bug 6361: this is a good point to commit; 1st round of refactor is done, code is clean compiling and ms is deploying

2025-10-26 08:42:29 +01:00 · 2010-12-15 18:45:52 -08:00 · 2010-12-15 18:45:52 -08:00 · 5154ba1539
commit 5154ba1539
parent 032f321363
65 changed files with 961 additions and 969 deletions
--- a/agent/src/com/cloud/agent/resource/computing/LibvirtComputingResource.java
+++ b/agent/src/com/cloud/agent/resource/computing/LibvirtComputingResource.java
@ -109,8 +109,8 @@ import com.cloud.agent.api.MirrorCommand;
 import com.cloud.agent.api.ModifySshKeysCommand;
 import com.cloud.agent.api.ModifyStoragePoolAnswer;
 import com.cloud.agent.api.ModifyStoragePoolCommand;
-import com.cloud.agent.api.NetworkIngressRuleAnswer;
+import com.cloud.agent.api.SecurityIngressRuleAnswer;
-import com.cloud.agent.api.NetworkIngressRulesCmd;
+import com.cloud.agent.api.SecurityIngressRulesCmd;
 import com.cloud.agent.api.PingCommand;
 import com.cloud.agent.api.PingRoutingCommand;
 import com.cloud.agent.api.PingTestCommand;
@ -1094,8 +1094,8 @@ public class LibvirtComputingResource extends ServerResourceBase implements Serv
                return execute((CreatePrivateTemplateFromSnapshotCommand) cmd);
            } else if (cmd instanceof ModifyStoragePoolCommand) {
                return execute((ModifyStoragePoolCommand) cmd);
-            } else if (cmd instanceof NetworkIngressRulesCmd) {
+            } else if (cmd instanceof SecurityIngressRulesCmd) {
-                return execute((NetworkIngressRulesCmd) cmd);
+                return execute((SecurityIngressRulesCmd) cmd);
            } else if (cmd instanceof DeleteStoragePoolCommand) {
                return execute((DeleteStoragePoolCommand) cmd);
            } else if (cmd instanceof FenceCommand ) {
@ -1777,8 +1777,8 @@ public class LibvirtComputingResource extends ServerResourceBase implements Serv
    	}
        return answer;
    }
-    private Answer execute(NetworkIngressRulesCmd cmd) {
+    private Answer execute(SecurityIngressRulesCmd cmd) {
-    	 return new NetworkIngressRuleAnswer(cmd);
+    	 return new SecurityIngressRuleAnswer(cmd);
    }
 	protected GetVncPortAnswer execute(GetVncPortCommand cmd) {
--- a/api/src/com/cloud/api/ApiConstants.java
+++ b/api/src/com/cloud/api/ApiConstants.java
@ -100,8 +100,6 @@ public class ApiConstants {
    public static final String MODE = "mode";
    public static final String NAME = "name";
    public static final String NETWORK_DOMAIN = "networkdomain";
    public static final String NETWORK_GROUP_LIST = "networkgrouplist";
    public static final String NETWORK_GROUP_NAME = "networkgroupname";
    public static final String NETMASK = "netmask";
    public static final String NEW_NAME = "newname";
    public static final String OFFER_HA = "offerha";
@ -127,6 +125,8 @@ public class ApiConstants {
    public static final String SCHEDULE = "schedule";
    public static final String SCOPE = "scope";
    public static final String SECRET_KEY = "secretkey";
    public static final String SECURITY_GROUP_LIST = "securitygrouplist";
    public static final String SECURITY_GROUP_NAME = "securitygroupname";
    public static final String SENT = "sent";
    public static final String SENT_BYTES = "sentbytes";
    public static final String SERVICE_OFFERING_ID = "serviceofferingid";
@ -151,7 +151,7 @@ public class ApiConstants {
    public static final String USER_DATA = "userdata";
    public static final String USER_ID = "userid";
    public static final String USERNAME = "username";
-    public static final String USER_NETWORK_GROUP_LIST = "usernetworkgrouplist";
+    public static final String USER_SECURITY_GROUP_LIST = "usersecuritygrouplist";
    public static final String USE_VIRTUAL_NETWORK = "usevirtualnetwork";
    public static final String VALUE = "value";
    public static final String VIRTUAL_MACHINE_ID = "virtualmachineid";
--- a/api/src/com/cloud/api/BaseCmd.java
+++ b/api/src/com/cloud/api/BaseCmd.java
@ -38,7 +38,7 @@ import com.cloud.network.DomainRouterService;
 import com.cloud.network.NetworkService;
 import com.cloud.network.lb.LoadBalancingRulesService;
 import com.cloud.network.rules.RulesService;
-import com.cloud.network.security.NetworkGroupService;
+import com.cloud.network.security.SecurityGroupService;
 import com.cloud.resource.ResourceService;
 import com.cloud.server.ManagementService;
 import com.cloud.storage.StorageService;
@ -96,7 +96,7 @@ public abstract class BaseCmd {
    public static ResourceService _resourceService;
    public static NetworkService _networkService;
    public static TemplateService _templateService;
-    public static NetworkGroupService _networkGroupMgr;
+    public static SecurityGroupService _securityGroupMgr;
    public static SnapshotService _snapshotMgr;
    public static ConsoleProxyService _consoleProxyMgr;
    public static DomainRouterService _routerService;
@ -116,7 +116,7 @@ public abstract class BaseCmd {
        _resourceService = locator.getManager(ResourceService.class);
        _networkService = locator.getManager(NetworkService.class);
        _templateService = locator.getManager(TemplateService.class);
-        _networkGroupMgr = locator.getManager(NetworkGroupService.class);
+        _securityGroupMgr = locator.getManager(SecurityGroupService.class);
        _snapshotMgr = locator.getManager(SnapshotService.class);
        _consoleProxyMgr = locator.getManager(ConsoleProxyService.class);
        _routerService = locator.getManager(DomainRouterService.class);
--- a/api/src/com/cloud/api/ResponseGenerator.java
+++ b/api/src/com/cloud/api/ResponseGenerator.java
@ -40,7 +40,7 @@ import com.cloud.api.response.InstanceGroupResponse;
 import com.cloud.api.response.IpForwardingRuleResponse;
 import com.cloud.api.response.ListResponse;
 import com.cloud.api.response.LoadBalancerResponse;
-import com.cloud.api.response.NetworkGroupResponse;
+import com.cloud.api.response.SecurityGroupResponse;
 import com.cloud.api.response.NetworkOfferingResponse;
 import com.cloud.api.response.NetworkResponse;
 import com.cloud.api.response.PodResponse;
@ -78,8 +78,8 @@ import com.cloud.network.router.VirtualRouter;
 import com.cloud.network.rules.LoadBalancer;
 import com.cloud.network.rules.PortForwardingRule;
 import com.cloud.network.security.IngressRule;
-import com.cloud.network.security.NetworkGroup;
+import com.cloud.network.security.SecurityGroup;
-import com.cloud.network.security.NetworkGroupRules;
+import com.cloud.network.security.SecurityGroupRules;
 import com.cloud.offering.DiskOffering;
 import com.cloud.offering.NetworkOffering;
 import com.cloud.offering.ServiceOffering;
@ -171,11 +171,11 @@ public interface ResponseGenerator {
    ListResponse<TemplateResponse> createIsoResponses(VirtualMachineTemplate template, Long zoneId);
-    ListResponse<NetworkGroupResponse> createNetworkGroupResponses(List<? extends NetworkGroupRules> networkGroups);
+    ListResponse<SecurityGroupResponse> createSecurityGroupResponses(List<? extends SecurityGroupRules> networkGroups);
-    NetworkGroupResponse createNetworkGroupResponseFromIngressRule(List<? extends IngressRule> ingressRules);
+    SecurityGroupResponse createSecurityGroupResponseFromIngressRule(List<? extends IngressRule> ingressRules);
-    NetworkGroupResponse createNetworkGroupResponse(NetworkGroup group);
+    SecurityGroupResponse createSecurityGroupResponse(SecurityGroup group);
    ExtractResponse createExtractResponse(Long uploadId, Long id, Long zoneId, Long accountId, String mode);
--- a/api/src/com/cloud/api/commands/AuthorizeSecurityGroupIngressCmd.java
+++ b/api/src/com/cloud/api/commands/AuthorizeSecurityGroupIngressCmd.java
@ -33,7 +33,7 @@ import com.cloud.api.Implementation;
 import com.cloud.api.Parameter;
 import com.cloud.api.ServerApiException;
 import com.cloud.api.response.IngressRuleResponse;
-import com.cloud.api.response.NetworkGroupResponse;
+import com.cloud.api.response.SecurityGroupResponse;
 import com.cloud.event.EventTypes;
 import com.cloud.network.security.IngressRule;
 import com.cloud.user.Account;
@ -42,10 +42,10 @@ import com.cloud.utils.StringUtils;
 //FIXME - add description
@Implementation(responseObject=IngressRuleResponse.class) @SuppressWarnings("rawtypes")
-public class AuthorizeNetworkGroupIngressCmd extends BaseAsyncCmd {
+public class AuthorizeSecurityGroupIngressCmd extends BaseAsyncCmd {
-	public static final Logger s_logger = Logger.getLogger(AuthorizeNetworkGroupIngressCmd.class.getName());
+	public static final Logger s_logger = Logger.getLogger(AuthorizeSecurityGroupIngressCmd.class.getName());
-    private static final String s_name = "authorizenetworkgroupingress";
+    private static final String s_name = "authorizesecuritygroupingress";
    /////////////////////////////////////////////////////
    //////////////// API parameters /////////////////////
@ -71,16 +71,16 @@ public class AuthorizeNetworkGroupIngressCmd extends BaseAsyncCmd {
    private Integer icmpCode;
    //FIXME - add description
-    @Parameter(name=ApiConstants.NETWORK_GROUP_NAME, type=CommandType.STRING, required=true)
+    @Parameter(name=ApiConstants.SECURITY_GROUP_NAME, type=CommandType.STRING, required=true)
-    private String networkGroupName;
+    private String securityGroupName;
    //FIXME - add description
    @Parameter(name=ApiConstants.CIDR_LIST, type=CommandType.LIST, collectionType=CommandType.STRING)
    private List cidrList;
    //FIXME - add description
-    @Parameter(name=ApiConstants.USER_NETWORK_GROUP_LIST, type=CommandType.MAP)
+    @Parameter(name=ApiConstants.USER_SECURITY_GROUP_LIST, type=CommandType.MAP)
-    private Map userNetworkGroupList;
+    private Map userSecurityGroupList;
    //FIXME - add description
    @Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING)
@ -119,8 +119,8 @@ public class AuthorizeNetworkGroupIngressCmd extends BaseAsyncCmd {
        return icmpType;
    }
-    public String getNetworkGroupName() {
+    public String getSecurityGroupName() {
-        return networkGroupName;
+        return securityGroupName;
    }
    public String getProtocol() {
@ -134,8 +134,8 @@ public class AuthorizeNetworkGroupIngressCmd extends BaseAsyncCmd {
        return startPort;
    }
-    public Map getUserNetworkGroupList() {
+    public Map getUserSecurityGroupList() {
-        return userNetworkGroupList;
+        return userSecurityGroupList;
    }
@ -149,7 +149,7 @@ public class AuthorizeNetworkGroupIngressCmd extends BaseAsyncCmd {
    }
    public static String getResultObjectName() {
-    	return "networkgroup";
+    	return "securitygroup";
    }
    @Override
@ -173,15 +173,15 @@ public class AuthorizeNetworkGroupIngressCmd extends BaseAsyncCmd {
    @Override
    public String getEventType() {
-        return EventTypes.EVENT_NETWORK_GROUP_AUTHORIZE_INGRESS;
+        return EventTypes.EVENT_SECURITY_GROUP_AUTHORIZE_INGRESS;
    }
    @Override
    public String getEventDescription() {
        StringBuilder sb = new StringBuilder();
-        if (getUserNetworkGroupList() != null) {
+        if (getUserSecurityGroupList() != null) {
            sb.append("group list(group/account): ");
-            Collection userGroupCollection = getUserNetworkGroupList().values();
+            Collection userGroupCollection = getUserSecurityGroupList().values();
            Iterator iter = userGroupCollection.iterator();
            HashMap userGroup = (HashMap)iter.next();
@ -202,17 +202,17 @@ public class AuthorizeNetworkGroupIngressCmd extends BaseAsyncCmd {
            sb.append("<error:  no ingress parameters>");
        }
-        return  "authorizing ingress to group: " + getNetworkGroupName() + " to " + sb.toString();
+        return  "authorizing ingress to group: " + getSecurityGroupName() + " to " + sb.toString();
    }
    @Override
    public void execute(){
-        List<? extends IngressRule> ingressRules = _networkGroupMgr.authorizeNetworkGroupIngress(this);
+        List<? extends IngressRule> ingressRules = _securityGroupMgr.authorizeSecurityGroupIngress(this);
        if (ingressRules != null && ! ingressRules.isEmpty()) {
-        NetworkGroupResponse response = _responseGenerator.createNetworkGroupResponseFromIngressRule(ingressRules);
+        SecurityGroupResponse response = _responseGenerator.createSecurityGroupResponseFromIngressRule(ingressRules);
            this.setResponseObject(response);
        } else {
-            throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to authorize network group ingress rule(s)");
+            throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to authorize security group ingress rule(s)");
        }
    }
--- a/api/src/com/cloud/api/commands/CreateSecurityGroupCmd.java
+++ b/api/src/com/cloud/api/commands/CreateSecurityGroupCmd.java
@ -24,13 +24,13 @@ import com.cloud.api.BaseCmd;
 import com.cloud.api.Implementation;
 import com.cloud.api.Parameter;
 import com.cloud.api.ServerApiException;
-import com.cloud.api.response.NetworkGroupResponse;
+import com.cloud.api.response.SecurityGroupResponse;
-import com.cloud.network.security.NetworkGroup;
+import com.cloud.network.security.SecurityGroup;
 //TODO - add description to implementation
-@Implementation(responseObject=NetworkGroupResponse.class)
+@Implementation(responseObject=SecurityGroupResponse.class)
-public class CreateNetworkGroupCmd extends BaseCmd {
+public class CreateSecurityGroupCmd extends BaseCmd {
-    public static final Logger s_logger = Logger.getLogger(CreateNetworkGroupCmd.class.getName());
+    public static final Logger s_logger = Logger.getLogger(CreateSecurityGroupCmd.class.getName());
    private static final String s_name = "createsecuritygroupresponse";
@ -38,17 +38,17 @@ public class CreateNetworkGroupCmd extends BaseCmd {
    //////////////// API parameters /////////////////////
    /////////////////////////////////////////////////////
-    @Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="an optional account for the network group. Must be used with domainId.")
+    @Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="an optional account for the security group. Must be used with domainId.")
    private String accountName;
-    @Parameter(name=ApiConstants.DESCRIPTION, type=CommandType.STRING, description="the description of the network group")
+    @Parameter(name=ApiConstants.DESCRIPTION, type=CommandType.STRING, description="the description of the security group")
    private String description;
-    @Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="an optional domainId for the network group. If the account parameter is used, domainId must also be used.")
+    @Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="an optional domainId for the security group. If the account parameter is used, domainId must also be used.")
    private Long domainId;
-    @Parameter(name=ApiConstants.NAME, type=CommandType.STRING, required=true, description="name of the network group")
+    @Parameter(name=ApiConstants.NAME, type=CommandType.STRING, required=true, description="name of the security group")
-    private String networkGroupName;
+    private String securityGroupName;
    /////////////////////////////////////////////////////
@ -67,8 +67,8 @@ public class CreateNetworkGroupCmd extends BaseCmd {
        return domainId;
    }
-    public String getNetworkGroupName() {
+    public String getSecurityGroupName() {
-        return networkGroupName;
+        return securityGroupName;
    }
@ -83,13 +83,13 @@ public class CreateNetworkGroupCmd extends BaseCmd {
    @Override
    public void execute(){
-        NetworkGroup group = _networkGroupMgr.createNetworkGroup(this);
+        SecurityGroup group = _securityGroupMgr.createSecurityGroup(this);
        if (group != null) {
-            NetworkGroupResponse response = _responseGenerator.createNetworkGroupResponse(group);
+            SecurityGroupResponse response = _responseGenerator.createSecurityGroupResponse(group);
            response.setResponseName(getCommandName());
            this.setResponseObject(response);
        } else {
-            throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to create network group");
+            throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to create security group");
        }
    }
 }
--- a/api/src/com/cloud/api/commands/DeleteSecurityGroupCmd.java
+++ b/api/src/com/cloud/api/commands/DeleteSecurityGroupCmd.java
@ -10,23 +10,23 @@ import com.cloud.api.ServerApiException;
 import com.cloud.api.response.SuccessResponse;
 import com.cloud.exception.ResourceInUseException;
-@Implementation(description="Deletes network group", responseObject=SuccessResponse.class)
+@Implementation(description="Deletes security group", responseObject=SuccessResponse.class)
-public class DeleteNetworkGroupCmd extends BaseCmd {
+public class DeleteSecurityGroupCmd extends BaseCmd {
-    public static final Logger s_logger = Logger.getLogger(DeleteNetworkGroupCmd.class.getName());
+    public static final Logger s_logger = Logger.getLogger(DeleteSecurityGroupCmd.class.getName());
-    private static final String s_name = "deletenetworkgroupresponse";
+    private static final String s_name = "deletesecuritygroupresponse";
    /////////////////////////////////////////////////////
    //////////////// API parameters /////////////////////
    /////////////////////////////////////////////////////
-    @Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="the account of the network group. Must be specified with domain ID")
+    @Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="the account of the security group. Must be specified with domain ID")
    private String accountName;
-    @Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="the domain ID of account owning the network group")
+    @Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="the domain ID of account owning the security group")
    private Long domainId;
-    @Parameter(name=ApiConstants.NAME, type=CommandType.STRING, required=true, description="the network group name")
+    @Parameter(name=ApiConstants.NAME, type=CommandType.STRING, required=true, description="the security group name")
-    private String networkGroupName;
+    private String securityGroupName;
    /////////////////////////////////////////////////////
@ -41,8 +41,8 @@ public class DeleteNetworkGroupCmd extends BaseCmd {
        return domainId;
    }
-    public String getNetworkGroupName() {
+    public String getSecurityGroupName() {
-        return networkGroupName;
+        return securityGroupName;
    }
@ -58,12 +58,12 @@ public class DeleteNetworkGroupCmd extends BaseCmd {
    @Override
    public void execute(){
        try{
-            boolean result = _networkGroupMgr.deleteNetworkGroup(this);
+            boolean result = _securityGroupMgr.deleteSecurityGroup(this);
            if (result) {
                SuccessResponse response = new SuccessResponse(getCommandName());
                this.setResponseObject(response);
            } else {
-                throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to delete network group");
+                throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to delete security group");
            }
        } catch (ResourceInUseException ex) {
            s_logger.warn("Exception: ", ex);
--- a/api/src/com/cloud/api/commands/DeployVMCmd.java
+++ b/api/src/com/cloud/api/commands/DeployVMCmd.java
@ -70,8 +70,8 @@ public class DeployVMCmd extends BaseAsyncCreateCmd {
    @Parameter(name=ApiConstants.HYPERVISOR, type=CommandType.STRING, description="the hypervisor on which to deploy the virtual machine")
    private String hypervisor;
-    @Parameter(name=ApiConstants.NETWORK_GROUP_LIST, type=CommandType.LIST, collectionType=CommandType.STRING, description="comma separated list of network groups that going to be applied to the virtual machine. Should be passed only when vm is created from service offering with Direct Attach Network support")
+    @Parameter(name=ApiConstants.SECURITY_GROUP_LIST, type=CommandType.LIST, collectionType=CommandType.STRING, description="comma separated list of security groups that going to be applied to the virtual machine. Should be passed only when vm is created from service offering with Direct Attach Network support")
-    private List<String> networkGroupList;
+    private List<String> securityGroupList;
    @Parameter(name=ApiConstants.SERVICE_OFFERING_ID, type=CommandType.LONG, required=true, description="the ID of the service offering for the virtual machine")
    private Long serviceOfferingId;
@ -129,8 +129,8 @@ public class DeployVMCmd extends BaseAsyncCreateCmd {
        return HypervisorType.getType(hypervisor);
    }
-    public List<String> getNetworkGroupList() {
+    public List<String> getSecurityGroupList() {
-        return networkGroupList;
+        return securityGroupList;
    }
    public Long getServiceOfferingId() {
--- a/api/src/com/cloud/api/commands/ListCapabilitiesCmd.java
+++ b/api/src/com/cloud/api/commands/ListCapabilitiesCmd.java
@ -40,7 +40,7 @@ public class ListCapabilitiesCmd extends BaseCmd {
    public void execute(){
        Map<String, String> capabilities = _mgr.listCapabilities(this);
        CapabilitiesResponse response = new CapabilitiesResponse();
-        response.setNetworkGroupsEnabled(capabilities.get("networkGroupsEnabled"));
+        response.setSecurityGroupsEnabled(capabilities.get("securityGroupsEnabled"));
        response.setCloudStackVersion(capabilities.get("cloudStackVersion"));
        response.setObjectName("capability");
        response.setResponseName(getCommandName());
--- a/api/src/com/cloud/api/commands/ListSecurityGroupsCmd.java
+++ b/api/src/com/cloud/api/commands/ListSecurityGroupsCmd.java
@ -26,29 +26,29 @@ import com.cloud.api.BaseListCmd;
 import com.cloud.api.Implementation;
 import com.cloud.api.Parameter;
 import com.cloud.api.response.ListResponse;
-import com.cloud.api.response.NetworkGroupResponse;
+import com.cloud.api.response.SecurityGroupResponse;
-import com.cloud.network.security.NetworkGroupRules;
+import com.cloud.network.security.SecurityGroupRules;
-@Implementation(description="Lists network groups", responseObject=NetworkGroupResponse.class)
+@Implementation(description="Lists security groups", responseObject=SecurityGroupResponse.class)
-public class ListNetworkGroupsCmd extends BaseListCmd {
+public class ListSecurityGroupsCmd extends BaseListCmd {
-	public static final Logger s_logger = Logger.getLogger(ListNetworkGroupsCmd.class.getName());
+	public static final Logger s_logger = Logger.getLogger(ListSecurityGroupsCmd.class.getName());
-    private static final String s_name = "listnetworkgroupsresponse";
+    private static final String s_name = "listsecuritygroupsresponse";
    /////////////////////////////////////////////////////
    //////////////// API parameters /////////////////////
    /////////////////////////////////////////////////////
-    @Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="lists all available port network groups for the account. Must be used with domainID parameter")
+    @Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="lists all available port security groups for the account. Must be used with domainID parameter")
    private String accountName;
-    @Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="lists all available network groups for the domain ID. If used with the account parameter, lists all available network groups for the account in the specified domain ID.")
