Redis for PCF Security
Warning: Redis v2.2 is no longer supported because it has reached the End of General Support (EOGS) phase as defined by the Support Lifecycle Policy. To stay up to date with the latest software and security updates, upgrade to a supported version.
Page last updated:
To allow this service to have network access you must create app security groups (ASGs). For more information, see Networks, Security, and Assigning AZs.
Pivotal recommends the following best practices for security:
Run Redis for PCF in its own network. For more information, see Creating Networks in Ops Manager.
Use Redis for PCF with the IPsec Add-on for PCF. For information about the IPsec Add-on for PCF, see Securing Data in Transit with the IPsec Add-on.
Do not use a single Redis for PCF instance for multi-tenancy. A single Redis instance of the On-Demand service should only support a single workload.
Do not use the Shared-VM service for production use cases. It is not considered adequately secure for that purpose, even though it is designed for multi-tenancy.
Set TLS to Optional and encourage app developers to make use of the TLS port. For more information, see Using TLS.