The Pivotal CF Runtime team is working on a feature that will enable Cloud Foundry operators to have granular control over what each application can communicate with in their network. Application Security Groups assign a set of firewall rules to every application on startup based on the organization and space they are started in. This allows an operator to prevent developer spaces from having access to production databases. Application Security Groups also assist an app developer in knowing what constraints their application is running in to save them time troubleshooting connectivity problems.
In this talk I will describe the work we are doing to implement application security groups and where this fits in the larger scope of dea placement pools in our roadmap.