Firewalls are a network security mechanism that control who can send which kinds of traffic to whom. The RightScale platform is designed to work well with clouds, users or design assets that reside behind a firewall, and with in-cloud firewall mechanisms. This document lists firewall-configuration use cases and provides links to detailed instructions.
RightScale operates network infrastructure in several geographical regions to provide fault tolerance. Your instances generally communicate with infrastructure in a nearby geographical region, but may be redirected to remote regions during network or cloud outages.
|18.104.22.168/27||US-East||us-3 cluster and island1 resources|
|22.214.171.124/27||US-West||us-4 cluster and island10 resources|
|126.96.36.199/26||US-East||additional island1 resources|
|188.8.131.52/26||US-West||additional island10 resources|
island2 resources. Can be removed after April 30, 2015.
Only required for workloads in AWS EU-Frankfurt and AWS EU-Ireland.
|184.108.40.206/28||Europe||Only required for workloads in AWS EU-West and EU-Central.|
island8 resources. Can be removed after April 30 2015.
Only required for workloads in AWS AP-Tokyo and AWS AP-Sydney
|220.127.116.11/28||Japan||Only required for workloads in AWS AP-Tokyo and AWS AP-Sydney.|
island5 resources. Can be removed after April 30 2015.
Only required for workloads in AWS AP-Singapore.
|18.104.22.168/28||Singapore||Only required for workloads in AWS AP-Singapore.|
Firewall configuration involves adding one or more rules for each of these networks; the ports, protocols and direction of the rules varies depending on the use case.
Most public clouds incorporate firewall functionality and some private clouds are deployed behind a firewall. If you want to use RightScale management features with compute instances that reside in a firewalled network, it is important to configure your firewall to allow communication between your instances and the RightScale platform. See the following links for specific use cases.
|NOTE: AWS Classic Security Groups and CloudStack Security Groups do not require configuration in order to be RightScale-compatible.|
Sometimes, your private cloud itself resides behind a firewall. In this case you must configure the firewall to allow inbound connections from RightScale to your cloud's API endpoint. See the following how-to:
If your organization hosts Chef cookbooks in a Git or Subversion repository that resides behind a firewall, you may want to allow those assets to be imported into RightScale for use with ServerTemplates.
If your organization controls Web access, you may need to add some firewall or proxy rules to enable end-user access to RightScale services. Please see:
Independent of any configuration activities you perform, you may want a more detailed understanding of why certain firewall rules are required. This information might be used to satisfy your own curiosity, or to justify configuration change requests. The following pages contain detailed information to provide this context:
© 2006-2014 RightScale, Inc. All rights reserved.
RightScale is a registered trademark of RightScale, Inc. All other products and services may be trademarks or servicemarks of their respective owners.