Networking

• 1: VPC
• 1.1: Overview
• 1.1.1: ServiceWatch Metrics
• 1.2: How-to guides
• 1.2.1: Subnet
• 1.2.2: Port
• 1.2.3: Internet Gateway
• 1.2.4: NAT Gateway
• 1.2.5: Public IP
• 1.2.6: Private NAT
• 1.2.7: VPC Endpoint
• 1.2.8: VPC Peering
• 1.2.9: Transit Gateway
• 1.2.10: PrivateLink Service
• 1.2.11: PrivateLink Endpoint
• 1.2.12: NAT Logging
• 1.3: API Reference
• 1.4: CLI Reference
• 1.5: Release Note
• 2: Security Group
• 2.1: Overview
• 2.2: How-to guides
• 2.2.1: Security Group Logging
• 2.3: API Reference
• 2.4: CLI Reference
• 2.5: Release Note
• 3: Load Balancer
• 3.1: Overview
• 3.2: How-to guides
• 3.2.1: LB Server Group
• 3.2.2: LB Health Check
• 3.3: API Reference
• 3.4: CLI Reference
• 3.5: Release Note
• 4: DNS
• 4.1: Overview
• 4.1.1: TLD List
• 4.1.2: ServiceWatch Metrics
• 4.2: How-to guides
• 4.2.1: Private DNS
• 4.2.2: Hosted Zone
• 4.2.3: Public Domain Name
• 4.3: Release Note
• 5: VPN
• 5.1: Overview
• 5.1.1: ServiceWatch Metrics
• 5.2: How-to guides
• 5.2.1: VPN Tunnel
• 5.3: API Reference
• 5.4: CLI Reference
• 5.5: Release Note
• 6: Firewall
• 6.1: Overview
• 6.2: How-to guides
• 6.2.1: Firewall Logging
• 6.3: API Reference
• 6.4: CLI Reference
• 6.5: Release Note
• 7: Direct Connect
• 7.1: Overview
• 7.1.1: ServiceWatch Metrics
• 7.2: How-to guides
• 7.3: API Reference
• 7.4: CLI Reference
• 7.5: Release Note
• 8: Cloud LAN-Campus
• 8.1: Overview
• 8.2: How-to guides
• 8.3: Release Note
• 9: Cloud LAN-Data Center
• 9.1: Overview
• 9.2: How-to guides
• 9.2.1: vDevice
• 9.2.2: Interface
• 9.2.3: vCable
• 9.2.4: vEdge
• 9.3: Release Note
• 10: Cloud WAN
• 10.1: Overview
• 10.1.1: Monitoring Metrics
• 10.2: How-to guides
• 10.3: Release Note
• 11: SASE
• 11.1: Overview
• 11.2: How-to guides
• 11.2.1: SASE Lastmile
• 11.3: Release Note
• 12: Cloud Last Mile
• 12.1: Overview
• 12.2: How-to guides
• 12.2.1: Circuit and Edge
• 12.3: Release Note
• 13: Global CDN
• 13.1: Overview
• 13.1.1: ServiceWatch Metrics
• 13.2: How-to guides
• 13.3: API Reference
• 13.4: CLI Reference
• 13.5: Release Note
• 14: GSLB
• 14.1: Overview
• 14.2: How-to guides
• 14.3: API Reference
• 14.4: CLI Reference
• 14.5: Release Note
• 15: Cloud Virtual Circuit
• 15.1: Overview
• 15.2: How-to guides
• 15.3: Release Note
• 16: Private 5G Cloud
• 16.1: Overview
• 16.2: How-to guides
• 16.3: Release Note

1 - VPC

1.1 - Overview

Service Overview

Samsung Cloud Platform provides VPC service to support the use of logically isolated customer-dedicated private network spaces in the cloud environment.
VPC (Virtual Private Cloud) is a service that provides logically isolated customer-dedicated private network spaces in the cloud environment. You can create General Subnets for public or private use, and Local Subnets for server-to-server communication according to your purpose. You can freely choose NAT Gateway and Internet Gateway to configure various networks. You can create multiple VPCs and operate them independently. You can configure connections between VPCs through VPC Peering.

Service Architecture

Components

Subnet

Subnet refers to the IP address range of a VPC. You can create subnets for public or private use using General Subnets according to your purpose. It is a service that allows users to subdivide networks according to their purpose/scale within a VPC. Subnet provides General Subnet and Local Subnet for server-to-server communication.

• General Subnet Create/View/Delete: This is the subnet created by default when creating a VPC, and you use the subnet according to your purpose. For example, you can distinguish and use it as a Public Subnet that can access the internet and a Private Subnet that cannot access the internet.

• VPC Endpoint Subnet Create/View/Delete: You can create an entry point to the VPC that allows access to Samsung Cloud Platform through a private connection from an external network connected to the VPC.

• Local Subnet Create/View/Delete: This is a subnet that allows only direct connections between Virtual Server-Virtual Server or Bare Metal Server-Bare Metal Server without connecting to other subnets or external access. Only Virtual Server-Virtual Server settings within the VPC are possible.

Subnet Types

Sub_network refers to a subdivided IP address area in small units for use in an IP network. Subnet types are divided according to how routing for the subnet is configured.

Internet Gateway

You can create an Internet Gateway and connect it to a VPC, view detailed information, or delete unused Internet Gateways. You can connect VPC resources to the internet using the Internet Gateway.
You can assign a Public IP to instances and load balancers that can be connected from the outside by connecting to the internet.

NAT Gateway

You can create a NAT Gateway and connect it to a subnet, view detailed information, or delete unused NAT Gateways.
To create a NAT Gateway for a subnet, you must first create an Internet Gateway and connect it to the VPC. When you create a NAT Gateway, internet access is allowed for all resources belonging to the subnet. Apply firewall rules to restrict internet access.
NAT Gateway can be created for the General type, and it is a service that maps one representative public IP for Virtual Servers without public IP NAT mapping for outbound internet use.

Public IP

If you want to use the same IP address every time you stop and start an instance, you reserve and assign a Public IP.
It is a service that creates a desired public IP within Samsung Cloud Platform’s available Public IP Pool and assigns it to Compute resources.
Even if the Compute resource assigned with the specified Public IP is rebooted, the IP does not change.

Port

Provides a connection point to connect a single device, such as a server’s NIC, to a network. This allows additional devices beyond the default NIC.

VPC Endpoint

Provides an entry point to the VPC that allows access to Samsung Cloud Platform through a private connection from an external network connected to the VPC.

VPC Peering

You can communicate via IP through a 1:1 private route between VPCs. By default, peering between VPCs of the same account is provided, and only one connection between different accounts is allowed.

Private NAT

Compute resources within a VPC can connect by mapping customer network IPs using Direct Connect.

Transit Gateway

Transit Gateway is a gateway service that easily connects customer networks and Samsung Cloud Platform’s networks and acts as a connection hub for multiple VPCs within the cloud environment.
Through Transit Gateway, you can configure various network topologies as desired. In addition, you can thoroughly manage security by providing independent firewall configuration and routing functions for each connected network section.

PrivateLink

It is a service that connects a private path between the VPC and SCP services without exposing internal data of Samsung Cloud Platform to the internet.

• PrivateLink Service is for service providers, and PrivateLink Endpoint is for service users.

Constraints

Samsung Cloud Platform’s VPC limits the number of VPCs and Subnets created as follows.

Prerequisites

VPC has no prerequisites.

1.1.1 - ServiceWatch Metrics

VPC - Internet Gateway sends metrics to ServiceWatch. The metrics provided as basic monitoring are data collected at 5-minute intervals.

Basic Metrics

Internet Gateway

The following are the basic metrics for the namespace Internet Gateway.

The metrics with bold metric names below are metrics selected as key metrics among the basic metrics provided by Internet Gateway. Key metrics are used to configure service dashboards that are automatically built for each service in ServiceWatch.

For each metric, the user guide informs which statistical value is meaningful when querying that metric, and the statistical value marked in bold among meaningful statistics is the key statistical value. In the service dashboard, you can view key metrics through key statistical values.

1.2 - How-to guides

Users can create VPC services by entering required information and selecting detailed options through the Samsung Cloud Platform Console.

Create VPC

You can create and use VPC services in the Samsung Cloud Platform Console.

To create a VPC, follow these steps:

1. Click All Services > Networking > VPC menu. You will be redirected to the VPC Service Home page.

2. Click the Create VPC button on the Service Home page. You will be redirected to the Create VPC page.

   • Enter or select the required information in the Service Information section.

     Category	Required	Description
     VPC Name	Required	Name of the VPC to create Enter 3-20 characters using uppercase/lowercase letters and numbers
     IP Range	Required	IP range to use Enter in IP range format within /16 ~ /28 range Example: 192.168.0.0/24
     Description	Optional	Enter description for VPC

     Table. VPC Service Information Input Items
   • Enter or select the required information in the Additional Information section.

     Category	Required	Description
     Tags	Optional	Add tags Up to 50 tags per resource Click Add Tag button and enter or select Key, Value values

     Table. VPC Additional Information Input Items

3. On the Summary panel, verify the detailed information and estimated billing amount, then click the Create button.

   • After creation is complete, verify the created resource on the VPC List page.

View VPC Details

VPC services allow you to view and modify the entire resource list and detailed information. The VPC Details page consists of Details, IP Range Management, Tags, Operation History tabs.

To view VPC details, follow these steps:

1. Click All Services > Networking > VPC menu. You will be redirected to the VPC Service Home page.
2. Click the VPC menu on the Service Home page. You will be redirected to the VPC List page.
3. Click the resource for which you want to view detailed information on the VPC List page. You will be redirected to the VPC Details page.
   • The VPC Details page displays status information and additional feature information, and consists of Details, IP Range Management, Tags, Operation History tabs.

     Category	Description
     Status	VPC status Active: Operating normally Deleting: Deletion in progress Creating: Creation in progress Error: Current status cannot be confirmed If it occurs continuously, contact the registered administrator
     Terminate Service	Button to terminate the service Since terminating the service may immediately stop the operating service, proceed with the termination operation after fully considering the impact caused by service interruption

     Table. VPC Status Information and Additional Features

Details

On the VPC List page, you can view the detailed information of the selected resource and modify it if necessary.

IP Range Management

On the VPC List page, you can view the IP range information connected to the selected resource and add IP ranges.

Tags

On the VPC List page, you can view the tag information of the selected resource and add, modify, or delete tags.

Operation History

On the VPC List page, you can view the operation history of the selected resource.

Terminate VPC

You can reduce operating costs by terminating unused VPCs.

To terminate a VPC, follow these steps:

1. Click All Services > Networking > VPC menu. You will be redirected to the VPC Service Home page.
2. Click the VPC menu on the Service Home page. You will be redirected to the VPC List page.
3. Select the resource to terminate on the VPC List page and click the Terminate Service button.
4. After termination is complete, verify that the resource has been terminated on the VPC List page.

1.2.1 - Subnet

Create Subnet

You can create and use VPC Subnet services in the Samsung Cloud Platform Console.

To create a Subnet, follow these steps:

1. Click All Services > Networking > VPC menu. You will be redirected to the VPC Service Home page.

2. Click the Create Subnet button on the Service Home page. You will be redirected to the Create Subnet page.

   • Enter or select the required information in the Service Information section.

     Category	Required	Description
     Subnet Type	Required	Select subnet type General: Can configure Public and Private Local: Can specify by selecting between Virtual Server and Bare Metal Server Local Subnet is a subnet for server-to-server communication only and cannot communicate externally VPC Endpoint: Can configure VPC Endpoint
     VPC Name	Required	Select the VPC to connect the subnet from the list of currently created VPCs Click + Create New to create a VPC and then select
     VPC IP Range	Optional	Automatically enters the CIDR range of the selected VPC
     Subnet Name	Required	Name of the Subnet to create Enter 3-20 characters using uppercase/lowercase letters and numbers
     IP Range	Required	IP range to use Enter in IP range format within /16 ~ /28 range Example: 192.168.0.0/24 IP range cannot be used in duplicate with IP ranges currently in use in the VPC (other subnets)
     Gateway IP	Required	Displays the Gateway IP address of the Subnet The first IP of the entered IP range is automatically entered Cannot be modified after service creation

     Table. Subnet Service Information Input Items
   • Enter or select the required information in the Additional Information section.

