Access & Security

This dashboard page is located under the Manage Compute -> Access &amp; Security page. Here you can configure security groups, keypairs, floating ips and see your API access URLs and credentials.

Security Groups
A security group is a collection of rules specifying what traffic may be allowed to an instance that is assigned this security group. A "default" security group is generally created for you, but additional can be made with more specific names and rules. For example, a security group for a database server may have rules to only allow port 22 (SSH) and 3306 (MySQL) traffic. A webserver that needs access for FTP, SSH, HTTP, and other services will have more. Generally having fewer rules, and therefore less access is preferred for security reasons.

The main page allows for creating, editing rules of, and deleting security groups.

Clicking on "Edit Rules" brings you to the page where rules can be added or deleted. Rules cannot be edited at this time, they must be removed and re-added.

When adding a rule, the first selection box has TCP, UDP and ICMP. For TCP and UDP, you will specify a port or port range, a value for the previous selection, and then the source/CIDR or security group. For ICMP, you will enter a type, code and then the same source/CIDR or security group. The type and code will in most cases be "-1" which is the integer form of "ANY".

When entering a CIDR, you can specify if this rule should apply to IPv4 or IPv6 by the format entered. If this should apply for IPv4, then you may want to use "0.0.0.0/0", and if you want it to apply to IPv6 then you may want to use "::/0".

For example, a webserver would likely need to have ping (icmp), ssh (port 22), http (port 80) and https (port443) access, and so creating rules like this would allow for this:



Keypairs
Here you can view, add or remove keys from your pool of available SSH keys. If any keys exist, they will be shown on this page. If you wish to add a key, click the "Create Keypair" or "Import Keypair" buttons on the top right.

More information on keypairs and how to use them can be found on the SSH Keys page.

Floating IPs
This page shows what floating ips you have allocated, and what they are assigned to. Floating IPs are required to make an instance accessible from the internet, giving it a public ip address. The "Allocate IP To Project" button on the top right allows you to acquire additional floating ips, and the "Release Floating IPs" button next to it to remove them from use. Additional buttons for "Associate Floating IP" will display when an IP is not assigned to an instance, and "Disassociate Floating IP" buttons when an IP is assigned to an instance.

API Access
On this page you can find the various URL's required for API access to the different DreamCompute components. There is also a button called "Download OpenStack RC File", which when clicked will provide you a bash script that when ran will populate variables that the API calls are expecting. For the bash shell, you will want to run the script via "source" or "." such as:

source TENANTNUM-openrc.sh

or

. TENANTNUM-openrc.sh

Some examples variables exported are:

export OS_AUTH_URL=https://keystone.dream.io/v2.0 export OS_TENANT_ID=TENANTID export OS_TENANT_NAME="dhcNUMBER" export OS_USERNAME=USERNAME

And code to prompt you for your dashboard password, which will load it into one additional variable:

export OS_PASSWORD=$OS_PASSWORD_INPUT