User GuidesDeveloper ReferenceSupportFAQsLog in

Overview

Network Security Groups (NSGs) act as centralized firewall policy managers, filtering and controlling inbound and outbound network traffic of Network Interface Cards (NICs) or Virtual Machine (VM) instances within a given Virtual Data Center (VDC). It contains security rules that allow traffic based on various criteria, such as source and destination IP addresses, ports, and protocols.

NSGs are of two types: Default and Custom. Every newly created VM in a VDC is automatically added to the Default NSG and comes with a set of pre-configured rules that allow basic infrastructure traffic for VMs and NICs in a VDC. You can customize both Default and Custom NSGs according to your needs.

Note:

  • Deleting a data center results in the deletion of all its VMs, along with associated NSGs and rules.

  • You can have only one default security group for a data center.

Network architecture diagram showing Security Groups associated with VMs in a VDC

The illustration depicts multiple VMs—VM1, VM2, and VM3—within the VDC. All three VMs are connected to a Default NSG, a pre-configured NSG that provides a basic set of security rules and settings.

However, VM3 is also connected to a Custom NSG, which indicates that VM3 requires a more specific set of security rules or settings than the Default NSG. The Custom NSG is configured to meet VM3's unique security requirements.

VM3 has both the Default and the Custom NSGs configured, which means VM3 inherits the security rules and settings from both NSGs to control traffic to or from the VDC.

Inheritance Workflow

The illustration below outlines how groups inherit default rules and the effects of adding custom rules.

Workflow depicting rule inheritance within a VDC

To configure security groups:

1. Log in to DCD with your username and password.

2. Create a Data Center and choose whether to select the Create default network security group checkbox based on your preference:

1. Select the Create default network security group checkbox.

Result: The default group is created with four default rules. All servers and NICs associated with the respective data center inherit default rules. If you add new VMs to the data center, all of its NICs inherit the default rules from the data center.

2. Optionally, you can add custom rules to the default group or create new custom groups. Remember to associate custom groups to the servers or NICs, whichever is applicable.

Result: The servers and NICs associated with the respective data center inherit default rules. New VMs and their associated resources also inherit the default rules together with any rules inherited from custom groups the resources are a member of.

3. Based on the security rules, traffic is allowed or denied.

Result: When you have a set of default and custom groups and rules in a data center, they are combined to prevent malicious traffic to your VDC in the network.

PreviousNetwork Security GroupsNextFeatures and Benefits

Last updated

Was this helpful?