Security groups with advanced zones is for a pretty specific need. In short,
security groups are port filtering rules that are applied within a bridge so
you can have separate ACLs for each instance. This is generally used on basic
networks because public IP addresses are assigned directly to the VM. With
advanced networks, the virtual router (or SRX firewall, or some other external
device you have tied into CS) does NAT and provides all of the firewalling and
port filtering. There are specific use cases when you would want to combine
the two but AFAIK it is only supported with KVM. There's an overview here:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Security+Groups+Isolation+in+Advanced+Zone
-Clayton
-Original Message-
From: Jake G. [mailto:dj_dark_jungl...@yahoo.com]
Sent: Tuesday, October 22, 2013 3:32 AM
To: users@cloudstack.apache.org
Subject: CS4.2 Security groups - need explaination
Hi all,
I am trying to setup an advance zone. One the very first window of the wizard
there is an option to use security groups.
What is the difference between using security groups and not using securty
groups?
Does my network have to be setup differently for each?
Thank you,
Jake