This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

How-to guides

The user can enter the required information for the Security Group service through the Samsung Cloud Platform Console and create the service by selecting detailed options.

Create Security Group

You can create and use the Security Group service in the Samsung Cloud Platform Console.

To create a Security Group, follow these steps.

  1. Click All Services > Networking > Security Group menu. It moves to the Service Home page of Security Group.

  2. On the Service Home page, click the Create Security Group button. It moves to the Create Security Group page.

    • Enter Service Information area, please enter the necessary information.
      Division
      Necessity
      		Detailed Description
      Security Group namerequiredName of the Security Group to be created
      • It can use English letters, numbers, special characters(-) and can be entered up to a maximum of 255 characters
      • Duplicated Security Group names can be used within the project
      Log storage optionSelectSecurity Group log storage option select
      • Enabled: Store logs
      • Disabled: Do not store logs
      • Clicking Security Group Logging shortcut will move to the Security Group Logging list page
      Table. Security Group service information input items
    Reference

    To save Security Group logs, you must first create a bucket in Object Storage to save the logs, and then set the bucket as the log repository in Security Group Logging.

    • Log storage settings can be checked in Security Group Logging, and for more information, please refer to Security Group Logging.
    • If you set up a log storage, you will be charged for Object Storage fees for log storage.
    • Enter Additional Information Enter or select the required information in the area.
      Classification
      Mandatory
      		Detailed Description
      TagSelectAdd Tag
      • Up to 50 can be added per resource
      • Click the Add Tag button and enter or select Key, Value
      DescriptionSelectUser Additional Description
      • Up to 255 characters can be entered
      Table. Input items for adding Security Group information

  3. Check the input information and click the Complete button.

    • Once creation is complete, check the created resource on the Security Group list page.

Check Security Group details

On the Security Group menu’s Security Group list page, you can check and modify the entire resource list and detailed information.

To check the Security Group details, follow the next procedure.

  1. Click All services > Networking > Security Group menu. It moves to the Service Home page of Security Group.
  2. On the Service Home page, click the Security Group menu. It moves to the Security Group list page.
  3. Security Group list page, click the resource to check the detailed information. Move to the Security Group details page.
    • Security Group Details page displays status information and additional feature information, and consists of Details, Rules, Tags, Operation History tabs.
DivisionDetailed Description
Service StatusSecurity Group’s status
  • Creating: being created
  • Active: operating normally
  • Editing: settings being changed
  • Deploying: deployment completed
  • Deleting: being deleted
  • Error: error occurred
Service CancellationButton to cancel the service
Fig. Security Group status information and additional features

Detailed Information

You can check the detailed information of the selected resource in the Security Group list and modify the information if necessary.

ClassificationDetailed Description
ServiceService Name
Resource TypeResource Type
SRNUnique resource ID in Samsung Cloud Platform
Resource NameResource Title
Resource IDUnique resource ID in the service
CreatorUser who created the service
Creation TimeTime when the service was created
ModifierUser who modified the service information
Modified DateDate when service information was modified
Security Group nameResource name
Security Group IDUnique resource ID in the service
Number of Security Group rulesThe rule quota and the number of rules in use for the corresponding Security Group
Number of Security Group rules/AccountTotal number of Security Group rules assigned to the Account and the number of rules used in all Security Groups in the Account
DescriptionAdditional description written by the user
  • Edit icon can be clicked for modification
Log saving statusSecurity Group log saving status
  • Used: Save log
  • Not used: Do not save log
  • Modify icon can be clicked to modify settings
Applied ServiceService type, service name, status value of the service to which the corresponding Security Group is applied
Fig. Security Group detailed information

Rule

In the rules tab, you can check the Security Group rule list and add or delete rules.

DivisionDetailed Description
Excel DownloadExcel file download button for bulk input of rules
Rule Bulk InputExcel file upload button for rule bulk input
Detailed SearchDetailed Rule Search Button
Add RuleAdd Rule Button
directionSecurity Group applies to the server based on the direction of traffic access
  • Inbound: outside → server
  • Outbound: server → outside
Rule IDUnique ID value for the rule
Target AddressDestination address to communicate with the server applied with Security Group
Remote Security Group nameThe Security Group resource name displayed when the target is specified as a Security Group
Remote Security Group IDSecurity Group ID displayed when the target is specified as a Security Group
ServiceProtocol and Port
DescriptionAdditional description written by the user
DeleteRule Delete
Fig. Security Group rule list

Tag

On the Security Group List page, you can check the tag information of the selected resource, and add, change, or delete it.

ClassificationDetailed Description
Tag listTag list
  • Check Key, Value information of the tag
  • Up to 50 tags can be added per resource
  • Search and select from existing Key and Value lists when entering tags
Fig. Security Group tags tab items

Work History

Security Group list page where you can check the operation history of the selected resource.

DivisionDetailed Description
Work history listResource change history
  • Check work time, resource name, work details, work result, and worker information
Table. Work history tab detailed information items

Security Group resource management

You can manage resources such as Security Group log storage settings, rule additions, and more.

