Note: Please go to docs.rightscale.com to access the current RightScale documentation set. Also, feel free to Chat with us!
Home > Guides > Dashboard Users Guide > Settings > Account > Concepts > About Firewalls

About Firewalls

Overview

Firewalls are a network security mechanism that control who can send which kinds of traffic to whom. The RightScale platform is designed to work well with clouds, users or design assets that reside behind a firewall, and with in-cloud firewall mechanisms. This document lists firewall-configuration use cases and provides links to detailed instructions.

RightScale-Operated Networks

​​

RightScale operates network infrastructure in several geographical regions to provide fault tolerance. Your instances generally communicate with infrastructure in a nearby geographical region, but may be redirected to remote regions during network or cloud outages.

Network/CIDR Location Description
54.225.248.128/27 US-East us-3 cluster and island1 resources
54.244.88.96/27 US-West us-4 cluster and island10 resources
54.86.63.128/26 US-East additional island1 resources
54.187.254.128/26 US-West additional island10 resources
54.217.243.218/32
54.217.243.226/32
Europe

island2 resources. Can be removed after April 30, 2015.

Only required for workloads in AWS EU-Frankfurt and AWS EU-Ireland.

54.246.247.16/28  Europe  Only required for workloads in AWS EU-West and EU-Central. 

54.248.220.136/32

54.248.220.137/32

Japan

island8 resources. Can be removed after April 30 2015.  

Only required for workloads in AWS AP-Tokyo and AWS AP-Sydney

54.248.220.128/28 Japan Only required for workloads in AWS AP-Tokyo and AWS AP-Sydney. 

54.251.98.164/32

54.251.106.120/32

Singapore

island5 resources. Can be removed after April 30 2015.  

Only required  for workloads in AWS AP-Singapore.

54.255.255.208/28 Singapore Only required for workloads in AWS AP-Singapore. 

Firewall configuration involves adding one or more rules for each of these networks; the ports, protocols and direction of the rules varies depending on the use case.

Use Cases

Manage a Firewalled Virtual Network

Most public clouds incorporate firewall functionality and some private clouds are deployed behind a firewall. If you want to use RightScale management features with compute instances that reside in a firewalled network, it is important to configure your firewall to allow communication between your instances and the RightScale platform. See the following links for specific use cases.

NOTE: AWS Classic Security Groups and CloudStack Security Groups do not require configuration in order to be RightScale-compatible.

Connect a Firewalled Private Cloud to RightScale

Sometimes, your private cloud itself resides behind a firewall. In this case you must configure the firewall to allow inbound connections from RightScale to your cloud's API endpoint. See the following how-to:

​Host Design Assets Behind a Firewall

If your organization hosts Chef cookbooks in a Git or Subversion repository that resides behind a firewall, you may want to allow those assets to be imported into RightScale for use with ServerTemplates.

Access RightScale UI or API from Behind a Firewall

If your organization controls Web access, you may need to add some firewall or proxy rules to enable end-user access to RightScale services. Please see:

Understand Network Protocols and Ports Used by RightScale

Independent of any configuration activities you perform, you may want a more detailed understanding of why certain firewall rules are required. This information might be used to satisfy your own curiosity, or to justify configuration change requests. The following pages contain detailed information to provide this context:

You must to post a comment.
Last modified
09:23, 25 Nov 2014

Tags

This page has no custom tags.

Classifications

This page has no classifications.

Announcements

None


© 2006-2014 RightScale, Inc. All rights reserved.
RightScale is a registered trademark of RightScale, Inc. All other products and services may be trademarks or servicemarks of their respective owners.