Security Groups allow you to control the network traffic of your instance via rules comprosed of traffic direction, protocols and ports, e.g. opening a UDP or TCP port for inbouond or outbound traffic. You can use the feature for example to expose a Jupyter notebook server or Tensorflow's Tensorboard to the internet.


With inbound rules you have full control which ports of your instance should be open and accessible from the internet.

Outbound rules allow you to specify which protocols and ports should be able to reach the internet from your instance. (We genereally recommend to allow all outbound traffic for most users.)


All instances are preconfigured to use our recommended standard Security Group. The standard Security Group allows your instance to be pinged (ICMP), reached via SHH (TCP on port 22), and reach via HTTP and HTTPS (TCP on port 80 and 443). Further, the standard Security Group allows traffic on all ports and protocols to the internet. The standard group can not be edited but of course you are free remove it from any of your intances.


For all your instances on Genesis Cloud we allow all internal network traffic between them on all ports and protocols so you don't need to worry about changing secuirty groups for internal communication between your instances. If you need your internal traffic to be also restricted via Security Groups just contact our support.




Create a new Security Group

Navigate to the Security Groups tab in the Network section in the Compute Service and click "Create New Security Group".

Fill in a name and a description describing the purpose of your new Secuirty Group.

 

Click "Add Rule" in the inbound or outbound section to add an inbound or outbound traffic rule.

Select the type from the dropdown and fill in the port, multiple ports or a port range and press the confirm checkmark to accept this rule.


Select "ICMP" for pinging your instance. No ports can be specified.

Select "SSH" for SSH traffic which is per default served on TCP port 22.

Select "TCP" for the TCP protocol. 

Select "UDP" for the UDP protocol.


For TCP and UDP you can specify:

- a single port, e.g. "8888"

- multiple ports via comma sperated entries, e.g. "8888, 8898"

- a range of ports using a dash, e.g. "8888-8898"

- ALL ports for this protocol, leaving the ports field blank



After you have specified all rules for the Security Group click "Create Security Group" to create this Security Group and start using it.


Adding and removing instances from the Security Group

To apply your Security Group to your instances or the remove instances from your Security Group select your Security Group from the overview.


In the details screen use "Add Instance" functionality on the right to add an remove instance.


Clicking select shows a dropdown of all instance (that don't have this rule applied yet).


After you clicked "Add Instance" you will be able to see this Security Group as well as all other Security Groups of your instance in your instance's details view.


To remove any instance from a Security Group use the remove icon behind in the Security Group details view.