Redis for PCF Security
Page last updated:
Pivotal recommends the following best practices for security:
(Required) To allow this service to have network access you must create Application Security Groups. For more information, see Networks, Security, and Assigning AZs.
Run Redis for PCF in its own network. For more information about creating service networks, see Creating Networks in Ops Manager.
You can use Redis for PCF with the IPsec Add-on for PCF. For information about the IPsec Add-on for PCF, see Securing Data in Transit with the IPsec Add-on.
Do not use a single Redis for PCF instance for multi-tenancy. A single Redis instance of the On-Demand or Dedicated-VM service should only support a single workload.
The Shared-VM service is designed for multi-tenancy, but you should not use it for production use cases because it is not considered adequately secure for that purpose.
Never change the network that a pre-existing Dedicated-VM deployment works with. If the network is changed, the bindings for the existing Dedicated-VM instances stop working, but these instances still appear as available to new apps. Because the existing instances might have data on them and new apps can bind to them, data might unintentionally be leaked to new apps that bind to these instances.