Using Log Saving

Reference

To save Security Group logs, you must first create a bucket in Object Storage to save the logs, and then set the bucket as the log repository in Security Group Logging.

  • Log storage settings can be checked in Security Group Logging, and for more information, please refer to Security Group Logging.
  • Setting up a log storage will incur Object Storage fees for log storage.

To save Security Group logs, follow these procedures.

  1. Click All Services > Networking > Security Group menu. It moves to the Service Home page of Security Group.
  2. On the Service Home page, click the Security Group menu. It moves to the Security Group list page.
  3. Security Group list page, click on the resource (Security Group name) to save the log. Move to the Security Group details page.
  4. Click the Edit icon of Log Saving. It moves to the Edit Log Saving popup window.
  5. Modify log storage In the 로그 저장 여부 수정 popup window, select 사용 and click the 확인 button.
Caution
If the log storage setting is not set in the Security Group Logging, you cannot set the log storage use setting.

Setting to not use log saving

To stop saving Security Group logs, follow these steps.

  1. 모든 서비스 > Networking > Security Group menu should be clicked. It moves to the Service Home page of Security Group.
  2. On the Service Home page, click the Security Group menu. It moves to the Security Group list page.
  3. On the Security Group list page, click the Security Group name that does not save logs. It moves to the Security Group details page.
  4. Click the Edit icon of Log Saving. It moves to the Edit Log Saving popup window.
  5. Modify log saving In the pop-up window, uncheck Use for the log storage and click the OK button.
  6. Check the message in the Notification popup window and click the OK button.
Caution
If you disable log storage usage, log storage for the corresponding service will be stopped, and tracking management through log analysis will not be possible in case of a security incident.

Add a rule

To add a Security Group rule, follow these steps.

  1. Click on the menu for all services > Networking > Security Group. It moves to the Service Home page of Security Group.

  2. On the Service Home page, click the Security Group menu. It moves to the Security Group list page.

  3. Security Group list page, click the resource (Security Group name) to add rules. Move to the Security Group details page.

  4. Click the Rules tab on the Security Group Details page. It moves to the Rules tab page.

  5. Click the Rule tab and click the Add Rule button. It moves to the Add Rule popup window.

    Classification
    Necessity
    		Detailed Description
    DirectionRequiredApplication target criteria, traffic access direction setting
    • Inbound rule: External → Server
    • Outbound rule: Server → External
    TypeRequiredProtocol type selection by protocol
    • Detailed input items vary depending on the selected protocol type
    Protocol NumberRequiredIf you select Custom Protocol in the protocol, enter the protocol number
    • 1 ~ 254 values can be entered
    ProtocolRequiredProtocol Type
    • TCP, UDP, ICMP, ALL Select the desired protocol from these values
    • ALL means all ports for all protocols
    Port RangeRequiredIf TCP/UDP is selected in the protocol, set the allowed port
    • Well-known ports such as SSH, HTTP, TELENT can be selected
    • When entering directly, values from 1 ~ 65,535 can be entered, and port range can be specified using ‘start value-end value
    TypeRequiredIf you select ICMP in the protocol, set the ICMP Type
    • Types defined as ICMP Type, such as Echo, can be used by selecting them
    • When entering directly, values from 0 ~ 255 can be entered
    RemoteRequiredRule Remote Type Setting
    • CIDR: Set target address by directly entering IP
    • Security Group: Set created Security Group as target
    Remote > Destination AddressRequiredIf you select CIDR for the Remote type, entering the destination address is required
    • When selecting CIDR: Enter in CIDR (IP address/subnet mask) format
      • You can enter up to 128 addresses at once using , and -.
      • To use the entire IP range (ANY), enter ‘0.0.0.0/0’
    원격 > Security Group필수Remote type is Security Group is selected, Security Group selection is required
    DescriptionOptionalAdditional description written by the user
    • Up to 255 characters can be entered
    Fig. Security Group rule addition details

  6. Check the rules to be added, then click the Confirm button.

Rule Bulk Creation

To add multiple Security Group rules at once, follow these steps.

  1. Click All Services > Networking > Security Group menu. It moves to the Service Home page of Security Group.
  2. On the Service Home page, click the Security Group menu. It moves to the Security Group list page.
  3. Security Group list page, click the resource (Security Group name) to add a rule. Move to the Security Group details page.
  4. Click the Rules tab on the Security Group Details page. It moves to the Rules tab page.
  5. Click the 규칙 tab and click the 엑셀 다운로드 button. The 규칙 bulk input Excel file will be downloaded.
  6. Enter the rule information into the bulk input Excel file and save it.
  7. Click the Batch Rule Input button. The Batch Rule Input popup window appears.
  8. Bulk Input Rules In the Bulk Input Rules popup window, click File Attachment and attach the written Excel file, then click File Upload.
    • You cannot upload if the attached Excel file format is different from the registration form or the file is encrypted.
    • The number of bulk registration rules that can be uploaded at once is up to 100. If the maximum registration rule is exceeded, it cannot be uploaded.
    • If the maximum number of rules that can be registered in Account is exceeded, the file cannot be uploaded.
  9. In the Check Rules popup window, check the details and click the Confirm button.

