH~wKc+t&H_HxjI z;md>K^G4oeu@M`5f~o;~W~9n!OUs$WQ|dPO>#_51HNHXqR-o${*tid|2sB&e=}N%8 z;MJg&E^Fpqi&W>aVFK9P;&2!BXa!yT@(p|hP+~>^A8yG&PjUUcW9Qb3dOg{G@&nb0 zFw6*8alP@+^n6`n`i_v1rDB9`#oY+)qhTVtds~#6_?HSmDeC{NFRV4KF%=GIJm2Z? zN+s{*@jRAnD0xo@HeZr%xX=N7bYzvQOdz2|Rd`%)xG8;Aep&W;hlY}hJKnuN;DFBF ztUVI)n@YReFHBhbtLFR2x=Iapa?UP~WQu^owbo&eoBp=lyl_BT?XltGkG)t{uVI3% zPDd|@D5oI6V`2Nd-)f8n?aN2EzU?}miKVmI3`oR_pk(3rYS%yw7nbbodyD1{HO=)z zB$C+FWOem1JP=l)5+I-b=X8Bkzs-CI=j&4g<;e9^>fj@Q1b*SmRpt1bc4DCAw45L} z^a~Y9yhxD$G_g=#&V9lQ((LTP!~7tc#^Fq~s$&mwv}kX`MdNSj;hA_)h1bJ>HH0{h z0@X1;J7z=aB-^Xi_v+w%BXljww=%1U5*iR}7F*5EvSLM-!Rwu;Xww_5oU!4LRyk(c zdJtQ8-CF)ppU{y>&eLO888Xpbp+nnS(SaaFc&N)KQ9OuaeJ*UtQOGwFeLIr2c%eQV zm7xeON?d+#$`iR5A7an>j=Pm(N5!NGmd7M52B|qgKrk>q-ip7!L?Todp*Nm*vu~_ zZ4FsKRZr6MZ%|uUl6j@3k(10^n_paE`=;Zt5r+jUOU$uS8TmB!bhDi&Z<75^6lZ{J z)B4Dui~B%qxRS~s>ADc(#nq03yS^tbp)csgf5MYnG&qAHZF7IUu=umwh?|^`8`eVF zGQeut=8BYv^yk%@JTuh@IkkbngD=h-+FO9aP*;Lnldb!EmI+YM&B1B8H^U&%MWS(X z46e$6)D&X$T5Jc_HmPcB-YgE*PWDP3p8dWFIk1~N)f`DCJ6G~rp7D9~GoNh6=g#_B z;`>8yE{W0e^RDVdg~6_t(gVya`d1pW7t_Vnd~Zfsl^2YFkusUD*`-B@kw*f0){StX zJ3QS-4i~Q0rBuHpnf&C#Um8yZOjIz@KXlFmFolLy{j(;n$`l!8E76vK%P-|lLlllD z4}R>(AJBnuOF#}P{uYvQG-mosz(+~VYUu*Kl0fyr+ieEKf78(T zxlFrcl)gKCyw#Szuhj&v*Y{2#JsCbAc)Yh`ZqFYC?;bssOFXS$a?`hNJX}2&J~m+9 z53CrV2Ss1XihTF-`W?Nku|;I7^mR~OBsM`3t;6-JqI|JJfq^8Ngh2xz=9!W0cS{BBw*Avt&Pc-n%1j|y~R2DIjSDW-4j1-Moc+PcTyTgu_agMSB^z6B_?VOXTRupNjf zay~_J^z-~qaH~&K_z;-sL$r!YlkRYy9Ms=jro%qd5=9UfI?RU^tu0zs(dA0mhW6I4O@b-p+sPd1$d~3fa&fyblj|>N%xwVM0hypM>{_FQfq} zptkGos+R}s9~08h3cWwcp~wU~6|^^U*j-|{A{dl0s^9DW$qs}zn!{cd54}u_m+^b| z{P&9~se3YY*x5-jz#WHx-qA%su|Yq>!c`vOm7GE0!hCC3>Q6_33Ci!gGM5!b$n3Q& zP5y3CZOvn??ZeS6o#Iauof@U9_BYk?eM3wMK zk8pQ+F~n8Fg<*Qs{76Kx$|kqcA8ysqgfB{E?i;hux?Cyy_T3C2SnlS)@A=)<%$l|D z;N$1e414A)_9`_@MA}j9kpO&CI>J^ozvlM0mDTVcAcZ>o+O{T=_0<~Es02)Ws1MU5 zxPr{&!jvKW+{N$IVd>Z3WOC~nn)c0GV&rOKEn#U68WU!s7c2pCyIDjt-mowO%T1@|;hJ-Q%YC7)eq3OM2j4T(rgy}p7?!og0$muSHrmcDLJ4@RV(NNfUA z`Re~j<2x(a(MeT<-vGf(U&;qYSyYSg0Ghl$Rg$~-Pv9Y_cMsK&2<0^H+NS~C=$Jrv$xzNNA_zZxjbK$O^P zzt|GNSTb6S^@MGV9|nJ%RF+%6Q!{)HIrxEMOYFALz7sGY&U7wJ&?eBYLWqy-sba>* z6>ven%D0~FcbNa#O@&XNOv}&29$2BVWYH=F#2_`1#VxcE z<~q2^u2}gTp6?<-ZuzW6Lle@Bkapel9qJ#FMy+@0W_8Ss6f7*n-AKAz;{G|RHT{O5Q17)5v#0M(UQY_1}*Zxki z$IiI>APkmdVUOa7jCLl=h_`!Ih|pBign*f0s&i7qHwV@$?j@ITKhT2=D1~nC&V2i{ zr>pfd#)OO#muo#1?ji(vRPBSl=UQ_u78%U~>pX%C8H+q7p&I};lRE!l-qCV&g;!gb z7fGPU$XgDLHsa4?;%mgVd+}Q-VIl*}uv-C$BlXeZ=x-QR@Q&l;FMqHjw?|Ex=RHnJ zkv0s?AMhWIF@9(%5w1d$##QbpXB}X?uM!oA$TsUX*Q`ND1K}#WoQ<5|50}9b_S65<%rY zmzhysEBR!(Pv-W!>+EiR{KPweTP@o+B|Z(SLG0L%0r@X`$vA5Y@jQ(mbWshDBwT9? zuz+s-npXvbx7@K854G7$K6;rp;Sbz43jn{u3#(z?gA`pL@s`$idCn{J;Gxocjilw| zIoaD}WuHn}@_W4%6`G<6;LJN&0r`Ko86OcFkc|cDr?IejgEJ$fw4!E`$H{W`|Rx8t~;dlPJVp1gk*XeACOM|t>Kkzs-uhU z67Ot#q|%Nvn)ZF886wTqBMV*+e*lnO3*vex`rwNoKhQ*-TNdnI5K6zhx>H;Wypuj=Vh5yt{=K(LQbs)o?iv1;Xz{mTg$oV^8t~V2 zU|TMSt>@oBSHihji(@}!yk*zIjK**vB4Z1bp1y@3o6q02wuZ`a&ob2`!fBR5R_n@S z%>q-%i2i1o3}v@X8EUzftO2yz9u8BJXT_mIAq$R5O4FXex|C+(n~adeSzTxd~+K- z2$iI|veod0)YC=y&~C}P=e?K~|Kz!kJoM}2!yaCfQ5{~e!1_sHG{zGy;tQu?(pM%p zAdmvMso2k4H-KVtxT%L3EH*oJb}`>vhpfx<(6#gkNvG4V+io3Ps(|E7({ZMVlvVrd zHuhns;|}*cJNmXG7QRE%XZw&tTr?nNnLc+#{^I+X@r-liKiLCBSLd1-070SU?|y1y zAqPaqy>iy}P`WsY((jty$3daRZQL@%_-K_`JQ3=a#F%f@>cMM2eYJD#Z*(+vWIVd= z`7=I9^PW-(xt|(N?4}_elqp67pioh6_bWEp<_qWQd?cgIF~)2R^?OJ~ZPfl6kXF99 z7M8pg?dy{98wp&^Sn5I`|VKX`SZJ++;?lo2yYp?0U>78 zT#vL1#|-=rxwgx+86p>PT{uW4vU$szEpKwc`tRuXP0yjyzq4ZP?3b2L{x!WOdHnC- zn}Z_o-}(GA;;u~pe=WE9|Igf_xt*D%{h<~a@$V^!U!v2+azvy!_CRm@zXx+LYi7J_ zX{=ZJ1>}i~!uyw*q1L4S53|?*cNh`>-%R?<+})`URcROU@{ZP?vRXS!Eyb~1fRTT6 z3CQ`;GN1G2P|Q?Dsax^BAYxolvrSDoF5 zd{sINVw@Xfukn;+X8B@oD(x1<=c=u=PG4D1bK`jNPtxS`Tz|a=w+Pv#B8xoU+_cns z6-15V*;y$rXYk_NJ${0tJ_=(eCng?#a6Fi+DgaXvw1rv8 za+Sqh#pnQQaU46vaB7~7e)e>iU{-bbJ}a_KxmHnX%jfx)ucYTit8N677$;vFrgDF= zs+UB<`?B2o`b-y$qd^Dhcp&y9P*!*f{c!=u*5(nYQ2i4LsUU_$?P zfr3JlN<%{4&rK@hM#U=g;USm##pfJ8e2E$b-2&q}DwAVEDZ;j2++tBtVXQZ%NqV*F zU0h6~#I36X~yLoMu;WE`Az4ld=>7Qh1? z#Um%Gk9W_)K^w{<(^uQg;$-k|-qxsjNJ{DpUv3{o-ag*vQ!LO(WyZLO7j%^@FEEig zAkUpV#1b0oDh(HP+W2O(+&YYkU2pftue83fqx_8XWGQpF~{-#ssL%zgdda=Z1b?zi9Wq~{EEILf&e|5-rT z&bGy~xYj;QqVA;U#<+qioFZCExJkF3DdAr~{$&U)i{%3>B?*dD-xm@yP(D|#wIB1R zc`YmDG&TBi9iMp(S@0qvb zjQ=Vm`iF*uCZCbR>TDAX?~n=o4&3Zl(G*{)Q?K7;(m=iVJ`*MuUxTBV7k#KvcDd#! z`I!;N?EB2tpiVf$RxiEid%=`I#tAdvbbP?S@|{89HVbLVvR62Dk}IAu(S~u|;B={B z&S1?C2C<1;N*7T0@>M3L{Ggn4D$$}h5pCa`nx4j*_RPQIIADozh;-!)MqU&?%kAC%mcUm4i21MP8Odv3F z0teON%*ZnE<0fcR}fqwATo&T8QeI`9njJw8j>_U6uDQs>|6>( z4W$-JPWxnZF-CLs9UK(*3Tah#%XKcuA#y|X3{9oulN)s z$a=J<#tfKnzrViU|`T&wz6#Li~PI?3evR2u&^@Pr9XNLKmet{&pC=tm#C-zmFO#R;tJ>=GFd zj{>ofCoP`mFVRsQYNJRTQ5Y4AZ`>*%`0V#~L|66STKIVX8IJHekg3@6z%^AXD@Yd3 zWr^3qhvzdf4rQj2X@Z4IODQy^Z;QHEpX|j%D(_0UFSC@wszdVw!^DI&O9l#PPF)qA z)9qwtGuU5Q-fM5U>&Zt1+@8U<2a+e!`;OzzK(e?U&OkGCBHwZzmTD*=RM=IY>vK(+ z4DeBx$k?sCTYANO9+SENC%k)CIf0k4G}C^rx!b!I|8@zp-64~-cYP8Kxci!7mak*X z=kwL+j?>u`Amzej`zo`<)koO7=J!Q5S3eFnF|X*%Z6T|~jq+bKQWMN-sq@s}&B z#(|l6F2mn-x1mQ_w4ADZ3!ha78vl6N)bt?%m6?&wyC4bO3x;fur+AM&_Fgym_Fc0T za&VB+3*od&O#>o^ZBc3|B7->fNUl?!@X)%rRM%Pp6s zLj@dRU!01n_h`hsPH2Ow5kJd11lYi){OEu>h*yV@?q&NG-}GSBXaxV_QTf71nz-_C z@+(y?g2tn`Q@_99Q=K%3T4+W8dft_Q&xQ02O;$kJpZEPC1C7_6cH7iJWk#}*_G-EN z`!@PFZP=tItM+`6309L9eaSV}X%&Bwb@#H;Ub?*e^Zz(f=nh$o!Tl?4qP5BgU-D%i!G?_;$fx-}X4>4yx}+0ilx z7c(q?9vXx>TD|I(HmJ(_L0U97FvtX_E|p`p?(Y7p+r!~8cWLq3=+heW zMNQZjX05i)**Ts;yY??~uG)zc_%g;{=)YbTn>s ze&CmU`Emw|lU(h04bl&O6_-WF#y%31=D_x?7rxKQ9xT%0K#}Fg^74igBDes`uq)%|7DJKESuE zo~q>@P*+RR=ckC+r_(XVVsY9lcF!n0tG^nLXq@s&8mHP#Q^i4&`iHtr>Wnx&Y!X;U zt<d>p)F#+>zy&qQq)@=bJIDfHsK)#CWRGxXb7Prso9!yFEWWKnpn0=u(s{H1 zT(wox+jNnKgElTb8~KxSd#2=*aK9!J^O01mTE^Pd%X{m?E`3c+^syrau4TwaBe8_y;w6Vpvc48%vXP-Iajwt@2S4N zKHGKqV7p5q5t1`EwEE!VlWD}Gd^x6ro!B&Ak$o;jP#^;?ZHswvm?_)DvN|~KEo*MB zR4iON^zwCgf#ZgXUdr;;NXlQSuX|4q6S-xy0wMnJrQV$~)odO7NmFT;A8&$)LG_oP z-ik0yrut6e&9&M#(M@N=gEj?&WpIK9^??S`R_k(Z=SI#ai=#52_3sa?rc07g_Iz4g z8G6evv zL`tK&Vn)UoAh6qUmfSPE3aTMHvRoU<1tQDdlioeTmOl=ksC(kL%5H@8FuVSV=jIp{ zUmvA;_iYLuYcEg-*Ygj&@WD9uO-V9906*h^(vEOC4yGcP%@b}JEdPa$QEi!as>EQG zP=ZlUqak0k?ap+K;kK>AuQzqf48A}rMD|+aUYX!x^!~@U4amrYQdyq!xfJ`>IcI5{ z1v;qR$NY%L^MBB*z9!! z;h_-J!GO_0wZWzgr)>-1C3YFW*V&svxd_f%J#=ZSzO(#kh2z!%IjI?4JKO>EMzF|L9WjZ8E zD{PavKi@KFgWu$R!VLd%L_X`*==1Xim(u4cPjRyEtN5Aa9%j4)0XXl(th z=4i8aQ3+)tzTVUTTy`EFyz##vr56^WYSHsKK~4ae{{TNG|p^vjBelKNi)x?jyb{OMet^dHgM*R{64&IbQ*C;MA%0eyk(l zES&IG|5A&WvySe2|94y(iKyRYcsU&r)O4|0&nC#$>UheHjM5auER!<5DY{G=^rR6c zNUmiyL*Wzz={#g5p^SNh5&jkNron{Htv$+;gP!NUi~XCu@gg$7_JNO!5fmuJKd^=8~hkf*LAvE z?v^!1V{peIXtubrh|2uitEKy#-#`!){N7;Kl&JUkdLCf2os40u<=&#)7!L=BLwj?5 z!1ppP2xz2FFdg!t4k#taXuu@IH~(P`F!zq>J--5gE=>XC`Bw59D33NSruh)A7+8A6KN<{9tR+QZCma&G6#-sVic>#|VpZPY#Ko%zsu za+?he`;er(_nVYHaUBf3Z}jABtp9%yay zc7<6|Jd&Tu)5zFMeJZwipecJA=>4p)Lz>>44kEN7>p+@p54St{?NabTC2*-KAYQH= z5`2yCbA56%sUhM4zkPc+S~T~?m2Y9@XYL;*6c`^ zlb|xxYeKTYaXt&lU5dT$j@yreAV@_y^imG`ZqKSYP=e#P4@IJGlUA1Dh(9w~BKTm{ zqkH#ZUipyMVJka;?xXR0RA_;K|3Pe88e zqEjV)NQ!N za0kK6V()|sR#on)CGSRPMZeo$2oDdB#-*cK@pvG1&EGcEGI$sNDG>I)Y0e_I8;Hv;dA_z2&a}U4#g2|-qsjlH6yHlOBwVDll|1(xXws2^tiX=kZYfFKtgg_?Y#*@j^UdW5ez1 z*m-p4>G?f!!(czB8*<8N_LYvyy=$ekOo=drNzz*B{ErBjyY7;zx6eTCy4y1Cm`Q_s zvAWk0lfk3WT@q)MlZadW45GI3fMw^`_hQxyFBCPU;~f1``R(vT*!S((;-u5xHh! zm)%(!1!|+kdfMwVb)Wma-h_p^{Zi&yD39bq&3#^8E6?Jx|H(eeMkEd{7+8YTUi#x` zsOVKTs({FC{U%G@=&PKBEA)zRML^=`Q(0NL7UPYD`5}oX(xAb48UNAlqQ+O2uN5Ba z`)d}i2Xl6bTMM@QvOxG{zh(2I`a|K9f^+`j2bf0UP#}?_7w|k5qGAXAf zzpm2>T^c|M3W$XHNLeq3i$d6yXLrG6< zqXXXGP2BR^TC8?P>b|Id8O(y~p47ciCF<)g+;~*}c~Gb?I$+Q)u5;9^&$0O9R?XLh z{qE7ACBIEIHR1iU{BNr3@lp2$quS>dK5Bh7f2boDTf;CtzgBK)PT|K?d6#8o6R74d z>l)RW#z-W<3!*^-8lJ!9t4eTjbM=P@WC$t(T}(N@^6WWB3L6l5W55d4-7jjj|BzD1 zwag-?#95bp?8(>5$6WoejAz)~(0W4SI$66`Ma;}~tAOvqw*B#sM;j5`OgSfH-zxSx zUNd*6G&m=&KiLAJt!1F;B~Ys4OP)GoQ%z%#xrNG5RRgq1{5WQDEdwlHh{3X5=mt*Z z``eH!=2d>X!N^0;^%0}%#e_in%2H8xf{JICg_XR^h{98EvX#zNOzyQt$gwjm-UKre2^?`Wo5qx`UM!e5^9sG6krm zqS(ZPEwv@vCuRQlYy``pW-lcnJMnkLY5ZsnI5X1U;Qf zyVjN%OL}QH+sIEvyagi2%8+!YzOBQ}hwFFn?rcL-7>T3|ry^T$x)%g#)EIofuPE{# zd*lNmlU}_cBIjVe_5(FH3* zF#<>Amn2Ky7^rZZsN`zom<__IS-GpO#y-?t#hxm$v=ZMAPxi>#n*| z9o!u9a6kR(+%2anS~7&bFcGHjHNSu`T7kqNs%xMr0pFuEwJ9@A+&|bk&hV8kZ3MZE z({PE}S$q97JH4%GDy^w)?e=hnKXLvnmr7j*))c`5WAY>~N&aGJBa ztd_=S-Y!cr4bsLQC_YH-=?iBzS!%>c^C>fCWA}%i{GOl;-&Rd+m{YrlYdDI8qhYhc z(*9aJuJ7|K>063)t)3F~jxN5A60f_X3)K6$R0a{gj+L0CmHOy%MWZ$#vAhrKZX&*+ zVZVcO&u*DD8d{d8W;0nU{_A_`jt72VQdY~^EB^zaNxaKYrNfjb$qIu=0;t9F=Hrp=Fw=l+<(h>Fjj z6;DkKR9LzzkkdDogE(ZJiPr*u>r}mpIbiW}EA@AN|AV*yp0}gS+i@pQIZXt4-aW8* zB+OkK*VY`zFd}lYgF9MiL3BV(j?XJR2%6g=IW|Mx|)y9HGUiykDoTDdp6*B(^oGxVq^IMKKC_A=40v3zZE-VA>noST2H%&9ib#`ng& z|E=v3j6fMr+-f8`+{$=0C^ zs4VBt5h(FrCGW+uU954lXnu;;DE0{Bjz0hU-{dO)2Uvr+sydZR5t|Z#HTe6#=igv~ zZL_VrT_8s$QkzgYo!GyZ=kqQfp+>zUG+#Hvb031I5xl|g@+JFv1(q5~t=t{d3sSTc z&08*ftvn~=yu`G;y3+68{fjvW@6~BBey`xMrTB(k0#weqqfPivfh8XiS>F!z72ZTVaVKk(CPpwZHO$YS$ zzm$m&MzjYtZt0_(Q;*wRS8Bqm+DUfyJh}EQ33R>U&!?4+>akdQ5rPRJa&`776$kbI z0lT1m4BsEsDv8~`@g8F=gKNiYxyo?|8}Z6%1lw_^!}Q;P1&|NojeV&3p zh6?i26j9ZgRhiO@9A?@%Na}&9YM*FWout>5N?UMMG0BCn!Dw?3+;e7*TLX^vR2ni3 zxl>ec^FQ!T{H#6h(J);sL$&D>p!3{iyjA13(iD z4!>{Ict@an_gA}>oC!LSe<}hRyz$Hy=|9NC;vK z4aQ~CN7P zcif)+aFK(ib_*EdZzG1j0kXxxxP+OeBlmpEp+J*c6YZQg_qy5bswh)RY@`b>95KSZ zLL#lvY!Z(I*k3jfkqO6{KIhK|w#xqVI)tMin1pxb$5xtum<%1DEhHQ7$V-%zfujQ6 zC`>=v#l=a3_}tg2G}dHrr^H<7V$JAzv4;{|&!?$m+w4r-P$i?yK?bDDYUw&ILhWMQm(Y!6c?TDrk40-n466XlRrXls3u`;bQTn^F^(Y&JI89l377;FPc7Z*m8}rdR@X%~_Bm-s?c;*91>y<&u#4V%-fTMg zM$9d|@;(N4pkW0_|2yIb)8L#Yx@Vbo4TBo`TDL9*QD2YU$CNE8o6aVVQ&m*ObdMZ2 zSw9-0V#6jb+5)Wrh3W{w&RSYo#nyDR#bu_JdGMt~=+wFREK8!7|=R|&kd zFojo;NOtbR^JN}s<)zmKw)phToyQ8RRTH;QD~~lByEzpWtBUVIQTHcLUE<=%v)3=_ z_T@2mkaH48m3y1oK4zwKWi3JHz4$ZJyU@rtON}h1XaMCCWsS-^|AmXddy8a+{Y0gC zvP=ri_&BAx>%0r-2*)2LAI~=L$3_A!BO8{z*!f&Ktk2)uVfGH=Uk+@%AI^NNV+GNFES_lj zeALGGGzj_TV`vIzNB?`Ch`XaV7YI2ns#{{G{via|XjhH$BXo1w8S5&iv>%I(cM$cC za@06F3G_zXh9;L0ofUmnf*Ul_|)C)yx zpYB^E7~47v#NX}faE$T1S$t~pk((z7MyC>}Zs?{ja&b=Z@ln^-WYa{#My*bt*3sD{ zip=onG08VtTts{2r1@UEqiy~CtIu>ggTTWgVCwi&hiBz=?c4)#zXdcz(c@vkG+*y||%t6T1tLVxs@#;oO_RQXV#)Rs_yiPkGtr- zd*m(~Zi8}Pt42vbpJ?`11kYR~6Y4rP*)23EX4|vnx(380@zB;Y*5mW)JMJ$XRxE=_ zllHs!by~xYFGpimvT2U4wZZ`kLUo(!>5n(vol4<*SBalF1?XVcld6|y@WO3X=WM3Q zgk4n~t{2~%vUeOIz3CTXGwqUej0pG$sTb7*-WE#72TP~G%TGGc(D2OXW88}HX8jkr zF?KD=_Sr+s5vW@9K(i-qzuP<(?wG}D<%9Lwqb=Po1@0T;WH63;;Ru}3QT!6}3$AkI zsPf*MWcM#dd-}MLz{>x%u(V~%W4~s*Zy?w21#~|kg}jHl`DbH23wWODtA@DKZ02m{ z$b{)`^LT%@$xDvYo$}~9>U5Z{bP(n))+)KSVd?UuvQKsXJt0irKTu@(=GR+h0Zy&; zMuySCy_kJnP14T%CUf%2S8b=!NhyRzA}AVDdI?)EgxI}^$OJM2i_iwowX}YBy&^Mz zcTY}szuRoM%W27KKMp*Wuo3M-d+j2jA-=W@MemzsBHr~*ooJi8$9~*a7N5S_!j{iG zSn%-QDp@oMeqtAYkY6#@ei`n$@`EmApsvTzTfzU}`VqpK$XdcWFUkA6x*^(mx_-XK zKL%A46-Qm4#Z9R}cE`{0PrV;}Pk!WZY=Nr%d~6YY|A?Q4$cSFvc!;}vyzg~V#!XTO zk+7f%uXhK9DEFI-VE^cBJYKk@8}(#lzJ;ViAWLWL4M#oMZtQ6>TYn*;W=~P zAUb$Xg#1W|)VXP9Lp6TYG|635GIi@5h21GWCt*C+v*8t^eR@Hc`7vwPKk#s7;IR7P zs(1Ru<-s&DO*&DPXOtu(;Rw746NcL95(sW+k=>K}<5FP?p1qe1Krek7 zPn+ixTq}g;QrXrvg?-8nSv#j$ZaW9}?TAN-Ugat6JPqz`-(eo7hub4llu;e8lU!+K zdNBVY8jO>Qe>rwPN*GFK=iY|$VUe9Uc4!(wYw^!Yy`k@%pMaR7dD@qD)>Mb0eE)9j zT$~$mi`n9@0%zXgIA^JL=Qay{gUSZKT4TNWPjJJMN*rwJ19Eom4Jr-ecP=O#H<;V`t?x~cF5(zPho6MAwL3U!XMAr{{?^CpgxPJSerPuJUZoga&)9kH7(VRt_$`L@BML+%;w z{=uG+{vyBWdQhY7mETVnI!zs11LzWY_m6K0SNz5o4kBVcK2Bp>fdta|yHl%dqK0O# z^46IwVegI`Q!L$PGT7i3BiMLm@809t>I`wNCg^M|R}GXk>a3dTdrnkxidIWyW>B*n zy=hQ52W$rA<747+L2D|o44L4mYw0}QPm9~R5Ag_?8})%X4emC(5p$bQQu13Kd#-!z z2FX2b#zG1(ycl%iJlRfSWK9!&A@Ytv1&6zo9mtBgHQzI z5lp}X3118UU`s7Ph!le-r!-Ta-F9C8HV%J6L3e60oJVrcj*l|go~)}*tq4Itg1(FD z*x)Wk5A=+Xz8qGZkdDinW=`cPx1D4vYf^P+vzWP-yZ+#oM?pg$5tBxAjXQn2{1~3P zIk9uX-tc9!?CX(!hm}6!7>AkGe1rMj>sy$wcO=d_Z)2TGd+U=`D$Xq5vF}K?1M6m5dy5_e$E#jQF>YIN)H`8`HP2lEv%9AjS;%sj8-?jop z!gZBFSNcbG;xike`vSWi;uf0@#&KJQ^qvp!A(8@{d$_hSqTv^LY?pJvWIO>L^N*wi z*&9XlYDPj2{DtoOj2*0#ZRxGPVjT9wL8YKhdWMc%-n-1|DM8|I<#2A})*omZB z&z~YK8V9+n!A-9jFi8o2;?u>~FM2H6J?3o3TH|^oVQtZ%uHu&_$Au{v8d2$Znn}!i z&)#q)jsz>=z#~UIZ!4bNFdDH|l9Ysh66F88yHCk@6ZHI{e;D!o13%s{c+;4g@1F#9 zDe;^>7k#mx6a?4_xr6L!{UQY$zXJ2*U2Wnr<0snRa*Z(2FKa#+1>##~yS53aNu3Wv zr!HI{Yn<;gL(hr)LheJ}mFKeFaD5=R+-0Ej>!T|8u*@>TPJ`$9M%=RC?;wJDXQceCsOTY>Qh zJNB57u1#mFg-ui0SVv!TZ%APY8WE5{J{DKwm7}xTap=q%)SSk*a({^D2{h4LA!xZ4 zkpm*%!D(Q;Uu7Y3&CoX~_SdE(>sp6z?;lW=%$yEeaq7pFPInnL3)5d}7ax*Zgx16= zQcI7Od;4@Xc^Ke~)1$(bg7(|s@rI()rz7;uZA3=^hafUh=?s7c$T9_Y(Qlq)W_~=I z@Xd=!1Er%g7WZk0qBeFhrk6F*VuVPn|6z0r^!UjAAZBF5p@-Y>$O2su;bXi^#ktUw zEtSKDFq~kUpP!ko|Jr)lUU>CXlr0eE)ObAqxB?)-M$xiD+HrG-P~k-d@WOil4uFLh zqn7v4xrGgsC)^zCJY)e7-4xtx>SrGUeq6-ssS||Tc`wLOC!|MvPM0l~BvudH8cjQ8 z?R{bUQi(m7`9_aoD2icnGp=tg%DLqQK2#LDM7&}2bbmB&t*a0Q#5%gMD zJ@9c5bv^g9DKcZF%^kBko$A=zhcH>=3eqRa$Uf(=@nUI28{Lx@v>}nUjb>{~c^;>q zvt7dbveti+KY0@F?8y#F$@#{<6w&&Ou>Z^T`;+(*`d9j$xp z(bT=z>l>H9O1@!Ur$&~hdF^Q)99&Fl`Gg3?201Y2VYK|3f1yMXe(~diwd#*iJhu^} z&rXGR;QU9yz8-EZ8`s>yVqU`GUSZK0!IsxFT?DkKp@him@tx&d;2&WC5APS&J#kD3 zG(X+dN&T1ih2}o8+F-=%7!3wHg@FWerDdydU@lSaCPelIUGwBgRRQxnw;!%Xd&F#4 z5B%)SfzDGe651H*0J)rt4l}d9Y)RH6fwbvaS^GV-#oj^Hcp5O*G(aArp(XBJPq&`= zV7*&O<{)?tH2eh#O7Fe_> zLAI%=SfY;166JcAUSRpCc*LhNx=ERzM$)-cb`joK$}pR= zM`x7qxq~dTtUjD2egr{jc7mRX!Sa6PEKRP zPpN1+_mBJ-M;hmA+nk#gS7w{h*Nrylx44*{cbDs}cC@;=C+7jW*3(a%)WJA_tp%SF z**~H9>9Cvuuxc+izS3N(;$2A!xhIlka)LZcrq4#LG|;ZJwA*9hc*P*QZoNvlayH|> z0a5?)3B$FNtkLzpT|T_4Zx9pWwCzOLVK)V~&=TW%#o;RK<@E68bU9+D}Czteh_2$h2uLzCm{I^f~qcC93<#U{3JOX~%cZ z?1D13P5&FSGb&#vO4KGxM;Fph`9J)kO~L zRys1;?RahT=2zbm(zS*3QXm~jm-_v%*QAVT{}+$6s>4`e(Y72R1WvJ|ozbod%ih?