     Category	Required	Description
     Description	Optional	Enter description for Subnet
     IP Allocation Range	Optional	Can set range within the IP range to use Select from entire IP range or individual specification Subnet child resources are assigned IPs within the entered entire IP range or the range individually specified by the user When selecting individual specification, enter the start IP address and end IP address
     DNS Name Server	Optional	Enter DNS Name Server IP after selecting Enable
     Host Route	Optional	Enter host route after selecting Enable Enter destination IP range and Next Hop IP address Destination IP ranges must not overlap with each other
     Tags	Optional	Add tags Up to 50 tags per resource Click Add Tag button and enter or select Key, Value values

     Table. Subnet Additional Information Input Items

3. On the Summary panel, verify the detailed information and estimated billing amount, then click the Create button.

   • After creation is complete, verify the created resource on the Subnet List page.

View Subnet Details

Subnet services allow you to view and modify the entire resource list and detailed information. The Subnet Details page consists of Details, Virtual IP Management, Tags, Operation History tabs.

To view Subnet details, follow these steps:

1. Click All Services > Networking > VPC menu. You will be redirected to the VPC Service Home page.
2. Click the Subnet button on the Service Home page. You will be redirected to the Subnet List page.
3. Click the resource for which you want to view detailed information on the Subnet List page. You will be redirected to the Subnet Details page.
   • The Subnet Details page displays status information and additional feature information, and consists of Details, Virtual IP Management, Tags, Operation History tabs.

     Category	Description
     Status	Subnet status Creating: Creation in progress Active: Operating normally Editing: Modification in progress Deleting: Deletion in progress Failed: Failed to create Error: Current status unknown If it occurs continuously, contact the registered administrator
     Delete Subnet	Subnet deletion button

     Table. Subnet Status Information and Additional Features

Details

On the Subnet List page, you can view the operation history of the selected resource.

Virtual IP Management

On the Subnet List page, you can view the virtual IP information of the selected resource, reserve, or delete it.

Tags

On the Subnet List page, you can view the tag information of the selected resource and add, modify, or delete tags.

Operation History

On the Subnet List page, you can view the operation history of the selected resource.

Manage Virtual IP

You can reserve or manage Virtual IPs to use in the Subnet.

Reserve Virtual IP

You can reserve a Virtual IP to use in the Subnet.

To reserve a Virtual IP, follow these steps:

1. Click All Services > Networking > VPC menu. You will be redirected to the VPC Service Home page.
2. Click the Subnet button on the Service Home page. You will be redirected to the Subnet List page.
3. Click the resource for which you want to reserve a Virtual IP on the Subnet List page. You will be redirected to the Subnet Details page.
4. Click the Virtual IP Management tab on the Subnet Details page. You will be redirected to the Virtual IP Management tab page.
5. Click the Reserve Virtual IP button on the Virtual IP Management tab page. The Virtual IP reservation window opens.
6. Set the detailed items in the Reserve Virtual IP window and click Confirm.
   • Virtual IP: If you select Auto Generate, the automatically generated IP is reserved. If you select Input, you can reserve the IP you entered directly.
   • Description: Enter additional description for the Virtual IP.
7. When the reservation confirmation window appears, click Confirm.

View Virtual IP Details

You can view the detailed information of a Virtual IP.

To view the detailed information of a Virtual IP, follow these steps:

1. Click All Services > Networking > VPC menu. You will be redirected to the VPC Service Home page.
2. Click the Subnet button on the Service Home page. You will be redirected to the Subnet List page.
3. Click the resource for which you want to reserve a Virtual IP on the Subnet List page. You will be redirected to the Subnet Details page.
4. Click the Virtual IP Management tab on the Subnet Details page. You will be redirected to the Virtual IP Management tab page.
5. Click the resource you want to view on the Virtual IP Management tab page. You will be redirected to the Virtual IP Details page.
   • The Virtual IP Details page displays connected ports and detailed information.

     Category	Description
     Virtual IP	Virtual IP address
     Public NAT IP	Public NAT IP address and status Can modify by clicking Edit icon After setting Enable, can select existing IP or create and add Public NAT IP cannot be modified after setting, needs to be reset when changing
     Connected Port	Port information connected to Virtual IP Click Add button to add connected port, can connect existing port or create and add Click Delete button to delete connected port
     Description	Virtual IP description Can modify by clicking Edit icon
     Creator	User who reserved the Virtual IP
     Created At	Date and time when Virtual IP was reserved
     Modifier	User who modified Virtual IP information
     Modified At	Date and time when Virtual IP information was modified

     Table. Virtual IP Details Items

Delete Subnet

You can delete unused Subnets.

To delete a Subnet, follow these steps:

1. Click All Services > Networking > VPC menu. You will be redirected to the VPC Service Home page.
2. Click the Subnet menu on the Service Home page. You will be redirected to the Subnet List page.
3. Click the resource to delete on the Subnet List page. You will be redirected to the Subnet Details page.
4. Click the Delete button on the Subnet Details page.
5. After deletion is complete, verify that the resource has been deleted on the Subnet List.

Prerequisites

This is a list of services that must be configured in advance before creating this service. Please prepare in advance by referring to the guides provided for each service for more details.

1.2.2 - Port

Create Port

You can create and use Port services in the Samsung Cloud Platform Console.

To create a Port, follow these steps:

1. Click All Services > Networking > VPC menu. You will be redirected to the VPC Service Home page.

2. Click the Create Port button on the Service Home page. You will be redirected to the Create Port page.

   • Enter or select the required information in the Service Information section.

     Category	Required	Description
     VPC Name	Required	Select the VPC to create the Port Click + Create New to create a VPC and then select
     Subnet Name	Required	Select the Subnet to create the Port Click + Create New to create a Subnet and then select
     Port Name	Required	Name that can easily identify the Port Enter 3-20 characters using letters, numbers, -
     IP Allocation Method	Required	Select IP allocation method Automatic Allocation: IP is automatically allocated within the Subnet’s IP allocation range Manual Input: The entered IP within the Subnet’s range is allocated When selecting Manual Input, enter the IP address to use for the Port in Fixed IP Address
     Description	Optional	Enter description for Port
     Security Group	Optional	When selecting Enable, can select up to 5 Security Groups

     Table. Port Service Information Input Items
   • Enter or select the required information in the Additional Information section.

     Category	Required	Description
     Tags	Optional	Add tags Up to 50 tags per resource Click Add Tag button and enter or select Key, Value values

     Table. Port Additional Information Input Items

3. On the Summary panel, verify the detailed information and estimated billing amount, then click the Create button.

   • After creation is complete, verify the created resource on the Port List page.

View Port Details

Port services allow you to view and modify the entire resource list and detailed information. The Port Details page consists of Details, Tags, Operation History tabs.

To view Port details, follow these steps:

1. Click All Services > Networking > VPC menu. You will be redirected to the VPC Service Home page.
2. Click the Port menu on the Service Home page. You will be redirected to the Port List page.
3. Click the resource (Port name) for which you want to view detailed information on the Port List page. You will be redirected to the Port Details page.
   • The Port Details page displays status information and additional feature information, and consists of Details, Tags, Operation History tabs.

     Category	Description
     Status	Port status Active: Operating normally Down: Not connected to resource, or connected but not operating Error: Current status cannot be confirmed If it occurs continuously, contact the registered administrator
     Delete Port	Button to delete Port

     Table. Port Status Information and Additional Features

Details

On the Port List page, you can view the detailed information of the selected resource and modify it if necessary.

Tags

On the Port List page, you can view the tag information of the selected resource and add, modify, or delete tags.

Operation History

On the Port List page, you can view the operation history of the selected resource.

Delete Port

You can reduce operating costs by deleting unused Ports.

To delete a Port, follow these steps:

1. Click All Services > Networking > VPC menu. You will be redirected to the VPC Service Home page.
2. Click the Port menu on the Service Home page. You will be redirected to the Port List page.
3. Click the resource (Port name) to delete on the Port List page. You will be redirected to the Port Details page.
4. Click the Delete Port button on the Port Details page.
5. After deletion is complete, verify that the resource has been deleted on the Port List.

Prerequisites

This is a list of services that must be configured in advance before creating this service. Please prepare in advance by referring to the guides provided for each service for more details.

1.2.3 - Internet Gateway

Create Internet Gateway

You can create and use Internet Gateway services in the Samsung Cloud Platform Console.

To create an Internet Gateway, follow these steps:

1. Click All Services > Networking > VPC menu. You will be redirected to the VPC Service Home page.
2. Click the Create Internet Gateway button on the Service Home page. You will be redirected to the Create Internet Gateway page.
   • Enter or select the required information in the Service Information section.

     Category	Required	Description
     VPC Name	Required	Select the VPC to connect to the Internet Gateway Click + Create New to create a VPC and then select
     Type	Required	Select Internet Gateway type Select from Dedicated Internet Gateway, Secured Internet Gateway, Group Gateway
     Internet Gateway Name	Optional	Automatically generated as IGW_{VPC Name}
     Description	Optional	Enter description for Internet Gateway
     Use Firewall	Optional	Select whether to use Firewall
     Store Firewall Logs	Optional	Select whether to store Firewall logs Store access logs when using Firewall For more information, refer to Use Firewall Log Storage

     Table. Internet Gateway Service Information Input Items
   • Enter or select the required information in the Additional Information section.

     Category	Required	Description
     Tags	Optional	Add tags Up to 50 tags per resource Click Add Tag button and enter or select Key, Value values

     Table. Internet Gateway Additional Information Input Items

3. On the Summary panel, verify the detailed information and estimated billing amount, then click the Create button.
   • After creation is complete, verify the created resource on the Internet Gateway List page.

View Internet Gateway Details

Internet Gateway services allow you to view and modify the entire resource list and detailed information. The Internet Gateway Details page consists of Details, Tags, Operation History tabs.

To view Internet Gateway details, follow these steps:

1. Click All Services > Networking > VPC menu. You will be redirected to the VPC Service Home page.
2. Click the Internet Gateway menu on the Service Home page. You will be redirected to the Internet Gateway List page.
3. Click the resource for which you want to view detailed information on the Internet Gateway List page. You will be redirected to the Internet Gateway Details page.
   • The Internet Gateway Details page displays status information and additional feature information, and consists of Details, Tags, Operation History tabs.

     Category	Description
     Status	Internet Gateway status Creating: Resource creation in progress Active: Normal connection status Deleting: Deletion in progress Error: Current status cannot be confirmed If it occurs continuously, contact the registered administrator
     Delete Internet Gateway	Internet Gateway deletion button

     Table. Internet Gateway Status Information and Additional Features

Details

On the Internet Gateway List page, you can view the detailed information of the selected resource and modify it if necessary.

Tags

On the Internet Gateway List page, you can view the tag information of the selected resource and add, modify, or delete tags.

Operation History

On the Internet Gateway List page, you can view the operation history of the selected resource.

Manage Internet Gateway Resources

You can manage resources such as using NAT log storage.

Use NAT Log Storage

To use NAT log storage, follow these steps:

1. Click All Services > Networking > VPC menu. You will be redirected to the VPC Service Home page.
2. Click the Internet Gateway menu on the Service Home page. You will be redirected to the Internet Gateway List page.
3. Click the resource for which you want to view detailed information on the Internet Gateway List page. You will be redirected to the Internet Gateway Details page.
4. Click the Modify NAT Log Storage button. You will be redirected to the Modify NAT Log Storage popup window.
5. Select Enable for log storage in the Modify NAT Log Storage popup window and click the Confirm button.