+    @Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="lists all available security groups for the domain ID. If used with the account parameter, lists all available security groups for the account in the specified domain ID.")
    private Long domainId;
-    @Parameter(name=ApiConstants.NETWORK_GROUP_NAME, type=CommandType.STRING, description="lists network groups by name")
+    @Parameter(name=ApiConstants.SECURITY_GROUP_NAME, type=CommandType.STRING, description="lists security groups by name")
-    private String networkGroupName;
+    private String securityGroupName;
-    @Parameter(name=ApiConstants.VIRTUAL_MACHINE_ID, type=CommandType.LONG, description="lists network groups by virtual machine id")
+    @Parameter(name=ApiConstants.VIRTUAL_MACHINE_ID, type=CommandType.LONG, description="lists security groups by virtual machine id")
    private Long virtualMachineId;
    /////////////////////////////////////////////////////
@ -63,8 +63,8 @@ public class ListNetworkGroupsCmd extends BaseListCmd {
        return domainId;
    }
-    public String getNetworkGroupName() {
+    public String getSecurityGroupName() {
-        return networkGroupName;
+        return securityGroupName;
    }
    public Long getVirtualMachineId() {
@ -82,9 +82,9 @@ public class ListNetworkGroupsCmd extends BaseListCmd {
    @Override
    public void execute(){
-        List<? extends NetworkGroupRules> networkGroups = _networkGroupMgr.searchForNetworkGroupRules(this);
+        List<? extends SecurityGroupRules> securityGroups = _securityGroupMgr.searchForSecurityGroupRules(this);
-        ListResponse<NetworkGroupResponse> response = _responseGenerator.createNetworkGroupResponses(networkGroups);
+        ListResponse<SecurityGroupResponse> response = _responseGenerator.createSecurityGroupResponses(securityGroups);
        response.setResponseName(getCommandName());
        this.setResponseObject(response);
    }
--- a/api/src/com/cloud/api/commands/RevokeSecurityGroupIngressCmd.java
+++ b/api/src/com/cloud/api/commands/RevokeSecurityGroupIngressCmd.java
@ -20,10 +20,10 @@ import com.cloud.user.UserContext;
@SuppressWarnings("rawtypes")
@Implementation(responseObject=SuccessResponse.class)
-public class RevokeNetworkGroupIngressCmd extends BaseAsyncCmd {
+public class RevokeSecurityGroupIngressCmd extends BaseAsyncCmd {
-	public static final Logger s_logger = Logger.getLogger(RevokeNetworkGroupIngressCmd.class.getName());
+	public static final Logger s_logger = Logger.getLogger(RevokeSecurityGroupIngressCmd.class.getName());
-    private static final String s_name = "revokenetworkgroupingress";
+    private static final String s_name = "revokesecuritygroupingress";
    /////////////////////////////////////////////////////
    //////////////// API parameters /////////////////////
@ -54,8 +54,8 @@ public class RevokeNetworkGroupIngressCmd extends BaseAsyncCmd {
    private Integer icmpType;
    //FIXME - add description
-    @Parameter(name=ApiConstants.NETWORK_GROUP_NAME, type=CommandType.STRING, required=true)
+    @Parameter(name=ApiConstants.SECURITY_GROUP_NAME, type=CommandType.STRING, required=true)
-    private String networkGroupName;
+    private String securityGroupName;
    //FIXME - add description
    @Parameter(name=ApiConstants.PROTOCOL, type=CommandType.STRING)
@ -66,8 +66,8 @@ public class RevokeNetworkGroupIngressCmd extends BaseAsyncCmd {
    private Integer startPort;
    //FIXME - add description
-    @Parameter(name=ApiConstants.USER_NETWORK_GROUP_LIST, type=CommandType.MAP)
+    @Parameter(name=ApiConstants.USER_SECURITY_GROUP_LIST, type=CommandType.MAP)
-    private Map userNetworkGroupList;
+    private Map userSecurityGroupList;
    /////////////////////////////////////////////////////
    /////////////////// Accessors ///////////////////////
@ -97,8 +97,8 @@ public class RevokeNetworkGroupIngressCmd extends BaseAsyncCmd {
        return icmpType;
    }
-    public String getNetworkGroupName() {
+    public String getSecurityGroupName() {
-        return networkGroupName;
+        return securityGroupName;
    }
    public String getProtocol() {
@ -109,8 +109,8 @@ public class RevokeNetworkGroupIngressCmd extends BaseAsyncCmd {
        return startPort;
    }
-    public Map getUserNetworkGroupList() {
+    public Map getUserSecurityGroupList() {
-        return userNetworkGroupList;
+        return userSecurityGroupList;
    }
    /////////////////////////////////////////////////////
@ -123,7 +123,7 @@ public class RevokeNetworkGroupIngressCmd extends BaseAsyncCmd {
    }
    public static String getResultObjectName() {
-    	return "revokenetworkgroupingress";
+    	return "revokesecuritygroupingress";
    }
    @Override
@ -147,15 +147,15 @@ public class RevokeNetworkGroupIngressCmd extends BaseAsyncCmd {
    @Override
    public String getEventType() {
-        return EventTypes.EVENT_NETWORK_GROUP_REVOKE_INGRESS;
+        return EventTypes.EVENT_SECURITY_GROUP_REVOKE_INGRESS;
    }
    @Override
    public String getEventDescription() {
        StringBuilder sb = new StringBuilder();
-        if (getUserNetworkGroupList() != null) {
+        if (getUserSecurityGroupList() != null) {
            sb.append("group list(group/account): ");
-            Collection userGroupCollection = getUserNetworkGroupList().values();
+            Collection userGroupCollection = getUserSecurityGroupList().values();
            Iterator iter = userGroupCollection.iterator();
            HashMap userGroup = (HashMap)iter.next();
@ -175,12 +175,12 @@ public class RevokeNetworkGroupIngressCmd extends BaseAsyncCmd {
            sb.append("<error:  no ingress parameters>");
        }
-        return  "revoking ingress from group: " + getNetworkGroupName() + " for " + sb.toString();
+        return  "revoking ingress from group: " + getSecurityGroupName() + " for " + sb.toString();
    }
    @Override
    public void execute(){
-        boolean result = _networkGroupMgr.revokeNetworkGroupIngress(this);
+        boolean result = _securityGroupMgr.revokeSecurityGroupIngress(this);
        if (result) {
            SuccessResponse response = new SuccessResponse(getCommandName());
            this.setResponseObject(response);
--- a/api/src/com/cloud/api/response/CapabilitiesResponse.java
+++ b/api/src/com/cloud/api/response/CapabilitiesResponse.java
@ -4,18 +4,18 @@ import com.cloud.serializer.Param;
 import com.google.gson.annotations.SerializedName;
 public class CapabilitiesResponse extends BaseResponse {
-    @SerializedName("networkgroupsenabled") @Param(description="true if network groups support is enabled, false otherwise")
+    @SerializedName("securitygroupsenabled") @Param(description="true if security groups support is enabled, false otherwise")
-    private String networkGroupsEnabled;
+    private String securityGroupsEnabled;
    @SerializedName("cloudstackversion") @Param(description="version of the cloud stack")
    private String cloudStackVersion;
-    public String getNetworkGroupsEnabled() {
+    public String getSecurityGroupsEnabled() {
-        return networkGroupsEnabled;
+        return securityGroupsEnabled;
    }
-    public void setNetworkGroupsEnabled(String networkGroupsEnabled) {
+    public void setSecurityGroupsEnabled(String securityGroupsEnabled) {
-        this.networkGroupsEnabled = networkGroupsEnabled;
+        this.securityGroupsEnabled = securityGroupsEnabled;
    }
    public String getCloudStackVersion() {
--- a/api/src/com/cloud/api/response/IngressRuleResponse.java
+++ b/api/src/com/cloud/api/response/IngressRuleResponse.java
@ -42,8 +42,8 @@ public class IngressRuleResponse extends BaseResponse {
    @SerializedName(ApiConstants.END_PORT) @Param(description="the ending IP of the ingress rule ")
    private Integer endPort;
-    @SerializedName(ApiConstants.NETWORK_GROUP_NAME) @Param(description="network group name")
+    @SerializedName(ApiConstants.SECURITY_GROUP_NAME) @Param(description="security group name")
-    private String networkGroupName;
+    private String securityGroupName;
    @SerializedName(ApiConstants.ACCOUNT) @Param(description="account owning the ingress rule")
    private String accountName;
@ -99,12 +99,12 @@ public class IngressRuleResponse extends BaseResponse {
        this.endPort = endPort;
    }
-    public String getNetworkGroupName() {
+    public String getSecurityGroupName() {
-        return networkGroupName;
+        return securityGroupName;
    }
-    public void setNetworkGroupName(String networkGroupName) {
+    public void setSecurityGroupName(String securityGroupName) {
-        this.networkGroupName = networkGroupName;
+        this.securityGroupName = securityGroupName;
    }
    public String getAccountName() {
--- a/api/src/com/cloud/api/response/SecurityGroupResponse.java
+++ b/api/src/com/cloud/api/response/SecurityGroupResponse.java
@ -22,26 +22,26 @@ import java.util.List;
 import com.cloud.serializer.Param;
 import com.google.gson.annotations.SerializedName;
-public class NetworkGroupResponse extends BaseResponse {
+public class SecurityGroupResponse extends BaseResponse {
-    @SerializedName("id") @Param(description="the ID of the network group")
+    @SerializedName("id") @Param(description="the ID of the security group")
    private Long id;
-    @SerializedName("name") @Param(description="the name of the network group")
+    @SerializedName("name") @Param(description="the name of the security group")
    private String name;
-    @SerializedName("description") @Param(description="the description of the network group")
+    @SerializedName("description") @Param(description="the description of the security group")
    private String description;
-    @SerializedName("account") @Param(description="the account owning the network group")
+    @SerializedName("account") @Param(description="the account owning the security group")
    private String accountName;
-    @SerializedName("domainid") @Param(description="the domain ID of the network group")
+    @SerializedName("domainid") @Param(description="the domain ID of the security group")
    private Long domainId;
-    @SerializedName("domain") @Param(description="the domain name of the network group")
+    @SerializedName("domain") @Param(description="the domain name of the security group")
    private String domainName;
-    @SerializedName("ingressrule")  @Param(description="the list of ingress rules associated with the network group")
+    @SerializedName("ingressrule")  @Param(description="the list of ingress rules associated with the security group")
    private List<IngressRuleResponse> ingressRules;
    public Long getId() {
--- a/api/src/com/cloud/api/response/UserVmResponse.java
+++ b/api/src/com/cloud/api/response/UserVmResponse.java
@ -130,8 +130,8 @@ public class UserVmResponse extends BaseResponse {
    @SerializedName("rootdevicetype") @Param(description="device type of the root volume")
    private String rootDeviceType;
-    @SerializedName("networkgrouplist") @Param(description="list of network groups associated with the virtual machine")
+    @SerializedName("securitygrouplist") @Param(description="list of security groups associated with the virtual machine")
-    private String networkGroupList;
+    private String securityGroupList;
    @SerializedName(ApiConstants.PASSWORD) @Param(description="the password (if exists) of the virtual machine")
    private String password;
@ -421,12 +421,12 @@ public class UserVmResponse extends BaseResponse {
        this.rootDeviceType = rootDeviceType;
    }
-    public String getNetworkGroupList() {
+    public String getSecurityGroupList() {
-        return networkGroupList;
+        return securityGroupList;
    }
-    public void setNetworkGroupList(String networkGroupList) {
+    public void setSecurityGroupList(String securityGroupList) {
-        this.networkGroupList = networkGroupList;
+        this.securityGroupList = securityGroupList;
    }
    public String getPassword() {
--- a/api/src/com/cloud/event/EventTypes.java
+++ b/api/src/com/cloud/event/EventTypes.java
@ -158,9 +158,9 @@ public class EventTypes {
 	// Configuration Table
 	public static final String EVENT_CONFIGURATION_VALUE_EDIT = "CONFIGURATION.VALUE.EDIT";
-	// Network Groups
+	// Security Groups
-	public static final String EVENT_NETWORK_GROUP_AUTHORIZE_INGRESS = "NG.AUTH.INGRESS";
+	public static final String EVENT_SECURITY_GROUP_AUTHORIZE_INGRESS = "SG.AUTH.INGRESS";
-    public static final String EVENT_NETWORK_GROUP_REVOKE_INGRESS = "NG.REVOKE.INGRESS";
+    public static final String EVENT_SECURITY_GROUP_REVOKE_INGRESS = "SG.REVOKE.INGRESS";
    // Host
    public static final String EVENT_HOST_RECONNECT = "HOST.RECONNECT";
--- a/api/src/com/cloud/network/security/IngressRule.java
+++ b/api/src/com/cloud/network/security/IngressRule.java
@ -25,14 +25,14 @@ import com.cloud.async.AsyncInstanceCreateStatus;
 */
 public interface IngressRule {
    long getId();
-    long getNetworkGroupId();
+    long getSecurityGroupId();
    int getStartPort();
    int getEndPort();
    String getProtocol();
    AsyncInstanceCreateStatus getCreateStatus();
    Long getAllowedNetworkId();
-    String getAllowedNetworkGroup();
+    String getAllowedSecurityGroup();
-    String getAllowedNetGrpAcct();
+    String getAllowedSecGrpAcct();
    String getAllowedSourceIpCidr();
 }
--- a/api/src/com/cloud/network/security/NetworkGroupService.java
+++ b/api/src/com/cloud/network/security/NetworkGroupService.java
@ -1,52 +0,0 @@
 /**
 *  Copyright (C) 2010 Cloud.com, Inc.  All rights reserved.
 * 
 * This software is licensed under the GNU General Public License v3 or later.
 * 
 * It is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or any later version.
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 * 
 */
 package com.cloud.network.security;
 import java.util.List;
 import com.cloud.api.commands.AuthorizeNetworkGroupIngressCmd;
 import com.cloud.api.commands.CreateNetworkGroupCmd;
 import com.cloud.api.commands.DeleteNetworkGroupCmd;
 import com.cloud.api.commands.ListNetworkGroupsCmd;
 import com.cloud.api.commands.RevokeNetworkGroupIngressCmd;
 import com.cloud.exception.InvalidParameterValueException;
 import com.cloud.exception.PermissionDeniedException;
 import com.cloud.exception.ResourceInUseException;
 public interface NetworkGroupService {
    /**
     * Create a network group with the given name and description
     * @param command the command specifying the name and description
     * @return the created network group if successful, null otherwise
     */
    public NetworkGroup createNetworkGroup(CreateNetworkGroupCmd command) throws PermissionDeniedException, InvalidParameterValueException;
    boolean revokeNetworkGroupIngress(RevokeNetworkGroupIngressCmd cmd);
    boolean deleteNetworkGroup(DeleteNetworkGroupCmd cmd) throws ResourceInUseException, PermissionDeniedException, InvalidParameterValueException;
    /**
     * Search for network groups and associated ingress rules for the given account, domain, group name, and/or keyword.
     * The search terms are specified in the search criteria.
     * @return the list of network groups and associated ingress rules
     */
    public List<? extends NetworkGroupRules> searchForNetworkGroupRules(ListNetworkGroupsCmd cmd) throws PermissionDeniedException, InvalidParameterValueException;
    public List<? extends IngressRule> authorizeNetworkGroupIngress(AuthorizeNetworkGroupIngressCmd cmd) throws InvalidParameterValueException, PermissionDeniedException;
 }
--- a/api/src/com/cloud/network/security/SecurityGroup.java
+++ b/api/src/com/cloud/network/security/SecurityGroup.java
@ -20,7 +20,7 @@ package com.cloud.network.security;
 import com.cloud.domain.PartOf;
 import com.cloud.user.OwnedBy;
-public interface NetworkGroup extends PartOf, OwnedBy {
+public interface SecurityGroup extends PartOf, OwnedBy {
    long getId();
    String getName();
    String getDescription();
--- a/api/src/com/cloud/network/security/SecurityGroupRules.java
+++ b/api/src/com/cloud/network/security/SecurityGroupRules.java
@ -17,7 +17,7 @@
 */
 package com.cloud.network.security;
-public interface NetworkGroupRules {
+public interface SecurityGroupRules {
    long getId();
    String getName();
@ -40,9 +40,9 @@ public interface NetworkGroupRules {
    Long getAllowedNetworkId();
-    String getAllowedNetworkGroup();
+    String getAllowedSecurityGroup();
-    String getAllowedNetGrpAcct();
+    String getAllowedSecGrpAcct();
    String getAllowedSourceIpCidr();
 }
--- a/api/src/com/cloud/network/security/SecurityGroupService.java
+++ b/api/src/com/cloud/network/security/SecurityGroupService.java
@ -0,0 +1,52 @@
 /**
 *  Copyright (C) 2010 Cloud.com, Inc.  All rights reserved.
 * 
 * This software is licensed under the GNU General Public License v3 or later.
 * 
 * It is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or any later version.
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 * 
 */
 package com.cloud.network.security;
 import java.util.List;
 import com.cloud.api.commands.AuthorizeSecurityGroupIngressCmd;
 import com.cloud.api.commands.CreateSecurityGroupCmd;
 import com.cloud.api.commands.DeleteSecurityGroupCmd;
 import com.cloud.api.commands.ListSecurityGroupsCmd;
 import com.cloud.api.commands.RevokeSecurityGroupIngressCmd;
 import com.cloud.exception.InvalidParameterValueException;
 import com.cloud.exception.PermissionDeniedException;
 import com.cloud.exception.ResourceInUseException;
 public interface SecurityGroupService {
    /**
     * Create a network group with the given name and description
     * @param command the command specifying the name and description
     * @return the created security group if successful, null otherwise
     */
    public SecurityGroup createSecurityGroup(CreateSecurityGroupCmd command) throws PermissionDeniedException, InvalidParameterValueException;
    boolean revokeSecurityGroupIngress(RevokeSecurityGroupIngressCmd cmd);
    boolean deleteSecurityGroup(DeleteSecurityGroupCmd cmd) throws ResourceInUseException, PermissionDeniedException, InvalidParameterValueException;
    /**
     * Search for security groups and associated ingress rules for the given account, domain, group name, and/or keyword.
     * The search terms are specified in the search criteria.
     * @return the list of security groups and associated ingress rules
     */
    public List<? extends SecurityGroupRules> searchForSecurityGroupRules(ListSecurityGroupsCmd cmd) throws PermissionDeniedException, InvalidParameterValueException;
    public List<? extends IngressRule> authorizeSecurityGroupIngress(AuthorizeSecurityGroupIngressCmd cmd) throws InvalidParameterValueException, PermissionDeniedException;
 }
--- a/core/src/com/cloud/agent/api/SecurityIngressRuleAnswer.java
+++ b/core/src/com/cloud/agent/api/SecurityIngressRuleAnswer.java
@ -17,20 +17,20 @@
 */
 package com.cloud.agent.api;
-public class NetworkIngressRuleAnswer extends Answer {
+public class SecurityIngressRuleAnswer extends Answer {
    Long logSequenceNumber = null;
    Long vmId = null;
-    protected NetworkIngressRuleAnswer() {
+    protected SecurityIngressRuleAnswer() {
    }
-    public NetworkIngressRuleAnswer(NetworkIngressRulesCmd cmd) {
+    public SecurityIngressRuleAnswer(SecurityIngressRulesCmd cmd) {
    	super(cmd);
        this.logSequenceNumber = cmd.getSeqNum();
        this.vmId = cmd.getVmId();
    }
-    public NetworkIngressRuleAnswer(NetworkIngressRulesCmd cmd, boolean result, String detail) {
+    public SecurityIngressRuleAnswer(SecurityIngressRulesCmd cmd, boolean result, String detail) {
        super(cmd, result, detail);
        this.logSequenceNumber = cmd.getSeqNum();
        this.vmId = cmd.getVmId();
--- a/core/src/com/cloud/agent/api/SecurityIngressRulesCmd.java
+++ b/core/src/com/cloud/agent/api/SecurityIngressRulesCmd.java
@ -20,7 +20,7 @@ package com.cloud.agent.api;
 import com.google.gson.Gson;
 import com.google.gson.GsonBuilder;
-public class NetworkIngressRulesCmd extends Command {
+public class SecurityIngressRulesCmd extends Command {
 	public static class IpPortAndProto {
 		String proto;
 		int startPort;
@ -69,12 +69,12 @@ public class NetworkIngressRulesCmd extends Command {
 	Long vmId;
 	IpPortAndProto [] ruleSet;
-	public NetworkIngressRulesCmd() {
+	public SecurityIngressRulesCmd() {
 		super();
 	}
-	public NetworkIngressRulesCmd(String guestIp, String guestMac, String vmName, Long vmId, String signature, Long seqNum, IpPortAndProto[] ruleSet) {
+	public SecurityIngressRulesCmd(String guestIp, String guestMac, String vmName, Long vmId, String signature, Long seqNum, IpPortAndProto[] ruleSet) {
 		super();
 		this.guestIp = guestIp;
 		this.vmName = vmName;
@ -113,7 +113,7 @@ public class NetworkIngressRulesCmd extends Command {
 	public String stringifyRules() {
 		StringBuilder ruleBuilder = new StringBuilder();
-		for (NetworkIngressRulesCmd.IpPortAndProto ipPandP: getRuleSet()) {
+		for (SecurityIngressRulesCmd.IpPortAndProto ipPandP: getRuleSet()) {
 			ruleBuilder.append(ipPandP.getProto()).append(":").append(ipPandP.getStartPort()).append(":").append(ipPandP.getEndPort()).append(":");
 			for (String cidr: ipPandP.getAllowedCidrs()) {
 				ruleBuilder.append(cidr).append(",");
@ -130,10 +130,10 @@ public class NetworkIngressRulesCmd extends Command {
 		return json.toJson(this);
 	}
-	public static NetworkIngressRulesCmd fromJson(String jsonString) {
+	public static SecurityIngressRulesCmd fromJson(String jsonString) {
 		GsonBuilder gBuilder = new GsonBuilder();
 		Gson json = gBuilder.create();
-		return json.fromJson(jsonString, NetworkIngressRulesCmd.class);
+		return json.fromJson(jsonString, SecurityIngressRulesCmd.class);
 	}
--- a/core/src/com/cloud/hypervisor/xen/resource/XenServerResource.java
+++ b/core/src/com/cloud/hypervisor/xen/resource/XenServerResource.java
@ -23,8 +23,8 @@ import org.apache.xmlrpc.XmlRpcException;
 import com.cloud.agent.api.Answer;
 import com.cloud.agent.api.Command;
-import com.cloud.agent.api.NetworkIngressRuleAnswer;
+import com.cloud.agent.api.SecurityIngressRuleAnswer;
-import com.cloud.agent.api.NetworkIngressRulesCmd;
+import com.cloud.agent.api.SecurityIngressRulesCmd;
 import com.cloud.hypervisor.xen.resource.CitrixResourceBase;
 import com.xensource.xenapi.VM;
 import com.cloud.resource.ServerResource;
@ -42,8 +42,8 @@ public class XenServerResource extends CitrixResourceBase {
    @Override
    public Answer executeRequest(Command cmd) {       
-        if (cmd instanceof NetworkIngressRulesCmd) {
+        if (cmd instanceof SecurityIngressRulesCmd) {
-            return execute((NetworkIngressRulesCmd) cmd);
+            return execute((SecurityIngressRulesCmd) cmd);
        } else {
            return super.executeRequest(cmd);
        }
@ -69,7 +69,7 @@ public class XenServerResource extends CitrixResourceBase {
        return Boolean.valueOf(callHostPlugin(conn, "vmops", "can_bridge_firewall", "host_uuid", _host.uuid));
    }
-    private Answer execute(NetworkIngressRulesCmd cmd) {
+    private Answer execute(SecurityIngressRulesCmd cmd) {
