CloudStack Advanced Zone With Security Groups

A Shared Network in CloudStack can be used to assign public IPs to guest VM instances instead of internal private IPs. A Guest VM with a routable public IP is directly reachable from the Internet without using any NAT services. Services providers usually create a one or more shared networks with public subnets to provide VPS/shared hosting services for their customers. Please also see earlier post on CloudStack Shared Networks.

For guest instances which are on a VLAN based Isolated Network, the CloudStack managed virtual router (VR) provides NAT/SNAT and firewall services. Users can modify the Network ACLs directly from the CloudStack UI. Virtual routers however, cannot be used as firewall on shared networks as they are directly accessible from the Internet.

So what options are available to provide firewall services in shared networks?

Shanker Balan

Shanker Balan is a devops and infrastructure freelancer with over 14 years of industry experience in large scale Internet systems. He is available for both short term and long term projects on contract. Please use the Contact Form for any enquiry.

More Posts - Website

Follow Me: