🎉 Announcing new lower pricing — up to 40% lower costs for Cloud Servers and Cloud SQL! Read more →

New - Cloud Firewall service for Brightbox

by Jeremy Jarvis •

I’m very excited to announce today the release of our distributed stateful Cloud Firewall service for Brightbox!

The new firewall service provides a highly-configurable and powerful facility for controlling network access to, from and between your Cloud Servers.

Here are some highlights:

  • Security: The firewall service wraps each Cloud Server, insulating it from other Cloud Servers as well as external networks.
  • Full control: Manage both inbound and outbound network access.1
  • Flexibility: Organise your cloud servers using server groups and add/remove in real-time.2
  • Convenience: Easier to manage than in-server iptables (and impossible to lock yourself out!).
  • Simplicity: Intuitive and powerful firewall rule format.
  • High performance: Distributed architecture scales linearly - designed to handle millions of concurrent connections.3
  • Future proof: Fully IPv6 compatible.4

There are three new concepts introduced to the Brightbox API to enable the management of the Cloud Firewall service - Server Groups, Firewall Policies and Firewall Rules.

Server Groups

Cloud Servers can now be organised into logical groups, for example, according to their role: e.g “webservers”, “db servers” etc. We’ll be adding additional functionality soon to make more use of Server Groups - for now though, their primary function is to enable the implementation of Firewall Policies. You can add and remove servers to your server groups at any time - a distinct advantage over AWS security groups, where you are required to relaunch servers to move/change security groups. For more information, see the Server Groups documentation.

Firewall Policies

Firewall policies consist of a collection of rules and can be instantly applied to Server Groups. Each new Brightbox account has a default policy which contains rules allowing access to common services, such as SSH, PING, HTTP and HTTPS.

Note: The default policy for existing customers is fully open (to avoid sudden loss of network access as we deployed the new feature!). For more information, see the Firewall Policies documentation.

Firewall Rules

Firewall rules control both inbound and outbound traffic and are very flexible, accepting a number of different types of source and destination e.g a server group, a server id or an ip address/range. For more information, see the Firewall Rules documentation.

Support for the new Cloud Firewall service is available in the Brightbox CLI now, from version 0.15.

Footnotes

  1. Amazon EC2 security groups only provide inbound management, unless you use the VPC service. ↩

  2. Amazon EC2 requires relaunching of servers to change security groups, unless you use the VPC service. ↩

  3. The Cloud Firewall service is distributed and scales linearly, so can technically handle unlimited concurrent connections. ↩

  4. Brightbox is IPv6 ready - IPv6 addressing shall be launched within the next few weeks. ↩

Recent posts

Get started with Brightbox Sign up takes just two minutes...

Get started now
Product
Company
Help

Copyright © 2024 Brightbox Systems Ltd
Registered Office: Unit 1, 8A Stonegate Road, Leeds, LS6 4HY, United Kingdom

Search results
Quick links
Product
Company
Help