https://cwiki.apache.org/confluence/display/CLOUDSTACK/Isolation+based+on+Security+Groups+in+Advance+zone
This is upgraded spec , Compared to original one, following are major changes 1. SG enabled is zone wide parameter, if this zone is SG enabled, all guest networks in this zone must be SG enabled. 2. support all shared network types, includes zone-wide shared network, domain-wide shared networks and account-specific share networks 3. support multiple SG enabled networks in one SG enabled zone. 4. VM can be on multiple SG enabled networks 5. SG rules apply to all NICs for a VM 6. support both KVM and XenServer. Comments, question, suggestion and flame are welcome! Thanks, Anthony > -----Original Message----- > From: Dave Cahill [mailto:dcah...@midokura.jp] > Sent: Thursday, January 10, 2013 5:29 PM > To: cloudstack-dev@incubator.apache.org > Subject: Re: [DISCUSS] Security Groups Isolation in Advanced Zone > > Hi Anthony, > > Understood - thanks for the update. > > Dave. > > > On Fri, Jan 11, 2013 at 2:54 AM, Anthony Xu <xuefei...@citrix.com> > wrote: > > > Hi Dave, > > > > For 4.1 , this feature is only for shared network on advanced zone, > both > > XenServer and KVM are supported. > > Will upgrade FS soon. > > > > > > Anthony > > > > > -----Original Message----- > > > From: Dave Cahill [mailto:dcah...@midokura.jp] > > > Sent: Thursday, January 10, 2013 12:33 AM > > > To: cloudstack-dev@incubator.apache.org > > > Subject: Re: [DISCUSS] Security Groups Isolation in Advanced Zone > > > > > > Hi Manan, > > > > > > I'm interested in this feature - when (roughly) are you planning to > > > commit > > > this to master? > > > > > > Are you planning the full list of features from your requirements > doc > > > (including support for Adavnced, Isolated networks) in 4.1? > > > > > > Thanks in advance, > > > Dave. > > > > > > > > > On Sat, Jan 5, 2013 at 7:01 AM, Manan Shah <manan.s...@citrix.com> > > > wrote: > > > > > > > Yes, FS definitely needs updating. Please also look at the > "Future" > > > > section of Alena's FS. > > > > > > > > Regards, > > > > Manan Shah > > > > > > > > > > > > > > > > > > > > On 1/4/13 1:57 PM, "Prasanna Santhanam" > > > <prasanna.santha...@citrix.com> > > > > wrote: > > > > > > > > >On Sat, Jan 05, 2013 at 12:16:44AM +0530, Manan Shah wrote: > > > > >> Hi Chip, > > > > >> > > > > >> As Alena had mentioned in her FS, her focus was to initially > > > support > > > > >>only > > > > >> the functionality that was enabled in CS 2.2. She had created > a > > > section > > > > >>in > > > > >> her FS that talked about Future release plans. > > > > >> > > > > >> My requirements page covers requirements for both, the CS 2.2 > use > > > case > > > > >>as > > > > >> well as the broader use case. > > > > >> > > > > >> Let me know if you have additional questions. > > > > >> > > > > >Thanks - Alena's FS lists only support for KVM while you have > listed > > > > >support for XenServer and KVM. Guess the FS needs updating? > > > > > > > > > >-- > > > > >Prasanna., > > > > > > > > > > > > > > > > > -- > > > Thanks, > > > Dave. > > > > > > -- > Thanks, > Dave.
