First, there is no such thing as the default OpenStack security group. Every project has its own default group,...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
which is created when cloud admins start a new project.
These security groups come with standard rules that allow no incoming access to instances within that project. A default OpenStack security group is always delivered that way, as it is generated directly from OpenStack software.
The standard rules within a default security group are automatically applied to a new project. However, a cloud admin can change the group's rules via the command-line interface once the security group is applied. Admins can use, for instance, the command openstack security group rule create --protocol tcp --dst-port 22 default to add a rule to the default security group that allows for incoming Secure Socket Shell.
In a multi-tenant OpenStack environment, multiple security groups with the name "default" exist. In this case, use the security group ID instead of the security group name. A cloud admin can use the OpenStack security group list to display all security groups and their currently assigned names. (See Figure 1.)
For a more automated way to manage OpenStack security group contents, a cloud admin can use Heat templates. If you normally use Heat to deploy configurations to OpenStack, use a template that contains the following sample contents:
- protocol: tcp
After you create a stack like the one shown above, you can apply it using the openstack stack create -t command, as in openstack stack create -t hot.txt hot.
Best practices to set up network security groups in cloud
Explore options to secure an OpenStack cloud
Streamline your OpenStack cloud management strategy
Dig Deeper on Data security in the cloud
Related Q&A from Sander van Vugt
VMware Integrated OpenStack might not be the highest priority product in VMware's portfolio, but VMware is a major contributor to other OpenStack ...continue reading
OpenStack admins use Heat templates to streamline cloud resource deployment. What are the templates' main components, and how can we use them in more...continue reading
Some organizations require real-time support for critical applications that run on Linux. What are some options to achieve that on a SUSE ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.