Security Groups

Security groups are software firewalls that prevent unauthorized, potentially malicious access to computers. By default, every virtual machine in Datapipe's Stratosphere MUST have one security group associated with it. The system will automatically assign a group entitled "default" to every new VM.

New security groups will not, by default, have any ports open and therefore, will not allow ANY access from outside to virtual machines within Stratosphere. Access has to be explicitly granted.


Security groups determine the ingress connections that are allowed to virtual machines. Security groups have two types of rules that can be applied to them.

  1. CIDR rules to allow IP ranges to connect with instances associated with the group.
  2. Group rules to allow virtual machines belonging to other groups to connect with instances associated with the group.

Virtual machines may belong to multiple security groups.  

Security groups may only be applied to a virtual machine as it is being created; they cannot be added or removed from a virtual machine after it has been created.  

Ingress rules within a security group may be added or deleted at any time.  Changes made to the security group are dynamic and take effect immediately.

Security groups are not restricted to certain zones and may be shared by virtual machines across many zones.

For instructions on how to perform specific actions within security groups, read "Additional Documentation"

Related Pages: Introduction, Key Pairs, Passwords