Monday, 1 July 2013

Eucalyptus 3.3 Tutorials- Creating Security Groups

Eucalyptus 3.3 Tutorials
Creating Security Groups

In this tutorial, we are going to create our first Security Group using Eucalyptus User Console and with Euca2ools, the Eucalyptus Command Line tools.


A security group is a set of networking rules applied to instances associated with a group. When you first create an instance, it is assigned to a default security group that denies incoming network traffic from all sources. To allow login and usage of a new instance, you must authorize network access to the default security group with the euca-authorize command.
Using User Console:
Firstly, log on to your User Console with the appropriate Credentials recorded in the earlier steps.

Next, from the Dashboard, select "Network and Security" >> "Security Groups"

This will display your existing Security Groups. By default, Eucalyptus Faststart creates a "default" security group with port 22 (SSH) enabled. To create your own Security Group, select "Create new Security Group" option as shown  

In the "Group" tab, we first provide a "Name" for your security group followed by its "Description". Both the fields are required.

Next comes the "Rules" Tab, where we actually specify which ports to open up for us to communicate with our Instances. 

NOTE: By default, a security group prevents incoming network traffic from all sources.

You can select the "Protocol" for which you need to open up ports as shown below:

As you can see, there are a vast number of Protocols already pre-defined for use, such as Port 80 for http, port 3306 for incoming MySQL connections etc. You can alternatively provide your own custom port value as well by selecting the "Custom TCP/ UDP/ ICMP" port settings. For this tutorial, I am going to open up port 22 (SSH)

Once you select a particular "Protocol", the next thing to do is to provide a "Port Range" which can be port numbers in the following format "5900-5910" or a single value such as "22" as well. Next, provide a CIDR value for allowing traffic to your instance based on a particular IP range. For this tutorial, I am providing "" which means open for all incoming IP ranges.

You can alternatively create more such rules here itself by selecting "Add another Rule" option

Moving on, the last tab is the "Tags" tab. Tags simply help you to uniquely identify each "Item", in this case, Security Groups with the help of Key-Value Pairs. You can provide your own values here if you wish. This is OPTIONAL. Once done, click "Create" to create your Security Group.

This will now provision your "Security Group" as shown below. 

Using Euca2ools:
You can alternatively provision a Security Group using Eucalyptus Command Line utilities called as Euca2ools. This is by far, even easier than using the User Console, PROVIDED you can remember the vast number of commands!!

To create a Security Group, we use "euca-add-group"

euca-add-group  -d "<group_description>" group_name
euca-add-group -d "My second Security Group" TestSecurityGroup 
To authorize a Security Group, we use "euca-authorize"

euca-authorize -P <protocol> -p <port_range> -s <source_IP_range> security_group_name
euca-authorize -P tcp -p 22 -s TestSecurityGroup

Thats all there is to it !! The next thing to do once your security groups are created is to create Key Pairs.

>> Eucalyptus 3.3 Tutorials: Create Key Pairs