...
Major point is, make the feature work just the way it worked in 2.2.x. We might will extend the functionality later on.
- Feature is supported for Shared zone wide network only in Advance zone
- When Advance zone is Security Group enabled ("securitygroupenabled=true" is passed to createZone API call; corresponding field is being set to true in the DB), only one Shared Zone Wide SG Enabled Guest network can be added to the zone.Any this zone + any number of Shared Account Specific SG Disabled networks can be added to the .
- Shared Zone Wide SG Enabled Guest network is required in Advance SG enabled zone as CPVM/SSVM are using it.
- User vm can be deployed either in Shared Zone Wide SG enabled network, or in 1-n Shared Account Specific networks. Combination of SG enabled and SG disabled networks for the same VM is not supported.
- Only supported on KVM hypervisor.
- Only one provider is supported - Virtual Router
- SG functionality should be the same as in Basic zone in terms of Ingress/Egress rules behavior
- No Isolated networks can be added to the Advance SG enabled zone. No Shared Domain wide networks are allowed either.
Feature specification
Code changes
...
- When create physical network traffic types, don't create Public traffic type.
- The rest of the upgrade should be handled the same way we handle it for other zones
Future release plans
In the future releases we are going to:
Add support for multiple SG enabled Shared networks in Advance zone
Add support for SG in Isolated networks