Managing security groups

Security groups are firewalls for your instances, and they’re mandatory in our cloud environment. The firewall actually exists on our OpenStack Compute host that is running the instance, and not as iptables rules within the running instance itself. They allow us to protect our hosts by restricting or allowing access to specified service ports, and also protect our instances from other users’ instances running on the same hosts. Security groups are the only way to separate a tenant’s instances from another user’s instances in another tenant when VLAN or tunnel separation isn’t available, or in instances where the flat networking model is in use.

Getting ready

To begin with, ensure that you’re logged in to a client that has ...

Get OpenStack Cloud Computing Cookbook - Third Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.