        Connection conn = getConnection();
        if (s_logger.isTraceEnabled()) {
            s_logger.trace("Sending network rules command to " + _host.ip);
@ -77,7 +77,7 @@ public class XenServerResource extends CitrixResourceBase {
        if (!_canBridgeFirewall) {
            s_logger.info("Host " + _host.ip + " cannot do bridge firewalling");
-            return new NetworkIngressRuleAnswer(cmd, false, "Host " + _host.ip + " cannot do bridge firewalling");
+            return new SecurityIngressRuleAnswer(cmd, false, "Host " + _host.ip + " cannot do bridge firewalling");
        }
        String result = callHostPlugin(conn, "vmops", "network_rules",
@ -91,10 +91,10 @@ public class XenServerResource extends CitrixResourceBase {
        if (result == null || result.isEmpty() || !Boolean.parseBoolean(result)) {
            s_logger.warn("Failed to program network rules for vm " + cmd.getVmName());
-            return new NetworkIngressRuleAnswer(cmd, false, "programming network rules failed");
+            return new SecurityIngressRuleAnswer(cmd, false, "programming network rules failed");
        } else {
            s_logger.info("Programmed network rules for vm " + cmd.getVmName() + " guestIp=" + cmd.getGuestIp() + ", numrules=" + cmd.getRuleSet().length);
-            return new NetworkIngressRuleAnswer(cmd);
+            return new SecurityIngressRuleAnswer(cmd);
        }
    }
--- a/core/src/com/cloud/network/security/IngressRuleVO.java
+++ b/core/src/com/cloud/network/security/IngressRuleVO.java
@ -31,15 +31,15 @@ import com.cloud.async.AsyncInstanceCreateStatus;
 import com.google.gson.annotations.Expose;
@Entity
-@Table(name=("network_ingress_rule"))
+@Table(name=("security_ingress_rule"))
 public class IngressRuleVO implements IngressRule {
    @Id
    @GeneratedValue(strategy=GenerationType.IDENTITY)
    @Column(name="id")
    private long id;
-    @Column(name="network_group_id")
+    @Column(name="security_group_id")
-    private long networkGroupId;
+    private long securityGroupId;
    @Column(name="start_port")
    private int startPort;
@ -53,11 +53,11 @@ public class IngressRuleVO implements IngressRule {
    @Column(name="allowed_network_id", nullable=true)
    private Long allowedNetworkId = null;
-    @Column(name="allowed_network_group")
+    @Column(name="allowed_security_group")
-    private String allowedNetworkGroup;
+    private String allowedSecurityGroup;
-    @Column(name="allowed_net_grp_acct")
+    @Column(name="allowed_sec_grp_acct")
-    private String allowedNetGrpAcct;
+    private String allowedSecGrpAcct;
    @Column(name="allowed_ip_cidr", nullable=true)
    private String allowedSourceIpCidr = null;
@ -69,18 +69,18 @@ public class IngressRuleVO implements IngressRule {
    public IngressRuleVO() {}
-    public IngressRuleVO(long networkGroupId, int fromPort, int toPort, String protocol, long allowedNetworkId, String allowedNetworkGroup, String allowedNetGrpAcct) {
+    public IngressRuleVO(long securityGroupId, int fromPort, int toPort, String protocol, long allowedNetworkId, String allowedSecurityGroup, String allowedSecGrpAcct) {
-        this.networkGroupId = networkGroupId;
+        this.securityGroupId = securityGroupId;
        this.startPort = fromPort;
        this.endPort = toPort;
        this.protocol = protocol;
        this.allowedNetworkId  = allowedNetworkId;
-        this.allowedNetworkGroup = allowedNetworkGroup;
+        this.allowedSecurityGroup = allowedSecurityGroup;
-        this.allowedNetGrpAcct = allowedNetGrpAcct;
+        this.allowedSecGrpAcct = allowedSecGrpAcct;
    }
-    public IngressRuleVO(long networkGroupId, int fromPort, int toPort, String protocol, String allowedIpCidr) {
+    public IngressRuleVO(long securityGroupId, int fromPort, int toPort, String protocol, String allowedIpCidr) {
-        this.networkGroupId = networkGroupId;
+        this.securityGroupId = securityGroupId;
        this.startPort = fromPort;
        this.endPort = toPort;
        this.protocol = protocol;
@ -93,8 +93,8 @@ public class IngressRuleVO implements IngressRule {
    }
    @Override
-    public long getNetworkGroupId() {
+    public long getSecurityGroupId() {
-        return networkGroupId;
+        return securityGroupId;
    }
    @Override
@ -127,13 +127,13 @@ public class IngressRuleVO implements IngressRule {
 	}
 	@Override
-    public String getAllowedNetworkGroup() {
+    public String getAllowedSecurityGroup() {
-	    return allowedNetworkGroup;
+	    return allowedSecurityGroup;
 	}
    @Override
-    public String getAllowedNetGrpAcct() {
+    public String getAllowedSecGrpAcct() {
-        return allowedNetGrpAcct;
+        return allowedSecGrpAcct;
    }
 	@Override
--- a/core/src/com/cloud/network/security/SecurityGroupRulesVO.java
+++ b/core/src/com/cloud/network/security/SecurityGroupRulesVO.java
@ -10,10 +10,10 @@ import javax.persistence.SecondaryTable;
 import javax.persistence.Table;
@Entity
-@Table(name=("network_group"))
+@Table(name=("security_group"))
-@SecondaryTable(name="network_ingress_rule", join="left",
+@SecondaryTable(name="security_ingress_rule", join="left",
-        pkJoinColumns={@PrimaryKeyJoinColumn(name="id", referencedColumnName="network_group_id")})
+        pkJoinColumns={@PrimaryKeyJoinColumn(name="id", referencedColumnName="security_group_id")})
-public class NetworkGroupRulesVO implements NetworkGroupRules {
+public class SecurityGroupRulesVO implements SecurityGroupRules {
    @Id
    @GeneratedValue(strategy=GenerationType.IDENTITY)
    @Column(name="id")
@ -34,33 +34,33 @@ public class NetworkGroupRulesVO implements NetworkGroupRules {
    @Column(name="account_name")
    private String accountName;
-    @Column(name="id", table="network_ingress_rule", insertable=false, updatable=false)
+    @Column(name="id", table="security_ingress_rule", insertable=false, updatable=false)
    private Long ruleId;
-    @Column(name="start_port", table="network_ingress_rule", insertable=false, updatable=false)
+    @Column(name="start_port", table="security_ingress_rule", insertable=false, updatable=false)
    private int startPort;
-    @Column(name="end_port", table="network_ingress_rule", insertable=false, updatable=false)
+    @Column(name="end_port", table="security_ingress_rule", insertable=false, updatable=false)
    private int endPort;
-    @Column(name="protocol", table="network_ingress_rule", insertable=false, updatable=false)
+    @Column(name="protocol", table="security_ingress_rule", insertable=false, updatable=false)
    private String protocol;
-    @Column(name="allowed_network_id", table="network_ingress_rule", insertable=false, updatable=false, nullable=true)
+    @Column(name="allowed_network_id", table="security_ingress_rule", insertable=false, updatable=false, nullable=true)
    private Long allowedNetworkId = null;
-    @Column(name="allowed_network_group", table="network_ingress_rule", insertable=false, updatable=false, nullable=true)
+    @Column(name="allowed_security_group", table="security_ingress_rule", insertable=false, updatable=false, nullable=true)
-    private String allowedNetworkGroup = null;
+    private String allowedSecurityGroup = null;
-    @Column(name="allowed_net_grp_acct", table="network_ingress_rule", insertable=false, updatable=false, nullable=true)
+    @Column(name="allowed_sec_grp_acct", table="security_ingress_rule", insertable=false, updatable=false, nullable=true)
-    private String allowedNetGrpAcct = null;
+    private String allowedSecGrpAcct = null;
-    @Column(name="allowed_ip_cidr", table="network_ingress_rule", insertable=false, updatable=false, nullable=true)
+    @Column(name="allowed_ip_cidr", table="security_ingress_rule", insertable=false, updatable=false, nullable=true)
    private String allowedSourceIpCidr = null;
-    public NetworkGroupRulesVO() { }
+    public SecurityGroupRulesVO() { }
-    public NetworkGroupRulesVO(long id, String name, String description, Long domainId, Long accountId, String accountName, Long ruleId, int startPort, int endPort, String protocol, Long allowedNetworkId, String allowedNetworkGroup, String allowedNetGrpAcct, String allowedSourceIpCidr) {
+    public SecurityGroupRulesVO(long id, String name, String description, Long domainId, Long accountId, String accountName, Long ruleId, int startPort, int endPort, String protocol, Long allowedNetworkId, String allowedSecurityGroup, String allowedSecGrpAcct, String allowedSourceIpCidr) {
    	this.id = id;
    	this.name = name;
    	this.description = description;
@ -72,8 +72,8 @@ public class NetworkGroupRulesVO implements NetworkGroupRules {
    	this.endPort = endPort;
    	this.protocol = protocol;
    	this.allowedNetworkId = allowedNetworkId;
-    	this.allowedNetworkGroup = allowedNetworkGroup;
+    	this.allowedSecurityGroup = allowedSecurityGroup;
-    	this.allowedNetGrpAcct = allowedNetGrpAcct;
+    	this.allowedSecGrpAcct = allowedSecGrpAcct;
    	this.allowedSourceIpCidr = allowedSourceIpCidr;
    }
@ -121,12 +121,12 @@ public class NetworkGroupRulesVO implements NetworkGroupRules {
 		return allowedNetworkId;
 	}
-	public String getAllowedNetworkGroup() {
+	public String getAllowedSecurityGroup() {
-	    return allowedNetworkGroup;
+	    return allowedSecurityGroup;
 	}
-    public String getAllowedNetGrpAcct() {
+    public String getAllowedSecGrpAcct() {
-        return allowedNetGrpAcct;
+        return allowedSecGrpAcct;
    }
 	public String getAllowedSourceIpCidr() {
--- a/core/src/com/cloud/network/security/SecurityGroupVMMapVO.java
+++ b/core/src/com/cloud/network/security/SecurityGroupVMMapVO.java
@ -31,23 +31,23 @@ import javax.persistence.Table;
 import com.cloud.vm.State;
@Entity
-@Table(name=("network_group_vm_map"))
+@Table(name=("security_group_vm_map"))
@SecondaryTables({
@SecondaryTable(name="user_vm",
        pkJoinColumns={@PrimaryKeyJoinColumn(name="instance_id", referencedColumnName="id")}),
@SecondaryTable(name="vm_instance",
                pkJoinColumns={@PrimaryKeyJoinColumn(name="instance_id", referencedColumnName="id")}),
-@SecondaryTable(name="network_group", 
+@SecondaryTable(name="security_group", 
-		pkJoinColumns={@PrimaryKeyJoinColumn(name="network_group_id", referencedColumnName="id")})
+		pkJoinColumns={@PrimaryKeyJoinColumn(name="security_group_id", referencedColumnName="id")})
 		})
-public class NetworkGroupVMMapVO {
+public class SecurityGroupVMMapVO {
    @Id
    @GeneratedValue(strategy=GenerationType.IDENTITY)
    @Column(name="id")
    private Long id;
-    @Column(name="network_group_id")
+    @Column(name="security_group_id")
-    private long networkGroupId;
+    private long securityGroupId;
    @Column(name="instance_id")
    private long instanceId;
@ -58,13 +58,13 @@ public class NetworkGroupVMMapVO {
    @Column(name="state", table="vm_instance", insertable=false, updatable=false)
    private State vmState;
-    @Column(name="name", table="network_group", insertable=false, updatable=false)
+    @Column(name="name", table="security_group", insertable=false, updatable=false)
    private String groupName;
-    public NetworkGroupVMMapVO() { }
+    public SecurityGroupVMMapVO() { }
-    public NetworkGroupVMMapVO(long networkGroupId, long instanceId) {
+    public SecurityGroupVMMapVO(long securityGroupId, long instanceId) {
-        this.networkGroupId = networkGroupId;
+        this.securityGroupId = securityGroupId;
        this.instanceId = instanceId;
    }
@ -72,8 +72,8 @@ public class NetworkGroupVMMapVO {
        return id;
    }
-    public long getNetworkGroupId() {
+    public long getSecurityGroupId() {
-        return networkGroupId;
+        return securityGroupId;
    }
    public String getGuestIpAddress() {
--- a/core/src/com/cloud/network/security/SecurityGroupVO.java
+++ b/core/src/com/cloud/network/security/SecurityGroupVO.java
@ -26,8 +26,8 @@ import javax.persistence.Id;
 import javax.persistence.Table;
@Entity
-@Table(name=("network_group"))
+@Table(name=("security_group"))
-public class NetworkGroupVO implements NetworkGroup {
+public class SecurityGroupVO implements SecurityGroup {
    @Id
    @GeneratedValue(strategy=GenerationType.IDENTITY)
    @Column(name="id")
@ -48,9 +48,9 @@ public class NetworkGroupVO implements NetworkGroup {
    @Column(name="account_name")
    private String accountName = null;
-    public NetworkGroupVO() {}
+    public SecurityGroupVO() {}
-    public NetworkGroupVO(String name, String description, long domainId, long accountId, String accountName) {
+    public SecurityGroupVO(String name, String description, long domainId, long accountId, String accountName) {
        this.name = name;
        this.description = description;
        this.domainId = domainId;
--- a/core/src/com/cloud/network/security/SecurityGroupWorkVO.java
+++ b/core/src/com/cloud/network/security/SecurityGroupWorkVO.java
@ -34,7 +34,7 @@ import com.cloud.utils.db.GenericDao;
@Entity
@Table(name="op_nwgrp_work")
-public class NetworkGroupWorkVO {
+public class SecurityGroupWorkVO {
 	public enum Step {
        Scheduled,
        Processing,
@ -70,7 +70,7 @@ public class NetworkGroupWorkVO {
    private Long logsequenceNumber = null;
-    protected NetworkGroupWorkVO() {
+    protected SecurityGroupWorkVO() {
    }
    public Long getId() {
@ -97,7 +97,7 @@ public class NetworkGroupWorkVO {
-	public NetworkGroupWorkVO(Long instanceId, Long serverId, Date created,
+	public SecurityGroupWorkVO(Long instanceId, Long serverId, Date created,
 			Step step, Date dateTaken) {
 		super();
 		this.instanceId = instanceId;
--- a/server/src/com/cloud/api/ApiDBUtils.java
+++ b/server/src/com/cloud/api/ApiDBUtils.java
@ -36,9 +36,9 @@ import com.cloud.network.dao.IPAddressDao;
 import com.cloud.network.dao.LoadBalancerDao;
 import com.cloud.network.dao.NetworkDao;
 import com.cloud.network.dao.NetworkRuleConfigDao;
-import com.cloud.network.security.NetworkGroup;
+import com.cloud.network.security.SecurityGroup;
-import com.cloud.network.security.NetworkGroupManager;
+import com.cloud.network.security.SecurityGroupManager;
-import com.cloud.network.security.dao.NetworkGroupDao;
+import com.cloud.network.security.dao.SecurityGroupDao;
 import com.cloud.offering.ServiceOffering;
 import com.cloud.offerings.NetworkOfferingVO;
 import com.cloud.offerings.dao.NetworkOfferingDao;
@ -97,7 +97,7 @@ public class ApiDBUtils {
    private static AccountManager _accountMgr;
    private static AgentManager _agentMgr;
    public static AsyncJobManager _asyncMgr;
-    private static NetworkGroupManager _networkGroupMgr;
+    private static SecurityGroupManager _networkGroupMgr;
    private static SnapshotManager _snapMgr;
    private static StorageManager _storageMgr;
    private static UserVmManager _userVmMgr;
@ -115,7 +115,7 @@ public class ApiDBUtils {
    private static HostDao _hostDao;
    private static IPAddressDao _ipAddressDao;
    private static LoadBalancerDao _loadBalancerDao;
-    private static NetworkGroupDao _networkGroupDao;
+    private static SecurityGroupDao _networkGroupDao;
    private static NetworkRuleConfigDao _networkRuleConfigDao;
    private static HostPodDao _podDao;
    private static ServiceOfferingDao _serviceOfferingDao;
@ -140,7 +140,7 @@ public class ApiDBUtils {
        _accountMgr = locator.getManager(AccountManager.class);
        _agentMgr = locator.getManager(AgentManager.class);
        _asyncMgr = locator.getManager(AsyncJobManager.class);
-        _networkGroupMgr = locator.getManager(NetworkGroupManager.class);
+        _networkGroupMgr = locator.getManager(SecurityGroupManager.class);
        _snapMgr = locator.getManager(SnapshotManager.class);
        _storageMgr = locator.getManager(StorageManager.class);
        _userVmMgr = locator.getManager(UserVmManager.class);
@ -171,7 +171,7 @@ public class ApiDBUtils {
        _vlanDao = locator.getDao(VlanDao.class);
        _volumeDao = locator.getDao(VolumeDao.class);
        _zoneDao = locator.getDao(DataCenterDao.class);
-        _networkGroupDao = locator.getDao(NetworkGroupDao.class);
+        _networkGroupDao = locator.getDao(SecurityGroupDao.class);
        _networkOfferingDao = locator.getDao(NetworkOfferingDao.class);
        _networkDao = locator.getDao(NetworkDao.class);
@ -240,7 +240,7 @@ public class ApiDBUtils {
    }
    public static String getNetworkGroupsNamesForVm(long vmId) {
-        return _networkGroupMgr.getNetworkGroupsNamesForVm(vmId);
+        return _networkGroupMgr.getSecurityGroupsNamesForVm(vmId);
    }
    public static String getSnapshotIntervalTypes(long snapshotId) {
@ -351,7 +351,7 @@ public class ApiDBUtils {
        return _networkRuleConfigDao.findById(ruleId);
    }
-    public static NetworkGroup findNetworkGroupById(Long groupId) {
+    public static SecurityGroup findNetworkGroupById(Long groupId) {
        return _networkGroupDao.findById(groupId);
    }
--- a/server/src/com/cloud/api/ApiResponseHelper.java
+++ b/server/src/com/cloud/api/ApiResponseHelper.java
@ -51,7 +51,7 @@ import com.cloud.api.response.InstanceGroupResponse;
 import com.cloud.api.response.IpForwardingRuleResponse;
 import com.cloud.api.response.ListResponse;
 import com.cloud.api.response.LoadBalancerResponse;
-import com.cloud.api.response.NetworkGroupResponse;
+import com.cloud.api.response.SecurityGroupResponse;
 import com.cloud.api.response.NetworkOfferingResponse;
 import com.cloud.api.response.NetworkResponse;
 import com.cloud.api.response.NicResponse;
@ -75,7 +75,7 @@ import com.cloud.api.response.ZoneResponse;
 import com.cloud.async.AsyncJob;
 import com.cloud.async.AsyncJobResult;
 import com.cloud.async.executor.IngressRuleResultObject;
-import com.cloud.async.executor.NetworkGroupResultObject;
+import com.cloud.async.executor.SecurityGroupResultObject;
 import com.cloud.capacity.Capacity;
 import com.cloud.capacity.CapacityVO;
 import com.cloud.configuration.Configuration;
@ -105,8 +105,8 @@ import com.cloud.network.rules.FirewallRule;
 import com.cloud.network.rules.LoadBalancer;
 import com.cloud.network.rules.PortForwardingRule;
 import com.cloud.network.security.IngressRule;
-import com.cloud.network.security.NetworkGroup;
+import com.cloud.network.security.SecurityGroup;
-import com.cloud.network.security.NetworkGroupRules;
+import com.cloud.network.security.SecurityGroupRules;
 import com.cloud.offering.DiskOffering;
 import com.cloud.offering.NetworkOffering;
 import com.cloud.offering.NetworkOffering.GuestIpType;
@ -1035,7 +1035,7 @@ public class ApiResponseHelper implements ResponseGenerator {
        userVmResponse.setGuestOsId(userVm.getGuestOSId());
        // network groups
-        userVmResponse.setNetworkGroupList(ApiDBUtils.getNetworkGroupsNamesForVm(userVm.getId()));
+        userVmResponse.setSecurityGroupList(ApiDBUtils.getNetworkGroupsNamesForVm(userVm.getId()));
        List<? extends Nic> nics = ApiDBUtils.getNics(userVm);
        List<NicResponse> nicResponses = new ArrayList<NicResponse>();
@ -1483,13 +1483,13 @@ public class ApiResponseHelper implements ResponseGenerator {
    }
    @Override
-    public ListResponse<NetworkGroupResponse> createNetworkGroupResponses(List<? extends NetworkGroupRules> networkGroups) {
+    public ListResponse<SecurityGroupResponse> createSecurityGroupResponses(List<? extends SecurityGroupRules> networkGroups) {
-        List<NetworkGroupResultObject> groupResultObjs = NetworkGroupResultObject.transposeNetworkGroups(networkGroups);
+        List<SecurityGroupResultObject> groupResultObjs = SecurityGroupResultObject.transposeNetworkGroups(networkGroups);
-        ListResponse<NetworkGroupResponse> response = new ListResponse<NetworkGroupResponse>();
+        ListResponse<SecurityGroupResponse> response = new ListResponse<SecurityGroupResponse>();
-        List<NetworkGroupResponse> netGrpResponses = new ArrayList<NetworkGroupResponse>();
+        List<SecurityGroupResponse> netGrpResponses = new ArrayList<SecurityGroupResponse>();
-        for (NetworkGroupResultObject networkGroup : groupResultObjs) {
+        for (SecurityGroupResultObject networkGroup : groupResultObjs) {
-            NetworkGroupResponse netGrpResponse = new NetworkGroupResponse();
+            SecurityGroupResponse netGrpResponse = new SecurityGroupResponse();
            netGrpResponse.setId(networkGroup.getId());
            netGrpResponse.setName(networkGroup.getName());
            netGrpResponse.setDescription(networkGroup.getDescription());
@ -1514,9 +1514,9 @@ public class ApiResponseHelper implements ResponseGenerator {
                        ingressData.setEndPort(ingressRule.getEndPort());
                    }
-                    if (ingressRule.getAllowedNetworkGroup() != null) {
+                    if (ingressRule.getAllowedSecurityGroup() != null) {
-                        ingressData.setNetworkGroupName(ingressRule.getAllowedNetworkGroup());
+                        ingressData.setSecurityGroupName(ingressRule.getAllowedSecurityGroup());
-                        ingressData.setAccountName(ingressRule.getAllowedNetGroupAcct());
+                        ingressData.setAccountName(ingressRule.getAllowedSecGroupAcct());
                    } else {
                        ingressData.setCidr(ingressRule.getAllowedSourceIpCidr());
                    }
@ -1535,8 +1535,8 @@ public class ApiResponseHelper implements ResponseGenerator {
    }
    @Override
-    public NetworkGroupResponse createNetworkGroupResponse(NetworkGroup group) {
+    public SecurityGroupResponse createSecurityGroupResponse(SecurityGroup group) {
-        NetworkGroupResponse response = new NetworkGroupResponse();
+        SecurityGroupResponse response = new SecurityGroupResponse();
        response.setAccountName(group.getAccountName());
        response.setDescription(group.getDescription());
        response.setDomainId(group.getDomainId());
@ -2084,17 +2084,17 @@ public class ApiResponseHelper implements ResponseGenerator {
    @Override
-    public NetworkGroupResponse createNetworkGroupResponseFromIngressRule(List<? extends IngressRule> ingressRules) {
+    public SecurityGroupResponse createSecurityGroupResponseFromIngressRule(List<? extends IngressRule> ingressRules) {
-        NetworkGroupResponse response = new NetworkGroupResponse();
+        SecurityGroupResponse response = new SecurityGroupResponse();
        if ((ingressRules != null) && !ingressRules.isEmpty()) {
-            NetworkGroup networkGroup  = ApiDBUtils.findNetworkGroupById(ingressRules.get(0).getNetworkGroupId());
+            SecurityGroup securityGroup  = ApiDBUtils.findNetworkGroupById(ingressRules.get(0).getSecurityGroupId());
-            response.setId(networkGroup.getId());
+            response.setId(securityGroup.getId());
-            response.setName(networkGroup.getName());
+            response.setName(securityGroup.getName());
-            response.setDescription(networkGroup.getDescription());
+            response.setDescription(securityGroup.getDescription());
-            response.setAccountName(networkGroup.getAccountName());
+            response.setAccountName(securityGroup.getAccountName());