Deleting Rules

To delete a Security Group rule, follow these procedures.

  1. Click on the menu for all services > Networking > Security Group. It moves to the Service Home page of Security Group.
  2. On the Service Home page, click the Security Group menu. It moves to the Security Group list page.
  3. Security Group list page, click the resource (Security Group name) to add rules. Move to the Security Group details page.
  4. Click the Rule tab on the Security Group Details page. It moves to the Rule tab page.
  5. Click the Delete button of the rule to be deleted in the Rules tab.

Security Group cancellation

You can delete unused Security Groups.

Caution
If there is a Security Group applied service, the Security Group service cannot be cancelled.

To cancel the Security Group, follow the procedure below.

  1. Click All services > Networking > Security Group menu. It moves to the Service Home page of Security Group.
  2. On the Service Home page, click the Security Group menu. It moves to the Security Group list page.
  3. On the Security Group list page, select the resource (Security Group name) to be terminated and click the Service Termination button.
  4. Once the cancellation is complete, please check if the resource has been cancelled on the Security Group list page.

1 - Security Group Logging

To store Security Group logs, you must first create a bucket in Object Storage to store the logs and then set the bucket as the log storage for Security Group Logging. After that, you can enable log storage in the Security Group details, and Security Group logs will start being stored in the Object Storage bucket.

To store Security Group logs, you need to follow these steps:

  1. You can create a new bucket in Object Storage for storing Security Group logs or use an existing bucket. To create a bucket, refer to Creating Object Storage.
  2. To set the bucket as the log storage for Security Group Logging, refer to Using Security Group Logging Log Storage.
  3. To enable log storage in the Security Group details, refer to Enabling Security Group Log Storage.

Using Security Group Logging Log Storage

To enable Security Group log storage, you must first set up the log storage in Security Group Logging.

Note
To set up Security Group Logging log storage, you need an Object Storage bucket for log storage. First, create a bucket in the Object Storage service. For more information, refer to Creating Object Storage.
  1. Click All Services > Management > Network Logging > Security Group Logging. You will be taken to the Security Group Logging List page.
  2. On the Security Group Logging List page, click the Log Storage Settings button at the top. You will be taken to the Log Storage Settings popup window.
  3. In the Log Storage Settings popup window, select the Log Storage Bucket. After selecting the bucket, the Log Storage Path will be displayed.
  4. In the Log Storage Settings popup window, confirm the Log Storage Bucket and Log Storage Path, and then click the Confirm button.
  5. Confirm the message in the Notification popup window and click the Confirm button.
Guide
After setting up Security Group Logging log storage, you must enable log storage in the Security Group details for log storage to start. For more information, refer to Enabling Security Group Log Storage.

Security Group Logging List

After setting up the Security Group Logging log storage bucket, you can view the Security Group Logging list.

  1. Click All Services > Management > Network Logging > Security Group Logging. You will be taken to the Security Group Logging List page.
    Category
    Required
    		Description
    Resource IDRequiredSecurity Group ID
    Storage TargetRequiredSecurity Group Name
    Storage Registration DateRequiredSecurity Group Log Storage Registration Date
    Table. Security Group Logging List Items
Note
After setting up Security Group Logging log storage, you must enable log storage in the Security Group details for log storage to start. For more information, refer to Enabling Security Group Log Storage.

Checking Security Group Logging Content

Refer to the following content to check the stored log content.

  1. TCP / UDP

Example of stored log: 2024-10-11T02:18:39,drop,to-lport: tcp,198.19.65.2,6443,192.168.22.131,20427

CategoryDescription
2024-10-11T02:18:39Date and time when the log occurred (2024-10-11, 02:18:39)
dropAction (drop / allow)
to-lportDirection
  • to-lport: inbound
  • from-lport: outbound
tcpProtocol (tcp / udp / icmp / ip)
192.168.65.2Source IP
6443Source Port
192.168.22.131Destination IP
20427Destination Port
  1. ICMP

Example of stored log: 2024-10-11T02:18:39,allow,to-lport: icmp,192.168.65.2,192.168.22.131,8

CategoryDescription
2024-10-11T02:18:39Date and time when the log occurred (2024-10-11, 02:18:39)
to-lportDirection
  • to-lport: inbound
  • from-lport: outbound
allowAction (drop / allow)
icmpProtocol (tcp / udp / icmp / ip)
192.168.65.2Source IP
192.168.22.131Destination IP
8ICMP Type ID

Disabling Security Group Logging Log Storage

You can disable Security Group Logging log storage.

  1. Click All Services > Management > Network Logging > Security Group Logging. You will be taken to the Security Group Logging List page.
  2. On the Security Group Logging List page, click the Log Storage Settings button at the top. You will be taken to the Log Storage Settings popup window.
  3. In the Log Storage Settings popup window, select Do not use for the Log Storage Bucket, and then click the Confirm button.
Note
Log storage settings can be changed only when there is no log storage target. To change the log storage bucket, select Do not use, confirm, and then set it again.