Modify the Default Security Group

1. Navigate to the Horizon web interface at https://cloud.cades.ornl.gov/.
2. Log in with your UCAMS credentials.
   • Domain: ornl
   • Username: Your three-letter UCAMS ID
   • Password: Your UCAMS password
3. Navigate to Project → Compute → Access & Security → Security Groups.
4. On this screen, look for the row labeled "default." Click the Manage Rules button.
   
   From here you can create a new rule or remove rules.
   

Create a New Rule

You can add a new rule to your Security Group using the built-in rules provided in OpenStack or you can create your own custom rule.

Create a Rule Using the Built-in Rules

1. Navigate to Project → Compute → Access & Security → Security Groups.
2. Click the Add Rule button.
   
3. In the resulting dialog, click the drop-down field under Rule.
4. Choose a rule from the list that fits your needs (DNS, HTTP, HTTPS, etc.).
5. In the Remote box directly under Rule, choose either CIDR or Security Group.
   • If you selected CIDR, enter the desired inter-domain range in the CIDR box directly under the Remote box. See CIDR examples.
   • If you select Security Group, choose a security group shared by the Instance(s) with which you wish to communicate. You can also do this via their IP addresses using the CIDR option.
     📝 Note: this option only allows access to the Instances within that security group. This differs from CIDR.
6. Click Add at the bottom of the dialog box to implement your rule.
7. Confirm the new rule is displayed in the Manage Rules screen.

Create a Custom Rule

1. Navigate to Project → Compute → Access & Security → Security Groups.
2. Click the Add Rule button.
   
3. In the resulting dialog, click the drop-down field under Rule.
4. Choose the rule type from the drop-down list (e.g., Custom TCP|ICMP|UDP Rule).
5. Set the preferred direction in the Direction field (i.e., Ingress or Egress).
6. Choose either a single port or a range of ports in the Open Port section.
7. Enter the port or port range in the respective field.
8. In the Remote box, choose either CIDR or Security Group.
   • If you select CIDR, enter the desired inter-domain range in the CIDR field. See CIDR examples.
   • If you select Security Group, choose a security group shared by the Instance(s) with which you wish to communicate.
     📝 Note: This option only allows access to the Instances within that security group. This differs from CIDR.
9. Click Add at the bottom of the dialog box to implement your custom rule.
   
10. Confirm your new custom rule is displayed in the Manage Rules screen.

Remove Rules

Remove an existing rule

1. Navigate to Project → Compute → Access & Security → Security Groups.
2. Select the rule that you would like to remove.
3. Click the Delete Rule button on the far right of the selected rule.
4. Confirm deletion of the rule.

Remove multiple rules

1. Navigate to Project → Compute → Access & Security → Security Groups.
2. Toggle the check box next to each rule you would like to remove.
3. Click the Delete Rules button in the top-right corner of the Manage Rules screen.
4. Confirm deletion of the rules.

Rename a Security Group

📝 Note: You cannot rename the default security group.

1. In the Security Groups table, select the ▾ drop-down menu on the far right of the row.
2. Select Edit Security Group.
   
3. In the resulting dialog, you can modify the name and description of the user-added Security Group.
4. Click Edit Security Group to save your changes.
   
5. Confirm your changes in the Security Groups table.

Delete a Security Group

1. In the Security Groups table, find the Security Group you wish to delete, and select the ▾ drop-down menu on the far right of its row.
2. Select Delete Security Group.
   
3. Click Delete Security Group in the resulting dialog.
4. Confirm deletion of the Security Group.