In 2.2.x version of the cloudStack we provided support for Security Groups in Advance zone. The feature was temporary disabled in released versions of 3.0.x branch due to lack of dev and test resources needed to accommodate the feature to the new NaaS framework.
Disabling the feature made an upgrade for existing 2.2.x customers using this network model, impossible. We are going to re-enable the feature in the next CS release with all the limitations accompanying it in 2.2.x branch. Here is the functional specification: https://cwiki.apache.org/confluence/display/CLOUDSTACK/Isolation+based+on+S ecurity+Groups+in+Advance+zone It reflects: * current behavior model * feature limitations * upgrade path * feature enhancements plan Please review and point out if there are any inconsistencies/unclearness in the spec. Anthony Xu will be the key developer for Java + Scripting part; UI developers haven't been assigned to the feature yet. -Alena.
