Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Mastering OpenStack

You're reading from   Mastering OpenStack Design, deploy, and manage a scalable OpenStack infrastructure

Arrow left icon
Product type Paperback
Published in Jul 2015
Publisher
ISBN-13 9781784395643
Length 400 pages
Edition 1st Edition
Arrow right icon
Author (1):
Arrow left icon
Omar Khedher Omar Khedher
Author Profile Icon Omar Khedher
Omar Khedher
Arrow right icon
View More author details
Toc

Table of Contents (13) Chapters Close

Preface 1. Designing OpenStack Cloud Architecture 2. Deploying OpenStack – DevOps and OpenStack Dual Deal FREE CHAPTER 3. Learning OpenStack Clustering – Cloud Controllers and Compute Nodes 4. Learning OpenStack Storage – Deploying the Hybrid Storage Model 5. Implementing OpenStack Networking and Security 6. OpenStack HA and Failover 7. OpenStack Multinode Deployment – Bringing in Production 8. Extending OpenStack – Advanced Networking Features and Deploying Multi-tier Applications 9. Monitoring OpenStack – Ceilometer and Zabbix 10. Keeping Track for Logs – Centralizing Logs with Logstash 11. Tuning OpenStack Performance – Advanced Configuration Index

Security groups


Imagine a scenario where you have to apply certain traffic management rules for a dozen compute node instances. Therefore, assigning a certain set of rules for a specific group of nodes will be much easier instead of going through each node at a time. Security groups enclose all the aspects of the rules that are applied to the ingoing and outgoing traffic to instances, which includes the following:

  • The source and receiver, which will allow or deny traffic to instances from either the internal OpenStack IP addresses or from the rest of the world

  • Protocols to which the rule will apply, such as TCP, UDP, and ICMP

  • Egress/ingress traffic management to a Neutron port

In this way, OpenStack offers an additional security layer to the firewall rules that are available on the compute instance. The purpose is to manage traffic to several compute instances from one security group. You should bear in mind that the networking security groups are more granular-traffic-filtering-aware than the...

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image