Security group rules

This section describes the additional security features related to your cloud provider.

Feature Description
Security Groups

While access to hosts on your local network is typically controlled by a firewall, access to your cloud hosts is controlled using security groups. A security group specifies which protocols are allowed and which ports are open for incoming and outgoing traffic to a cloud host. For incoming traffic, you can restrict access to one or more IP addresses.

Example: You need to connect to your cloud hosts via Remote Desktop. Therefore, you configure your security group to allow incoming traffic over TCP port 3389 (RDP). However, you only allow access for your company's IP addresses to prevent unauthorized access from the outside.

Security groups are configured on the website of your cloud provider, and must be created separately for each region. You can create as many security groups as you need, up to the limit imposed by your cloud provider. You select a security group at the time you provision cloud hosts, and that security group applies until the hosts are terminated.

Note: Not applicable for Microsoft Azure cloud accounts.

Key Pairs

Key pairs are necessary if you intend to connect remotely to a cloud host created from a public image.

A key pair consists of a public key and a private key. The public key is saved to the cloud host and the private key is saved locally on your computer or network.

Caution: When creating a new key pair, you are prompted to save the private key. Make sure to save it in a secure location. Without the private key, you cannot log into your hosts!

The private key is used differently for Windows and Linux hosts:

  • Window hosts. When connecting remotely to a Windows host, you need the administrator password. The administrator password is generated on the website of your cloud provider by uploading the private key.

  • Linux hosts. The private key itself is used when connecting to a Linux host.

Key pairs are created on the website of your cloud provider, and must be created separately for each region. You can create as many key pairs as you need for your different testing teams, up to the limit imposed by your cloud provider. You select a key pair at the time you provision cloud hosts, and that key pair applies until the hosts are terminated.

Note:

  • If you provision hosts from a custom image, the administrator password (Windows machines) or public key (Linux machines) is taken from the computer where the image was created. If you need the administrator password or private key, contact the person who manages your custom images.

  • Not applicable for Microsoft Azure cloud accounts.

Elastic IP Addresses

Enables you to define static IP addresses for your provisioned hosts. You can use elastic IP addresses for opening firewall settings to provision host machines without having the need to use different IP addresses each time. To do so, you can build and use a static pool of IP addresses for granting firewall access that are reserved only for your account. This pool of IP addresses remains associated with your cloud account until you choose to explicitly release it.

Note: Not applicable for Microsoft Azure cloud accounts.

Certificate Files

Certificates are a key component of Windows Azure security.

There are two different kinds of certificates that play a role in securing your applications or services, service certificates and management certificates.

You must provide Windows Azure service certificates in the Personal Information Exchange (.pfx) format for use in Performance Center.

You must provide Windows Azure management certificates in X.509 (.cer) format and upload them to Azure.

Note: Only applicable for Microsoft Azure cloud accounts.

For details on security groups, key pairs, elastic IP addresses, and certificate files, see the documentation provided by your cloud provider.

For task details on how to initially set up communication, see Initial cloud settings.

See also: