How E Voyageurs SNCF Uses HAProxy as a Security Gate Between the Cloud and On-premises Datacenters

Antonin Mellier & Samuel Duvieubourg
E Voyageurs SNCF

Last year, we at E Voyageurs SNCF launched our migration to the cloud and our journey provided valuable lessons for others on a similar path. Specifically, we will describe how we transitioned our security protocols, including adapting our traditional point-to-point communication and hardware firewalls to a cloud-native approach.

We use HAProxy as a “Security Gate” between the two environments, which allows us to control and audit the interactions with our partners without compromising on the benefits we get from the cloud. We utilize HAProxy’s Data Plane API to control and manipulate traffic flows dynamically, and its map files to implement an allowlist system that’s synchronized with the firewalls of the network interfaces.

In this presentation, we will describe the tools and processes we put in place to dynamically configure HAProxy in the cloud.

Slide Deck

Here you can view the slides used in this presentation if you’d like a quick overview of what was shown during the talk.

Antonin Mellier

Cloud Architect, E Voyageurs SNCF

Antonin is a Cloud Architect at EVoyageurs SNCF. With about 10 years experience in technical teams at EVoyageurs SNCF, he has participated in the constant evolution of the IT infrastructure, always with a main objective to make movements to production go without a hitch.

Samuel Duvieubourg

Infrastructure Engineer, E Voyageurs SNCF

Samuel has been an Infrastructure Engineer at E Voyageurs SNCF since October 2019. He works on the CDN as well as the cloud landing zone. Passionate about web technologies, he stays tuned to open source news.

Organizations rapidly deploy HAProxy products to deliver websites and applications with the utmost performance, observability and security at any scale and in any environment. Looking for more stories?