& zP7;gy)nJ%#i$QC)y;r_dDXz(QtY$ERruIRYt?1EHt7&$oNr||J9@4u%IiS&P!2Hk4 zP7#lT)O%`!cbvs?$|8{@NQ;%0Pt0&nY}l%c*M_-IG>S|q60o+&SSkZjoG z#SK0lBh4EWXuCNjzndQmL3AE+^k?8!P%I7fNMO=F)Tm|a$2tkA(7ks(rRg?kPXf~f z3n@>!TA(d?OJlwI;U`vzfOE^Sj=fa%fthHG!fG#b3Ed)hAcJRi5bAm*{Zoh&n#ia? z{t_5+6#_<^BYAFWNLDEer&qWpd?)L@bxf8{KxU+Sh#4MJqXPni3Xk2A%Rd3&6HbD9 z2inGZ$owl2$ah`eF0%7)pH>r(#TVEmL=y)uT#nuZzFRLW#lV0d^F2(x#p%jR=B%f! zM1l(JP2J!*4W?p)O>90wS&SV>c3DgUn;0>2u7(_pY58M>HSf$^2D?@5kJ4ibBYvG! zn2P_;)%w)9B%2j7%WhL(>dvV4WYeKY;S}5Bg<E^1%6c{MNdCqyd7 zxRVQ-i%R@$(mROl(;GKK*m@VfdpFS{V{6-Jj}5+%*ioK|3)BWvVFay^wq?(jeQ3wcBVp+6uE$+6?ocU#sF>7`O2Qg`C>K z!Tb1aEcJv5bE-E^zd_ME;VjxN3V!k<{_zaNF#pHyB6O7Sf86N%Z{@r@0+s*}zSRhJ z3b0o+Lc)Ik8Wxub7(04wk1jht=*9h(r&`Kki?&;vJ^YId-t4OUe`ZY8|AN`!e`RFW z-*j~0+p6tg)_{)N(Jz)Q4l5?7U*95u?W`A|=gq)irizn}POjH0Y%dy|i~p2o$;{C9 z-;Ca97KV->qPRY2i+-*`!UFZUW>?qRZn^TZxPh*CGkUm@++L=(b?XwoxfT^o9#3?@ zkfIYfE2{DLNGHd@rPkf!Id53vQ=4Bm(Oqqle@rofc@O7vSJT}o{ES5U!{H|AArWA- z2K#8<5U8|0_Py@+E|`?57nrJ2GQjCZqaS4Exm_JiAx0KaPSH_3)0O^&QP8x9^hSU!MzBv|z?xx1{^31lMGd}Kc9{7%!J_~8 z>+zx&=E%pz1412I8*&4#Rql?2#wSluabN642%}^oJi!LwTyHg>A^^hWi&(gq}=KKsh zLo-P$Dkg!ERjY_It;QA!5q3N5sWNoValN{{7%kL>uB!9pmnneugC+64o2AEh*`pwu zg?#F#9p^XX4ntn4mK)7qM>o-}L!P~*x9!;BT*6(E5iquT-NBBDn|STIFILz@v*(%g zkm|=r%3R&VVV%y+0S|ZrBLg);W;G`@Wj%XS`uGya4Z&@nF)MhuqxUZkute+DZ^$k!|z_P42E& z;5}EB#jDH1fDPA8)w9l11LK6E|N z(7YgXfE!QbOL!e$R8w6&#fAT93(26KtMpi#t3&^E2N)9$=*i;l$r2cN!fC6fvBqh^ zqfn=2Mk#9S0Y@Uovg8Sj8k=z&YZ{F1315Ud2#6X|^P|L)1HZ$9BzUp)$Pb8z{q_ zQ|vIru+)vQNvn+ZK)LJncQf8cK2s?}9GHKsR%~E?Vmta!S6mWi+3-4wdS4yPMk4jY z_jK(0)B1Ft5o5A5+w{29+=Nyop-muD54$Ar!Ozx;vTZ?^EuIedqfM*pfg?kqgHMF( zE$_9+$8rRhFc`YR>KvEXG_{s+m#?vy^-4Bap}iAho&=n9+ONr06qTOGg8o~6iSzG& zHSA?hlf{U+H~8BUw3uPp9F(C4;2il%f1pYM=xfhX4hY5eL^1Z&PW=W4<&#&@ltEU` zTeGytiSiGR^;fBdT`siT9$)5#wAG5m!CVx-Y1D-Zrfq4JY+$<4rDkSgdwfo^z za-~;ckZEiwWyLJ&d3nFDtJeb-1B+iXoN3gMck#GLB5PoOey3Hh^1RDkV|Mo$<4`Fp zG2|sxvZa|a>r`*^?H?PEs%MNuWKJ4lz1nO$H-&HShdB-RazOIX9-!ym-#=-ZQ`Gtg zn-83qKFuPr#pQL)5X9;Ap4c`pr_#{bdsg?LG(XuSMO;tIK1Od zm8GTkp5&gMbi7R}?8e}Xfd;(J5UI;y>E>&ZdJQF@TUa@RF+Eu+bb{pxDb`A~tM457 zQT2Kmc%UQiO9b&rEclij1yl*Efy+7PuQiuqhK)*(8Z`lj7%1JX~P#>ZgZV%O~q?F47TEmepj0 zO>C7wJ5wsM;p0Yig zU>$e+PDs`uL+ABHBM?s2xGBdWvRFf~OV8W1fTN;8gN%5z?LEway~gFox_-1Muj(MN z%&pLe(Y5G>A@rO@A%`QD({s3-u+}f+_qU2x0`032U0s|fpNg??iD2PgjAL!GaEpu6CV&y!nO>lY7EsVBZ6A zm_s#xg-uD_3Kff9ZV{Vdqt15Iv7r?u-ml*dMd$$@VS4~RZVHTQ4W-KRIp3Q4;c#QAQ`v%p~8zn(|=+fNNUvEq|^g(3ZpPWs1;R<+u%8G#2D z(PaD{Dq&l*%rZ~eBRdMszn0T(Bp0BcLuSDozrf1GCpi+`M_h<~(d7FN!0U&02fwIu z%;AFNku!?92^1@p!lyvYb3{Yml@n(O*=f3ht*VEC=~q2RThqzP z{Dd@o_ZpmcoJDS{>g0GuJu<`T=M--x8q$CCf*>t2OHcGM2Ifz&+wygp3V^0^bo#j# zf?9u$o+F87_-y^CS_TXs9kEx8V#ik@g8h4r2gY8ZlGmcYDUES;;cVIA&#!_?5Z8>HzZ}F+^ z%+E%KOwQr<2uCDrsi)UFVH}g+t%q`vf$LwEg2{TP!hXb?FvJ`{9g*JYPvOrrk@@O09 z8wyL!8>|eheFzyz<8=AakpcOo;ZeN72zyT9m5y`pFlq2CZ@5sQW8N7)kG>tdU}s7y zQRBwHp(0SUwZs%fXz|MX20pQ+^^d3qvTFwqZm}_`DzTE;#ta271-)x;Qyi)dy1yZ+ z%rD^>4S^Y`xm`RTq}ne}zSz}X0hhh@)&Ve$kp?=ORq8#6L1IUN8$iMU6YnTNHoRON zOc~*jI&1&X=_;TKjJJTl62kp^?`P|+Vtn`G?cdfV?dGP03$1g8XIZ}NDZ;%pF;C!*c z_hLd&z$LYtSIo?bPzAp$^(cu2dF-JWo{yCl<%^;DSI6^BxSMF@hd9}%m#dNDjbjenbXuC%9aMM{SN2P z@=s6Uy!Z=r;im&T{9oof9iVc$y1G9xZ&$K@M4@l8T0A~0&IIY$) zoyHXhq60s%YsK+kY#kSS{6FTFO8W=QlOP|c`{}d33o2n*(g{IKYy8Y3)|5IP9?c8A?aTqAQaoA=D;d@Z!h3`*+|4+9v=2?2JPX)r<3DK7+Qppftoz#C++E6z!;S=AvGp;`M=P<9|q8dK8 z6V=31eh9%w)9uD173G%>-DuH^47-O`SdRCqNAInU$FqUx54m>&1MVU`s@~|Yr;)Yo zZV+npl)Q8mK;@*pq9Iq)9mi5Ax*LuinwC&LdiJoNVSSOmgF57I6~ zj_A40oLiBju~5th;Na6}1)c8uTa#f_8k+Ke{Uhcv(Lv&0&-{Oi*a%U|nK_a9wv%>;~+W4xnFqrf>_ z_L=6=^3&;`eEKMZe!x_7FZ$ukVW>OBFe3|C;{Pzarqh{*ej5S|!hG~S!1KKuI05rE0F$ckFLsB! z1a>_&YQ0u>^yBq%;_DLQ_h=>Lb|?Ddf!dZD;ZKRX41AUR67BAmClYGa3NPxeE>S7> z|D4F~IsnJm)vi+>bEeCy8UCf6QG)#*9ZJA|O@5_}!t9v)hl+xp7f%uZ21_ne{|V>( zw~cT3p|hc2^p*^~P1Uk#A`|=)U$F3RJb0v({MSHw^s|d5MP_<*pr66)^H%USgeGuX z$i0sxm)4`UrRV9HA@T(W3_czDpAmv3woZ{OF+1GAkgWp}8hZhHk`gli5E0S&NS%)ZQX+Ij4UPb&rn)^)trQ;B1l zV}~%){Orv_aP|Q#+p&R%7wcR3Y9tlG`Fk=-kPHv zug{g`}#9PNXbDS}Xn>d;5yBrNmm6$o%n<^rxItn zwxIFH2-=-$m=@;maO6C`?_`JT;T+c#%h*-dN7ezSeCjdoI9e$qDlCv#0;{V%z@x}T zW##4|K97~h6>JJ^xNg3VpO}Tc4*~CPBFt?N{VXh$TlJZPS@L;kk83oUE=d{8ihn3o zSnti zFuZ#3wDBI(A(KjW+?!U(`Buaym=sL&0(u!CcrOxOjDAvNwRrVdybla+ePeJ@jYQ+$ zV(^M10Gfg=QB-5l9@`VRMjv^;i_yNhgKVhLcb+m^!CzUkkWLE03(R_tHQI3~J6HJn z?VLSt_6W$0*2pxY#W$YXI6A@FEgF(9(w`Xp4Jqtz%vUfLX|bh!S{$EIaTjYWCz^%S z0LoUXH(_f|(~IBN#kut;@VC`W_H($KK0BSq#81*{?#nnRY*t?tr|DIr$GRi;AcwoY z<~AC_!oknT?^Z=Qqn+&!|26Y`yADP7k>d>M9wR?|`Obmw(XbPN)z5%^TC|jQk3kk4 z0|M+!0{L`l{)>MR&?>3YL$_?-owbV)f+TWH%LQQ9mIY!#QqcngB2hpHCB#xaPl-Ei zPfEmPcE*yC2+XGl5x&ea$tk|`wEti>Q)XR(alA8US1)-Dk}a#8cf3J0&)euxx4-g<*^frU*6U&e zmL#-RpXpZ=V|XsZILWc!IzWXr=p?k;(ZsE>+gXeNFFiAC8{VT%;mprq zd7w+QG;Qbo&C~=CQIZSZ^pc}OXkTJ|6^JIgMe#oKzZKM$Km43vrI2_ZiGv3`lM{zfgF%BShnV!)r56=Tq7A3#smTL1eOzxrz6>5R(yetl+>DJsk|XQ0_H zlpIp0YaEUXNz8Z6&Cc#2FzptQXhJM&X87p>^W_-hvk6)QMwO?)(m8RXWj>wv+2Sw3 zpXE_LPTg)d1?T zt}`_--dI+xb2NKi7z0WmWV^||UY`JgP#w|rRHiJ;_rZ9__Vu?MD)<=JuVZKXhSbmU zCCPfB7{*JHgWIid|3A}>zM zDFb8uf%=nlJh?hk4DBJW4ru2hR{5EF2a5_}6^Y;R+WVUi_O#e~^IK18f3fJ>Yt?MF zyNj=Cq#>KNL~9xIM4g+T-u|UE^`jdjq||4`{gFd-(5A#9?JX64cVOe~SF97bW#}wL zm6oTRW_!6PZ876oihA#9{Jj{7|W05P4;4ZCl?55^7M-^=F|S9l#~?KH3gp1i`#uvcknV5T?8$V z#CLwKyi)MrW9E(yTJdaaXhS)wRw4TCqD!dR)(I6Au6rhR$FuG^W)I(uc9$>wi$o#^ zIM+|65wM>s7~eS_>edaE`pJ^wLkt8E_SjbdMiPIQv89!*rFM=cC^kK{$xW_7{zn4L zt&6B;-i6{%85ECKc=ebLZPJC%;CTbk#+a=N_IKo4IYKzms8)_&`^6p~7S@gAlIF8l z{8#4(1D;rDad7ZY;&H-UEsj}Vnf{ufUOYokL)?isV}S@+I=qF8^xtiu!S+QlfIKkf zWx$WWS_AvOa4S6_JMaBfo%7D zqC{H`O@RKL@OcTS`5)N4%RP>fHICbLtBDS{-sh^$n=|YEfAqs>Z^lnK7~&lu0C2o8 zfj>uAk%5HQEL*l4hNd-Bx`C{Hv>eLfIye?i6@FX@ptst>zWv~)$!Z> zSw%hb{*Kni()<-x!8C?X59QD!+vv?d1R_}qW;QnV(8zGFWC z2x^$!0uZ%xuY?StAE;MDZyy*2nNlef9(Gq91`PdF8cHP^YXp%$kPMgBTq_?=Zkn0= z;4(XBrH^;^%5ML#zRRG0^0*`&Om?X(NYLv3;N@1yrq|rxpSK7XZXJ9N8i!?O_x7p& zUv)jQ5;f81AGt8iWsl}>p3W!qJ$yaS?Fipsit=2O;imhy)(E>Z-ax-)uM5skL}{at|s4P0(!NOE6j_odV^m7nf-6zyM0p+OY=;f{a!`Z+fAnQ&3P) zffzFf+U9@8Pw?%$!wI0Y3Mmf1xT&N>Z@Le z?E9YQKOPE;1ZfXYJ9$7$+Jfly^lFDp)~ zmK5Np`JR7Sh>JrL)LQY(qM7qz@N4P@gW2N1*tp!)F>2@7qAQ{0o54hXw3VBc3-j^6 zf2{=B`s_Jhp?gV<9BO#(*^7}=!;#|Tsg7j5NrfwGBH0Fr-Dl+K6S<8m)L18)pFksl zDGsJ#8}_KUo3Zg}?U~&wCG=J(@s0cURQ>@8!}V3t7YReafa0!OYEbE8RU?K_u{(+^iy5g@U)|wvnqQ90Z^x@; zK);_zUrcltNKRg!JYX!ZU8sXMRl^<-#PVsh^HuKuNWqO+Kv%zRcJDk$C$V$+J;Fq5 zOaqw5eI$VZt0zf#Zr^%{YFXWO@4wX{K(u`eRG(-f%-Jk&m&FC6a7~b7MjiXzp_B}~ zM-7kbJv=`}g>?+{3fKasmk?lj9fMQYb{KZ2ATi!)_N=fRao=y4L(g9}C2)=B$mbQT;n9ga(28#!;@h<%VW_vT&4`$faUTbD7;W}|T^ z7He=4cmAK+&ODsTe%<3ThNPEFnIg(iW@YxS5D}FYOQvPaGEd7qW$ZPCWS(b=D6wc+ z2u0?x%u~ydj2Sb;{ynSScb|RswXd_!btdp6B=6_xJwX->*UVzH@a@h>6+s z3zE4bu3c3}PX(59|Be+#@}{RoZc|X1>UVZ>RxI}(IgOLlz0-%H9=5><8RIi2vkQJ> zV(D%FBa*r1WS}`cEb!>Vg~I00K!Uz{KHE||D@s>8fD{Po#pmDo-EMw%l7WVl2Kf9a zK0873r@}e{3{u+=3tH?254z43G7u+llb=FsvnlZ1Ea*Wi%sx(0jMKvP=03tVu4)zc z67NAxQc+#N)MqLhh~V zq}GngMRAKRAZF?1HhF;O6TePD;3j|TlgFG=Yq&S9=KlFlnZ&KSF+`07ZBbCZp&7djAGiX944e?|3?BLuA%Fu+s+!t;EVO<;Q0Vn&9EIs8KJCC;AR&4&bR3GX!O$`3%ITOel z+1;)ct0uBu#&dkAV5N4Nl$_-rc`9qBbFlak-nHx@7cn$uc#1el-1|A!@&~ufsz)*~ z^#>xJ+~~*HYcSCGzmI{;(L&U~$Sj^kL@B!TFo{iHrjg~G!Q$0xZHrg@`C0Jg3Cqna z-FKjST79@566B}?<}1f;5ykq>y)-mRkW=}2))Op07>w+!0a$lEGMJM5oO>cTGb9_f zqBtEo6t?obN`H<;ooPw1JeGBmaX`if+FdJT*G$_;OD&TB1Nn&Mo#7z&c{$tDYnlit&Ta9d3_BR9sSgCpL;QYtHnG?YQ zg#LI(Pjxy6Zw!|R-&lY;&zTy-*{JyRz$eGwqh?m$o`6uxOi)2UhY-OhPx)5%!-$1< z;q;c-{~TfA^P%N!_XRaimw-hK^OP~N^-k>C(;@Xe(0ir9Em zHN-f!bf$sNisyGgZiT-*MNIBkD$1QewFncKvZ*c`Tm>G zd=5+kz;wFB5J{)PP>)+L*a!G*S_JH_=hfKFn@OD4^|EwE9(bvKC92VZ z4gRIF>O{gF_=a<7b`Y30PJNNK0k+_M>IyA7rFwV0x4xLRbR{b^-{h|b?!QmAFktdI zSbBdTe+pE+_uANH-Ae&D+L9l<6)V(F;lbe)E%&_{CeF5??u%J?Ew}(p*gK<6i5~%5 zH)yumkI@`M$yC{VY-b<^Nj|s0Y~8FSuj3PBPwnLE4;1p7K$7f~rd{HUw|Y6ygjFKo=u-=YOrfdC*bHhXt5u z*YUOE9}mjPz%{D)J;CY_mA3Msg*F}Nf_PB?=Ta|Z0u+>vvMf!-faOl(4Nfn6-d{l> zQ5*-L>v;-n$i>#Oe2%224mhvck1XRlUICjo6j4lN+yw^Y3fQBZ?@qH#e5~$LT{dCS zKFHrEXQFVK8vol#l#C1#e^Im3_odsCE-0|u$kAgX;NC$`oGAr-s7AtbolYy@>!l-M zq8iGHmqd0X2_*qv!#G{RDLWN|DvN$F!4j0-!|Qv z8%M7k{&mJ}oW!xI^(0zB)1X#wdTxknuKSWnvJu98av3d>^ese2k<-bo<aqj)jP+`V_+cmeBD zb>++MOw@L@fGwFHJ!Ir1QPA){&FGHlh>`mE0cpRgH+FSYhphPrwtD*5$YX*x z@5W;>yhs;7E4rkXHwz~{+~+Uv zN0+7u7NjBZz|s*tX652!h6E4441A-~EI|?)BhagCt;6JB^z+7GNbk#d@Of4<1Mduv z^Tj2n1QviZv?W@0k-Bv*;&?7S>CO|3^(3xeb1KPrI^k=!+yzG%j+nL5IG<->e3m1A z$Erk;I(=w@|RL&rrz1#vt(G-Hf8ZzVR+IspJC5q%AL#@F`W5L5{#E*Nrm~okkb%#%_K62-xELbei-7r@*uY+cS1>YQA~rRj__-2Nm&!E4I5B zWrdfg&{z0{qDuo16)_xF75g73nZ$}(X0v_AletXyc>@lnmV_Koe^0dhr@yQAF1Ve_ zDNqe2HLUCD+;AWZ|ENQLaH*Tu)9fiLhMm|&mR4^*!(-ffqi~m!XvZ9UpwOvcOC z^D4Xa%-hkJn)k0_)6?k($)R(h*R`;g0T@(9B!-aDcyF5Ax#u?Fy$vP=o7kohVY*KG z!StAR(aF62FeU*H{ckQxmS+%e`;1O_HPM89DEeU;CcGC|eLCJ*I66{y^>e6ij#z}- zr)|~y)9Q+4FTGwlhO}tDHwDLBO`U=#*Y~&Xy(NjoQJ+J>b}1i8JUwbXL~uz)u{~d; z+`*QNdXM-})r9C3#?Rl&O{dSVyTpeYd*5@85{Gp(nP{3E54RSvhauRg^*0LmfWb^<mS3u_))^FTT_{~JU>OUgPUCf z0%=33krg$$9E0$>nUeB!X_rmxb0+v=|Gcj+*J9mS?}i}6durs-hb(uuJ|?W_Fc^u3 zoIwC8GY~{woAk_UPpC{G#fznfxlt5&mpe0_uR%4vTQ_QF=*WJTlQFsbU{R(XM$9n8QtY~6Nf zkFitwSG?hg#hIFlnekwvDPeh8+MQQx-NEc4HA7?_Z>fGdYifF&UU6Upc2JGJnrXkK`X%HKJ`z2;8Z&$HxCH} z+h`hwLTSzkIU#`GqWL$}NtPXiuhte2`^|wpNe4;ww4tgr%ETDCJy?CLVx5c8omh|f zw5f#a@RoZQ8uftm(CKYHW)}$$kwH#MkA`;mg|Y@BOcC(A&cBnbV8$H81EY1>%?4a%N2HLP%FWj-J3r;+qnuz@gd_~lkot^&?@`o zKTdX_Be%OksrSeNQnFI83nbgrga3ex`qdShxtkKR?v_ zr)@xV`{cl#at9;pp;fwP`c==<-9Fu~FmKh`j5-9ueJb+SMbM*h=dxXrMD=pYErFQE zJtQ*}`G_zcQL#x!C>3@kbNTEpKN0ViQqsOxq7ITR@}2Q58>_Nw?E(sqL3;+~$5M0p z=k~YWXn|dwOKZ5zUy?kVe@e|SMIPFc0}Xlv6Y=`5S;x%`8Mk~8>E*IM4RbZTa^&=? zGgVsSQ<>4yPep!&-|e=NephN-T-;^Ho-9rpW^HZle3eK>U{N*IfV`-gdO6AC>+C76 zT+ev^dp9yYKU3}(1zw7Uky3Z-y9L+2eUDl}{0 zTT*&FUl_jWKWs0rXw8wOGX~{XWhC8s`3&761a`UY=_Q|NT0DrAOW2(}E{Bwv3#t|e zJN5unr8vzN3la!rv;N>K)wj0Z*k3B|Xp9Q(FEf($+FvZ1!^bElLU~qEtpUC*PEoDs zWR6Xsj@<2I@X%0td`{A$v59Q{IhX%?roZ#EB8S+u{~JCF{9iHXx()S(0cX~04o;K5 z-DO6JdWyQ>x|2nfI9R_Wv&o@M{CjXqQ!Iu-6mvL=wFnFx*bvO?LRDfA6u8 z|IFxffqnyM6OuN`mydu*{d{JDSi{_0e&ntMT&6nijq~@!sVTY@F$w=B&u4~jDhA6D z$hdoPmW0~$=*-#ky~CBf9)ciW_?(_rZo00(xIh+t8|`nQ!D*RbrNadRwye~AMIbQH z6ot4^%d0(NbRJxxe4-l+5|F~}zB}`}`$fhI({^ zf#LT9>F}4Pc=Bh629PJ3?B^=+8(H(cIIzJ<_gW*4lTe4~d7@xoRxyu#6aj7ksvGrS z1io|4ejJ76wr1iEJ>bCDjc^lelc6jfS7Z>=_*!qh62((S6Aql}{%9S4!=H}B12VZz z1Dm+&Nud3rz)-;Afd$AjM}j0L#_zwA zuC&i8K%<4bo}v4A2b4TBXj`L9e|=_C-U zd>BBeu9MQ&8vG90l_l(GyyJpZKhF%`-+l#*jeH&TOae+o+ zayBf0r|e~BJE+#t0(^rY7!EGh1&+G?ofSdA6}pGLqxdO;?l;G5zi1U;Y9ai#T4aQU zSa2ZP`lms=zJD!xQNf7x*(yqruEJ3Sm^XupY8z04aF-l|-lg&eA@K*DvET5mvP$Nx z0A?`sS*ddAk{nXIaU)DT9$c#taRcocemfVseYkVwnjJGQA5D|IS*t(D*P4*2K(}d2 zdv6ts?)rnsV#?THr-2oe&XJnM-XX9MGJH*=tTvE=RvQt{~8qi-|TSz>z_jOALecYIBANyl$#!DVJS03Hlpr-NtnQ literal 0 HcmV?d00001 diff --git a/docs/wiki/media/clip_image085.png b/docs/wiki/media/clip_image085.png new file mode 100644 index 0000000000000000000000000000000000000000..b97f2b96f135de7a1762c0a36e81f279af2ec427 GIT binary patch literal 14840 zcmcJ$byO7b|1V5Qm!Q(!(k0DO(j};LNlQw@(kO^ZcY|~zol8l_(%rRm_Y!yTe(!yr zzn=4Z?)lw02Uuq2%+9<&^{NR~SCzxTB*jEPK)_Lum(f5#K*j++=cA(nzcs@vE`UFX z&Kh!32xY_MJHS6EmXa!x2nc^7u-37n4g+~RhM|-e{ZlWofWOk=8b2IFl0u zRU3wMeB&G%&JHbaVceT8pZM#L<5 z;@6qKh`FU2U3O?AaC`=V@9@1p^4t7IWEjbm?x7EzJZhzi)2*?YRq7;ci!7 zv6u26oQsChuoZM#ylT8}HWNGGU-`FqYm}kDcz1=IXOE7CZ z8y49-gMy|TlUyl1ub&%OT%KG^8`&JSse$h4sl1N^${rWpmlYx?7hT1OPiOFF8=UiT zg)ral@K`Z$((YLAB#q}P4Mes}yF6}rEc?RQmydI|*pv7EWZ`;bi5E<74W%%Ysic;d zc_gh0hmi@ylTbmADae9l?hhRNVv5U}H4;*?WXmD9MQl2iGEl1FbwV}KtO4nl`{ZaM zZ?H`}9P>uA<>2D1+E)v~w_LyCjh&FLlt`c&cPo>;8b+RavfQiYslDgD;I;A}t75xzKF)JymC z&B@8l?F0H5GuA7%NXD>~-YUBENr_X=`v=+x(bMk_%^oM8Zh)SC3T?gaNOy)57r*~A+;et%I#Av_t_GsZSIdaM z!P?rZltTl(4x*%F20flWQoaE+uK?*}#2Yz#(=9!7hp6ux0@)))p* zNBSPrOy}(2sFYT&ZQkQ8CB(+wpTayOAUvt zRMT=(-bn8y-yRAAhe_9+F$Rrp#UfNuK8e>_W%SM^C_4#8zEQx*{gqJh@tw{P+<83< z-D<}uM$zNAI1lghQMt-bU9W|_&c9zIS*?g@g_S_9zMXEKlhWQiO;5j9IuuEl(r(L| z&&QOUu8&RZ4rDXmoPHzXE9faU?NR+motDJa3>1fyi%z{*rzzgWYFW~2ad7|>MXm3Q zPOd*YLcB=Y?cwV1F|PkzTnR!0`U9VxTvlS*ms3rV1Q`OV>3MwjbSId6OL}q2WHHue3lsG8aes`w4h2VplN=qo^ zqB#CUVMJV{%h8gGZ%yC|_^?3^N}}8B&~)*}25w|_eY|>lB1bilqfoBobSfTd{lc_# z*`TacZ`xhlu|&RELqlUf8tUE@=lG#i_d~q*ZQ(iONPN-aFE5=LFta+D7L(NscXz9h zT`a7ScaUO$8`%2q9F5%L%3qhEMs0j>B)$s_*ki3rZ2=QRFpZr zxzZl=QOa3%ZMt-PXW3UIbDreU^MTdl1-*Wv9$Z3CuJ1r!BE2GqPG%)PoS7(T34YmY+ zm@(zvL~Y{l%tf!#!^+28Zdgv=aRWjk2Z(;Raxqb@83FDe9*xX`Cu} zCmqkOmk0a&(Cj(a>2KPQx67~bTLxpc)~@)-JF`YyNJz);GGFyzE;-U}sj@3Q#*+#m z9NFC9-PXcAA~D2_p79`__U(^t;r10$G?AY6@Y45%8jVY#giJ0ZE5u)H3*>gj%v}ss zGgCQRZ~JfA;-Z7OarpZ>Jtb-XeComkvp)?0Ove2jL|ko2y5LJ}QbG00qh(G%+XuO2 zj}s%m`wzjQmxx+;U7N}qQkybSwj1DY^Y>crM^{F2d?{~W5>-l zd&V^LZ81>LQDN`GFXs43k7@Dk=Bh)<#crFtTefV#VQnLN+~%h*gdA4{cE)mxar?Nr zUJQ7qACo@(byN_GEgDcu7cM;Vrwsr8-C5e7gTCC^7Df2YLThBgly2WjR%b}A!g`)p z=?FMLhL#iL{L~c^lJylxf08;N|c7pj&OaiDxl0=4ClF`@}GY zxo%?yi|te--(a~|sWN{o)i;0kfVQFLcN;U|Fe2f0uu#|;FBS0W(eDwy>}Axk*y6RL z8SBXL`s1(IaZ6Q8A+7Cqg2(fS6i~lK*J=20PtCL;tCqpbLJ+(P4jVK~>JA%Tbbmfi z`;nH8?qcbubO_$8vomfF)js(VsABnS=2Y0jC|gW^KF2F;*GaEwek0L!U!ML6UopD? z@W+FIAbmTC41D5sb}{YRi>n)V!j~3TtYwXKa&43m`Ng!Suc8$<#(mjG%R#ssr^N&F z-E5`Swiw(qw%aaw!tQ{s@O zns~0cn&0C+8%DoFD@AM!lbT}9=gEz4?>KwEVi4xM%O(aF)&VG_?~-CZ*Z2OG^m}<_ zIKRl&a9XjnV=})@-j#>#wMEcNZ>`8L>)n0dE#E=6yKjN22z6KQk>U+@y<3PEtPJH=P)R`z#|I&^h~6ue%P?*RgsyE zk-W@d{XOn|^F&27f&jhZ_Jx(t0Q;?{bTrD|R9Osbe{2+4@>1q9U7$?hQ`Mx1K8_vF z2Otwr7^pP5!l``X*tJw&acE}>@MS-{InsRKc)acbxu9!Aq>GuYNF!eqif;vfqQ{fR z{PBvVNC53>d$d#cs$_quMK9gwQU~Yon2&xzRKMz@3Qo1kY*rhc9ucQ5{pLVILemjM zkCyf0L_QzMwUqF}_g{av(jS}Tz!X!ZMh=`fxGm4>9S{U|$_$#O(#c3s4m<`~kPg$u zymnPKJ#N*3!Qrw!jEpBr{Z31+uPm*J@0b$wV6MVr|9Mie(e0opg0X9){QTTS=obFG zX~J1uJYE0d-hH_*j9st4#8^0LUubwUSj*`EiXh(2J- zHt#y!9P?