RightScale Blog

Cloud Management Blog
Cloud Management Blog

Add new comment

Daniel, you can update firewall rules, but there are a number of reasons why I would not do it that way. Might be better to have a conversation on this, as it is very contextual. As for the RightLink agent, and other components of RightScale, sessions are initiated from the instance to RightScale servers. A typical client environment has firewall ingress rules that allow what ever services on the instance they want (i.e., not RightScale related) and egress rules that restrict certain ports (assuming statefull firewall), but typically not to a specific IP. As I stated earlier, it is possible to restrict egress IP as well, and we have a mechanism to do that, but operationally there are potential issues that usually outweigh any potential benefit. Again, more than happy to continue the discussion here, but might be more useful in a chat. If you'd like, send me email thesecurityguy at rightscale.com
Posted by Phil Cox   Ι   January 26, 2012   Ι   07:25 AM