Home > Blogs > OpenStack Blog for VMware


VMware Integrated OpenStack Video Series: Security Groups

OpenStack’s security groups capability is a key feature in its support for multi-tenant workloads. Security groups are sets of rules that users utilize to specify access to their application infrastructure. This access is specified either via a classless inter-domain routing (CIDR) network range or by specifying the name of another security group.

Let’s take a look at how security groups would be applied in a simple three-tier application infrastructure consisting of web, application, and database layers:

OpenStack Security Groups

The application developer has restricted access to the various tiers of her application as follows:

  • Users can only access the Web tier, and that access is restricted solely to TCP 443 for HTTPS
  • Only instances in the Web security group can access instances in the App security group
  • Only instances in the App security group can access instances in the DB security group

VMware Integrated OpenStack leverages VMware NSX’s own security group functionality to implement this capability for our users. The application developers are not even aware of this advantage for their application security because they are using industry-standard open source APIs to deploy their infrastructure.

The following video provides a detailed walkthrough of using OpenStack security groups.

 

Stay tuned for the next installment covering OpenStack users and projects! In the meantime, you can learn more on the VMware Product Walkthrough site and on the VMware Integrated OpenStack product page.

This entry was posted in OpenStack on VMware and tagged , , , on by .
Trevor Roberts Jr.

About Trevor Roberts Jr.

Trevor Roberts, Jr. is the Senior Technical Marketing Manager for OpenStack at VMware and the lead author of the VMware Press title, “DevOps for VMware Administrators". He enjoys speaking to customers and partners about the benefits of using OpenStack with VMware technologies. In his spare time, Trevor shares his insights on data center technologies via the VMware Blogs and on Twitter (@VMTrooper). His contributions to the IT community have garnered recognition by his designation as a VMware vExpert, Cisco Data Center Champion, and EMC Elect.

Leave a Reply

Your email address will not be published. Required fields are marked *