BOSH

We use BOSH for software packaging, release management, and virtual machine (VM) lifecycle management.

BOSH runs as a single instance per environment and runs the following components:

BOSH director
User account and authentication (UAA)
CredHub
BOSH auditor
AWS logging agent

Architecture

Components

BOSH Director

The BOSH director has an API which we connect to using a reverse proxy (nginx) through a SOCKS proxy managed by SSH.

CredHub

CredHub has an API which we connect to through a SOCKS proxy managed by SSH.

UAA

Operators and components on the BOSH director use UAA.

Colocated components talk to UAA directly using the TLS certificate generated by BOSH.

Operators use Google single sign-on (SSO) to authenticate with UAA, using an Amazon load balancer which is accessible through the VPN or office network. They do not use the SOCKS proxy because that requires users to sign in through a web browser.

Access

Review Accessing BOSH, Credhub, and UAA.