-            response.setDomainId(networkGroup.getDomainId());
+            response.setDomainId(securityGroup.getDomainId());
-            response.setDomainName(ApiDBUtils.findDomainById(networkGroup.getDomainId()).getName());
+            response.setDomainName(ApiDBUtils.findDomainById(securityGroup.getDomainId()).getName());
            List<IngressRuleResponse> responses = new ArrayList<IngressRuleResponse>();
            for (IngressRule ingressRule : ingressRules) {
@ -2110,9 +2110,9 @@ public class ApiResponseHelper implements ResponseGenerator {
                    ingressData.setEndPort(ingressRule.getEndPort());
                }
-                if (ingressRule.getAllowedNetworkGroup() != null) {
+                if (ingressRule.getAllowedSecurityGroup() != null) {
-                    ingressData.setNetworkGroupName(ingressRule.getAllowedNetworkGroup());
+                    ingressData.setSecurityGroupName(ingressRule.getAllowedSecurityGroup());
-                    ingressData.setAccountName(ingressRule.getAllowedNetGrpAcct());
+                    ingressData.setAccountName(ingressRule.getAllowedSecGrpAcct());
                } else {
                    ingressData.setCidr(ingressRule.getAllowedSourceIpCidr());
                }
@ -2121,7 +2121,7 @@ public class ApiResponseHelper implements ResponseGenerator {
                responses.add(ingressData);
            }
            response.setIngressRules(responses);
-            response.setObjectName("networkgroup");
+            response.setObjectName("securitygroup");
        }
        return response;
--- a/server/src/com/cloud/api/ApiServer.java
+++ b/server/src/com/cloud/api/ApiServer.java
@ -655,9 +655,9 @@ public class ApiServer implements HttpRequestHandler {
            if (hypervisorType == null) 
            	hypervisorType = "kvm";
-            String directAttachNetworkGroupsEnabled = _ms.getConfigurationValue("direct.attach.network.groups.enabled");
+            String directAttachSecurityGroupsEnabled = _ms.getConfigurationValue("direct.attach.security.groups.enabled");
-            if(directAttachNetworkGroupsEnabled == null) 
+            if(directAttachSecurityGroupsEnabled == null) 
-            	directAttachNetworkGroupsEnabled = "false";     
+            	directAttachSecurityGroupsEnabled = "false";     
            String systemVmUseLocalStorage = _ms.getConfigurationValue("system.vm.use.local.storage");
            if (systemVmUseLocalStorage == null) 
@ -674,7 +674,7 @@ public class ApiServer implements HttpRequestHandler {
            session.setAttribute("type", Short.valueOf(account.getType()).toString());
 //            session.setAttribute("networktype", networkType);
            session.setAttribute("hypervisortype", hypervisorType);
-            session.setAttribute("directattachnetworkgroupsenabled", directAttachNetworkGroupsEnabled);
+            session.setAttribute("directattachsecuritygroupsenabled", directAttachSecurityGroupsEnabled);
            session.setAttribute("systemvmuselocalstorage", systemVmUseLocalStorage);
            if (timezone != null) {
--- a/server/src/com/cloud/async/executor/AuthorizeSecurityGroupIngressExecutor.java
+++ b/server/src/com/cloud/async/executor/AuthorizeSecurityGroupIngressExecutor.java
@ -11,15 +11,15 @@ import com.cloud.async.AsyncJobResult;
 import com.cloud.async.AsyncJobVO;
 import com.cloud.async.BaseAsyncJobExecutor;
 import com.cloud.network.security.IngressRuleVO;
-import com.cloud.network.security.NetworkGroupRulesVO;
+import com.cloud.network.security.SecurityGroupRulesVO;
-import com.cloud.network.security.NetworkGroupVO;
+import com.cloud.network.security.SecurityGroupVO;
 import com.cloud.serializer.GsonHelper;
 import com.cloud.server.ManagementServer;
 import com.cloud.user.AccountVO;
 import com.google.gson.Gson;
-public class AuthorizeNetworkGroupIngressExecutor extends BaseAsyncJobExecutor {
+public class AuthorizeSecurityGroupIngressExecutor extends BaseAsyncJobExecutor {
-    public static final Logger s_logger = Logger.getLogger(AuthorizeNetworkGroupIngressExecutor.class.getName());
+    public static final Logger s_logger = Logger.getLogger(AuthorizeSecurityGroupIngressExecutor.class.getName());
    @Override
    public boolean execute() {
@ -27,17 +27,17 @@ public class AuthorizeNetworkGroupIngressExecutor extends BaseAsyncJobExecutor {
        AsyncJobManager asyncMgr = getAsyncJobMgr();
        AsyncJobVO job = getJob();
        ManagementServer managementServer = asyncMgr.getExecutorContext().getManagementServer();
-        NetworkGroupIngressParam param = gson.fromJson(job.getCmdInfo(), NetworkGroupIngressParam.class);
+        SecurityGroupIngressParam param = gson.fromJson(job.getCmdInfo(), SecurityGroupIngressParam.class);
        AccountVO account = param.getAccount();
        /*
        if (getSyncSource() == null) {
-            NetworkGroupVO networkGroup = managementServer.findNetworkGroupByName(param.getAccount().getId(), param.getGroupName());
+            SecurityGroupVO networkGroup = managementServer.findNetworkGroupByName(param.getAccount().getId(), param.getGroupName());
            if(networkGroup == null) {
                asyncMgr.completeAsyncJob(getJob().getId(), AsyncJobResult.STATUS_FAILED, 
                    BaseCmd.PARAM_ERROR, "Unable to find network group " + param.getGroupName() + " for account " + account.getAccountName() + " (id: " + account.getId() + ")"); 
            } else {
-                asyncMgr.syncAsyncJobExecution(job.getId(), "NetworkGroup", networkGroup.getId());
+                asyncMgr.syncAsyncJobExecution(job.getId(), "SecurityGroup", networkGroup.getId());
            }
            return true;
        } else {
@ -65,17 +65,17 @@ public class AuthorizeNetworkGroupIngressExecutor extends BaseAsyncJobExecutor {
        return true;
    }
-    private NetworkGroupResultObject composeResultObject(ManagementServer ms, Long accountId, String groupName, List<IngressRuleVO> addedRules) {
+    private SecurityGroupResultObject composeResultObject(ManagementServer ms, Long accountId, String groupName, List<IngressRuleVO> addedRules) {
-        NetworkGroupVO networkGroup = ms.findNetworkGroupByName(accountId, groupName);
+        SecurityGroupVO networkGroup = ms.findNetworkGroupByName(accountId, groupName);
-        List<NetworkGroupRulesVO> groupRules = new ArrayList<NetworkGroupRulesVO>();
+        List<SecurityGroupRulesVO> groupRules = new ArrayList<SecurityGroupRulesVO>();
        for (IngressRuleVO ingressRule : addedRules) {
-            NetworkGroupRulesVO groupRule = new NetworkGroupRulesVO(networkGroup.getId(), networkGroup.getName(), networkGroup.getDescription(), networkGroup.getDomainId(),
+            SecurityGroupRulesVO groupRule = new SecurityGroupRulesVO(networkGroup.getId(), networkGroup.getName(), networkGroup.getDescription(), networkGroup.getDomainId(),
                                                                    networkGroup.getAccountId(), networkGroup.getAccountName(), ingressRule.getId(), ingressRule.getStartPort(), ingressRule.getEndPort(),
-                                                                    ingressRule.getProtocol(), ingressRule.getAllowedNetworkId(), ingressRule.getAllowedNetworkGroup(), ingressRule.getAllowedNetGrpAcct(),
+                                                                    ingressRule.getProtocol(), ingressRule.getAllowedNetworkId(), ingressRule.getAllowedSecurityGroup(), ingressRule.getAllowedSecGrpAcct(),
                                                                    ingressRule.getAllowedSourceIpCidr());
            groupRules.add(groupRule);
        }
-        List<NetworkGroupResultObject> results = NetworkGroupResultObject.transposeNetworkGroups(groupRules);
+        List<SecurityGroupResultObject> results = SecurityGroupResultObject.transposeNetworkGroups(groupRules);
        if ((results != null) && !results.isEmpty()) {
            return results.get(0);
        }
--- a/server/src/com/cloud/async/executor/DeployVMResultObject.java
+++ b/server/src/com/cloud/async/executor/DeployVMResultObject.java
@ -121,8 +121,8 @@ public class DeployVMResultObject {
 	@Param(name="hostid")
 	private Long hostid;
-	@Param(name="networkgrouplist")
+	@Param(name="securitygrouplist")
-	private String networkGroupList;
+	private String securityGroupList;
 	@Param(name="rootdeviceid")
 	private Long rootDeviceId;
@ -146,12 +146,12 @@ public class DeployVMResultObject {
 		this.rootDeviceType = deviceType;
 	}
-	public String getNetworkGroupList(){
+	public String getSecurityGroupList(){
-		return this.networkGroupList;
+		return this.securityGroupList;
 	}
-	public void setNetworkGroupList(String nGroups){
+	public void setSecurityGroupList(String nGroups){
-		this.networkGroupList = nGroups;
+		this.securityGroupList = nGroups;
 	}
 	public String getIsoDisplayText() {
--- a/server/src/com/cloud/async/executor/IngressRuleResultObject.java
+++ b/server/src/com/cloud/async/executor/IngressRuleResultObject.java
@ -15,24 +15,24 @@ public class IngressRuleResultObject {
    @Param(name="protocol")
    private String protocol;
-    @Param(name="networkgroup")
+    @Param(name="securitygroup")
-    private String allowedNetworkGroup = null;
+    private String allowedSecurityGroup = null;
    @Param(name="account")
-    private String allowedNetGroupAcct = null;
+    private String allowedSecGroupAcct = null;
    @Param(name="cidr")
    private String allowedSourceIpCidr = null;
    public IngressRuleResultObject() { }
-    public IngressRuleResultObject(Long id, int startPort, int endPort, String protocol, String allowedNetworkGroup, String allowedNetGroupAcct, String allowedSourceIpCidr) {
+    public IngressRuleResultObject(Long id, int startPort, int endPort, String protocol, String allowedSecurityGroup, String allowedSecGroupAcct, String allowedSourceIpCidr) {
        this.id = id;
        this.startPort = startPort;
        this.endPort = endPort;
        this.protocol = protocol;
-        this.allowedNetworkGroup = allowedNetworkGroup;
+        this.allowedSecurityGroup = allowedSecurityGroup;
-        this.allowedNetGroupAcct = allowedNetGroupAcct;
+        this.allowedSecGroupAcct = allowedSecGroupAcct;
        this.allowedSourceIpCidr = allowedSourceIpCidr;
    }
@ -68,20 +68,20 @@ public class IngressRuleResultObject {
        this.protocol = protocol;
    }
-    public String getAllowedNetworkGroup() {
+    public String getAllowedSecurityGroup() {
-        return allowedNetworkGroup;
+        return allowedSecurityGroup;
    }
-    public void setAllowedNetworkGroup(String allowedNetworkGroup) {
+    public void setAllowedSecurityGroup(String allowedSecurityGroup) {
-        this.allowedNetworkGroup = allowedNetworkGroup;
+        this.allowedSecurityGroup = allowedSecurityGroup;
    }
-    public String getAllowedNetGroupAcct() {
+    public String getAllowedSecGroupAcct() {
-        return allowedNetGroupAcct;
+        return allowedSecGroupAcct;
    }
-    public void setAllowedNetGroupAcct(String allowedNetGroupAcct) {
+    public void setAllowedSecGroupAcct(String allowedSecGroupAcct) {
-        this.allowedNetGroupAcct = allowedNetGroupAcct;
+        this.allowedSecGroupAcct = allowedSecGroupAcct;
    }
    public String getAllowedSourceIpCidr() {
--- a/server/src/com/cloud/async/executor/RevokeNetworkGroupIngressExecutor.java
+++ b/server/src/com/cloud/async/executor/RevokeNetworkGroupIngressExecutor.java
@ -7,7 +7,7 @@ import com.cloud.async.AsyncJobManager;
 import com.cloud.async.AsyncJobResult;
 import com.cloud.async.AsyncJobVO;
 import com.cloud.async.BaseAsyncJobExecutor;
-import com.cloud.network.security.NetworkGroupVO;
+import com.cloud.network.security.SecurityGroupVO;
 import com.cloud.serializer.GsonHelper;
 import com.cloud.server.ManagementServer;
 import com.cloud.user.AccountVO;
@ -22,17 +22,17 @@ public class RevokeNetworkGroupIngressExecutor extends BaseAsyncJobExecutor {
 		AsyncJobManager asyncMgr = getAsyncJobMgr();
 		AsyncJobVO job = getJob();
 		ManagementServer managementServer = asyncMgr.getExecutorContext().getManagementServer();
-		NetworkGroupIngressParam param = gson.fromJson(job.getCmdInfo(), NetworkGroupIngressParam.class);
+		SecurityGroupIngressParam param = gson.fromJson(job.getCmdInfo(), SecurityGroupIngressParam.class);
 		AccountVO account = param.getAccount();
 		/*
 		if (getSyncSource() == null) {
-			NetworkGroupVO networkGroup = managementServer.findNetworkGroupByName(param.getAccount().getId(), param.getGroupName());
+			SecurityGroupVO networkGroup = managementServer.findNetworkGroupByName(param.getAccount().getId(), param.getGroupName());
 	        if(networkGroup == null) {
 				asyncMgr.completeAsyncJob(getJob().getId(), AsyncJobResult.STATUS_FAILED, 
 					BaseCmd.PARAM_ERROR, "Unable to find network group " + param.getGroupName() + " for account " + account.getAccountName() + " (id: " + account.getId() + ")"); 
 	        } else {
-		    	asyncMgr.syncAsyncJobExecution(job.getId(), "NetworkGroup", networkGroup.getId());
+		    	asyncMgr.syncAsyncJobExecution(job.getId(), "SecurityGroup", networkGroup.getId());
 	        }
 			return true;
 		} else {
--- a/server/src/com/cloud/async/executor/SecurityGroupIngressParam.java
+++ b/server/src/com/cloud/async/executor/SecurityGroupIngressParam.java
@ -2,21 +2,21 @@ package com.cloud.async.executor;
 import java.util.List;
-import com.cloud.network.security.NetworkGroupVO;
+import com.cloud.network.security.SecurityGroupVO;
 import com.cloud.user.AccountVO;
-public class NetworkGroupIngressParam {
+public class SecurityGroupIngressParam {
 	private AccountVO account;
 	private String groupName;
 	private String protocol;
 	private int startPort;
 	private int endPort;
 	private String[] cidrList;
-	private List<NetworkGroupVO> authorizedGroups;
+	private List<SecurityGroupVO> authorizedGroups;
-	protected NetworkGroupIngressParam() { }
+	protected SecurityGroupIngressParam() { }
-	public NetworkGroupIngressParam(AccountVO account, String groupName, String protocol, int startPort, int endPort, String[] cidrList, List<NetworkGroupVO> authorizedGroups) {
+	public SecurityGroupIngressParam(AccountVO account, String groupName, String protocol, int startPort, int endPort, String[] cidrList, List<SecurityGroupVO> authorizedGroups) {
 		this.account = account;
 		this.groupName = groupName;
 		this.protocol = protocol;
@ -50,7 +50,7 @@ public class NetworkGroupIngressParam {
 		return cidrList;
 	}
-	public List<NetworkGroupVO> getAuthorizedGroups() {
+	public List<SecurityGroupVO> getAuthorizedGroups() {
 		return authorizedGroups;
 	}
 }
--- a/server/src/com/cloud/async/executor/SecurityGroupResultObject.java
+++ b/server/src/com/cloud/async/executor/SecurityGroupResultObject.java
@ -3,10 +3,10 @@ package com.cloud.async.executor;
 import java.util.ArrayList;
 import java.util.List;
-import com.cloud.network.security.NetworkGroupRules;
+import com.cloud.network.security.SecurityGroupRules;
 import com.cloud.serializer.Param;
-public class NetworkGroupResultObject {
+public class SecurityGroupResultObject {
    @Param(name="id")
    private Long id;
@ -28,9 +28,9 @@ public class NetworkGroupResultObject {
    @Param(name="ingressrules")
    private List<IngressRuleResultObject> ingressRules = null;
-    public NetworkGroupResultObject() {}
+    public SecurityGroupResultObject() {}
-    public NetworkGroupResultObject(Long id, String name, String description, Long domainId, Long accountId, String accountName, List<IngressRuleResultObject> ingressRules) {
+    public SecurityGroupResultObject(Long id, String name, String description, Long domainId, Long accountId, String accountName, List<IngressRuleResultObject> ingressRules) {
        this.id = id;
        this.name = name;
        this.description = description;
@ -96,15 +96,15 @@ public class NetworkGroupResultObject {
        this.ingressRules = ingressRules;
    }
-    public static List<NetworkGroupResultObject> transposeNetworkGroups(List<? extends NetworkGroupRules> groups) {
+    public static List<SecurityGroupResultObject> transposeNetworkGroups(List<? extends SecurityGroupRules> groups) {
-        List<NetworkGroupResultObject> resultObjects = new ArrayList<NetworkGroupResultObject>();
+        List<SecurityGroupResultObject> resultObjects = new ArrayList<SecurityGroupResultObject>();
        if ((groups != null) && !groups.isEmpty()) {
            List<IngressRuleResultObject> ingressDataList = new ArrayList<IngressRuleResultObject>();
-            NetworkGroupResultObject currentGroup = null;
+            SecurityGroupResultObject currentGroup = null;
            List<Long> processedGroups = new ArrayList<Long>();
-            for (NetworkGroupRules netGroupRule : groups) {
+            for (SecurityGroupRules netGroupRule : groups) {
                Long groupId = netGroupRule.getId();
                if (!processedGroups.contains(groupId)) {
                    processedGroups.add(groupId);
@ -118,7 +118,7 @@ public class NetworkGroupResultObject {
                    }
                    // start a new group
-                    NetworkGroupResultObject groupResult = new NetworkGroupResultObject();
+                    SecurityGroupResultObject groupResult = new SecurityGroupResultObject();
                    groupResult.setId(netGroupRule.getId());
                    groupResult.setName(netGroupRule.getName());
                    groupResult.setDescription(netGroupRule.getDescription());
@ -137,9 +137,9 @@ public class NetworkGroupResultObject {
                    ingressData.setId(netGroupRule.getRuleId());
                    ingressData.setProtocol(netGroupRule.getProtocol());
-                    if (netGroupRule.getAllowedNetworkGroup() != null) {
+                    if (netGroupRule.getAllowedSecurityGroup() != null) {
-                        ingressData.setAllowedNetworkGroup(netGroupRule.getAllowedNetworkGroup());
+                        ingressData.setAllowedSecurityGroup(netGroupRule.getAllowedSecurityGroup());
-                        ingressData.setAllowedNetGroupAcct(netGroupRule.getAllowedNetGrpAcct());
+                        ingressData.setAllowedSecGroupAcct(netGroupRule.getAllowedSecGrpAcct());
                    } else if (netGroupRule.getAllowedSourceIpCidr() != null) {
                        ingressData.setAllowedSourceIpCidr(netGroupRule.getAllowedSourceIpCidr());
                    }
--- a/server/src/com/cloud/async/executor/VMOperationResultObject.java
+++ b/server/src/com/cloud/async/executor/VMOperationResultObject.java
@ -117,8 +117,8 @@ public class VMOperationResultObject {
 	@Param(name="hostid")
 	private Long hostid;
-	@Param(name="networkgrouplist")
+	@Param(name="securitygrouplist")
-	private String networkGroupList;
+	private String securityGroupList;
 	@Param(name="rootdeviceid")
 	private Long rootDeviceId;
@ -142,12 +142,12 @@ public class VMOperationResultObject {
 		this.rootDeviceType = deviceType;
 	}
-	public String getNetworkGroupList(){
+	public String getSecurityGroupList(){
-		return this.networkGroupList;
+		return this.securityGroupList;
 	}
-	public void setNetworkGroupList(String nGroups){
+	public void setSecurityGroupList(String nGroups){
-		this.networkGroupList = nGroups;
+		this.securityGroupList = nGroups;
 	}
 	public long getId() {
--- a/server/src/com/cloud/configuration/Config.java
+++ b/server/src/com/cloud/configuration/Config.java
@ -152,7 +152,7 @@ public enum Config {
 	SecStorageAllowedInternalDownloadSites("Advanced", ManagementServer.class, String.class, "secstorage.allowed.internal.sites", null, "Comma separated list of cidrs internal to the datacenter that can host template download servers", null),
 	SecStorageEncryptCopy("Advanced", ManagementServer.class, Boolean.class, "secstorage.encrypt.copy", "false", "Use SSL method used to encrypt copy traffic between zones", "true,false"),
 	SecStorageSecureCopyCert("Advanced", ManagementServer.class, Boolean.class, "secstorage.ssl.cert.domain", "realhostip.com", "SSL certificate used to encrypt copy traffic between zones", "realhostip.com"),
-	DirectAttachNetworkGroupsEnabled("Advanced", ManagementServer.class, Boolean.class, "direct.attach.network.groups.enabled", "false", "Ec2-style distributed firewall for direct-attach VMs", "true,false"),
+	DirectAttachSecurityGroupsEnabled("Advanced", ManagementServer.class, Boolean.class, "direct.attach.security.groups.enabled", "false", "Ec2-style distributed firewall for direct-attach VMs", "true,false"),
 	DirectAttachNetworkEnabled("Advanced", ManagementServer.class, Boolean.class, "direct.attach.network.externalIpAllocator.enabled", "false", "Direct-attach VMs using external DHCP server", "true,false"),
 	DirectAttachNetworkExternalAPIURL("Advanced", ManagementServer.class, String.class, "direct.attach.network.externalIpAllocator.url", null, "Direct-attach VMs using external DHCP server (API url)", null),
 	CheckPodCIDRs("Advanced", ManagementServer.class, String.class, "check.pod.cidrs", "true", "If true, different pods must belong to different CIDR subnets.", "true,false"),
--- a/server/src/com/cloud/configuration/DefaultComponentLibrary.java
+++ b/server/src/com/cloud/configuration/DefaultComponentLibrary.java
@ -73,12 +73,12 @@ import com.cloud.network.lb.LoadBalancingRulesManagerImpl;
 import com.cloud.network.router.DomainRouterManagerImpl;
 import com.cloud.network.rules.RulesManagerImpl;
 import com.cloud.network.rules.dao.PortForwardingRulesDaoImpl;
-import com.cloud.network.security.NetworkGroupManagerImpl;
+import com.cloud.network.security.SecurityGroupManagerImpl;
 import com.cloud.network.security.dao.IngressRuleDaoImpl;
-import com.cloud.network.security.dao.NetworkGroupDaoImpl;
+import com.cloud.network.security.dao.SecurityGroupDaoImpl;
-import com.cloud.network.security.dao.NetworkGroupRulesDaoImpl;
+import com.cloud.network.security.dao.SecurityGroupRulesDaoImpl;
-import com.cloud.network.security.dao.NetworkGroupVMMapDaoImpl;
+import com.cloud.network.security.dao.SecurityGroupVMMapDaoImpl;
-import com.cloud.network.security.dao.NetworkGroupWorkDaoImpl;
+import com.cloud.network.security.dao.SecurityGroupWorkDaoImpl;
 import com.cloud.network.security.dao.VmRulesetLogDaoImpl;
 import com.cloud.offerings.dao.NetworkOfferingDaoImpl;
 import com.cloud.service.dao.ServiceOfferingDaoImpl;
@ -180,11 +180,11 @@ public class DefaultComponentLibrary implements ComponentLibrary {
        addDao("NetworkRuleConfigDao", NetworkRuleConfigDaoImpl.class);
        addDao("LoadBalancerVMMapDao", LoadBalancerVMMapDaoImpl.class);
        addDao("DataCenterIpAddressDao", DataCenterIpAddressDaoImpl.class);
-        addDao("NetworkGroupDao", NetworkGroupDaoImpl.class);
+        addDao("SecurityGroupDao", SecurityGroupDaoImpl.class);
        addDao("IngressRuleDao", IngressRuleDaoImpl.class);
-        addDao("NetworkGroupVMMapDao", NetworkGroupVMMapDaoImpl.class);
+        addDao("SecurityGroupVMMapDao", SecurityGroupVMMapDaoImpl.class);
-        addDao("NetworkGroupRulesDao", NetworkGroupRulesDaoImpl.class);
