Skip to main content
Table of contents

This is for internal use by the PaaS team. Public-facing documentation is located at docs.cloud.service.gov.uk.

BOSH

We use BOSH for software packaging, release management, and virtual machine (VM) lifecycle management.

BOSH runs as a single instance per environment and runs the following components:

Architecture

Architecture diagram showing BOSH director and colocated components: sshd, Director, UAA, CredHub

Components

BOSH Director

The BOSH director is has API which we connect to via a reverse proxy (nginx) through a SOCKS proxy managed by SSH.

CredHub

CredHub has an API which we connect to through a SOCKS proxy managed by SSH.

UAA

UAA is used by components on the BOSH director, and by operators directly.

Colocated components talk to UAA directly using the TLS certificate generated by BOSH.

Operators use Google single sign-on to authenticate with UAA, using an Amazon load balancer. The load balancer is accessible via the VPN or office. The SOCKS proxy is not used because a web browser is needed to sign in.

Access

Review Accessing BOSH, Credhub, and UAA.