By default, a new virtual machine in the bwCloud-OS is initially only accessible from outside only via SSH (Port 22). This is defined in the assigned security group, e.g., default. All other ports are closed, i. e. requests on these ports connot reach the instance. You will find some information about security and open ports here.

As soon as the rules of a security group change, these changes take effect for all associated instances. The virtual machines therefore do not have to be rebooted.

• A Web server needs to be accessible via HTTPS. The corresponding port (Port 443) must be opened n the security group.

The step-by-step instructions explain in detail how to open a port using the Dashboard.

1. In the left menu, click Network → Security Groups.. An overview of the currently defined security groups is displayed. The default group is named default.
2. Click on the button Manage Rules in the corresponding line. An overview of all rules defined for this security group opens.
3. If you want to add a new rule, click the button Add Rule. A dialog opens in which you can describe the new rule.
4. There are two similar options from the drop-down menu:
   1. Select the Rule entry HTTPS.
   2. Select the Custom TCP Rule item. Enter port number 443 in the Port field.
5. Your server should not be accessible from everywhere on the internet. The entry in the field "CIDR" restricts the access to a specific network segment. Enter there the IP addresses that should be allowed.
6. In the "Direction" field you can define the direction:
   1. Ingress = Incoming connections
   2. Egress = Outgoing connections
7. Click Add, and the new rule is created. The page reloads, and the new rule appears in the list.

Yes. In the different bwCloud-OS regions, different regulations apply for the use of the networks, due to the respective data centers of the universities. An individual opening of centrally blocked ports for virtual machines in the bwCloud regions is not possible. Further information, also about the individual regions, is listed here.

We do not offer certificates. However, your instance can obtain certificates from other institutions (e.g. Lets Encrypt) using the Cert Bot.

If your own VMs are behaving "strangely", it may be that they have been hacked. In this case, please follow these steps:

1. Log in to the OpenStack Dashboard
2. Stop the affected instances - do not delete!
3. Submit a ticket Important information:

• Which instances are possibly affected?
• How can the strange behaviour be described?
• Which measures have already been implemented?
• We will contact you as soon as possible to clarify the situation.

No, the running instances are not checked for open ports or other characteristics. However, the entire bwCloud operating environment is monitored - for example, network monitoring covers current upstream and downstream traffic. If the network traffic here changes abruptly, significantly and atypically beyond normal levels, this is checked at the node and OpenStack monitoring level.

However, we do not look inside the virtual machines!