Private Networks is a feature that, within a project, allows to group applications containers in a dedicated and isolated network, called Private Network.

While all containers within the same Private Network can freely communicate with each other, only a few are made reachable from the outside world. This lowers the exposure of your applications to external threats, while providing more freedom inside the Private Network.

By providing this feature free of charge, we give you the opportunity to drastically improve the security of your apps, and extend the possibilities offered by Scalingo by supporting architecture models that were previously hard to deploy and maintain.

Private Networks in a Nutshell

Project-scoped

A Private Network is tightly bound to a project. All applications containers of the project are in the Private Network.

Applications only (for now)

At this stage, Private Networks are available for applications containers only.

Private DNS per container

Each container gets a private domain name, resolvable and usable only within the same Private Network.

WireGuard-based encryption

Traffic within a Private Network is encrypted using WireGuard, with keys fully managed by Scalingo.

Typical Use-Cases and Key Benefits

Private Networks offer numerous benefits. They typically allow to:

• Implement network-level access control
  Deploying your own application gateway as entrypoint allows to enforce tailored network policies such as rate-limiting, IP whitelisting, or routing policies. This allows to:
  • highly reduce the attack surface of your applications,
  • finely control who can access your applications,
  • block well-known threats and malicious actors.

• Deploy unrestricted in-house APIs
  Traffic inside a Private Network is not bound to a specific protocol or port: all containers can freely communicate using any protocol (UDP or TCP) on any ports.
  Moreover, the traffic stays private: it never traverses, nor reaches the public Internet when communicating with internal services. The internal traffic never leaves the Private Network since containers can directly communicate with each other.

• Protect data exchange with end-to-end security
  All communications between containers within a same Private Network are encrypted using proven, state-of-the-art cryptography. This ensures that sensitive data stays secured, even when transiting inside the Private Network.

• Maintain full compliance with industry standards and legal regulations
  Strongly regulated sectors, such as finance or healthcare (HDS), often have strict compliance requirements that can be fullfilled thanks to Private Networks.

• Optimize workloads for maximum responsiveness
  The isolation layer provided by Private Networks can ensure stable and reliable application performance by avoiding “noisy neighbor” effects, common in shared and mutualized environments.