How E Voyageurs SNCF Uses HAProxy as a Security Gate Between the Cloud and On-premises Datacenters

Last year, we at E Voyageurs SNCF launched our migration to the cloud and our journey provided valuable lessons for others on a similar path. Specifically, we will describe how we transitioned our security protocols, including adapting our traditional point-to-point communication and hardware firewalls to a cloud-native approach. We use HAProxy as a Security Gate between the two environments, which allows us to control and audit the interactions with our partners without compromising on the benefits we get from the cloud. We utilize HAProxy's Data Plane API to control and manipulate traffic flows dynamically, and its map files to implement an allowlist system that's synchronized with the firewalls of the network interfaces.In this presentation, we will describe the tools and processes we put in place to dynamically configure HAProxy in the cloud.