General Guidelines for Development and Operation
Without prejudice to all other requirements, your application must at all times comply with the following:
It is prohibited for your application to function as a distribution mechanism for software orinclude feature or functionalities that create or enable software stores, distribution channels or other mechanisms for software delivery within such applications. These restrictions do not include your web application which allows for the delivery of client code to browsers.
It is prohibited for your application to utilize outdated software components and buildpacks, including, but not restricted to, open-source software.
You must ensure that your application utilizes up-to-date software components (e.g. latest buildpacks for Java and Node.js in Cloud Foundry, updates on Backing Services). As soon as updates are available, these updates must be applied. Usage of any software components with publicly known vulnerabilities is prohibited.
You must ensure that any content, in particular the application is capable of automatic restart without manual operator intervention in the event of a non-availability of the Offering or a hardware or system failure occurring with the Offering. You must also build your application in a manner that it can restore its running state upon system restart.
If any software vulnerability is found, we may, for the safety and security of other users, prevent access to your application.
You are solely responsible for servicing your application.
Your application must be deployed under a URL sub-domain that is assigned to your Account.
When you deploy your Cloud Foundry application, you must create one space per application.
When handling data (including personal data) it is your responsibility to ensure that you comply with applicable laws and the terms of the agreement governing your subscription to the Developer and/or Operator Services as well as the expectations of your customers. Be transparent about what types of data are accessed and how they are processed and protected by your application; as well as make sure that your customers have given their consent to such access and processing.
The following recommendations should be considered in the development of your application.
It is highly recommended to follow the 12-Factor methodology.
Failure, errors and exceptions
Always handle errors and exceptions. Make sure that your application exits gracefully in the event of exceptions and application errors. When errors and exceptions are logged, it is recommended to use the correlation id.
The Service calls and resource access should take into account that the requested Services may not be available at all times. Therefore, it is necessary that an appropriate retry mechanism is implemented.
It is necessary that a horizontal scaling of your application and Services is implemented by running multiple instances depending on the concurrency and load requirements. The cloud infrastructure Services should be used for horizontal scaling.
Your application should implement some kind of "health" interface or mechanism for checking that the application is not only running but fully functional. Using the same conventions for all applications, a global health tracking and monitoring can be established.