Disable NAT Log Storage

To disable NAT log storage, follow these steps:

1. Click All Services > Networking > VPC menu. You will be redirected to the VPC Service Home page.
2. Click the Internet Gateway menu on the Service Home page. You will be redirected to the Internet Gateway List page.
3. Click the resource for which you want to view detailed information on the Internet Gateway List page. You will be redirected to the Internet Gateway Details page.
4. Click the Modify NAT Log Storage button. You will be redirected to the Modify NAT Log Storage popup window.
5. Deselect Enable for log storage in the Modify NAT Log Storage popup window and click the Confirm button.
6. Verify the message in the Notification popup window and click the Confirm button.

Delete Internet Gateway

To delete an Internet Gateway, follow these steps:

1. Click All Services > Networking > VPC menu. You will be redirected to the VPC Service Home page.
2. Click the Internet Gateway menu on the Service Home page. You will be redirected to the Internet Gateway List page.
3. Click the resource to delete on the Internet Gateway List page. You will be redirected to the Internet Gateway Details page.
4. Click the Delete button on the Internet Gateway Details page.
5. After deletion is complete, verify that the resource has been deleted on the Internet Gateway List.

Prerequisites

This is a list of services that must be configured in advance before creating this service. Please prepare in advance by referring to the guides provided for each service for more details.

1.2.4 - NAT Gateway

Create NAT Gateway

You can create and use NAT Gateway services in the Samsung Cloud Platform Console.

To create a NAT Gateway, follow these steps:

1. Click All Services > Networking > VPC menu. You will be redirected to the VPC Service Home page.
2. Click the Create NAT Gateway button on the Service Home page. You will be redirected to the Create NAT Gateway page.
   • Enter or select the required information in the Service Information section.

     Category	Required	Description
     VPC Name	Required	Select the VPC to connect Click + Create New to create a VPC and then select
     Subnet Name	Required	Select the connected Subnet Click + Create New to create a Subnet and then select
     NAT Gateway Name	Optional	Created as NAT_GW_{Subnet Name}
     IP for NAT Gateway	Required	Select Public IP for NAT Gateway Click + Create New to create an IP and then select
     Description	Optional	Enter description for NAT Gateway

     Table. NAT Gateway Service Information Input Items
   • Enter or select the required information in the Additional Information section.

     Category	Required	Description
     Tags	Optional	Add tags Up to 50 tags per resource Click Add Tag button and enter or select Key, Value values

     Table. NAT Gateway Additional Information Input Items
3. On the Summary panel, verify the detailed information and estimated billing amount, then click the Create button.
   • After creation is complete, verify the created resource on the NAT Gateway List page.

View NAT Gateway Details

NAT Gateway services allow you to view and modify the entire resource list and detailed information. The NAT Gateway Details page consists of Details, Tags, Operation History tabs.

1. Click All Services > Networking > VPC menu. You will be redirected to the VPC Service Home page.
2. Click the NAT Gateway menu on the Service Home page. You will be redirected to the NAT Gateway List page.
3. Click the resource for which you want to view detailed information on the NAT Gateway List page. You will be redirected to the NAT Gateway Details page.
   • The NAT Gateway Details page displays status information and additional feature information, and consists of Details, Tags, Operation History tabs.

     Category	Description
     Status	NAT Gateway status Creating: Creation in progress Active: Operating normally Deleting: Deletion in progress
     Delete NAT Gateway	Button to terminate the service Terminate NAT Gateway if there are no connected services Since terminating the service may immediately stop the operating service, proceed with the termination operation after fully considering the impact caused by service interruption

     Table. NAT Gateway Status Information and Additional Features

Details

On the NAT Gateway List page, you can view the detailed information of the selected resource and modify it if necessary.

Tags

On the NAT Gateway List page, you can view the tag information of the selected resource and add, modify, or delete tags.

Operation History

On the NAT Gateway List page, you can view the operation history of the selected resource.

Delete NAT Gateway

To delete a NAT Gateway, follow these steps:

1. Click All Services > Networking > VPC menu. You will be redirected to the VPC Service Home page.
2. Click the NAT Gateway menu on the Service Home page. You will be redirected to the NAT Gateway List page.
3. Click the resource for which you want to view detailed information on the NAT Gateway List page. You will be redirected to the NAT Gateway Details page.
4. Click the Delete button on the NAT Gateway Details page.
5. After deletion is complete, verify that the resource has been deleted on the NAT Gateway List.

Prerequisites

This is a list of services that must be configured in advance before creating this service. Please prepare in advance by referring to the guides provided for each service for more details.

1.2.5 - Public IP

Create Public IP

You can create and use Public IP services in the Samsung Cloud Platform Console.

To create a Public IP, follow these steps:

1. Click All Services > Networking > VPC menu. You will be redirected to the VPC Service Home page.

2. Click the Reserve Public IP button on the Service Home page. You will be redirected to the Reserve Public IP page.

   • Enter or select the required information in the Service Information section.

     Category	Required	Description
     Type	Required	Select the Gateway to reserve Public IP Default: Internet Gateway
     Description	Optional	Enter description for Public IP

     Table. Public IP Service Information Input Items
   • Enter or select the required information in the Additional Information section.

     Category	Required	Description
     Tags	Optional	Add tags Up to 50 tags per resource Click Add Tag button and enter or select Key, Value values

     Table. Public IP Additional Information Input Items

3. On the Summary panel, verify the detailed information and estimated billing amount, then click the Create button.

   • After creation is complete, verify the created resource on the Public IP List page.

View Public IP Details

Public IP services allow you to view and modify the entire resource list and detailed information. The Public IP Details page consists of Details, Tags, Operation History tabs.

To view Public IP details, follow these steps:

1. Click All Services > Networking > VPC menu. You will be redirected to the VPC Service Home page.
2. Click the Public IP menu on the Service Home page. You will be redirected to the Public IP List page.
3. Click the resource for which you want to view detailed information on the Public IP List page. You will be redirected to the Public IP Details page.
   • The Public IP Details page displays status information and additional feature information, and consists of Details, Tags, Operation History tabs.

     Category	Description
     Status	Public IP status Attached: Connected state Reserved: Reserved state Error: Current status unknown If it occurs continuously, contact the registered administrator
     Release Public IP	Public IP release button

     Table. Public IP Status Information and Additional Features

Details

On the Public IP List page, you can view the detailed information of the selected resource and modify it if necessary.

Tags

On the Public IP List page, you can view the tag information of the selected resource and add, modify, or delete tags.

Operation History

On the Public IP List page, you can view the operation history of the selected resource.

Release Public IP

To delete a Public IP, follow these steps:

1. Click All Services > Networking > VPC menu. You will be redirected to the VPC Service Home page.
2. Click the Public IP button on the Service Home page. You will be redirected to the Public IP List page.
3. Click the resource for which you want to view detailed information on the Public IP List page. You will be redirected to the Public IP Details page.
4. Click the Release Public IP button on the Public IP Details page.
5. After release is complete, verify that the resource has been deleted on the Public IP List.

Prerequisites

This is a service that must be installed in advance before creating this service. Please prepare by referring to the user guide provided in advance.

1.2.6 - Private NAT

Users can create the Private NAT service by entering required information and selecting detailed options through the Samsung Cloud Platform Console.

Creating Private NAT

You can create and use the Private NAT service in the Samsung Cloud Platform Console.

Follow these steps to create a Private NAT.

1. Click the All Services > Networking > VPC menu. You will be navigated to the VPC’s Service Home page.
2. Click the Create Private NAT button on the Service Home page. You will be navigated to the Create Private NAT page.
   • Enter or select the required information in the Enter Service Information section.

     Division	Required	Detailed Description
     Private NAT Name	Required	Enter the Private NAT name Enter 3 to 20 characters using English letters and numbers
     Connected Resource Type	Required	Select the connected resource to connect to Private NAT Can select from Direct Connect, Transit Gateway
     Connected Resource Name	Required	Display the name of the selected connected resource Click + Create New in the list to create a connected resource
     NAT IP Range	Required	Enter the NAT IP range to use Enter in CIDR format such as 192.168.2.0/23 Cannot overlap with connected VPC IP or other Private NAT IP ranges
     Description	Optional	Enter a description for the Private NAT

     Table. Private NAT Service Information Input Items

* Enter or select the required information in the **Enter Additional Information** section.

Viewing Private NAT Detail Information

You can view and modify the entire resource list and detailed information of the Private NAT service. The Private NAT Detail page consists of Detail Information, IP Management, Tags, Task History tabs.

Follow these steps to view Private NAT detail information.

1. Click the All Services > Networking > VPC menu. You will be navigated to the VPC’s Service Home page.
2. Click the Private NAT menu on the Service Home page. You will be navigated to the Private NAT List page.
3. Click the resource for which you want to view detailed information on the Private NAT List page. You will be navigated to the Private NAT Detail page.
   • The Private NAT Detail page displays status information and additional feature information, and consists of Detail Information, IP Management, Tags, Task History tabs.

     Division	Detailed Description
     Status	Private NAT status Active: Running Creating: Creating Deleting: Deleting Error: Error occurred
     Delete Private NAT	Button to delete Private NAT

     Table. Private NAT Status Information and Additional Features

Detail Information

You can view the detailed information of the resource selected on the Private NAT List page, and modify the information if necessary.

IP Management

You can view Private NAT IPs on the Private NAT List page, and reserve or release them.

Tags

You can view the tag information of the resource selected on the Private NAT List page, and add, change, or delete tags.

Task History

You can view the task history of the resource selected on the Private NAT List page.

Managing Private NAT IP

You can reserve or release Private NAT IPs.

Reserving Private NAT IP

Follow these steps to reserve a Private NAT IP.

1. Click the All Services > Networking > VPC menu. You will be navigated to the VPC’s Service Home page.
2. Click the Private NAT menu on the Service Home page. You will be navigated to the Private NAT List page.
3. Click the resource for which you want to reserve an IP on the Private NAT List page. You will be navigated to the Private NAT Detail page.
4. Click the IP Management tab on the Private NAT Detail page. You will be navigated to the IP Management tab page.
5. Click the Reserve Private NAT IP button on the IP Management tab page. The Private NAT IP reservation window appears.
6. Enter the Private NAT IP to use in the Private NAT IP reservation window and click the OK button. A notification confirmation window appears.
7. Click the OK button in the notification confirmation window. Verify that the resource item has been added to the IP list.

Releasing Private NAT IP

Follow these steps to release a Private NAT IP.

1. Click the All Services > Networking > VPC menu. You will be navigated to the VPC’s Service Home page.
2. Click the Private NAT menu on the Service Home page. You will be navigated to the Private NAT List page.
3. Click the resource for which you want to reserve an IP on the Private NAT List page. You will be navigated to the Private NAT Detail page.
4. Click the IP Management tab on the Private NAT Detail page. You will be navigated to the IP Management tab page.
5. Click the Release button for the IP item you want to release on the IP Management tab page. A notification confirmation window appears.
6. Verify that the selected resource has been deleted from the IP list.

Deleting Private NAT

You can reduce operating costs by terminating unused Private NATs.

Follow these steps to terminate a Private NAT.

1. Click the All Services > Networking > VPC menu. You will be navigated to the VPC’s Service Home page.
2. Click the Private NAT menu on the Service Home page. You will be navigated to the Private NAT List page.
3. Click the resource you want to delete on the Private NAT List page. You will be navigated to the Private NAT Detail page.
4. Click the Delete Private NAT button on the Private NAT Detail page.
5. When termination is complete, verify that the resource has been deleted in the Private NAT List.

Prerequisite Services

These are services that must be installed in advance before creating this service. Please prepare by referring to the previously notified user guide.

1.2.7 - VPC Endpoint

Create VPC Endpoint

You can create and use VPC Endpoint services in the Samsung Cloud Platform Console.

To create a VPC Endpoint, follow these steps:

1. Click All Services > Networking > VPC menu. You will be redirected to the VPC Service Home page.

2. Click the Create VPC Endpoint button on the Service Home page. You will be redirected to the Create VPC Endpoint page.

   • Enter or select the required information in the Service Information section.

