The security measures implemented for a PCF foundation and for PCC service instances within that foundation attempt to reduce harm from agents with foundation access. See Cloud Foundry Security for a general presentation on PCF security. TLS encryption prevents easy access to communication between components, and role-based authentication and authorization limits access to data.
TLS Encryption for the PCC Service Instance
Without TLS encryption with and within the PCC service instance, the diagram identifies plaintext communication that could be listened to by a bad agent with PCF foundation access. The unencrypted communications are shown with green dotted and dashed line segments.
Each of these unencrypted communication paths may be TLS-encrypted. The encrypted communications are shown with red dashed line segments in the diagram. To encrypt these communications, follow the directions given in Migrating to a TLS-Enabled Cluster, and ensure that apps also use TLS as described in Developing an App Under TLS. Enabling TLS encryption implements a 1-way authentication of apps verifying the identity of GemFire cluster members. .
Gfsh communication must also be secured. Follow directions within Connect with gfsh over HTTPS.
Create application security groups to allow app access to the PCC network. Allow access on the following ports:
For more information, see the PCF Application Security Groups topic.
PCC works with the IPsec Add-on for PCF. For information about the IPsec Add-on for PCF, see Securing Data in Transit with the IPsec Add-on.
Security within the GemFire Cluster
The GemFire cluster within a PCC service instance implements role-based authentication and authorizes cluster operations based upon the roles.
There are two sets of roles. Which set is used for a PCC service instance depends on the options chosen during PCC tile installation.
All gfsh and JMX clients must authenticate as one of these user roles to access the cluster. To authorize operations, each user role is given predefined permissions for cluster operations. To accomplish a cluster operation, the user authenticates using one of the roles. Prior to initiating the requested operation, there is a verification that the authenticated user role has the permission authorized to do the operation. More details about these permissions are in the Pivotal GemFire documentation under Implementing Authorization.
One set has four roles for users that integrate an authentication and enterprise single sign-on (SSO) system such as LDAP. See Configuring UAA Roles for a description of the roles and the configuration that completes the integration.
The other set of roles defaults when there is no authentication and enterprise single sign-on (SSO) system such as LDAP integrated during the PCC tile installation. The identifiers assigned for these roles are detailed in Create Service Keys. PCC service instances are created with three default GemFire user roles for interacting with clusters:
- A cluster operator manages the GemFire cluster and can access
region data. The cluster operator role has
- A developer can access region data. The developer role has
- A gateway sender propagates region data to another PCC service instance.
The gateway sender role has
- A cluster operator manages the GemFire cluster and can access region data. The cluster operator role has