Truth in IT
    • Sign In
    • Register
        • Videos
        • Channels
        • Pages
        • Galleries
        • News
        • Events
        • All
Truth in IT Truth in IT
  • Data Management ▼
    • Converged Infrastructure
    • DevOps
    • Networking
    • Storage
    • Virtualization
  • Cybersecurity ▼
    • Application Security
    • Backup & Recovery
    • Data Security
    • Identity & Access Management (IAM)
    • Zero Trust
    • Compliance & GRC
    • Endpoint Security
  • Cloud ▼
    • Hybrid Cloud
    • Private Cloud
    • Public Cloud
  • Webinar Library
  • TiPs
  • DRAW

Network Security Groups in OpenNebula: Setup & Testing

Open Nebula
04/06/2026
10
0 (0%)
Share
  • Comments
  • Download
  • Transcript
Report Like Favorite
  • Share/Embed
  • Email
Link
Embed

Transcript


TL;DR

  • OpenNebula Security Groups act as host-level firewalls that filter traffic before it reaches VM network cards, operating on a restrictive-by-default model where all traffic is denied unless explicitly allowed.
  • Security groups can be attached at the virtual network level to apply rules universally, or at the individual VM network card level for granular control over specific workloads.
  • Rules support flexible configuration including protocol selection, port ranges (individual, ranges, or all), and target networks defined by specific IPs, network ranges, or any network.
  • The demonstration successfully validates security group functionality by blocking one client VM from accessing a web server while allowing another client with a whitelisted IP address to connect.

Security Groups Fundamentals

This screencast demonstrates how to implement network security in OpenNebula using Security Groups, which function as host-level firewalls that filter traffic before it reaches virtual machine network cards. Security Groups operate on a restrictive-by-default model, meaning all traffic is denied unless explicitly allowed through defined rules. The demonstration covers the complete workflow from creating security groups with specific inbound and outbound rules to assigning them at both the virtual network level and individual VM level. The tutorial uses a practical scenario with three VMs on a VXLAN EVPN network to illustrate how security groups control access to a web server running on OpenSUSE 15.

Implementation and Verification

The implementation process involves creating three distinct security groups: an outbound-sg for general internet access attached at the network level, a webserver-sg with SSH and HTTP rules for the server VM, and an rdp-sg for Windows client access. The demonstration shows how to configure rules with various parameters including protocol selection, port ranges, and target networks defined by IP addresses or network ranges. Verification is performed by deploying three VMs and testing connectivity, where one client VM with an automatically assigned IP is blocked from accessing the web server on port 80, while a second client with a specifically allowed IP address successfully connects, confirming that the security group rules are functioning as intended.

Chapters

0:00 - Introduction
0:21 - Security Groups Overview
0:55 - Configuration Options
1:33 - Demo Environment Setup
2:02 - Creating Security Groups
4:44 - Attaching to Virtual Networks
5:18 - VM Deployment and Configuration
7:29 - Testing and Verification

Key Quotes

0:21 "Consider security groups as a host-level firewall to stop the traffic flow before it reaches the virtual machine's virtual network cards."
0:41 "Security groups are restrictive by default, meaning that whatever is not explicitly allowed is denied."
1:19 "The target network field is the tricky one. The meaning of this setting is defined by the direction setting."
4:44 "In order for security groups to be effective, they must be attached to a virtual network or to an individual virtual network card on the VM."

Categories:
  • » Cybersecurity » Network Security
  • » Cybersecurity » Cloud Security
  • » Data Protection
Channels:
News:
Events:
Tags:
  • Cloud Security
  • Network Security
  • Technical Deep Dive
  • How-To
  • Demo
  • Security Groups
  • Virtual Network Security
  • Firewall Rules
  • Network Access Control
  • Cloud Infrastructure Security
  • VM Network Configuration
  • OpenNebula Administration
  • Network Segmentation
Show more Show less

Browse videos

  • Related
  • Featured
  • By date
  • Most viewed
  • Top rated
  •  

              Video's comments: Network Security Groups in OpenNebula: Setup & Testing

              Upcoming Webinar Calendar

              • 06/10/2026
                11:00 AM
                06/10/2026
                Action1: Vulnerability Digest--Patch Tuesday & Other Updates
                https://www.truthinit.com/index.php/channel/1997/action1-vulnerability-digest-patch-tuesday-other-updates/
              • 06/10/2026
                02:00 PM
                06/10/2026
                Understanding the True Costs of DIY Data Classification vs. Buying Solutions
                https://www.truthinit.com/index.php/channel/1985/understanding-the-true-costs-of-diy-data-classification-vs-buying-solutions/
              • 06/17/2026
                12:00 PM
                06/17/2026
                Action1: The Remediation Gap: Vulnerability Management in the Age of AI
                https://www.truthinit.com/index.php/channel/2010/action1-the-remediation-gap-vulnerability-management-in-the-age-of-ai/
              • 06/23/2026
                01:00 PM
                06/23/2026
                The AI-Powered VMware Alternative
                https://www.truthinit.com/index.php/channel/2009/the-ai-powered-vmware-alternative/
              • 06/24/2026
                11:00 AM
                06/24/2026
                LATAM: Accelerating Insights on AI Through an Engaging Webinar Series
                https://www.truthinit.com/index.php/channel/2012/accelerating-insights-on-ai-through-an-engaging-webinar-series/
              • 06/25/2026
                01:00 PM
                06/25/2026
                Generative AI Security: Preventing AI from Becoming a Data Breach Multiplier
                https://www.truthinit.com/index.php/channel/1998/generative-ai-security-preventing-ai-from-becoming-a-data-breach-multiplier/
              • 07/01/2026
                04:00 AM
                07/01/2026
                Sicherung von KI durch Anwendungen, Agenten und APIs gestalten
                https://www.truthinit.com/index.php/channel/2008/sicherung-von-ki-durch-anwendungen-agenten-und-apis-gestalten/
              • 07/02/2026
                10:00 AM
                07/02/2026
                Resilience Insights from Hybrid Threats When the Cloud Faces Challenges
                https://www.truthinit.com/index.php/channel/2011/resilience-insights-from-hybrid-threats-when-the-cloud-faces-challenges/

              Upcoming Events

              • Jun
                10

                Action1: Vulnerability Digest--Patch Tuesday & Other Updates

                06/10/202611:00 AM ET
                • Jun
                  10

                  Understanding the True Costs of DIY Data Classification vs. Buying Solutions

                  06/10/202602:00 PM ET
                  • Jun
                    17

                    Action1: The Remediation Gap: Vulnerability Management in the Age of AI

                    06/17/202612:00 PM ET
                    • Jun
                      23

                      The AI-Powered VMware Alternative

                      06/23/202601:00 PM ET
                      • Jun
                        24

                        LATAM: Accelerating Insights on AI Through an Engaging Webinar Series

                        06/24/202611:00 AM ET
                        More events
                        Truth in IT
                        • Sponsor
                        • About Us
                        • Terms of Service
                        • Privacy Policy
                        • Contact Us
                        • Preference Management
                        Desktop version
                        Standard version