Translations:Managing your cloud resources with OpenStack/5/en: Difference between revisions

From Alliance Doc
Jump to navigation Jump to search
(Importing a new version from external source)
 
(Importing a new version from external source)
Line 1: Line 1:
The '''default security group''' contains rules which allow a VM access out to the internet, for example to download operating system upgrades or package installations, but does not allow another machine to access it, except for other VMs belonging to the same default security group. We recommend you do not remove rules from the default security group as this may cause problems when creating new VMs. You may recall, however, in the [[Cloud Quick Start]] you were directed to add a security rule for port 22 to allow incoming traffic so that you were able to connect to your VM ([[Cloud Quick Start#Firewall, add rules to allow SSH|Firewall, add rules to allow SSH]]).
The ''default'' security group contains a number of rules by default. These rules allow network traffic for any port, from any ip, into (Ingress) a VM originating from another VM in the ''default'' security group for internet protocols version 4 and 6. They also allow network traffic out (Egress) of a VM from any port to any IP for both internet protocol versions. In other words these rules allow a VM which belongs to the ''Default'' security group access out to the internet, to download content (e.g. operating system upgrades, package installations) but does not allow another machine outside the ''default'' security group access to the VM. These default rules allow you to correctly launch a VM, removing them may cause problems when creating new VMs and is not recommended. These rules do not allow access to your VM from outside the default security group which is why to connect to your VM via SSH a security rule was added for port 22 to allow incoming (Ingress) traffic so that you were able to connect to your VM (see [[Cloud Quick Start#Firewall, add rules to allow SSH| Firewall, add rules to allow SSH]]).

Revision as of 14:20, 10 November 2016

Information about message (contribute)
This message has no documentation. If you know where or how this message is used, you can help other translators by adding documentation to this message.
Message definition (Managing your cloud resources with OpenStack)
== Default security group ==
[[File:Default_security_group_EN.png|400px|thumb| Default Security Group Rules (Click for larger image)]]
The <b>default security group</b> contains rules which allow a VM access out to the internet, for example to download operating system upgrades or package installations, but does not allow another machine to access it, except for other VMs belonging to the same default security group. We recommend you do not remove rules from the default security group as this may cause problems when creating new VMs. The image on the right shows the default security group rules that should be present:
* 2 Egress rules to allow your instance to access an outside network without any limitation; there is one rule for IPV4 and one for IPV6.
* 2 Ingress rules to allow communication for all the VMs that belong to that security group, for both IPV4 and IPV6.
It is safe to add rules to the default security group and you may recall that we did this in [[Cloud Quick Start]] by either adding security rules for [[Cloud_Quick_Start#Network_settings|SSH]] or [[Cloud_Quick_Start#FCreating_your_first_virtual_machine|RDP (see <i>Firewall, add rules to allow RDP</i> under the Windows tab)]] to your default security group so that you could connect to your VM.

The default security group contains a number of rules by default. These rules allow network traffic for any port, from any ip, into (Ingress) a VM originating from another VM in the default security group for internet protocols version 4 and 6. They also allow network traffic out (Egress) of a VM from any port to any IP for both internet protocol versions. In other words these rules allow a VM which belongs to the Default security group access out to the internet, to download content (e.g. operating system upgrades, package installations) but does not allow another machine outside the default security group access to the VM. These default rules allow you to correctly launch a VM, removing them may cause problems when creating new VMs and is not recommended. These rules do not allow access to your VM from outside the default security group which is why to connect to your VM via SSH a security rule was added for port 22 to allow incoming (Ingress) traffic so that you were able to connect to your VM (see Firewall, add rules to allow SSH).

Retrieved from "https://docs.alliancecan.ca/mediawiki/index.php?title=Translations:Managing_your_cloud_resources_with_OpenStack/5/en&oldid=3880"