OpenStack’s security groups capability is a key feature in its support for multi-tenant workloads. Security groups are sets of rules that users utilize to specify access to their application infrastructure. This access is specified either via a classless inter-domain routing (CIDR) network range or by specifying the name of another security group.
Let’s take a look at how security groups would be applied in a simple three-tier application infrastructure consisting of web, application, and database layers:
The application developer has restricted access to the various tiers of her application as follows:
- Users can only access the Web tier, and that access is restricted solely to TCP 443 for HTTPS
- Only instances in the Web security group can access instances in the App security group
- Only instances in the App security group can access instances in the DB security group
VMware Integrated OpenStack leverages VMware NSX’s own security group functionality to implement this capability for our users. The application developers are not even aware of this advantage for their application security because they are using industry-standard open source APIs to deploy their infrastructure.
The following video provides a detailed walkthrough of using OpenStack security groups.
Stay tuned for the next installment covering OpenStack users and projects! In the meantime, you can learn more on the VMware Product Walkthrough site and on the VMware Integrated OpenStack product page.