At Jelastic PaaS, all accounts are isolated from each other by default, which explicitly prohibits any unallowed internal connections between different users (i.e. even in a case some malefactor has managed to gain access to such data as environment name, node ID, internal IP, etc).With the Network Isolation feature, you can create secure environment groups, intended to isolate the included environments from the other ones on your account. Just turn on the Network Isolation switcher within the Add or Edit Group frame.
While managing Network Isolation, the following peculiarities should be considered:
For each isolated group, the Platform automatically creates a dedicated IP set, which consists of the appropriate containers internal addresses. This allows to control access between nodes (i.e. if IPs are within the same set - interconnection is allowed, if not - denied). Also, Platform detects all of the appropriate account changes (e.g. environment removal, nodes scaling, etc) to automatically keep IP sets up-to-date.
- the feature can be enabled for the top-level group only (i.e. not for subgroups)
- environment groups with enabled isolation are provided with a custom icon () for better recognition
- shared environments can not be included into isolated groups by collaborators
- access from outside of the Platform (e.g. via Public IP) could not be limited by this feature