Feature is supported for Shared zone wide network only in Advance zone
When Advance zone is Security Group enabled ("securitygroupenabled=true" is passed to createZone API call; corresponding field is being set to true in the DB), only one Shared Zone Wide SG Enabled Guest network can be added to this zone + any number of Shared Account Specific SG Disabled networks.
Shared Zone Wide SG Enabled Guest network is required in Advance SG enabled zone as CPVM/SSVM are using it.
User vm can be deployed either in Shared Zone Wide SG enabled network, or in 1-n Shared Account Specific networks. Combination of SG enabled and SG disabled networks for the same VM is not supported.
Only supported on KVM hypervisor.
Only one provider is supported - Virtual Router
SG functionality should be the same as in Basic zone in terms of Ingress/Egress rules behavior
No Isolated networks can be added to the Advance SG enabled zone. No Shared Domain wide networks are allowed either.
If VM is deployed in SG enabled Shared network, it can't have more than 1 Nic - can't belong to any other network.

Feature specification

...

Make sure that all 2.2.x limitations for Advance SG zone, are still respected in the code. And fix if something got broken/disabled along the way.

Add Zone flow

Don't create Guest network automatically as a part of addZone

Add Traffic Type flow

Don't allow adding Public Traffic Type to the SG enabled Advance zone.

Create Guest Network flow

1) Only Shared Zone wide and Account specific networks can be added to the SG enabled Advance zone.

...

3) Only VR can be a provider for all the services

Client API changes

...

In the future releases we are going to:

Add support for multiple SG enabled Shared networks in Advance zone
Add support for SG in Isolated networks
Implement SG based Isolation across Shared networks.
Support for SG enabled Vm to have multiple Nics (being deployed in multiple networks)
Feature support in VPC networks
Add support for Xen hypervisor in Advance SG enabled network

Space shortcuts