Reputation: 449
Cloud Foundry Infrastructure Level Security?
I am currently evaluating whether it will be possible for my company to use Cloud Foundry for at least our test environments, if not production.
I would like to know whether it is possible to secure access to these (grails) applications at the infrastructure, rather than application level? I cannot find anything in the documentation that suggests this is possible?
For instance, can I lock down access to the application by IP at firewall level?
I realise I can provide security at the application level via:
- Spring Security
- Cloud Foundry UAA, hosted SSO solution
...it would provide a lot more comfort to people in the company if we could guarantee that the environments could be locked down a bit more.
Upvotes: 1
Views: 188
Answers (1)
Reputation: 1149
Cloud Foundry itself isn't concerned with infrastructure-layer security, but there's nothing preventing you from locking down access with a firewall that sits in front of your CF deployment. For example, you could limit access to all of your CF IPs (layer 3), or limit access to specific apps via HTTP host header inspection (layer 7). These capabilities are dependent on the specific firewall software you're using.
FYI, there's a dedicated Google Group for discussion of topics related to the OSS Cloud Foundry project: vcap-dev
Upvotes: 2
Related Questions
- Cloud Foundry back-end and public apps
- Cloud Foundry Default Infrastructure
- User provided service in cloud foundry
- Cloud foundry tenants - what?
- Cloud Foundry Basic Questions
- Cloud Foundry, how it works?
- Customizing micro cloud foundry?
- Security in cloudfoundry
- How does cloud foundry handle process isolation?
- Securing service parameters in Cloud Foundry environment variables