network security group for `cf ssh` for small footprint PAS.

[johnlafata]

On Small footprint, we needed to update the network security group, pas-ops-manager-security-group, open port 2222. For Full PAS, Terraform takes care of this within the bosh-deployed-vms network security group.

[dr8tsh]

Hi @johnlafata - any reason you needed TCP2222 open against Ops Manager (the pas-ops-manager-security-group only applies against the OpsManager VM)? The NSG created as part of this Terraform (bosh-deployed-vms-security-group) includes a rule to allow TCP2222, which will allow cf ssh across both Small Footprint and standard PAS deployments.

To enable cf ssh in small footprint you will need to:

• associate the diego-ssh-lb load balancer with the "Control" vm (job) in OpsMgr.
• ensure the ssh.{sys domain} maps to the diego-ssh-lb public IP accordingly
• specify the bosh-deployed-vms-security-group as the "Default Security Group" in OpsMgr (BOSH Director for Azure tile/Azure Config)

Will work with no changes required to the Terraform or security group.

[koundinyabs]

Hi @drhpivotal,

In John's deployment, for some reason the Ops manager NSG was assigned to the control VM. We concluded this was by design. Perhaps the root cause was not specifying the bosh-deployed-vms NSG as the default security group. John's deployment should still be around too check and confirm.