search

servicecatalog / development

An Enterprise-ready Cloud Services Management Software
http://openservicecatalogmanager.org
Apache License 2.0
39 stars 27 forks source link

Networks - support firewall rules and ports #319

Open mdehn opened 7 years ago

mdehn commented 7 years ago

Allow to define firewall rules and filtering of ports for all the supported IaaS controllers:

HerbertNick commented 7 years ago

Needs to include Azure ARM and K5

HerbertNick commented 7 years ago

This should be linked to security groups, so you set rules for groups & then add resources to the groups. Not directly to the resources as it is bad practise.

HerbertNick commented 7 years ago

visualisation like this would be a very useful feature: http://docs.rightscale.com/img/cm-network-map-example.png

HerbertNick commented 7 years ago

Don't block any setting, it should be user configurable and if they want "everything open" then they should be able to set it. perhaps it is useful for a development environment. It would be good to have a warning or link to security best practise guidelines when they are in this section so that we can provide them with guidance, but not with restrictions.

HerbertNick commented 7 years ago

This feature should be accessible via APIs and the GUI

ghost commented 7 years ago

When applying "everything open", there may be some restrictions on the usage due to security policy. The default setting should be selective either from "everything open" or "All denied".

mdehn commented 7 years ago

The support for firewall rules can be done for the AWS and the OpenStack controllers. A K5 controller is not yet part of OSCM, but it is planned for release 16.2. An Azure controller is not part of OSCM, but you are free to contribute such a controller.