1,221
edits
Managing your cloud resources with OpenStack/en: Difference between revisions
Managing your cloud resources with OpenStack/en (view source)
Revision as of 17:58, 17 November 2016
, 7 years agoImporting a new version from external source
(Importing a new version from external source) |
(Importing a new version from external source) |
||
| Line 10: | Line 10: | ||
To add or remove security rules from a security group click ''Manage Rules'' for that particular security group. To add a new rule click ''Add Rule'' button in the top right, to remove a rule click ''Delete Rule'' beside the rule you wish to delete. | To add or remove security rules from a security group click ''Manage Rules'' for that particular security group. To add a new rule click ''Add Rule'' button in the top right, to remove a rule click ''Delete Rule'' beside the rule you wish to delete. | ||
The ''default | The '''default security group''' contains rules which allow a VM access out to the internet, for example to download operating system upgrades or package installations, but does not allow another machine to access it, except for other VMs belonging to the same default security group. We recommend you do not remove rules from the default security group as this may cause problems when creating new VMs. You may recall, however, in the [[Cloud Quick Start]] you were directed to add a security rule for port 22 to allow incoming traffic so that you were able to connect to your VM ([[Cloud Quick Start#Firewall, add rules to allow SSH|Firewall, add rules to allow SSH]]). | ||
You can define multiple security groups and a VM can belong to multiple security groups with each security group having a number of security rules. When deciding on how to manage your security groups and rules, think carefully about what needs to be accessed and who needs to access it. For example, if you will always be connecting to your VM from the same computer with a static IP via SSH it makes sense to allow SSH access only from that IP. To specify the allowed IP or IP range use the [https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing CIDR] box. Further, if you are only connecting to one VM via ssh from the outside, and then connecting to other VMs within the default security group from that VM it makes sense to add the SSH security rule to a separate group and add that group to the VM you are SSHing to, however, you will also need to ensure your ssh keys are configured correctly to ssh between VMs (see [[Ssh keys | SSH Keys]]). | You can define multiple security groups and a VM can belong to multiple security groups with each security group having a number of security rules. When deciding on how to manage your security groups and rules, think carefully about what needs to be accessed and who needs to access it. For example, if you will always be connecting to your VM from the same computer with a static IP via SSH it makes sense to allow SSH access only from that IP. To specify the allowed IP or IP range use the [https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing CIDR] box. Further, if you are only connecting to one VM via ssh from the outside, and then connecting to other VMs within the default security group from that VM it makes sense to add the SSH security rule to a separate group and add that group to the VM you are SSHing to, however, you will also need to ensure your ssh keys are configured correctly to ssh between VMs (see [[Ssh keys | SSH Keys]]). | ||