Using Security Groups
Overview
By default, virtual machines are created with a default security group that does not permit any inbound access. This is by design to prevent any unauthorized access, and to enable our customers to have full control over their security policy. With that, new virtual machines created will not have any inbound connectivity from the Internet to receive pings, web requests, or to be managed via ssh.
Create Security Group
First, we have to create a security group that can later be applied to a cloud server instance
From our Cloud Management Portal, select Networking -> Security Groups
Click ' Create Security Group'
Enter a Name for your security group (i.e. Allow Inbound SSH from Corporate Office), and an optional description
Click into your security group, then select Add Rule
From this screen, you may add a rule for the service you're looking to add.
An example for SSH, add rules as follows:
| Field | Value |
|---|---|
| Rule | Custom Protocol |
| Description | Allow Inbound SSH |
| Direction | Ingress |
| Open Port | Port |
| Port | 22 |
| Protocol | TCP |
| Remote | CIDR |
| CIDR | 0.0.0.0/0 |
| Ether Type | IPv4 |
Note: We do not currently support IPv6
Apply Security Group
Next, we apply the security group we made to an instance for it to take effect
From our Cloud Management Portal, select Server, then select the server you want to allow SSH for
Click '**Security Groups**', then ' Add Security Group'
From the drop down list, select the ' Allow Inbound SSH from Corporate Office' security group, and choose Add Security Group.
Operations Strategy
Some folks choose to maintain 1 security group with all of their services and rules in it, while others elect to make discreet security groups to be applied concurrently, as we have demonstrated in this article. While there are operational drawbacks of using one security group for all services, in that its harder to audit in larger environments, there are no performance impacts to either approach.
Example Rules
Inbound PING
| Field | Value |
|---|---|
| Rule | Custom Protocol |
| Description | Allow Inbound PING |
| Direction | Ingress |
| Open Port | All Ports |
| Protocol | ICMP |
| Remote | CIDR |
| CIDR | 0.0.0.0/0 |
| Ether Type | IPv4 |
Inbound HTTP and HTTPS
| Field | Value |
|---|---|
| Rule | Custom Protocol |
| Description | Allow Inbound HTTP |
| Direction | Ingress |
| Open Port | Port |
| Port | 80 |
| Protocol | TCP |
| Remote | CIDR |
| CIDR | 0.0.0.0/0 |
| Ether Type | IPv4 |
| Field | Value |
|---|---|
| Rule | Custom Protocol |
| Description | Allow Inbound HTTPS |
| Direction | Ingress |
| Open Port | Port |
| Port | 443 |
| Protocol | TCP |
| Remote | CIDR |
| CIDR | 0.0.0.0/0 |
| Ether Type | IPv4 |
Updated on: 23/01/2025
Thank you!