For the development of openconnect VPN server a decision to compartmentalize the server was taken, in order to protect any sensitive values exchanged, ranging from the user transferred data, to the data used during the authentication process. This talk will summarize the issues faced during that development that relate to software isolation. That would cover issues with protecting the server's keys via TLS, the client-side authentication of TLS, and PAM authentication, and how they were solved.