Comparison: Rules per VM Interface vs. Security Groups
In Nuvion (VHI), the customer has full autonomy to decide how they want to organize their security. Understanding the difference between applying rules individually or via groups is essential for the health of your infrastructure.
| Feature | Rules per Interface (Individual) | Security Group (Grouped) |
|---|---|---|
| Application | Assigned directly to a specific network interface. | Created independently and associated with N instances. |
| Change Management | If you have 10 VMs and need to open port 443, you will have to edit 10 times. | You edit the rule in the Group once and all 10 VMs are updated. |
| VHI Default | Useful for cases of specific exceptions (single servers). | Recommended practice for scalable and organized environments. |
| Complexity | High in environments with more than 3 machines. | Low; allows creating profiles (e.g., "Database Profile"). |
Why use Security Groups in Nuvion?
Although VHI allows total configuration freedom, using Security Groups is the smartest strategy.
Imagine your company grows and you need to deploy 5 new web servers. Instead of manually configuring ports 80 and 443 on each one, you just associate the group web-servers at the time of VM creation. This avoids human errors and ensures no server has "forgotten" and unnecessarily open ports.
Note: Since the Nuvion environment is 100% managed by the customer via GUI, maintaining a well-named library of Security Groups is the best way to document your own network.