{K0NX#b#T3d$_`bV5P>P5699=ad!kt1WL#7!ac`b_d7Fz==|9UB(GO3gC zSdN0%xd+Y0GG;o5*0b8Buc|OI zLB~v7s!lAm4XJWqqRigUeH!a8iu7Ba-#P_=sfFElXj>m2ns8hC2EHOXuAjcMF%nqz zuEL${IL@iAUgxo1qo+WUeTZYxlofW{XO3glipK-pGHZpHKS4DE)tPaLrz^^&|L+fp zeE3g?qL>(Q{vFu}RX~2)@!a#%*niIbKRKmPJ+3%=cn(DPd^4#dZdc(?B8Nt`tP+d& z2bHK#xiYGh3A|_o8}HY2g&JHTsk3#9hABYhFbROWh|R}*$;$HF{a55~*ZKaw$H7=l z5iQ-m_6VoTzuYYEo2%oL^;zHA)Wv@iI0p_vB7fy(Z|?W;fo*`+dyNjoN1rI_XP{b^Exq_w?%ca=Q_xngYEQSMBqsctN`-Htd<#)W!5U> z^!coHL*@>2(9r%eqQ&UPn+Ga|l({f5T%bD7P#nH8{uT|OQP?)=Rqa5~rkXbaKYc0j z)0dWYszB>QBtz(hUW7IpDqbeDX^GyK>Yv=H`touH;lV5yZ(Yag9E`xK+o|)Yjqx%vE~@~|{H-67PrsUH z2@}JX$5y;ZGhslk(`AkAO|@<@B|WR6$DMMUq1;5_wci(1P*jXg7X!~Y%Md<8Nk3}2 zO1GV_9ZFAe1_)ie>&ZzYXTOMGs~}WxSw`l41=qi8_Y|$MD5!QhcwXyQu2>9BZ{h-1 z`}%3A*>kMkn$QUAqB96pL031K5oc8j%VV>kpT~KN4UD^)d+oY+?p;+E@V&seFD?hs z?|q%aGDm1==xqm7XeSSXuMTC`tKCrY8NCf%B_M+1hp@yj4cy(F9TeUJZx*3DD^Y{Fmz_9tBp<%;KMs_P?0_{Vl%5 zyUQu98|FA$Y2FB7f!^7tR4!y_T2dVIJfhXZMCv+uVugHeT>$2_xzODJxw+@+F$=yi zhUid%$P8WG5?ghi@NM}%PxMy3<>9TVBI!(lV%G}uk z`bVk1$mxCThb2SsYfWISslM~N*tL#?Pw6@I;Vt`>Z)S?d{yc3r2zi$++jp`Yv3Dol z0^hE77J<2z>(&(IKKLHmv!jvBsLC1);jGVwq5M7OmP;d)NoJ3OmHkK3oc6dj8+V z^UmMD7f_?KTDMUl-aRM19%*Bf6!4`Kwk;5QE0d5G({u52K2?>$+x&4O1KeQm5J&j> zuC>Z@ozZ%NxqEuRAA!ttLxr<_?d?wnF)@Ru<#F76AU^Jg)`y7uUY_ zt4(`wmmfWuSvxSjhmILyPj;f!T$jiwz4H|d|Rbl9>eqHP_7_NehcFcdJ`YHz$ML2BbFz@Km(iNMlKHx3QI>>`AQ2pI zzYdnV{=w3(wMTX4RcFXu9G0QE(ekku)Gib#cK??#{OyQzJ(&}979&Wro3#7R*xR6L ziOy%ouisVXIMla2@!XHX^*387HJeyxT=WQ~&gjV_uPvwW&L?oHD^~HibsG@ik_}e( zii)C-cwGIvOD#=*ySsM>T9%D>Cre=>;;=}6^}jV?F%y_h*0ndvm};K=L%)hxYBEf+Mk{Txwa5N}fb85b_Iq!0-(vB;L!HlFLum|H zo)}mQwHuu1s)<}eQVv}luT%v?uvQ{I94)o@_*IWkP!&w#Ad(TFqC8mmxOmc8IiqdQ z5OoW#2g`C9Y@jFKe~C{b^tnAhp~!HSmtaoqBz9aHJfS<5Qx7|Pri~`eJ;*JTbx7Jf zhlsH>>SZv7x$EbTHp9jo6DFj2w)=$bOz8+gSw!96pVN6?4B$=>Ubs?HEq(E=C=cA; zn7Yx}4^9WT;=D5t4Yzy>w?ue&gJC#CU2mEDK$Wj%NKJ!9c ztkaKEz9Nffdy@Ix@2}#2`fxHZ?l^?^{C&i4d$V-~V*HWHczsos3@@S^a(8 zJ88Yk6Z^&B3LeM9F|B&L@Y$9nqdmIIb1Pb7?rAy^X?pBxh^Zb*hoMwUx@yhm=}WzG z33aszq6;@n*tJxYQ70D?1ywi}yyMF&KFdqHgeUy;eLlScW`*S@!)w)GjyVsEOnrUwzRKx>W2_B+aMpdGg; z)5ryM_`+qb#yNl4>zQJtIuwf=1qH?>(#hrYdgKH#9IrlbcPvh$4g4u{7SFqHe`MPFQs#fU(CUsJOeSDYULk5pk@_gtu(zU2 zywDTqV?4*_W-OjJiHKccadGNu~UFXoJp{^^4Q;HqvDuU2!eN!<2 zLka?l++buJpoLQ_v63TMy4=Ip`SlUn(|FOPA|x{7txJNaiQ$+G*4%sUja4zKDfF~V z_-%4>a`14(#pCT~2q3W0p9vzr!BoXb*{j@tb?5J@AKes>f{xlG(<^>rE+rf1jP&e$(aY zhPy`xU@4lC9K?2P-He6B#~?JksTA>hNgK_~RU~4v@V1#jxd{I%b5iMF_z1~NX_@@k zl7-H_;c#m{RrKT&Z&#FwSq$Puco%n~Wu|FH{VdV?T06Z)o~o5KG%Ou;fwstXrJ1WRhc1_*;%)@v=f zv>HD~+J4?|tdlXHxD9fw!s3&b&wp{+i+Ji&75{hw^)SaH6TnCM-Q51aOry;kI<3$r zF1fwd{lE787rds;&tv|aR-HsOCwiK1^OV!~;bX#_*G`<}oH_%Jl=`w^NOwZq?zt*YD`9&e}amnw| zN62$6NA&UTY^>SSx$s?fFa)40f5-uh@Wh<7ol^NS`R@+gm*N3{a=PFQ-8qg2oSwbP z-eTG(qBIv>?*qSNV~1I(2n-ybl7;0u8T9%n*68RD{93A;PO4eB5z` zI^G-#3*BFo`&~>93GMeS5`G#E65>?Pb0JyGm|fDbWP;VU57!ZHnTTB7xZt`vrGuMO zT`z@E&(6+w#$82Vf5^0z>>X#UD?1i_81F!^k!P z{k4(&-^$+ZlB`g@r$+ zA*eR!9{A`g9(I9)i9*r|7l53}XFvCsh)dXHDUwFo?C$ym;(A3Tn7P?}F{S6UJwlTf zFTs;V*;2@9<2yDbk9GphbrAr(hkI)G*4BLn z?k26L%TUBF0f+I)jEDg^i#bVckn?Hh)w0sSO#CHzRCt>3E*yaV7Zi7C&@L<@B^iw3 zvZ3Tzo6z_mVRoZG3+c|PlSLmG#Mo8#f_ZkQN>doPaP#!)>~-;~?iX7QFTr+qC&J6! z!8l~}bYjxUJ#Xq@-~ZNH(KNXqP2I08)B#-P?DH^Zp0pUM{`BeQz+SCIZ$dz0rs{P` zVr9$~;~r1BO}Nk1?(BdTQ)egVVw%>n{Ou zIO^;w$9A?70>yb>{80r;BJO}i#6D3uc+-6(`NVx4mPFGa>X9fdrW7#1_}b`t$Jq}E z(EAJzCPGu4w=?1YQ!kK9$5xZ7Fb&j2;XwChHT>`nnFeK>QM+3>MZkWnZM4*8x{RRJ zt&|g?r;$$f*9ZdXrb@D)0t~rdx?$LuPo08#T_!mGCmiQksx8#C3b<+YfEQ!xF3lvKp*v`uS#p=SQvf7Vn$X9E@nqa$mHk)WyRXIQVUgAI)3)iw*5 z!C}hiMflYW02hR%Y8E;%;C#QNnsI>kVb4^o4mELbE{!6+Q(5a@lBTu)f)G(-mEK ziW)E}W(`c|AWFW{)#TpjxN*W`I8j7uMyg6hIadwArHGG>9bA;~x410HlvPMW!0a z8#KB_k?>leP(;5#|A+tHZ`=KKlpD{M18%#4$tVUDg=chhlqT$*oTInW-V}uU0v$y* zg7N_C_fVpEWW98Yaq~8bI0{ zsQEiNki@Lf)*HCHDa}pAut{$2XO2i6O%g+K@%{`*sE4FDI@76lT(MGTI^$;XNb4X? zV&J3GeaChYEgw4i3(eHrrf)UK@-L&=R4hVtTr_soXV3kLbC zogo9G%Ms~UI&HP+Q-6G!N1C=4n7pEt9Rkms{mnf*5Oha_Bx!@PJ_a0m_NfU@*B{Z6 z1L~bwk4Vfi#vGSPFi%oK!xYe>FSP%INAi#`*@sMfBI5dvl!xo!B&P(?G`x4+^e8XH zQ98F`LGT4dcdD936GC9asUonBhPHht#;9RrcWL~JH z?9Nt&h{4Fuw^6{mFM)+EEkZ#W(IWVrG4n^}2sid^E?cb5y5mJGx(q5E>cDv=MBOoN zZ_LgDOhu@QlvJQE=Uc%FvHm^`Y@%OwvpfUplJw7nOSnVSS^!+pn96O<+=h?v$qF_7 z+L;Aq#%i%kGn7=oK9%W8QNPU54@I2mnYG7Ia{07;${V}?^b)3Holf^6YHKbdf{5)e_f2gU^0)n!MWQO-? z=wK4BT%Ky$XDCjYQLFD*sh+^iS;ixqwYBx7{?ju>Ch|oZ)!0l%e=N0+?T=$sO5!mG zEa?|^Nd}Nl&ya;MbuPB8JS|VnZoCerd3+ZBme0usb{+RFgP>KK?vM3;6qJIupvz4Ny44j#VdsF4(_tzrnEFb-YS18LR zjQC)=j;kF&Y65IMUt7wiU9H{SdiUd(*OzKG?Rp8-3?X)8)bj*l@#JW!uWeLfsJV*q z(ST*&TVc|fV?CY+>G`upF`gK)sg1YC`-FC1YjdQe2QNGX@}aCFQ<74v;rP8a%0Sr= z$EC-J%l>_iA?&4TnE~N(nNc?&8aTeY+4r6$O1Ja79xv*@+U~B(Xmdl&P zM>6?&t9@D=-}@;uq|g8bVuXRpv%8z^&yzV{YaT2I;%^9o2^bW&=`_OVKBemvy{jPkQTms!_wUQU8fE5BSO1G^0+fF0N>-O)Dvvk+7#X_Cm52(% zCn;a$wGbrON-`f_RoEIBO5G!~SRT(;yJ}j%U_Z9{(zE_5E!DMsU;AbkpSpMKrBST=@bx=#{oUX{4oIe@&(X~pBwCU99kCuLNRKt6~BxPO`smi_LKDN zc^yC3E{(d^cxaBkX8P%qOA=Y&7N9KuLzV`%K@QHYsL&aAFWqF09)%vA)se3QXVC`**olRErG%b;Yza^zvoS?BJ~P3*U61b4o1p1(mDhmqQ5NO-2x2O0y-er#e~se(HG(1= z`^`9H<{<3l=jYFB25eS)GtujK+(rq7Z1%@jC45BtK4#Ef2IsU%q_D;AHitx z_h`@E5kU1jUu5gNevr80GcI`q*vmP~TWz9wv#V~yPLz{jIEFgzA$Qvd6)y_<6?GyQ zdj*!^H>~`Ae^Yyztw-#I$5+;^lyzs!+&hUuG1@Irno-P&apU06tB?>!3Sn>Uk7fD{ zc%sKdMtJI5<1xcHRi8(jzr_tM(w>zxKGkS+b2ZSnflRmKB$ldrDTF{d1eyJQ_Qpw| zdMbreg|+wece-nNDJz9=ZGzF|9c^fn`#^gT8ZflqS_1)*oLtLZfCO#;9Pe@tSe<2D z3I{IIgZJAseYsvR3h4F)wI3HWIK%n@3))9In8VG(o0YOl81Q((s)sWt>$pi)aiObb z^80h$HBp}@i#~Ir5O6R8vI7tgN$@_fmMHdUns=znm(kGFd?R3N^{4G!yZit1vFHDX+VEcxB>tOE`4`8XdPw@tY>QLwz)T@hn^0*!Fb9}Z-X1?nbPww+!-v3glw;%0kEnd1>WbMrG&^IK%2ox2yigei@kyMOlvo4ne zn&G`8p#N^q*Oiy(wW_Yo{hf6l{$~JR>`tDZ^QsL1tF6o89TyPPO#=Br#9Y7h7n>e8 z8sgjDY?d7C{65|8Tf2OJ`GP}VTiC^l({8>t?%B^*1J?;gQSUgz_3rTIo45Ht z5R6x3wOnr6vtBHTDZd0h5(D?$a0E*{YRJnn!)c+f#;z1C-+rD4X;m*vPqu&sgnV|Zo8gB| zPTMPzY3`>R3O6?}u}YU6OCHx<&}RHpo%~QTzw7KKDk2w>iMw&wP86M-qPKVR1dtMw z4I^b}@wyP^H0}mwyUCd0G!Zm?&IO+~CC(Q55Im}>3qa0f`t#?HZxDE}lcyxe^$$+1 z>mHy3$1=Z@N>eXzh9#o20}%Z0DZQE(liRH z2tKF58dv(PCVj#CZKLHEK_xTY`Krw5WRXsQ$yaYcuSpemmW9!%+b-1qdBDDY)e8Wc zfzmHuGz!!&38H^eAgu!iOs}3p3j^Rr{()J1o+?QK+W%>IyO84GDJUq6{eFv;_U8Ce z9WYZaC>HiMyTwPy-W6&vB#F3}sd5@Y^a;a&X4tI;WG0d+MB5;{cfo{HdX;9O99KoH z0rbegAihWg`e^GnS2bjUAg9g#9V(-2Ph01M00}h|0(5Lo?otb@KXM78jr*ggbrwUU z*6#2F0z$&<#Z%&`4f{zsslbar*y?%Cf|8ksegc{th8B8*yo0`jJep|DB74`nU$v?x z(3Bg3&xkA1S;loZ5>504nY6dq2$j>2D6*SuVJG!aO+Z;cU`T3?Pq|mk5H~1~nQaA= z!5$p-Eqs~xL`)z$XnUq2njrx2*lW@`6qPgVai|p-P)=)Gezu%w_M~GsXSsOi(wuMzhNlhs)Mw?ebwzF8LfnVD#5SX8&4+4Z$ zDU2sKTc+B(Yt9e<1g#uc+UAf=bcYv!Mt}YgnXLo?gt*H6DySLo%yax8AXot|ZHtTr zF8UO2 zSFzl!lCpi%`DLwMSqKOfj2@ujk+ALUXHjWi0-5tYZzdpyGWbO~RdCcWx)9LVZav$1 zQhS=fiw8f?Qas~_S&J;B3 zN2NGg6QTROW>Q)G8m6^h55?t#5C%q5wfGCl>fZH76hA~yNuVF#QN(X3f5i5?kW=f+ zQ%S)*=LXizTu#6h2q9_@CO@I5k#m$wOiKl`Lw1_*s?n?spKuN|e;deW`Xg4&jC zn>08F;; z4xnks*XIGa1Xv#TVbebIGyzD;rVtPVt)f+n$y~KH#5B-)JpX2xYRUa*>0sV6b6r4T zBjw|o@zZMn%U=%DdcN6&?|s|b`gm?j6Iw;^E&qpQZ`IUZ$;HteZ`NafrWVb6YZ4NT zqW3J|A5KVDgvJHX9EF%W)Qx9|zDHjke~|2MY?MDFhNPp>w*ylMk%qPcGWE7pTUZ-e zyZ-6Y2AiajeJ7Oxtb*{I@+(%Tv{{#Y(k-+Q;sgiH7zHU1E{Fied$iLgZ;1J7;%IRs zfZsrL^|BSMk8Qq-;@m7YN@tJ_A1{cq{{db&#(X$2cSrg}zPD%&8#=b{1KsdU)$QX2j;*kbqv$h)RqNXi{Su4$b?sgdZJ?j}H_x-s4P zIttVWhT^dP zR;{13bf@8tyC&ctNRn7Btx$IHg!*^HVy29JgM|`sM`_NzhkN)zVH=>^F+4?s-$)Ck zNvE|L-JjfatBfWN4OQ^357CVgt77xy^X?zF- z&+ghgsRU6*RwdeC%^(D$z;CbYC6u^zcb;z`PqjC$N)=P3e-85bhS~E=f>TUPItG2* zNgH6+%Q4v%;SCN*_^B(F=ZYv;_V~7723+*hFP#kv;v=0Vx^rKA@%0l;gl8zPl8K+n zv-iXKfHN}#Flm;#e-kl^(HZodt;>Gabl2DNQ%`3h>q$o1eR<(hzG6geh*tdm+K~ z7WJ3J(-9d%SFJ1GQX+;3BP;19e5kYj)=2VT*K?CZeCSdczb4Nj!jTm9&Hqy61OOTz z0eLzFE&;t1vdlEsi=sz=MC3~PI*(t)3SNJH0i^P{o+(o z1a|rQ<&~7ir{rQJRSUe zq7pDMC8_NRYuifyW;}4;-q53MQ-xz_!K~3A5bIo;HRamralmcbZRKya8$yYaYU*D3 z6{S1YdN`ut2!)I4qElpQ{AB5)L323OK#2GozJZI94^8ohWH8FU#93TU7-6Z?I1ns1 z-|YWz+J@{mnvU1&?KRf0k@@!Q)vXxLS;_5)(5;A&Qw}PuUX~aVY-0Q1^>rjV;-iPN z*a;>d`7nzJ++!=r^8D=AMMZfMuVp{LVh(a)#*~x|pLdbB+fmNRubU8s^Dh8`+^_b8 z+h5+U8-G8=Kw{*5F_a{u|7+J!PfOUvma}#L<}HEyQ9R%dE1Grv7^}7>R8WGBeB1(J z(X%#2ciqi=y6L{%aNpE{up7~ArVgV@09z;2{akghEIS8+m&PK#3p9jGs$-OVC=qt+ zbMiHxKhzK*mChw-bVxj`E}@=FCDXinnoG%mcOkr-ManhWA*f+(`c^$|2rAmfT_k;tdkuK#NT9O z437nP1=3NIr?1cH0n+gwY63mIe*qlapdtwF`kByM>wtCX parse(concat('{\"label\":\"',item.displayName,'\",\"value\":\"',item.name,'\"}')))]", "required": true - } - } - ], - "visible": "[and(equals(steps('identity').esIdentity,'Yes'), not(equals(steps('core').platformSubscription, 'Single')))]" - }, - { - "name": "identitypolicies", - "type": "Microsoft.Common.TextBlock", - "visible": "[equals(steps('identity').esIdentity,'Yes')]", - "options": { - "text": "Select which of the the recommended policies you will assign to your identity management group.", - "link": { - "label": "Learn more", - "uri": "https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/enterprise-scale/design-principles#policy-driven-governance" - } - } - }, - { - "name": "denyMgmtPortsForIdentity", - "type": "Microsoft.Common.OptionsGroup", - "label": "Prevent inbound management ports from internet", - "defaultValue": "Yes (recommended)", - "toolTip": "If 'Yes' is selected, Azure Policy will be assigned and prevent inbound management ports (22, 3389) from internet.
Uses the custom policy
Management port access from the Internet should be blocked.", - "constraints": { - "allowedValues": [ - { - "label": "Yes (recommended)", - "value": "Yes" }, - { - "label": "No", - "value": "No" + "visible": "[and(not(equals(steps('connectivity').enableHub, 'No')), not(equals(steps('connectivity').enableHub, 'No')))]" + }, + { + "name": "esAddressHubVWANSecondary", + "type": "Microsoft.Common.TextBox", + "label": "Address space for your second virtual hub (required for vWAN hub)", + "toolTip": "Provide address prefix in CIDR notation (e.g 10.200.0.0/23)", + "defaultValue": "10.200.0.0/23", + "visible": "[and(not(equals(steps('connectivity').enableHub, 'No')), not(equals(steps('connectivity').enableHub, 'nva')), not(equals(steps('connectivity').enableHub, 'vhub')), not(equals(steps('connectivity').enableHub, 'No')), not(equals(steps('connectivity').enableHub, 'nva')), not(equals(steps('connectivity').enableHub, 'vhub')))]", + "constraints": { + "required": true, + "validations": [ + { + "regex": "^(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(?:\/(1[0-9]|2[0-4]))$", + "message": "Invalid CIDR range. The address prefix must be in the range [10,24]." + } + ] } - ] - }, - "visible": "[equals(steps('identity').esIdentity,'Yes')]" - }, - { - "name": "denySubnetWithoutNsgForIdentity", - "type": "Microsoft.Common.OptionsGroup", - "label": "Ensure subnets are associated with NSG", - "defaultValue": "Yes (recommended)", - "toolTip": "If 'Yes' is selected, Azure Policy will be assigned to ensure NSGs must be associated with subnets being created.
Uses the custom policy Subnets should have a Network Security Group.", - "constraints": { - "allowedValues": [ - { - "label": "Yes (recommended)", - "value": "Yes" - }, - { - "label": "No", - "value": "No" + }, + { + "name": "esAddressHubHSSecondary", + "type": "Microsoft.Common.TextBox", + "label": "Address space for your second hub virtual network(required for hub virtual network)", + "toolTip": "Provide address prefix in CIDR notation (e.g 10.200.0.0/16)", + "defaultValue": "10.200.0.0/16", + "visible": "[and(not(equals(steps('connectivity').enableHub, 'No')), not(equals(steps('connectivity').enableHub, 'vwan')), not(equals(steps('connectivity').enableHub, 'No')), not(equals(steps('connectivity').enableHub, 'vwan')))]", + "constraints": { + "required": true, + "validations": [ + { + "regex": "^(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(?:\/(1[0-9]|2[0-4]))$", + "message": "Invalid CIDR range. The address prefix must be in the range [10,24]." + } + ] } - ] - }, - "visible": "[equals(steps('identity').esIdentity,'Yes')]" - }, - { - "name": "denyPipForIdentity", - "type": "Microsoft.Common.OptionsGroup", - "label": "Prevent usage of public IP", - "defaultValue": "Yes (recommended)", - "toolTip": "If 'Yes' is selected, Azure Policy will be assigned to ensure public IP resources cannot be created.
Uses the policy Not allowed resource types with parameters including Public IP Address resources.", - "constraints": { - "allowedValues": [ - { - "label": "Yes (recommended)", - "value": "Yes" - }, - { - "label": "No", - "value": "No" + }, + { + "name": "esNwZtnNote", + "type": "Microsoft.Common.InfoBox", + "visible": "[and(not(equals(steps('connectivity').enableHub, 'No')), not(equals(steps('connectivity').enableHub, 'nva')))]", + "options": { + "text": "ALZ defaults are aligned to Zero Trust Networking principles. Click on this box to learn more about the Zero Trust Networking principles and how to apply them.", + "uri": "https://learn.microsoft.com/security/zero-trust/deploy/networks", + "style": "Info" } - ] - }, - "visible": "[and(equals(steps('identity').esIdentity,'Yes'), not(equals(steps('core').platformSubscription, 'Single')))]" - }, - { - "name": "enableVmBackupForIdentity", - "type": "Microsoft.Common.OptionsGroup", - "label": "Ensure Azure VMs (Windows & Linux) are enabled for Azure Backup", - "defaultValue": "Yes (recommended)", - "toolTip": "If 'Yes' is selected, Azure Policy will be assigned and enable Azure Backup on all VMs in the landing zones.
