Network ACLs on the RVM Service
Strong, default-deny, access control limits (ACLs) have been implemented on the RVM Service. These ACLs operate at the network level (i.e., are separate and distinct from the VM firewall).
The ACLs:
- permit access to most ports/protocols at IP addresses located off-campus;
- deny access to most ports/protocols at IP addresses located within the data centre. (Only NTP, DNS, SMTP/email, CIFS and LDAP, to appropriate servers, is permitted.)
This policy is required so that nominated people from academic research groups may have administrator/root access to VMs.