About Security Groups in LBU

The configuration of security groups for load balancers and back-end VMs depends on the type of platform in which the load balancer is (public Cloud or Net).

All the security groups of your load balancers and back-end VMs must allow inbound flows in TCP protocol on the port you want (port 80 if you want to use HTTP protocol).

Back-end VMs of a same load balancer can use the same security group, or you can use separate security groups for each back-end VM. Each VM can use one or more security groups, and can therefore receive flows coming from both the load balancer and another source (for example another VM or the Internet).

In this architecture, the load balancer receives inbound flows coming from the Internet and sends outbound flows to back-end VMs in the public Cloud. You only need to specify rules for inbound flows (source) for security groups in the public Cloud.

The security group of the load balancer is automatically created and configured (outscale-elb-sg). You only need to configure a listener for the load balancer to receive requests in a specified protocol and on a specified port.

The security groups of back-end VMs must allow inbound flows coming from the security group of the load balancer. The name of this security group that you need to specify is outscale-elb-sg. As this security group belongs to 3DS OUTSCALE and not to your account, you also need to specify outscale-elb as the security group owner.

In a Net, the configuration of security groups depends on your architecture, that is whether flows go from a load balancer to back-end VMs or from one or more VMs to a load balancer.

Unlike the public Cloud, no security group is automatically associated with a load balancer created in a Net. Therefore, you must create a security group to associate with any load balancer you create in a Net and configure it with proper rules.

In a Net, you must specify rules for both inbound flows (source) and outbound flows (destination).