Secure Your Cloud with the IPsec BOSH Release

Customers using your cloud need to have trust that their data is safe. This is especially true for enterprises running critical businesses on top of Cloud Foundry. Even if communication from the client to the router or load-balancer is secured, the traffic inside Cloud Foundry and the connections to backing services are unencrypted by default. On a public cloud code of different customers runs on the same resources. Malicious developers could use a security hole to break out of their application or staging containers and sniff network traffic containing packets of other customers.

We therefore use IPsec in order to provide transport level encryption. We will give a brief introduction to IPsec and the IPsec BOSH release. We then show how we use it to secure traffic from Cloud Foundry to a backing service which provides connections to the SAP systems at the customer site.

About Stefan Lay

Dr. Stefan is working as a software developer and scrum master at SAP SE. For about three years he has been taking part in SAP’s endeavour to offer SAP’s customers a modern PaaS based on Cloud Foundry. He has an open source background as eclipse committer and he frequently gave presentations and tutorials at international conferences.