SECURE COMMUNICATION BETWEEN PROCESSES IN CLOUD

摘要

Secure communication between processes in cloud platform may be performed by receiving a request from a client application process hosted in an application virtual machine at a load balancer. A first secure communication channel is established between the client application process and the load balancer. The first secure communication channel is encrypted with the client certificate. The first secure communication channel is terminated at the load balancer. A service process in a service virtual machine is identified based on the request received from the client application process. A new request is sent to the service virtual machine to establish a second secure communication channel between the load balancer and the service virtual machine. The load balancer certificate signed by the internal certificate authority is validated at the service virtual machine. Upon successful validation of the load balancer certificate, the second secure communication channel is accepted at the service virtual machine.

主权项

1. A non-transitory computer-readable medium to store instructions, which when executed by a computer, cause the computer to perform operations comprising:
receive a request from a client application process hosted in an application virtual machine at a load balancer, wherein the request comprises a client certificate; establish a first secure communication channel between the client application process and the load balancer, wherein the first secure communication channel is encrypted with the client certificate; terminate the first secure communication channel at the load balancer; identify a service process of a service virtual machine based on the request received from the client application process; send a new request to the service virtual machine to establish a second secure communication channel between the load balancer and the service process of the service virtual machine, wherein the second secure communication channel is encrypted with a load balancer certificate signed by a certificate authority; and accept the second secure communication channel at the service virtual machine establishing a secure communication between the client application process and the service process, upon successful validation of the load balancer certificate.