The Network Isolation feature manages the default access rules between environments inside a single CirrusGrid installation (i.e. connectivity over the internal network).
This way, each internal connection between nodes on the platform needs to pass the proper check-up before being allowed. Namely, it is verified that the requesting and requested environments belong to the same isolated group.
Tip: Additionally, the connectivity of nodes can be restricted by the container firewall rules, which represent a more flexible solution that is suitable for both internal and external access management.
If the Network Isolation feature is enabled on the platform, all accounts are isolated from each other by default. In such a case, the connection between environments on different user accounts can be established only if configured explicitly on both ends.
Additionally, the feature allows developers to isolate groups of environments within a particular account. Just turn on the Network Isolation switcher in the Add/Edit Group frame.
The platform automatically unites the containers’ internal addresses into a dedicated IP set for each isolated group. This allows controlling access between nodes (i.e. if IPs are within the same set – interconnection is permitted, and if not – denied). The platform automatically detects all the related changes under your account (e.g. environment removal, nodes scaling, etc.) to keep IP sets up-to-date.
While managing Network Isolation, you should consider the following peculiarities:
Summing all this up, Network Isolation is a useful and user-oriented feature aimed to prevent undesired access to your environments. Commonly, it’s a good practice to isolate your applications from each other. For example:
If you need to share access to your application or database with a third-party employee or company, you’ll be sure that containers inside the isolated group won’t be accessible via the platform’s internal network
If you are cloning an initially isolated project, it will be protected from the clone’s influence (e.g. if your copied project inherited a “hardcoded” database access, it will be disabled by the network Isolation feature so that the actual production data could not be changed)
This way, the Network Isolation feature can separate projects on a single account and prevent undesired interconnections between them.
Powered by BetterDocs
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.