     Category	Required	Description
     VPC Name	Required	Select the VPC to create the Endpoint Click + Create New to create a VPC and then select
     Usage > Target Service	Required	Select the target service to create the VPC Endpoint
     Usage > Connected Resource	Required	Select the resource to create the VPC Endpoint
     VPC Endpoint Name	Required	Enter the VPC Endpoint name Enter 3-20 characters using letters and numbers
     VPC Endpoint IP > Subnet Name	Required	Select the VPC Endpoint Subnet Click + Create New to create a Subnet and then select
     VPC Endpoint IP > IP	Required	Enter the IP to use as VPC Endpoint Example: 192.168.x.x
     Description	Optional	Enter description for VPC Endpoint

     Table. VPC Endpoint Service Information Input Items
   • Enter or select the required information in the Additional Information section.

     Category	Required	Description
     Tags	Optional	Add tags Up to 50 tags per resource Click Add Tag button and enter or select Key, Value values

     Table. VPC Endpoint Additional Information Input Items
     Note

     After registering a VPC Endpoint, you must configure Direct Connect firewall settings to integrate with Samsung Cloud Platform internal services. Refer to the port information for each service to register firewall rules.

     Service	Port Information
     DNS	TCP 53, UDP 53
     Object Storage	TCP 8080, 8443, 80, 443, 4430
     File Storage	(NFS) TCP/UDP common 111, 300, 302, 304, 2049, 635, 4045, 4046, 4049 (CIFS) UDP 135, 137, 138, 389 / TCP 135, 139, 445, 40001
     Container Registry (Auth Server, Registry)	TCP 443

     Table. Allowed Port Information by Target Service

3. On the Summary panel, verify the detailed information and estimated billing amount, then click the Create button.

   • After creation is complete, verify the created resource on the VPC Endpoint List page.

View VPC Endpoint Details

VPC Endpoint services allow you to view and modify the entire resource list and detailed information. The VPC Endpoint Details page consists of Details, Tags, Operation History tabs.

To view Endpoint details, follow these steps:

1. Click All Services > Networking > VPC menu. You will be redirected to the VPC Service Home page.
2. Click the VPC Endpoint menu on the Service Home page. You will be redirected to the VPC Endpoint List page.
3. Click the resource for which you want to view detailed information on the VPC Endpoint List page. You will be redirected to the VPC Endpoint Details page.
   • The VPC Endpoint Details page displays status information and additional feature information, and consists of Details, Tags, Operation History tabs.

     Category	Description
     Status	VPC Endpoint status Active: Operating normally Creating: Creation in progress Deleting: Deleting resource connection Deleted: Resource connection deleted
     Delete VPC Endpoint	Button to delete VPC Endpoint connection resource

     Table. VPC Endpoint Status Information and Additional Features

Details

On the VPC Endpoint List page, you can view the detailed information of the selected resource and modify it if necessary.

Tags

On the VPC Endpoint List page, you can view the tag information of the selected resource and add, modify, or delete tags.

Operation History

On the VPC Endpoint List page, you can view the operation history of the selected resource.

Delete VPC Endpoint

You can reduce operating costs by terminating unused Endpoints.

To terminate a VPC Endpoint, follow these steps:

1. Click All Services > Networking > VPC menu. You will be redirected to the VPC Service Home page.
2. Click the VPC Endpoint menu on the Service Home page. You will be redirected to the VPC Endpoint List page.
3. Click the resource to delete on the VPC Endpoint List page. You will be redirected to the VPC Endpoint Details page.
4. Click the Delete Endpoint button on the VPC Endpoint Details page.
5. After termination is complete, verify that the resource has been deleted on the VPC Endpoint List.

Prerequisites

This is a list of services that must be configured in advance before creating this service. Please prepare in advance by referring to the guides provided for each service.

1.2.8 - VPC Peering

Users can create VPC Peering services by entering required information and selecting detailed options through the Samsung Cloud Platform Console.

Create VPC Peering

You can create and use VPC Peering services in the Samsung Cloud Platform Console.

To create a VPC Peering, follow these steps:

1. Click All Services > Networking > VPC menu. You will be redirected to the VPC Service Home page.
2. Click the Create VPC Peering button on the Service Home page. You will be redirected to the Create VPC Peering page.
   • Enter or select the required information in the Service Information section.

     Category	Required	Description
     VPC Peering Name	Required	Enter the VPC Peering name Enter 3-20 characters using letters and numbers
     Request VPC Name	Required	Select the VPC to request VPC Peering Click + Create New in the list to create a VPC
     Approval Account	Required	Select the Account of the VPC to approve VPC Peering and then select that VPC or enter information When selecting Same account, select the approval VPC name Click + Create New in the list to create a VPC When selecting Different account, enter the approval Account ID and approval VPC ID
     Description	Optional	Enter description for VPC Peering

     Table. VPC Peering Service Information Input Items
   • Enter or select the required information in the Additional Information section.

     Category	Required	Description
     Tags	Optional	Add tags Up to 50 tags per resource Click Add Tag button and enter or select Key, Value values

     Table. VPC Peering Additional Information Input Items
3. On the Summary panel, verify the detailed information and estimated billing amount, then click the Create button.
   • If connecting to a VPC of a different Account, the connection operation may take time as Peering proceeds after the approval process.
   • After creation is complete, verify the created resource on the VPC Peering List page.

View VPC Peering Details

VPC Peering services allow you to view and modify the entire resource list and detailed information. The VPC Peering Details page consists of Details, Rules, Tags, Operation History tabs.

To view VPC Peering details, follow these steps:

1. Click All Services > Networking > VPC menu. You will be redirected to the VPC Service Home page.
2. Click the VPC Peering menu on the Service Home page. You will be redirected to the VPC Peering List page.
3. Click the resource for which you want to view detailed information on the VPC Peering List page. You will be redirected to the VPC Peering Details page.
   • The VPC Peering Details page displays status information and additional feature information, and consists of Details, Rules, Tags, Operation History tabs.

     Category	Description
     Status	VPC Peering status Active: Operating Requesting: Connection or deletion request in progress Creating: Connecting Creating Requesting: Connection request in progress Deleting Requesting: Deletion request in progress Editing: Modification in progress Rejected: Approval rejected Canceled: Request canceled Error: Error occurred If it occurs continuously, contact the registered administrator
     Delete VPC Peering/Request VPC Peering Deletion	Button to request deletion of VPC Peering resource Cancel Connection Request: Can cancel if VPC Peering connection was requested Approve Connection: Can approve if VPC Peering connection request was received Can reject connection by clicking Reject Connection Cancel Deletion Request: Can cancel if VPC Peering deletion was requested Approve Deletion: Can approve if VPC Peering deletion request was received Can reject deletion by clicking Reject Deletion Request Reapproval: Request reapproval if VPC approval was rejected

     Table. VPC Peering Status Information and Additional Features

Details

On the VPC Peering List page, you can view the detailed information of the selected resource and modify it if necessary.

Rules

On the VPC Peering List page, you can view the rules connected to the selected resource, and add or delete them.

Tags

On the VPC Peering List page, you can view the tag information of the selected resource and add, modify, or delete tags.

Operation History

On the VPC Peering List page, you can view the operation history of the selected resource.

Manage VPC Peering Rules

You can add or delete rules to VPC Peering.

Add Rules

To add rules to VPC Peering, follow these steps:

1. Click All Services > Networking > VPC menu. You will be redirected to the VPC Service Home page.
2. Click the VPC Peering menu on the Service Home page. You will be redirected to the VPC Peering List page.
3. Click the resource to delete on the VPC Peering List page. You will be redirected to the VPC Peering Details page.
4. Click the Rules tab on the VPC Peering Details page. You will be redirected to the Rules tab page.
5. Click the Add Rule button on the Rules tab page. The add rule window appears.
6. Enter the source and destination in the add rule window and click the Confirm button. The notification confirmation window appears.
   • Must not duplicate with already entered rules.
   • Can enter within the IP range range of the destination VPC.
   • Must enter the same as the Subnet range.
   • Cannot use 0.0.0.0/0 as the destination IP range.
7. Click the Confirm button in the notification confirmation window. Verify that the resource item has been added to the rule list.

Delete Rules

To delete rules of VPC Peering, follow these steps:

1. Click All Services > Networking > VPC menu. You will be redirected to the VPC Service Home page.
2. Click the VPC Peering menu on the Service Home page. You will be redirected to the VPC Peering List page.
3. Click the resource to delete on the VPC Peering List page. You will be redirected to the VPC Peering Details page.
4. Click the Rules tab on the VPC Peering Details page. You will be redirected to the Rules tab page.
5. Click the Delete button of the item to delete on the Rules tab page. The notification confirmation window appears.
6. Click the Confirm button in the notification confirmation window. Verify that the selected resource has been deleted in the rule list.

Terminate VPC Peering

You can reduce operating costs by terminating unused VPC Peering.

Terminate VPC Peering in Same Account

To terminate VPC Peering within the same Account, follow these steps:

1. Click All Services > Networking > VPC menu. You will be redirected to the VPC Service Home page.
2. Click the VPC Peering menu on the Service Home page. You will be redirected to the VPC Peering List page.
3. Click the resource to delete on the VPC Peering List page. You will be redirected to the VPC Peering Details page.
4. Click the Delete VPC Peering button on the VPC Peering Details page.
5. After termination is complete, verify that the resource has been deleted on the VPC Peering List.

Terminate VPC Peering Connected to Different Account

To terminate VPC Peering connected to a different Account, follow these steps:

1. Click All Services > Networking > VPC menu. You will be redirected to the VPC Service Home page.
2. Click the VPC Peering menu on the Service Home page. You will be redirected to the VPC Peering List page.
3. Click the resource to delete on the VPC Peering List page. You will be redirected to the VPC Peering Details page.
4. Click the Request VPC Peering Deletion button on the VPC Peering Details page.
5. After termination is complete, verify that the resource has been deleted on the VPC Peering List.
   • The deletion request must be approved by the peer Account for normal termination.

Prerequisites

This is a service that must be installed in advance before creating this service. Please prepare by referring to the user guide provided in advance.

1.2.9 - Transit Gateway

Users can create the Transit Gateway service by entering required information and selecting detailed options through the Samsung Cloud Platform Console.

Creating Transit Gateway

You can create and use the Transit Gateway service in the Samsung Cloud Platform Console.

Follow these steps to create a Transit Gateway.

1. Click the All Services > Networking > VPC menu. You will be navigated to the VPC’s Service Home page.
2. Click the Create Transit Gateway button on the Service Home page. You will be navigated to the Create Transit Gateway page.
   • Enter or select the required information in the Enter Service Information section.

     Division	Required	Detailed Description
     Transit Gateway Name	Required	Enter the Transit Gateway name Enter 3 to 20 characters using English letters and numbers
     Description	Optional	Enter a description for the Transit Gateway

     Table. Transit Gateway Service Information Input Items
   • Enter or select the required information in the Enter Additional Information section.

     Division	Required	Detailed Description
     Tags	Optional	Add tags Can add up to 50 tags per resource Click the Add Tag button and then enter or select Key, Value values

     Table. Transit Gateway Additional Information Input Items
3. Review the detailed information and estimated billing cost in the Summary panel, and click the Create button.
   • When creation is complete, verify the created resource in the Transit Gateway List page.

Viewing Transit Gateway Detail Information

You can view and modify the entire resource list and detailed information of the Transit Gateway service. The Transit Gateway Detail page consists of Detail Information, Connected VPC Management, Rules, Tags, Task History tabs.

Follow these steps to view Transit Gateway detail information.

1. Click the All Services > Networking > VPC menu. You will be navigated to the VPC’s Service Home page.
2. Click the Transit Gateway menu on the Service Home page. You will be navigated to the Transit Gateway List page.
3. Click the resource for which you want to view detailed information on the Transit Gateway List page. You will be navigated to the Transit Gateway Detail page.
   • The Transit Gateway Detail page displays status information and additional feature information, and consists of Detail Information, Connected VPC Management, Rules, Tags, Task History tabs.

     Division	Detailed Description
     Status	Transit Gateway status Active: Running Creating: Creating Editing: Modifying Deleting: Deleting Error: Error occurred
     Delete Transit Gateway	Button to delete Transit Gateway resource

     Table. Transit Gateway Status Information and Additional Features

Detail Information

You can view the detailed information of the resource selected on the Transit Gateway List page, and modify the information if necessary.

Connected VPC Management

You can view VPCs connected to the resource selected on the Transit Gateway List page, and add or delete them.

Rules

You can view rules connected to the resource selected on the Transit Gateway List page, and add or delete them.

Tags

You can view the tag information of the resource selected on the Transit Gateway List page, and add, change, or delete tags.

Task History

You can view the task history of the resource selected on the Transit Gateway List page.

Managing Transit Gateway Linked Services

You can apply for, modify, and terminate Uplink and Firewall connection services required for using the Transit Gateway service.

Follow these steps to apply for Transit Gateway linked services.

1. Click the All Services > Networking > VPC menu. You will be navigated to the VPC’s Service Home page.
2. Click the Transit Gateway menu on the Service Home page. You will be navigated to the Transit Gateway List page.
3. Click the resource for which you want to delete on the Transit Gateway List page. You will be navigated to the Transit Gateway Detail page.
4. Click Linked Service (IGW,FW) Line Application/Modification/Termination Request Shortcut on the Transit Gateway Detail page. You will be navigated to the service request page.
5. Enter or select the corresponding information in the required input field on the Service Request page.

   Input Item	Detailed Description
   Title	Enter the title of the service request content Example: TGW Uplink Line Application
   Region	Select the location of Samsung Cloud Platform Automatically entered with the region corresponding to the Account
   Service	Select service category and service Service Category: Networking Service: Transit Gateway
   Task Type	Select the type you want to request TGW Uplink Line Application/Modification/Termination: After selecting task type, enter detailed information in the service request type item
   Content	Fill in detailed items of the service application form Service Request Type: Enter directly among Application / Modification / Termination Account Name/ID: Enter Account name and ID Transit Gateway Name/ID: Enter created Transit Gateway name and ID Applicant Information: Enter applicant email, phone number, etc. Service Request Task Type: Select and enter among Uplink Line Connection / BM VPC Firewall Connection Firewall Usage: Enter whether to use firewall
   Attachment	Upload files if you want to share additional files Can attach up to 5 files, each within 5MB Can only attach doc, docx, xls, xlsx, ppt, ppts, hwp, txt, pdf, jpg, jpeg, png, gif, tif files

   Table. Linked Service Creation Request Items
6. Click the Request button on the service request page.
   • When application is complete, verify the applied content on the Support Center > Service Request List page.
   • When the service request task is complete, you can verify the applied resource on the Transit Gateway Detail page.

Managing VPC Connection for Transit Gateway

You can add or delete VPCs to the Transit Gateway.

Adding VPC Connection

Follow these steps to add a VPC connection to the Transit Gateway.

1. Click the All Services > Networking > VPC menu. You will be navigated to the VPC’s Service Home page.
2. Click the Transit Gateway menu on the Service Home page. You will be navigated to the Transit Gateway List page.
3. Click the resource for which you want to delete on the Transit Gateway List page. You will be navigated to the Transit Gateway Detail page.
4. Click the Connected VPC Management tab on the Transit Gateway Detail page. You will be navigated to the Connected VPC Management tab page.
5. Click the Add VPC Connection button on the Connected VPC Management tab page. The VPC connection addition window appears.
6. Select a VPC in the VPC connection addition window and click the OK button. A notification confirmation window appears.
   • Clicking + Create New in the list allows you to create a VPC and select it.
7. Click the OK button in the notification confirmation window. Verify that the resource item has been added to the VPC connection list.

Deleting VPC Connection

Follow these steps to delete a VPC connection from the Transit Gateway.

1. Click the All Services > Networking > VPC menu. You will be navigated to the VPC’s Service Home page.
2. Click the Transit Gateway menu on the Service Home page. You will be navigated to the Transit Gateway List page.
3. Click the resource for which you want to delete on the Transit Gateway List page. You will be navigated to the Transit Gateway Detail page.
4. Click the Connected VPC Management tab on the Transit Gateway Detail page. You will be navigated to the Connected VPC Management tab page.
5. Click the Delete button for the item you want to delete on the Connected VPC Management tab page. A notification confirmation window appears.
6. Click the OK button in the notification confirmation window. Verify that the selected resource has been deleted from the VPC connection list.

Managing Rules for Transit Gateway

You can add or delete rules to the Transit Gateway.

Adding Rules

Follow these steps to add a rule to the Transit Gateway.

1. Click the All Services > Networking > VPC menu. You will be navigated to the VPC’s Service Home page.
2. Click the Transit Gateway menu on the Service Home page. You will be navigated to the Transit Gateway List page.
3. Click the resource for which you want to delete on the Transit Gateway List page. You will be navigated to the Transit Gateway Detail page.
4. Click the Rules tab on the Transit Gateway Detail page. You will be navigated to the Rules tab page.
5. Click the Add Rule button on the Rules tab page. The rule addition window appears.
6. Enter the source and destination in the rule addition window and click the OK button. A notification confirmation window appears.

   Division	Detailed Description
   Rule Type	Select Transit Gateway rule addition type Select from VPC-TGW Rule, TGW-Uplink Rule
   Connected VPC Name	Select connected VPC when selecting VPC-TGW Rule
   Source	Automatically selected when destination is set when selecting VPC-TGW Rule
   Destination	Select destination of rule Set to VPC, TGW when selecting VPC-TGW Rule Set to TGW, Remote when selecting TGW-Uplink Rule Cannot register duplicate with existing rules, can enter up to x.x.x.x/28 range
   Destination IP Range	Enter the destination IP range to use

   Table. Rule Addition Input Items
   Caution

   • When entering VPC-TGW Rule, verify the following items:
     • When destination is VPC
       • Can enter within VPC IP range.
       • Must enter the same as Subnet range.
       • Cannot use 0.0.0.0/0 as destination IP range.
     • When destination is Transit Gateway
       • Some IP ranges are for management purposes and cannot be used.
       • Cannot enter VPC IP range.
       • Can enter 0.0.0.0/0 as destination IP range only when VPC’s Internet Gateway is not connected.
   • When entering TGW-Uplink Rule, verify the following items:
     • When destination is Transit Gateway
       • Can enter within VPC IP range connected to Transit Gateway.
       • Cannot use 0.0.0.0/0 as destination IP range.
     • When destination is Remote
       • Cannot enter VPC IP range connected to Transit Gateway.
       • Can enter 0.0.0.0/0 as destination IP range only when Internet Gateway is not connected to Transit Gateway.
       • Cannot enter D, E class IP ranges.
7. Click the OK button in the notification confirmation window. Verify that the resource item has been added to the rule list.

Deleting Rules

Follow these steps to delete a rule from the Transit Gateway.

1. Click the All Services > Networking > VPC menu. You will be navigated to the VPC’s Service Home page.
2. Click the Transit Gateway menu on the Service Home page. You will be navigated to the Transit Gateway List page.
3. Click the resource for which you want to delete on the Transit Gateway List page. You will be navigated to the Transit Gateway Detail page.
4. Click the Rules tab on the Transit Gateway Detail page. You will be navigated to the Rules tab page.
5. Click the Delete button for the item you want to delete on the Rules tab page. A notification confirmation window appears.
6. Click the OK button in the notification confirmation window. Verify that the selected resource has been deleted from the rule list.

Managing Firewall Connection

You can connect or disconnect Firewalls to use with the Transit Gateway.

Connecting Firewall

Follow these steps to add a Firewall connection to the Transit Gateway.

1. Click the All Services > Networking > VPC menu. You will be navigated to the VPC’s Service Home page.
2. Click the Transit Gateway menu on the Service Home page. You will be navigated to the Transit Gateway List page.
3. Click the resource for which you want to connect Firewall on the Transit Gateway List page. You will be navigated to the Transit Gateway Detail page.
4. Click the Detail Information tab on the Transit Gateway Detail page. You will be navigated to the Detail Information tab page.
5. Click the Firewall Connection button on the Detail Information tab page. The Firewall connection confirmation window appears.
6. Click the OK button in the Firewall connection confirmation window. Verify the connection status in the Firewall connection status item.

Adding Firewall

After Firewall connection is complete, you can add Firewalls.

Follow these steps to add a Firewall to the Transit Gateway.

1. Click the All Services > Networking > VPC menu. You will be navigated to the VPC’s Service Home page.
2. Click the Transit Gateway menu on the Service Home page. You will be navigated to the Transit Gateway List page.
3. Click the resource for which you want to add Firewall on the Transit Gateway List page. You will be navigated to the Transit Gateway Detail page.
4. Click the Detail Information tab on the Transit Gateway Detail page. You will be navigated to the Detail Information tab page.
5. Click the Add button in the Firewall list on the Detail Information tab page. The Firewall addition window appears.
6. Select the purpose in the Firewall addition window and click the OK button. Verify that the resource item has been added to the Firewall list.

Deleting Firewall

After Firewall connection is complete, you can delete Firewalls.

Follow these steps to delete a Firewall from the Transit Gateway.

1. Click the All Services > Networking > VPC menu. You will be navigated to the VPC’s Service Home page.
2. Click the Transit Gateway menu on the Service Home page. You will be navigated to the Transit Gateway List page.
3. Click the resource for which you want to delete Firewall on the Transit Gateway List page. You will be navigated to the Transit Gateway Detail page.
4. Click the Detail Information tab on the Transit Gateway Detail page. You will be navigated to the Detail Information tab page.
5. Click the Delete button in the Firewall list on the Detail Information tab page. A notification confirmation window appears.
6. Click the OK button in the notification confirmation window. Verify that the resource item has been deleted from the Firewall list.

Disconnecting Firewall

You can disconnect unused Firewall connections.

Follow these steps to disconnect a Firewall connection from the Transit Gateway.

1. Click the All Services > Networking > VPC menu. You will be navigated to the VPC’s Service Home page.
2. Click the Transit Gateway menu on the Service Home page. You will be navigated to the Transit Gateway List page.
3. Click the resource for which you want to disconnect Firewall connection on the Transit Gateway List page. You will be navigated to the Transit Gateway Detail page.
4. Click the Detail Information tab on the Transit Gateway Detail page. You will be navigated to the Detail Information tab page.
5. Click the Disconnect Firewall Connection button on the Detail Information tab page. A notification confirmation window appears.
6. Click the OK button in the notification confirmation window. Verify the disconnection status in the Firewall connection status item.

Deleting Transit Gateway

You can reduce operating costs by terminating unused Transit Gateways.

Follow these steps to terminate a Transit Gateway.

1. Click the All Services > Networking > VPC menu. You will be navigated to the VPC’s Service Home page.
2. Click the Transit Gateway menu on the Service Home page. You will be navigated to the Transit Gateway List page.
3. Click the resource you want to delete on the Transit Gateway List page. You will be navigated to the Transit Gateway Detail page.
4. Click the Delete Transit Gateway button on the Transit Gateway Detail page.
5. When termination is complete, verify that the resource has been deleted in the Transit Gateway List.

Prerequisite Services

These are services that must be installed in advance before creating this service. Please prepare by referring to the previously notified user guide.

1.2.10 - PrivateLink Service

Users can create the PrivateLink Service service by entering required information and selecting detailed options through the Samsung Cloud Platform Console.

Creating PrivateLink Service

You can create and use the PrivateLink Service service in the Samsung Cloud Platform Console.

Follow these steps to create a PrivateLink Service.

1. Click the All Services > Networking > VPC menu. You will be navigated to the VPC’s Service Home page.
2. Click the Create PrivateLink Service button on the Service Home page. You will be navigated to the Create PrivateLink Service page.
   • Enter or select the required information in the Enter Service Information section.

