Architecture of a moving target defense system with a cloud-computing platform as a mediator. are awaiting registration by communicating their intents through the notification service. The controller sends a client-proxy-assignment to each approved awaiting client using a notification. Proxy listeners only respond to registered clients . Application servers are not publicly accessible. A proxy machine in the proxy pool awaits assignments of clients when the number of clients surpasses client proxy capacities. Network access control rules are set by the controller to allow/deny access to proxies.