HomePlatformPricing
Edit

Security Groups

DuploCloud Tenants and Security Groups

In DuploCloud, each Tenant is associated with its own Security Group, which allows unrestricted communication between all resources within that Tenant. This setup ensures that any computing resource in that Tenant can easily reach the services within that same Tenant.

Adding Security Rules for a Tenant

You can configure security rules for a Tenant to control which traffic is allowed to reach resources within it. This includes both IPv4 and IPv6 addresses, VPN clients, or traffic from other Tenants.

  1. Navigate to Administrator -> Tenants.

  2. Select the Tenant from the NAME column.

  3. Select the Security tab.

  4. Click Add. The Add Tenant Security pane displays.

    Add Tenant Security pane

  5. Complete the following fields:

Source Type

Select Tenant to allow access from another DuploCloud Tenant, or IP Address to allow traffic from a specific IP or VPN range.

Tenant

If Source Type = Tenant, select the Tenant you want to allow access from.

IP CIDR

If Source Type = IP Address, select Custom to manually enter an IP or CIDR (IPv4 or IPv6), or VpnIp to allow access from VPN clients.

Protocol

Choose the protocol for the rule: TCP, UDP, or ICMP.

Port Range

If the protocol is TCP or UDP, specify the port range (for example, 1-65535).

Description

Optionally, add a note describing the purpose of the rule.

  1. Click Add to save the Security rule.

Allowing Inter-Tenant Access

To enable traffic between two DuploCloud Tenants, you create a Tenant security group rule:

  1. Follow the steps in Adding Security Group Rules for a Tenant to open the Add Tenant Security pane.

  2. In Source Type, select Tenant.

  3. In Tenant, select the Tenant you want to allow access from.

  4. Configure Protocol and Port Range as needed.

  5. Optionally, enter a Description for the rule.

  6. Click Add. This rule allows all resources in the selected source Tenant to communicate with resources in the current Tenant according to the ports and protocol you specified.

Configuring Azure VNet Security

In Azure, security is implemented at the Virtual Network (VNet) level. All traffic within the VNet is allowed by default. However, Administrators can override this behavior by setting up security rules to control traffic between different VNets or from a VNet to external resources.

  1. From the DuploCloud Portal, navigate to Administrator -> Infrastructure.

  2. Select the Infrastructure you want to manage access for from the NAME column.

  3. Select the Security Group Rules tab.

  4. Click Add. The Add Infrastructure Security pane displays.

    The Add Infrastructure Security pane

  5. Complete the fields:

Name

A unique name for the rule.

Subnet

The subnet this rule will apply to (e.g., custom-default).

Direction

Whether the rule applies to Inbound or Outbound traffic.

Source Type

The source of the traffic: IP Address, Service Tag, or Application Security Group.

Source Value

IP/CIDR (e.g., 10.0.0.0/8), service tag (e.g., Internet), or ASG name.

Source Port Range

Port or port range from the source (e.g., *, 443, 1000-2000).

Destination Type

The destination: IP Address, Service Tag, or Application Security Group.

Destination Value

IP/CIDR, Service tag, or ASG name for the destination.

Destination Port Range

Port or port range to allow/deny at the destination.

Priority

Rule priority. Lower values are higher priority (e.g., 100, 200).

Protocol

Choose TCP, UDP, or Both.

Action

Select Allow or Deny to permit or block the traffic.

  1. Click Add. The Security Group Rule is configured.

PreviousIAMNextVPN

Last updated

Was this helpful?