Overview
Key Concepts
General
- Index
- Favorites
- User Getting Started
- General
- User Key Concepts
- Search
- User Testing and Debugging
- User Interface
Account
- Index
- Add a Group to an Organization
- Add a New Azure Cloud
- Add a New Cloud
- Add a User To a Group
- Add a User
- Add a User to a Team
- Azure Setup
- Azure
- Catalogs
- Clouds
- Cost Management
- Create a Team in an Organization
- Delete a Platform
- Deploy an Organization
- Deployment Approval Process
- Enable Access to an Assembly for a User on a Team
- Environment Profiles
- How Cost Tracking and Reporting Works
- Import and Export Catalog
- Account
- Manage OneOps User Accounts
- Notifications
- OneOps Policy Management
- Organization Summary
- Provide Only Necessary Privileges to Accounts
- Reports Summary
- Restrict Access with Teams
- Secrets Proxy
- Security Groups
- Shutdown a Cloud
- View a Reports Summary
- View, Add, or Edit Environment Profiles
- View an Organization Summary
- View Assembly and Organization Consumption with Reports
Design
- Index
- Add a Platform to a Design
- Add a Variable
- Add ELK Stack to an Application
- Add or Delete a Security Group to Open or Close an Additional Port
- Add a Team to an Assembly
- Apache HTTP Server Component
- Apache HTTP Server Pack
- Apache Tomcat Pack
- Artifact Component
- Attachments
- Variables Override Prevention
- Certificate Component
- Chocolatey Package Component
- Components
- Compute Component
- Create Assemblies to Design Applications
- Create Environment Dependency with Environment Profiles
- Daemon Component
- Design Best Practices
- Download Component
- Edit a Platform
- Enable https for a Service (LB Certs)
- File Component
- Filebeat Component
- Firewall Component
- Fully Qualified Domain Name FQDN
- Hostname Component
- Design
- Java Component
- Job Component
- Keystore Component
- Load Balancer Component
- Library Component
- Load/Extract
- Logstash Component
- Manage Assemblies
- DotNet Framework Component
- Microsoft IIS Pack
- IIS Website Component
- Microsoft SQL Server Pack
- Naming Conventions
- NuGet Package Component
- Objectstore Component
- Operating System Component
- Packs
- Platform Links
- Platforms
- Ports by Platform
- Propagation
- Security Group Component
- Secrets Client Component
- Sensuclient Component
- Set Up Multiple Ports/Protocols in Load Balancer
- Share Component
- SSH Keys Component
- Storage Component
- Telegraf Component
- Upgrade an Application Version in an Environment
- User Component
- Variables
- View Design Releases
- Volume Component
- Watching an Assembly
- Website Component
Transition
- Index
- Add CNAME in Azure DNS
- Add CNAME
- Add or Edit Primary and Secondary Clouds
- Add or Reduce Capacity
- Availability Modes
- Configure ECV Check URL on OneOps
- Create an Environment
- Delete an Environment
- Deploy Application after Design Changes
- Deploy an Application for the First Time
- Deploy Application With Database
- Deploy an Environment
- Deploy Multiple Clouds in Parallel
- Deploy and Provision an Application and Environment for the First Time
- Edit an Environment
- Email Notification Relay
- Environment Releases
- Environment
- Transition
- Remove an Unused Cloud from an Environment
- Rollback Code
- Set Variable Cloud Scaling Percentage
- Transition Best Practices
- Transition
- View Deployment Status
Operation
- Index
- Assess the Health of Applications, Platforms and Clouds
- Auto Repair
- Auto Replace
- Auto Scale
- Computes in Operation
- Control Environment
- Enable Platform to Auto Replace Unhealthy Components
- Ensure that Alerts for Production Environment are Sent to NOC
- Find a Platform VIP Name
- Grep or Search Text in Files on Computes
- Operation
- Navigation to Monitors
- Monitors
- Operations
- Operations Summary
- Set Up a Custom Action
- Take a Node out of Traffic (ECV Disable)
- Update or Upgrade New OneOps Code
Security Groups
A security group is a named collection of network access rules that is used to control the types of traffic that have access to your application. The associated rules in each security group control the traffic to platforms in the group.
In the old clouds, the security groups were provided by default at the cloud level. This allowed inter-communication between any platforms, which was a security concern. As a result, the new clouds that run Juno do not have any default security groups defined. Application teams need to add the secgroup component available in OneOps to open the relevant ports required for their application. The default list of ports for each platform is added to the circuits and shows up when the sec group component is added to the design in OneOps.
Solutions
Three possible scenarios are described below.
Platform with Security Groups
- Review the ports that are added as part of this component and ensure that all the ports that are needed for your application are added.
- If it is necessary to add or edit the ports, follow the steps in Add or Delete a Security Group to Open or Close an Additional Port.
- Make sure that port 22 is in the list or deployment will fail at the compute provisioning step.
- The default ports for the Tomcat, Jboss, nodejs should be open if the configuration has not changed and should have these ports. For a complete list of platforms, see the List of Ports by Platform.
| Platform | Port Rule |
|---|---|
| Tomcat | 22 22 tcp 0.0.0.0/0 8080 8080 tcp 0.0.0.0/0 8443 8443 tcp 0.0.0.0/0 8009 8009 tcp 0.0.0.0/0 |
| JBOSS | 22 22 tcp 0.0.0.0/0 8080 8080 tcp 0.0.0.0/0 8443 8443 tcp 0.0.0.0/0 8009 8009 tcp 0.0.0.0/0 |
| nodejs | 22 22 tcp 0.0.0.0/0 8080 8080 tcp 0.0.0.0/0 8443 8443 tcp 0.0.0.0/0 |
| gluster | 22 22 tcp 0.0.0.0/0 24007 24100 tcp 0.0.0.0/0 24007 24100 udp 0.0.0.0/0 34865 34867 tcp 0.0.0.0/0 34865 34867 udp 0.0.0.0/0 111 111 tcp 0.0.0.0/0 111 111 udp 0.0.0.0/0 49152 49153 tcp 0.0.0.0/0 49152 49153 udp 0.0.0.0/0 |
Platform with No Security Groups
- Go to your Design.
- Click the Platform to which you want to add the security group.
- Click + on the secgroup component.
- Review the list of default ports available for that platform. (For example: below is a screenshot for the JBoss platform.)
- To add new ports that are not part of the list, follow the instructions at Add or Delete a Security Group to Open or Close an Additional Port.
New Platform
The secgroup component is added by default as part of every platform.
If an application requires other ports to be opened, it is important to do this so that the application works.
