Module 1: Connect applications across on-prem and cloud with Red Hat Service Interconnect

Module 1

Travelz Corp is transitioning from a monolithic application to microservices using Red Hat OpenShift, while keeping their core database on-premises due to regulatory requirements.

With the microservices (on OpenShift) and database (on Red Hat Enterprise Linux(RHEL)) running on different physical networks, they choose Red Hat Service Interconnect to create a secure Virtual Application Network (VAN) between these environments instead of implementing traditional VPNs which would require complex planning and management.

Red Hat Service Interconnect enables connectivity through Layer 7, the Application Layer in the Open Systems Interconnection (OSI) model, by creating VANs between distributed services in minutes and securing all interconnections with mutual TLS (mTLS).

Advantages of Layer 7 VAN over Traditional VPNs:

  • VAN exposes only services, not entire network layers, requiring fewer firewall rules whereas traditional VPNs connect entire clusters, requiring extensive and time consuming per-app firewall rules to achieve the same level of isolation as a VAN.

  • In a VAN, each site has its own Certificate Authority(CA), limiting security compromises

  • Only exposed services can be accessed in a VAN, preventing unauthorized lateral movement in case of a breach

Solution overview

In this module, you will be guided through setting up a Virtual Application Network between the Travelz Corp’s core services running on OpenShift in the public cloud (AWS in this case) and the travels database (travels-db), running on RHEL.

With Red Hat Service Interconnect, the core microservices (on OpenShift) can connect with travels-db (on RHEL) as though the database was a local service within OpenShift.

m1 arch

Activities overview:

  1. Set up the Service Interconnect routers on both OpenShift and RHEL

  2. Exchange a secure token created on the OpenShift cluster to the RHEL server to establish a secure connection between the two machines.

  3. Validate that the microservices can use the listener (virtual endpoint) created by the Service Interconnect on the OpenShift cluster to access the remote database.