Uses the policy Configure backup on virtual machines without a given tag to a new recovery services vault with a default policy.", - "constraints": { - "allowedValues": [ - { - "label": "Yes (recommended)", - "value": "Yes" - }, - { - "label": "No", - "value": "No" + }, + { + "name": "enableVpnGwSecondary", + "type": "Microsoft.Common.OptionsGroup", + "label": "Deploy VPN Gateway in your second region", + "defaultValue": "No", + "visible": "[and(not(equals(steps('connectivity').enableHub, 'No')), not(equals(steps('connectivity').enableHub, 'No')))]", + "toolTip": "If 'Yes' is selected when also adding a subscription for connectivity, ARM will deploy VPN gateway", + "constraints": { + "allowedValues": [ + { + "label": "Yes", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ] } - ] - }, - "visible": "[equals(steps('identity').esIdentity,'Yes')]" - }, - { - "name": "esIdentityConnectivity", - "type": "Microsoft.Common.OptionsGroup", - "label": "Create virtual network and connect to the connectivity hub (optional)?", - "defaultValue": "Yes (recommended)", - "toolTip": "If 'Yes' is selected for corp landing zones, ARM will connect the subscriptions to the hub virtual network via VNet peering.", - "constraints": { - "allowedValues": [ - { - "label": "Yes (recommended)", - "value": "Yes" - }, - { - "label": "No", - "value": "No" + }, + { + "name": "gwRegionalOrAzSecondary", + "type": "Microsoft.Common.OptionsGroup", + "label": "Deploy zone redundant or regional VPN Gateway in your second region", + "defaultValue": "Zone redundant (recommended)", + "visible": "[and(and(equals(steps('connectivity').esNetworkSecondarySubSection.enableVpnGwSecondary,'Yes'), not(equals(steps('connectivity').enableHub, 'vwan'))), equals(steps('connectivity').esNetworkSecondarySubSection.enableVpnGwSecondary,'Yes'),contains(split('brazilsouth,canadacentral,centralus,eastus,eastus2,southcentralus,westus2,westus3,francecentral,germanywestcentral,northeurope,norwayeast,uksouth,westeurope,swedencentral,switzerlandnorth,qatarcentral,uaenorth,southafricanorth,australiaeast,centralindia,japaneast,koreacentral,southeastasia,eastasia,italynorth', ','), steps('connectivity').esNetworkSecondarySubSection.connectivityLocationSecondary))]", + "toolTip": "If 'Yes' is selected when also adding a subscription for connectivity, ARM will deploy Virtual Gateway to the selected region and availability zones.", + "constraints": { + "allowedValues": [ + { + "label": "Zone redundant (recommended)", + "value": "Zone" + }, + { + "label": "Regional", + "value": "Regional" + } + ] } - ] - }, - "visible": "[and(and(equals(steps('identity').esIdentity,'Yes'), not(equals(steps('core').platformSubscription, 'Single'))), equals(steps('identity').esIdentity, 'Yes'), not(equals(steps('connectivity').enableHub,'No')))]" - }, - { - "name": "identityAddressPrefix", - "type": "Microsoft.Common.TextBox", - "label": "Virtual network address space", - "placeholder": "", - "defaultValue": "10.110.0.0/24", - "toolTip": "The virtual network's address space, specified as one address prefixes in CIDR notation (e.g. 192.168.1.0/24)", - "constraints": { + }, + { + "name": "enableVpnActiveActiveSecondary", + "type": "Microsoft.Common.OptionsGroup", + "label": "Deploy VPN Gateway in Active/Active mode in your second region", + "defaultValue": "No", + "visible": "[and(equals(steps('connectivity').esNetworkSecondarySubSection.enableVpnGwSecondary,'Yes'), not(equals(steps('connectivity').enableHub, 'vwan')), equals(steps('connectivity').esNetworkSecondarySubSection.enableVpnGwSecondary,'Yes'))]", + "toolTip": "Deploy the VPN gateway in Active/Active mode", + "constraints": { + "allowedValues": [ + { + "label": "Yes", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ] + } + }, + { + "name": "esGwNoAzSkuSecondary", + "type": "Microsoft.Common.DropDown", + "label": "Select the VPN Gateway SKU for your second region", + "defaultValue": "", + "multiselect": false, + "selectAll": false, + "filter": false, + "multiLine": true, + "visible": "[and(and(equals(steps('connectivity').esNetworkSecondarySubSection.enableVpnGwSecondary, 'Yes'), not(equals(steps('connectivity').enableHub, 'vwan'))), equals(steps('connectivity').esNetworkSecondarySubSection.enableVpnGwSecondary,'Yes'), not(contains(split('brazilsouth,canadacentral,centralus,eastus,eastus2,southcentralus,westus2,westus3,francecentral,germanywestcentral,northeurope,norwayeast,uksouth,westeurope,swedencentral,switzerlandnorth,qatarcentral,uaenorth,southafricanorth,australiaeast,centralindia,japaneast,koreacentral,southeastasia,eastasia,italynorth', ','), steps('connectivity').esNetworkSecondarySubSection.connectivityLocationSecondary)))]", + "toolTip": "Select the required SKU for the VPN gateway.", + "constraints": { + "allowedValues": [ + { + "label": "VpnGw2", + "description": "Supports BGP, max 30 S2S/VNet-VNet tunnels, max 128 P2S SSTP connections, max 500 IKEv2/OpenVPN connections, aggregate throughput is 1.25 Gbps", + "value": "VpnGw2" + }, + { + "label": "VpnGw3", + "description": "Supports BGP, max 30 S2S/VNet-VNet tunnels, max 128 P2S SSTP connections, max 1000 IKEv2/OpenVPN connections, aggregate throughput is 2.5 Gbps", + "value": "VpnGw3" + }, + { + "label": "VpnGw4", + "description": "Supports BGP, max 30 S2S/VNet-VNet tunnels, max 128 P2S SSTP connections, max 5000 IKEv2/OpenVPN connections, aggregate throughput is 5 Gbps", + "value": "VpnGw4" + }, + { + "label": "VpnGw5", + "description": "Supports BGP, max 30 S2S/VNet-VNet tunnels, max 128 P2S SSTP connections, max 10000 IKEv2/OpenVPN connections, aggregate throughput is 10 Gbps", + "value": "VpnGw5" + } + ] + } + }, + { + "name": "gwAzSkuSecondary", + "type": "Microsoft.Common.DropDown", + "label": "Select the VPN Gateway SKU for your second region", + "defaultValue": "", + "multiselect": false, + "selectAll": false, + "filter": false, + "multiLine": true, + "visible": "[and(and(equals(steps('connectivity').esNetworkSecondarySubSection.enableVpnGwSecondary, 'Yes'), not(equals(steps('connectivity').enableHub, 'vwan'))), equals(steps('connectivity').esNetworkSecondarySubSection.enableVpnGwSecondary,'Yes'), equals(steps('connectivity').esNetworkSecondarySubSection.gwRegionalOrAzSecondary, 'Zone') ,contains(split('brazilsouth,canadacentral,centralus,eastus,eastus2,southcentralus,westus2,westus3,francecentral,germanywestcentral,northeurope,norwayeast,uksouth,westeurope,swedencentral,switzerlandnorth,qatarcentral,uaenorth,southafricanorth,australiaeast,centralindia,japaneast,koreacentral,southeastasia,eastasia,italynorth', ','), steps('connectivity').esNetworkSecondarySubSection.connectivityLocationSecondary))]", + "toolTip": "Select the required SKU for the VPN gateway.", + "constraints": { + "allowedValues": [ + { + "label": "VpnGw2AZ", + "description": "Supports BGP, max 30 S2S/VNet-VNet tunnels, max 128 P2S SSTP connections, max 500 IKEv2/OpenVPN connections, aggregate throughput is 1.25 Gbps", + "value": "VpnGw2AZ" + }, + { + "label": "VpnGw3AZ", + "description": "Supports BGP, max 30 S2S/VNet-VNet tunnels, max 128 P2S SSTP connections, max 1000 IKEv2/OpenVPN connections, aggregate throughput is 2.5 Gbps", + "value": "VpnGw3AZ" + }, + { + "label": "VpnGw4AZ", + "description": "Supports BGP, max 30 S2S/VNet-VNet tunnels, max 128 P2S SSTP connections, max 5000 IKEv2/OpenVPN connections, aggregate throughput is 5 Gbps", + "value": "VpnGw4AZ" + }, + { + "label": "VpnGw5AZ", + "description": "Supports BGP, max 30 S2S/VNet-VNet tunnels, max 128 P2S SSTP connections, max 10000 IKEv2/OpenVPN connections, aggregate throughput is 10 Gbps", + "value": "VpnGw5AZ" + } + ] + } + }, + { + "name": "gwRegionalSkuSecondary", + "type": "Microsoft.Common.DropDown", + "label": "Select the VPN Gateway SKU for your second region", + "defaultValue": "", + "multiselect": false, + "selectAll": false, + "filter": false, + "multiLine": true, + "visible": "[and(and(equals(steps('connectivity').esNetworkSecondarySubSection.enableVpnGwSecondary, 'Yes'), not(equals(steps('connectivity').enableHub, 'vwan'))), equals(steps('connectivity').esNetworkSecondarySubSection.enableVpnGwSecondary,'Yes'), equals(steps('connectivity').esNetworkSecondarySubSection.gwRegionalOrAzSecondary, 'Regional'))]", + "toolTip": "Select the required SKU for the VPN gateway.", + "constraints": { + "allowedValues": [ + { + "label": "VpnGw2", + "description": "Supports BGP, max 30 S2S/VNet-VNet tunnels, max 128 P2S SSTP connections, max 500 IKEv2/OpenVPN connections, aggregate throughput is 1.25 Gbps", + "value": "VpnGw2" + }, + { + "label": "VpnGw3", + "description": "Supports BGP, max 30 S2S/VNet-VNet tunnels, max 128 P2S SSTP connections, max 1000 IKEv2/OpenVPN connections, aggregate throughput is 2.5 Gbps", + "value": "VpnGw3" + }, + { + "label": "VpnGw4", + "description": "Supports BGP, max 30 S2S/VNet-VNet tunnels, max 128 P2S SSTP connections, max 5000 IKEv2/OpenVPN connections, aggregate throughput is 5 Gbps", + "value": "VpnGw4" + }, + { + "label": "VpnGw5", + "description": "Supports BGP, max 30 S2S/VNet-VNet tunnels, max 128 P2S SSTP connections, max 10000 IKEv2/OpenVPN connections, aggregate throughput is 10 Gbps", + "value": "VpnGw5" + } + ] + } + }, + { + "name": "vpnGateWayScaleUnitSecondary", + "type": "Microsoft.Common.DropDown", + "label": "Select the VPN Gateway scale unit for your second region", + "defaultValue": "", + "multiselect": false, + "selectAll": false, + "filter": false, + "multiLine": true, + "visible": "[and(equals(steps('connectivity').esNetworkSecondarySubSection.enableVpnGwSecondary, 'Yes'), equals(steps('connectivity').enableHub, 'vwan'))]", + "toolTip": "Select the VPN Gateway scale unit", + "constraints": { + "allowedValues": [ + { + "label": "1 scale unit", + "description": "Supports 500 Mbps x2", + "value": "1" + }, + { + "label": "2 scale units", + "description": "Supports 1 Gbps x 2", + "value": "2" + }, + { + "label": "3 scale units", + "description": "Supports 1.5 Gbps x 2", + "value": "3" + }, + { + "label": "4 scale units", + "description": "Supports 2 Gbps x 2", + "value": "4" + }, + { + "label": "5 scale units", + "description": "Supports 2.5 Gbps x 2", + "value": "5" + }, + { + "label": "6 scale units", + "description": "Supports 3 Gbps x 2", + "value": "6" + }, + { + "label": "7 scale units", + "description": "Supports 3.5 Gbps x 2", + "value": "7" + }, + { + "label": "8 scale units", + "description": "Supports 4 Gbps x 2", + "value": "8" + }, + { + "label": "9 scale units", + "description": "Supports 4.5 Gbps x 2", + "value": "9" + }, + { + "label": "10 scale units", + "description": "Supports 5 Gbps x 2", + "value": "10" + }, + { + "label": "11 scale units", + "description": "Supports 5.5 Gbps x 2", + "value": "11" + }, + { + "label": "12 scale units", + "description": "Supports 6 Gbps x 2", + "value": "12" + }, + { + "label": "13 scale units", + "description": "Supports 6.5 Gbps x 2", + "value": "13" + }, + { + "label": "14 scale units", + "description": "Supports 7 Gbps x 2", + "value": "14" + }, + { + "label": "15 scale units", + "description": "Supports 7.5 Gbps x 2", + "value": "15" + }, + { + "label": "16 scale units", + "description": "Supports 8 Gbps x 2", + "value": "16" + }, + { + "label": "17 scale units", + "description": "Supports 8.5 Gbps x 2", + "value": "17" + }, + { + "label": "18 scale units", + "description": "Supports 9 Gbps x 2", + "value": "18" + }, + { + "label": "19 scale units", + "description": "Supports 9.5 Gbps x 2", + "value": "19" + }, + { + "label": "20 scale units", + "description": "Supports 10 Gbps x 2", + "value": "20" + } + ] + } + }, + { + "name": "subnetMaskForGwSecondary", + "type": "Microsoft.Common.TextBox", + "label": "Subnet for VPN/ExpressRoute Gateways in your second region", + "toolTip": "Provide address prefix in CIDR notation (e.g 10.200.1.0/24)", + "defaultValue": "10.200.1.0/24", + "visible": "[and(not(equals(steps('connectivity').enableHub, 'vwan')), or(equals(steps('connectivity').esNetworkSecondarySubSection.enableErGwSecondary, 'Yes'),equals(steps('connectivity').esNetworkSecondarySubSection.enableVpnGwSecondary, 'Yes')))]", + "constraints": { + "required": true, + "validations": [ + { + "regex": "^(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(?:\/(2[0-7]))$", + "message": "Invalid CIDR range. The address prefix must be in the range [20,27]." + }, + { + "isValid": "[if(greaterOrEquals(last(split(steps('connectivity').esNetworkSecondarySubSection.esAddressHubHSSecondary, '/')), 8), equals(last(take(split(first(split(steps('connectivity').esNetworkSecondarySubSection.esAddressHubHSSecondary, '/')), '.'), 1)), last(take(split(first(split(steps('connectivity').esNetworkSecondarySubSection.subnetMaskForGwSecondary, '/')), '.'), 1))), true)]", + "message": "CIDR range not within virtual network CIDR range (first octet)." + }, + { + "isValid": "[if(greaterOrEquals(last(split(steps('connectivity').esNetworkSecondarySubSection.esAddressHubHSSecondary, '/')), 16), equals(last(take(split(first(split(steps('connectivity').esNetworkSecondarySubSection.esAddressHubHSSecondary, '/')), '.'), 2)), last(take(split(first(split(steps('connectivity').esNetworkSecondarySubSection.subnetMaskForGwSecondary, '/')), '.'), 2))), true)]", + "message": "CIDR range not within virtual network CIDR range (second octet)." + }, + { + "isValid": "[if(greaterOrEquals(last(split(steps('connectivity').esNetworkSecondarySubSection.esAddressHubHSSecondary, '/')), 24), equals(last(take(split(first(split(steps('connectivity').esNetworkSecondarySubSection.esAddressHubHSSecondary, '/')), '.'), 3)), last(take(split(first(split(steps('connectivity').esNetworkSecondarySubSection.subnetMaskForGwSecondary, '/')), '.'), 3))), true)]", + "message": "CIDR range not within virtual network CIDR range (third octet)." + }, + { + "isValid": "[lessOrEquals(last(split(steps('connectivity').esNetworkSecondarySubSection.esAddressHubHSSecondary, '/')), last(split(steps('connectivity').esNetworkSecondarySubSection.subnetMaskForGwSecondary, '/')))]", + "message": "CIDR range not within virtual network CIDR range (subnet mask)." + } + ] + } + }, + { + "name": "enableErGwSecondary", + "type": "Microsoft.Common.OptionsGroup", + "label": "Deploy ExpressRoute Gateway in your second region", + "defaultValue": "No", + "visible": "[and(not(equals(steps('connectivity').enableHub, 'No')), not(equals(steps('connectivity').enableHub, 'No')))]", + "toolTip": "If 'Yes' is selected when also adding a subscription for connectivity, ARM will deploy Express Route gateway", + "constraints": { + "allowedValues": [ + { + "label": "Yes", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ] + } + }, + { + "name": "erRegionalOrAzSecondary", + "type": "Microsoft.Common.OptionsGroup", + "label": "Deploy zone redundant or regional ExpressRoute Gateway in your second region", + "defaultValue": "Zone redundant (recommended)", + "visible": "[and(and(equals(steps('connectivity').esNetworkSecondarySubSection.enableErGwSecondary, 'Yes'), not(equals(steps('connectivity').enableHub, 'vwan'))),equals(steps('connectivity').esNetworkSecondarySubSection.enableErGwSecondary,'Yes'),contains(split('brazilsouth,canadacentral,centralus,eastus,eastus2,southcentralus,westus2,westus3,francecentral,germanywestcentral,northeurope,norwayeast,uksouth,westeurope,swedencentral,switzerlandnorth,qatarcentral,uaenorth,southafricanorth,australiaeast,centralindia,japaneast,koreacentral,southeastasia,eastasia,italynorth', ','), steps('connectivity').esNetworkSecondarySubSection.connectivityLocationSecondary))]", + "toolTip": "If 'Yes' is selected when also adding a subscription for connectivity, ARM will deploy Express Route Gateway to the selected region and availability zones.", + "constraints": { + "allowedValues": [ + { + "label": "Zone redundant (recommended)", + "value": "Zone" + }, + { + "label": "Regional", + "value": "Regional" + } + ] + } + }, + { + "name": "erAzSkuSecondary", + "type": "Microsoft.Common.DropDown", + "label": "Select the ExpressRoute Gateway SKU for your second region", + "defaultValue": "", + "multiselect": false, + "selectAll": false, + "filter": false, + "multiLine": true, + "visible": "[and(and(equals(steps('connectivity').esNetworkSecondarySubSection.enableErGwSecondary, 'Yes'), not(equals(steps('connectivity').enableHub, 'vwan'))),equals(steps('connectivity').esNetworkSecondarySubSection.enableErGwSecondary,'Yes'), equals(steps('connectivity').esNetworkSecondarySubSection.erRegionalOrAzSecondary, 'Zone'), contains(split('brazilsouth,canadacentral,centralus,eastus,eastus2,southcentralus,westus2,westus3,francecentral,germanywestcentral,northeurope,norwayeast,uksouth,westeurope,swedencentral,switzerlandnorth,qatarcentral,uaenorth,southafricanorth,australiaeast,centralindia,japaneast,koreacentral,southeastasia,eastasia,italynorth', ','), steps('connectivity').esNetworkSecondarySubSection.connectivityLocationSecondary))]", + "toolTip": "Select the required SKU for the Express Route gateway.", + "constraints": { + "allowedValues": [ + { + "label": "ErGw1AZ", + "description": "Megabits per second 1000, packets per second 100,000, connections per second 7000, max number of cicuit connections is 4", + "value": "ErGw1AZ" + }, + { + "label": "ErGw2AZ", + "description": "Megabits per second 2000, packets per second 250,000, connections per second 14000, max number of cicuit connections is 8", + "value": "ErGw2AZ" + }, + { + "label": "ErGw3AZ", + "description": "Megabits per second 10,000, packets per second 1,000,000, connections per second 28,000, max number of cicuit connections is 16", + "value": "ErGw3AZ" + } + ] + } + }, + { + "name": "erRegionalSkuSecondary", + "type": "Microsoft.Common.DropDown", + "label": "Select the ExpressRoute Gateway SKU for your second region", + "defaultValue": "", + "multiselect": false, + "selectAll": false, + "filter": false, + "multiLine": true, + "visible": "[and(and(equals(steps('connectivity').esNetworkSecondarySubSection.enableErGwSecondary, 'Yes'), not(equals(steps('connectivity').enableHub, 'vwan'))), equals(steps('connectivity').esNetworkSecondarySubSection.enableErGwSecondary,'Yes'), equals(steps('connectivity').esNetworkSecondarySubSection.erRegionalOrAzSecondary, 'Regional'), contains(split('brazilsouth,canadacentral,centralus,eastus,eastus2,southcentralus,westus2,westus3,francecentral,germanywestcentral,northeurope,norwayeast,uksouth,westeurope,swedencentral,switzerlandnorth,qatarcentral,uaenorth,southafricanorth,australiaeast,centralindia,japaneast,koreacentral,southeastasia,eastasia,italynorth', ','), steps('connectivity').esNetworkSecondarySubSection.connectivityLocationSecondary))]", + "toolTip": "Select the required SKU for the Express Route gateway.", + "constraints": { + "allowedValues": [ + { + "label": "Standard", + "description": "Megabits per second 1000, packets per second 100,000, connections per second 7000, max number of cicuit connections is 4", + "value": "Standard" + }, + { + "label": "HighPerformance", + "description": "Megabits per second 2000, packets per second 250,000, connections per second 14000, max number of cicuit connections is 8", + "value": "HighPerformance" + }, + { + "label": "UltraPerformance", + "description": "Megabits per second 10,000, packets per second 1,000,000, connections per second 28,000, max number of cicuit connections is 16", + "value": "UltraPerformance" + } + ] + } + }, + { + "name": "esErNoAzSkuSecondary", + "type": "Microsoft.Common.DropDown", + "label": "Select the ExpressRoute Gateway SKU for your second region", + "defaultValue": "", + "multiselect": false, + "selectAll": false, + "filter": false, + "multiLine": true, + "visible": "[and(and(equals(steps('connectivity').esNetworkSecondarySubSection.enableErGwSecondary, 'Yes'), not(equals(steps('connectivity').enableHub, 'vwan'))),equals(steps('connectivity').esNetworkSecondarySubSection.enableErGwSecondary,'Yes'), not(contains(split('canadacentral,centralus,eastus,eastus2,southcentralus,westus2,francecentral,germanywestcentral,northeurope,westeurope,uksouth,southafricanorth,japaneast,southeastasia,australiaeast,italynorth', ','), steps('connectivity').esNetworkSecondarySubSection.connectivityLocationSecondary)))]", + "toolTip": "Select the required SKU for the Express Route gateway.", + "constraints": { + "allowedValues": [ + { + "label": "Standard", + "description": "Megabits per second 1000, packets per second 100,000, connections per second 7000, max number of cicuit connections is 4", + "value": "Standard" + }, + { + "label": "HighPerformance", + "description": "Megabits per second 2000, packets per second 250,000, connections per second 14000, max number of cicuit connections is 8", + "value": "HighPerformance" + }, + { + "label": "UltraPerformance", + "description": "Megabits per second 10,000, packets per second 1,000,000, connections per second 28,000, max number of cicuit connections is 16", + "value": "UltraPerformance" + } + ] + } + }, + { + "name": "expressRouteScaleUnitSecondary", + "type": "Microsoft.Common.DropDown", + "label": "Select the ExpressRoute Gateway scale unit for your second region", + "defaultValue": "", + "multiselect": false, + "selectAll": false, + "filter": false, + "multiLine": true, + "visible": "[and(equals(steps('connectivity').esNetworkSecondarySubSection.enableErGwSecondary, 'Yes'), equals(steps('connectivity').enableHub, 'vwan'))]", + "toolTip": "Select the ExpressRoute Gateway scale unit", + "constraints": { + "allowedValues": [ + { + "label": "1 scale unit", + "description": "Supports 2 Gbps", + "value": "1" + }, + { + "label": "2 scale units", + "description": "Supports 4 Gbps", + "value": "2" + }, + { + "label": "3 scale units", + "description": "Supports 6 Gbps", + "value": "3" + }, + { + "label": "4 scale units", + "description": "Supports 8 Gbps", + "value": "4" + }, + { + "label": "5 scale units", + "description": "Supports 10 Gbps", + "value": "5" + }, + { + "label": "6 scale units", + "description": "Supports 12 Gbps", + "value": "6" + }, + { + "label": "7 scale units", + "description": "Supports 14 Gbps", + "value": "7" + }, + { + "label": "8 scale units", + "description": "Supports 16 Gbps", + "value": "8" + }, + { + "label": "9 scale units", + "description": "Supports 18 Gbps", + "value": "9" + }, + { + "label": "10 scale units", + "description": "Supports 20 Gbps", + "value": "10" + } + ] + } + }, + { + "name": "enableAzFwSecondary", + "type": "Microsoft.Common.OptionsGroup", + "label": "Deploy Azure Firewall in your second region", + "defaultValue": "Yes (recommended)", + "visible": "[or(equals(steps('connectivity').enableHub, 'vhub'), equals(steps('connectivity').enableHub, 'vwan'))]", + "toolTip": "If 'Yes' is selected when also adding a subscription for connectivity, ARM will deploy Azure Firewall", + "constraints": { + "allowedValues": [ + { + "label": "Yes (recommended)", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ] + } + }, + { + "name": "firewallSkuSecondary", + "type": "Microsoft.Common.DropDown", + "label": "Select Azure Firewall tier for your second region", + "defaultValue": "Premium", + "multiselect": false, + "selectAll": false, + "filter": false, + "multiLine": true, + "visible": "[equals(steps('connectivity').esNetworkSecondarySubSection.enableAzFwSecondary, 'Yes')]", + "toolTip": "Select Azure Firewall tier", + "constraints": { + "allowedValues": [ + { + "label": "Basic", + "description": "Basic Azure Firewall", + "value": "Basic" + }, + { + "label": "Standard", + "description": "Standard Azure Firewall", + "value": "Standard" + }, + { + "label": "Premium", + "description": "Premium Azure Firewall adds support for TLS inspection, IDPS, URL filtering and web categories.", + "value": "Premium" + } + ] + } + }, + { + "name": "esFWAZNoteSecondary", + "type": "Microsoft.Common.InfoBox", + "visible": "[if(or(equals(steps('connectivity').enableHub, 'vhub'), equals(steps('connectivity').enableHub, 'vwan')), and(equals(steps('connectivity').esNetworkSecondarySubSection.enableAzFwSecondary,'Yes'), contains(split('brazilsouth,canadacentral,centralus,eastus,eastus2,southcentralus,westus2,westus3,francecentral,germanywestcentral,northeurope,norwayeast,uksouth,westeurope,swedencentral,switzerlandnorth,qatarcentral,uaenorth,southafricanorth,australiaeast,centralindia,japaneast,koreacentral,southeastasia,eastasia,italynorth', ','), steps('connectivity').esNetworkSecondarySubSection.connectivityLocationSecondary)), false)]", + "options": { + "text": "ALZ enables Availability Zones for all services that it deploys by default for maximum resiliency in regions where Availability Zones are supported, including for Azure Firewall. Review the selected Availability Zones meet your architectural requirements and that you understand the added costs for inbound and outbound data transfers associated with Avaialability Zones, before proceeding. Click on this box to learn more about the Availability Zones and Azure Firewall.", + "uri": "https://learn.microsoft.com/en-us/azure/firewall/features#built-in-high-availability", + "style": "Info" + } + }, + { + "name": "firewallZonesSecondary", + "type": "Microsoft.Common.DropDown", + "label": "Select Availability Zones for the Azure Firewall in your second region", + "defaultValue": [{"value": "1"}, {"value": "2"}, {"value": "3"}], + "multiselect": true, + "selectAll": true, + "filter": true, + "visible": "[if(or(equals(steps('connectivity').enableHub, 'vhub'), equals(steps('connectivity').enableHub, 'vwan')), and(equals(steps('connectivity').esNetworkSecondarySubSection.enableAzFwSecondary,'Yes'), contains(split('brazilsouth,canadacentral,centralus,eastus,eastus2,southcentralus,westus2,westus3,francecentral,germanywestcentral,northeurope,norwayeast,uksouth,westeurope,swedencentral,switzerlandnorth,qatarcentral,uaenorth,southafricanorth,australiaeast,centralindia,japaneast,koreacentral,southeastasia,eastasia,italynorth', ','), steps('connectivity').esNetworkSecondarySubSection.connectivityLocationSecondary)), false)]", + "toolTip": "If 'Yes' is selected when also adding a subscription for connectivity, ARM will deploy Azure Firewall to the selected region and availability zones.", + "constraints": { + "allowedValues": [ + { + "label": "Zone 1", + "value": "1" + }, + { + "label": "Zone 2", + "value": "2" + }, + { + "label": "Zone 3", + "value": "3" + } + ] + } + }, + { + "name": "subnetMaskForAzFwSecondary", + "type": "Microsoft.Common.TextBox", + "label": "Subnet for Azure Firewall in your second region", + "toolTip": "Provide address prefix in CIDR notation (e.g 10.200.0.0/24)", + "defaultValue": "10.200.0.0/24", + "visible": "[and(equals(steps('connectivity').esNetworkSecondarySubSection.enableAzFwSecondary, 'Yes'), not(equals(steps('connectivity').enableHub, 'vwan')))]", + "constraints": { + "required": true, + "validations": [ + { + "regex": "^(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(?:\/(2[0-6]))$", + "message": "Invalid CIDR range. The address prefix must be in the range [20,26]." + }, + { + "isValid": "[if(greaterOrEquals(last(split(steps('connectivity').esNetworkSecondarySubSection.esAddressHubHSSecondary, '/')), 8), equals(last(take(split(first(split(steps('connectivity').esNetworkSecondarySubSection.esAddressHubHSSecondary, '/')), '.'), 1)), last(take(split(first(split(steps('connectivity').esNetworkSecondarySubSection.subnetMaskForAzFwSecondary, '/')), '.'), 1))), true)]", + "message": "CIDR range not within virtual network CIDR range (first octet)." + }, + { + "isValid": "[if(greaterOrEquals(last(split(steps('connectivity').esNetworkSecondarySubSection.esAddressHubHSSecondary, '/')), 16), equals(last(take(split(first(split(steps('connectivity').esNetworkSecondarySubSection.esAddressHubHSSecondary, '/')), '.'), 2)), last(take(split(first(split(steps('connectivity').esNetworkSecondarySubSection.subnetMaskForAzFwSecondary, '/')), '.'), 2))), true)]", + "message": "CIDR range not within virtual network CIDR range (second octet)." + }, + { + "isValid": "[if(greaterOrEquals(last(split(steps('connectivity').esNetworkSecondarySubSection.esAddressHubHSSecondary, '/')), 24), equals(last(take(split(first(split(steps('connectivity').esNetworkSecondarySubSection.esAddressHubHSSecondary, '/')), '.'), 3)), last(take(split(first(split(steps('connectivity').esNetworkSecondarySubSection.subnetMaskForAzFwSecondary, '/')), '.'), 3))), true)]", + "message": "CIDR range not within virtual network CIDR range (third octet)." + }, + { + "isValid": "[lessOrEquals(last(split(steps('connectivity').esNetworkSecondarySubSection.esAddressHubHSSecondary, '/')), last(split(steps('connectivity').esNetworkSecondarySubSection.subnetMaskForAzFwSecondary, '/')))]", + "message": "CIDR range not within virtual network CIDR range (subnet mask)." + } + ] + } + }, + { + "name": "subnetMaskForAzFwMgmtSecondary", + "type": "Microsoft.Common.TextBox", + "label": "Subnet for Azure Firewall Mgmt (Optional Only for Basic SKU) in your second region", + "toolTip": "Provide address prefix in CIDR notation (e.g 10.200.0.0/26)", + "defaultValue": "10.200.2.0/24", + "visible": "[and(equals(steps('connectivity').esNetworkSecondarySubSection.enableAzFwSecondary, 'Yes'), equals(steps('connectivity').esNetworkSecondarySubSection.firewallSkuSecondary, 'Basic'), not(equals(steps('connectivity').enableHub, 'vwan')))]", + "constraints": { + "required": true, + "validations": [ + { + "regex": "^(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(?:\/(2[0-6]))$", + "message": "Invalid CIDR range. The address prefix must be in the range [20,26]." + }, + { + "isValid": "[if(greaterOrEquals(last(split(steps('connectivity').esNetworkSecondarySubSection.esAddressHubHSSecondary, '/')), 