Allowing users to control traffic within a network would help them deploy multiple applications without communication between application as well as prevent communication with other users’ VMs. Image Added

2 Requirements

Security Groups capability, identical to Security Groups (Ingress and Egress, Accounts & CIDRs) in basic zone, should be used for this feature.
Feature needs to be supported for Shared and Isolated Networks in Advanced Zones.
Feature needs to be supported in VPC as well as non-VPC deployments
Security Groups in Basic Zone is only supported for XenServer and KVM Hypervisors. Same feature set should be supported for XenServer and KVM in advanced Zone.
Following is what is supported for Security Groups in Basic Zones and should be supported in Advanced Zone for all Hypervisors.
- Ingress & Egress rules
- Ability to create rules based on Security Group or CIDR
- Protocol, Start Port, End Port and CIDR or Security Group
Users should be allowed to deploy security groups on VMs that are deployed on multiple networks.
UI workflow should be identical to Security Groups in basic zone.
The UI workflow should be same irrespective of Hypervisor.
As part of VM creation/update wizards, users should be able to select from a list of security groups.

...

5 Non-Requirements