+        addDao("SecurityGroupRulesDao", SecurityGroupRulesDaoImpl.class);
-        addDao("NetworkGroupWorkDao", NetworkGroupWorkDaoImpl.class);
+        addDao("SecurityGroupWorkDao", SecurityGroupWorkDaoImpl.class);
        addDao("VmRulesetLogDao", VmRulesetLogDaoImpl.class);
        addDao("AlertDao", AlertDaoImpl.class);
        addDao("CapacityDao", CapacityDaoImpl.class);
@ -278,7 +278,7 @@ public class DefaultComponentLibrary implements ComponentLibrary {
        addManager("Template Manager", TemplateManagerImpl.class);
        addManager("Snapshot Manager", SnapshotManagerImpl.class);
        addManager("SnapshotScheduler", SnapshotSchedulerImpl.class);
-        addManager("NetworkGroupManager", NetworkGroupManagerImpl.class);
+        addManager("SecurityGroupManager", SecurityGroupManagerImpl.class);
        addManager("VmManager", VirtualMachineManagerImpl.class);
        addManager("DomainRouterManager", DomainRouterManagerImpl.class);
        addManager("EntityManager", EntityManagerImpl.class);
--- a/server/src/com/cloud/network/security/SecurityGroupListener.java
+++ b/server/src/com/cloud/network/security/SecurityGroupListener.java
@ -29,30 +29,30 @@ import com.cloud.agent.api.AgentControlAnswer;
 import com.cloud.agent.api.AgentControlCommand;
 import com.cloud.agent.api.Answer;
 import com.cloud.agent.api.Command;
-import com.cloud.agent.api.NetworkIngressRuleAnswer;
+import com.cloud.agent.api.SecurityIngressRuleAnswer;
 import com.cloud.agent.api.PingRoutingWithNwGroupsCommand;
 import com.cloud.agent.api.StartupCommand;
 import com.cloud.host.HostVO;
 import com.cloud.host.Status;
-import com.cloud.network.security.NetworkGroupWorkVO.Step;
+import com.cloud.network.security.SecurityGroupWorkVO.Step;
-import com.cloud.network.security.dao.NetworkGroupWorkDao;
+import com.cloud.network.security.dao.SecurityGroupWorkDao;
 /**
 * Listens for answers to ingress rules modification commands
 *
 */
-public class NetworkGroupListener implements Listener {
+public class SecurityGroupListener implements Listener {
-    public static final Logger s_logger = Logger.getLogger(NetworkGroupListener.class.getName());
+    public static final Logger s_logger = Logger.getLogger(SecurityGroupListener.class.getName());
-	NetworkGroupManagerImpl _networkGroupManager;
+	SecurityGroupManagerImpl _securityGroupManager;
    AgentManager _agentMgr;
-    NetworkGroupWorkDao _workDao;
+    SecurityGroupWorkDao _workDao;
-	public NetworkGroupListener(NetworkGroupManagerImpl networkGroupManager,
+	public SecurityGroupListener(SecurityGroupManagerImpl securityGroupManager,
-			AgentManager agentMgr, NetworkGroupWorkDao workDao) {
+			AgentManager agentMgr, SecurityGroupWorkDao workDao) {
 		super();
-		_networkGroupManager = networkGroupManager;
+		_securityGroupManager = securityGroupManager;
 		_agentMgr = agentMgr;
 		_workDao = workDao;
 	}
@ -75,8 +75,8 @@ public class NetworkGroupListener implements Listener {
 		Set<Long> affectedVms = new HashSet<Long>();
 		int commandNum = 0;
 		for (Answer ans: answers) {
-			if (ans instanceof NetworkIngressRuleAnswer) {
+			if (ans instanceof SecurityIngressRuleAnswer) {
-				NetworkIngressRuleAnswer ruleAnswer = (NetworkIngressRuleAnswer) ans;
+				SecurityIngressRuleAnswer ruleAnswer = (SecurityIngressRuleAnswer) ans;
 				if (ans.getResult()) {
 					s_logger.debug("Successfully programmed rule " + ruleAnswer.toString() + " into host " + agentId);
 					_workDao.updateStep(ruleAnswer.getVmId(), ruleAnswer.getLogSequenceNumber(), Step.Done);
@ -89,7 +89,7 @@ public class NetworkGroupListener implements Listener {
 				commandNum++;
 			}
 		}
-		_networkGroupManager.scheduleRulesetUpdateToHosts(affectedVms, false, new Long(10*1000l));
+		_securityGroupManager.scheduleRulesetUpdateToHosts(affectedVms, false, new Long(10*1000l));
        return true;
 	}
@ -101,7 +101,7 @@ public class NetworkGroupListener implements Listener {
            if (cmd instanceof PingRoutingWithNwGroupsCommand) {
            	PingRoutingWithNwGroupsCommand ping = (PingRoutingWithNwGroupsCommand)cmd;
                if (ping.getNewGroupStates().size() > 0) {
-                    _networkGroupManager.fullSync(agentId, ping.getNewGroupStates());
+                    _securityGroupManager.fullSync(agentId, ping.getNewGroupStates());
                }
                processed = true;
            }
--- a/server/src/com/cloud/network/security/SecurityGroupManager.java
+++ b/server/src/com/cloud/network/security/SecurityGroupManager.java
@ -28,22 +28,22 @@ import com.cloud.vm.State;
 * Ensures that network firewall rules stay updated as VMs go up and down
 *
 */
-public interface NetworkGroupManager {
+public interface SecurityGroupManager {
 	public static final String DEFAULT_GROUP_NAME = "default"; 
-	public static final String DEFAULT_GROUP_DESCRIPTION = "Default Network Group"; 
+	public static final String DEFAULT_GROUP_DESCRIPTION = "Default Security Group"; 
 	public void handleVmStateTransition(UserVm userVm, State vmState);
-	public NetworkGroupVO createNetworkGroup(String name, String description, Long domainId, Long accountId, String accountName);
+	public SecurityGroupVO createSecurityGroup(String name, String description, Long domainId, Long accountId, String accountName);
-	public NetworkGroupVO createDefaultNetworkGroup( Long accountId);
+	public SecurityGroupVO createDefaultSecurityGroup( Long accountId);
-	public boolean addInstanceToGroups(Long userVmId, List<NetworkGroupVO> groups);
+	public boolean addInstanceToGroups(Long userVmId, List<SecurityGroupVO> groups);
 	public void removeInstanceFromGroups(Long userVmId);
 	public void fullSync(long agentId, HashMap<String, Pair<Long, Long>> newGroupStates);
-	public String getNetworkGroupsNamesForVm(long vmId);
+	public String getSecurityGroupsNamesForVm(long vmId);
 }
--- a/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java
+++ b/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java
@ -40,16 +40,16 @@ import org.apache.commons.codec.digest.DigestUtils;
 import org.apache.log4j.Logger;
 import com.cloud.agent.AgentManager;
-import com.cloud.agent.api.NetworkIngressRulesCmd;
+import com.cloud.agent.api.SecurityIngressRulesCmd;
-import com.cloud.agent.api.NetworkIngressRulesCmd.IpPortAndProto;
+import com.cloud.agent.api.SecurityIngressRulesCmd.IpPortAndProto;
 import com.cloud.agent.manager.Commands;
 import com.cloud.api.BaseCmd;
 import com.cloud.api.ServerApiException;
-import com.cloud.api.commands.AuthorizeNetworkGroupIngressCmd;
+import com.cloud.api.commands.AuthorizeSecurityGroupIngressCmd;
-import com.cloud.api.commands.CreateNetworkGroupCmd;
+import com.cloud.api.commands.CreateSecurityGroupCmd;
-import com.cloud.api.commands.DeleteNetworkGroupCmd;
+import com.cloud.api.commands.DeleteSecurityGroupCmd;
-import com.cloud.api.commands.ListNetworkGroupsCmd;
+import com.cloud.api.commands.ListSecurityGroupsCmd;
-import com.cloud.api.commands.RevokeNetworkGroupIngressCmd;
+import com.cloud.api.commands.RevokeSecurityGroupIngressCmd;
 import com.cloud.configuration.dao.ConfigurationDao;
 import com.cloud.domain.DomainVO;
 import com.cloud.domain.dao.DomainDao;
@ -57,12 +57,12 @@ import com.cloud.exception.AgentUnavailableException;
 import com.cloud.exception.InvalidParameterValueException;
 import com.cloud.exception.PermissionDeniedException;
 import com.cloud.exception.ResourceInUseException;
-import com.cloud.network.security.NetworkGroupWorkVO.Step;
+import com.cloud.network.security.SecurityGroupWorkVO.Step;
 import com.cloud.network.security.dao.IngressRuleDao;
-import com.cloud.network.security.dao.NetworkGroupDao;
+import com.cloud.network.security.dao.SecurityGroupDao;
-import com.cloud.network.security.dao.NetworkGroupRulesDao;
+import com.cloud.network.security.dao.SecurityGroupRulesDao;
-import com.cloud.network.security.dao.NetworkGroupVMMapDao;
+import com.cloud.network.security.dao.SecurityGroupVMMapDao;
-import com.cloud.network.security.dao.NetworkGroupWorkDao;
+import com.cloud.network.security.dao.SecurityGroupWorkDao;
 import com.cloud.network.security.dao.VmRulesetLogDao;
 import com.cloud.server.ManagementServer;
 import com.cloud.user.Account;
@ -87,18 +87,18 @@ import com.cloud.vm.State;
 import com.cloud.vm.UserVmVO;
 import com.cloud.vm.dao.UserVmDao;
-@Local(value={NetworkGroupManager.class, NetworkGroupService.class})
+@Local(value={SecurityGroupManager.class, SecurityGroupService.class})
-public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGroupService, Manager {
+public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityGroupService, Manager {
-    public static final Logger s_logger = Logger.getLogger(NetworkGroupManagerImpl.class);
+    public static final Logger s_logger = Logger.getLogger(SecurityGroupManagerImpl.class);
-	@Inject NetworkGroupDao _networkGroupDao;
+	@Inject SecurityGroupDao _securityGroupDao;
 	@Inject IngressRuleDao  _ingressRuleDao;
-	@Inject NetworkGroupVMMapDao _networkGroupVMMapDao;
+	@Inject SecurityGroupVMMapDao _securityGroupVMMapDao;
-	@Inject NetworkGroupRulesDao _networkGroupRulesDao;
+	@Inject SecurityGroupRulesDao _securityGroupRulesDao;
 	@Inject UserVmDao _userVMDao;
 	@Inject AccountDao _accountDao;
 	@Inject ConfigurationDao _configDao;
-	@Inject NetworkGroupWorkDao _workDao;
+	@Inject SecurityGroupWorkDao _workDao;
 	@Inject VmRulesetLogDao _rulesetLogDao;
 	@Inject DomainDao _domainDao;
 	@Inject AgentManager _agentMgr;
@ -111,13 +111,13 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
 	boolean _enabled = false;
-	NetworkGroupListener _answerListener;
+	SecurityGroupListener _answerListener;
-	private final class NetworkGroupVOComparator implements
+	private final class SecurityGroupVOComparator implements
-			Comparator<NetworkGroupVO> {
+			Comparator<SecurityGroupVO> {
 		@Override
-		public int compare(NetworkGroupVO o1, NetworkGroupVO o2) {
+		public int compare(SecurityGroupVO o1, SecurityGroupVO o2) {
 			return o1.getId() == o2.getId() ? 0 : o1.getId() < o2.getId() ? -1 : 1;
 		}
 	}
@ -268,9 +268,9 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
 		Map<PortAndProto, Set<String>> allowed = new TreeMap<PortAndProto, Set<String>>();
-		List<NetworkGroupVMMapVO> groupsForVm = _networkGroupVMMapDao.listByInstanceId(userVmId);
+		List<SecurityGroupVMMapVO> groupsForVm = _securityGroupVMMapDao.listByInstanceId(userVmId);
-		for (NetworkGroupVMMapVO mapVO: groupsForVm) {
+		for (SecurityGroupVMMapVO mapVO: groupsForVm) {
-			List<IngressRuleVO> rules = _ingressRuleDao.listByNetworkGroupId(mapVO.getNetworkGroupId());
+			List<IngressRuleVO> rules = _ingressRuleDao.listBySecurityGroupId(mapVO.getSecurityGroupId());
 			for (IngressRuleVO rule: rules){
 				PortAndProto portAndProto = new PortAndProto(rule.getProtocol(), rule.getStartPort(), rule.getEndPort());
 				Set<String> cidrs = allowed.get(portAndProto );
@ -278,8 +278,8 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
 					cidrs = new TreeSet<String>(new CidrComparator());
 				}
 				if (rule.getAllowedNetworkId() != null){
-					List<NetworkGroupVMMapVO> allowedInstances = _networkGroupVMMapDao.listByNetworkGroup(rule.getAllowedNetworkId(), State.Running);
+					List<SecurityGroupVMMapVO> allowedInstances = _securityGroupVMMapDao.listBySecurityGroup(rule.getAllowedNetworkId(), State.Running);
-					for (NetworkGroupVMMapVO ngmapVO: allowedInstances){
+					for (SecurityGroupVMMapVO ngmapVO: allowedInstances){
 						String cidr = ngmapVO.getGuestIpAddress();
 						if (cidr != null) {
 							cidr = cidr + "/32";
@ -320,7 +320,7 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
 			Transaction txn = Transaction.currentTxn();
 			txn.start();
 			VmRulesetLogVO log = null;
-			NetworkGroupWorkVO work = null;
+			SecurityGroupWorkVO work = null;
 			UserVm vm = null;
 			try {
 				vm = _userVMDao.acquireInLockTable(vmId);
@ -340,7 +340,7 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
 				}
 				work = _workDao.findByVmIdStep(vmId, Step.Scheduled);
 				if (work == null) {
-					work = new NetworkGroupWorkVO(vmId,  null, null, NetworkGroupWorkVO.Step.Scheduled, null);
+					work = new SecurityGroupWorkVO(vmId,  null, null, SecurityGroupWorkVO.Step.Scheduled, null);
 					work = _workDao.persist(work);
 				}
@ -362,10 +362,10 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
 	protected Set<Long> getAffectedVmsForVmStart(UserVm userVm) {
 		Set<Long> affectedVms = new HashSet<Long>();
 		affectedVms.add(userVm.getId());
-		List<NetworkGroupVMMapVO> groupsForVm = _networkGroupVMMapDao.listByInstanceId(userVm.getId());
+		List<SecurityGroupVMMapVO> groupsForVm = _securityGroupVMMapDao.listByInstanceId(userVm.getId());
 		//For each group, find the ingress rules that allow the group
-		for (NetworkGroupVMMapVO mapVO: groupsForVm) {//FIXME: use custom sql in the dao
+		for (SecurityGroupVMMapVO mapVO: groupsForVm) {//FIXME: use custom sql in the dao
-			List<IngressRuleVO> allowingRules = _ingressRuleDao.listByAllowedNetworkGroupId(mapVO.getNetworkGroupId());
+			List<IngressRuleVO> allowingRules = _ingressRuleDao.listByAllowedSecurityGroupId(mapVO.getSecurityGroupId());
 			//For each ingress rule that allows a group that the vm belongs to, find the group it belongs to
 			affectedVms.addAll(getAffectedVmsForIngressRules(allowingRules));
 		}
@ -374,10 +374,10 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
 	protected Set<Long> getAffectedVmsForVmStop(UserVm userVm) {
 		Set<Long> affectedVms = new HashSet<Long>();
-		List<NetworkGroupVMMapVO> groupsForVm = _networkGroupVMMapDao.listByInstanceId(userVm.getId());
+		List<SecurityGroupVMMapVO> groupsForVm = _securityGroupVMMapDao.listByInstanceId(userVm.getId());
 		//For each group, find the ingress rules that allow the group
-		for (NetworkGroupVMMapVO mapVO: groupsForVm) {//FIXME: use custom sql in the dao
+		for (SecurityGroupVMMapVO mapVO: groupsForVm) {//FIXME: use custom sql in the dao
-			List<IngressRuleVO> allowingRules = _ingressRuleDao.listByAllowedNetworkGroupId(mapVO.getNetworkGroupId());
+			List<IngressRuleVO> allowingRules = _ingressRuleDao.listByAllowedSecurityGroupId(mapVO.getSecurityGroupId());
 			//For each ingress rule that allows a group that the vm belongs to, find the group it belongs to
 			affectedVms.addAll(getAffectedVmsForIngressRules(allowingRules));
 		}
@ -390,27 +390,27 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
 		Set<Long> affectedVms = new HashSet<Long>();
 		for (IngressRuleVO allowingRule: allowingRules){
-			distinctGroups.add(allowingRule.getNetworkGroupId());
+			distinctGroups.add(allowingRule.getSecurityGroupId());
 		}
 		for (Long groupId: distinctGroups){
 			//allVmUpdates.putAll(generateRulesetForGroupMembers(groupId));
-			affectedVms.addAll(_networkGroupVMMapDao.listVmIdsByNetworkGroup(groupId));
+			affectedVms.addAll(_securityGroupVMMapDao.listVmIdsBySecurityGroup(groupId));
 		}
 		return affectedVms;
 	}
-	protected NetworkIngressRulesCmd generateRulesetCmd(String vmName, String guestIp, String guestMac, Long vmId, String signature,  long seqnum, Map<PortAndProto, Set<String>> rules) {
+	protected SecurityIngressRulesCmd generateRulesetCmd(String vmName, String guestIp, String guestMac, Long vmId, String signature,  long seqnum, Map<PortAndProto, Set<String>> rules) {
 		List<IpPortAndProto> result = new ArrayList<IpPortAndProto>();
 		for (PortAndProto pAp : rules.keySet()) {
 			Set<String> cidrs = rules.get(pAp);
 			if (cidrs.size() > 0) {
-				IpPortAndProto ipPortAndProto = new NetworkIngressRulesCmd.IpPortAndProto(pAp.getProto(), pAp.getStartPort(), pAp.getEndPort(), cidrs.toArray(new String[cidrs.size()]));
+				IpPortAndProto ipPortAndProto = new SecurityIngressRulesCmd.IpPortAndProto(pAp.getProto(), pAp.getStartPort(), pAp.getEndPort(), cidrs.toArray(new String[cidrs.size()]));
 				result.add(ipPortAndProto);
 			}
 		}
-		return new NetworkIngressRulesCmd(guestIp, guestMac, vmName, vmId, signature, seqnum, result.toArray(new IpPortAndProto[result.size()]));
+		return new SecurityIngressRulesCmd(guestIp, guestMac, vmName, vmId, signature, seqnum, result.toArray(new IpPortAndProto[result.size()]));
 	}
 	protected void handleVmStopped(UserVm userVm) {
@ -420,15 +420,15 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
 	@Override @DB @SuppressWarnings("rawtypes")
-	public List<IngressRuleVO> authorizeNetworkGroupIngress(AuthorizeNetworkGroupIngressCmd cmd) throws InvalidParameterValueException, PermissionDeniedException{
+	public List<IngressRuleVO> authorizeSecurityGroupIngress(AuthorizeSecurityGroupIngressCmd cmd) throws InvalidParameterValueException, PermissionDeniedException{
-		String groupName = cmd.getNetworkGroupName();
+		String groupName = cmd.getSecurityGroupName();
 		String protocol = cmd.getProtocol();
 		Integer startPort = cmd.getStartPort();
 		Integer endPort = cmd.getEndPort();
 		Integer icmpType = cmd.getIcmpType();
 		Integer icmpCode = cmd.getIcmpCode();
 		List<String> cidrList = cmd.getCidrList();
-		Map groupList = cmd.getUserNetworkGroupList();
+		Map groupList = cmd.getUserSecurityGroupList();
        Account account = UserContext.current().getAccount();
        String accountName = cmd.getAccountName();
        Long domainId = cmd.getDomainId();
@ -445,7 +445,7 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
        	protocol = "all";
        }
-        if (!NetUtils.isValidNetworkGroupProto(protocol)) {
+        if (!NetUtils.isValidSecurityGroupProto(protocol)) {
        	s_logger.debug("Invalid protocol specified " + protocol);
        	 throw new InvalidParameterValueException("Invalid protocol " + protocol);
        }
@ -497,9 +497,9 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
                // if it's an admin account, do a quick permission check
                if ((account != null) && !_domainDao.isChildDomain(account.getDomainId(), domainId)) {
                    if (s_logger.isDebugEnabled()) {
-                        s_logger.debug("Unable to find rules for network security group id = " + groupName + ", permission denied.");
+                        s_logger.debug("Unable to find rules for security group id = " + groupName + ", permission denied.");
                    }
-                    throw new PermissionDeniedException("Unable to find rules for network security group id = " + groupName + ", permission denied.");
+                    throw new PermissionDeniedException("Unable to find rules for security group id = " + groupName + ", permission denied.");
                }
                Account groupOwner = _accountDao.findActiveAccount(accountName, domainId);
@ -521,7 +521,7 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
        }
        if (accountId == null) {
-            throw new InvalidParameterValueException("Unable to find account for network security group " + groupName + "; failed to authorize ingress.");
+            throw new InvalidParameterValueException("Unable to find account for security group " + groupName + "; failed to authorize ingress.");
        }
@ -532,7 +532,7 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
        	throw new InvalidParameterValueException("At least one cidr or at least one security group needs to be specified");
        }
-        List<NetworkGroupVO> authorizedGroups = new ArrayList<NetworkGroupVO> ();
+        List<SecurityGroupVO> authorizedGroups = new ArrayList<SecurityGroupVO> ();
        if (groupList != null) {
            Collection userGroupCollection = groupList.values();
            Iterator iter = userGroupCollection.iterator();
@ -552,7 +552,7 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
        		    throw new InvalidParameterValueException("Nonexistent account: " + authorizedAccountName + " when trying to authorize ingress for " + groupName + ":" + protocol + ":" + startPortOrType + ":" + endPortOrCode);
        		}
-        		NetworkGroupVO groupVO = _networkGroupDao.findByAccountAndName(authorizedAccount.getId(), group);
+        		SecurityGroupVO groupVO = _securityGroupDao.findByAccountAndName(authorizedAccount.getId(), group);
        		if (groupVO == null) {
        		    if (s_logger.isDebugEnabled()) {
        		        s_logger.debug("Nonexistent group " + group + " for account " + authorizedAccountName + "/" + domainId);
@ -564,79 +564,79 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
        }
        final Transaction txn = Transaction.currentTxn();
-		final Set<NetworkGroupVO> authorizedGroups2 = new TreeSet<NetworkGroupVO>(new NetworkGroupVOComparator());
+		final Set<SecurityGroupVO> authorizedGroups2 = new TreeSet<SecurityGroupVO>(new SecurityGroupVOComparator());
 		authorizedGroups2.addAll(authorizedGroups); //Ensure we don't re-lock the same row
 		txn.start();
-		NetworkGroupVO networkGroup = _networkGroupDao.findByAccountAndName(accountId, groupName);
+		SecurityGroupVO securityGroup = _securityGroupDao.findByAccountAndName(accountId, groupName);
-		if (networkGroup == null) {
+		if (securityGroup == null) {
-			s_logger.warn("Network security group not found: name= " + groupName);
+			s_logger.warn("Security group not found: name= " + groupName);
 			return null;
 		}
 		//Prevents other threads/management servers from creating duplicate ingress rules
-		NetworkGroupVO networkGroupLock = _networkGroupDao.acquireInLockTable(networkGroup.getId());
+		SecurityGroupVO securityGroupLock = _securityGroupDao.acquireInLockTable(securityGroup.getId());
-		if (networkGroupLock == null)  {
+		if (securityGroupLock == null)  {
 			s_logger.warn("Could not acquire lock on network security group: name= " + groupName);
 			return null;
 		}
 		List<IngressRuleVO> newRules = new ArrayList<IngressRuleVO>();
 		try {
 			//Don't delete the group from under us.
-			networkGroup = _networkGroupDao.lockRow(networkGroup.getId(), false);
+			securityGroup = _securityGroupDao.lockRow(securityGroup.getId(), false);
-			if (networkGroup == null) {
+			if (securityGroup == null) {
 				s_logger.warn("Could not acquire lock on network group " + groupName);
 				return null;
 			}
-			for (final NetworkGroupVO ngVO: authorizedGroups2) {
+			for (final SecurityGroupVO ngVO: authorizedGroups2) {
 				final Long ngId = ngVO.getId();
 				//Don't delete the referenced group from under us
-				if (ngVO.getId() != networkGroup.getId()) {
+				if (ngVO.getId() != securityGroup.getId()) {
-					final NetworkGroupVO tmpGrp = _networkGroupDao.lockRow(ngId, false);
+					final SecurityGroupVO tmpGrp = _securityGroupDao.lockRow(ngId, false);
 					if (tmpGrp == null) {
-						s_logger.warn("Failed to acquire lock on network group: " + ngId);
+						s_logger.warn("Failed to acquire lock on security group: " + ngId);
 						txn.rollback();
 						return null;
 					}
 				}
-				IngressRuleVO ingressRule = _ingressRuleDao.findByProtoPortsAndAllowedGroupId(networkGroup.getId(), protocol, startPort, endPort, ngVO.getId());
+				IngressRuleVO ingressRule = _ingressRuleDao.findByProtoPortsAndAllowedGroupId(securityGroup.getId(), protocol, startPort, endPort, ngVO.getId());
 				if (ingressRule != null) {
 					continue; //rule already exists.
