Security Groups
Managing Security Groups in DuploCloud
Last updated
Was this helpful?
Managing Security Groups in DuploCloud
Last updated
Was this helpful?
In DuploCloud, each Tenant is associated with its own Security Group, which allows unrestricted communication between all resources within that Tenant. This setup ensures that any computing resource in that Tenant can easily reach the services within that same Tenant.
Administrators can allow inter-Tenant traffic using the Add Tenant Security pane:
From the DuploCloud Portal, navigate to Administrator -> Tenants.
Select the Tenant you want to open from the NAME column.
Select the Security tab.
Click Add. The Add Tenant Security pane displays.
Complete the fields:
Source Type
Select the source of incoming traffic:
- Tenant
– Allow access from another DuploCloud Tenant
- IP Address
– Allow access from a specific IP or VPN range
Tenant
(If Source Type = Tenant) Select the Tenant you want to allow access from.
IP CIDR
(If Source Type = IP Address) Choose:
- Custom
to manually enter an IP or CIDR
- VpnIp
to allow access from VPN-connected clients (no IP input needed)
(If IP CIDR Type = Custom) Enter a specific IP or CIDR (e.g., 203.0.113.10
or 10.1.0.0/16
).
Protocol
Choose from: TCP
, UDP
, or ICMP
.
Port Range
(If Protocol =TCP or UDP) Specify the port range.
Description
Optionally, enter a brief note about the rule’s purpose.
Click Add. Inter-Tenant access is configured.
In Azure, security is implemented at the Virtual Network (VNet) level. All traffic within the VNet is allowed by default. However, Administrators can override this behavior by setting up security rules to control traffic between different VNets or from a VNet to external resources.
From the DuploCloud Portal, navigate to Administrator -> Infrastructure.
Select the Infrastructure you want to manage access for from the NAME column.
Select the Security Group Rules tab.
Click Add. The Add Infrastructure Security pane displays.
Complete the fields:
Name
A unique name for the rule.
Subnet
The subnet this rule will apply to (e.g., custom-default
).
Direction
Whether the rule applies to Inbound
or Outbound
traffic.
Source Type
The source of the traffic: IP Address
, Service Tag
, or Application Security Group
.
Source Value
IP/CIDR (e.g., 10.0.0.0/8
), service tag (e.g., Internet
), or ASG name.
Source Port Range
Port or port range from the source (e.g., *
, 443
, 1000-2000
).
Destination Type
The destination: IP Address
, Service Tag
, or Application Security Group
.
Destination Value
IP/CIDR, Service tag, or ASG name for the destination.
Destination Port Range
Port or port range to allow/deny at the destination.
Priority
Rule priority. Lower values are higher priority (e.g., 100
, 200
).
Protocol
Choose TCP
, UDP
, or Both
.
Action
Select Allow
or Deny
to permit or block the traffic.
Click Add. The Security Group Rule is configured.