Networking & Security

Properly configuring your network and security settings is essential for protecting your applications and data. This guide covers the two core security features of our platform: Security Groups and SSH Keys.

Security Groups (Firewall)

A Security Group acts as a virtual firewall for your Virtual Machines, controlling all inbound and outbound traffic. By default, all incoming traffic is blocked except for SSH access. You must explicitly add rules to allow other types of connections.

How Rules Work

• Inbound Rules: Control traffic coming into your VM from the internet or other servers.
• Outbound Rules: Control traffic going out from your VM. By default, all outbound traffic is allowed.
• Rules are stateful: If you allow an incoming request, the return traffic for that request is automatically allowed, regardless of outbound rules.

How to Add a Firewall Rule

Let's say you want to run a web server. You'll need to allow incoming HTTP traffic on port 80.

1. Navigate to the Virtual Machines section and click on the Security Groups tab.
2. Select the security group attached to your VM (e.g., default).
3. Under the Inbound Rules section, click "Add Rule".
4. Set the Port to 80 and the Source to 0.0.0.0/0 (which means "any IP address").
5. Save the rule.

Your VM will now accept web traffic on port 80.

SSH Keys

SSH (Secure Shell) keys are a pair of cryptographic keys that provide a secure, passwordless way to log into your servers. A key pair consists of a private key, which you keep secret on your computer, and a public key, which you upload to the platform.

How to Generate an SSH Key Pair

If you don't already have an SSH key, you can generate one on your local machine using the ssh-keygen command.

1. Open a terminal on your Mac, Linux, or Windows (using WSL or PowerShell).
2. Run the following command. The -t ed25519 argument specifies a modern and secure key type.

ssh-keygen -t ed25519 -C "your_email@example.com"

3. Copy the output, which starts with ssh-ed25519 and ends with your email address.
4. Paste this public key into the SSH Keys section of the platform when creating a new VM.

Private Networking

Private networking allows you to create isolated networks within your project, enabling secure communication between your instances without exposing them to the public internet.

Key Features

• Custom Address Pools (CIDR): Define your own internal IP space using RFC1918 private ranges (e.g., 10.0.0.0/16).
• Scoped Subnets: Create multiple subnets within a single network for better organization (e.g., separate subnets for databases and application servers).
• Per-VM Interface Management: Dynamically attach or detach network interfaces.
• Isolation: Traffic within a private network is completely isolated from other tenants.

Setting Up a Private Network

Setting up a private network involves three main steps:

1. Create Your Network:

   • Navigate to the Private Networks tab and click Create.
   • Define your Network CIDR (e.g., 10.0.0.0/16).
   • The system will suggest a primary subnet (e.g., 10.0.1.0/24), which you can customize.

2. Attach to Your VM:

   • Go to the Networking tab of your Virtual Machine.
   • Select your new network and subnet to attach the interface.
   • Note: For running VMs, you may need to manually configure the IP or run a DHCP client (e.g., dhclient) on the new interface if it doesn't auto-configure.

3. Verify Connectivity:

   • Once attached, you can test connectivity by pinging other VMs on the same private network using their internal IPs.

Managing Public Access

• Outbound Only (NAT): To allow internet access without being reachable from the outside, remove the Floating IP from your instance.
• Purely Private: To completely isolate the VM from the internet, delete the Transit Network Interface. The VM will only be accessible via your private network.