 				}
-				ingressRule  = new IngressRuleVO(networkGroup.getId(), startPort, endPort, protocol, ngVO.getId(), ngVO.getName(), ngVO.getAccountName());
+				ingressRule  = new IngressRuleVO(securityGroup.getId(), startPort, endPort, protocol, ngVO.getId(), ngVO.getName(), ngVO.getAccountName());
 				ingressRule = _ingressRuleDao.persist(ingressRule);
 				newRules.add(ingressRule);
 			}
 			for (String cidr: cidrList) {
-				IngressRuleVO ingressRule = _ingressRuleDao.findByProtoPortsAndCidr(networkGroup.getId(),protocol, startPort, endPort, cidr);
+				IngressRuleVO ingressRule = _ingressRuleDao.findByProtoPortsAndCidr(securityGroup.getId(),protocol, startPort, endPort, cidr);
 				if (ingressRule != null) {
 					continue;
 				}
-				ingressRule  = new IngressRuleVO(networkGroup.getId(), startPort, endPort, protocol, cidr);
+				ingressRule  = new IngressRuleVO(securityGroup.getId(), startPort, endPort, protocol, cidr);
 				ingressRule = _ingressRuleDao.persist(ingressRule);
 				newRules.add(ingressRule);
 			}
 			if (s_logger.isDebugEnabled()) {
-	            s_logger.debug("Added " + newRules.size() + " rules to network group " + groupName);
+	            s_logger.debug("Added " + newRules.size() + " rules to security group " + groupName);
 			}
 			txn.commit();
 			final Set<Long> affectedVms = new HashSet<Long>();
-			affectedVms.addAll(_networkGroupVMMapDao.listVmIdsByNetworkGroup(networkGroup.getId()));
+			affectedVms.addAll(_securityGroupVMMapDao.listVmIdsBySecurityGroup(securityGroup.getId()));
 			scheduleRulesetUpdateToHosts(affectedVms, true, null);
 			return newRules;
 		} catch (Exception e){
 			s_logger.warn("Exception caught when adding ingress rules ", e);
 			throw new CloudRuntimeException("Exception caught when adding ingress rules", e);
 		} finally {
-			if (networkGroupLock != null) {
+			if (securityGroupLock != null) {
-				_networkGroupDao.releaseFromLockTable(networkGroupLock.getId());
+				_securityGroupDao.releaseFromLockTable(securityGroupLock.getId());
 			}
 		}
 	}
 	@Override
 	@DB @SuppressWarnings("rawtypes")
-	public boolean revokeNetworkGroupIngress(RevokeNetworkGroupIngressCmd cmd) {
+	public boolean revokeSecurityGroupIngress(RevokeSecurityGroupIngressCmd cmd) {
 		//input validation
 		Account account = UserContext.current().getAccount();
@ -648,9 +648,9 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
        Integer icmpType = cmd.getIcmpType();
        Integer icmpCode = cmd.getIcmpCode();
        String protocol = cmd.getProtocol();
-        String networkGroup = cmd.getNetworkGroupName();
+        String securityGroup = cmd.getSecurityGroupName();
        String cidrList = cmd.getCidrList();
-        Map groupList = cmd.getUserNetworkGroupList();
+        Map groupList = cmd.getUserSecurityGroupList();
        String [] cidrs = null;
        Long accountId = null;
        Integer startPortOrType = null;
@ -659,7 +659,7 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
        	protocol = "all";
        }
        //FIXME: for exceptions below, add new enums to BaseCmd.PARAM_ to reflect the error condition more precisely
-        if (!NetUtils.isValidNetworkGroupProto(protocol)) {
+        if (!NetUtils.isValidSecurityGroupProto(protocol)) {
        	s_logger.debug("Invalid protocol specified " + protocol);
        	 throw new ServerApiException(BaseCmd.PARAM_ERROR, "Invalid protocol " + protocol);
        }
@ -709,9 +709,9 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
                // if it's an admin account, do a quick permission check
                if ((account != null) && !_domainDao.isChildDomain(account.getDomainId(), domainId)) {
                    if (s_logger.isDebugEnabled()) {
-                        s_logger.debug("Unable to find rules for network security group id = " + networkGroup + ", permission denied.");
+                        s_logger.debug("Unable to find rules for network security group id = " + securityGroup + ", permission denied.");
                    }
-                    throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Unable to find rules for network security group id = " + networkGroup + ", permission denied.");
+                    throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Unable to find rules for network security group id = " + securityGroup + ", permission denied.");
                }
                Account groupOwner =  _accountDao.findActiveAccount(accountName, domainId);
                if (groupOwner == null) {
@ -732,13 +732,13 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
        }
        if (accountId == null) {
-            throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to find account for network security group " + networkGroup + "; failed to revoke ingress.");
+            throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to find account for network security group " + securityGroup + "; failed to revoke ingress.");
        }
-        NetworkGroupVO sg = _networkGroupDao.findByAccountAndName(accountId, networkGroup);
+        SecurityGroupVO sg = _securityGroupDao.findByAccountAndName(accountId, securityGroup);
        if (sg == null) {
-            s_logger.debug("Unable to find network security group with id " + networkGroup);
+            s_logger.debug("Unable to find network security group with id " + securityGroup);
-            throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to find network security group with id " + networkGroup);
+            throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to find network security group with id " + securityGroup);
        }
        if (cidrList == null && groupList == null) {
@ -760,7 +760,7 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
        	}
        }
-        List<NetworkGroupVO> authorizedGroups = new ArrayList<NetworkGroupVO> ();
+        List<SecurityGroupVO> authorizedGroups = new ArrayList<SecurityGroupVO> ();
        if (groupList != null) {
            Collection userGroupCollection = groupList.values();
            Iterator iter = userGroupCollection.iterator();
@ -775,12 +775,12 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
        		Account authorizedAccount = _accountDao.findActiveAccount(authorizedAccountName, domainId);
                if (authorizedAccount == null) {
                    if (s_logger.isDebugEnabled()) {
-                        s_logger.debug("Nonexistent account: " + authorizedAccountName + ", domainid: " + domainId + " when trying to revoke ingress for " + networkGroup + ":" + protocol + ":" + startPortOrType + ":" + endPortOrCode);
+                        s_logger.debug("Nonexistent account: " + authorizedAccountName + ", domainid: " + domainId + " when trying to revoke ingress for " + securityGroup + ":" + protocol + ":" + startPortOrType + ":" + endPortOrCode);
                    }
-                    throw new ServerApiException(BaseCmd.PARAM_ERROR, "Nonexistent account: " + authorizedAccountName + " when trying to revoke ingress for " + networkGroup + ":" + protocol + ":" + startPortOrType + ":" + endPortOrCode);
+                    throw new ServerApiException(BaseCmd.PARAM_ERROR, "Nonexistent account: " + authorizedAccountName + " when trying to revoke ingress for " + securityGroup + ":" + protocol + ":" + startPortOrType + ":" + endPortOrCode);
                }
-                NetworkGroupVO groupVO = _networkGroupDao.findByAccountAndName(authorizedAccount.getId(), group);
+                SecurityGroupVO groupVO = _securityGroupDao.findByAccountAndName(authorizedAccount.getId(), group);
                if (groupVO == null) {
                    if (s_logger.isDebugEnabled()) {
                        s_logger.debug("Nonexistent group and/or accountId: " + accountId + ", groupName=" + group);
@ -803,29 +803,29 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
 		final int numToDelete = cidrList.length() + authorizedGroups.size();
        final Transaction txn = Transaction.currentTxn();
-		NetworkGroupVO networkGroupHandle = _networkGroupDao.findByAccountAndName(accountId, networkGroup);
+		SecurityGroupVO securityGroupHandle = _securityGroupDao.findByAccountAndName(accountId, securityGroup);
-		if (networkGroupHandle == null) {
+		if (securityGroupHandle == null) {
-			s_logger.warn("Network security group not found: name= " + networkGroup);
+			s_logger.warn("Network security group not found: name= " + securityGroup);
 			return false;
 		}
 		try {
 			txn.start();
-			networkGroupHandle = _networkGroupDao.acquireInLockTable(networkGroupHandle.getId());
+			securityGroupHandle = _securityGroupDao.acquireInLockTable(securityGroupHandle.getId());
-			if (networkGroupHandle == null)  {
+			if (securityGroupHandle == null)  {
-				s_logger.warn("Could not acquire lock on network security group: name= " + networkGroup);
+				s_logger.warn("Could not acquire lock on network security group: name= " + securityGroup);
 				return false;
 			}
-			for (final NetworkGroupVO ngVO: authorizedGroups) {
+			for (final SecurityGroupVO ngVO: authorizedGroups) {
-				numDeleted += _ingressRuleDao.deleteByPortProtoAndGroup(networkGroupHandle.getId(), protocol, startPort, endPort, ngVO.getId());
+				numDeleted += _ingressRuleDao.deleteByPortProtoAndGroup(securityGroupHandle.getId(), protocol, startPort, endPort, ngVO.getId());
 			}
 			for (final String cidr: cidrs) {
-				numDeleted += _ingressRuleDao.deleteByPortProtoAndCidr(networkGroupHandle.getId(), protocol, startPort, endPort, cidr);
+				numDeleted += _ingressRuleDao.deleteByPortProtoAndCidr(securityGroupHandle.getId(), protocol, startPort, endPort, cidr);
 			}
-			s_logger.debug("revokeNetworkGroupIngress for group: " + networkGroup + ", numToDelete=" + numToDelete + ", numDeleted=" + numDeleted);
+			s_logger.debug("revokeSecurityGroupIngress for group: " + securityGroup + ", numToDelete=" + numToDelete + ", numDeleted=" + numDeleted);
 			final Set<Long> affectedVms = new HashSet<Long>();
-			affectedVms.addAll(_networkGroupVMMapDao.listVmIdsByNetworkGroup(networkGroupHandle.getId()));
+			affectedVms.addAll(_securityGroupVMMapDao.listVmIdsBySecurityGroup(securityGroupHandle.getId()));
 			scheduleRulesetUpdateToHosts(affectedVms, true, null);
 			return true;
@ -833,8 +833,8 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
 			s_logger.warn("Exception caught when deleting ingress rules ", e);
 			throw new CloudRuntimeException("Exception caught when deleting ingress rules", e);
 		} finally {
-			if (networkGroup != null) {
+			if (securityGroup != null) {
-				_networkGroupDao.releaseFromLockTable(networkGroupHandle.getId());
+				_securityGroupDao.releaseFromLockTable(securityGroupHandle.getId());
 			}
 			txn.commit();
 		}
@ -848,7 +848,7 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
 	}
 	@Override
-    public NetworkGroupVO createNetworkGroup(CreateNetworkGroupCmd cmd) throws PermissionDeniedException, InvalidParameterValueException {
+    public SecurityGroupVO createSecurityGroup(CreateSecurityGroupCmd cmd) throws PermissionDeniedException, InvalidParameterValueException {
        if (!_enabled) {
            return null;
        }
@ -862,17 +862,17 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
            if ((account.getType() == Account.ACCOUNT_TYPE_ADMIN) || (account.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN)) {
                if ((domainId != null) && (accountName != null)) {
                    if (!_domainDao.isChildDomain(account.getDomainId(), domainId)) {
-                        throw new PermissionDeniedException("Unable to create network group in domain " + domainId + ", permission denied.");
+                        throw new PermissionDeniedException("Unable to create security group in domain " + domainId + ", permission denied.");
                    }
                    Account userAccount = _accountDao.findActiveAccount(accountName, domainId);
                    if (userAccount == null) {
-                        throw new InvalidParameterValueException("Unable to find account " + accountName + " in domain " + domainId + ", failed to create network group " + cmd.getNetworkGroupName());
+                        throw new InvalidParameterValueException("Unable to find account " + accountName + " in domain " + domainId + ", failed to create security group " + cmd.getSecurityGroupName());
                    }
                    accountId = userAccount.getId();
                } else {
-                    // the admin must be creating a network group for himself/herself
+                    // the admin must be creating a security group for himself/herself
                    if (account != null) {
                        accountId = account.getId();
                        domainId = account.getDomainId();
@ -893,23 +893,23 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
                if (userAccount != null) {
                    accountId = userAccount.getId();
                } else {
-                    throw new InvalidParameterValueException("Unable to find account " + accountName + " in domain " + domainId + ", failed to create network group " + cmd.getNetworkGroupName());
+                    throw new InvalidParameterValueException("Unable to find account " + accountName + " in domain " + domainId + ", failed to create security group " + cmd.getSecurityGroupName());
                }
            } else {
-                throw new InvalidParameterValueException("Missing account information (account: " + accountName + ", domain: " + domainId + "), failed to create network group " + cmd.getNetworkGroupName());
+                throw new InvalidParameterValueException("Missing account information (account: " + accountName + ", domain: " + domainId + "), failed to create security group " + cmd.getSecurityGroupName());
            }
        }
-        if (_networkGroupDao.isNameInUse(accountId, domainId, cmd.getNetworkGroupName())) {
+        if (_securityGroupDao.isNameInUse(accountId, domainId, cmd.getSecurityGroupName())) {
-            throw new InvalidParameterValueException("Unable to create network group, a group with name " + cmd.getNetworkGroupName() + " already exisits.");
+            throw new InvalidParameterValueException("Unable to create security group, a group with name " + cmd.getSecurityGroupName() + " already exisits.");
        }
-        return createNetworkGroup(cmd.getNetworkGroupName(), cmd.getDescription(), domainId, accountId, accountName);
+        return createSecurityGroup(cmd.getSecurityGroupName(), cmd.getDescription(), domainId, accountId, accountName);
 	}
 	@DB
 	@Override
-	public NetworkGroupVO createNetworkGroup(String name, String description, Long domainId, Long accountId, String accountName) {
+	public SecurityGroupVO createSecurityGroup(String name, String description, Long domainId, Long accountId, String accountName) {
 		if (!_enabled) {
 			return null;
 		}
@ -922,10 +922,10 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
 				s_logger.warn("Failed to acquire lock on account");
 				return null;
 			}
-			NetworkGroupVO group = _networkGroupDao.findByAccountAndName(accountId, name);
+			SecurityGroupVO group = _securityGroupDao.findByAccountAndName(accountId, name);
 			if (group == null){
-				group = new NetworkGroupVO(name, description, domainId, accountId, accountName);
+				group = new SecurityGroupVO(name, description, domainId, accountId, accountName);
-				group =  _networkGroupDao.persist(group);
+				group =  _securityGroupDao.persist(group);
 			}
 			return group;
 		} finally {
@ -940,14 +940,14 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
 	@Override
 	public boolean configure(String name, Map<String, Object> params)
 			throws ConfigurationException {
-		String enabled =_configDao.getValue("direct.attach.network.groups.enabled");
+		String enabled =_configDao.getValue("direct.attach.security.groups.enabled");
 		if ("true".equalsIgnoreCase(enabled)) {
 			_enabled = true;
 		}
 		if (!_enabled) {
 			return false;
 		}
-		_answerListener = new NetworkGroupListener(this, _agentMgr, _workDao);
+		_answerListener = new SecurityGroupListener(this, _agentMgr, _workDao);
 		_agentMgr.registerForHostEvents(_answerListener, true, true, true);
        _serverId = ((ManagementServer)ComponentLocator.getComponent(ManagementServer.Name)).getId();
@ -981,15 +981,15 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
 	}
 	@Override
-	public NetworkGroupVO createDefaultNetworkGroup(Long accountId) {
+	public SecurityGroupVO createDefaultSecurityGroup(Long accountId) {
 		if (!_enabled) {
 			return null;
 		}
-		NetworkGroupVO groupVO = _networkGroupDao.findByAccountAndName(accountId, NetworkGroupManager.DEFAULT_GROUP_NAME);
+		SecurityGroupVO groupVO = _securityGroupDao.findByAccountAndName(accountId, SecurityGroupManager.DEFAULT_GROUP_NAME);
 		if (groupVO == null ) {
 			Account accVO = _accountDao.findById(accountId);
 			if (accVO != null) {
-				return createNetworkGroup(NetworkGroupManager.DEFAULT_GROUP_NAME, NetworkGroupManager.DEFAULT_GROUP_DESCRIPTION, accVO.getDomainId(), accVO.getId(), accVO.getAccountName());
+				return createSecurityGroup(SecurityGroupManager.DEFAULT_GROUP_NAME, SecurityGroupManager.DEFAULT_GROUP_DESCRIPTION, accVO.getDomainId(), accVO.getId(), accVO.getAccountName());
 			}
 		}
 		return groupVO;
@ -1000,7 +1000,7 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
 	    if (s_logger.isTraceEnabled()) {
 	        s_logger.trace("Checking the database");
 	    }
-		final NetworkGroupWorkVO work = _workDao.take(_serverId);
+		final SecurityGroupWorkVO work = _workDao.take(_serverId);
 		if (work == null) {
 			return;
 		}
@ -1029,7 +1029,7 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
 				agentId = vm.getHostId();
 				if (agentId != null ) {
 					_rulesetLogDao.findByVmId(work.getInstanceId());
-					NetworkIngressRulesCmd cmd = generateRulesetCmd(vm.getInstanceName(), vm.getGuestIpAddress(), vm.getGuestMacAddress(), vm.getId(), generateRulesetSignature(rules), seqnum, rules);
+					SecurityIngressRulesCmd cmd = generateRulesetCmd(vm.getInstanceName(), vm.getGuestIpAddress(), vm.getGuestMacAddress(), vm.getId(), generateRulesetSignature(rules), seqnum, rules);
 					Commands cmds = new Commands(cmd);
 					try {
 						_agentMgr.send(agentId, cmds, _answerListener);
@ -1052,12 +1052,12 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
 	@Override
 	@DB
-	public boolean addInstanceToGroups(final Long userVmId, final List<NetworkGroupVO> groups) {
+	public boolean addInstanceToGroups(final Long userVmId, final List<SecurityGroupVO> groups) {
 		if (!_enabled) {
 			return true;
 		}
 		if (groups != null) {
-			final Set<NetworkGroupVO> uniqueGroups = new TreeSet<NetworkGroupVO>(new NetworkGroupVOComparator());
+			final Set<SecurityGroupVO> uniqueGroups = new TreeSet<SecurityGroupVO>(new SecurityGroupVOComparator());
 			uniqueGroups.addAll(groups);
 			final Transaction txn = Transaction.currentTxn();
 			txn.start();
@ -1066,17 +1066,17 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
 				s_logger.warn("Failed to acquire lock on user vm id=" + userVmId);
 			}
 			try {
-				for (NetworkGroupVO networkGroup:uniqueGroups) {
+				for (SecurityGroupVO networkGroup:uniqueGroups) {
 					//don't let the group be deleted from under us.
-					NetworkGroupVO ngrpLock = _networkGroupDao.lockRow(networkGroup.getId(), false);
+					SecurityGroupVO ngrpLock = _securityGroupDao.lockRow(networkGroup.getId(), false);
 					if (ngrpLock == null) {
 						s_logger.warn("Failed to acquire lock on network group id=" + networkGroup.getId() + " name=" + networkGroup.getName());
 						txn.rollback();
 						return false;
 					}
-					if (_networkGroupVMMapDao.findByVmIdGroupId(userVmId, networkGroup.getId()) == null) {
+					if (_securityGroupVMMapDao.findByVmIdGroupId(userVmId, networkGroup.getId()) == null) {
-						NetworkGroupVMMapVO groupVmMapVO = new NetworkGroupVMMapVO(networkGroup.getId(), userVmId);
+						SecurityGroupVMMapVO groupVmMapVO = new SecurityGroupVMMapVO(networkGroup.getId(), userVmId);
-						_networkGroupVMMapDao.persist(groupVmMapVO);
+						_securityGroupVMMapDao.persist(groupVmMapVO);
 					}
 				}
 				txn.commit();
@ -1105,7 +1105,7 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
 		if (userVm == null) {
 			s_logger.warn("Failed to acquire lock on user vm id=" + userVmId);
 		}
-		int n = _networkGroupVMMapDao.deleteVM(userVmId);
+		int n = _securityGroupVMMapDao.deleteVM(userVmId);
 		s_logger.info("Disassociated " + n + " network groups " + " from uservm " + userVmId);
 		_userVMDao.releaseFromLockTable(userVmId);
 		txn.commit();
@ -1113,8 +1113,8 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
 	@DB
 	@Override
-	public boolean deleteNetworkGroup(DeleteNetworkGroupCmd cmd) throws ResourceInUseException, PermissionDeniedException, InvalidParameterValueException{
+	public boolean deleteSecurityGroup(DeleteSecurityGroupCmd cmd) throws ResourceInUseException, PermissionDeniedException, InvalidParameterValueException{
-		String name = cmd.getNetworkGroupName();
+		String name = cmd.getSecurityGroupName();
 		String accountName = cmd.getAccountName();
 		Long domainId = cmd.getDomainId();
 		Account account = UserContext.current().getAccount();
@ -1157,7 +1157,7 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
            throw new InvalidParameterValueException("Unable to find account for network group " + name + "; failed to delete group.");
        }
-        NetworkGroupVO sg = _networkGroupDao.findByAccountAndName(accountId, name);
+        SecurityGroupVO sg = _securityGroupDao.findByAccountAndName(accountId, name);
        if (sg == null) {
            throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to find network group " + name + "; failed to delete group.");
        }
@ -1167,41 +1167,41 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
 		final Transaction txn = Transaction.currentTxn();
 		txn.start();
-		final NetworkGroupVO group = _networkGroupDao.lockRow(groupId, true);
+		final SecurityGroupVO group = _securityGroupDao.lockRow(groupId, true);
 		if (group == null) {
 			s_logger.info("Not deleting group -- cannot find id " + groupId);
 			return false;
 		}
-		if (group.getName().equalsIgnoreCase(NetworkGroupManager.DEFAULT_GROUP_NAME)) {
+		if (group.getName().equalsIgnoreCase(SecurityGroupManager.DEFAULT_GROUP_NAME)) {
 			txn.rollback();
 			throw new PermissionDeniedException("The network group default is reserved");
 		}
-		List<IngressRuleVO> allowingRules = _ingressRuleDao.listByAllowedNetworkGroupId(groupId);
+		List<IngressRuleVO> allowingRules = _ingressRuleDao.listByAllowedSecurityGroupId(groupId);
 		if (allowingRules.size() != 0) {
 			txn.rollback();
 			throw new ResourceInUseException("Cannot delete group when there are ingress rules that allow this group");
 		}
-		List<IngressRuleVO> rulesInGroup = _ingressRuleDao.listByNetworkGroupId(groupId);
+		List<IngressRuleVO> rulesInGroup = _ingressRuleDao.listBySecurityGroupId(groupId);
 		if (rulesInGroup.size() != 0) {
 			txn.rollback();
 			throw new ResourceInUseException("Cannot delete group when there are ingress rules in this group");
 		}
-        _networkGroupDao.expunge(groupId);
+        _securityGroupDao.expunge(groupId);
        txn.commit();
        return true;
 	}
    @Override
-    public List<NetworkGroupRulesVO> searchForNetworkGroupRules(ListNetworkGroupsCmd cmd) throws PermissionDeniedException, InvalidParameterValueException {
+    public List<SecurityGroupRulesVO> searchForSecurityGroupRules(ListSecurityGroupsCmd cmd) throws PermissionDeniedException, InvalidParameterValueException {
        Account account = UserContext.current().getAccount();
        Long domainId = cmd.getDomainId();
        String accountName = cmd.getAccountName();
        Long accountId = null;
        Long instanceId = cmd.getVirtualMachineId();