     Division	Required	Detailed Description
     PrivateLink Service Name	Required	Enter the PrivateLink Service name
     Approval Method	Required	Select and enter PrivateLink Service approval method Automatic: Automatically approve when PrivateLink Service connection request is received Manual: Manually approve after verification when PrivateLink Service connection request is received Approval method cannot be modified after creation
     High-Speed Data Transfer	Optional	Default setting is disabled and not displayed in Samsung Cloud Platform Console To use high-speed data transfer, apply for service usage at Support Center > Contact Us, and when processing is complete, you can select it on the screen
     VPC Name	Required	Select the VPC to connect Clicking + Create New allows you to create a VPC and then select it
     Subnet Name	Required	Select the Subnet of the VPC to connect Clicking + Create New allows you to create a Subnet and then select it
     PrivateLink Service IP	Required	Enter PrivateLink Service IP after selecting the Subnet to connect Cannot enter IPs already in use within the Subnet, cannot use the first/last IP of Subnet IP range
     Connected Resource	Required	Select the resource to connect to the selected VPC Load Balancer: Select Load Balancer to connect (cannot select LB if using Local subnet) IP: Enter Compute resource IP of the selected VPC
     Security Group	Optional	Click the Select button to select the Security Group to connect Can select up to 5 If Security Group is not selected, all access is blocked
     Description	Optional	Enter a description for the PrivateLink Service

     Table. PrivateLink Service Service Information Input Items
   • Enter or select the required information in the Enter Additional Information section.

     Division	Required	Detailed Description
     Tags	Optional	Add tags Can add up to 50 tags per resource Click the Add Tag button and then enter or select Key, Value values

     Table. PrivateLink Service Additional Information Input Items
3. Review the detailed information and estimated billing cost in the Summary panel, and click the Create button.
   • When creation is complete, verify the created resource in the PrivateLink Service List page.

Viewing PrivateLink Service Detail Information

You can view and modify the entire resource list and detailed information of the PrivateLink Service service. The PrivateLink Service Detail page consists of Detail Information, Connection Management, Tags, Task History tabs.

Follow these steps to view PrivateLink Service detail information.

1. Click the All Services > Networking > VPC menu. You will be navigated to the VPC’s Service Home page.
2. Click the PrivateLink Service menu on the Service Home page. You will be navigated to the PrivateLink Service List page.
3. Click the resource for which you want to view detailed information on the PrivateLink Service List page. You will be navigated to the PrivateLink Service Detail page.
   • The PrivateLink Service Detail page displays status information and additional feature information, and consists of Detail Information, Connection Management, Tags, Task History tabs.

     Division	Detailed Description
     Status	PrivateLink Service status Active: Running Creating: Creating Deleting: Deleting Error: Error occurred
     Delete PrivateLink Service	Button to delete PrivateLink Service resource

     Table. PrivateLink Service Status Information and Additional Features

Detail Information

You can view the detailed information of the resource selected on the PrivateLink Service List page, and modify the information if necessary.

Connection Management

You can view the connection information of the resource selected on the PrivateLink Service List page. You can verify connection requests and approve or reject them.

Tags

You can view the tag information of the resource selected on the PrivateLink Service List page, and add, change, or delete tags.

Task History

You can view the task history of the resource selected on the PrivateLink Service List page.

Deleting PrivateLink Service

You can reduce operating costs by terminating unused PrivateLink Services.

Follow these steps to terminate a PrivateLink Service.

1. Click the All Services > Networking > VPC menu. You will be navigated to the VPC’s Service Home page.
2. Click the PrivateLink Service menu on the Service Home page. You will be navigated to the PrivateLink Service List page.
3. Click the resource you want to delete on the PrivateLink Service List page. You will be navigated to the PrivateLink Service Detail page.
4. Click the Delete PrivateLink Service button on the PrivateLink Service Detail page.
5. When termination is complete, verify that the resource has been deleted in the PrivateLink Service List.

Prerequisite Services

These are services that must be installed in advance before creating this service. Please prepare by referring to the previously notified user guide.

1.2.11 - PrivateLink Endpoint

Users can create the PrivateLink Endpoint service by entering required information and selecting detailed options through the Samsung Cloud Platform Console.

Creating PrivateLink Endpoint

You can create and use the PrivateLink Endpoint service in the Samsung Cloud Platform Console.

Follow these steps to create a PrivateLink Endpoint.

1. Click the All Services > Networking > VPC menu. You will be navigated to the VPC’s Service Home page.
2. Click the Create PrivateLink Endpoint button on the Service Home page. You will be navigated to the Create PrivateLink Endpoint page.
   • Enter or select the required information in the Enter Service Information section.

     Division	Required	Detailed Description
     PrivateLink Endpoint Name	Required	Enter the PrivateLink Endpoint name
     VPC Name	Required	Select the VPC to connect Clicking + Create New allows you to create a VPC and then select it
     Subnet Name	Required	Select the Subnet of the VPC to connect Clicking + Create New allows you to create a Subnet and then select it
     PrivateLink Endpoint IP	Required	Enter PrivateLink Endpoint IP after selecting the Subnet to connect Cannot enter IPs already in use within the Subnet, cannot use the first/last IP of Subnet IP range
     PrivateLink Endpoint ID	Required	Enter the PrivateLink Service ID to connect Enter within 3 to 60 characters using English letters and numbers Need to verify the Service ID of the PrivateLink Service to connect before service application, must deliver the Endpoint ID to the service provider after Endpoint creation
     Security Group	Optional	Click the Select button to select the Security Group to connect Can select up to 5 If Security Group is not selected, all access is blocked
     Description	Optional	Enter a description for the PrivateLink Endpoint

     Table. PrivateLink Endpoint Service Information Input Items
   • Enter or select the required information in the Enter Additional Information section.

     Division	Required	Detailed Description
     Tags	Optional	Add tags Can add up to 50 tags per resource Click the Add Tag button and then enter or select Key, Value values

     Table. PrivateLink Endpoint Additional Information Input Items
3. Review the detailed information and estimated billing cost in the Summary panel, and click the Create button.
   • When creation is complete, verify the created resource in the PrivateLink Endpoint List page.

Viewing PrivateLink Endpoint Detail Information

You can view and modify the entire resource list and detailed information of the PrivateLink Endpoint service. The PrivateLink Endpoint Detail page consists of Detail Information, Tags, Task History tabs.

Follow these steps to view PrivateLink Endpoint detail information.

1. Click the All Services > Networking > VPC menu. You will be navigated to the VPC’s Service Home page.
2. Click the PrivateLink Endpoint menu on the Service Home page. You will be navigated to the PrivateLink Endpoint List page.
3. Click the resource for which you want to view detailed information on the PrivateLink Endpoint List page. You will be navigated to the PrivateLink Endpoint Detail page.
   • The PrivateLink Endpoint Detail page displays status information and additional feature information, and consists of Detail Information, Connection Management, Tags, Task History tabs.

     Division	Detailed Description
     Status	PrivateLink Endpoint status Requesting: Connection request/approval pending, Cancel Request button displayed Active: Creation complete, running Creating: Creating Deleting: Deleting Disconnected: Connection blocked Rejected: Connection rejected, Request Approval Again button displayed Error: Error occurred Canceled: Connection request canceled, Request Approval Again button displayed
     Delete PrivateLink Endpoint	Button to delete PrivateLink Endpoint resource

     Table. PrivateLink Endpoint Status Information and Additional Features

Detail Information

You can view the detailed information of the resource selected on the PrivateLink Endpoint List page, and modify the information if necessary.

Tags

You can view the tag information of the resource selected on the PrivateLink Endpoint List page, and add, change, or delete tags.

Task History

You can view the task history of the resource selected on the PrivateLink Endpoint List page.

Deleting PrivateLink Endpoint

You can reduce operating costs by terminating unused PrivateLink Endpoints.

Follow these steps to terminate a PrivateLink Endpoint.

1. Click the All Services > Networking > VPC menu. You will be navigated to the VPC’s Service Home page.
2. Click the PrivateLink Endpoint menu on the Service Home page. You will be navigated to the PrivateLink Endpoint List page.
3. Click the resource you want to delete on the PrivateLink Endpoint List page. You will be navigated to the PrivateLink Endpoint Detail page.
4. Click the Delete PrivateLink Endpoint button on the PrivateLink Endpoint Detail page.
5. When termination is complete, verify that the resource has been deleted in the PrivateLink Endpoint List.

Prerequisite Services

These are services that must be installed in advance before creating this service. Please prepare by referring to the previously notified user guide.

1.2.12 - NAT Logging

To save NAT logs, you must first create a bucket in Object Storage to save the logs, and then set the bucket as the log repository in NAT Logging, after that, by setting log saving in NAT detail inquiry, NAT logs will be saved in the Object Storage bucket.

NAT log saving requires settings in the following order.

1. To save NAT logs, you can create a bucket in Object Storage or use an existing bucket. To create a bucket, refer to Creating Object Storage.
2. To set this bucket as the log repository for NAT Logging, refer to Using NAT Logging log repository.
3. To set the log storage to use in the NAT detailed inquiry, please refer to NAT log storage usage.

NAT Logging Using the log storage

To set the NAT log storage to use, you must first set the log storage setting in NAT Logging.

1. All services > Management > Network Logging > NAT Logging menu, click. It moves to the NAT Logging list page.
2. NAT Logging List page, click the Log Storage Settings button at the top, it moves to the Log Storage Settings popup window.
3. Log Storage Settings popup window, select the Log Storage Bucket. When you select a bucket, the Log Storage Path will be displayed.
4. Log Storage Settings popup window, check the Log Storage Bucket and Log Storage Path, then click the Confirm button.
5. Notification Confirm the message in the popup window, then click the Confirm button.

NAT Logging list

NAT Logging log storage bucket is set, then the NAT Logging list is retrieved.

• All services > Management > Network Logging > NAT Logging menu is clicked. It moves to the NAT Logging list page.

  Division	Required	Detailed Description
  Resource ID	Required	NAT Resource ID
  Save target	Required	NAT resource name
  Save Registration Time	Required	NAT Log Storage Registration Time

  Table. NAT Logging list items

NAT Logging content check

Please refer to the contents below and check the saved Log contents.

NAT Logging do not use log storage

NAT Logging allows you to set the log repository to not be used.

1. All services > Management > Network Logging > NAT Logging menu should be clicked. It moves to the NAT Logging list page.
2. NAT Logging list page, click the top Log Storage Settings button. It moves to the Log Storage Settings popup window.
3. Log Storage Settings popup window, select Log Storage Bucket as Not Used, and click the OK button.

1.3 - API Reference

1.4 - CLI Reference

1.5 - Release Note

VPC

2 - Security Group

2.1 - Overview

Service Overview

Security Group is a virtual logical firewall that controls Inbound/Outbound traffic occurring in the virtual server of Samsung Cloud Platform. The target resources that can apply Security Group are Virtual Server, Database, Kubernetes Engine, etc. Security Group is applied to the port of the target resource, and multiple Security Groups can be applied according to the characteristics of each resource.

When the Security Group is created for the first time, it blocks all Inbound/Outbound traffic according to the default rules (Any/Deny).

The user can create Inbound/Outbound rules by specifying the IP address, port, and protocol, and only allowed traffic to the target resource is possible according to the created rules.

Component

The elements that make up the Security Group are as follows.

Constraints

The Security Group of Samsung Cloud Platform has a default quota (limit) set. There is a maximum number of Security Groups and Security Group rules that can be created. Samsung Cloud Platform Console is a space where you can check and manage quotas for many resources related to Samsung Cloud Platform services and request quota increases.

Preceding Service

Security Group has no preceding service.

2.2 - How-to guides

You can create the Security Group service by entering essential information and selecting detailed options through the Samsung Cloud Platform Console.

Creating a Security Group

You can create and use the Security Group service through the Samsung Cloud Platform Console.

Follow these steps to create a Security Group:

1. Click the All Services > Networking > Security Group menu. You will be navigated to the Security Group’s Service Home page.

2. On the Service Home page, click the Create Security Group button. You will be navigated to the Create Security Group page.

   • In the Service Information area, enter the required information.

