Security groups in xneelo Cloud

What are security groups

A security group is a set of rules that controls what inbound and outbound traffic is allowed. Security groups can be assigned to instances and can be considered as a virtual firewall that filters traffic. 

Security groups control this traffic by using allow rules that can be configured to specific traffic types, sources and destinations.

Using security groups correctly can help lower the risk of malicious actors gaining network access to your cloud resources and ensure that your workloads remain operational.

Security group rules

To send or retrieve traffic of a specific type, there must be an associated rule in a security group that allows that traffic. 

Security groups contain only allow rules, not deny rules. There are 2 types of rules: ingress, and egress.

• Ingress rules control what incoming traffic is allowed to an instance. 
• Egress rules control what outgoing traffic is allowed from an instance.

Each rule consists of 3 components that control the traffic type, source and destination:

1. The IP protocol allowed 
2. The ports allowed (single port or range)
3. Source addresses allowed (IP address block / CIDR)

Using security groups

In xneelo Cloud there is a default security group with commonly used rules that you can assign to your instances.

You can also create and manage security groups with your own custom rules.

Multiple security groups can be assigned to an instance. The rules from each security group are aggregated to form a single set of rules that control traffic.

Security groups can be assigned when creating an instance and edited at any time.