-        String networkGroup = cmd.getNetworkGroupName();
+        String networkGroup = cmd.getSecurityGroupName();
        Boolean recursive = Boolean.FALSE;
        // permissions check
@ -1253,10 +1253,10 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
            }
        }
-        Filter searchFilter = new Filter(NetworkGroupVO.class, "id", true, cmd.getStartIndex(), cmd.getPageSizeVal());
+        Filter searchFilter = new Filter(SecurityGroupVO.class, "id", true, cmd.getStartIndex(), cmd.getPageSizeVal());
        Object keyword = cmd.getKeyword();
-        SearchBuilder<NetworkGroupVO> sb = _networkGroupDao.createSearchBuilder();
+        SearchBuilder<SecurityGroupVO> sb = _securityGroupDao.createSearchBuilder();
        sb.and("accountId", sb.entity().getAccountId(), SearchCriteria.Op.EQ);
        sb.and("name", sb.entity().getName(), SearchCriteria.Op.EQ);
        sb.and("domainId", sb.entity().getDomainId(), SearchCriteria.Op.EQ);
@ -1268,13 +1268,13 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
            sb.join("domainSearch", domainSearch, sb.entity().getDomainId(), domainSearch.entity().getId(), JoinBuilder.JoinType.INNER);
        }
-        SearchCriteria<NetworkGroupVO> sc = sb.create();
+        SearchCriteria<SecurityGroupVO> sc = sb.create();
        if (accountId != null) {
            sc.setParameters("accountId", accountId);
            if (networkGroup != null) {
                sc.setParameters("name", networkGroup);
            } else if (keyword != null) {
-                SearchCriteria<NetworkGroupRulesVO> ssc = _networkGroupRulesDao.createSearchCriteria();
+                SearchCriteria<SecurityGroupRulesVO> ssc = _securityGroupRulesDao.createSearchCriteria();
                ssc.addOr("name", SearchCriteria.Op.LIKE, "%" + keyword + "%");
                ssc.addOr("description", SearchCriteria.Op.LIKE, "%" + keyword + "%");
                sc.addAnd("name", SearchCriteria.Op.SC, ssc);
@ -1288,10 +1288,10 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
            }
        }
-        List<NetworkGroupVO> networkGroups = _networkGroupDao.search(sc, searchFilter);
+        List<SecurityGroupVO> networkGroups = _securityGroupDao.search(sc, searchFilter);
-        List<NetworkGroupRulesVO> networkRulesList = new ArrayList<NetworkGroupRulesVO>();
+        List<SecurityGroupRulesVO> networkRulesList = new ArrayList<SecurityGroupRulesVO>();
-        for (NetworkGroupVO group : networkGroups) {
+        for (SecurityGroupVO group : networkGroups) {
-           networkRulesList.addAll(_networkGroupRulesDao.listNetworkRulesByGroupId(group.getId()));
+           networkRulesList.addAll(_securityGroupRulesDao.listSecurityRulesByGroupId(group.getId()));
        }
       if (instanceId != null) {
@ -1301,13 +1301,13 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
        return networkRulesList;
    }
-	private List<NetworkGroupRulesVO> listNetworkGroupRulesByVM(long vmId) {
+	private List<SecurityGroupRulesVO> listNetworkGroupRulesByVM(long vmId) {
-	    List<NetworkGroupRulesVO> results = new ArrayList<NetworkGroupRulesVO>();
+	    List<SecurityGroupRulesVO> results = new ArrayList<SecurityGroupRulesVO>();
-	    List<NetworkGroupVMMapVO> networkGroupMappings = _networkGroupVMMapDao.listByInstanceId(vmId);
+	    List<SecurityGroupVMMapVO> networkGroupMappings = _securityGroupVMMapDao.listByInstanceId(vmId);
 	    if (networkGroupMappings != null) {
-	        for (NetworkGroupVMMapVO networkGroupMapping : networkGroupMappings) {
+	        for (SecurityGroupVMMapVO networkGroupMapping : networkGroupMappings) {
-	            NetworkGroupVO group = _networkGroupDao.findById(networkGroupMapping.getNetworkGroupId());
+	            SecurityGroupVO group = _securityGroupDao.findById(networkGroupMapping.getSecurityGroupId());
-	            List<NetworkGroupRulesVO> rules = _networkGroupRulesDao.listNetworkGroupRules(group.getAccountId(), networkGroupMapping.getGroupName());
+	            List<SecurityGroupRulesVO> rules = _securityGroupRulesDao.listSecurityGroupRules(group.getAccountId(), networkGroupMapping.getGroupName());
 	            if (rules != null) {
 	                results.addAll(rules);
 	            }
@ -1348,11 +1348,11 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
 	private void cleanupUnfinishedWork() {
 		Date before = new Date(System.currentTimeMillis() - 30*1000l);
-		List<NetworkGroupWorkVO> unfinished = _workDao.findUnfinishedWork(before);
+		List<SecurityGroupWorkVO> unfinished = _workDao.findUnfinishedWork(before);
 		if (unfinished.size() > 0) {
 			s_logger.info("Network Group Work cleanup found " + unfinished.size() + " unfinished work items older than " + before.toString());
 			Set<Long> affectedVms = new HashSet<Long>();
-			for (NetworkGroupWorkVO work: unfinished) {
+			for (SecurityGroupWorkVO work: unfinished) {
 				affectedVms.add(work.getInstanceId());
 			}
 			scheduleRulesetUpdateToHosts(affectedVms, false, null);
@ -1362,11 +1362,11 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
 	}
 	@Override
-	public String getNetworkGroupsNamesForVm(long vmId) 
+	public String getSecurityGroupsNamesForVm(long vmId) 
 	{
 		try
 		{
-			List<NetworkGroupVMMapVO>networkGroupsToVmMap =  _networkGroupVMMapDao.listByInstanceId(vmId);
+			List<SecurityGroupVMMapVO>networkGroupsToVmMap =  _securityGroupVMMapDao.listByInstanceId(vmId);
        	int size = 0;
        	int j=0;		
            StringBuilder networkGroupNames = new StringBuilder();
@ -1375,10 +1375,10 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager, NetworkGrou
            {
            	size = networkGroupsToVmMap.size();
-            	for(NetworkGroupVMMapVO nG: networkGroupsToVmMap)
+            	for(SecurityGroupVMMapVO nG: networkGroupsToVmMap)
            	{
            		//get the group id and look up for the group name
-            		NetworkGroupVO currentNetworkGroup = _networkGroupDao.findById(nG.getNetworkGroupId());
+            		SecurityGroupVO currentNetworkGroup = _securityGroupDao.findById(nG.getSecurityGroupId());
            		networkGroupNames.append(currentNetworkGroup.getName());
            		if(j<(size-1))
--- a/server/src/com/cloud/network/security/dao/IngressRuleDao.java
+++ b/server/src/com/cloud/network/security/dao/IngressRuleDao.java
@ -24,13 +24,13 @@ import com.cloud.network.security.IngressRuleVO;
 import com.cloud.utils.db.GenericDao;
 public interface IngressRuleDao extends GenericDao<IngressRuleVO, Long> {
-    List<IngressRuleVO> listByNetworkGroupId(long networkGroupId);
+    List<IngressRuleVO> listBySecurityGroupId(long networkGroupId);
-    List<IngressRuleVO> listByAllowedNetworkGroupId(long networkGroupId);
+    List<IngressRuleVO> listByAllowedSecurityGroupId(long networkGroupId);
    IngressRuleVO findByProtoPortsAndCidr(long networkGroupId, String proto, int startPort, int endPort, String cidr);
    IngressRuleVO findByProtoPortsAndGroup(String proto, int startPort, int endPort, String networkGroup);
    IngressRuleVO findByProtoPortsAndAllowedGroupId(long networkGroupId, String proto, int startPort, int endPort, Long allowedGroupId);
-    int deleteByNetworkGroup(long networkGroupId);
+    int deleteBySecurityGroup(long securityGroupId);
-	int deleteByPortProtoAndGroup(long networkGroupId, String protocol, int startPort,int endPort, Long id);
+	int deleteByPortProtoAndGroup(long securityGroupId, String protocol, int startPort,int endPort, Long id);
-	int deleteByPortProtoAndCidr(long networkGroupId, String protocol, int startPort,int endPort, String cidr);
+	int deleteByPortProtoAndCidr(long securityGroupId, String protocol, int startPort,int endPort, String cidr);
 }
--- a/server/src/com/cloud/network/security/dao/IngressRuleDaoImpl.java
+++ b/server/src/com/cloud/network/security/dao/IngressRuleDaoImpl.java
@ -25,7 +25,7 @@ import javax.ejb.Local;
 import javax.naming.ConfigurationException;
 import com.cloud.network.security.IngressRuleVO;
-import com.cloud.network.security.NetworkGroupVO;
+import com.cloud.network.security.SecurityGroupVO;
 import com.cloud.utils.component.Inject;
 import com.cloud.utils.db.GenericDaoBase;
 import com.cloud.utils.db.JoinBuilder;
@ -35,66 +35,66 @@ import com.cloud.utils.db.SearchCriteria;
@Local(value={IngressRuleDao.class})
 public class IngressRuleDaoImpl extends GenericDaoBase<IngressRuleVO, Long> implements IngressRuleDao {
-	@Inject NetworkGroupDao _networkGroupDao;
+	@Inject SecurityGroupDao _securityGroupDao;
-    protected SearchBuilder<IngressRuleVO> networkGroupIdSearch;
+    protected SearchBuilder<IngressRuleVO> securityGroupIdSearch;
-    protected SearchBuilder<IngressRuleVO> allowedNetworkGroupIdSearch;
+    protected SearchBuilder<IngressRuleVO> allowedSecurityGroupIdSearch;
    protected SearchBuilder<IngressRuleVO> protoPortsAndCidrSearch;
-    protected SearchBuilder<IngressRuleVO> protoPortsAndNetworkGroupNameSearch;
+    protected SearchBuilder<IngressRuleVO> protoPortsAndSecurityGroupNameSearch;
-    protected SearchBuilder<IngressRuleVO> protoPortsAndNetworkGroupIdSearch;
+    protected SearchBuilder<IngressRuleVO> protoPortsAndSecurityGroupIdSearch;
    protected IngressRuleDaoImpl() {
-        networkGroupIdSearch  = createSearchBuilder();
+        securityGroupIdSearch  = createSearchBuilder();
-        networkGroupIdSearch.and("networkGroupId", networkGroupIdSearch.entity().getNetworkGroupId(), SearchCriteria.Op.EQ);
+        securityGroupIdSearch.and("securityGroupId", securityGroupIdSearch.entity().getSecurityGroupId(), SearchCriteria.Op.EQ);
-        networkGroupIdSearch.done();
+        securityGroupIdSearch.done();
-        allowedNetworkGroupIdSearch  = createSearchBuilder();
+        allowedSecurityGroupIdSearch  = createSearchBuilder();
-        allowedNetworkGroupIdSearch.and("allowedNetworkId", allowedNetworkGroupIdSearch.entity().getAllowedNetworkId(), SearchCriteria.Op.EQ);
+        allowedSecurityGroupIdSearch.and("allowedNetworkId", allowedSecurityGroupIdSearch.entity().getAllowedNetworkId(), SearchCriteria.Op.EQ);
-        allowedNetworkGroupIdSearch.done();
+        allowedSecurityGroupIdSearch.done();
        protoPortsAndCidrSearch = createSearchBuilder();
-        protoPortsAndCidrSearch.and("networkGroupId", protoPortsAndCidrSearch.entity().getNetworkGroupId(), SearchCriteria.Op.EQ);
+        protoPortsAndCidrSearch.and("securityGroupId", protoPortsAndCidrSearch.entity().getSecurityGroupId(), SearchCriteria.Op.EQ);
        protoPortsAndCidrSearch.and("proto", protoPortsAndCidrSearch.entity().getProtocol(), SearchCriteria.Op.EQ);
        protoPortsAndCidrSearch.and("startPort", protoPortsAndCidrSearch.entity().getStartPort(), SearchCriteria.Op.EQ);
        protoPortsAndCidrSearch.and("endPort", protoPortsAndCidrSearch.entity().getEndPort(), SearchCriteria.Op.EQ);
        protoPortsAndCidrSearch.and("cidr", protoPortsAndCidrSearch.entity().getAllowedSourceIpCidr(), SearchCriteria.Op.EQ);
        protoPortsAndCidrSearch.done();
-        protoPortsAndNetworkGroupIdSearch = createSearchBuilder();
+        protoPortsAndSecurityGroupIdSearch = createSearchBuilder();
-        protoPortsAndNetworkGroupIdSearch.and("networkGroupId", protoPortsAndNetworkGroupIdSearch.entity().getNetworkGroupId(), SearchCriteria.Op.EQ);
+        protoPortsAndSecurityGroupIdSearch.and("securityGroupId", protoPortsAndSecurityGroupIdSearch.entity().getSecurityGroupId(), SearchCriteria.Op.EQ);
-        protoPortsAndNetworkGroupIdSearch.and("proto", protoPortsAndNetworkGroupIdSearch.entity().getProtocol(), SearchCriteria.Op.EQ);
+        protoPortsAndSecurityGroupIdSearch.and("proto", protoPortsAndSecurityGroupIdSearch.entity().getProtocol(), SearchCriteria.Op.EQ);
-        protoPortsAndNetworkGroupIdSearch.and("startPort", protoPortsAndNetworkGroupIdSearch.entity().getStartPort(), SearchCriteria.Op.EQ);
+        protoPortsAndSecurityGroupIdSearch.and("startPort", protoPortsAndSecurityGroupIdSearch.entity().getStartPort(), SearchCriteria.Op.EQ);
-        protoPortsAndNetworkGroupIdSearch.and("endPort", protoPortsAndNetworkGroupIdSearch.entity().getEndPort(), SearchCriteria.Op.EQ);        
+        protoPortsAndSecurityGroupIdSearch.and("endPort", protoPortsAndSecurityGroupIdSearch.entity().getEndPort(), SearchCriteria.Op.EQ);        
-        protoPortsAndNetworkGroupIdSearch.and("allowedNetworkId", protoPortsAndNetworkGroupIdSearch.entity().getAllowedNetworkId(), SearchCriteria.Op.EQ);
+        protoPortsAndSecurityGroupIdSearch.and("allowedNetworkId", protoPortsAndSecurityGroupIdSearch.entity().getAllowedNetworkId(), SearchCriteria.Op.EQ);
    }
-    public List<IngressRuleVO> listByNetworkGroupId(long networkGroupId) {
+    public List<IngressRuleVO> listBySecurityGroupId(long securityGroupId) {
-        SearchCriteria<IngressRuleVO> sc = networkGroupIdSearch.create();
+        SearchCriteria<IngressRuleVO> sc = securityGroupIdSearch.create();
-        sc.setParameters("networkGroupId", networkGroupId);
+        sc.setParameters("securityGroupId", securityGroupId);
        return listBy(sc);
    }
-    public int deleteByNetworkGroup(long networkGroupId) {
+    public int deleteBySecurityGroup(long securityGroupId) {
-        SearchCriteria<IngressRuleVO> sc = networkGroupIdSearch.create();
+        SearchCriteria<IngressRuleVO> sc = securityGroupIdSearch.create();
-        sc.setParameters("networkGroupId", networkGroupId);
+        sc.setParameters("securityGroupId", securityGroupId);
        return expunge(sc);
    }
 	@Override
-	public List<IngressRuleVO> listByAllowedNetworkGroupId(long networkGroupId) {
+	public List<IngressRuleVO> listByAllowedSecurityGroupId(long securityGroupId) {
-		 SearchCriteria<IngressRuleVO> sc = allowedNetworkGroupIdSearch.create();
+		 SearchCriteria<IngressRuleVO> sc = allowedSecurityGroupIdSearch.create();
-		 sc.setParameters("allowedNetworkId", networkGroupId);
+		 sc.setParameters("allowedNetworkId", securityGroupId);
 		 return listBy(sc);
 	}
 	@Override
-	public IngressRuleVO findByProtoPortsAndCidr(long networkGroupId, String proto, int startPort,
+	public IngressRuleVO findByProtoPortsAndCidr(long securityGroupId, String proto, int startPort,
 			int endPort, String cidr) {
 		SearchCriteria<IngressRuleVO> sc = protoPortsAndCidrSearch.create();
-		sc.setParameters("networkGroupId", networkGroupId);
+		sc.setParameters("securityGroupId", securityGroupId);
 		sc.setParameters("proto", proto);
 		sc.setParameters("startPort", startPort);
 		sc.setParameters("endPort", endPort);
@ -104,33 +104,33 @@ public class IngressRuleDaoImpl extends GenericDaoBase<IngressRuleVO, Long> impl
 	@Override
 	public IngressRuleVO findByProtoPortsAndGroup(String proto, int startPort,
-			int endPort, String networkGroup) {
+			int endPort, String securityGroup) {
-		SearchCriteria<IngressRuleVO> sc = protoPortsAndNetworkGroupNameSearch.create();
+		SearchCriteria<IngressRuleVO> sc = protoPortsAndSecurityGroupNameSearch.create();
 		sc.setParameters("proto", proto);
 		sc.setParameters("startPort", startPort);
 		sc.setParameters("endPort", endPort);
-		sc.setJoinParameters("groupName", "groupName", networkGroup);
+		sc.setJoinParameters("groupName", "groupName", securityGroup);
 		return findOneIncludingRemovedBy(sc);
 	}
 	@Override
 	public boolean configure(String name, Map<String, Object> params)
 			throws ConfigurationException {
-		protoPortsAndNetworkGroupNameSearch = createSearchBuilder();
+		protoPortsAndSecurityGroupNameSearch = createSearchBuilder();
-        protoPortsAndNetworkGroupNameSearch.and("proto", protoPortsAndNetworkGroupNameSearch.entity().getProtocol(), SearchCriteria.Op.EQ);
+        protoPortsAndSecurityGroupNameSearch.and("proto", protoPortsAndSecurityGroupNameSearch.entity().getProtocol(), SearchCriteria.Op.EQ);
-        protoPortsAndNetworkGroupNameSearch.and("startPort", protoPortsAndNetworkGroupNameSearch.entity().getStartPort(), SearchCriteria.Op.EQ);
+        protoPortsAndSecurityGroupNameSearch.and("startPort", protoPortsAndSecurityGroupNameSearch.entity().getStartPort(), SearchCriteria.Op.EQ);
-        protoPortsAndNetworkGroupNameSearch.and("endPort", protoPortsAndNetworkGroupNameSearch.entity().getEndPort(), SearchCriteria.Op.EQ);
+        protoPortsAndSecurityGroupNameSearch.and("endPort", protoPortsAndSecurityGroupNameSearch.entity().getEndPort(), SearchCriteria.Op.EQ);
-        SearchBuilder<NetworkGroupVO> ngSb = _networkGroupDao.createSearchBuilder();
+        SearchBuilder<SecurityGroupVO> ngSb = _securityGroupDao.createSearchBuilder();
        ngSb.and("groupName", ngSb.entity().getName(), SearchCriteria.Op.EQ);
-        protoPortsAndNetworkGroupNameSearch.join("groupName", ngSb, protoPortsAndNetworkGroupNameSearch.entity().getAllowedNetworkId(), ngSb.entity().getId(), JoinBuilder.JoinType.INNER);
+        protoPortsAndSecurityGroupNameSearch.join("groupName", ngSb, protoPortsAndSecurityGroupNameSearch.entity().getAllowedNetworkId(), ngSb.entity().getId(), JoinBuilder.JoinType.INNER);
-        protoPortsAndNetworkGroupNameSearch.done();
+        protoPortsAndSecurityGroupNameSearch.done();
 		return super.configure(name, params);
 	}
 	@Override
-	public int deleteByPortProtoAndGroup(long networkGroupId, String protocol, int startPort, int endPort, Long allowedGroupId) {
+	public int deleteByPortProtoAndGroup(long securityGroupId, String protocol, int startPort, int endPort, Long allowedGroupId) {
-		SearchCriteria<IngressRuleVO> sc = protoPortsAndNetworkGroupIdSearch.create();
+		SearchCriteria<IngressRuleVO> sc = protoPortsAndSecurityGroupIdSearch.create();
-		sc.setParameters("networkGroupId", networkGroupId);
+		sc.setParameters("securityGroupId", securityGroupId);
 		sc.setParameters("proto", protocol);
 		sc.setParameters("startPort", startPort);
 		sc.setParameters("endPort", endPort);
@ -141,9 +141,9 @@ public class IngressRuleDaoImpl extends GenericDaoBase<IngressRuleVO, Long> impl
 	}
 	@Override
-	public int deleteByPortProtoAndCidr(long networkGroupId, String protocol, int startPort, int endPort, String cidr) {
+	public int deleteByPortProtoAndCidr(long securityGroupId, String protocol, int startPort, int endPort, String cidr) {
 		SearchCriteria<IngressRuleVO> sc = protoPortsAndCidrSearch.create();
-		sc.setParameters("networkGroupId", networkGroupId);
+		sc.setParameters("securityGroupId", securityGroupId);
 		sc.setParameters("proto", protocol);
 		sc.setParameters("startPort", startPort);
 		sc.setParameters("endPort", endPort);
@ -153,10 +153,10 @@ public class IngressRuleDaoImpl extends GenericDaoBase<IngressRuleVO, Long> impl
 	}
 	@Override
-	public IngressRuleVO findByProtoPortsAndAllowedGroupId(long networkGroupId, String proto,
+	public IngressRuleVO findByProtoPortsAndAllowedGroupId(long securityGroupId, String proto,
 			int startPort, int endPort, Long allowedGroupId) {
-		SearchCriteria<IngressRuleVO> sc = protoPortsAndNetworkGroupIdSearch.create();
+		SearchCriteria<IngressRuleVO> sc = protoPortsAndSecurityGroupIdSearch.create();
-		sc.addAnd("networkGroupId", SearchCriteria.Op.EQ, networkGroupId);
+		sc.addAnd("securityGroupId", SearchCriteria.Op.EQ, securityGroupId);
 		sc.setParameters("proto", proto);
 		sc.setParameters("startPort", startPort);
 		sc.setParameters("endPort", endPort);
--- a/server/src/com/cloud/network/security/dao/NetworkGroupRulesDao.java
+++ b/server/src/com/cloud/network/security/dao/NetworkGroupRulesDao.java
@ -1,35 +0,0 @@
 package com.cloud.network.security.dao;
 import java.util.List;
 import com.cloud.network.security.NetworkGroupRulesVO;
 import com.cloud.utils.db.GenericDao;
 public interface NetworkGroupRulesDao extends GenericDao<NetworkGroupRulesVO, Long> {
 	/**
 	 * List a network group and associated ingress rules
 	 * @param accountId the account id of the owner of the network group
 	 * @param groupName the name of the group for which to list rules
 	 * @return the list of ingress rules associated with the network group (and network group info)
 	 */
 	List<NetworkGroupRulesVO> listNetworkGroupRules(long accountId, String groupName);
 	/**
 	 * List network groups and associated ingress rules
 	 * @param accountId the id of the account for which to list groups and associated rules
 	 * @return the list of network groups with associated ingress rules
 	 */
 	List<NetworkGroupRulesVO> listNetworkGroupRules(long accountId);
    /**
     * List all network groups and associated ingress rules
     * @return the list of network groups with associated ingress rules
     */
    List<NetworkGroupRulesVO> listNetworkGroupRules();
    /**
     * List all network rules belonging to the specific group
     * @return the network group with associated ingress rules
     */
    List<NetworkGroupRulesVO> listNetworkRulesByGroupId(long groupId);
 }
--- a/server/src/com/cloud/network/security/dao/NetworkGroupRulesDaoImpl.java
+++ b/server/src/com/cloud/network/security/dao/NetworkGroupRulesDaoImpl.java
@ -1,68 +0,0 @@
 package com.cloud.network.security.dao;
 import java.util.List;
 import javax.ejb.Local;
 import com.cloud.network.security.NetworkGroupRulesVO;
 import com.cloud.utils.db.Filter;
 import com.cloud.utils.db.GenericDaoBase;
 import com.cloud.utils.db.SearchBuilder;
 import com.cloud.utils.db.SearchCriteria;
@Local(value={NetworkGroupRulesDao.class})
 public class NetworkGroupRulesDaoImpl extends GenericDaoBase<NetworkGroupRulesVO, Long> implements NetworkGroupRulesDao {
    private SearchBuilder<NetworkGroupRulesVO> AccountGroupNameSearch;
    private SearchBuilder<NetworkGroupRulesVO> AccountSearch;
    private SearchBuilder<NetworkGroupRulesVO> GroupSearch;
    protected NetworkGroupRulesDaoImpl() {
        AccountGroupNameSearch = createSearchBuilder();
        AccountGroupNameSearch.and("accountId", AccountGroupNameSearch.entity().getAccountId(), SearchCriteria.Op.EQ);
        AccountGroupNameSearch.and("name", AccountGroupNameSearch.entity().getName(), SearchCriteria.Op.EQ);
        AccountGroupNameSearch.done();
        AccountSearch = createSearchBuilder();
        AccountSearch.and("accountId", AccountSearch.entity().getAccountId(), SearchCriteria.Op.EQ);
        AccountSearch.done();
        GroupSearch = createSearchBuilder();
        GroupSearch.and("groupId", GroupSearch.entity().getId(), SearchCriteria.Op.EQ);
        GroupSearch.done();
    }
    @Override
    public List<NetworkGroupRulesVO> listNetworkGroupRules() {
        Filter searchFilter = new Filter(NetworkGroupRulesVO.class, "id", true, null, null);
        return listAll(searchFilter);
    }
    @Override
    public List<NetworkGroupRulesVO> listNetworkGroupRules(long accountId, String groupName) {
        Filter searchFilter = new Filter(NetworkGroupRulesVO.class, "id", true, null, null);
        SearchCriteria<NetworkGroupRulesVO> sc = AccountGroupNameSearch.create();
        sc.setParameters("accountId", accountId);
        sc.setParameters("name", groupName);
        return listBy(sc, searchFilter);
    }
    @Override
    public List<NetworkGroupRulesVO> listNetworkGroupRules(long accountId) {
        Filter searchFilter = new Filter(NetworkGroupRulesVO.class, "id", true, null, null);
        SearchCriteria<NetworkGroupRulesVO> sc = AccountSearch.create();
        sc.setParameters("accountId", accountId);
        return listBy(sc, searchFilter);
    }
    @Override
    public List<NetworkGroupRulesVO> listNetworkRulesByGroupId(long groupId) {
        Filter searchFilter = new Filter(NetworkGroupRulesVO.class, "id", true, null, null);
        SearchCriteria<NetworkGroupRulesVO> sc = GroupSearch.create();
        sc.setParameters("groupId", groupId);
        return listBy(sc, searchFilter);
    }
 }
--- a/server/src/com/cloud/network/security/dao/NetworkGroupVMMapDaoImpl.java
+++ b/server/src/com/cloud/network/security/dao/NetworkGroupVMMapDaoImpl.java
@ -1,136 +0,0 @@
 /**
 *  Copyright (C) 2010 Cloud.com, Inc.  All rights reserved.
 * 
 * This software is licensed under the GNU General Public License v3 or later.
 * 
 * It is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or any later version.
