Re: CloudFoundry PCI-DSS compliance issue?


Sze Siong Teo <szesiong@...>
 

Hi Daniel,

Application Security Groups are implemented via iptables on the host Cell VMs, and not in the containers.
How does the scenario I've mentioned for AppA and AppB to work even if I enable AppA and AppB to communicate via http://docs.cloudfoundry.org/devguide/deploy-apps/cf-networking.html? If iptables is used, I suppose filtering between VM's NIC and VLAN NIC created by CF inside the VM?

Because if iptables rules applied at VM level's intranet IP, then filtering rules would have affected other apps on the same VM? Or it works in some other different way?

Join cf-dev@lists.cloudfoundry.org to automatically receive all group messages.