Submissions are now open for the 2026 Adobe Experience Maker Awards.
SOLVED
environment segregation in AEM
1 Accepted Solution
Correct answer by
HI @selenere1
I think you are mixing terms and concepts. Please find the answers below:
-
Is it possible to logically and securely segregate development, pre-production, and production environments within Adobe Experience Manager (AEM)?
Yes, this segregation is in place by default. Each environment (dev, stage, prod) is fully isolated from the others. For example, your development environment cannot communicate with your staging or production environments. -
Does this segregation require the configuration of three distinct Adobe Programs, or is there a native way to manage multiple environments within a single Program?
NO, you do not need to configure separate Programs for each environment. A Program in AEM Cloud is a logical grouping of environments tied to a business purpose or organization. Within a single Program, you can manage multiple environments (dev, stage, prod).
For more information, please refer to the official documentation on Programs:
https://experienceleague.adobe.com/en/docs/experience-manager-cloud-service/content/implementing/usi... -
Can these environments communicate with each other or with on-premise systems?
No, cross-environment communication is not allowed by default. If such integration is required, you will need to implement a custom solution that takes security into account—such as using VPNs, firewalls, or secure APIs.
Hope this helps!
Esteban Bustamante
Hi @selenere1,
-
Yes, AEM as a Cloud Service (AEMaaCS) lets you logically and securely segregate dev, stage/pre‑prod, and prod.
-
You usually do this inside a single Cloud Manager Program, which can hold one Production environment (prod + stage) plus multiple non‑prod (dev) environments.
-
Direct “internal” traffic between environments is not supported/encouraged. Treat every environment as an isolated tenant; if they must talk, it’s over the public edge (CDN/Dispatcher) with the right controls.
-
Traditional site‑to‑site VPNs aren’t offered. You either:
-
use IP Allow Lists (static egress IPs per environment), or
-
buy Private Networking (Adobe’s Azure/AWS PrivateLink). In either case, you’ll configure it per environment (effectively “three tunnels/allowlists” if all three need to reach on‑prem).
-
Use one Program when:
-
It’s the same product/team/codebase.
-
You want standard segregation: prod + stage (the mandatory “Production environment”) and any number of dev envs.
-
You want simpler governance of repos, pipelines, and access via IMS product profiles.
Use multiple Programs when:
-
You need hard, org-level isolation (separate budgets, SLAs, access policies, repos, pipelines).
-
Different business units/brands must not see each other’s environments, logs, secrets, or pipelines.
Not over an internal/private network. Each environment is isolated.
Santosh Sai
Correct answer by
HI @selenere1
I think you are mixing terms and concepts. Please find the answers below:
-
Is it possible to logically and securely segregate development, pre-production, and production environments within Adobe Experience Manager (AEM)?
Yes, this segregation is in place by default. Each environment (dev, stage, prod) is fully isolated from the others. For example, your development environment cannot communicate with your staging or production environments. -
Does this segregation require the configuration of three distinct Adobe Programs, or is there a native way to manage multiple environments within a single Program?
NO, you do not need to configure separate Programs for each environment. A Program in AEM Cloud is a logical grouping of environments tied to a business purpose or organization. Within a single Program, you can manage multiple environments (dev, stage, prod).
For more information, please refer to the official documentation on Programs:
https://experienceleague.adobe.com/en/docs/experience-manager-cloud-service/content/implementing/usi... -
Can these environments communicate with each other or with on-premise systems?
No, cross-environment communication is not allowed by default. If such integration is required, you will need to implement a custom solution that takes security into account—such as using VPNs, firewalls, or secure APIs.
Hope this helps!
Esteban Bustamante
Related Conversations