     Item	Required	Detailed Description
     Security Group Name	Required	Security Group name to create Can use uppercase/lowercase English letters, numbers, and special characters(-), and can enter up to 255 characters Can use duplicate Security Group names within a project
     Log Storage	Optional	Select whether to store Security Group logs Use: Store logs Do Not Use: Do not store logs Clicking Go to Security Group Logging List navigates to the Security Group Logging list page

     Table. Security Group service information input items
   Note

   To store Security Group logs, you must first create a bucket in Object Storage to store logs, and set that bucket in the Security Group Logging’s log storage.

   • You can check the log storage settings in Security Group Logging. For details, refer to Security Group Logging.
   • If you set up log storage, Object Storage charges for log storage will be applied.
   • In the Additional Information area, enter or select the required information.

     Item	Required	Detailed Description
     Tag	Optional	Add tag Can add up to 50 tags per resource After clicking the Add Tag button, enter or select Key, Value values
     Description	Optional	User additional description Can enter up to 255 characters

     Table. Security Group additional information input items

3. Review the entered information and click the Create button.

   • When creation is complete, verify the created resource on the Security Group List page.

Viewing Security Group Detailed Information

On the Security Group List page of the Security Group menu, you can view and modify the entire resource list and detailed information.

Follow these steps to view detailed information of the Security Group:

1. Click the All Services > Networking > Security Group menu. You will be navigated to the Security Group’s Service Home page.
2. On the Service Home page, click the Security Group menu. You will be navigated to the Security Group list page.
3. On the Security Group List page, click the resource for which you want to view detailed information. You will be navigated to the Security Group Detail page.
   • The Security Group Detail page displays status information and additional feature information, and consists of Detailed Information, Rules, Tags, Task History tabs.

Detailed Information

You can view detailed information of the resource selected from the Security Group List and modify information if necessary.

Rules

You can view the rule list of the resource selected from the Security Group List page and add or delete rules.

Tags

You can view, add, modify, or delete tag information for the resource selected from the Security Group List page.

Task History

You can view the task history of the resource selected from the Security Group List page.

Managing Security Group Resources

You can manage Security Group resources such as log storage settings, adding rules, etc.

Using Log Storage

Follow these steps to store Security Group logs:

1. Click the All Services > Networking > Security Group menu. You will be navigated to the Security Group’s Service Home page.
2. On the Service Home page, click the Security Group menu. You will be navigated to the Security Group list page.
3. On the Security Group List page, click the resource (Security Group name) to store logs. You will be navigated to the Security Group Detail page.
4. Click the Edit icon on Log Storage. You will be navigated to the Modify Log Storage popup window.
5. In the Modify Log Storage popup window, select Use for log storage and click the OK button.

Setting Log Storage to Do Not Use

Follow these steps to stop storing Security Group logs:

1. Click the All Services > Networking > Security Group menu. You will be navigated to the Security Group’s Service Home page.
2. On the Service Home page, click the Security Group menu. You will be navigated to the Security Group list page.
3. On the Security Group List page, click the resource (Security Group name) to not store logs. You will be navigated to the Security Group Detail page.
4. Click the Edit icon on Log Storage. You will be navigated to the Modify Log Storage popup window.
5. In the Modify Log Storage popup window, deselect Use for log storage and click the OK button.
6. Review the message in the Notification popup window and click the OK button.

Adding a Rule

Follow these steps to add a Security Group rule:

1. Click the All Services > Networking > Security Group menu. You will be navigated to the Security Group’s Service Home page.

2. On the Service Home page, click the Security Group menu. You will be navigated to the Security Group list page.

3. On the Security Group List page, click the resource (Security Group name) to add a rule. You will be navigated to the Security Group Detail page.

4. On the Security Group Detail page, click the Rules tab. You will be navigated to the Rules tab page.

5. On the Rules tab, click the Add Rule button. You will be navigated to the Add Rule popup window.

   Item	Required	Detailed Description
   Destination Input Method	Required	Set rule remote type CIDR: Set destination address by entering IP directly Security Group: Set created Security Group as destination
   Remote > Destination Address	Required	When CIDR is selected, need to enter destination IP address Enter in CIDR (IP address/subnet mask) format Can enter multiple addresses up to 100 at once using , and -. To use the entire IP range (ANY), enter ‘0.0.0.0/0’
   Remote > Security Group	Required	When Security Group is selected, need to select Security Group
   Type	Required	Select protocol type to apply the rule Select Destination Port/Type: Select protocol type Internet Protocol: Enter protocol number, can enter up to 100 All: Select destination port/Type and protocol as full range, means all ports for all protocols
   Type > Protocol	Required	Select detailed protocol for type Select desired protocol from TCP, UDP, ICMP, input items vary depending on the selected protocol When selecting ICMP in protocol, can set ICMP Type Select frequently used Type items such as Echo from values defined in ICMP Type Click the Add button to add input value When selecting TCP/UDP in protocol, can select allowed ports such as SSH, HTTP When entering directly, can enter values 1 ~ 65,535, and can enter up to 100 at once using Comma(,), range(-) Click the Add button to add input value When selecting Internet Protocol in type, enter protocol number within 1 ~ 254
   Direction	Required	Set traffic access direction based on the application target Inbound Rule: External → Server Outbound Rule: Server → External
   Description	Optional	Additional description written by the user

   Table. Security Group rule addition detailed items

6. Review the rule to add and click the OK button.

Batch Creating Rules

Follow these steps to add multiple Security Group rules at once:

1. Click the All Services > Networking > Security Group menu. You will be navigated to the Security Group’s Service Home page.
2. On the Service Home page, click the Security Group menu. You will be navigated to the Security Group list page.
3. On the Security Group List page, click the resource (Security Group name) to add rules. You will be navigated to the Security Group Detail page.
4. On the Security Group Detail page, click the Rules tab. You will be navigated to the Rules tab page.
5. On the Rules tab, click the Excel Download button. The rule batch input Excel file will be downloaded.
6. Enter rule information in the rule batch input Excel file and save it.
7. Click the More > Batch Rule Input button. The Batch Rule Input popup window will open.
8. In the Batch Rule Input popup window, click Attach File to attach the created Excel file and click Upload File.
   • If the attached Excel file format differs from the registration form or the file is encrypted, it cannot be uploaded.
   • The maximum number of batch registration rules that can be uploaded at once is 100. If the maximum registration rule count is exceeded, it cannot be uploaded.
   • If the maximum number of rules that can be registered in the Account is exceeded, the file cannot be uploaded.
9. Review the details in the Rule Confirmation popup window and click the OK button.

Deleting a Rule

Follow these steps to delete a Security Group rule:

1. Click the All Services > Networking > Security Group menu. You will be navigated to the Security Group’s Service Home page.
2. On the Service Home page, click the Security Group menu. You will be navigated to the Security Group list page.
3. On the Security Group List page, click the resource (Security Group name) to add a rule. You will be navigated to the Security Group Detail page.
4. On the Security Group Detail page, click the Rules tab. You will be navigated to the Rules tab page.
5. On the Rules tab, click the Delete button of the rule to delete.

Terminating Security Group

You can delete a Security Group that is not in use.

Follow these steps to terminate the Security Group:

1. Click the All Services > Networking > Security Group menu. You will be navigated to the Security Group’s Service Home page.
2. On the Service Home page, click the Security Group menu. You will be navigated to the Security Group List page.
3. On the Security Group List page, select the resource (Security Group name) to terminate the service and click the Terminate Service button.
4. When termination is complete, verify that the resource has been deleted on the Security Group List page.

2.2.1 - Security Group Logging

To store Security Group logs, you must first create a bucket in Object Storage to store the logs and then set the bucket as the log storage for Security Group Logging. After that, you can enable log storage in the Security Group details, and Security Group logs will start being stored in the Object Storage bucket.

To store Security Group logs, you need to follow these steps:

1. You can create a new bucket in Object Storage for storing Security Group logs or use an existing bucket. To create a bucket, refer to Creating Object Storage.
2. To set the bucket as the log storage for Security Group Logging, refer to Using Security Group Logging Log Storage.
3. To enable log storage in the Security Group details, refer to Enabling Security Group Log Storage.

Using Security Group Logging Log Storage

To enable Security Group log storage, you must first set up the log storage in Security Group Logging.

1. Click All Services > Management > Network Logging > Security Group Logging. You will be taken to the Security Group Logging List page.
2. On the Security Group Logging List page, click the Log Storage Settings button at the top. You will be taken to the Log Storage Settings popup window.
3. In the Log Storage Settings popup window, select the Log Storage Bucket. After selecting the bucket, the Log Storage Path will be displayed.
4. In the Log Storage Settings popup window, confirm the Log Storage Bucket and Log Storage Path, and then click the Confirm button.
5. Confirm the message in the Notification popup window and click the Confirm button.

Security Group Logging List

After setting up the Security Group Logging log storage bucket, you can view the Security Group Logging list.

1. Click All Services > Management > Network Logging > Security Group Logging. You will be taken to the Security Group Logging List page.

   Category	Required	Description
   Resource ID	Required	Security Group ID
   Storage Target	Required	Security Group Name
   Storage Registration Date	Required	Security Group Log Storage Registration Date

   Table. Security Group Logging List Items

Checking Security Group Logging Content

Refer to the following content to check the stored log content.

1. TCP / UDP

2. ICMP

3. IP

Disabling Security Group Logging Log Storage

You can disable Security Group Logging log storage.

1. Click All Services > Management > Network Logging > Security Group Logging. You will be taken to the Security Group Logging List page.
2. On the Security Group Logging List page, click the Log Storage Settings button at the top. You will be taken to the Log Storage Settings popup window.
3. In the Log Storage Settings popup window, select Do not use for the Log Storage Bucket, and then click the Confirm button.

2.3 - API Reference

2.4 - CLI Reference

2.5 - Release Note

Security Group

3 - Load Balancer

3.1 - Overview

Service Overview

The Load Balancer (LB) service of Samsung Cloud Platform automatically distributes traffic to available servers when traffic increases unpredictably or server failures occur, ensuring the stability and continuity of customer services.

The Load Balancer is deployed in the VPC Subnet according to the service type (L4 / L7) as a service access point provided to clients, and multiple services can be configured by adding Listeners to the created Load Balancer.

The Listener receives client requests through the service port and processes traffic according to routing rules. L4 supports TCP / UDP / TLS protocols, and L7 supports HTTP / HTTPS protocols. In L7, you can specify LB server groups according to routing conditions or set redirect responses for request URLs.

The LB server group delivers requests received by the Listener to specific servers according to load balancing and health checks. Servers receive client requests from the Load Balancer’s Source NAT IP through the port set on the member, and the server status is periodically monitored by the Load Balancer’s health check IP.

The LB health check defines the member health check method registered in the LB server group. You can select the LB health check resource provided by default in the LB server group, or create a new one to configure monitoring suitable for your application.

Features

• Various Load Balancing Methods: Provides various load balancing methods such as Round Robin, Least Connection, and IP Hash.
• SSL Certificate Encryption and Offloading: Supports SSL offloading and allows selection of encryption levels.
• Enhanced Security: Manage Load Balancer communication using Firewall and view access logs through log storage.

Service Configuration Diagram

Provided Functions

• Load Balancer: Select the service type and set the IP to use in the Load Balancer.
• Listener: Set the protocol, port, and routing rules. You can add multiple Listeners to a single Load Balancer.
• LB Server Group: Set the load balancing method. The LB server group can be connected to a single Load Balancer.
• Member: Select the server to add to the LB server group. You can select Virtual Server and Bare Metal Server resources created in the same VPC as the Load Balancer, or directly enter an IP.
• LB Health Check: Set the member health check method. The LB health check can be registered and used in multiple LB server groups.

Components

The Load Balancer consists of Load Balancer (Listener), LB server group (member), and LB health check.

Load Balancer

The components that make up the Load Balancer are as follows. According to the settings for each component, you can configure load balancing suitable for customer workloads.

LB Server Group

The components that make up the LB server group are as follows. According to the settings for each component, traffic is delivered to members of the LB server group.

LB Health Check

The components that make up the LB health check are as follows. According to the settings for each component, member health checks are performed.

