Patch quickly with zero downtime
Update during business hours fearlessly. PCF’s embedded Linux and Windows OS let you apply patches without downtime. Repair vulnerable software as soon as updates are available with an automated and secure deployment toolchain.
Secure your secrets with CredHub
Reduce the risk posed by leaked credentials. CredHub lets you encrypt app credentials at rest without making any changes to app code. It’s a central point of control for credential generation, storage, lifecycle management, logging, and access control.
Repave during business hours
Keep your environment fresh and eliminate advanced, persistent threats. Use PCF to regularly “repave” your platform from a known good state with zero downtime. Protect against malware that can wreak havoc in static environments.
Protect your systems with proven defense-in-depth capabilities
Run containers that are secure by default
PCF gives you a secure container runtime. AppArmor, seccomp, and unprivileged container access are enabled out of the box.
Deny-by-default networking with VMware
Integrate with NSX to simplify network microsegmentation for your enterprise apps. Gain more security and control over your app-to-app traffic.
Improve security for your enterprise apps with TLS
SSL/TLS certificates secure HTTP traffic into your deployment. To secure non-HTTP traffic, terminate TLS at your load balancer or at the application with TCP Routing.
Control identity and access management with SSO
Manage access to critical systems with PCF’s SSO service. SSO for PCF uses the OAuth2 protocol and integrates with popular enterprise identity management systems via LDAP.
Isolate your apps to boost compliance
Isolation segments enable compute isolation and network isolation. Adhere to industry requirements by isolating apps and their data from other workloads.