Skip to main content

Pivotal Cloud Foundry Developer Certification - Application Security Groups


What is an application security group (ASG)? What does it do?Application Security Groups (ASGs) are a collections of egress rules that specify the protocols, ports, and IP address ranges where app or task instances send traffic. The platform sets up rules to filter and log outbound network traffic from app and task instances. ASGs apply to both buildpack-based and Docker-based apps and tasks.

Types of ASG's:
  Default : public_networks, dns
  Staging vs Staging
  Platform-wide vs Space Scope

Typical ASG's:
ASGFor access to
dnsDNS, either public or private
public-networksPublic networks, excluding IaaS metadata endpoints
private-networksPrivate networks in accordance with RFC-1918
load-balancersThe internal Cloud Foundry load balancer and others
internal-proxiesInternal proxies
internal-databasesInternal databases

How do you define one?
cf create-security-group SECURITY-GROUP PATH-TO-RULES-FILE

RULES file eg.
[
  {
    "protocol": "icmp",
    "destination": "0.0.0.0/0",
    "type": 0,
    "code": 0
  },
  {
    "protocol": "tcp",
    "destination": "10.0.11.0/24",
    "ports": "80,443",
    "log": true,
    "description": "Allow http and https traffic from ZoneA"
  }
]

To bind an ASG to the platform-wide staging ASG set
cf bind-staging-security-group SECURITY-GROUP

What can an ASG apply to?

ASG can be applied to 
1. platform wide running or staging ASG set
2. space scoped running or staging set

What is the difference between white and black listing? Which do you use when defining an ASG?
ASG uses white list. White list defines permit-able set of addresses.

Comments

Post a Comment

Popular posts from this blog

Pivotal Cloud Foundry Developer Certification - Logging, Scaling and High Availability

 How do you access application logs? cf logs APP_NAME cf start APP_NAME To see the logs of particular pcf sub system. cf logs APP_NAME | grep "API\|CELL" To exclude particular logs cf logs APP_NAME | grep -v "API\|CELL" To see application events i.e. start, stop, crash etc... cf events APP_NAME To display all the lines in the Loggregator buffer cf logs APP_NAME --recent  What are the components of the Loggregator system? Loggregator is the next generation system for aggregating and streaming logs and metrics from all of the user apps and system components in a Cloud Foundry deployment. Primary use: 1. Tail/dump logs using CLI.  2. Stream to 3rd party log archive and analysis service 3. Operators and admins can access Loggregator Firehouse, the combined stream from all the apps and metrics data. 4. Operators can deploy nozzle to the firehouse.  A nozzle is a component that monitors the Firehose for specified events and metrics,
4 comments
Read more

Kumaoni Song/Poem - Uttarakhand meri matrebhoomi

O Bhumi Teri Jai Jaikaara Myar Himaala O Bhumi Teri Jai Jaikaara Myar Himaala Khwar main koot tyaro hyu jhalako-2 Chhalaki kaali Gangai ki dhaara myara Himaala Himaala kaali Gangai ki dhaara myar Himaala Uttarakhand meri matrebhoomi Matrabhoomi ya meri pitrabhoomi O Bhoomi teri jai jai kaara myar Himaala Himaala teri jai jai kaara myar Himaala Tali tali taraai kuni-2 O kuni mali mali bhabara myar Himaala Himaala Mali mali bhabara myar Himaala Badari Kedara ka dwar chhana-2 Myara kankhal Hariwara myar Himaala Himaala kankhal Haridwara myar Himaala Kaali Dhauli ka bali chhali jaani-2 Bata naan thula kailasha myar himaala  Ho Bata naan thula kailasha myar Himaala Parvati ko myaro mait yen chha-2 Ho yen chha Shivjyu ko saurasa myar Himaala Himaala Shiv jyu ko saurasa myar Himaala Dhan mayedi mero yo janama-2 Himaala teri kokhi mahana myar Himaala Himaala teri kokhi mahana myar Himaala Mari jula to tari julo-2 O eju ail tyara baana myar Himaala-2 Himaala ail tyara
Post a Comment
Read more

OpenStack - Conceptual architecture showing the relationship b/w services

AWS vs Openstack comparison https://redhatstackblog.redhat.com/2015/05/13/public-vs-private-amazon-compared-to-openstack/
Post a Comment
Read more