Network and security

Nebula provides a host of network configuration and security features for your instances. This page explains the different options you have when creating VPCs, subnets, security groups, and key pairs.

VPCs

A VPC (Virtual Private Cloud) is a logically isolated network in Nebula’s infrastructure. It defines the boundaries for your network resources, making them private and secure.

You can control your own virtual network environment by defining a range of available IP addresses with subnets and network gateways.

Create VPCs

You can create VPCs in 2 ways:

  • On the VPCs Console page
  • During the server creation flow

When you create a VPC, you need to define a name and an IPv4 CIDR block. Choose a VPC CIDR block large enough to accommodate all required subnets. Avoid overlap with other networks to prevent routing conflicts.

In simple terms, a CIDR block, or Classless Inter-Domain Routing block helps you allocate a range of IP addresses for your network. A CIDR block consists of these elements:

  • A base IP address, which is the network identifier for the block.
  • A subnet mask, or the /x part in the CIDR notation specifies how many IP addresses are available for hosts within the block.

The CIDR block you specify for a VPC is permanent and cannot be modified after creation.

Manage VPCs

You can manage your VPCs via the VPCs Console page.

Select a VPC to see:

  • the assigned CIDR block
  • the associated subnets
  • the attached server instances

You can delete VPCs on the VPC details screen.

You can only delete VPCs that have no associated resources. First, terminate any server instances within each subnet that belongs to a VPC, then delete the subnets. Once all resources are removed, you can delete a VPC.

Subnets

Subnets are logical subdivisions within a VPC's IP address range. They enable segmentation of the network and provide a way to organize and control access to your resources.

Create subnets

You can create subnets in 2 ways:

  • On the details page of VPCs you already created
  • During the server creation flow

The CIDR block you specify for a subnet is permanent and cannot be modified after creation.

When you create a subnet, you need to define a name, the IPv4 CIDR block, and a gateway IP address. Divide the VPC’s CIDR block into smaller, non-overlapping subnet ranges based on your application needs.

We recommend that you assign the first IP address in your subnet's address range as the gateway address. This address serves as the entry and exit for your subnet. If the gateway address you select falls outside the subnet's range, the Console returns an error.

Nebula automatically reserves the last IP address in a subnet's address range as a broadcast address. This address enables synchronized communication to all addresses within the subnet's network.

Manage subnets

You can manage your subnets via the details page of the VPC that the subnet is attached to.

Select a VPC, then the subnet you want to manage to see details like:

  • the assigned CIDR block
  • the subnet's ID
  • the gateway IP
  • the attached server instances

You can delete subnets on the subnet details screen.

You can only delete subnets that have no associated resources. First, terminate any server instances within the subnet, then delete the subnet itself.

Security groups

Security groups, like firewalls, help you control the incoming and outgoing network traffic for your instances.

You can define separate rules for inbound and outbound traffic. Nebula provides fine-grained control over allowed or restricted connection types, protocols, port ranges, and even source and destination IP addresses.

Create security groups

You can create security groups in 2 ways:

When you create a security group, you first define a name and an optional description, then define inbound and outbound traffic rules.

When creating a new security group, Nebula adds default inbound and outbound rules as a measure of security:

  • by default, all incoming traffic is blocked
  • all outgoing traffic is allowed

Create your own inbound rules to define the traffic that you want to allow — IP addresses outside the scope of your rules will be blocked.

Use outbound rules to control the outgoing network traffic — all egress traffic is allowed by default.

Creating a rule only takes a couple of steps:

  1. Select internet protocol: IPv4 or IPv6
  2. Select communication protocol: TCP, UDP, or ICMP
  3. Define a port range
  4. Define a source or destination IP address with a subnet mask
  5. Add a description and Save
  • Security groups are created on a project level, meaning that any server on a project can use any available security group.
  • You can add multiple security groups to an instance.
  • You can create security groups without assigning them to servers.

Manage security groups

You can manage security groups on the Security groups Console page.

Select a security group to check:

  • the unique ID of the security group
  • all inbound and outbound rules

You can also delete security groups on this page.

The CIDR block you specify for a subnet cannot be changed after the subnet has been created.

Key pair authentication

Nebula servers accept remote access with secure shell (SSH) using public key as a method of secure authentication.

Create key pairs

You can create key pairs in 2 ways:

  • On the Key pairs Console page
  • During the server creation flow

When creating a key pair, you must choose:

  • the key type: RSA is available, ED25519 is coming soon
  • the key file's format: .pem for OpenSSH and .ppk for PuTTY

After you finish creating a key pair, the Console automatically downloads the private key to your local machine.

You cannot download a private key again after the initial download. Make sure that your private key is stored securely and is not shared publicly.

Use key pairs

When you connect to your Nebula server instance, you can use key pair authentication for secure access.

  1. Assign a key pair to the server you want to use. You can do this during the server creation flow.
  2. When connecting to the server, use your matching private key to authenticate your connection:
  ssh -i /path/.ssh/my_private_key.pem root@nebula_server_ip -p 22

Read more about connecting to your servers in the NebCompute guide.

Delete key pairs

You can delete key pairs directly on the Key pairs Console page.

Need help?

If you have any technical questions or encounter any problems, get in touch with our Support team! We are here to help, and will provide support if you encounter any issues with NebCompute.

Was this page helpful?