Horizon Web Console: Security Groups

Under the Project and Network tabs, use the Security Groups screen to manage the security groups in your project.

List Security Groups

The Security Groups screen lists all the security groups in your project.

List Security Groups

Create a Security Group

Before creating a security group, check out the Common Security Group Rule Sets page, which presents two security groups with common rule sets to allow access from Cornell. If you want to SSH or RDP to your instance from Cornell, using one of these security groups is the easiest; no additional setup is necessary.

Click on the Create Security Group button to create a new security group
Name the new security group and click on the Create Security Goup button.

By default, a new security group allows outbound network connections only. All inbound connections are blocked. All allowed access must be explictly granted by a security group rule. You should add new security group rules to the new security group.

Delete a Security Group

On the Security Groups screen, select the security group(s) you want to delete and click on the Delete Security Groups button.

Note

A security group can only be deleted if no server is assigned to it.

Delete a Security Group

Manage Your Security Group

On the Security Groups screen under the Project and Network tabs, click on the Manage Rules button next to the security group you want to change its rules.
On the Manage Security Group Rules screen, you can now add new rules or delete an existing rule using the Add Rule and Delete Rule buttons.

Add a Security Group Rule

To add a new rule, click on the Add Rule button on the Manage Security Group Rules screen.
In the Add Rule screen, use the pull down menu under Rule to create a new rule to allow many common services such as ssh, https, etc. You can also choose to create custom TCP, UDP, ICMP or protocol rules. See the descriptions on the right for information on the appropriate values to use.
- For accessing Linux instances, select SSH from Rule.
- For accessing Windows instances, select RDP from Rule.
- In CIDR, enter the range of IP addresses that are allowed to connect to this instance. It's highly recommended not to use the default CIDR (0.0.0.0/0) because it allows access from the entire internet and creates an opening for hackers. A better choice is 10.0.0.0/8, which allows access from Cornell's eduroam Wi-Fi and VPN addresses. Changing the default CIDR is especially important for Windows users (as explained at CAC Security Group Rules for Windows). Please see Cornell Campus Network IP Ranges for a list of CIDRs for all Cornell network IP addresses. (Note, you would need to add a separate rule for each CIDR listed.) If you are unsure of what IP addresses to add, please contact CAC help.
Click on the Add button to create the new rule. You will now see the new rule listed on the Manage Security Rules screen.

Delete a Security Group Rule

To delete a security group rule, click on the Delete Rule button next to the rule to be deleted. To delete multiple security group rules, click the rules to be deleted and click on the Delete Rules button in the upper right corner.

Delete a Security Group Rule

Keys	Action
`?`	Open this help
`n`	Next page
`p`	Previous page
`s`	Search