Home > Blog > Manage OpenStack Security Groups via Horizon

Manage OpenStack Security Groups via Horizon

If you haven’t tried it already, get a free on-demand trial for Mirantis OpenStack Express, now available.

Security groups are sets of IP filter rules that are applied to an instance’s networking. They are project specific and project members can edit the default rules for their group as well as add new rule sets. All projects have a “default” security group, which is applied to instances that have no other security group defined. Unless changed, this security group denies all incoming traffic.

Creating Security Groups

  • Click on the Access and Security tab and select Security Groups.

  • Click on the +Create Security group button

  • Enter the name of your new Security Group and the description.

  • Click the Create Security Group button.

*Examples below will reference the sample_one Security Group


  • After this we can see the new security group in the list of groups:

5.1.2 Editing Security Group Rules 

  • Press Edit Rules button next to the Security Group you want to add/edit rules.  We will use the sample_one Security Group created above.

Note: By default all ports are opened for outbound connections and no inbound connections are allowed.

  • Click +Add Rule for create new rule.

Example

To enable remote access via ssh to some server with a known IP address to VM’s associated with this Security Group:

  • Select the needed Rule from the drop down list, in this case, SSH

  • Enter the IP address for the known server in the CIDR and provide a netmask of /32

  • Click the Add button

Now ssh access is enabled originating from the specified IP address to all VMs that have this Security Group associated with them.

Additionally, we can manage network relationship between VMs from different Security groups in cloud.

Example

One VM needs to connect to another VM via standard HTTP port:

  • Create new rule

  • For Remote, select Security Group

  • Select the Security Group where the traffic will originate from, in this example, we select the default Security Group

  • Press Add button

Now all VMs that are associated with the default Security Group can access all VMs associated with this Security Group via the HTTP Port.  The rules for the example sample_one Security Group now look like this:

Note: Before launching new virtual machines, be sure to configure the appropriate Security Group on the Access & Security tab::



Want to read more?  This article is an excerpt from our new guide, Mirantis OpenStack Express: Application On-boarding Guide (currently in beta).  Please let us know what you think.

Subscribe to Mirantis Newsletter

Get blogs and other content delivered straight to your inbox.

FREE EBOOK!
Service Mesh for Mere Mortals
by Bruce Basil Mathews
DOWNLOAD
LIVE WEBINAR
Docker Swarm is Dead! Long Live Docker Swarm

Thursday, October 28 at 10:00am PDT
SAVE SEAT
LIVE WEBINAR
You've Got Kubernetes. Now You Need App-Focused Security Using Istio

Presented with Aspen Mesh
SAVE SEAT
LIVE WEBINAR
Defining a Kubernetes that just works, anywhere

Thursday, November 11 at 8:00am PST
SAVE SEAT
Mirantis Webstore
Purchase Kubernetes support
SHOP NOW

Subscribe to Mirantis Newsletter

Get blogs and other content delivered straight to your inbox.

FREE EBOOK!
Service Mesh for Mere Mortals
by Bruce Basil Mathews
DOWNLOAD
LIVE WEBINAR
Docker Swarm is Dead! Long Live Docker Swarm

Thursday, October 28 at 10:00am PDT
SAVE SEAT
LIVE WEBINAR
You've Got Kubernetes. Now You Need App-Focused Security Using Istio

Presented with Aspen Mesh
SAVE SEAT
LIVE WEBINAR
Defining a Kubernetes that just works, anywhere

Thursday, November 11 at 8:00am PST
SAVE SEAT
Mirantis Webstore
Purchase Kubernetes support
SHOP NOW