8), equals(last(take(split(first(split(steps('connectivity').esNetworkSecondarySubSection.esAddressHubHSSecondary, '/')), '.'), 1)), last(take(split(first(split(steps('connectivity').esNetworkSecondarySubSection.subnetMaskForAzFwSecondary, '/')), '.'), 1))), true)]", + "message": "CIDR range not within virtual network CIDR range (first octet)." + }, + { + "isValid": "[if(greaterOrEquals(last(split(steps('connectivity').esNetworkSecondarySubSection.esAddressHubHSSecondary, '/')), 16), equals(last(take(split(first(split(steps('connectivity').esNetworkSecondarySubSection.esAddressHubHSSecondary, '/')), '.'), 2)), last(take(split(first(split(steps('connectivity').esNetworkSecondarySubSection.subnetMaskForAzFwSecondary, '/')), '.'), 2))), true)]", + "message": "CIDR range not within virtual network CIDR range (second octet)." + }, + { + "isValid": "[if(greaterOrEquals(last(split(steps('connectivity').esNetworkSecondarySubSection.esAddressHubHSSecondary, '/')), 24), equals(last(take(split(first(split(steps('connectivity').esNetworkSecondarySubSection.esAddressHubHSSecondary, '/')), '.'), 3)), last(take(split(first(split(steps('connectivity').esNetworkSecondarySubSection.subnetMaskForAzFwSecondary, '/')), '.'), 3))), true)]", + "message": "CIDR range not within virtual network CIDR range (third octet)." + }, + { + "isValid": "[lessOrEquals(last(split(steps('connectivity').esNetworkSecondarySubSection.esAddressHubHSSecondary, '/')), last(split(steps('connectivity').esNetworkSecondarySubSection.subnetMaskForAzFwSecondary, '/')))]", + "message": "CIDR range not within virtual network CIDR range (subnet mask)." + } + ] + } + }, + { + "name": "enableAzFwDnsProxySecondary", + "type": "Microsoft.Common.OptionsGroup", + "label": "Enable Azure Firewall as a DNS proxy in your second region", + "defaultValue": "No", + "visible": "[and(equals(steps('connectivity').esNetworkSecondarySubSection.enableAzFwSecondary, 'Yes'), not(equals(steps('connectivity').esNetworkSecondarySubSection.firewallSkuSecondary, 'Basic')))]", + "toolTip": "If 'Yes' is selected when also adding a subscription for connectivity, ARM will enable Azure Firewall as a DNS Proxy.", + "constraints": { + "allowedValues": [ + { + "label": "Yes", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ] + } + }, + { + "name": "enablevWANRoutingIntentSecondary", + "type": "Microsoft.Common.OptionsGroup", + "label": "Enable vWAN Routing Intent in your second", + "defaultValue": "No", + "visible": "[and(not(equals(steps('connectivity').enableHub, 'No')), not(equals(steps('connectivity').enableHub, 'nva')), not(equals(steps('connectivity').enableHub, 'vhub')), equals(steps('connectivity').esNetworkSecondarySubSection.enableAzFwSecondary, 'Yes'))]", + "toolTip": "Enable vWan Routing Intent and set Azure Firewall as the next hop either for Internet Traffic, Private Traffic or both", + "constraints": { + "allowedValues": [ + { + "label": "Yes", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ] + } + }, + { + "name": "vWANRoutingIntentforInternetTrafficSecondary", + "type": "Microsoft.Common.OptionsGroup", + "label": "Select Yes if you want to enable routing intent policy to apply on Internet Traffic for your second region", + "defaultValue": "No", + "visible": "[and(not(equals(steps('connectivity').enableHub, 'No')), not(equals(steps('connectivity').enableHub, 'nva')), not(equals(steps('connectivity').enableHub, 'vhub')), equals(steps('connectivity').enableAzFw, 'Yes'),equals(steps('connectivity').esNetworkSecondarySubSection.enablevWANRoutingIntentSecondary, 'Yes'))]", + "toolTip": "Enable vWAN Routing Intent for Internet Traffic", + "constraints": { + "allowedValues": [ + { + "label": "Yes", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ] + } + }, + { + "name": "vWANRoutingIntentforPrivateTrafficSecondary", + "type": "Microsoft.Common.OptionsGroup", + "label": "Select Yes if you want to enable routing intent policy to apply on Private Traffic", + "defaultValue": "No", + "visible": "[and(not(equals(steps('connectivity').enableHub, 'No')), not(equals(steps('connectivity').enableHub, 'nva')), not(equals(steps('connectivity').enableHub, 'vhub')), equals(steps('connectivity').esNetworkSecondarySubSection.enableAzFwSecondary, 'Yes'),equals(steps('connectivity').esNetworkSecondarySubSection.enablevWANRoutingIntentSecondary, 'Yes'))]", + "toolTip": "Enable vWAN Routing Intent for Private Traffic for your second region", + "constraints": { + "allowedValues": [ + { + "label": "Yes", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ] + } + }, + { + "name": "vWANHubRoutingPreferenceSecondary", + "type": "Microsoft.Common.DropDown", + "label": "Hub Routing Preference for secondary region", + "defaultValue": "ExpressRoute (default)", + "multiselect": false, + "selectAll": false, + "filter": false, + "multiLine": true, + "visible": "[and(not(equals(steps('connectivity').enableHub, 'No')), not(equals(steps('connectivity').enableHub, 'nva')), not(equals(steps('connectivity').enableHub, 'vhub')), not(equals(steps('connectivity').enableHub, 'No')), not(equals(steps('connectivity').enableHub, 'nva')), not(equals(steps('connectivity').enableHub, 'vhub')))]", + "toolTip": "Preference used in selecting best path when the virtual hub learns multiple paths to the same destination route-prefix.Virtual hub routing preference.", + "constraints": { + "allowedValues": [ + { + "label": "ExpressRoute (default)", + "description": "ExpressRoute is the preferred path. (default)", + "value": "ExpressRoute" + }, + { + "label": "VPN", + "description": "VPN is the preferred path", + "value": "VpnGateway" + }, + { + "label": "AS Path", + "description": "AS Path is the preferred path", + "value": "ASPath" + } + ] + } + }, + { + "name": "vWANHubCapacitySecondary", + "type": "Microsoft.Common.DropDown", + "label": "Virtual Hub Capacity in second region", + "defaultValue": "", + "multiselect": false, + "selectAll": false, + "filter": false, + "multiLine": true, + "visible": "[and(not(equals(steps('connectivity').enableHub, 'No')), not(equals(steps('connectivity').enableHub, 'nva')), not(equals(steps('connectivity').enableHub, 'vhub')), not(equals(steps('connectivity').enableHub, 'No')), not(equals(steps('connectivity').enableHub, 'nva')), not(equals(steps('connectivity').enableHub, 'vhub')))]", + "toolTip": "Routing infrastructure units determine the minimum throughput of the Virtual WAN hub router and the number of Virtual Machines that can be deployed in Virtual Networks connected to the Virtual WAN hub. Two routing infrastructure units are included at no extra cost with a deployment of a hub.Virtual Hub Capacity.", + "constraints": { + "allowedValues": [ + { + "label": "2", + "description": "2 Routing Infrastructure Units, 3 Gbps Aggregate Throughput, Supports 2000 VMs", + "value": "2" + }, + { + "label": "3", + "description": "3 Routing Infrastructure Units, 3 Gbps Aggregate Throughput, Supports 3000 VMs", + "value": "3" + }, + { + "label": "4", + "description": "4 Routing Infrastructure Units, 4 Gbps Aggregate Throughput, Supports 4000 VMs", + "value": "4" + }, + { + "label": "5", + "description": "5 Routing Infrastructure Units, 5 Gbps Aggregate Throughput, Supports 5000 VMs", + "value": "5" + }, + { + "label": "6", + "description": "6 Routing Infrastructure Units, 6 Gbps Aggregate Throughput, Supports 6000 VMs", + "value": "6" + }, + { + "label": "7", + "description": "7 Routing Infrastructure Units, 7 Gbps Aggregate Throughput, Supports 7000 VMs", + "value": "7" + }, + { + "label": "8", + "description": "8 Routing Infrastructure Units, 8 Gbps Aggregate Throughput, Supports 8000 VMs", + "value": "8" + }, + { + "label": "9", + "description": "9 Routing Infrastructure Units, 9 Gbps Aggregate Throughput, Supports 9000 VMs", + "value": "9" + }, + { + "label": "10", + "description": "10 Routing Infrastructure Units, 10 Gbps Aggregate Throughput, Supports 10000 VMs", + "value": "10" + }, + { + "label": "11", + "description": "11 Routing Infrastructure Units, 11 Gbps Aggregate Throughput, Supports 11000 VMs", + "value": "11" + }, + { + "label": "12", + "description": "12 Routing Infrastructure Units, 12 Gbps Aggregate Throughput, Supports 12000 VMs", + "value": "12" + }, + { + "label": "13", + "description": "13 Routing Infrastructure Units, 13 Gbps Aggregate Throughput, Supports 13000 VMs", + "value": "13" + }, + { + "label": "14", + "description": "14 Routing Infrastructure Units, 14 Gbps Aggregate Throughput, Supports 14000 VMs", + "value": "14" + }, + { + "label": "15", + "description": "15 Routing Infrastructure Units, 15 Gbps Aggregate Throughput, Supports 15000 VMs", + "value": "15" + }, + { + "label": "16", + "description": "16 Routing Infrastructure Units, 16 Gbps Aggregate Throughput, Supports 16000 VMs", + "value": "16" + }, + { + "label": "17", + "description": "17 Routing Infrastructure Units, 17 Gbps Aggregate Throughput, Supports 17000 VMs", + "value": "17" + }, + { + "label": "18", + "description": "18 Routing Infrastructure Units, 18 Gbps Aggregate Throughput, Supports 18000 VMs", + "value": "18" + }, + { + "label": "19", + "description": "19 Routing Infrastructure Units, 19 Gbps Aggregate Throughput, Supports 19000 VMs", + "value": "19" + }, + { + "label": "20", + "description": "20 Routing Infrastructure Units, 20 Gbps Aggregate Throughput, Supports 20000 VMs", + "value": "20" + }, + { + "label": "21", + "description": "21 Routing Infrastructure Units, 21 Gbps Aggregate Throughput, Supports 21000 VMs", + "value": "21" + }, + { + "label": "22", + "description": "22 Routing Infrastructure Units, 22 Gbps Aggregate Throughput, Supports 22000 VMs", + "value": "22" + }, + { + "label": "23", + "description": "23 Routing Infrastructure Units, 23 Gbps Aggregate Throughput, Supports 23000 VMs", + "value": "23" + }, + { + "label": "24", + "description": "24 Routing Infrastructure Units, 24 Gbps Aggregate Throughput, Supports 24000 VMs", + "value": "24" + }, + { + "label": "25", + "description": "25 Routing Infrastructure Units, 25 Gbps Aggregate Throughput, Supports 25000 VMs", + "value": "25" + }, + { + "label": "26", + "description": "26 Routing Infrastructure Units, 26 Gbps Aggregate Throughput, Supports 26000 VMs", + "value": "26" + }, + { + "label": "27", + "description": "27 Routing Infrastructure Units, 27 Gbps Aggregate Throughput, Supports 27000 VMs", + "value": "27" + }, + { + "label": "28", + "description": "28 Routing Infrastructure Units, 28 Gbps Aggregate Throughput, Supports 28000 VMs", + "value": "28" + }, + { + "label": "29", + "description": "29 Routing Infrastructure Units, 29 Gbps Aggregate Throughput, Supports 29000 VMs", + "value": "29" + }, + { + "label": "30", + "description": "30 Routing Infrastructure Units, 30 Gbps Aggregate Throughput, Supports 30000 VMs", + "value": "30" + }, + { + "label": "31", + "description": "31 Routing Infrastructure Units, 31 Gbps Aggregate Throughput, Supports 31000 VMs", + "value": "31" + }, + { + "label": "32", + "description": "32 Routing Infrastructure Units, 32 Gbps Aggregate Throughput, Supports 32000 VMs", + "value": "32" + }, + { + "label": "33", + "description": "33 Routing Infrastructure Units, 33 Gbps Aggregate Throughput, Supports 33000 VMs", + "value": "33" + }, + { + "label": "34", + "description": "34 Routing Infrastructure Units, 34 Gbps Aggregate Throughput, Supports 34000 VMs", + "value": "34" + }, + { + "label": "35", + "description": "35 Routing Infrastructure Units, 35 Gbps Aggregate Throughput, Supports 35000 VMs", + "value": "35" + }, + { + "label": "36", + "description": "36 Routing Infrastructure Units, 36 Gbps Aggregate Throughput, Supports 36000 VMs", + "value": "36" + }, + { + "label": "37", + "description": "37 Routing Infrastructure Units, 37 Gbps Aggregate Throughput, Supports 37000 VMs", + "value": "37" + }, + { + "label": "38", + "description": "38 Routing Infrastructure Units, 38 Gbps Aggregate Throughput, Supports 38000 VMs", + "value": "38" + }, + { + "label": "39", + "description": "39 Routing Infrastructure Units, 39 Gbps Aggregate Throughput, Supports 39000 VMs", + "value": "39" + }, + { + "label": "40", + "description": "40 Routing Infrastructure Units, 40 Gbps Aggregate Throughput, Supports 40000 VMs", + "value": "40" + }, + { + "label": "41", + "description": "41 Routing Infrastructure Units, 41 Gbps Aggregate Throughput, Supports 41000 VMs", + "value": "41" + }, + { + "label": "42", + "description": "42 Routing Infrastructure Units, 42 Gbps Aggregate Throughput, Supports 42000 VMs", + "value": "42" + }, + { + "label": "43", + "description": "43 Routing Infrastructure Units, 43 Gbps Aggregate Throughput, Supports 43000 VMs", + "value": "43" + }, + { + "label": "44", + "description": "44 Routing Infrastructure Units, 44 Gbps Aggregate Throughput, Supports 44000 VMs", + "value": "44" + }, + { + "label": "45", + "description": "45 Routing Infrastructure Units, 45 Gbps Aggregate Throughput, Supports 45000 VMs", + "value": "45" + }, + { + "label": "46", + "description": "46 Routing Infrastructure Units, 46 Gbps Aggregate Throughput, Supports 46000 VMs", + "value": "46" + }, + { + "label": "47", + "description": "47 Routing Infrastructure Units, 47 Gbps Aggregate Throughput, Supports 47000 VMs", + "value": "47" + }, + { + "label": "48", + "description": "48 Routing Infrastructure Units, 48 Gbps Aggregate Throughput, Supports 48000 VMs", + "value": "48" + }, + { + "label": "49", + "description": "49 Routing Infrastructure Units, 49 Gbps Aggregate Throughput, Supports 49000 VMs", + "value": "49" + }, + { + "label": "50", + "description": "50 Routing Infrastructure Units, 50 Gbps Aggregate Throughput, Supports 50000 VMs", + "value": "50" + } + ] + } + } + ] + } + ] + }, + { + "name": "identity", + "label": "Identity", + "subLabel": { + "preValidation": "", + "postValidation": "" + }, + "bladeTitle": "ALZ - Identity Settings", + "elements": [ + { + "name": "multiPlatformIdentitySub", + "type": "Microsoft.Common.InfoBox", + "visible": "[not(equals(steps('core').platformSubscription, 'Single'))]", + "options": { + "text": "To enable identity (AuthN/AuthZ) for workloads in landing zones, you must allocate an identity Subscription that is dedicated to host your Active Directory domain controllers. Please note, this Subscription will be moved to the identity Management Group, and ARM will assign the selected policies. We recommend using a new Subscription with no existing resources.", + "uri": "https://docs.microsoft.com/azure/cloud-adoption-framework/ready/enterprise-scale/identity-and-access-management", + "style": "Info" + } + }, + { + "name": "singlePlatformIdentitySub", + "type": "Microsoft.Common.InfoBox", + "visible": "[equals(steps('core').platformSubscription, 'Single')]", + "options": { + "text": "To enable identity (AuthN/AuthZ) for workloads in landing zones, it is recommended to assign specific policies to govern the virtual machines used for Active Directory domain controllers.", + "uri": "https://docs.microsoft.com/azure/cloud-adoption-framework/ready/enterprise-scale/identity-and-access-management", + "style": "Info" + } + }, + { + "name": "esIdentity", + "type": "Microsoft.Common.OptionsGroup", + "label": "Assign recommended policies to govern identity and domain controllers", + "defaultValue": "Yes (recommended)", + "toolTip": "If 'Yes' is selected when also adding a subscription for connectivity, Azure Policy will be assigned at the scope to govern your identity resources.", + "constraints": { + "allowedValues": [ + { + "label": "Yes (recommended)", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ] + }, + "visible": true + }, + { + "name": "esIdentitySubSection", + "type": "Microsoft.Common.Section", + "label": "Identity subscription", + "elements": [ + { + "name": "esIdentitySubUniqueWarning", + "type": "Microsoft.Common.InfoBox", + "visible": true, + "options": { + "text": "Ensure you select a subscription that is dedicated/unique for Identity. Selecting the same Subscription here for Management or Connectivity will result in a deployment failure. If you want to use a single Subscription for all platform resources, select 'Single' on the 'Azure Core Setup' blade.", + "uri": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/resource-org-subscriptions#organization-and-governance-design-considerations", + "style": "Warning" + } + }, + { + "name": "esIdentitySub", + "type": "Microsoft.Common.DropDown", + "label": "Identity subscription", + "defaultValue": "[parse('[]')]", + "toolTip": "", + "multiselect": false, + "selectAll": false, + "filter": true, + "filterPlaceholder": "Filter subscriptions...", + "multiLine": true, + "visible": true, + "constraints": { + "allowedValues": "[steps('basics').getSubscriptions.data]", + "required": true + } + } + ], + "visible": "[and(equals(steps('identity').esIdentity,'Yes'), not(equals(steps('core').platformSubscription, 'Single')))]" + }, + { + "name": "identitypolicies", + "type": "Microsoft.Common.TextBlock", + "visible": "[equals(steps('identity').esIdentity,'Yes')]", + "options": { + "text": "Select which of the the recommended policies you will assign to your identity management group.", + "link": { + "label": "Learn more", + "uri": "https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/enterprise-scale/design-principles#policy-driven-governance" + } + } + }, + { + "name": "denyMgmtPortsForIdentity", + "type": "Microsoft.Common.OptionsGroup", + "label": "Prevent inbound management ports from internet", + "defaultValue": "Yes (recommended)", + "toolTip": "If 'Yes' is selected, Azure Policy will be assigned and prevent inbound management ports (22, 3389) from internet.
Uses the custom policy Management port access from the Internet should be blocked.", + "constraints": { + "allowedValues": [ + { + "label": "Yes (recommended)", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ] + }, + "visible": "[equals(steps('identity').esIdentity,'Yes')]" + }, + { + "name": "denySubnetWithoutNsgForIdentity", + "type": "Microsoft.Common.OptionsGroup", + "label": "Ensure subnets are associated with NSG", + "defaultValue": "Yes (recommended)", + "toolTip": "If 'Yes' is selected, Azure Policy will be assigned to ensure NSGs must be associated with subnets being created.
Uses the custom policy Subnets should have a Network Security Group.", + "constraints": { + "allowedValues": [ + { + "label": "Yes (recommended)", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ] + }, + "visible": "[equals(steps('identity').esIdentity,'Yes')]" + }, + { + "name": "denyPipForIdentity", + "type": "Microsoft.Common.OptionsGroup", + "label": "Prevent usage of public IP", + "defaultValue": "Yes (recommended)", + "toolTip": "If 'Yes' is selected, Azure Policy will be assigned to ensure public IP resources cannot be created.
Uses the policy Not allowed resource types with parameters including Public IP Address resources.", + "constraints": { + "allowedValues": [ + { + "label": "Yes (recommended)", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ] + }, + "visible": "[and(equals(steps('identity').esIdentity,'Yes'), not(equals(steps('core').platformSubscription, 'Single')))]" + }, + { + "name": "enableVmBackupForIdentity", + "type": "Microsoft.Common.OptionsGroup", + "label": "Ensure Azure VMs (Windows & Linux) are enabled for Azure Backup", + "defaultValue": "Yes (recommended)", + "toolTip": "If 'Yes' is selected, Azure Policy will be assigned and enable Azure Backup on all VMs in the landing zones.
Uses the policy Configure backup on virtual machines without a given tag to a new recovery services vault with a default policy.", + "constraints": { + "allowedValues": [ + { + "label": "Yes (recommended)", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ] + }, + "visible": "[equals(steps('identity').esIdentity,'Yes')]" + }, + { + "name": "esIdentityConnectivity", + "type": "Microsoft.Common.OptionsGroup", + "label": "Create virtual network and connect to the connectivity hub (optional)?", + "defaultValue": "Yes (recommended)", + "toolTip": "If 'Yes' is selected for corp landing zones, ARM will connect the subscriptions to the hub virtual network via VNet peering.", + "constraints": { + "allowedValues": [ + { + "label": "Yes (recommended)", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ] + }, + "visible": "[and(and(equals(steps('identity').esIdentity,'Yes'), not(equals(steps('core').platformSubscription, 'Single'))), equals(steps('identity').esIdentity, 'Yes'), not(equals(steps('connectivity').enableHub,'No')))]" + }, + { + "name": "identityAddressPrefix", + "type": "Microsoft.Common.TextBox", + "label": "Virtual network address space", + "placeholder": "", + "defaultValue": "10.110.0.0/24", + "toolTip": "The virtual network's address space, specified as one address prefixes in CIDR notation (e.g. 192.168.1.0/24)", + "constraints": { "required": true, "validations": [ { @@ -2998,7 +4145,53 @@ ] }, "visible": "[and(equals(steps('identity').esIdentityConnectivity, 'Yes'), not(equals(steps('connectivity').enableHub,'No')))]" - } + }, + { + "name": "esIdentitySecondarySubSection", + "type": "Microsoft.Common.Section", + "label": "Secondary Region Identity", + "visible": "[and(not(equals(steps('connectivity').enableHub, 'No')), equals(steps('core').deploySecondaryRegion, 'Yes'))]", + "elements":[ + { + "name": "esIdentityConnectivitySecondary", + "type": "Microsoft.Common.OptionsGroup", + "label": "Create virtual network and connect to the connectivity hub in your secondary region (optional)?", + "defaultValue": "Yes (recommended)", + "toolTip": "If 'Yes' is selected for corp landing zones, ARM will connect the subscriptions to the hub virtual network via VNet peering.", + "constraints": { + "allowedValues": [ + { + "label": "Yes (recommended)", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ] + }, + "visible": "[and(equals(steps('identity').esIdentityConnectivity, 'Yes'), not(equals(steps('connectivity').enableHub,'No')))]" + }, + { + "name": "identityAddressPrefixSecondary", + "type": "Microsoft.Common.TextBox", + "label": "Virtual network address space", + "placeholder": "", + "defaultValue": "10.210.0.0/24", + "toolTip": "The secondary virtual network's address space, specified as one address prefixes in CIDR notation (e.g. 192.168.1.0/24)", + "constraints": { + "required": true, + "validations": [ + { + "regex": "^(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(?:\/(1[0-9]|2[0-9]))$", + "message": "Invalid CIDR range. The address prefix must be in the range [10,29]." + } + ] + }, + "visible": "[and(equals(steps('identity').esIdentitySecondarySubSection.esIdentityConnectivitySecondary, 'Yes'), not(equals(steps('connectivity').enableHub,'No')))]" + } + ] + } ] }, { @@ -7833,12 +9026,42 @@ "privateTrafficRoutingPolicy": "[if(equals(steps('connectivity').vWANRoutingIntentforPrivateTraffic, 'Yes'), 'true', 'false')]", "vWANHubRoutingPreference": "[steps('connectivity').vWANHubRoutingPreference]", "vWANHubCapacity": "[steps('connectivity').vWANHubCapacity]", + "addressPrefixSecondary": "[coalesce(steps('connectivity').esNetworkSecondarySubSection.esAddressHubVWANSecondary, steps('connectivity').esNetworkSecondarySubSection.esAddressHubHSSecondary, '')]", + "connectivityLocationSecondary": "[steps('connectivity').esNetworkSecondarySubSection.connectivityLocationSecondary]", + "enablePrivateDnsZonesSecondary": "No", + "privateDnsZonesToDeploySecondary": null, + "enableVpnGwSecondary": "[steps('connectivity').esNetworkSecondarySubSection.enableVpnGwSecondary]", + "gwRegionalOrAzSecondary": "[steps('connectivity').esNetworkSecondarySubSection.gwRegionalOrAzSecondary]", + "enableVpnActiveActiveSecondary": "[steps('connectivity').esNetworkSecondarySubSection.enableVpnActiveActiveSecondary]", + "gwRegionalSkuSecondary": "[coalesce(steps('connectivity').esNetworkSecondarySubSection.gwRegionalSkuSecondary, steps('connectivity').esNetworkSecondarySubSection.esGwNoAzSkuSecondary)]", + "gwAzSkuSecondary": "[steps('connectivity').esNetworkSecondarySubSection.gwAzSkuSecondary]", + "vpnGateWayScaleUnitSecondary": "[steps('connectivity').esNetworkSecondarySubSection.vpnGateWayScaleUnitSecondary]", + "subnetMaskForGwSecondary": "[steps('connectivity').esNetworkSecondarySubSection.subnetMaskForGwSecondary]", + "enableErGwSecondary": "[steps('connectivity').esNetworkSecondarySubSection.enableErGwSecondary]", + "erAzSkuSecondary": "[steps('connectivity').esNetworkSecondarySubSection.erAzSkuSecondary]", + "erRegionalSkuSecondary": "[coalesce(steps('connectivity').esNetworkSecondarySubSection.erRegionalSkuSecondary, steps('connectivity').esNetworkSecondarySubSection.esErNoAzSkuSecondary)]", + "erRegionalOrAzSecondary": "[steps('connectivity').esNetworkSecondarySubSection.erRegionalOrAzSecondary]", + "expressRouteScaleUnitSecondary": "[steps('connectivity').esNetworkSecondarySubSection.expressRouteScaleUnitSecondary]", + "enableSecondaryRegion": "[steps('core').deploySecondaryRegion]", + "enableHubSecondary": "[steps('connectivity').enableHub]", + "enableAzFwSecondary": "[steps('connectivity').esNetworkSecondarySubSection.enableAzFwSecondary]", + "enableAzFwDnsProxySecondary": "[if(equals(steps('connectivity').esNetworkSecondarySubSection.firewallSkuSecondary, 'Basic'), 'No', steps('connectivity').esNetworkSecondarySubSection.enableAzFwDnsProxySecondary)]", + "firewallSkuSecondary": "[steps('connectivity').esNetworkSecondarySubSection.firewallSkuSecondary]", + "firewallZonesSecondary": "[steps('connectivity').esNetworkSecondarySubSection.firewallZonesSecondary]", + "subnetMaskForAzFwSecondary": "[steps('connectivity').esNetworkSecondarySubSection.subnetMaskForAzFwSecondary]", + "subnetMaskForAzFwMgmtSecondary": "[steps('connectivity').esNetworkSecondarySubSection.subnetMaskForAzFwMgmtSecondary]", + "enablevWANRoutingIntentSecondary": "[steps('connectivity').esNetworkSecondarySubSection.enablevWANRoutingIntentSecondary]", + "internetTrafficRoutingPolicySecondary": "[if(equals(steps('connectivity').esNetworkSecondarySubSection.vWANRoutingIntentforInternetTrafficSecondary, 'Yes'), 'true', 'false')]", + "privateTrafficRoutingPolicySecondary": "[if(equals(steps('connectivity').esNetworkSecondarySubSection.vWANRoutingIntentforPrivateTrafficSecondary, 'Yes'), 'true', 'false')]", + "vWANHubRoutingPreferenceSecondary": "[steps('connectivity').esNetworkSecondarySubSection.vWANHubRoutingPreferenceSecondary]", + "vWANHubCapacitySecondary": "[steps('connectivity').esNetworkSecondarySubSection.vWANHubCapacitySecondary]", "identitySubscriptionId": "[if(or(not(equals(steps('identity').esIdentitySubSection.esIdentitySub,steps('management').esMgmtSubSection.esMgmtSub)),not(equals(steps('identity').esIdentitySubSection.esIdentitySub,steps('connectivity').esNwSubSection.esNwSub))),steps('identity').esIdentitySubSection.esIdentitySub,'')]", "denyMgmtPortsForIdentity": "[steps('identity').denyMgmtPortsForIdentity]", "denySubnetWithoutNsgForIdentity": "[steps('identity').denySubnetWithoutNsgForIdentity]", "denyPipForIdentity": "[steps('identity').denyPipForIdentity]", "enableVmBackupForIdentity": "[steps('identity').enableVmBackupForIdentity]", "identityAddressPrefix": "[steps('identity').identityAddressPrefix]", + "identityAddressPrefixSecondary": "[steps('identity').esIdentitySecondarySubSection.identityAddressPrefixSecondary]", "corpConnectedLzSubscriptionId": "[if(or(not(contains(steps('landingZones').corpSection.esCorpLzSub,steps('management').esMgmtSubSection.esMgmtSub)),not(contains(steps('landingZones').corpSection.esCorpLzSub,steps('connectivity').esNwSubSection.esNwSub))),steps('landingZones').corpSection.lzConnectedSubs,'')]", "corpLzSubscriptionId": "[if(or(not(contains(steps('landingZones').corpSection.esCorpLzSub,steps('management').esMgmtSubSection.esMgmtSub)),not(contains(steps('landingZones').corpSection.esCorpLzSub,steps('connectivity').esNwSubSection.esNwSub))),steps('landingZones').corpSection.esCorpLzSub,'')]", "onlineLzSubscriptionId": "[if(or(not(contains(steps('landingZones').onlineSection.esOnlineLzSub,steps('management').esMgmtSubSection.esMgmtSub)),not(contains(steps('landingZones').onlineSection.esOnlineLzSub,steps('connectivity').esNwSubSection.esNwSub))),steps('landingZones').onlineSection.esOnlineLzSub,'')]", diff --git a/eslzArm/eslzArm.json b/eslzArm/eslzArm.json index 4f8e63a38a..0246739664 100644 --- a/eslzArm/eslzArm.json +++ b/eslzArm/eslzArm.json @@ -447,6 +447,177 @@ "description": "vWAN Hub Capacity" } }, + "addressPrefixSecondary": { + "type": "string", + "defaultValue": "" + }, + "connectivityLocationSecondary": { + "type": "string", + "defaultValue": "[deployment().location]" + }, + "enablePrivateDnsZonesSecondary": { + "type": "string", + "defaultValue": "No", + "allowedValues": [ + "Yes", + "No" + ] + }, + "privateDnsZonesToDeploySecondary": { + "type": "array", + "defaultValue": [] + }, + "enableVpnGwSecondary": { + "type": "string", + "defaultValue": "No", + "allowedValues": [ + "Yes", + "No" + ] + }, + "enableVpnActiveActiveSecondary": { + "type": "string", + "defaultValue": "No", + "allowedValues": [ + "Yes", + "No" + ] + }, + "gwRegionalOrAzSecondary": { + "type": "string", + "defaultValue": "" + }, + "gwRegionalSkuSecondary": { + "type": "string", + "defaultValue": "" + }, + "gwAzSkuSecondary": { + "type": "string", + "defaultValue": "" + }, + "vpnGateWayScaleUnitSecondary": { + "type": "string", + "defaultValue": "1" + }, + "subnetMaskForGwSecondary": { + "type": "string", + "defaultValue": "" + }, + "enableErGwSecondary": { + "type": "string", + "defaultValue": "No", + "allowedValues": [ + "Yes", + "No" + ] + }, + "erAzSkuSecondary": { + "type": "string", + "defaultValue": "" + }, + "erRegionalSkuSecondary": { + "type": "string", + "defaultValue": "" + }, + "erRegionalOrAzSecondary": { + "type": "string", + "defaultValue": "" + }, + "expressRouteScaleUnitSecondary": { + "type": "string", + "defaultValue": "1" + }, + "enableSecondaryRegion": { + "type": "string", + "allowedValues": [ + "Yes", + "No" + ], + "defaultValue": "Yes" + }, + "enableHubSecondary": { + "type": "string", + "allowedValues": [ + "vhub", + "vwan", + "nva", + "No" + ], + "defaultValue": "No" + }, + "enableAzFwSecondary": { + "type": "string", + "allowedValues": [ + "Yes", + "No" + ], + "defaultValue": "No" + }, + "enableAzFwDnsProxySecondary": { + "type": "string", + "allowedValues": [ + "Yes", + "No" + ], + "defaultValue": "No" + }, + "firewallSkuSecondary": { + "type": "string", + "allowedValues": [ + "Basic", + "Standard", + "Premium" + ], + "defaultValue": "Standard" + }, + "firewallZonesSecondary": { + "type": "array", + "defaultValue": [] + }, + "subnetMaskForAzFwSecondary": { + "type": "string", + "defaultValue": "" + }, + "subnetMaskForAzFwMgmtSecondary": { + "type": "string", + "defaultValue": "" + }, + "enablevWANRoutingIntentSecondary": { + "type": "string", + "allowedValues": [ + "Yes", + "No" + ], + "defaultValue": "No" + }, + "internetTrafficRoutingPolicySecondary": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Enable vWAN Routing Intent and Policy for Internet Traffic" + } + }, + "privateTrafficRoutingPolicySecondary": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Enable vWAN Routing Intent and Policy for Private Traffic" + } + }, + "vWANHubRoutingPreferenceSecondary": { + "type": "string", + "defaultValue": "ExpressRoute", + "metadata": { + "description": "vWAN Hub Routing Preference" + } + }, + "vWANHubCapacitySecondary": { + "type": "string", + "defaultValue": "2", + "metadata": { + "description": "vWAN Hub Capacity" + } + }, "identitySubscriptionId": { "type": "string", "defaultValue": "", @@ -495,6 +666,10 @@ "type": "string", "defaultValue": "" }, + "identityAddressPrefixSecondary": { + "type": "string", + "defaultValue": "" + }, "corpConnectedLzSubscriptionId": { "type": "array", "defaultValue": [], @@ -1462,6 +1637,8 @@ "ddosPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/MODIFY-DDoSPolicyAssignment.json')]", "corpVnetPeering": "[uri(deployment().properties.templateLink.uri, 'subscriptionTemplates/vnetPeering.json')]", "corpVwanPeering": "[uri(deployment().properties.templateLink.uri, 'subscriptionTemplates/vnetPeeringVwan.json')]", + "hubVnetPeering": "[uri(deployment().properties.templateLink.uri, 'subscriptionTemplates/vnetPeeringHub.json')]", + "hubVnetRouting": "[uri(deployment().properties.templateLink.uri, 'resourceGroupTemplates/vnetRouteTable.json')]", "privateDnsZones": "[uri(deployment().properties.templateLink.uri, 'resourceGroupTemplates/privateDnsZones.json')]", "roleAssignments": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/roleAssignments/roleAssignment.json')]", "classicResourcesPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DENY-ClassicResourceTypesPolicyAssignment.json')]", @@ -1517,6 +1694,8 @@ "mgmtGroupDeploymentName": "[take(concat('alz-Mgs', variables('deploymentSuffix')), 64)]", "mgmtSubscriptionPlacement": "[take(concat('alz-MgmtSub', variables('deploymentSuffix')), 64)]", "corpPeeringDeploymentName": "[take(concat('alz-CorpPeering', variables('deploymentSuffix')), 60)]", + "hubPeeringDeploymentName": "[take(concat('alz-HubPeering', variables('deploymentSuffix')), 60)]", + "hubPeering2DeploymentName": "[take(concat('alz-HubPeering2', variables('deploymentSuffix')), 60)]", "connectivitySubscriptionPlacement": "[take(concat('alz-ConnectivitySub', variables('deploymentSuffix')), 64)]", "identitySubscriptionPlacement": "[take(concat('alz-IdentitySub', variables('deploymentSuffix')), 64)]", "roleDefsDeploymentName": "[take(concat('alz-RoleDefs', variables('deploymentSuffix')), 64)]", @@ -1546,7 +1725,11 @@ "ascGovPolicyDeploymentName": "[take(concat('alz-Gov-ASC', variables('deploymentSuffix')), 64)]", "vnetConnectivityHubDeploymentName": "[take(concat('alz-HubSpoke', variables('deploymentSuffix')), 64)]", "vwanConnectivityHubDeploymentName": "[take(concat('alz-VWanHub', variables('deploymentSuffix')), 64)]", + "vnetConnectivityHub2DeploymentName": "[take(concat('alz-HubSpoke2', variables('deploymentSuffix')), 64)]", + "vnetConnectivityRouteTableDeploymentName": "[take(concat('alz-HubRoute', variables('deploymentSuffix')), 64)]", + "vnetConnectivityRouteTable2DeploymentName": "[take(concat('alz-HubRoute2', variables('deploymentSuffix')), 64)]", "nvaConnectivityHubDeploymentName": "[take(concat('alz-NVAHub', variables('deploymentSuffix')), 64)]", + "nvaConnectivityHub2DeploymentName": "[take(concat('alz-NVAHub2', variables('deploymentSuffix')), 64)]", "azVmMonitorPolicyDeploymentName": "[take(concat('alz-AzVmMonitor', variables('deploymentSuffix')), 64)]", "azVmssMonitorPolicyDeploymentName": "[take(concat('alz-AzVmssMonitor', variables('deploymentSuffix')), 64)]", "azVmHybridMonitorPolicyDeploymentName": "[take(concat('alz-AzVmHybridMonitor', variables('deploymentSuffix')), 64)]", @@ -1588,9 +1771,13 @@ "corpConnectedLzSubs": "[take(concat('alz-CorpPeering', variables('deploymentSuffix')), 50)]", "privateDnsZoneRgDeploymentName": "[take(concat('alz-PrivDNSRG', variables('deploymentSuffix')), 64)]", "privateDnsZonesDeploymentName": "[take(concat('alz-PrivDNSZones', variables('deploymentSuffix')), 35)]", + "privateDnsZoneRg2DeploymentName": "[take(concat('alz-PrivDNSRG2', variables('deploymentSuffix')), 64)]", + "privateDnsZones2DeploymentName": "[take(concat('alz-PrivDNSZones2', variables('deploymentSuffix')), 35)]", "dnsZoneRoleAssignmentDeploymentName": "[take(concat('alz-DNSZoneRole', variables('deploymentSuffix')), 64)]", "identityPeeringDeploymentName": "[take(concat('alz-IDPeering', variables('deploymentSuffix')), 64)]", + "identityPeering2DeploymentName": "[take(concat('alz-IDPeering2', variables('deploymentSuffix')), 64)]", "identityVwanPeeringDeploymentName": "[take(concat('alz-IDVwanPeering', variables('deploymentSuffix')), 64)]", + "identityVwanPeering2DeploymentName": "[take(concat('alz-IDVwanPeering2', variables('deploymentSuffix')), 64)]", "mdEndpointsDeploymentName": "[take(concat('alz-MDEndpoints', variables('deploymentSuffix')), 64)]", "mdEndpointsAMADeploymentName": "[take(concat('alz-MDEndpointsAMA', variables('deploymentSuffix')), 64)]", "corpConnectedLzVwanSubs": "[take(concat('alz-CorpConnLzsVwan', variables('deploymentSuffix')), 50)]", @@ -1603,6 +1790,7 @@ "denyVMUnmanagedDiskPolicyDeploymentName": "[take(concat('alz-NoUnmanagedDiskResource', variables('deploymentSuffix')), 64)]", "ztnPhase1PidCuaDeploymentName": "[take(concat('pid-', variables('ztnPhase1CuaId'), '-' , uniqueString(deployment().location, parameters('enterpriseScaleCompanyPrefix'), parameters('currentDateTimeUtcNow'), coalesce(parameters('connectivitySubscriptionId'), parameters('singlePlatformSubscriptionId'))), '-ztnp1'), 64)]", "ambaPortalPidCuaDeploymentName": "[take(concat('pid-', variables('ambaPortalCuaId'), '-' , uniqueString(deployment().location, parameters('enterpriseScaleCompanyPrefix'), parameters('currentDateTimeUtcNow'), coalesce(parameters('connectivitySubscriptionId'), parameters('singlePlatformSubscriptionId'))), '-ztnp1'), 64)]", + "pidCuaDeploymentNameSecondaryRegion": "[take(concat('pid-', variables('cuaidSecondaryRegion'), '-' , uniqueString(deployment().location, parameters('enterpriseScaleCompanyPrefix'), parameters('currentDateTimeUtcNow'))), 64)]", "diagnosticSettingsforMGsDeploymentName": "[take(concat('alz-DiagSettingsMGs', variables('deploymentSuffix')), 64)]", "userAssignedIdentityDeploymentName": "[take(concat('alz-UserAssignedIdentity', variables('deploymentSuffix')), 60)]", "azureUpdateManagerPolicyDeploymentName": "[take(concat('alz-AzureUpdateManager', variables('deploymentSuffix')), 64)]", @@ -1659,11 +1847,20 @@ "vnetConnectivityHubLiteDeploymentName": "[take(concat('alz-VnetHubLite', variables('deploymentSuffix')), 64)]", "vwanConnectivityHubLiteDeploymentName": "[take(concat('alz-VWanHubLite', variables('deploymentSuffix')), 64)]", "nvaConnectivityHubLiteDeploymentName": "[take(concat('alz-NVAHubLite', variables('deploymentSuffix')), 64)]", + "vnetConnectivityHubLite2DeploymentName": "[take(concat('alz-VnetHubLite2', variables('deploymentSuffix')), 64)]", + "hubPeeringDeploymentName": "[take(concat('alz-HubPeering', variables('deploymentSuffix')), 60)]", + "hubPeering2DeploymentName": "[take(concat('alz-HubPeering2', variables('deploymentSuffix')), 60)]", + "vnetConnectivityRouteTableDeploymentName": "[take(concat('alz-HubRoute', variables('deploymentSuffix')), 64)]", + "vnetConnectivityRouteTable2DeploymentName": "[take(concat('alz-HubRoute2', variables('deploymentSuffix')), 64)]", + "nvaConnectivityHubLite2DeploymentName": "[take(concat('alz-NVAHubLite2', variables('deploymentSuffix')), 64)]", "ddosRgLiteDeploymentName": "[take(concat('alz-DDoSRgLite', variables('deploymentSuffix')), 64)]", "ddosLiteDeploymentName": "[take(concat('alz-DDoSLite', variables('deploymentSuffix')), 64)]", "ddosHubLitePolicyDeploymentName": "[take(concat('alz-DDoSHubPolicyLite', variables('deploymentSuffix')), 64)]", "privateDnsZoneRgLiteDeploymentName": "[take(concat('alz-PrivDNSRGLite', variables('deploymentSuffix')), 64)]", "privateDnsZonesLiteDeploymentName": "[take(concat('alz-PrivDNSLite', variables('deploymentSuffix')), 35)]", + "privateDnsZonesLite1DeploymentName": "[take(concat('alz-PrivDNSLite1', variables('deploymentSuffix')), 35)]", + "privateDnsZoneRgLite2DeploymentName": "[take(concat('alz-PrivDNSRGLite2', variables('deploymentSuffix')), 64)]", + "privateDnsZonesLite2DeploymentName": "[take(concat('alz-PrivDNSLite2', variables('deploymentSuffix')), 35)]", "monitorPolicyLiteDeploymentName": "[take(concat('alz-MonitorPolicyLite', variables('deploymentSuffix')), 64)]", "dataCollectionRuleVmInsightsLiteDeploymentName": "[take(concat('alz-DataCollectionRuleVmInsightsLite', variables('deploymentSuffix')), 64)]", "dataCollectionRuleChangeTrackingLiteDeploymentName": "[take(concat('alz-DataCollectionRuleChangeTrackingLite', variables('deploymentSuffix')), 64)]", @@ -1674,9 +1871,12 @@ "platformRgNames": { "mgmtRg": "[concat(parameters('enterpriseScaleCompanyPrefix'), '-mgmt')]", "connectivityRg": "[concat(parameters('enterpriseScaleCompanyPrefix'), '-vnethub-', parameters('connectivityLocation'))]", + "connectivityRgSecondary": "[concat(parameters('enterpriseScaleCompanyPrefix'), '-vnethub-', parameters('connectivityLocationSecondary'))]", "ddosRg": "[concat(parameters('enterpriseScaleCompanyPrefix'), '-ddos')]", "privateDnsRg": "[concat(parameters('enterpriseScaleCompanyPrefix'), '-privatedns')]", + "privateDnsRg2": "[concat(parameters('enterpriseScaleCompanyPrefix'), '-privatedns-02')]", "identityVnetRg": "[concat(parameters('enterpriseScaleCompanyPrefix'), '-vnet-', parameters('connectivityLocation'))]", + "identityVnetRgSecondary": "[concat(parameters('enterpriseScaleCompanyPrefix'), '-vnet-', parameters('connectivityLocationSecondary'))]", "lzVnetRg": "[concat(parameters('enterpriseScaleCompanyPrefix'), '-vnet-', parameters('connectivityLocation'))]" }, // Declaring deterministic names for platform resources that will be created @@ -1694,10 +1894,12 @@ "azFwName": "[concat(parameters('enterpriseScaleCompanyPrefix'), '-fw-', parameters('connectivityLocation'))]", "azErGwIpName": "[concat(parameters('enterpriseScaleCompanyPrefix'), '-erpip-', parameters('connectivityLocation'))]", "hubName": "[concat(parameters('enterpriseScaleCompanyPrefix'), '-hub-', parameters('connectivityLocation'))]", + "hubNameSecondary": "[concat(parameters('enterpriseScaleCompanyPrefix'), '-hub-', parameters('connectivityLocationSecondary'))]", "vwanName": "[concat(parameters('enterpriseScaleCompanyPrefix'), '-vwan-', parameters('connectivityLocation'))]", "azVpnGwIpName": "[concat(parameters('enterpriseScaleCompanyPrefix'), '-gwpip-', parameters('connectivityLocation'))]", "azFwIpName": "[concat(parameters('enterpriseScaleCompanyPrefix'), '-fwpip-', parameters('connectivityLocation'))]", "identityVnet": "[concat(parameters('enterpriseScaleCompanyPrefix'), '-vnet-', parameters('connectivityLocation'))]", + "identityVnetSecondary": "[concat(parameters('enterpriseScaleCompanyPrefix'), '-vnet-', parameters('connectivityLocationSecondary'))]", "lzVnet": "[concat(parameters('enterpriseScaleCompanyPrefix'), '-vnet-', parameters('connectivityLocation'))]" }, // Declaring deterministic resourceId's for platform resources that will be created @@ -1711,7 +1913,9 @@ "automationResourceId": "[concat('/subscriptions/', variables('singleVsDedicatedMgmtSub'), '/resourceGroups/', variables('platformRgNames').mgmtRg, '/providers/Microsoft.Automation/automationAccounts/', variables('platformResourceNames').automationAccount)]", "ddosProtectionResourceId": "[concat('/subscriptions/', variables('singleVsDedicatedConnectivitySub'), '/resourceGroups/', variables('platformRgNames').ddosRg, '/providers/Microsoft.Network/ddosProtectionPlans/', variables('platformResourceNames').ddosName)]", "vNetHubResourceId": "[concat('/subscriptions/', variables('singleVsDedicatedConnectivitySub'), '/resourceGroups/', variables('platformRgNames').connectivityRg, '/providers/Microsoft.Network/virtualNetworks/', variables('platformResourceNames').hubName)]", + "vNetHubResourceIdSecondary": "[concat('/subscriptions/', variables('singleVsDedicatedConnectivitySub'), '/resourceGroups/', variables('platformRgNames').connectivityRgSecondary, '/providers/Microsoft.Network/virtualNetworks/', variables('platformResourceNames').hubNameSecondary)]", "vWanHubResourceId": "[concat('/subscriptions/', variables('singleVsDedicatedConnectivitySub'), '/resourceGroups/', variables('platformRgNames').connectivityRg, '/providers/Microsoft.Network/virtualHubs/', variables('platformResourceNames').hubName)]", + "vWanHubResourceIdSecondary": "[concat('/subscriptions/', variables('singleVsDedicatedConnectivitySub'), '/resourceGroups/', variables('platformRgNames').connectivityRg, '/providers/Microsoft.Network/virtualHubs/', variables('platformResourceNames').hubNameSecondary)]", "privateDnsRgResourceId": "[concat('/subscriptions/', variables('singleVsDedicatedConnectivitySub'), '/resourceGroups/', variables('platformRgNames').privateDnsRg)]", "azFirewallResourceId": "[concat('/subscriptions/', variables('singleVsDedicatedConnectivitySub'), '/resourceGroups/', variables('platformRgNames').connectivityRg, '/providers/Microsoft.Network/azureFirewalls/', variables('platformResourceNames').azFwName)]", "userAssignedIdentityResourceId": "[concat('/subscriptions/', variables('singleVsDedicatedMgmtSub'), '/resourceGroups/', variables('platformRgNames').mgmtRg, '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', variables('platformResourceNames').userAssignedIdentity)]" @@ -1805,7 +2009,8 @@ "cuaidNetworkingHubSpoke": "f7fcc714-0c0d-4011-87bf-319810bbb03d", "cuaidNetworkingVirtualWan": "0263335d-f570-470c-8389-aa6c916e5008", "ztnPhase1CuaId": "f09f64b8-5cb3-4b16-900d-6ba1df8a597e", - "ambaPortalCuaId": "5f0e5693-3998-4ae2-8115-ee96e38dac62" + "ambaPortalCuaId": "5f0e5693-3998-4ae2-8115-ee96e38dac62", + "cuaidSecondaryRegion": "b8cb7850-a693-4b04-a3a8-5441491966d6" }, "resources": [ /* @@ -4744,6 +4949,54 @@ }, "vWanHubCapacity": { "value": "[parameters('vWANHubCapacity')]" + }, + "enableHubSecondary": { + "value": "[parameters('enableHubSecondary')]" + }, + "enableAzFwSecondary": { + "value": "[parameters('enableAzFwSecondary')]" + }, + "firewallSkuSecondary": { + "value": "[parameters('firewallSkuSecondary')]" + }, + "firewallZonesSecondary": { + "value": "[parameters('firewallZonesSecondary')]" + }, + "enableAzFwDnsProxySecondary": { + "value": "[parameters('enableAzFwDnsProxySecondary')]" + }, + "addressPrefixSecondary": { + "value": "[parameters('addressPrefixSecondary')]" + }, + "enableVpnGwSecondary": { + "value": "[parameters('enableVpnGwSecondary')]" + }, + "enableErGwSecondary": { + "value": "[parameters('enableErGwSecondary')]" + }, + "locationSecondary": { + "value": "[parameters('connectivityLocationSecondary')]" + }, + "expressRouteScaleUnitSecondary": { + "value": "[parameters('expressRouteScaleUnitSecondary')]" + }, + "vpnGateWayScaleUnitSecondary": { + "value": "[parameters('vpnGateWayScaleUnitSecondary')]" + }, + "enablevWANRoutingIntentSecondary": { + "value": "[parameters('enablevWANRoutingIntentSecondary')]" + }, + "internetTrafficRoutingPolicySecondary": { + "value": "[parameters('internetTrafficRoutingPolicySecondary')]" + }, + "privateTrafficRoutingPolicySecondary": { + "value": "[parameters('privateTrafficRoutingPolicySecondary')]" + }, + "vWANHubRoutingPreferenceSecondary": { + "value": "[parameters('vWANHubRoutingPreferenceSecondary')]" + }, + "vWANHubCapacitySecondary": { + "value": "[parameters('vWANHubCapacitySecondary')]" } } } @@ -4784,7 +5037,7 @@ } }, { - // Creating Private DNS Zones into the connectivity subscription + // Creating Private DNS Zones into the connectivity subscription and linking them to a secondary location if provided. "condition": "[and(equals(parameters('enablePrivateDnsZones'), 'Yes'), not(empty(parameters('connectivitySubscriptionId'))))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2020-10-01", @@ -4797,7 +5050,9 @@ "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').resourceDiagnosticsPolicyDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').vnetConnectivityHubDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').vwanConnectivityHubDeploymentName)]", - "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').nvaConnectivityHubDeploymentName)]" + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').nvaConnectivityHubDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').vnetConnectivityHub2DeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').nvaConnectivityHub2DeploymentName)]" ], "copy": { "name": "dnsZones", @@ -4815,57 +5070,465 @@ }, "connectivityHubResourceId": { "value": "[variables('platformResourceIds').vNetHubResourceId]" + }, + "connectivityHubResourceIdSecondary": { + "value": "[variables('platformResourceIds').vNetHubResourceIdSecondary]" + }, + "enablePrivateDnsZonesSecondary": { + "value": "[parameters('enablePrivateDnsZonesSecondary')]" + }, + "enableHubSecondary": { + "value": "[parameters('enableHubSecondary')]" } } - } - }, + } + }, + { + // Creating resource group for Private DNS Zones for a secondary region + "condition": "[and(equals(parameters('enablePrivateDnsZonesSecondary'), 'Yes'), not(empty(parameters('connectivitySubscriptionId'))))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2020-10-01", + "name": "[variables('deploymentNames').privateDnsZoneRg2DeploymentName]", + "subscriptionId": "[parameters('connectivitySubscriptionId')]", + "location": "[deployment().location]", + "dependsOn": [ + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').connectivitySubscriptionPlacement)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').activityDiagnosticsPolicyDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').asbPolicyDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').ascPolicyDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').ascGovPolicyDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').resourceDiagnosticsPolicyDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').vnetConnectivityHub2DeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').vwanConnectivityHubDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').nvaConnectivityHub2DeploymentName)]" + ], + "properties": { + "mode": "Incremental", + "templateLink": { + "contentVersion": "1.0.0.0", + "uri": "[variables('deploymentUris').resourceGroup]" + }, + "parameters": { + "rgName": { + "value": "[variables('platformRgNames').privateDnsRg2]" + }, + "location": { + "value": "[parameters('connectivityLocationSecondary')]" + } + } + } + }, + { + // Creating Private DNS Zones into the connectivity subscription for a secondary region + "condition": "[and(equals(parameters('enablePrivateDnsZonesSecondary'), 'Yes'), not(empty(parameters('connectivitySubscriptionId'))))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2020-10-01", + "name": "[concat(variables('deploymentNames').privateDnsZones2DeploymentName, copyIndex())]", + "subscriptionId": "[parameters('connectivitySubscriptionId')]", + "resourceGroup": "[variables('platformRgNames').privateDnsRg2]", + "dependsOn": [ + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').privateDnsZoneRg2DeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').activityDiagnosticsPolicyDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').resourceDiagnosticsPolicyDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').vnetConnectivityHub2DeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').vwanConnectivityHubDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').nvaConnectivityHub2DeploymentName)]" + ], + "copy": { + "name": "dnsZones", + "count": "[length(variables('privateDnsZonesMergedWithBackupPlaceholderRemoved'))]" + }, + "properties": { + "mode": "Incremental", + "templateLink": { + "contentVersion": "1.0.0.0", + "uri": "[variables('deploymentUris').privateDnsZones]" + }, + "parameters": { + "privateDnsZoneName": { + "value": "[concat(variables('privateDnsZonesMergedWithBackupPlaceholderRemoved')[copyIndex()])]" + }, + "connectivityHubResourceId": { + "value": "[variables('platformResourceIds').vNetHubResourceIdSecondary]" + }, + "connectivityHubResourceIdSecondary": { + "value": "placeholder" + }, + "enablePrivateDnsZonesSecondary": { + "value": "[parameters('enablePrivateDnsZonesSecondary')]" + }, + "enableHubSecondary": { + "value": "No" + } + } + } + }, /* - The following deployments will deploy and configure the Azure policy governance for the landing zones + The following optional deployment will configure virtual network hub into the connectivity subscription for a secondary region */ { - // Deploying Private DNS Zones policy assignment for PaaS services using built-in policies - "condition": "[or(equals(parameters('enablePrivateDnsZonesForLzs'), 'Yes'), equals(parameters('enablePrivateDnsZonesForLzs'), 'Audit'))]", + // Creating the virtual network hub (hub and spoke) in a secondary region + "condition": "[and(not(empty(parameters('connectivitySubscriptionId'))),equals(parameters('enableHubSecondary'), 'vhub'))]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2019-10-01", - "name": "[variables('deploymentNames').privateDnsPolicyDeploymentName]", - "location": "[deployment().location]", - "scope": "[variables('scopes').corpManagementGroup]", + "apiVersion": "2020-10-01", + "scope": "[variables('scopes').connectivityManagementGroup]", + "name": "[variables('deploymentNames').vnetConnectivityHub2DeploymentName]", "dependsOn": [ - "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').mgmtGroupDeploymentName)]", - "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').mgmtGroupLiteDeploymentName)]", - "dnsZones", - "dnsZonesLite", - "policyCompletion" + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').connectivitySubscriptionPlacement)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').activityDiagnosticsPolicyDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').resourceDiagnosticsPolicyDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').asbPolicyDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').ascPolicyDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').ascGovPolicyDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').ddosDeploymentName)]" ], + "location": "[deployment().location]", "properties": { "mode": "Incremental", "templateLink": { "contentVersion": "1.0.0.0", - "uri": "[variables('deploymentUris').privateDnsZonePolicyAssignment]" + "uri": "[variables('deploymentUris').vnetConnectivityHub]" }, "parameters": { "topLevelManagementGroupPrefix": { "value": "[parameters('enterpriseScaleCompanyPrefix')]" }, + "ddosPlanResourceId": { + "value": "[variables('platformResourceIds').ddosProtectionResourceId]" + }, + "enableHub": { + "value": "[parameters('enableHubSecondary')]" + }, + "enableAzFw": { + "value": "[parameters('enableAzFwSecondary')]" + }, + "addressPrefix": { + "value": "[parameters('addressPrefixSecondary')]" + }, + "enableVpnGw": { + "value": "[parameters('enableVpnGwSecondary')]" + }, + "enableErGw": { + "value": "[parameters('enableErGwSecondary')]" + }, + "enableDdoS": { + "value": "[parameters('enableDdoS')]" + }, "location": { - "value": "[parameters('connectivityLocation')]" + "value": "[parameters('connectivityLocationSecondary')]" }, - "dnsZoneResourceGroupId": { - "value": "[variables('platformResourceIds').privateDnsRgResourceId]" + "connectivitySubscriptionId": { + "value": "[parameters('connectivitySubscriptionId')]" }, - "enforcementMode": { - "value": "[if(equals(parameters('enablePrivateDnsZonesForLzs'), 'Yes'), 'Default', 'DoNotEnforce')]" + "subnetMaskForAzFw": { + "value": "[parameters('subnetMaskForAzFwSecondary')]" + }, + "subnetMaskForAzFwMgmt": { + "value": "[parameters('subnetMaskForAzFwMgmtSecondary')]" + }, + "subnetMaskForGw": { + "value": "[parameters('subnetMaskForGwSecondary')]" + }, + "firewallSku": { + "value": "[parameters('firewallSkuSecondary')]" + }, + "firewallZones": { + "value": "[parameters('firewallZonesSecondary')]" + }, + "enableAzFwDnsProxy": { + "value": "[parameters('enableAzFwDnsProxySecondary')]" + }, + "enableVpnActiveActive": { + "value": "[parameters('enableVpnActiveActiveSecondary')]" + }, + "gwRegionalOrAz": { + "value": "[parameters('gwRegionalOrAzSecondary')]" + }, + "gwAzSku": { + "value": "[parameters('gwAzSkuSecondary')]" + }, + "gwRegionalSku": { + "value": "[parameters('gwRegionalSkuSecondary')]" + }, + "erRegionalOrAz": { + "value": "[parameters('erRegionalOrAzSecondary')]" + }, + "erAzSku": { + "value": "[parameters('erAzSkuSecondary')]" + }, + "erRegionalSku": { + "value": "[parameters('erRegionalSkuSecondary')]" } } } }, { - // Assigning RBAC for Private DNS Zone Policy assignment to the connectivity hub - "condition": "[equals(parameters('enablePrivateDnsZonesForLzs'), 'Yes')]", + // Creating the virtual network hub (with NVA) in a secondary region + "condition": "[and(not(empty(parameters('connectivitySubscriptionId'))),equals(parameters('enableHubSecondary'), 'nva'))]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2019-10-01", - "name": "[variables('deploymentNames').dnsZoneRoleAssignmentDeploymentName]", - "location": "[deployment().location]", + "apiVersion": "2020-10-01", + "scope": "[variables('scopes').connectivityManagementGroup]", + "name": "[variables('deploymentNames').nvaConnectivityHub2DeploymentName]", + "dependsOn": [ + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').connectivitySubscriptionPlacement)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').activityDiagnosticsPolicyDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').resourceDiagnosticsPolicyDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').asbPolicyDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').ascPolicyDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').ascGovPolicyDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').ddosDeploymentName)]" + ], + "location": "[deployment().location]", + "properties": { + "mode": "Incremental", + "templateLink": { + "contentVersion": "1.0.0.0", + "uri": "[variables('deploymentUris').nvaConnectivityHub]" + }, + "parameters": { + "topLevelManagementGroupPrefix": { + "value": "[parameters('enterpriseScaleCompanyPrefix')]" + }, + "ddosPlanResourceId": { + "value": "[variables('platformResourceIds').ddosProtectionResourceId]" + }, + "enableHub": { + "value": "[parameters('enableHubSecondary')]" + }, + "addressPrefix": { + "value": "[parameters('addressPrefixSecondary')]" + }, + "enableVpnGw": { + "value": "[parameters('enableVpnGwSecondary')]" + }, + "enableErGw": { + "value": "[parameters('enableErGwSecondary')]" + }, + "enableDdoS": { + "value": "[parameters('enableDdoS')]" + }, + "location": { + "value": "[parameters('connectivityLocationSecondary')]" + }, + "connectivitySubscriptionId": { + "value": "[parameters('connectivitySubscriptionId')]" + }, + "subnetMaskForGw": { + "value": "[parameters('subnetMaskForGwSecondary')]" + }, + "enableVpnActiveActive": { + "value": "[parameters('enableVpnActiveActiveSecondary')]" + }, + "gwRegionalOrAz": { + "value": "[parameters('gwRegionalOrAzSecondary')]" + }, + "gwAzSku": { + "value": "[parameters('gwAzSkuSecondary')]" + }, + "gwRegionalSku": { + "value": "[parameters('gwRegionalSkuSecondary')]" + }, + "erRegionalOrAz": { + "value": "[parameters('erRegionalOrAzSecondary')]" + }, + "erAzSku": { + "value": "[parameters('erAzSkuSecondary')]" + }, + "erRegionalSku": { + "value": "[parameters('erRegionalSkuSecondary')]" + } + } + } + }, + { + // Peering the primary hub and the secondary hub (when nva or vhub is selected) + "condition": "[and(not(empty(parameters('connectivitySubscriptionId'))), or(equals(parameters('enableHub'), 'nva'), equals(parameters('enableHub'), 'vhub')), or(equals(parameters('enableHubSecondary'), 'nva'), equals(parameters('enableHubSecondary'), 'vhub')))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2020-06-01", + "name": "[variables('deploymentNames').hubPeeringDeploymentName]", + "subscriptionId": "[parameters('connectivitySubscriptionId')]", + "location": "[parameters('connectivityLocation')]", + "dependsOn": [ + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').vnetConnectivityHubDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').vwanConnectivityHubDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').nvaConnectivityHubDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').ddosLzPolicyDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').policyDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').activityDiagnosticsPolicyDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').ascPolicyDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').ascGovPolicyDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').resourceDiagnosticsPolicyDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').identityPeeringDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').identityPeering2DeploymentName)]" + ], + "properties": { + "mode": "Incremental", + "templateLink": { + "contentVersion": "1.0.0.0", + "uri": "[variables('deploymentUris').hubVnetPeering]" + }, + "parameters": { + "hubResourceId": { + "value": "[variables('platformResourceIds').vNetHubResourceId]" + }, + "hubResourceIdSecondary": { + "value": "[variables('platformResourceIds').vNetHubResourceIdSecondary]" + }, + "hubLocation": { + "value": "[parameters('connectivityLocation')]" + }, + "hubLocationSecondary": { + "value": "[parameters('connectivityLocationSecondary')]" + }, + "hubRgName": { + "value": "[concat(parameters('enterpriseScaleCompanyPrefix'), '-vnethub-', parameters('connectivityLocation'))]" + }, + "hubRgNameSecondary": { + "value": "[concat(parameters('enterpriseScaleCompanyPrefix'), '-vnethub-', parameters('connectivityLocationSecondary'))]" } + } + } + }, + { + // Creating route table from first region to second region + "condition": "[and(not(empty(parameters('connectivitySubscriptionId'))), equals(parameters('enableHub'), 'vhub'), equals(parameters('enableAzFw'), 'Yes'), equals(parameters('enableAzFwSecondary'), 'Yes'))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2020-10-01", + "name": "[variables('deploymentNames').vnetConnectivityRouteTableDeploymentName]", + "subscriptionId": "[parameters('connectivitySubscriptionId')]", + "resourceGroup": "[variables('platformRgNames').connectivityRg]", + "dependsOn": [ + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').privateDnsZoneRgDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').vnetConnectivityHubDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').nvaConnectivityHubDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').vnetConnectivityHub2DeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').nvaConnectivityHub2DeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').hubPeeringDeploymentName)]" + ], + "properties": { + "mode": "Incremental", + "templateLink": { + "contentVersion": "1.0.0.0", + "uri": "[variables('deploymentUris').hubVnetRouting]" + }, + "parameters": { + "topLevelManagementGroupPrefix": { + "value": "[parameters('enterpriseScaleCompanyPrefix')]" + }, + "connectivityHubResourceId": { + "value": "[variables('platformResourceIds').vNetHubResourceId]" + }, + "subnetName": { + "value": "AzureFirewallSubnet" + }, + "cidrRange": { + "value": "[parameters('addressPrefixSecondary')]" + }, + "targetFWSubnetCidr": { + "value": "[parameters('subnetMaskForAzFwSecondary')]" + }, + "sourceFWSubnetCidr": { + "value": "[parameters('subnetMaskForAzFw')]" + }, + "hubLocation": { + "value": "[parameters('connectivityLocation')]" + } + } + } + }, + { + // Creating route table from second region to first region + "condition": "[and(not(empty(parameters('connectivitySubscriptionId'))), equals(parameters('enableHub'), 'vhub'), equals(parameters('enableAzFw'), 'Yes'), equals(parameters('enableAzFwSecondary'), 'Yes'))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2020-10-01", + "name": "[variables('deploymentNames').vnetConnectivityRouteTable2DeploymentName]", + "subscriptionId": "[parameters('connectivitySubscriptionId')]", + "resourceGroup": "[variables('platformRgNames').connectivityRgSecondary]", + "dependsOn": [ + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').privateDnsZoneRgDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').vnetConnectivityHubDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').nvaConnectivityHubDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').vnetConnectivityHub2DeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').nvaConnectivityHub2DeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').hubPeeringDeploymentName)]" + ], + "properties": { + "mode": "Incremental", + "templateLink": { + "contentVersion": "1.0.0.0", + "uri": "[variables('deploymentUris').hubVnetRouting]" + }, + "parameters": { + "topLevelManagementGroupPrefix": { + "value": "[parameters('enterpriseScaleCompanyPrefix')]" + }, + "connectivityHubResourceId": { + "value": "[variables('platformResourceIds').vNetHubResourceIdSecondary]" + }, + "subnetName": { + "value": "AzureFirewallSubnet" + }, + "cidrRange": { + "value": "[parameters('addressPrefix')]" + }, + "targetFWSubnetCidr": { + "value": "[parameters('subnetMaskForAzFw')]" + }, + "sourceFWSubnetCidr": { + "value": "[parameters('subnetMaskForAzFwSecondary')]" + }, + "hubLocation": { + "value": "[parameters('connectivityLocationSecondary')]" + } + } + } + }, + /* + The following deployments will deploy and configure the Azure policy governance for the landing zones + */ + { + // Deploying Private DNS Zones policy assignment for PaaS services using built-in policies + "condition": "[or(equals(parameters('enablePrivateDnsZonesForLzs'), 'Yes'), equals(parameters('enablePrivateDnsZonesForLzs'), 'Audit'))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2019-10-01", + "name": "[variables('deploymentNames').privateDnsPolicyDeploymentName]", + "location": "[deployment().location]", + "scope": "[variables('scopes').corpManagementGroup]", + "dependsOn": [ + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').mgmtGroupDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').mgmtGroupLiteDeploymentName)]", + "dnsZones", + "dnsZonesLite", + "policyCompletion" + ], + "properties": { + "mode": "Incremental", + "templateLink": { + "contentVersion": "1.0.0.0", + "uri": "[variables('deploymentUris').privateDnsZonePolicyAssignment]" + }, + "parameters": { + "topLevelManagementGroupPrefix": { + "value": "[parameters('enterpriseScaleCompanyPrefix')]" + }, + "location": { + "value": "[parameters('connectivityLocation')]" + }, + "dnsZoneResourceGroupId": { + "value": "[variables('platformResourceIds').privateDnsRgResourceId]" + }, + "enforcementMode": { + "value": "[if(equals(parameters('enablePrivateDnsZonesForLzs'), 'Yes'), 'Default', 'DoNotEnforce')]" + } + } + } + }, + { + // Assigning RBAC for Private DNS Zone Policy assignment to the connectivity hub + "condition": "[equals(parameters('enablePrivateDnsZonesForLzs'), 'Yes')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2019-10-01", + "name": "[variables('deploymentNames').dnsZoneRoleAssignmentDeploymentName]", + "location": "[deployment().location]", "subscriptionId": "[variables('singleVsDedicatedConnectivitySub')]", "dependsOn": [ "[variables('deploymentNames').privateDnsPolicyDeploymentName]" @@ -6376,7 +7039,7 @@ } }, { - // Peer vnet in identity subscription to connectivity hub if vhub or nva contidion is true + // Peer vnet in identity subscription to connectivity hub if vhub or nva condition is true "condition": "[and(or(equals(parameters('enableHub'), 'nva'), equals(parameters('enableHub'), 'vhub')), not(empty(parameters('identityAddressPrefix'))))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2020-06-01", @@ -6423,7 +7086,54 @@ } }, { - // Peer vnet in identity subscription to connectivity hub if vwan contidion is true + // Peer vnet in identity subscription to connectivity hub in a secondary region if vhub or nva condition is true + "condition": "[and(or(equals(parameters('enableHubSecondary'), 'nva'), equals(parameters('enableHubSecondary'), 'vhub')), not(empty(parameters('identityAddressPrefix'))))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2020-06-01", + "name": "[variables('deploymentNames').identityPeering2DeploymentName]", + "subscriptionId": "[parameters('identitySubscriptionId')]", + "location": "[parameters('connectivityLocationSecondary')]", + "dependsOn": [ + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').vnetConnectivityHub2DeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').vwanConnectivityHubDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').nvaConnectivityHub2DeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').policyDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').activityDiagnosticsPolicyDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').ascPolicyDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').ascGovPolicyDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').resourceDiagnosticsPolicyDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').identitySubscriptionPlacement)]" + ], + "properties": { + "mode": "Incremental", + "templateLink": { + "contentVersion": "1.0.0.0", + "uri": "[variables('deploymentUris').corpVnetPeering]" + }, + "parameters": { + "vNetRgName": { + "value": "[variables('platformRgNames').identityVnetRgSecondary]" + }, + "vNetName": { + "value": "[take(concat(variables('platformResourceNames').identityVnetSecondary, '-', uniqueString(parameters('identitySubscriptionId'))), 64)]" + }, + "vNetLocation": { + "value": "[parameters('connectivityLocationSecondary')]" + }, + "vNetCidrRange": { + "value": "[parameters('identityAddressPrefixSecondary')]" + }, + "hubResourceId": { + "value": "[variables('platformResourceIds').vNetHubResourceIdSecondary]" + }, + "azureFirewallResourceId": { + "value": "[if(equals(parameters('enableAzFwDnsProxySecondary'), 'Yes'), variables('platformResourceIds').azFirewallResourceIdSecondary, '')]" + } + } + } + }, + { + // Peer vnet in identity subscription to connectivity hub if vwan condition is true "condition": "[and(equals(parameters('enableHub'), 'vwan'), not(empty(parameters('identityAddressPrefix'))))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2020-06-01", @@ -6469,33 +7179,80 @@ } } }, - /* - The following deployments will place landing zone subscriptions into online/corp (connected or disconnected) - */ { - // Placing subscription(s) into online landing zone management group - "condition": "[not(empty(parameters('onlineLzSubscriptionId')))]", + // Peer vnet in identity subscription to connectivity hub if vwan condition is true + "condition": "[and(equals(parameters('enableHubSecondary'), 'vwan'), not(empty(parameters('identityAddressPrefixSecondary'))))]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2020-10-01", - "name": "[concat(variables('deploymentNames').onlineLzSubs, copyIndex())]", - "scope": "[variables('scopes').onlineManagementGroup]", - "location": "[deployment().location]", + "apiVersion": "2020-06-01", + "name": "[variables('deploymentNames').identityVwanPeering2DeploymentName]", + "subscriptionId": "[parameters('identitySubscriptionId')]", + "location": "[parameters('connectivityLocationSecondary')]", "dependsOn": [ + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').vnetConnectivityHub2DeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').vwanConnectivityHubDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').nvaConnectivityHub2DeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').policyDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').activityDiagnosticsPolicyDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').ascPolicyDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').ascGovPolicyDeploymentName)]", - "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').resourceDiagnosticsPolicyDeploymentName)]" + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').resourceDiagnosticsPolicyDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').identitySubscriptionPlacement)]" ], - "copy": { - "name": "onlineLzs", - "count": "[length(parameters('onlineLzSubscriptionId'))]" - }, "properties": { "mode": "Incremental", "templateLink": { "contentVersion": "1.0.0.0", - "uri": "[variables('deploymentUris').subscriptionPlacement]" + "uri": "[variables('deploymentUris').corpVwanPeering]" + }, + "parameters": { + "vNetRgName": { + "value": "[variables('platformRgNames').identityVnetRgSecondary]" + }, + "vNetName": { + "value": "[take(concat(variables('platformResourceNames').identityVnetSecondary, '-', uniqueString(parameters('identitySubscriptionId'))), 64)]" + }, + "vNetLocation": { + "value": "[parameters('connectivityLocationSecondary')]" + }, + "vNetCidrRange": { + "value": "[parameters('identityAddressPrefixSecondary')]" + }, + "vWanHubResourceId": { + "value": "[variables('platformResourceIds').vWanHubResourceIdSecondary]" + }, + "azureFirewallResourceId": { + "value": "[if(equals(parameters('enableAzFwDnsProxySecondary'), 'Yes'), variables('platformResourceIds').azFirewallResourceIdSecondary, '')]" + } + } + } + }, + /* + The following deployments will place landing zone subscriptions into online/corp (connected or disconnected) + */ + { + // Placing subscription(s) into online landing zone management group + "condition": "[not(empty(parameters('onlineLzSubscriptionId')))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2020-10-01", + "name": "[concat(variables('deploymentNames').onlineLzSubs, copyIndex())]", + "scope": "[variables('scopes').onlineManagementGroup]", + "location": "[deployment().location]", + "dependsOn": [ + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').policyDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').activityDiagnosticsPolicyDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').ascPolicyDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').ascGovPolicyDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').resourceDiagnosticsPolicyDeploymentName)]" + ], + "copy": { + "name": "onlineLzs", + "count": "[length(parameters('onlineLzSubscriptionId'))]" + }, + "properties": { + "mode": "Incremental", + "templateLink": { + "contentVersion": "1.0.0.0", + "uri": "[variables('deploymentUris').subscriptionPlacement]" }, "parameters": { "targetManagementGroupId": { @@ -7006,11 +7763,48 @@ } } }, - /* - Note: ES Lite only: deploy private DNS zones + /* + Note: ES Lite only: deploy RG for Private DNS zones to platform subscription in a secondary region */ { - // Creating Private DNS Zones into the connectivity subscription + // Creating resource group for Private DNS Zones for a secondary region + "condition": "[and(equals(parameters('enablePrivateDnsZonesSecondary'), 'Yes'), not(empty(parameters('singlePlatformSubscriptionId'))))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2020-10-01", + "name": "[variables('esLitedeploymentNames').privateDnsZoneRgLite2DeploymentName]", + "subscriptionId": "[parameters('singlePlatformSubscriptionId')]", + "location": "[deployment().location]", + "dependsOn": [ + "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').platformLiteSubscriptionPlacement)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').activityDiagnosticsPolicyDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').asbPolicyDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').ascPolicyDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').ascGovPolicyDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').resourceDiagnosticsPolicyDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('esLitedeploymentNames').vnetConnectivityHubLite2DeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('esLitedeploymentNames').nvaConnectivityHubLite2DeploymentName)]" + ], + "properties": { + "mode": "Incremental", + "templateLink": { + "contentVersion": "1.0.0.0", + "uri": "[variables('deploymentUris').resourceGroup]" + }, + "parameters": { + "rgName": { + "value": "[variables('platformRgNames').privateDnsRg2]" + }, + "location": { + "value": "[parameters('connectivityLocationSecondary')]" + } + } + } + }, + /* + Note: ES Lite only: deploy private DNS zones for primary region + */ + { + // Creating Private DNS Zones into the connectivity subscription for only a primary region, and linking them to the secondary if provided. "condition": "[and(equals(parameters('enablePrivateDnsZones'), 'Yes'), not(empty(parameters('singlePlatformSubscriptionId'))))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2020-10-01", @@ -7023,7 +7817,9 @@ "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').resourceDiagnosticsPolicyDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('esLitedeploymentNames').vnetConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('esLitedeploymentNames').vwanConnectivityHubLiteDeploymentName)]", - "[resourceId('Microsoft.Resources/deployments', variables('esLitedeploymentNames').nvaConnectivityHubLiteDeploymentName)]" + "[resourceId('Microsoft.Resources/deployments', variables('esLitedeploymentNames').nvaConnectivityHubLiteDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('esLitedeploymentNames').vnetConnectivityHubLite2DeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('esLitedeploymentNames').nvaConnectivityHubLite2DeploymentName)]" ], "copy": { "name": "dnsZonesLite", @@ -7041,6 +7837,62 @@ }, "connectivityHubResourceId": { "value": "[variables('platformResourceIds').vNetHubResourceId]" + }, + "connectivityHubResourceIdSecondary": { + "value": "[variables('platformResourceIds').vNetHubResourceIdSecondary]" + }, + "enablePrivateDnsZonesSecondary": { + "value": "[parameters('enablePrivateDnsZonesSecondary')]" + }, + "enableHubSecondary": { + "value": "[parameters('enableHubSecondary')]" + } + } + } + }, + /* + Note: ES Lite only: deploy private DNS zones in a secondary region + */ + { + // Creating Private DNS Zones into the connectivity subscription for a secondary region + "condition": "[and(equals(parameters('enablePrivateDnsZonesSecondary'), 'Yes'), not(empty(parameters('singlePlatformSubscriptionId'))))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2020-10-01", + "name": "[concat(variables('esLitedeploymentNames').privateDnsZonesLite2DeploymentName, copyIndex())]", + "subscriptionId": "[parameters('singlePlatformSubscriptionId')]", + "resourceGroup": "[variables('platformRgNames').privateDnsRg2]", + "dependsOn": [ + "[resourceId('Microsoft.Resources/deployments', variables('esLitedeploymentNames').privateDnsZoneRgLite2DeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').activityDiagnosticsPolicyDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').resourceDiagnosticsPolicyDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('esLitedeploymentNames').vnetConnectivityHubLite2DeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('esLitedeploymentNames').nvaConnectivityHubLite2DeploymentName)]" + ], + "copy": { + "name": "dnsZonesLite", + "count": "[length(variables('privateDnsZonesMergedWithBackupPlaceholderRemoved'))]" + }, + "properties": { + "mode": "Incremental", + "templateLink": { + "contentVersion": "1.0.0.0", + "uri": "[variables('deploymentUris').privateDnsZones]" + }, + "parameters": { + "privateDnsZoneName": { + "value": "[concat(variables('privateDnsZonesMergedWithBackupPlaceholderRemoved')[copyIndex()])]" + }, + "connectivityHubResourceId": { + "value": "[variables('platformResourceIds').vNetHubResourceIdSecondary]" + }, + "connectivityHubResourceIdSecondary": { + "value": "placeholder" + }, + "enablePrivateDnsZonesSecondary": { + "value": "[parameters('enablePrivateDnsZonesSecondary')]" + }, + "enableHubSecondary": { + "value": "No" } } } @@ -7331,6 +8183,385 @@ }, "vWanHubCapacity": { "value": "[parameters('vWANHubCapacity')]" + }, + "enableHubSecondary": { + "value": "[parameters('enableHubSecondary')]" + }, + "enableAzFwSecondary": { + "value": "[parameters('enableAzFwSecondary')]" + }, + "firewallSkuSecondary": { + "value": "[parameters('firewallSkuSecondary')]" + }, + "firewallZonesSecondary": { + "value": "[parameters('firewallZonesSecondary')]" + }, + "enableAzFwDnsProxySecondary": { + "value": "[parameters('enableAzFwDnsProxySecondary')]" + }, + "addressPrefixSecondary": { + "value": "[parameters('addressPrefixSecondary')]" + }, + "enableVpnGwSecondary": { + "value": "[parameters('enableVpnGwSecondary')]" + }, + "enableErGwSecondary": { + "value": "[parameters('enableErGwSecondary')]" + }, + "locationSecondary": { + "value": "[parameters('connectivityLocationSecondary')]" + }, + "expressRouteScaleUnitSecondary": { + "value": "[parameters('expressRouteScaleUnitSecondary')]" + }, + "vpnGateWayScaleUnitSecondary": { + "value": "[parameters('vpnGateWayScaleUnitSecondary')]" + }, + "enablevWANRoutingIntentSecondary": { + "value": "[parameters('enablevWANRoutingIntentSecondary')]" + }, + "internetTrafficRoutingPolicySecondary": { + "value": "[parameters('internetTrafficRoutingPolicySecondary')]" + }, + "privateTrafficRoutingPolicySecondary": { + "value": "[parameters('privateTrafficRoutingPolicySecondary')]" + }, + "vWANHubRoutingPreferenceSecondary": { + "value": "[parameters('vWANHubRoutingPreferenceSecondary')]" + }, + "vWANHubCapacitySecondary": { + "value": "[parameters('vWANHubCapacitySecondary')]" + } + } + } + }, + /* + Note: ES Lite only: deploys hub and spoke in a secondary region + */ + { + // Configuring and deploying the connectivity hub (hub and spoke) in a secondary region + "condition": "[and(not(empty(parameters('singlePlatformSubscriptionId'))),equals(parameters('enableHubSecondary'), 'vhub'))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2019-05-01", + "scope": "[variables('scopes').platformManagementGroup]", + "name": "[variables('esLitedeploymentNames').vnetConnectivityHubLite2DeploymentName]", + "dependsOn": [ + "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').platformLiteSubscriptionPlacement)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').asbPolicyDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').ascPolicyDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').ascGovPolicyDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').ddosHubLitePolicyDeploymentName)]" + ], + "location": "[deployment().location]", + "properties": { + "mode": "Incremental", + "templateLink": { + "contentVersion": "1.0.0.0", + "uri": "[variables('deploymentUris').vnetConnectivityHub]" + }, + "parameters": { + "topLevelManagementGroupPrefix": { + "value": "[parameters('enterpriseScaleCompanyPrefix')]" + }, + "ddosPlanResourceId": { + "value": "[variables('platformResourceIds').ddosProtectionResourceId]" + }, + "enableHub": { + "value": "[parameters('enableHubSecondary')]" + }, + "enableAzFw": { + "value": "[parameters('enableAzFwSecondary')]" + }, + "addressPrefix": { + "value": "[parameters('addressPrefixSecondary')]" + }, + "enableVpnGw": { + "value": "[parameters('enableVpnGwSecondary')]" + }, + "enableErGw": { + "value": "[parameters('enableErGwSecondary')]" + }, + "enableDdoS": { + "value": "[parameters('enableDdoS')]" + }, + "location": { + "value": "[parameters('connectivityLocationSecondary')]" + }, + "connectivitySubscriptionId": { + "value": "[parameters('singlePlatformSubscriptionId')]" + }, + "subnetMaskForAzFw": { + "value": "[parameters('subnetMaskForAzFwSecondary')]" + }, + "subnetMaskForAzFwMgmt": { + "value": "[parameters('subnetMaskForAzFwMgmtSecondary')]" + }, + "subnetMaskForGw": { + "value": "[parameters('subnetMaskForGwSecondary')]" + }, + "firewallSku": { + "value": "[parameters('firewallSkuSecondary')]" + }, + "firewallZones": { + "value": "[parameters('firewallZonesSecondary')]" + }, + "enableAzFwDnsProxy": { + "value": "[parameters('enableAzFwDnsProxySecondary')]" + }, + "enableVpnActiveActive": { + "value": "[parameters('enableVpnActiveActiveSecondary')]" + }, + "gwRegionalOrAz": { + "value": "[parameters('gwRegionalOrAzSecondary')]" + }, + "gwAzSku": { + "value": "[parameters('gwAzSkuSecondary')]" + }, + "gwRegionalSku": { + "value": "[parameters('gwRegionalSkuSecondary')]" + }, + "erRegionalOrAz": { + "value": "[parameters('erRegionalOrAzSecondary')]" + }, + "erAzSku": { + "value": "[parameters('erAzSkuSecondary')]" + }, + "erRegionalSku": { + "value": "[parameters('erRegionalSkuSecondary')]" + } + } + } + }, + /* + Note: ES Lite only: deploys virtual hub (NVA) in a secondary region + */ + { + // Configuring and deploying the connectivity hub (NVA) in a secondary region + "condition": "[and(not(empty(parameters('singlePlatformSubscriptionId'))),equals(parameters('enableHubSecondary'), 'nva'))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2019-05-01", + "scope": "[variables('scopes').platformManagementGroup]", + "name": "[variables('esLitedeploymentNames').nvaConnectivityHubLite2DeploymentName]", + "dependsOn": [ + "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').platformLiteSubscriptionPlacement)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').asbPolicyDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').ascPolicyDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').ascGovPolicyDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').ddosHubLitePolicyDeploymentName)]" + ], + "location": "[deployment().location]", + "properties": { + "mode": "Incremental", + "templateLink": { + "contentVersion": "1.0.0.0", + "uri": "[variables('deploymentUris').nvaConnectivityHub]" + }, + "parameters": { + "topLevelManagementGroupPrefix": { + "value": "[parameters('enterpriseScaleCompanyPrefix')]" + }, + "ddosPlanResourceId": { + "value": "[variables('platformResourceIds').ddosProtectionResourceId]" + }, + "enableHub": { + "value": "[parameters('enableHubSecondary')]" + }, + "addressPrefix": { + "value": "[parameters('addressPrefixSecondary')]" + }, + "enableVpnGw": { + "value": "[parameters('enableVpnGwSecondary')]" + }, + "enableErGw": { + "value": "[parameters('enableErGwSecondary')]" + }, + "enableDdoS": { + "value": "[parameters('enableDdoS')]" + }, + "location": { + "value": "[parameters('connectivityLocationSecondary')]" + }, + "connectivitySubscriptionId": { + "value": "[parameters('singlePlatformSubscriptionId')]" + }, + "subnetMaskForGw": { + "value": "[parameters('subnetMaskForGwSecondary')]" + }, + "enableVpnActiveActive": { + "value": "[parameters('enableVpnActiveActiveSecondary')]" + }, + "gwRegionalOrAz": { + "value": "[parameters('gwRegionalOrAzSecondary')]" + }, + "gwAzSku": { + "value": "[parameters('gwAzSkuSecondary')]" + }, + "gwRegionalSku": { + "value": "[parameters('gwRegionalSkuSecondary')]" + }, + "erRegionalOrAz": { + "value": "[parameters('erRegionalOrAzSecondary')]" + }, + "erAzSku": { + "value": "[parameters('erAzSkuSecondary')]" + }, + "erRegionalSku": { + "value": "[parameters('erRegionalSkuSecondary')]" + } + } + } + }, + /* + Note: ES Lite only: deploys peering between hub networks in the primary and secondary region + */ + { + // Peering the primary hub and the secondary hub (when nva or vhub is selected) + "condition": "[and(not(empty(parameters('singlePlatformSubscriptionId'))), or(equals(parameters('enableHub'), 'nva'), equals(parameters('enableHub'), 'vhub')), or(equals(parameters('enableHubSecondary'), 'nva'), equals(parameters('enableHubSecondary'), 'vhub')))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2020-06-01", + "name": "[variables('esLitedeploymentNames').hubPeeringDeploymentName]", + "subscriptionId": "[parameters('singlePlatformSubscriptionId')]", + "location": "[parameters('connectivityLocation')]", + "dependsOn": [ + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').vnetConnectivityHubDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').vwanConnectivityHubDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').nvaConnectivityHubDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').ddosLzPolicyDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').policyDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').activityDiagnosticsPolicyDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').ascPolicyDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').ascGovPolicyDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').resourceDiagnosticsPolicyDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').vwanConnectivityHubLiteDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').vnetConnectivityHubLiteDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').nvaConnectivityHubLiteDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').vnetConnectivityHubLite2DeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').nvaConnectivityHubLite2DeploymentName)]", + "corpConnectedMoveLzs" + ], + "properties": { + "mode": "Incremental", + "templateLink": { + "contentVersion": "1.0.0.0", + "uri": "[variables('deploymentUris').hubVnetPeering]" + }, + "parameters": { + "hubResourceId": { + "value": "[variables('platformResourceIds').vNetHubResourceId]" + }, + "hubResourceIdSecondary": { + "value": "[variables('platformResourceIds').vNetHubResourceIdSecondary]" + }, + "hubLocation": { + "value": "[parameters('connectivityLocation')]" + }, + "hubLocationSecondary": { + "value": "[parameters('connectivityLocationSecondary')]" + }, + "hubRgName": { + "value": "[concat(parameters('enterpriseScaleCompanyPrefix'), '-vnethub-', parameters('connectivityLocation'))]" + }, + "hubRgNameSecondary": { + "value": "[concat(parameters('enterpriseScaleCompanyPrefix'), '-vnethub-', parameters('connectivityLocationSecondary'))]" } + } + } + }, + /* + Note: ES Lite only: deploys route tables to forward traffic between hubs + */ + { + // Creating routing from first region to second region + "condition": "[and(not(empty(parameters('singlePlatformSubscriptionId'))), equals(parameters('enableHub'), 'vhub'), equals(parameters('enableAzFw'), 'Yes'), equals(parameters('enableAzFwSecondary'), 'Yes'))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2020-10-01", + "name": "[variables('esLitedeploymentNames').vnetConnectivityRouteTableDeploymentName]", + "subscriptionId": "[parameters('singlePlatformSubscriptionId')]", + "resourceGroup": "[variables('platformRgNames').connectivityRg]", + "dependsOn": [ + "[resourceId('Microsoft.Resources/deployments', variables('esLitedeploymentNames').privateDnsZoneRgLiteDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('esLitedeploymentNames').vnetConnectivityHubLiteDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('esLitedeploymentNames').nvaConnectivityHubLiteDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('esLitedeploymentNames').vnetConnectivityHubLite2DeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('esLitedeploymentNames').nvaConnectivityHubLite2DeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('esLitedeploymentNames').hubPeeringDeploymentName)]" + ], + "properties": { + "mode": "Incremental", + "templateLink": { + "contentVersion": "1.0.0.0", + "uri": "[variables('deploymentUris').hubVnetRouting]" + }, + "parameters": { + "topLevelManagementGroupPrefix": { + "value": "[parameters('enterpriseScaleCompanyPrefix')]" + }, + "connectivityHubResourceId": { + "value": "[variables('platformResourceIds').vNetHubResourceId]" + }, + "subnetName": { + "value": "AzureFirewallSubnet" + }, + "cidrRange": { + "value": "[parameters('addressPrefixSecondary')]" + }, + "targetFWSubnetCidr": { + "value": "[parameters('subnetMaskForAzFwSecondary')]" + }, + "sourceFWSubnetCidr": { + "value": "[parameters('subnetMaskForAzFw')]" + }, + "hubLocation": { + "value": "[parameters('connectivityLocation')]" + } + } + } + }, + /* + Note: ES Lite only: deploys route tables to forward traffic between hubs + */ + { + // Creating routing from second region to first region + "condition": "[and(not(empty(parameters('singlePlatformSubscriptionId'))), equals(parameters('enableHub'), 'vhub'), equals(parameters('enableAzFw'), 'Yes'), equals(parameters('enableAzFwSecondary'), 'Yes'))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2020-10-01", + "name": "[variables('esLitedeploymentNames').vnetConnectivityRouteTable2DeploymentName]", + "subscriptionId": "[parameters('singlePlatformSubscriptionId')]", + "resourceGroup": "[variables('platformRgNames').connectivityRgSecondary]", + "dependsOn": [ + "[resourceId('Microsoft.Resources/deployments', variables('esLitedeploymentNames').privateDnsZoneRgLiteDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('esLitedeploymentNames').vnetConnectivityHubLiteDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('esLitedeploymentNames').nvaConnectivityHubLiteDeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('esLitedeploymentNames').vnetConnectivityHubLite2DeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('esLitedeploymentNames').nvaConnectivityHubLite2DeploymentName)]", + "[resourceId('Microsoft.Resources/deployments', variables('esLitedeploymentNames').hubPeeringDeploymentName)]" + ], + "properties": { + "mode": "Incremental", + "templateLink": { + "contentVersion": "1.0.0.0", + "uri": "[variables('deploymentUris').hubVnetRouting]" + }, + "parameters": { + "topLevelManagementGroupPrefix": { + "value": "[parameters('enterpriseScaleCompanyPrefix')]" + }, + "connectivityHubResourceId": { + "value": "[variables('platformResourceIds').vNetHubResourceIdSecondary]" + }, + "subnetName": { + "value": "AzureFirewallSubnet" + }, + "cidrRange": { + "value": "[parameters('addressPrefix')]" + }, + "targetFWSubnetCidr": { + "value": "[parameters('subnetMaskForAzFw')]" + }, + "sourceFWSubnetCidr": { + "value": "[parameters('subnetMaskForAzFwSecondary')]" + }, + "hubLocation": { + "value": "[parameters('connectivityLocationSecondary')]" } } } @@ -7617,25 +8848,24 @@ } }, { - "condition": "[and(equals(parameters('telemetryOptOut'), 'No'), equals(parameters('enableDdoS'), 'Yes'), equals(parameters('enableAzFw'), 'Yes'), equals(parameters('firewallSku'), 'Premium'), equals(parameters('denySubnetWithoutNsg'), 'Yes'), equals(parameters('denySubnetWithoutNsgForIdentity'), 'Yes'), equals(parameters('enableStorageHttps'), 'Yes'), or(equals(parameters('enableHub'), 'vhub'), equals(parameters('enableHub'), 'vwan')), or(not(empty(parameters('connectivitySubscriptionId'))), not(empty(parameters('singlePlatformSubscriptionId')))))]", + "condition": "[and(equals(parameters('telemetryOptOut'), 'No'), equals(parameters('enableMonitorBaselines'), 'Yes'))]", "apiVersion": "2022-09-01", - "name": "[variables('deploymentNames').ztnPhase1PidCuaDeploymentName]", - "subscriptionId": "[coalesce(parameters('connectivitySubscriptionId'), parameters('singlePlatformSubscriptionId'))]", + "name": "[variables('deploymentNames').ambaPortalPidCuaDeploymentName]", "location": "[deployment().location]", "type": "Microsoft.Resources/deployments", "properties": { "mode": "Incremental", "template": { - "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "resources": [] } } }, { - "condition": "[and(equals(parameters('telemetryOptOut'), 'No'), equals(parameters('enableMonitorBaselines'), 'Yes'))]", + "condition": "[and(equals(parameters('telemetryOptOut'), 'No'), equals(parameters('enableSecondaryRegion'), 'Yes'))]", "apiVersion": "2022-09-01", - "name": "[variables('deploymentNames').ambaPortalPidCuaDeploymentName]", + "name": "[variables('deploymentNames').pidCuaDeploymentNameSecondaryRegion]", "location": "[deployment().location]", "type": "Microsoft.Resources/deployments", "properties": { diff --git a/eslzArm/eslzArm.test.param.json b/eslzArm/eslzArm.test.param.json index 1c6a1dc71d..49f805b566 100644 --- a/eslzArm/eslzArm.test.param.json +++ b/eslzArm/eslzArm.test.param.json @@ -146,6 +146,66 @@ "subnetMaskForAzFw": { "value": "" }, + "addressPrefixSecondary": { + "value": "10.200.0.0/16" + }, + "enablePrivateDnsZonesSecondary": { + "value": "Yes" + }, + "enableVpnGwSecondary": { + "value": "No" + }, + "enableVpnActiveActiveSecondary": { + "value": "Yes" + }, + "gwRegionalOrAzSecondary": { + "value": "" + }, + "gwRegionalSkuSecondary": { + "value": "" + }, + "gwAzSkuSecondary": { + "value": "" + }, + "vpnGateWayScaleUnitSecondary": { + "value": "1" + }, + "subnetMaskForGwSecondary": { + "value": "" + }, + "enableErGwSecondary": { + "value": "No" + }, + "erAzSkuSecondary": { + "value": "" + }, + "erRegionalSkuSecondary": { + "value": "" + }, + "erRegionalOrAzSecondary": { + "value": "" + }, + "expressRouteScaleUnitSecondary": { + "value": "1" + }, + "enableHubSecondary": { + "value": "vhub" + }, + "enableAzFwSecondary": { + "value": "No" + }, + "enableAzFwDnsProxySecondary": { + "value": "No" + }, + "firewallSkuSecondary": { + "value": "Standard" + }, + "firewallZonesSecondary": { + "value": [] + }, + "subnetMaskForAzFwSecondary": { + "value": "" + }, "denyMgmtPortsForIdentity": { "value": "Yes" }, @@ -164,6 +224,9 @@ "identityAddressPrefix": { "value": "10.110.0.0/24" }, + "identityAddressPrefixSecondary": { + "value": "10.210.0.0/24" + }, "enableLzDdoS": { "value": "No" }, diff --git a/eslzArm/resourceGroupTemplates/privateDnsZones.json b/eslzArm/resourceGroupTemplates/privateDnsZones.json index 4f9b10acc7..2663b1af5b 100644 --- a/eslzArm/resourceGroupTemplates/privateDnsZones.json +++ b/eslzArm/resourceGroupTemplates/privateDnsZones.json @@ -10,6 +10,19 @@ }, "connectivityHubResourceId": { "type": "string" + }, + "connectivityHubResourceIdSecondary": { + "type": "string", + "defaultValue": "placeholder" + + }, + "enablePrivateDnsZonesSecondary": { + "type": "string", + "defaultValue": "No" + }, + "enableHubSecondary": { + "type": "string", + "defaultValue": "No" } }, "resources": [ @@ -38,6 +51,22 @@ "id": "[parameters('connectivityHubResourceId')]" } } + }, + { + "type": "virtualNetworkLinks", + "apiVersion": "2020-06-01", + "name": "[concat('linkingOf', parameters('privateDnsZoneName'),2)]", + "location": "global", + "condition": "[and(equals(parameters('enablePrivateDnsZonesSecondary'), 'No'), not(equals(parameters('enableHubSecondary'), 'No')))]", + "dependsOn": [ + "[resourceId('Microsoft.Network/privateDnsZones', parameters('privateDnsZoneName'))]" + ], + "properties": { + "registrationEnabled": false, + "virtualNetwork": { + "id": "[parameters('connectivityHubResourceIdSecondary')]" + } + } } ] } diff --git a/eslzArm/resourceGroupTemplates/vnetRouteTable.json b/eslzArm/resourceGroupTemplates/vnetRouteTable.json new file mode 100644 index 0000000000..f879e4a617 --- /dev/null +++ b/eslzArm/resourceGroupTemplates/vnetRouteTable.json @@ -0,0 +1,76 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "topLevelManagementGroupPrefix" : { + "type": "string" + }, + "connectivityHubResourceId": { + "type": "string" + }, + "subnetName": { + "type": "string" + }, + "cidrRange": { + "type": "string" + }, + "targetFWSubnetCidr": { + "type": "string" + }, + "sourceFWSubnetCidr": { + "type": "string" + }, + "hubLocation": { + "type": "string" + } + }, + "variables": { + "routeTableName": "[concat(parameters('topLevelManagementGroupPrefix'), '-rt-hub-', parameters('hubLocation'))]", + "vNetName": "[last(split(parameters('connectivityHubResourceId'), '/'))]", + "nextHopIP": "[first(split(cidrsubnet(parameters('targetFWSubnetCidr'), 32, 4), '/'))]" + }, + "resources": [ + { + "type": "Microsoft.Network/routeTables", + "apiVersion": "2020-07-01", + "name": "[variables('routeTableName')]", + "location": "[parameters('hubLocation')]", + "properties": { + "routes": [ + { + "name": "hubRoute", + "properties": { + "addressPrefix": "[parameters('cidrRange')]", + "nextHopType": "VirtualAppliance", + "nextHopIpAddress": "[variables('nextHopIP')]" + } + }, + { + "name": "internetRoute", + "properties": { + "addressPrefix": "0.0.0.0/0", + "nextHopType": "Internet" + } + } + ] + + } + }, + { + "type": "Microsoft.Network/virtualNetworks/subnets", + "apiVersion": "2020-07-01", + "name": "[concat(variables('vNetName'), '/', parameters('subnetName'))]", + "properties": { + "addressPrefix": "[parameters('sourceFWSubnetCidr')]", + "routeTable": { + "id": "[resourceId('Microsoft.Network/routeTables', variables('routeTableName'))]" + } + + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/routeTables', variables('routeTableName'))]" + ] + } + ] +} + diff --git a/eslzArm/subscriptionTemplates/azFw-basepolicy.json b/eslzArm/subscriptionTemplates/azFw-basepolicy.json new file mode 100644 index 0000000000..6c23ee3fca --- /dev/null +++ b/eslzArm/subscriptionTemplates/azFw-basepolicy.json @@ -0,0 +1,118 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "topLevelManagementGroupPrefix": { + "type": "string", + "maxLength": 10, + "metadata": { + "description": "Provide a prefix (max 10 characters, unique at tenant-scope) for the Management Group hierarchy and other resources created as part of Enterprise-scale." + } + }, + "location": { + "type": "string", + "metadata": { + "displayName": "location", + "description": "Location of the HUB" + }, + "defaultValue": "[deployment().location]" + }, + "enableAzFwDnsProxy": { + "type": "string", + "allowedValues": [ + "Yes", + "No" + ], + "defaultValue": "No", + "metadata": { + "description": "Select whether the Azure Firewall should be used as DNS Proxy or not." + } + }, + "connectivitySubscriptionId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Provide the subscription id for the dedicated connectivity subscription." + } + }, + "firewallSku": { + "type": "string", + "allowedValues": [ + "Basic", + "Standard", + "Premium" + ], + "defaultValue": "Standard" + } + }, + "variables": { + "rgName": "[concat(parameters('topLevelManagementGroupPrefix'), '-fwBasePolicy-', parameters('location'))]", + "azFwPolicyName": "[concat(parameters('topLevelManagementGroupPrefix'), '-azfwpolicy-base-', parameters('location'))]", + "resourceDeploymentName": "[take(concat(deployment().name, '-azfwpolicy-base-', parameters('location')), 64)]", + "azFirewallPolicyId": { + "id": "[concat('/subscriptions/', parameters('connectivitySubscriptionId'), '/resourceGroups/', variables('rgName'), '/providers/Microsoft.Network/firewallPolicies/', variables('azFwPolicyName'))]" + }, + "azFirewallDnsSettings": { + "enableProxy": true + } + }, + "resources": [ + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2019-10-01", + "location": "[parameters('location')]", + "name": "[concat('alz-', parameters('location'), '-', substring(uniqueString(parameters('connectivitySubscriptionId')),0,6), '-azFwBasePolicy')]", + "subscriptionId": "[parameters('connectivitySubscriptionId')]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": {}, + "resources": [ + { + "type": "Microsoft.Resources/resourceGroups", + "apiVersion": "2019-10-01", + "location": "[parameters('location')]", + "name": "[variables('rgName')]", + "properties": {} + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2019-10-01", + "name": "[variables('resourceDeploymentName')]", + "resourceGroup": "[variables('rgName')]", + "dependsOn": [ + "[concat('Microsoft.Resources/resourceGroups/', variables('rgName'))]" + ], + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": {}, + "resources": [ + { + "type": "Microsoft.Network/firewallPolicies", + "apiVersion": "2020-11-01", + "name": "[variables('azFwPolicyName')]", + "location": "[parameters('location')]", + "properties": { + "dnsSettings": "[if(equals(parameters('enableAzFwDnsProxy'), 'Yes'), variables('azFirewallDnsSettings'), json('null'))]", + "sku": { + "tier": "[parameters('firewallSku')]" + + } + } + } + ] + } + } + } + ] + } + } + } + ], + "outputs": {} +} \ No newline at end of file diff --git a/eslzArm/subscriptionTemplates/hubspoke-connectivity.json b/eslzArm/subscriptionTemplates/hubspoke-connectivity.json index 62e4c32f2f..4a65306e51 100644 --- a/eslzArm/subscriptionTemplates/hubspoke-connectivity.json +++ b/eslzArm/subscriptionTemplates/hubspoke-connectivity.json @@ -303,10 +303,10 @@ "location": "[parameters('location')]", "name": "[variables('azVpnGwIpName')]", "sku": { - "name": "[if(equals(parameters('gwRegionalOrAz'), 'Zone'), 'Standard', 'Basic')]" + "name": "Standard" }, "properties": { - "publicIPAllocationMethod": "[if(equals(parameters('gwRegionalOrAz'), 'Zone'), 'Static', 'Dynamic')]" + "publicIPAllocationMethod": "Static" } }, { @@ -316,10 +316,10 @@ "location": "[parameters('location')]", "name": "[variables('azVpnGwAAIpName')]", "sku": { - "name": "[if(equals(parameters('gwRegionalOrAz'), 'Zone'), 'Standard', 'Basic')]" + "name": "Standard" }, "properties": { - "publicIPAllocationMethod": "[if(equals(parameters('gwRegionalOrAz'), 'Zone'), 'Static', 'Dynamic')]" + "publicIPAllocationMethod": "Static" } }, { @@ -444,10 +444,10 @@ "location": "[parameters('location')]", "name": "[variables('azErGwIpName')]", "sku": { - "name": "[if(equals(parameters('erRegionalOrAz'), 'Zone'), 'Standard', 'Basic')]" + "name": "Standard" }, "properties": { - "publicIPAllocationMethod": "[if(equals(parameters('erRegionalOrAz'), 'Zone'), 'Static', 'Dynamic')]" + "publicIPAllocationMethod": "Static" } }, { @@ -535,6 +535,7 @@ "dnsSettings": "[if(equals(parameters('enableAzFwDnsProxy'), 'Yes'), variables('azFirewallDnsSettings'), json('null'))]", "sku": { "tier": "[parameters('firewallSku')]" + } } }, diff --git a/eslzArm/subscriptionTemplates/vnetPeering.json b/eslzArm/subscriptionTemplates/vnetPeering.json index a1f4bc65bd..750935b657 100644 --- a/eslzArm/subscriptionTemplates/vnetPeering.json +++ b/eslzArm/subscriptionTemplates/vnetPeering.json @@ -80,7 +80,7 @@ { "type": "Microsoft.Resources/resourceGroups", "apiVersion": "2020-06-01", - "name": "NetworkWatcherRG", + "name": "[concat('NetworkWatcherRG-', parameters('vNetLocation'))]", "location": "[parameters('vNetLocation')]", "properties": {} } diff --git a/eslzArm/subscriptionTemplates/vnetPeeringHub.json b/eslzArm/subscriptionTemplates/vnetPeeringHub.json new file mode 100644 index 0000000000..0cebe9390e --- /dev/null +++ b/eslzArm/subscriptionTemplates/vnetPeeringHub.json @@ -0,0 +1,113 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "hubResourceId": { + "type": "string", + "metadata": { + "description": "Provide the resourceId for the primary hub." + } + }, + "hubResourceIdSecondary": { + "type": "string", + "metadata": { + "description": "Provide the resourceId for the secondary hub." + } + }, + "hubLocation": { + "type": "string", + "metadata": { + "description": "Provide the location for the primary hub." + } + }, + "hubLocationSecondary": { + "type": "string", + "metadata": { + "description": "Provide the location for the secondary hub." + } + }, + "hubRgName": { + "type": "string", + "metadata": { + "description": "Provide the name of the RG of the primary hub." + } + }, + "hubRgNameSecondary": { + "type": "string", + "metadata": { + "description": "Provide the name of the RG of the Secondary hub." + } + } + }, + "variables": { + "hubName": "[last(split(parameters('hubResourceId'), '/'))]", + "hubNameSecondary": "[last(split(parameters('hubResourceIdSecondary'), '/'))]" + }, + "resources": [ + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2020-06-01", + "name": "[concat('alz-vnet-', parameters('hubLocation'), '-', substring(uniqueString(subscription().id),0,6))]", + "resourceGroup": "[parameters('hubRgName')]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": {}, + "variables": {}, + "resources": [ + { + "type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings", + "apiVersion": "2020-07-01", + "name": "[concat(variables('hubName'), '/peerTo', variables('hubNameSecondary'))]", + "properties": { + "remoteVirtualNetwork": { + "id": "[parameters('hubResourceIdSecondary')]" + }, + "allowVirtualNetworkAccess": true, + "allowForwardedTraffic": true, + "allowGatewayTransit": false, + "useRemoteGateways": false + } + } + ], + "outputs": {} + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2020-06-01", + "name": "[concat('alz-vnet-', parameters('hubLocationSecondary'), '-', substring(uniqueString(subscription().id),0,6))]", + "resourceGroup": "[parameters('hubRgNameSecondary')]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": {}, + "variables": {}, + "resources": [ + { + "type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings", + "apiVersion": "2020-07-01", + "name": "[concat(variables('hubNameSecondary'), '/peerTo', variables('hubName'))]", + "properties": { + "remoteVirtualNetwork": { + "id": "[parameters('hubResourceId')]" + }, + "allowVirtualNetworkAccess": true, + "allowForwardedTraffic": true, + "allowGatewayTransit": false, + "useRemoteGateways": false + } + } + ], + "outputs": {} + } + } + } + ], + "outputs": {} +} \ No newline at end of file diff --git a/eslzArm/subscriptionTemplates/vnetPeeringVwan.json b/eslzArm/subscriptionTemplates/vnetPeeringVwan.json index 0027eec257..a0f502f0e4 100644 --- a/eslzArm/subscriptionTemplates/vnetPeeringVwan.json +++ b/eslzArm/subscriptionTemplates/vnetPeeringVwan.json @@ -58,7 +58,7 @@ { "type": "Microsoft.Resources/resourceGroups", "apiVersion": "2020-06-01", - "name": "NetworkWatcherRG", + "name": "[concat('NetworkWatcherRG-', parameters('vNetLocation'))]", "location": "[parameters('vNetLocation')]", "properties": {} } diff --git a/eslzArm/subscriptionTemplates/vwan-connectivity.json b/eslzArm/subscriptionTemplates/vwan-connectivity.json index 274c10c96b..5523d24d21 100644 --- a/eslzArm/subscriptionTemplates/vwan-connectivity.json +++ b/eslzArm/subscriptionTemplates/vwan-connectivity.json @@ -137,6 +137,132 @@ "vWAN Hub Capacity Units" }, "defaultValue": "2" + }, + "addressPrefixSecondary": { + "type": "string", + "metadata": { + "displayName": "addressPrefix", + "description": "Address prefix of the VHUB" + }, + "defaultValue": "10.100.0.0/23" + }, + "locationSecondary": { + "type": "string", + "metadata": { + "displayName": "location", + "description": "Location of the VHUB" + }, + "defaultValue": "[deployment().location]" + }, + "enableHubSecondary": { + "type": "string", + "allowedValues": [ + "vwan", + "No" + ], + "defaultValue": "No" + }, + "enableAzFwSecondary": { + "type": "string", + "allowedValues": [ + "Yes", + "No" + ], + "defaultValue": "No" + }, + "firewallSkuSecondary": { + "type": "string", + "allowedValues": [ + "Basic", + "Standard", + "Premium" + ], + "defaultValue": "Standard" + }, + "enableAzFwDnsProxySecondary": { + "type": "string", + "allowedValues": [ + "Yes", + "No" + ], + "defaultValue": "No", + "metadata": { + "description": "Select whether the Azure Firewall should be used as DNS Proxy or not." + } + }, + "enableVpnGwSecondary": { + "type": "string", + "allowedValues": [ + "Yes", + "No" + ], + "defaultValue": "No" + }, + "enableErGwSecondary": { + "type": "string", + "allowedValues": [ + "Yes", + "No" + ], + "defaultValue": "No" + }, + "vpnGateWayScaleUnitSecondary": { + "type": "string", + "defaultValue": "1" + }, + "expressRouteScaleUnitSecondary": { + "type": "string", + "defaultValue": "1" + }, + "firewallZonesSecondary": { + "type": "array", + "defaultValue": [] + }, + "internetTrafficRoutingPolicySecondary": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Enable vWAN Routing Intent and Policy for Internet Traffic" + } + }, + "privateTrafficRoutingPolicySecondary": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Enable vWAN Routing Intent and Policy for Private Traffic" + } + }, + "enablevWANRoutingIntentSecondary":{ + "type": "string", + "allowedValues":[ + "Yes", + "No" + ], + "metadata": { + "description": + "Enable vWAN Routing Intent" + } + }, + "vWANHubRoutingPreferenceSecondary":{ + "type": "string", + "defaultValue": "ExpressRoute", + "allowedValues":[ + "ExpressRoute", + "VpnGateway", + "ASPath" + ], + "metadata": { + "description": + "vWAN Hub Routing Preference" + } + }, + "vWANHubCapacitySecondary":{ + "type": "string", + "metadata": { + "description": + "vWAN Hub Capacity Units" + }, + "defaultValue": "2" } }, "variables": { @@ -159,7 +285,21 @@ "azFirewallDnsSettings": { "enableProxy": true }, - "routingIntentnexthop":"[concat('/subscriptions/', parameters('connectivitySubscriptionId'), '/resourceGroups/', variables ('rgName'), '/providers/Microsoft.Network/azureFirewalls/', variables ('azFwName'))]" + "routingIntentnexthop":"[concat('/subscriptions/', parameters('connectivitySubscriptionId'), '/resourceGroups/', variables ('rgName'), '/providers/Microsoft.Network/azureFirewalls/', variables ('azFwName'))]", + "vpngwnameSecondary": "[concat(parameters('topLevelManagementGroupPrefix'), '-vpngw-', parameters('locationSecondary'))]", + "ergwnameSecondary": "[concat(parameters('topLevelManagementGroupPrefix'), '-ergw-', parameters('locationSecondary'))]", + "vHubNameSecondary": "[concat(parameters('topLevelManagementGroupPrefix'), '-hub-', parameters('locationSecondary'))]", + "azFwNameSecondary": "[concat(parameters('topLevelManagementGroupPrefix'), '-fw-', parameters('locationSecondary'))]", + "azFwPolicyNameSecondary": "[concat(parameters('topLevelManagementGroupPrefix'), '-azfwpolicy-', parameters('locationSecondary'))]", + "vwanhubSecondary": "[concat('/subscriptions/', parameters('connectivitySubscriptionId'), '/resourceGroups/', variables('rgName'),'/providers/Microsoft.Network/virtualHubs/', variables('vhubnameSecondary'))]", + "vhubskuSecondary": "Standard", + "azFirewallPolicyIdSecondary": { + "id": "[concat('/subscriptions/', parameters('connectivitySubscriptionId'), '/resourceGroups/', variables('rgName'), '/providers/Microsoft.Network/firewallPolicies/', variables('azFwPolicyNameSecondary'))]" + }, + "azFirewallDnsSettingsSecondary": { + "enableProxy": true + }, + "routingIntentnexthopSecondary":"[concat('/subscriptions/', parameters('connectivitySubscriptionId'), '/resourceGroups/', variables ('rgName'), '/providers/Microsoft.Network/azureFirewalls/', variables ('azFwNameSecondary'))]" }, "resources": [ { @@ -236,7 +376,7 @@ "location": "[parameters('location')]", "name": "[variables('vpngwname')]", "dependsOn": [ - "[concat('Microsoft.Network/virtualHubs/',variables('vhubname'))]" + "[concat('Microsoft.Network/virtualHubs/', variables('vhubname'))]" ], "properties": { "virtualHub": { @@ -290,7 +430,7 @@ "zones": "[if(not(empty(parameters('firewallZones'))), parameters('firewallZones'), json('null'))]", "dependsOn": [ "[concat('Microsoft.Network/firewallPolicies/', variables('azFwPolicyName'))]", - "[concat('Microsoft.Network/virtualHubs/',variables('vhubname'))]" + "[concat('Microsoft.Network/virtualHubs/', variables('vhubname'))]" ], "properties": { "sku": { @@ -317,7 +457,7 @@ "apiVersion": "2023-04-01", "name":"[concat(variables('vhubname'),'/','RoutingIntent')]", "dependsOn": [ - "[concat('Microsoft.Network/virtualHubs/',variables('vhubname'))]", + "[concat('Microsoft.Network/virtualHubs/', variables('vhubname'))]", "[concat('/subscriptions/', parameters('connectivitySubscriptionId'), '/resourceGroups/', variables ('rgName'), '/providers/Microsoft.Network/azureFirewalls/', variables ('azFwName'))]" ], "properties":{ @@ -334,7 +474,136 @@ createArray( createObject('name', 'PrivateTraffic', 'destinations', createArray('PrivateTraffic'), 'nextHop', variables('routingIntentnexthop')))))]" } + }, + //Begin Secondary vhub Deployment + { + "condition": "[and(equals(parameters('enableHubSecondary'), 'vwan'), not(empty(parameters('addressPrefixSecondary'))))]", + "type": "Microsoft.Network/virtualHubs", + "apiVersion": "2023-04-01", + "location": "[parameters('locationSecondary')]", + "name": "[variables('vHubNameSecondary')]", + "dependsOn": [ + "[concat('Microsoft.Network/virtualWans/', variables('vWanName'))]" + ], + "properties": { + "virtualWan": { + "id": "[variables('vwanresourceid')]" + }, + "addressPrefix": "[parameters('addressPrefixSecondary')]", + "sku": "[variables('vhubskuSecondary')]", + "hubRoutingPreference": "[parameters('vWANHubRoutingPreferenceSecondary')]", + "virtualRouterAutoScaleConfiguration": { + "minCapacity": "[int(parameters('vWANHubCapacitySecondary'))]" + } + } + }, + { + "condition": "[and(equals(parameters('enableHubSecondary'), 'vwan'), equals(parameters('enableVpnGwSecondary'), 'Yes'))]", + "type": "Microsoft.Network/vpnGateways", + "apiVersion": "2020-05-01", + "location": "[parameters('locationSecondary')]", + "name": "[variables('vpngwnameSecondary')]", + "dependsOn": [ + "[concat('Microsoft.Network/virtualHubs/', variables('vHubNameSecondary'))]" + ], + "properties": { + "virtualHub": { + "id": "[variables('vwanhub')]" + }, + "bgpSettings": { + "asn": "[variables('vpnbgpasn')]" + }, + "vpnGatewayScaleUnit": "[int(parameters('vpnGateWayScaleUnit'))]" + } + }, + { + "condition": "[and(equals(parameters('enableHubSecondary'), 'vwan'), equals(parameters('enableErGwSecondary'), 'Yes'))]", + "type": "Microsoft.Network/expressRouteGateways", + "apiVersion": "2020-05-01", + "location": "[parameters('locationSecondary')]", + "name": "[variables('ergwnameSecondary')]", + "dependsOn": [ + "[concat('Microsoft.Network/virtualHubs/', variables('vHubNameSecondary'))]" + ], + "properties": { + "virtualHub": { + "id": "[variables('vwanhubSecondary')]" + }, + "autoScaleConfiguration": { + "bounds": { + "min": "[int(parameters('expressRouteScaleUnitSecondary'))]" + } + } + } + }, + { + "condition": "[equals(parameters('enableAzFwSecondary'), 'Yes')]", + "type": "Microsoft.Network/firewallPolicies", + "apiVersion": "2020-11-01", + "name": "[variables('azFwPolicyNameSecondary')]", + "location": "[parameters('locationSecondary')]", + "properties": { + "dnsSettings": "[if(equals(parameters('enableAzFwDnsProxySecondary'), 'Yes'), variables('azFirewallDnsSettingsSecondary'), json('null'))]", + "sku": { + "tier": "[parameters('firewallSkuSecondary')]" + } + } + }, + { + "condition": "[equals(parameters('enableAzFwSecondary'), 'Yes')]", + "apiVersion": "2020-05-01", + "type": "Microsoft.Network/azureFirewalls", + "name": "[variables('azFwNameSecondary')]", + "location": "[parameters('locationSecondary')]", + "zones": "[if(not(empty(parameters('firewallZonesSecondary'))), parameters('firewallZonesSecondary'), json('null'))]", + "dependsOn": [ + "[concat('Microsoft.Network/firewallPolicies/', variables('azFwPolicyNameSecondary'))]", + "[concat('Microsoft.Network/virtualHubs/', variables('vhubnamesecondary'))]" + ], + "properties": { + "sku": { + "Name": "AZFW_Hub", + "Tier": "[parameters('firewallSkuSecondary')]" + }, + "hubIPAddresses": { + "publicIPs": { + "addresses": "[json('[]')]", + "count": 1 + } + }, + "virtualHub": { + "id": "[variables('vwanhubSecondary')]" + }, + "firewallPolicy": { + "id": "[variables('azFirewallPolicyIdSecondary').id]" + } + } + }, + { + "condition":"[and(equals(parameters('enablevWANRoutingIntentSecondary'), 'Yes'),equals(parameters('enableAzFwSecondary'), 'Yes'))]", + "type": "Microsoft.Network/virtualHubs/routingIntent", + "apiVersion": "2023-04-01", + "name":"[concat(variables('vHubNameSecondary'),'/','RoutingIntent')]", + "dependsOn": [ + "[concat('Microsoft.Network/virtualHubs/', variables('vHubNameSecondary'))]", + "[concat('/subscriptions/', parameters('connectivitySubscriptionId'), '/resourceGroups/', variables ('rgName'), '/providers/Microsoft.Network/azureFirewalls/', variables ('azFwNameSecondary'))]" + ], + "properties":{ + "routingPolicies": "[ + if(and(equals(parameters('internetTrafficRoutingPolicySecondary'), true()), + equals(parameters('privateTrafficRoutingPolicySecondary'), true())), + createArray( + createObject('name', 'PublicTraffic', 'destinations', createArray('Internet'), 'nextHop', variables('routingIntentnexthopSecondary')), + createObject('name', 'PrivateTraffic', 'destinations', createArray('PrivateTraffic'), 'nextHop', variables('routingIntentnexthopSecondary'))), + if(and(equals(parameters('internetTrafficRoutingPolicySecondary'), true()), + equals(parameters('privateTrafficRoutingPolicySecondary'), false())), + createArray( + createObject('name', 'PublicTraffic', 'destinations', createArray('Internet'), 'nextHop', variables('routingIntentnexthopSecondary'))), + createArray( + createObject('name', 'PrivateTraffic', 'destinations', createArray('PrivateTraffic'), 'nextHop', variables('routingIntentnexthopSecondary')))))]" + } } + ] } }