How To Create and Use Security Groups in OpenNebula

From CipherSpace Client Wiki
Revision as of 10:07, 10 July 2017 by Mathias (talk | contribs)
Jump to navigation Jump to search

What is a Security Group ?

A Security Group define firewall rules, which can then be applied to your VMs.

Create a new Security Group

  1. Log into OpenNebula Sunstone.
  2. Go to "Network" in the left menu and click on "Security Groups" in the drop down menu. A list with all existing security groups will appear
  3. Click on the "+" button to create a new Security group.

Define a Security Group

A security group is defined by its name, an optional description and one or several rules.

Create a new rule

To create a new rule, you must specify the following parameters:

  • Traffic direction: Choose between "Inbound" and "Outbound"
  • Protocol: Choose between the following values:
    • TCP
    • UDP
    • ICMP
    • IPsec
    • All
  • Port range: Only available with TCP or UDP. You can either select "All" or you can specify a port range. Multiple ports or port ranges are separated using a comma, and a port range is specified using a colon. Example: 22,53,80:90,110,1024:65535
  • ICMP Type: Only available with ICMP. Use the dropdown to select the desired type or you can leave it blank to allow all ICMP traffic.
  • Target network: you can define wether this rule can be applied to
    • any virtual network ("Any network"),
    • a specific virtual network ("OpenNebula Virtual Network"),
    • or a specific IP range ("Manual Network")

If you choose "Manual Network", you must specify the following values: - First IP address: the first IP of your range - Size: the number of IP adresses in your range (including the first)

When all the parameters are specified, click on "Add rule" to create the new rule.

When all the rules have been defined, click on "Create" to finish the creation of the new Security Group.

Use a Security Group

To apply your rules to your VMs:

  1. Go to "Network" in the left menu and click on "Virtual Networks" in the drop down menu. A list with all existing virtual networks will appear
  2. Select the virtual network you want to apply these rules to and click on "Update"
  3. Go on the Security tab and click on the security group you want to add
  4. Click on "Update" to save your changes.