Security Groups

DuploCloud Tenants and Security Groups

Add Tenant Security pane

In DuploCloud, each Tenant is associated with its own Security Group, which allows unrestricted communication between all resources within that Tenant. This setup ensures that any computing resource in that Tenant can easily reach the services within that same Tenant.

Managing Security Groups in DuploCloud

Allowing Inter-Tenant Access

Administrators can allow inter-Tenant traffic using the Add Tenant Security pane:

  1. From the DuploCloud Portal, navigate to Administrator -> Tenants.

  2. Select the Tenant you want to open from the NAME column.

  3. Select the Security tab.

  4. Click Add. The Add Tenant Security pane displays.

    The Add Tenant Security pane
  5. Complete the fields:

Source Type

Select the source of incoming traffic: - Tenant – Allow access from another DuploCloud Tenant - IP Address – Allow access from a specific IP or VPN range

Tenant

(If Source Type = Tenant) Select the Tenant you want to allow access from.

IP CIDR

(If Source Type = IP Address) Choose: - Custom to manually enter an IP or CIDR - VpnIp to allow access from VPN-connected clients (no IP input needed)

(If IP CIDR Type = Custom) Enter a specific IP or CIDR (e.g., 203.0.113.10 or 10.1.0.0/16).

Protocol

Choose from: TCP, UDP, or ICMP.

Port Range

(If Protocol =TCP or UDP) Specify the port range.

Description

Optionally, enter a brief note about the rule’s purpose.

  1. Click Add. Inter-Tenant access is configured.

Configuring Azure VNet Security

In Azure, security is implemented at the Virtual Network (VNet) level. All traffic within the VNet is allowed by default. However, Administrators can override this behavior by setting up security rules to control traffic between different VNets or from a VNet to external resources.

  1. From the DuploCloud Portal, navigate to Administrator -> Infrastructure.

  2. Select the Infrastructure you want to manage access for from the NAME column.

  3. Select the Security Group Rules tab.

  4. Click Add. The Add Infrastructure Security pane displays.

    The Add Infrastructure Security pane
  5. Complete the fields:

Name

A unique name for the rule.

Subnet

The subnet this rule will apply to (e.g., custom-default).

Direction

Whether the rule applies to Inbound or Outbound traffic.

Source Type

The source of the traffic: IP Address, Service Tag, or Application Security Group.

Source Value

IP/CIDR (e.g., 10.0.0.0/8), service tag (e.g., Internet), or ASG name.

Source Port Range

Port or port range from the source (e.g., *, 443, 1000-2000).

Destination Type

The destination: IP Address, Service Tag, or Application Security Group.

Destination Value

IP/CIDR, Service tag, or ASG name for the destination.

Destination Port Range

Port or port range to allow/deny at the destination.

Priority

Rule priority. Lower values are higher priority (e.g., 100, 200).

Protocol

Choose TCP, UDP, or Both.

Action

Select Allow or Deny to permit or block the traffic.

  1. Click Add. The Security Group Rule is configured.

Add Infrastructure Security pane

Last updated

Was this helpful?