Re: Difference in functionality of Advanced Networking With and Without Security Groups
Thank you for your quick response, Wei. It was helpful. Regards, Willard On Tue, Jun 6, 2023 at 7:36 AM Wei ZHOU wrote: > Hi Will, > > In the advanced zone with security groups, you can only create Shared > networks. L2 and isolated/VPC are not supported. (In my opinion, we could > support L2 as well). > In the advanced zones, you can create Shared/L2/Isolated/VPC, but vms do > not have security groups. > > Advanced zone with SG is suitable for public cloud providers, and advanced > zone without SG is suitable for private clouds. > There is an idea from some years ago, to combine these two types into one, > but not implemented yet. It is very complicated. > > -Wei > > > On Tue, 6 Jun 2023 at 12:45, Will Conrad > wrote: > > > HI Community! > > > > My company is building a cloudstack implementation and have discovered > > that security-group enabled advanced zones seem to function unexpectedly > > differently than non-security-group enabled advanced zones. After > creating > > a security-group enabled advanced zone, when adding new networks to this > > zone, we seem to have lost the choices of "L2" and "isolated". Is this > > normal? Is this the way security groups were designed to function? I did > > read through the documentation for security groups, and noticed the > > "limitations" expressed as well as saw the documentation that VPC are not > > supported in security-group enabled zones. I'm looking for further > > clarification. > > > > As depicted in the below screenshot, "shared" is now the only option > where > > before "L2" and "isolated" were also options. > > > > Have I missed something? Have I misinterpreted something? Is there > further > > documentation that might describe the nuances of using security groups in > > advanced zones? > > > > Any assistance is appreciated. Thank you! > > > > Regards, > > > > Willard Conrad > > DevOps Engineer > > Hivelocity, LLC > > > > [image: image_720.png] > > >
Re: Difference in functionality of Advanced Networking With and Without Security Groups
Hi Will, In the advanced zone with security groups, you can only create Shared networks. L2 and isolated/VPC are not supported. (In my opinion, we could support L2 as well). In the advanced zones, you can create Shared/L2/Isolated/VPC, but vms do not have security groups. Advanced zone with SG is suitable for public cloud providers, and advanced zone without SG is suitable for private clouds. There is an idea from some years ago, to combine these two types into one, but not implemented yet. It is very complicated. -Wei On Tue, 6 Jun 2023 at 12:45, Will Conrad wrote: > HI Community! > > My company is building a cloudstack implementation and have discovered > that security-group enabled advanced zones seem to function unexpectedly > differently than non-security-group enabled advanced zones. After creating > a security-group enabled advanced zone, when adding new networks to this > zone, we seem to have lost the choices of "L2" and "isolated". Is this > normal? Is this the way security groups were designed to function? I did > read through the documentation for security groups, and noticed the > "limitations" expressed as well as saw the documentation that VPC are not > supported in security-group enabled zones. I'm looking for further > clarification. > > As depicted in the below screenshot, "shared" is now the only option where > before "L2" and "isolated" were also options. > > Have I missed something? Have I misinterpreted something? Is there further > documentation that might describe the nuances of using security groups in > advanced zones? > > Any assistance is appreciated. Thank you! > > Regards, > > Willard Conrad > DevOps Engineer > Hivelocity, LLC > > [image: image_720.png] >
Difference in functionality of Advanced Networking With and Without Security Groups
HI Community! My company is building a cloudstack implementation and have discovered that security-group enabled advanced zones seem to function unexpectedly differently than non-security-group enabled advanced zones. After creating a security-group enabled advanced zone, when adding new networks to this zone, we seem to have lost the choices of "L2" and "isolated". Is this normal? Is this the way security groups were designed to function? I did read through the documentation for security groups, and noticed the "limitations" expressed as well as saw the documentation that VPC are not supported in security-group enabled zones. I'm looking for further clarification. As depicted in the below screenshot, "shared" is now the only option where before "L2" and "isolated" were also options. Have I missed something? Have I misinterpreted something? Is there further documentation that might describe the nuances of using security groups in advanced zones? Any assistance is appreciated. Thank you! Regards, Willard Conrad DevOps Engineer Hivelocity, LLC [image: image_720.png]
