V Cloud

Security Group

A Security Group is an internal network access control mechanism used to restrict the network access scope between services. By adding services to the same security group, it can be ensured that these services can only access each other within the group, thereby achieving logical isolation and security protection.

Compared to traditional security groups, this feature is more lightweight and does not involve complex configurations of ports, protocols, or IP whitelists. Its primary purpose is to quickly establish internal network security boundaries between services.

Creating a Security Group

Select Security Group in the sidebar to enter the Security Group interface, where you can manage security groups. This interface displays information such as the current network group's region. Below, all network groups in that region and their metadata are listed, and searching by network group ID and name is allowed.

This is a web console named “Network Security Group Management” for managing security groups. The left sidebar contains menu items such as Profile, My Orders, MarketPlace, Containers, My Services, App Catalog, Security Group, Access Token, and Hosted Config, with Security Group selected. The main panel shows the current region as Europe, 2 active regions, and 2 total security groups. Below are a search bar, region filter, and two listed groups “bb” and “aaaavv” with region, creation, and update time. A “Create Europe Security Group” button appears at the top right, and an orange floating icon with a red notification dot at the bottom right.

In the upper right corner, you can select "Create Security Group" to create a network group. Note that a network group is a regional resource, and only services within the same region can be added to it, so please be mindful of the region selection. The region is selected by clicking the region selection box.

This is a screenshot of the "Network Security Group Management" interface. Below the title, on the right, there is a blue button highlighted with a red box, labeled "+ Create Europe Security Group". Below this are three information cards: the first is "Current Group Region," with the value "Europe" highlighted in blue and marked by a red box; the second is "Active Regions," with a value of 2; and the third is "Total Security Groups," with a value of 2. Further down is the search and filtering area, including a search box (Search security group name or ID), a region filter dropdown (currently showing Europe), and a "Refresh" button. The bottom shows a partial list of security groups, including cards named "bb" and "aaaavv," both with a small lock icon and ID information.

Adding or Removing Services to/from a Security Group

Click the "View Details" of a network group on the network group interface to open its details pane.

This is a screenshot of a card interface displaying a protected resource named "bb". The top of the card shows a small lock icon next to the resource name "bb". Below this, the resource details are listed: ID is partially censored, Region is Europe, and both Created At and Updated At are 2025-10-17 18:06:26. The bottom of the card contains two action elements, with the "View Details" button on the left highlighted by a red box, and a "More Actions" dropdown link on the right.

This pane displays more detailed information and allows for browsing and managing the services under this network group. This includes adding services, removing services, or setting a service as a gateway service.

This is a screenshot of the "Security Group Details: abcava" interface. The "Basic Information" section shows details: ID (partially blurred), Name as abcava, Region as North America, Status as Active, Created At as 2025-10-20 11:33:59, and Updated At as 2025-10-20 14:20:08. The next section, "Services List (2)", includes a "Refresh List" button and a red-boxed "+ Add Service" button. The table lists Service ID, Gateway, and Actions. The first Service ID has a "Gateway" tag, with "Remove Gateway" and "Remove" actions. The second Service ID has no gateway, with red-boxed "Set as Gateway" and "Remove" actions. A note at the bottom explains that joining or leaving a network group/setting or removing a gateway requires restarting the network service and that the service list may take a moment to update.

Services within the network group will have the following characteristics:

  • The service only allows internal network access from the same group and does not permit public network access.
  • The service can still initiate outbound connections within the group, but inbound connections from the public network or outside the group will be blocked.
  • The action of joining or leaving the network group is a hot update, therefore a service restart is not required, but there might be a delay of a few minutes.
  • Since the network environment configuration needs to be reset, it is necessary to wait for a period of time for the network group configuration to take effect after the service is restarted or redeployed.

Services that have joined the network group can establish internal network connections through alias configuration.

Gateway Service

Setting a service within the network group as a Gateway Service allows that service to receive inbound connections from the public network or outside the group, even though the node is in the network group.

Clicking "Set as Gateway" on a service will set or unset the service as a gateway service.

The gateway service has the following characteristics:

  • The gateway service within a network group is not unique, and multiple services can exist.
  • The gateway service does not restrict initiating outbound connections, and also allows arbitrary inbound connections from the public network or internal networks of other groups.
  • The action of setting or unsetting a gateway node is a hot update, therefore a service restart is not required, but a minute-level delay may exist.
  • Since the network environment configuration needs to be reset, it is necessary to wait for a period of time for the network group configuration to take effect after the service is restarted or redeployed.
Last Updated: 10/21/2025, 7:42:52 AM