Security

Nebula provides robust security features for your instances. This page explains how you can create and manage security groups, and use key pair authentication.

Security groups

Security groups, like firewalls, help you control the incoming and outgoing network traffic for your instances.

You can define separate rules for inbound and outbound traffic. Nebula provides fine-grained control over allowed or restricted connection types, protocols, port ranges, and even source and destination IP addresses.

Create security groups

You can create security groups in 2 ways:

On the Security groups Console page
During the server creation flow

When you create a security group, you first define a name and an optional description, then define inbound and outbound traffic rules.

When creating a new security group, Nebula adds default inbound and outbound rules as a measure of security:

by default, all incoming traffic is blocked
all outgoing traffic is allowed

Create your own inbound rules to define the traffic that you want to allow — IP addresses outside the scope of your rules will be blocked.

Use outbound rules to control the outgoing network traffic — all egress traffic is allowed by default.

Creating a rule only takes a couple of steps:

Select internet protocol: IPv4 or IPv6
Select communication protocol: TCP, UDP, or ICMP
Define a port range
Define a source or destination IP address with a subnet mask
Add a description and Save

Security groups are created on a project level, meaning that any server on a project can use any available security group.
You can add multiple security groups to an instance.
You can create security groups without assigning them to servers.

Manage security groups

You can manage security groups on the Security groups Console page.

Select a security group to check:

the unique ID of the security group
all inbound and outbound rules

You can also delete security groups on this page.

The CIDR block you specify for a subnet cannot be changed after the subnet has been created.

Key pair authentication

Nebula servers accept remote access with secure shell (SSH) using public key as a method of secure authentication.

Create key pairs

You can create key pairs in 2 ways:

On the Key pairs Console page
During the server creation flow

When creating a key pair, you must choose:

the key type: RSA is available, ED25519 is coming soon
the key file's format: .pem for OpenSSH and .ppk for PuTTY

After you finish creating a key pair, the Console automatically downloads the private key to your local machine.

You cannot download a private key again after the initial download. Make sure that your private key is stored securely and is not shared publicly.

Use key pairs

When you connect to your Nebula server instance, you can use key pair authentication for secure access.

Assign a key pair to the server you want to use. You can do this during the server creation flow.
When connecting to the server, use your matching private key to authenticate your connection:

  ssh -i /path/.ssh/my_private_key.pem root@nebula_server_ip -p 22

Read more about connecting to your servers in the NebCompute guide.

Delete key pairs

You can delete key pairs directly on the Key pairs Console page.

Next steps

Read about managing your servers
Learn about configuring your network and traffic
If you want to move your existing servers to Nebula, check out the migration guides

Need help?

If you have any technical questions or encounter any problems, get in touch with our Support team! We are here to help, and will provide support if you encounter any issues with NebCompute.