Security Groups in Cleura Cloud

Overview

Security Groups in Cleura Cloud provide the primary layer of network protection for your virtual machines and workloads. They define which traffic is allowed in and out of your environments and are enforced at the hypervisor level for consistent, tenant-isolated security.

By using flexible rule sets and project-scoped isolation, you can protect internal communication, control external exposure, and ensure compliance with security policies.

How it works

Security Groups act as virtual network filters applied to ports or instances. Each group contains inbound and outbound rules specifying allowed IP ranges, protocols, and ports. These rules are stateful — return traffic for permitted connections is automatically allowed.

Administrators can create multiple groups to separate front-end, application, and database layers, or apply consistent policies across entire environments. The Cleura Cloud Management Panel and OpenStack CLI both provide intuitive ways to define and update these rules dynamically, ensuring quick adaptation to new workloads or changing requirements.

OpenStack Neutron documentation – official reference explaining the underlying open-source technology used in Cleura Cloud.

Typical use cases

Web application tiers

Allow HTTP/HTTPS access to front-end servers while restricting back-end communication to internal networks.

Database isolation

Limit inbound access to specific application servers or subnets only.

Dev/Test environments

Apply permissive policies for internal experimentation, while keeping production networks tightly controlled.

Compliance and audit scenarios

Maintain transparent rule sets that align with security frameworks and European data protection requirements.

Integration with other networking features

Security Groups integrate seamlessly with Cleura networking components such as Virtual Private Cloud (VPC), Routers, and Load Balancers. They provide an additional layer of protection between subnets or project boundaries, ensuring consistent enforcement regardless of how your workloads are connected.

Because these controls operate within each Cleura region, all filtering remains fully within European jurisdictions — supporting digital sovereignty and regulatory compliance by design.

What are Security Groups in Cleura Cloud?

They are virtual network filters that control inbound and outbound traffic to your instances, defining which connections are allowed.

Where are Security Groups enforced?

They are enforced at the hypervisor level, ensuring consistent and isolated protection for each tenant.

How do Security Groups handle return traffic?

They are stateful — once an outbound connection is permitted, the corresponding inbound response is automatically allowed.

Can I assign multiple Security Groups to one instance?

Yes. You can apply several groups to combine or reuse rule sets across workloads.

How can I manage Security Groups?

Through the Cleura Cloud Management Panel or the OpenStack CLI, both supporting dynamic updates to rules and policies.

Do Security Groups operate within European regions only?

Yes. All filtering and data processing occur entirely within Cleura’s European regions to maintain digital sovereignty.

Security Groups in Cleura Cloud - Previous Load balancer in Cleura Cloud Next - Security Groups in Cleura Cloud Site-to-Site VPN
CONTENTS