Hi Will, In the advanced zone with security groups, you can only create Shared networks. L2 and isolated/VPC are not supported. (In my opinion, we could support L2 as well). In the advanced zones, you can create Shared/L2/Isolated/VPC, but vms do not have security groups.
Advanced zone with SG is suitable for public cloud providers, and advanced zone without SG is suitable for private clouds. There is an idea from some years ago, to combine these two types into one, but not implemented yet. It is very complicated. -Wei On Tue, 6 Jun 2023 at 12:45, Will Conrad <wcon...@hivelocity.net.invalid> wrote: > HI Community! > > My company is building a cloudstack implementation and have discovered > that security-group enabled advanced zones seem to function unexpectedly > differently than non-security-group enabled advanced zones. After creating > a security-group enabled advanced zone, when adding new networks to this > zone, we seem to have lost the choices of "L2" and "isolated". Is this > normal? Is this the way security groups were designed to function? I did > read through the documentation for security groups, and noticed the > "limitations" expressed as well as saw the documentation that VPC are not > supported in security-group enabled zones. I'm looking for further > clarification. > > As depicted in the below screenshot, "shared" is now the only option where > before "L2" and "isolated" were also options. > > Have I missed something? Have I misinterpreted something? Is there further > documentation that might describe the nuances of using security groups in > advanced zones? > > Any assistance is appreciated. Thank you! > > Regards, > > Willard Conrad > DevOps Engineer > Hivelocity, LLC > > [image: image_720.png] >
