While access to hosts on your local network is typically controlled by a firewall, access to your cloud hosts is controlled using security groups. A security group specifies which protocols are allowed and which ports are open for incoming and outgoing traffic to a cloud host. For incoming traffic, you can restrict access to one or more IP addresses.

Security groups are configured on the website of your cloud provider, and must be created separately for each region. You can create as many security groups as you need, up to the limit imposed by your cloud provider. You select a security group when you create a cloud host template, and that security group applies until the hosts are terminated.

Note: Not applicable for Microsoft Azure cloud accounts.

Key pairs are necessary if you intend to connect remotely to a cloud host.

A key pair consists of a public key and a private key. The public key is saved to the cloud host and the private key is saved locally on your computer or network.

Caution: When creating a new key pair, you are prompted to save the private key. Make sure to save it in a secure location. Without the private key, you cannot log into your hosts!

The private key is used differently for Windows and Linux hosts:

• Window hosts. When connecting remotely to a Windows host, you need the administrator password. The administrator password is generated on the website of your cloud provider by uploading the private key.

• Linux hosts. The private key itself is used when connecting to a Linux host.

Key pairs are created on the website of your cloud provider, and must be created separately for each region. You can create as many key pairs as you need for your different testing teams, up to the limit imposed by your cloud provider. You select a key pair when you create a cloud host template, and that key pair applies until the hosts are terminated.

Note: Not applicable for Microsoft Azure cloud accounts.

Enables you to define static IP addresses for your provisioned hosts. You can use elastic IP addresses for opening firewall settings to provision host machines without having the need to use different IP addresses each time. To do so, you can build and use a static pool of IP addresses for granting firewall access that are reserved only for your account. This pool of IP addresses remains associated with your cloud account until you choose to explicitly release it.

Note: Not applicable for Microsoft Azure cloud accounts.

Certificates are a key component of Windows Azure security.

There are two different kinds of certificates that play a role in securing your applications or services, service certificates and management certificates.

You must provide Windows Azure service certificates in the Personal Information Exchange (.pfx) format for use in LoadRunner Enterprise.

You must provide Windows Azure management certificates in X.509 (.cer) format and upload them to Azure.

Note: Only applicable for Microsoft Azure cloud accounts.