This page explains the policy on third-party software, custom scripting, and additional cloud services within the Lobster Cloud environment. The policy exists to maintain the security, stability, and standardization of all customer environments.
Policy Statement
Within the Lobster Cloud environment, you cannot install any of your own software or additional components. This includes third-party software, custom scripts, containers, and any other external applications. Lobster provides only those components that are an integral part of the Lobster Data Platform. This policy applies without exception to all of your systems in the Lobster Cloud (Production, Test, DEV, DMZ).
Not permitted | Examples |
|---|---|
Third-party software | Antivirus software, VPN clients, monitoring agents, database tools, custom applications, printers and printer software |
Custom scripts | Shell scripts (e.g. Bash, Zsh), Python scripts, PowerShell scripts, or any other script-based automation |
Agents and standalone services | Monitoring agents, backup agents, logging agents, daemons, or any other background services running alongside the Lobster Data Platform |
Containers | Docker containers, Kubernetes pods, or any other container runtime environment |
Additional services | Any software or service that is not part of the standard Lobster Cloud deployment |
Execution Context
Within the Lobster Cloud environment, processing logic such as data transformations, mappings, integrations, automations, and business rules may only be executed within the Lobster Data Platform, in the Java runtime context of the software. Any executable code that would need to run outside this context is not permitted. This applies regardless of whether the components in question are scripts, third-party software, agents, or standalone services, and regardless of whether such components would be technically available or licensed.
Rule | Meaning |
|---|---|
Java context as the only execution layer | Data transformations, mappings, integrations, automations, and business rules are executed exclusively within the Lobster Data Platform, i.e. in the Java runtime context of the software. |
No external execution environments | Shells, interpreters, container runtimes, OS-level cron jobs, or comparable mechanisms outside the Lobster Data Platform are excluded. |
No parallel third-party components | Software, agents, or services running in parallel to the Lobster Data Platform on the cloud systems are not permitted. |
Custom Java Classes
Custom Java classes are permitted within the Lobster Data Platform to a limited extent, as they are executed within the Java runtime context of the software. The following conditions apply to their use:
Aspect | Rule |
|---|---|
Responsibility | Custom Java classes are entirely your responsibility. Maintenance, further development, testing, and bug fixing are performed by you. |
Not recommended by Lobster | The use of custom Java classes is not recommended by Lobster. Please implement your requirements primarily through the standard functions of the platform (profiles, mappings, channels, integrations). |
Compatibility with Java version changes | When the Java version changes, for example as part of updates to the Lobster Data Platform, you may need to adapt your custom Java classes to ensure they remain operational. |
Support | Lobster provides support for the platform itself, not for the functional or technical behavior of Java classes you have developed. |
Rationale
Security, stability, and reliable operation are top priorities in the Lobster Cloud. The restrictions defined in this policy are the prerequisite for Lobster to meet this commitment in every customer environment. The reasons behind them are as follows:
Reason | Explanation |
|---|---|
Cybersecurity | Uncontrolled software, scripts, or agents can introduce security vulnerabilities that compromise the integrity of the cloud environment. Every additional component outside the Lobster Data Platform increases the attack surface and bypasses the central security mechanisms Lobster uses to protect your environment. Lobster retains full control over the security posture of all cloud environments. |
Standardization | Lobster Cloud is a standardized solution. A uniform environment across all customer systems ensures that updates, patches, and monitoring work reliably. Deviations on individual systems would jeopardize automated operations and lead to unpredictable behavior during maintenance and update procedures. |
Stability | Third-party software, scripts, or services running in parallel can interfere with the Lobster Data Platform, consume system resources, or cause unexpected behavior during maintenance windows and high-availability failover. Since the Lobster Cloud operates multiple customer environments on shared infrastructure, problems in a single component can also affect the stability of the overall environment. |
Support | Lobster can only provide support for a known, standardized environment. Issues caused by third-party software, custom scripts, or non-approved components cannot be diagnosed or resolved. Root cause analysis during incidents is also significantly hindered or made impossible by non-standardized components. |
Maintainability and updates | The Lobster Cloud is continuously developed further, including regular updates to the Lobster Data Platform as well as the underlying Java version. A standardized environment ensures that these updates can be rolled out centrally and without risk to your systems. |
Supported AWS services
Only the following AWS services are provisioned and supported as part of the Lobster Cloud environment:
AWS service | Purpose |
|---|---|
EC2 | Lobster Data Platform |
RDS | Managed database instances (PostgreSQL/Aurora) |
VPC | Network Isolation and Security Groups |
Redis | Session management and caching (High Availability environments only) |
EFS | Shared file system (High Availability environments only) |
FSx | High-performance file system (High Availability environments with specific performance requirements) |
No additional AWS services are provisioned or supported beyond the list above.
What You Can Do
The restrictions defined in this policy apply only to the cloud infrastructure. Within the Lobster Data Platform itself, you have full flexibility to implement your business requirements.
Capability | Details |
|---|---|
Platform configuration | Full access to configure profiles, mappings, channels, and integrations via the web interface. |
API integrations | Connection to external systems via standard protocols (HTTPS, SFTP, AS2, OFTP2) and APIs. |
Custom Java classes | Use of custom Java classes within the Lobster Data Platform, subject to the conditions described above. |
Custom certificates | Installation and management of your own SSL certificates within the Lobster Data Platform. |
User management | Creating, modifying, and deleting user accounts within the platform. |
Custom profiles and workflows | Building and maintaining your own profiles, mappings, and processing workflows according to your business requirements. |
Custom network configurations
Custom network configurations are not permitted. This includes:
Prohibited | Details |
|---|---|
Additional Java listeners | Only two Java listeners exist within the Lobster Data Platform: port 443 for HTTPS, AS2, and platform login, and port 9000 for the Admin Console. No further Java listeners can be added, regardless of port number. |
Only the standard ports defined during provisioning are available. | |
Custom routing | You cannot modify routing tables, Network ACLs or VPC configurations. |
All network changes must be requested via support ticket to support@lobster.de and are subject to Lobster's standard configuration options.