Create Security Group
First, we have to create a security group that can later be applied to a cloud server instance
- From our Cloud Management Portal, select Networking -> Security Groups
- Click ' Create Security Group'
- Enter a Name for your security group (i.e. Allow Inbound SSH from Corporate Office), and an optional description
- Click into your security group, then select Add Rule
- From this screen, you may add a rule for the service you're looking to add.
| By default, virtual machines are created with a default security group that does not permit any inbound access. This is by design to prevent any unauthorized access, and to enable our customers to have full control over their security policy. With that, new virtual machines created will not have any inbound connectivity from the Internet to receive pings, web requests, or to be managed via ssh. |
An example for SSH, add rules as follows:
|
Field |
Value |
|---|---|
|
Rule |
Custom Protocol |
|
Description |
Allow Inbound SSH |
|
Direction |
Ingress |
|
Open Port |
Port |
|
Port |
22 |
|
Protocol |
TCP |
|
Remote |
CIDR |
|
CIDR |
0.0.0.0/0 |
|
Ether Type |
IPv4 |
Apply Security Group
Next, we apply the security group we made to an instance for it to take effect
- From our Cloud Management Portal, select Server, then select the server you want to allow SSH for
- Click 'Security Groups', then ' Add Security Group'
- From the drop down list, select the ' Allow Inbound SSH from Corporate Office' security group, and choose Add Security Group.
Operations Strategy
Some users choose to maintain 1 security group with all of their services and rules in it, while others elect to make discreet security groups to be applied concurrently, as we have demonstrated in this article. While there are operational drawbacks of using one security group for all services, in that its harder to audit in larger environments, there are no performance impacts to either approach.
Example Rules
Inbound PING
|
Field |
Value |
|---|---|
|
Rule |
Custom Protocol |
|
Description |
Allow Inbound PING |
|
Direction |
Ingress |
|
Open Port |
All Ports |
|
Protocol |
ICMP |
|
Remote |
CIDR |
|
CIDR |
0.0.0.0/0 |
|
Ether Type |
IPv4 |
Inbound HTTP and HTTPS
|
Field |
Value |
|---|---|
|
Rule |
Custom Protocol |
|
Description |
Allow Inbound HTTP |
|
Direction |
Ingress |
|
Open Port |
Port |
|
Port |
80 |
|
Protocol |
TCP |
|
Remote |
CIDR |
|
CIDR |
0.0.0.0/0 |
|
Ether Type |
IPv4 |
|
Field |
Value |
|---|---|
|
Rule |
Custom Protocol |
|
Description |
Allow Inbound HTTPS |
|
Direction |
Ingress |
|
Open Port |
Port |
|
Port |
443 |
|
Protocol |
TCP |
|
Remote |
CIDR |
|
CIDR |
0.0.0.0/0 |
|
Ether Type |
IPv4 |