Book Image

Mastering OpenStack

By : Omar Khedher
Book Image

Mastering OpenStack

By: Omar Khedher

Overview of this book

This book is intended for system administrators, cloud engineers, and system architects who want to deploy a cloud based on OpenStack in a mid- to large-sized IT infrastructure. If you have a fundamental understanding of cloud computing and OpenStack and want to expand your knowledge, then this book is an excellent checkpoint to move forward.
Table of Contents (13 chapters)
8
8. Extending OpenStack – Advanced Networking Features and Deploying Multi-tier Applications
12
Index

Security groups


Imagine a scenario where you have to apply certain traffic management rules for a dozen compute node instances. Therefore, assigning a certain set of rules for a specific group of nodes will be much easier instead of going through each node at a time. Security groups enclose all the aspects of the rules that are applied to the ingoing and outgoing traffic to instances, which includes the following:

  • The source and receiver, which will allow or deny traffic to instances from either the internal OpenStack IP addresses or from the rest of the world

  • Protocols to which the rule will apply, such as TCP, UDP, and ICMP

  • Egress/ingress traffic management to a Neutron port

In this way, OpenStack offers an additional security layer to the firewall rules that are available on the compute instance. The purpose is to manage traffic to several compute instances from one security group. You should bear in mind that the networking security groups are more granular-traffic-filtering-aware than the...