cc_staff
1,486
edits
Line 7: | Line 7: | ||
Security groups allow you to control network traffic into and out of your virtual machines. To manage security groups go to ''Project->Compute->Access & Security'' and select the ''Security Groups'' tab. You will see a list of currently defined security groups. If you have not previously defined any security groups, there will be single ''default'' security group. | Security groups allow you to control network traffic into and out of your virtual machines. To manage security groups go to ''Project->Compute->Access & Security'' and select the ''Security Groups'' tab. You will see a list of currently defined security groups. If you have not previously defined any security groups, there will be single ''default'' security group. | ||
To add or remove security rules from a security group click ''Manage Rules'' for that particular security group. | To add or remove security rules from a security group click ''Manage Rules'' for that particular security group. To add a new rule click ''Add Rule'' button in the top right, to remove a rule click ''Delete Rule'' beside the rule you wish to delete. | ||
The ''default'' security group contains a number of rules by default. These rules allow network traffic for any port, from any ip, into (Ingress) a VM originating from another VM in the ''default'' security group for internet protocols version 4 and 6. They also allow network traffic out (Egress) of a VM from any port to any IP for both internet protocol versions. In other words these rules allow a VM which belongs to the ''Default'' security group access out to the internet, to download content (e.g. operating system upgrades, package installations) but does not allow another machine outside the ''default'' security group access to the VM. These default rules allow you to correctly launch a VM, removing them may cause problems when creating new VMs and is not recommended. These rules do not allow access to your VM from outside the default security group which is why to connect to your VM via SSH a security rule was added for port 22 to allow incoming (Ingress) traffic so that you were able to connect to your VM (see [[Cloud Quick Start#Firewall, add rules to allow SSH]]). | The ''default'' security group contains a number of rules by default. These rules allow network traffic for any port, from any ip, into (Ingress) a VM originating from another VM in the ''default'' security group for internet protocols version 4 and 6. They also allow network traffic out (Egress) of a VM from any port to any IP for both internet protocol versions. In other words these rules allow a VM which belongs to the ''Default'' security group access out to the internet, to download content (e.g. operating system upgrades, package installations) but does not allow another machine outside the ''default'' security group access to the VM. These default rules allow you to correctly launch a VM, removing them may cause problems when creating new VMs and is not recommended. These rules do not allow access to your VM from outside the default security group which is why to connect to your VM via SSH a security rule was added for port 22 to allow incoming (Ingress) traffic so that you were able to connect to your VM (see [[Cloud Quick Start#Firewall, add rules to allow SSH]]). |