cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Clayton Weise <cwe...@keyinfo.com>
Subject RE: CS4.2 Security groups - need explaination
Date Wed, 23 Oct 2013 18:54:22 GMT
Security groups with advanced zones is for a pretty specific need.  In short, security groups
are port filtering rules that are applied within a bridge so you can have separate ACLs for
each instance.  This is generally used on basic networks because public IP addresses are assigned
directly to the VM.  With advanced networks, the virtual router (or SRX firewall, or some
other external device you have tied into CS) does NAT and provides all of the firewalling
and port filtering.  There are specific use cases when you would want to combine the two but
AFAIK it is only supported with KVM.  There's an overview here:

https://cwiki.apache.org/confluence/display/CLOUDSTACK/Security+Groups+Isolation+in+Advanced+Zone

-Clayton

-----Original Message-----
From: Jake G. [mailto:dj_dark_junglist@yahoo.com] 
Sent: Tuesday, October 22, 2013 3:32 AM
To: users@cloudstack.apache.org
Subject: CS4.2 Security groups - need explaination 

Hi all,

I am trying to setup an advance zone. One the very first window of the wizard there is an
option to use security groups.

What is the difference between using security groups and not using securty groups?
Does my network have to be setup differently for each?

Thank you,
Jake

Mime
View raw message