Security Groups

Introduction to Security Groups

Security Groups define which inbound traffic a VM can receive and which outbound traffic a VM can transmit.

To access the Networking - Security Groups view, click on the Security Groups option in the Networking sub-menu.

This view provides you with information about the security groups currently defined in your system.

For each Security Group the following information is provided:

  1. Name - name of the security group.

  2. Description - description of the security group (optional).

  3. Owner - the project to which the security group belongs.

  4. Networks

  5. VM Count - the number of VMs attached to this security group.

Clicking on a specific Security group displays widgets listing the Security Group’s rules and the Attached Virtual Machines.

Creating Security Groups

To create a security group:

  1. Click Networking > Security Groups > Create. The Create Security Group dialog box is displayed.

  2. Enter the following information:

    • Name – enter the name of the security group.

    • Description (optional) - enter a description of the security group.

    • Account - account associated with this security group.

    • Project (optional) - select a project that can subscribe to this security group

    • Rules

  3. Click the Add button to define rules for the security group.

    • Internet Protocol Version - select IPV4 or IPV6

    • Direction - Select EGRESS for defining a rule for outbound traffic. Select INGRESS for defining a rule for inbound traffic

    • Protocol - Specify the protocol of the traffic this rule will apply to, by selecting either ‘TCP’, ‘UDP’ or ‘ICMP’, or permit traffic from any protocol by selecting ‘Any’.

    • Start port and end port

      • If Protocol = ‘Any’, then leave blank.

      • If Protocol = ‘TCP’ or ‘UDP’, then enter the port range delimiting the traffic.

      • If Protocol = ‘ICMP’, then enter the ICMP Message Type in the first field and ICMP Code in the second field.

    • Remote - limit the traffic to or from a specific remote site by selecting either ‘Group’ or ‘Subnet’, or allow traffic to or from any remote site by selecting ‘Any’.

      • If you select Subnet:

      • If the direction is INGRESS, then specify a CIDR for allowed origin data.

      • If the direction is EGRESS, then specify a CIDR for allowed target data.

    • Group/Subnet

      • If Group/Subnet = ‘Any’, then the field is not displayed.

      • If Group/Subnet = ‘Group’, then select one of the security groups.

      • If Group/Subnet = ‘Subnet’, then enter the subnet in CIDR format (10.11.12.0/24).

  1. Click OK to create the security group. The new security group appears in the Networking - Security Groups view.