Last year, we at E Voyageurs SNCF launched our migration to the cloud and our journey provided valuable lessons for others on a similar path. Specifically, we will describe how we transitioned our security protocols, including adapting our traditional point-to-point communication and hardware firewalls to a cloud-native approach.
We use HAProxy as a "Security Gate" between the two environments, which allows us to control and audit the interactions with our partners without compromising on the benefits we get from the cloud. We utilize HAProxy's Data Plane API to control and manipulate traffic flows dynamically, and its map files to implement an allowlist system that's synchronized with the firewalls of the network interfaces.
In this presentation, we will describe the tools and processes we put in place to dynamically configure HAProxy in the cloud.
Antonin is a Cloud Architect at EVoyageurs SNCF. With about 10 years experience in technical teams at EVoyageurs SNCF, he has participated in the constant evolution of the IT infrastructure, always with a main objective to make movements to production go without a hitch.
Samuel has been an Infrastructure Engineer at E Voyageurs SNCF since October 2019. He works on the CDN as well as the cloud landing zone. Passionate about web technologies, he stays tuned to open source news.