Currently we are using a set of security groups:
| Security Group | Description | Ports | Notes | Temp rule notes |
|---|---|---|---|---|
| CHF-Access-Web | CHF internal web access | 80, 443 | IT has the list of addresses, may need to be updated for California offices? | |
Management-Access | worldwide ssh access | 22 | All machines MUST have this group to allow ssh access. Currently allows worldwide ssh access | |
Public-Access-Web | Public web access | 80, 443 | Open worldwide, to be applied to public web facing servers | |
Temp-Development | short term dev firewall rules | ?? | Please use this for short term access, rules in here may be cleared off | |
Temp-Production | short term production firewall rules | ?? | Please use this for short term access, rules in here may be cleared off | Will be adding Cat and Sarah to Hydra for off-site access in case of Septa strike. Roger Turner has his address (75.75.165.67) added for offsite access to Hydra. |
Temp-Staging | short term staging firewall rules | ?? | Please use this for short term access, rules in here may be cleared off | |
| internal-networking | Access between machines | 80, 443, 8080, 8983 | All Samvera machines must be members of this group so they can share REST data. | |
| EFS | Access to Elastic File System | ?? | Not in use yet, will allow access to EFS connections |
When a machine has multiple security groups, as long as any one of the groups allows access the connection will work through the firewall. Anything not covered will be rejected however.