A security group is a named collection of network access rules that is used to control the types of traffic that have access to your application. The associated rules in each security group control the traffic to platforms in the group.
In the old clouds, the security groups were provided by default at the cloud level. This allowed inter-communication between any platforms, which was a security concern. As a result, the new clouds that run Juno do not have any default security groups defined. Application teams need to add the secgroup component available in OneOps to open the relevant ports required for their application. The default list of ports for each platform is added to the circuits and shows up when the sec group component is added to the design in OneOps.
Three possible scenarios are described below.
Platform | Port Rule |
---|---|
Tomcat | 22 22 tcp 0.0.0.0/0 8080 8080 tcp 0.0.0.0/0 8443 8443 tcp 0.0.0.0/0 8009 8009 tcp 0.0.0.0/0 |
JBOSS | 22 22 tcp 0.0.0.0/0 8080 8080 tcp 0.0.0.0/0 8443 8443 tcp 0.0.0.0/0 8009 8009 tcp 0.0.0.0/0 |
nodejs | 22 22 tcp 0.0.0.0/0 8080 8080 tcp 0.0.0.0/0 8443 8443 tcp 0.0.0.0/0 |
gluster | 22 22 tcp 0.0.0.0/0 24007 24100 tcp 0.0.0.0/0 24007 24100 udp 0.0.0.0/0 34865 34867 tcp 0.0.0.0/0 34865 34867 udp 0.0.0.0/0 111 111 tcp 0.0.0.0/0 111 111 udp 0.0.0.0/0 49152 49153 tcp 0.0.0.0/0 49152 49153 udp 0.0.0.0/0 |
The secgroup component is added by default as part of every platform.
If an application requires other ports to be opened, it is important to do this so that the application works.