Constraints

Samsung Cloud Platform’s Load Balancer applies basic quotas, so there are constraints on the number of Load Balancers, Listeners, LB server groups, and members that can be created. You can manage current usage through the Console and request additional quotas for items that can be expanded.

Prerequisite Services

This is a list of services that must be pre-configured before creating the Load Balancer service. Please prepare in advance by referring to the guides provided for each service.

3.2 - How-to guides

You can create a Load Balancer service by entering essential information and selecting detailed options through the Samsung Cloud Platform Console.

Creating a Load Balancer

You can create and use a Load Balancer service through the Samsung Cloud Platform Console.

Follow these steps to create a Load Balancer:

1. Click the All Services > Networking > Load Balancer menu. You will be navigated to the Load Balancer’s Service Home page.
2. On the Service Home page, click the Create Load Balancer button. You will be navigated to the Create Load Balancer page.
3. On the Create Load Balancer page, enter the information required for service creation and select detailed options.
   • In the Service Information area, enter or select the required information.

4. Review the created service information and estimated charges, then click the Create button.
   • When creation is complete, verify the created resource on the Load Balancer List page.
     Notice

     • The Load Balancer service does not provide access control functionality for Service IP and service ports.
       
       • When creating a Load Balancer, we recommend selecting Use Firewall to manage communication between client and Load Balancer, and between Load Balancer and members using Firewall rules, and using Save Firewall Log to store access logs.
     • If you set the Firewall log storage feature when creating a service, you must set up the log storage first. If the log storage setup is not complete, you cannot create the Load Balancer service.
     Caution

     If using Firewall, you must add rules required for Load Balancer communication. Pay attention to the direction for each purpose when registering rules.
     

     • If you do not add rules, the Load Balancer service will not function properly.

     

     Purpose	Source IP	Destination IP	Protocol	Destination Port/Type	Direction
     Client → LB Connection	Client IP	LB Service IP	Listener Protocol	Listener Service Port	Outbound
     LB → Member Connection	LB Source NAT IP	LB Server Group Member IP	LB Server Group Protocol	Member Port	Inbound
     LB → Member Health Check	LB Health Check IP	LB Server Group Member IP	Health Check Protocol	Health Check Port If health check port and member port are different, register member port	Inbound

     Figure and Table. Adding Load Balancer Firewall Rules

Viewing Load Balancer Detailed Information

For Load Balancer services, you can view and modify resource lists and detailed information from the Load Balancer menu. The Load Balancer Detail page consists of Detailed Information, Connected Resources, Tags, and Task History tabs.

Follow these steps to view detailed information about the Load Balancer service:

1. Click the All Services > Networking > Load Balancer menu. You will be navigated to the Load Balancer’s Service Home page.
2. On the Service Home page, click the Load Balancer menu. You will be navigated to the Load Balancer List page.
3. On the Load Balancer List page, click the resource for which you want to view detailed information. You will be navigated to the Load Balancer Detail page.
   • The Load Balancer Detail page displays status information and additional feature information, and consists of Detailed Information, Connected Resources, Tags, Task History tabs.

     Item	Detailed Description
     Status	Load Balancer resource status Active: Service is normally activated Deleting: Processing service termination request Creating: Processing service creation request Error: Cannot check current status due to internal error Editing: Processing service modification request
     Service Termination	Delete Load Balancer resource

     Table. Load Balancer status information and additional feature items

Detailed Information

On the Detailed Information tab, you can view and modify the detailed information of the resource selected from the Load Balancer List, and modify necessary information.

Connected Resources

On the Connected Resources tab, you can view the list of Listeners connected to the Load Balancer, and create or terminate Listeners.

• By selecting a Listener item on the Connected Resources tab, you can navigate to the Listener Detail page to view detailed information and modify or delete it.
• By clicking the Edit icon on the Listener Detail page items, you can modify the information.

Tags

You can view, add, modify, or delete tag information for the resource selected from the Load Balancer List page.

Task History

On the Task History tab, you can view the task history of the selected resource.

Managing Load Balancer Resources

You can manage Load Balancer resources such as creating and deleting Listeners.

Creating a Listener

Create a Listener on the Load Balancer to receive client requests and process traffic according to Listener settings.

Creating a Listener in L4 Load Balancer

Follow these steps to create a Listener in an L4 Load Balancer:

1. Click the All Services > Networking > Load Balancer menu. You will be navigated to the Load Balancer’s Service Home page.
2. On the Service Home page, click the Load Balancer menu. You will be navigated to the Load Balancer List page.
3. On the Load Balancer List page, click the Load Balancer resource where you want to create a Listener. You will be navigated to the Load Balancer Detail page.
4. On the Load Balancer Detail page, click the Connected Resources tab. You will be navigated to the Connected Resources tab page.
5. On the Connected Resources tab page, click the Create Listener button in the upper right corner.
6. In the Service Information area, enter or select the required information.
   • The information you can enter varies depending on the Protocol.

7. In the Additional Information area, enter or select the required information.

8. Review the created service information and click the Create button.
   • When creation is complete, verify the created resource on the Connected Resources tab of the Load Balancer Detail page.

Creating a Listener in L7 Load Balancer

Follow these steps to create a Listener in an L7 Load Balancer:

1. Click the All Services > Networking > Load Balancer menu. You will be navigated to the Load Balancer’s Service Home page.
2. On the Service Home page, click the Load Balancer menu. You will be navigated to the Load Balancer List page.
3. On the Load Balancer List page, click the Load Balancer resource where you want to create a Listener. You will be navigated to the Load Balancer Detail page.
4. On the Load Balancer Detail page, click the Connected Resources tab. You will be navigated to the Connected Resources tab page.
5. On the Connected Resources tab page, click the Create Listener button in the upper right corner.
6. In the Service Information area, enter or select the required information.
   • The information you can enter varies depending on the Protocol.

7. In the Additional Information area, enter or select the required information.

8. Review the created service information and click the Create button.
   • When creation is complete, verify the created resource on the Connected Resources tab of the Load Balancer Detail page.

Supported Items by SSL Security Level

The list of TLS versions and Cipher Suites supported by SSL security level in the Listener is as follows.

Viewing Listener Detailed Information

You can view and modify detailed information of a Listener by selecting it from the Connected Resources tab on the Load Balancer Detail page.

Follow these steps to view detailed information of the Listener:

1. Click the All Services > Networking > Load Balancer menu. You will be navigated to the Load Balancer’s Service Home page.
2. On the Service Home page, click the Load Balancer menu. You will be navigated to the Load Balancer List page.
3. On the Load Balancer List page, click the resource for which you want to view detailed information. You will be navigated to the Load Balancer Detail page.
4. On the Load Balancer Detail page, click the Connected Resources tab.
5. From the connected resources list, click the Listener for which you want to view detailed information. You will be navigated to the Listener Detail page.
   • The Listener Detail page displays status information and additional feature information, and consists of Detailed Information, Tags, Task History tabs.

Detailed Information

On the Detailed Information tab, you can view the detailed information of the Listener and modify necessary information. The detailed information varies depending on the Load Balancer in use.

L4 Load Balancer Detailed Information

L7 Load Balancer Detailed Information

Tags

You can view, add, modify, or delete tag information for the Listener.

Task History

You can view the task history of the Listener.

Modifying Routing Rules

You can modify routing rules of a Listener from the Connected Resources tab on the Load Balancer Detail page.

Follow these steps to modify routing rules of the Listener:

1. Click the All Services > Networking > Load Balancer menu. You will be navigated to the Load Balancer’s Service Home page.
2. On the Service Home page, click the Load Balancer menu. You will be navigated to the Load Balancer List page.
3. On the Load Balancer List page, click the resource for which you want to view detailed information. You will be navigated to the Load Balancer Detail page.
4. On the Load Balancer Detail page, click the Connected Resources tab.
5. From the connected resources list, click the Listener for which you want to add routing conditions. You will be navigated to the Listener Detail page.
6. On the Listener Detail page, click the Edit icon on the Routing Rules item. The Modify Routing Rules popup window will open.
7. Modify routing rules according to the routing action, then click the OK button.

   Item	Required	Detailed Description
   Routing Action	-	Currently set routing method (cannot modify)
   Routing Condition	Required	Can modify routing conditions when routing action is LB Server Group Forward URL Path: Modify request URL path and LB Server Group (can add up to 20) Host Header: Modify request host and LB Server Group (can add up to 20)
   Redirection Target	Required	Can modify redirection target when routing action is URL Redirection Path: Can modify change URL path Host: Can modify change host Protocol/Port: Cannot modify (only HTTP → HTTPS redirection possible)

   Table. Listener routing rule modification items

Deleting a Listener

Follow these steps to delete a Listener that is not in use:

1. Click the All Services > Networking > Load Balancer menu. You will be navigated to the Load Balancer’s Service Home page.
2. On the Service Home page, click the Load Balancer menu. You will be navigated to the Load Balancer List page.
3. On the Load Balancer List page, click the Load Balancer resource from which you want to delete a Listener. You will be navigated to the Load Balancer Detail page.
4. On the Load Balancer Detail page, click the Connected Resources tab. You will be navigated to the Connected Resources tab page.
5. On the Connected Resources tab page, click the Listener you want to delete. You will be navigated to the Listener Detail page.
6. On the Listener Detail page, click the Delete Listener button.

Terminating Load Balancer

You can terminate a Load Balancer that is not in use to reduce costs. However, since it may affect application services, request termination after sufficient prior review.

Follow these steps to terminate a Load Balancer:

1. Click the All Services > Networking > Load Balancer menu. You will be navigated to the Load Balancer’s Service Home page.
2. On the Service Home page, click the Load Balancer menu. You will be navigated to the Load Balancer List page.
3. On the Load Balancer List page, click the resource you want to terminate. You will be navigated to the Load Balancer Detail page.
4. On the Load Balancer Detail page, click the Terminate Service button.
5. When termination is complete, verify resource termination on the Load Balancer List.

3.2.1 - LB Server Group

You can create an LB Server Group through the Samsung Cloud Platform Console and connect it to a Load Balancer’s Listener.

Creating LB Server Group

Follow these steps to create an LB Server Group:

1. Click the All Services > Networking > Load Balancer menu. You will be navigated to the Load Balancer’s Service Home page.
2. On the Service Home page, click the LB Server Group menu. You will be navigated to the LB Server Group List page.
3. On the LB Server Group List page, click the Create LB Server Group button. You will be navigated to the Create LB Server Group page.
4. On the Create LB Server Group page, enter the information required for service creation and select detailed options.
   • In the Service Information area, enter or select the required information.

     Item	Required	Detailed Description
     LB Server Group Name	Required	LB Server Group resource name Enter 3 to 63 characters using uppercase/lowercase English letters, numbers, and special characters(-_) LB Server Group name cannot be duplicated within an Account
     VPC Name	Required	Select VPC to create LB Server Group Select VPC where the Load Balancer to which the LB Server Group will be connected is created
     Service Subnet Name	Required	Select VPC Subnet to create LB Server Group Select Subnet where the Load Balancer to which the LB Server Group will be connected is created
     Load Balancing	Required	Select load balancing algorithm Round Robin: Distribute sequentially to registered members Weighted round robin: Distribute sequentially in proportion to the weight assigned to each member Least Connection: Distribute to the member with the fewest connections Weighted least connection: Distribute to the member with the highest priority considering the weight assigned to each member and the number of connections IP Hash: Distribute to a specific member according to the client IP address hash value
     Protocol	Required	Select LB Server Group listening protocol Select protocol to forward to members of LB Server Group
     LB Health Check	Required	Select LB Health Check Select from LB Health Checks created in the same Service Subnet as the LB Server Group

     Table. LB Server Group service information input items
   • In the Additional Information area, enter or select the required information.

     Item	Required	Detailed Description
     Description	Optional	Enter resource description
     Tag	Optional	Add tag Can add up to 50 tags per resource

     Table. LB Server Group additional information input items
5. Review the created service information and estimated charges, then click the Create button.
   • When creation is complete, verify the created resource on the LB Server Group List page.