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 * 
 */
 package com.cloud.network.security.dao;
 import java.util.List;
 import javax.ejb.Local;
 import com.cloud.network.security.NetworkGroupVMMapVO;
 import com.cloud.utils.db.GenericDaoBase;
 import com.cloud.utils.db.GenericSearchBuilder;
 import com.cloud.utils.db.SearchBuilder;
 import com.cloud.utils.db.SearchCriteria;
 import com.cloud.vm.State;
@Local(value={NetworkGroupVMMapDao.class})
 public class NetworkGroupVMMapDaoImpl extends GenericDaoBase<NetworkGroupVMMapVO, Long> implements NetworkGroupVMMapDao {
    private SearchBuilder<NetworkGroupVMMapVO> ListByIpAndVmId;
    private SearchBuilder<NetworkGroupVMMapVO> ListByVmId;
    private SearchBuilder<NetworkGroupVMMapVO> ListByVmIdGroupId;
    private GenericSearchBuilder<NetworkGroupVMMapVO, Long> ListVmIdByNetworkGroup;
    private SearchBuilder<NetworkGroupVMMapVO> ListByIp;
    private SearchBuilder<NetworkGroupVMMapVO> ListByNetworkGroup;
    private SearchBuilder<NetworkGroupVMMapVO> ListByNetworkGroupAndStates;
    protected NetworkGroupVMMapDaoImpl() {
        ListByIpAndVmId  = createSearchBuilder();
        ListByIpAndVmId.and("ipAddress", ListByIpAndVmId.entity().getGuestIpAddress(), SearchCriteria.Op.EQ);
        ListByIpAndVmId.and("instanceId", ListByIpAndVmId.entity().getInstanceId(), SearchCriteria.Op.EQ);
        ListByIpAndVmId.done();
        ListVmIdByNetworkGroup = createSearchBuilder(Long.class);
        ListVmIdByNetworkGroup.and("networkGroupId", ListVmIdByNetworkGroup.entity().getNetworkGroupId(), SearchCriteria.Op.EQ);
        ListVmIdByNetworkGroup.selectField(ListVmIdByNetworkGroup.entity().getInstanceId());
        ListVmIdByNetworkGroup.done();
        ListByNetworkGroup = createSearchBuilder();
        ListByNetworkGroup.and("networkGroupId", ListByNetworkGroup.entity().getNetworkGroupId(), SearchCriteria.Op.EQ);
        ListByNetworkGroup.done();
        ListByIp  = createSearchBuilder();
        ListByIp.and("ipAddress", ListByIp.entity().getGuestIpAddress(), SearchCriteria.Op.EQ);
        ListByIp.done();
        ListByVmId  = createSearchBuilder();
        ListByVmId.and("instanceId", ListByVmId.entity().getInstanceId(), SearchCriteria.Op.EQ);
        ListByVmId.done();
        ListByNetworkGroupAndStates = createSearchBuilder();
        ListByNetworkGroupAndStates.and("networkGroupId", ListByNetworkGroupAndStates.entity().getNetworkGroupId(), SearchCriteria.Op.EQ);
        ListByNetworkGroupAndStates.and("states", ListByNetworkGroupAndStates.entity().getVmState(), SearchCriteria.Op.IN);
        ListByNetworkGroupAndStates.done();
        ListByVmIdGroupId  = createSearchBuilder();
        ListByVmIdGroupId.and("instanceId", ListByVmIdGroupId.entity().getInstanceId(), SearchCriteria.Op.EQ);
        ListByVmIdGroupId.and("networkGroupId", ListByVmIdGroupId.entity().getNetworkGroupId(), SearchCriteria.Op.EQ);
        ListByVmIdGroupId.done();
    }
    public List<NetworkGroupVMMapVO> listByIpAndInstanceId(String ipAddress, long vmId) {
        SearchCriteria<NetworkGroupVMMapVO> sc = ListByIpAndVmId.create();
        sc.setParameters("ipAddress", ipAddress);
        sc.setParameters("instanceId", vmId);
        return listBy(sc);
    }
    @Override
    public List<NetworkGroupVMMapVO> listByNetworkGroup(long networkGroupId) {
        SearchCriteria<NetworkGroupVMMapVO> sc = ListByNetworkGroup.create();
        sc.setParameters("networkGroupId", networkGroupId);
        return listBy(sc);
    }
    @Override
    public List<NetworkGroupVMMapVO> listByIp(String ipAddress) {
        SearchCriteria<NetworkGroupVMMapVO> sc = ListByIp.create();
        sc.setParameters("ipAddress", ipAddress);
        return listBy(sc);
    }
    @Override
    public List<NetworkGroupVMMapVO> listByInstanceId(long vmId) {
        SearchCriteria<NetworkGroupVMMapVO> sc = ListByVmId.create();
        sc.setParameters("instanceId", vmId);
        return listBy(sc);
    }
    @Override
    public int deleteVM(long instanceId) {
    	SearchCriteria<NetworkGroupVMMapVO> sc = ListByVmId.create();
        sc.setParameters("instanceId", instanceId);
        return super.expunge(sc);
    }
 	@Override
 	public List<NetworkGroupVMMapVO> listByNetworkGroup(long networkGroupId, State... vmStates) {
 		SearchCriteria<NetworkGroupVMMapVO> sc = ListByNetworkGroupAndStates.create();
 		sc.setParameters("networkGroupId", networkGroupId);
 		sc.setParameters("states", (Object[])vmStates);
 		return listBy(sc);
 	}
    @Override
    public List<Long> listVmIdsByNetworkGroup(long networkGroupId) {
        SearchCriteria<Long> sc = ListVmIdByNetworkGroup.create();
        sc.setParameters("networkGroupId", networkGroupId);
        return searchIncludingRemoved(sc, null);
    }
 	@Override
 	public NetworkGroupVMMapVO findByVmIdGroupId(long instanceId, long networkGroupId) {
        SearchCriteria<NetworkGroupVMMapVO> sc = ListByVmIdGroupId.create();
        sc.setParameters("networkGroupId", networkGroupId);
        sc.setParameters("instanceId", instanceId);
 		return findOneIncludingRemovedBy(sc);
 	}
 }
--- a/server/src/com/cloud/network/security/dao/SecurityGroupDao.java
+++ b/server/src/com/cloud/network/security/dao/SecurityGroupDao.java
@ -20,12 +20,12 @@ package com.cloud.network.security.dao;
 import java.util.List;
-import com.cloud.network.security.NetworkGroupVO;
+import com.cloud.network.security.SecurityGroupVO;
 import com.cloud.utils.db.GenericDao;
-public interface NetworkGroupDao extends GenericDao<NetworkGroupVO, Long> {
+public interface SecurityGroupDao extends GenericDao<SecurityGroupVO, Long> {
-    List<NetworkGroupVO> listByAccountId(long accountId);
+    List<SecurityGroupVO> listByAccountId(long accountId);
    boolean isNameInUse(Long accountId, Long domainId, String name);
-    NetworkGroupVO findByAccountAndName(Long accountId, String name);
+    SecurityGroupVO findByAccountAndName(Long accountId, String name);
-    List<NetworkGroupVO> findByAccountAndNames(Long accountId, String... names);
+    List<SecurityGroupVO> findByAccountAndNames(Long accountId, String... names);
 }
--- a/server/src/com/cloud/network/security/dao/SecurityGroupDaoImpl.java
+++ b/server/src/com/cloud/network/security/dao/SecurityGroupDaoImpl.java
@ -22,18 +22,18 @@ import java.util.List;
 import javax.ejb.Local;
-import com.cloud.network.security.NetworkGroupVO;
+import com.cloud.network.security.SecurityGroupVO;
 import com.cloud.utils.db.GenericDaoBase;
 import com.cloud.utils.db.SearchBuilder;
 import com.cloud.utils.db.SearchCriteria;
-@Local(value={NetworkGroupDao.class})
+@Local(value={SecurityGroupDao.class})
-public class NetworkGroupDaoImpl extends GenericDaoBase<NetworkGroupVO, Long> implements NetworkGroupDao {
+public class SecurityGroupDaoImpl extends GenericDaoBase<SecurityGroupVO, Long> implements SecurityGroupDao {
-    private SearchBuilder<NetworkGroupVO> AccountIdSearch;
+    private SearchBuilder<SecurityGroupVO> AccountIdSearch;
-    private SearchBuilder<NetworkGroupVO> AccountIdNameSearch;
+    private SearchBuilder<SecurityGroupVO> AccountIdNameSearch;
-    private SearchBuilder<NetworkGroupVO> AccountIdNamesSearch;
+    private SearchBuilder<SecurityGroupVO> AccountIdNamesSearch;
-    protected NetworkGroupDaoImpl() {
+    protected SecurityGroupDaoImpl() {
        AccountIdSearch = createSearchBuilder();
        AccountIdSearch.and("accountId", AccountIdSearch.entity().getAccountId(), SearchCriteria.Op.EQ);
        AccountIdSearch.done();
@ -49,15 +49,15 @@ public class NetworkGroupDaoImpl extends GenericDaoBase<NetworkGroupVO, Long> im
    }
    @Override
-    public List<NetworkGroupVO> listByAccountId(long accountId) {
+    public List<SecurityGroupVO> listByAccountId(long accountId) {
-        SearchCriteria<NetworkGroupVO> sc = AccountIdSearch.create();
+        SearchCriteria<SecurityGroupVO> sc = AccountIdSearch.create();
        sc.setParameters("accountId", accountId);
        return listBy(sc);
    }
    @Override
    public boolean isNameInUse(Long accountId, Long domainId, String name) {
-        SearchCriteria<NetworkGroupVO> sc = createSearchCriteria();
+        SearchCriteria<SecurityGroupVO> sc = createSearchCriteria();
        sc.addAnd("name", SearchCriteria.Op.EQ, name);
        if (accountId != null) {
            sc.addAnd("accountId", SearchCriteria.Op.EQ, accountId);
@ -66,13 +66,13 @@ public class NetworkGroupDaoImpl extends GenericDaoBase<NetworkGroupVO, Long> im
            sc.addAnd("accountId", SearchCriteria.Op.NULL);
        }
-        List<NetworkGroupVO> securityGroups = listBy(sc);
+        List<SecurityGroupVO> securityGroups = listBy(sc);
        return ((securityGroups != null) && !securityGroups.isEmpty());
    }
 	@Override
-	public NetworkGroupVO findByAccountAndName(Long accountId, String name) {
+	public SecurityGroupVO findByAccountAndName(Long accountId, String name) {
-		SearchCriteria<NetworkGroupVO> sc = AccountIdNameSearch.create();
+		SearchCriteria<SecurityGroupVO> sc = AccountIdNameSearch.create();
 		sc.setParameters("accountId", accountId);
 		sc.setParameters("groupName", name);
@ -80,8 +80,8 @@ public class NetworkGroupDaoImpl extends GenericDaoBase<NetworkGroupVO, Long> im
 	}
 	@Override
-	public List<NetworkGroupVO> findByAccountAndNames(Long accountId, String... names) {
+	public List<SecurityGroupVO> findByAccountAndNames(Long accountId, String... names) {
-		SearchCriteria<NetworkGroupVO> sc = AccountIdNamesSearch.create();
+		SearchCriteria<SecurityGroupVO> sc = AccountIdNamesSearch.create();
 		sc.setParameters("accountId", accountId);
 		sc.setParameters("groupNames", (Object [])names);
--- a/server/src/com/cloud/network/security/dao/SecurityGroupRulesDao.java
+++ b/server/src/com/cloud/network/security/dao/SecurityGroupRulesDao.java
@ -0,0 +1,35 @@
 package com.cloud.network.security.dao;
 import java.util.List;
 import com.cloud.network.security.SecurityGroupRulesVO;
 import com.cloud.utils.db.GenericDao;
 public interface SecurityGroupRulesDao extends GenericDao<SecurityGroupRulesVO, Long> {
 	/**
 	 * List a security group and associated ingress rules
 	 * @param accountId the account id of the owner of the security group
 	 * @param groupName the name of the group for which to list rules
 	 * @return the list of ingress rules associated with the security group (and security group info)
 	 */
 	List<SecurityGroupRulesVO> listSecurityGroupRules(long accountId, String groupName);
 	/**
 	 * List security groups and associated ingress rules
 	 * @param accountId the id of the account for which to list groups and associated rules
 	 * @return the list of security groups with associated ingress rules
 	 */
 	List<SecurityGroupRulesVO> listSecurityGroupRules(long accountId);
    /**
     * List all security groups and associated ingress rules
     * @return the list of security groups with associated ingress rules
     */
    List<SecurityGroupRulesVO> listSecurityGroupRules();
    /**
     * List all security rules belonging to the specific group
     * @return the security group with associated ingress rules
     */
    List<SecurityGroupRulesVO> listSecurityRulesByGroupId(long groupId);
 }
--- a/server/src/com/cloud/network/security/dao/SecurityGroupRulesDaoImpl.java
+++ b/server/src/com/cloud/network/security/dao/SecurityGroupRulesDaoImpl.java
@ -0,0 +1,68 @@
 package com.cloud.network.security.dao;
 import java.util.List;
 import javax.ejb.Local;
 import com.cloud.network.security.SecurityGroupRulesVO;
 import com.cloud.utils.db.Filter;
 import com.cloud.utils.db.GenericDaoBase;
 import com.cloud.utils.db.SearchBuilder;
 import com.cloud.utils.db.SearchCriteria;
@Local(value={SecurityGroupRulesDao.class})
 public class SecurityGroupRulesDaoImpl extends GenericDaoBase<SecurityGroupRulesVO, Long> implements SecurityGroupRulesDao {
    private SearchBuilder<SecurityGroupRulesVO> AccountGroupNameSearch;
    private SearchBuilder<SecurityGroupRulesVO> AccountSearch;
    private SearchBuilder<SecurityGroupRulesVO> GroupSearch;
    protected SecurityGroupRulesDaoImpl() {
        AccountGroupNameSearch = createSearchBuilder();
        AccountGroupNameSearch.and("accountId", AccountGroupNameSearch.entity().getAccountId(), SearchCriteria.Op.EQ);
        AccountGroupNameSearch.and("name", AccountGroupNameSearch.entity().getName(), SearchCriteria.Op.EQ);
        AccountGroupNameSearch.done();
        AccountSearch = createSearchBuilder();
        AccountSearch.and("accountId", AccountSearch.entity().getAccountId(), SearchCriteria.Op.EQ);
        AccountSearch.done();
        GroupSearch = createSearchBuilder();
        GroupSearch.and("groupId", GroupSearch.entity().getId(), SearchCriteria.Op.EQ);
        GroupSearch.done();
    }
    @Override
    public List<SecurityGroupRulesVO> listSecurityGroupRules() {
        Filter searchFilter = new Filter(SecurityGroupRulesVO.class, "id", true, null, null);
        return listAll(searchFilter);
    }
    @Override
    public List<SecurityGroupRulesVO> listSecurityGroupRules(long accountId, String groupName) {
        Filter searchFilter = new Filter(SecurityGroupRulesVO.class, "id", true, null, null);
        SearchCriteria<SecurityGroupRulesVO> sc = AccountGroupNameSearch.create();
        sc.setParameters("accountId", accountId);
        sc.setParameters("name", groupName);
        return listBy(sc, searchFilter);
    }
    @Override
    public List<SecurityGroupRulesVO> listSecurityGroupRules(long accountId) {
        Filter searchFilter = new Filter(SecurityGroupRulesVO.class, "id", true, null, null);
        SearchCriteria<SecurityGroupRulesVO> sc = AccountSearch.create();
        sc.setParameters("accountId", accountId);
        return listBy(sc, searchFilter);
    }
    @Override
    public List<SecurityGroupRulesVO> listSecurityRulesByGroupId(long groupId) {
        Filter searchFilter = new Filter(SecurityGroupRulesVO.class, "id", true, null, null);
        SearchCriteria<SecurityGroupRulesVO> sc = GroupSearch.create();
        sc.setParameters("groupId", groupId);
        return listBy(sc, searchFilter);
    }
 }
--- a/server/src/com/cloud/network/security/dao/SecurityGroupVMMapDao.java
+++ b/server/src/com/cloud/network/security/dao/SecurityGroupVMMapDao.java
@ -20,17 +20,17 @@ package com.cloud.network.security.dao;
 import java.util.List;
-import com.cloud.network.security.NetworkGroupVMMapVO;
+import com.cloud.network.security.SecurityGroupVMMapVO;
 import com.cloud.utils.db.GenericDao;
 import com.cloud.vm.State;
-public interface NetworkGroupVMMapDao extends GenericDao<NetworkGroupVMMapVO, Long> {
+public interface SecurityGroupVMMapDao extends GenericDao<SecurityGroupVMMapVO, Long> {
-    List<NetworkGroupVMMapVO> listByIpAndInstanceId(String ipAddress, long instanceId);
+    List<SecurityGroupVMMapVO> listByIpAndInstanceId(String ipAddress, long instanceId);
-    List<NetworkGroupVMMapVO> listByInstanceId(long instanceId);
+    List<SecurityGroupVMMapVO> listByInstanceId(long instanceId);
-    List<NetworkGroupVMMapVO> listByIp(String ipAddress);
+    List<SecurityGroupVMMapVO> listByIp(String ipAddress);
-    List<NetworkGroupVMMapVO> listByNetworkGroup(long networkGroupId);
+    List<SecurityGroupVMMapVO> listBySecurityGroup(long securityGroupId);
-    List<NetworkGroupVMMapVO> listByNetworkGroup(long networkGroupId, State ... vmStates);
+    List<SecurityGroupVMMapVO> listBySecurityGroup(long securityGroupId, State ... vmStates);
    int deleteVM(long instanceid);
-	List<Long> listVmIdsByNetworkGroup(long networkGroupId);
+	List<Long> listVmIdsBySecurityGroup(long securityGroupId);
-	NetworkGroupVMMapVO findByVmIdGroupId(long instanceId, long networkGroupId);
+	SecurityGroupVMMapVO findByVmIdGroupId(long instanceId, long securityGroupId);
 }
--- a/server/src/com/cloud/network/security/dao/SecurityGroupVMMapDaoImpl.java
+++ b/server/src/com/cloud/network/security/dao/SecurityGroupVMMapDaoImpl.java
@ -0,0 +1,136 @@
 /**
 *  Copyright (C) 2010 Cloud.com, Inc.  All rights reserved.
 * 
 * This software is licensed under the GNU General Public License v3 or later.
 * 
 * It is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or any later version.
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 * 
 */
 package com.cloud.network.security.dao;
 import java.util.List;
 import javax.ejb.Local;
 import com.cloud.network.security.SecurityGroupVMMapVO;
 import com.cloud.utils.db.GenericDaoBase;
 import com.cloud.utils.db.GenericSearchBuilder;
 import com.cloud.utils.db.SearchBuilder;
 import com.cloud.utils.db.SearchCriteria;
 import com.cloud.vm.State;
@Local(value={SecurityGroupVMMapDao.class})
 public class SecurityGroupVMMapDaoImpl extends GenericDaoBase<SecurityGroupVMMapVO, Long> implements SecurityGroupVMMapDao {
    private SearchBuilder<SecurityGroupVMMapVO> ListByIpAndVmId;
    private SearchBuilder<SecurityGroupVMMapVO> ListByVmId;
    private SearchBuilder<SecurityGroupVMMapVO> ListByVmIdGroupId;
    private GenericSearchBuilder<SecurityGroupVMMapVO, Long> ListVmIdBySecurityGroup;
    private SearchBuilder<SecurityGroupVMMapVO> ListByIp;
    private SearchBuilder<SecurityGroupVMMapVO> ListBySecurityGroup;
    private SearchBuilder<SecurityGroupVMMapVO> ListBySecurityGroupAndStates;
    protected SecurityGroupVMMapDaoImpl() {
        ListByIpAndVmId  = createSearchBuilder();
        ListByIpAndVmId.and("ipAddress", ListByIpAndVmId.entity().getGuestIpAddress(), SearchCriteria.Op.EQ);
        ListByIpAndVmId.and("instanceId", ListByIpAndVmId.entity().getInstanceId(), SearchCriteria.Op.EQ);
        ListByIpAndVmId.done();
        ListVmIdBySecurityGroup = createSearchBuilder(Long.class);
        ListVmIdBySecurityGroup.and("securityGroupId", ListVmIdBySecurityGroup.entity().getSecurityGroupId(), SearchCriteria.Op.EQ);
        ListVmIdBySecurityGroup.selectField(ListVmIdBySecurityGroup.entity().getInstanceId());
        ListVmIdBySecurityGroup.done();
        ListBySecurityGroup = createSearchBuilder();
        ListBySecurityGroup.and("securityGroupId", ListBySecurityGroup.entity().getSecurityGroupId(), SearchCriteria.Op.EQ);
        ListBySecurityGroup.done();
        ListByIp  = createSearchBuilder();
        ListByIp.and("ipAddress", ListByIp.entity().getGuestIpAddress(), SearchCriteria.Op.EQ);
        ListByIp.done();
        ListByVmId  = createSearchBuilder();
        ListByVmId.and("instanceId", ListByVmId.entity().getInstanceId(), SearchCriteria.Op.EQ);
        ListByVmId.done();
        ListBySecurityGroupAndStates = createSearchBuilder();
        ListBySecurityGroupAndStates.and("securityGroupId", ListBySecurityGroupAndStates.entity().getSecurityGroupId(), SearchCriteria.Op.EQ);
        ListBySecurityGroupAndStates.and("states", ListBySecurityGroupAndStates.entity().getVmState(), SearchCriteria.Op.IN);
        ListBySecurityGroupAndStates.done();
        ListByVmIdGroupId  = createSearchBuilder();
        ListByVmIdGroupId.and("instanceId", ListByVmIdGroupId.entity().getInstanceId(), SearchCriteria.Op.EQ);
        ListByVmIdGroupId.and("securityGroupId", ListByVmIdGroupId.entity().getSecurityGroupId(), SearchCriteria.Op.EQ);
        ListByVmIdGroupId.done();
    }
    public List<SecurityGroupVMMapVO> listByIpAndInstanceId(String ipAddress, long vmId) {
        SearchCriteria<SecurityGroupVMMapVO> sc = ListByIpAndVmId.create();
        sc.setParameters("ipAddress", ipAddress);
        sc.setParameters("instanceId", vmId);
        return listBy(sc);
    }
    @Override
    public List<SecurityGroupVMMapVO> listBySecurityGroup(long securityGroupId) {
        SearchCriteria<SecurityGroupVMMapVO> sc = ListBySecurityGroup.create();
        sc.setParameters("securityGroupId", securityGroupId);
        return listBy(sc);
    }
    @Override
    public List<SecurityGroupVMMapVO> listByIp(String ipAddress) {
        SearchCriteria<SecurityGroupVMMapVO> sc = ListByIp.create();
        sc.setParameters("ipAddress", ipAddress);
        return listBy(sc);
    }
    @Override
    public List<SecurityGroupVMMapVO> listByInstanceId(long vmId) {
        SearchCriteria<SecurityGroupVMMapVO> sc = ListByVmId.create();
        sc.setParameters("instanceId", vmId);
        return listBy(sc);
    }
    @Override
    public int deleteVM(long instanceId) {
    	SearchCriteria<SecurityGroupVMMapVO> sc = ListByVmId.create();
        sc.setParameters("instanceId", instanceId);
        return super.expunge(sc);
    }
 	@Override
 	public List<SecurityGroupVMMapVO> listBySecurityGroup(long securityGroupId, State... vmStates) {
 		SearchCriteria<SecurityGroupVMMapVO> sc = ListBySecurityGroupAndStates.create();
 		sc.setParameters("securityGroupId", securityGroupId);
 		sc.setParameters("states", (Object[])vmStates);
 		return listBy(sc);
 	}
    @Override
    public List<Long> listVmIdsBySecurityGroup(long securityGroupId) {
        SearchCriteria<Long> sc = ListVmIdBySecurityGroup.create();
        sc.setParameters("securityGroupId", securityGroupId);
        return searchIncludingRemoved(sc, null);
    }
 	@Override
 	public SecurityGroupVMMapVO findByVmIdGroupId(long instanceId, long securityGroupId) {
        SearchCriteria<SecurityGroupVMMapVO> sc = ListByVmIdGroupId.create();
        sc.setParameters("securityGroupId", securityGroupId);
        sc.setParameters("instanceId", instanceId);
 		return findOneIncludingRemovedBy(sc);
 	}
 }
--- a/server/src/com/cloud/network/security/dao/SecurityGroupWorkDao.java
+++ b/server/src/com/cloud/network/security/dao/SecurityGroupWorkDao.java
@ -21,17 +21,17 @@ package com.cloud.network.security.dao;
 import java.util.Date;
 import java.util.List;
-import com.cloud.network.security.NetworkGroupWorkVO;
+import com.cloud.network.security.SecurityGroupWorkVO;
-import com.cloud.network.security.NetworkGroupWorkVO.Step;
+import com.cloud.network.security.SecurityGroupWorkVO.Step;
 import com.cloud.utils.db.GenericDao;
-public interface NetworkGroupWorkDao extends GenericDao<NetworkGroupWorkVO, Long> {
+public interface SecurityGroupWorkDao extends GenericDao<SecurityGroupWorkVO, Long> {
-    NetworkGroupWorkVO findByVmId(long vmId, boolean taken);
+    SecurityGroupWorkVO findByVmId(long vmId, boolean taken);
-    NetworkGroupWorkVO findByVmIdStep(long vmId, Step step);
+    SecurityGroupWorkVO findByVmIdStep(long vmId, Step step);
-	NetworkGroupWorkVO take(long serverId);
+	SecurityGroupWorkVO take(long serverId);
 	void updateStep(Long vmId, Long logSequenceNumber, Step done);
@ -39,7 +39,7 @@ public interface NetworkGroupWorkDao extends GenericDao<NetworkGroupWorkVO, Long
 	int deleteFinishedWork(Date timeBefore);
-	List<NetworkGroupWorkVO> findUnfinishedWork(Date timeBefore);
+	List<SecurityGroupWorkVO> findUnfinishedWork(Date timeBefore);
 }
--- a/server/src/com/cloud/network/security/dao/SecurityGroupWorkDaoImpl.java
+++ b/server/src/com/cloud/network/security/dao/SecurityGroupWorkDaoImpl.java
@ -24,8 +24,8 @@ import java.util.List;
 import javax.ejb.Local;
 import com.cloud.ha.HaWorkVO;
-import com.cloud.network.security.NetworkGroupWorkVO;
+import com.cloud.network.security.SecurityGroupWorkVO;
-import com.cloud.network.security.NetworkGroupWorkVO.Step;
+import com.cloud.network.security.SecurityGroupWorkVO.Step;
 import com.cloud.utils.db.Filter;
 import com.cloud.utils.db.GenericDaoBase;
 import com.cloud.utils.db.SearchBuilder;
@ -34,17 +34,17 @@ import com.cloud.utils.db.Transaction;
 import com.cloud.utils.db.SearchCriteria.Op;
 import com.cloud.utils.exception.CloudRuntimeException;
-@Local(value={NetworkGroupWorkDao.class})
+@Local(value={SecurityGroupWorkDao.class})
-public class NetworkGroupWorkDaoImpl extends GenericDaoBase<NetworkGroupWorkVO, Long> implements NetworkGroupWorkDao {
+public class SecurityGroupWorkDaoImpl extends GenericDaoBase<SecurityGroupWorkVO, Long> implements SecurityGroupWorkDao {
-    private SearchBuilder<NetworkGroupWorkVO> VmIdTakenSearch;
+    private SearchBuilder<SecurityGroupWorkVO> VmIdTakenSearch;
-    private SearchBuilder<NetworkGroupWorkVO> VmIdSeqNumSearch;
+    private SearchBuilder<SecurityGroupWorkVO> VmIdSeqNumSearch;
-    private SearchBuilder<NetworkGroupWorkVO> VmIdUnTakenSearch;
+    private SearchBuilder<SecurityGroupWorkVO> VmIdUnTakenSearch;
-    private SearchBuilder<NetworkGroupWorkVO> UntakenWorkSearch;
+    private SearchBuilder<SecurityGroupWorkVO> UntakenWorkSearch;
-    private SearchBuilder<NetworkGroupWorkVO> VmIdStepSearch;
+    private SearchBuilder<SecurityGroupWorkVO> VmIdStepSearch;
-    private SearchBuilder<NetworkGroupWorkVO> CleanupSearch;
+    private SearchBuilder<SecurityGroupWorkVO> CleanupSearch;
-    protected NetworkGroupWorkDaoImpl() {
+    protected SecurityGroupWorkDaoImpl() {
        VmIdTakenSearch = createSearchBuilder();
        VmIdTakenSearch.and("vmId", VmIdTakenSearch.entity().getInstanceId(), SearchCriteria.Op.EQ);
        VmIdTakenSearch.and("taken", VmIdTakenSearch.entity().getDateTaken(), SearchCriteria.Op.NNULL);
@ -86,29 +86,29 @@ public class NetworkGroupWorkDaoImpl extends GenericDaoBase<NetworkGroupWorkVO,
    }
    @Override
-    public NetworkGroupWorkVO findByVmId(long vmId, boolean taken) {
+    public SecurityGroupWorkVO findByVmId(long vmId, boolean taken) {
-        SearchCriteria<NetworkGroupWorkVO> sc = taken?VmIdTakenSearch.create():VmIdUnTakenSearch.create();
+        SearchCriteria<SecurityGroupWorkVO> sc = taken?VmIdTakenSearch.create():VmIdUnTakenSearch.create();
        sc.setParameters("vmId", vmId);
        return findOneIncludingRemovedBy(sc);
    }
 	@Override
-	public NetworkGroupWorkVO take(long serverId) {
+	public SecurityGroupWorkVO take(long serverId) {
 		final Transaction txn = Transaction.currentTxn();
        try {
-            final SearchCriteria<NetworkGroupWorkVO> sc = UntakenWorkSearch.create();
+            final SearchCriteria<SecurityGroupWorkVO> sc = UntakenWorkSearch.create();
            sc.setParameters("step", Step.Scheduled);
-            final Filter filter = new Filter(NetworkGroupWorkVO.class, null, true, 0l, 1l);//FIXME: order desc by update time?
+            final Filter filter = new Filter(SecurityGroupWorkVO.class, null, true, 0l, 1l);//FIXME: order desc by update time?
            txn.start();
-            final List<NetworkGroupWorkVO> vos = lockRows(sc, filter, true);
+            final List<SecurityGroupWorkVO> vos = lockRows(sc, filter, true);
            if (vos.size() == 0) {
                txn.commit();
                return null;
            }
-            NetworkGroupWorkVO work = null;
+            SecurityGroupWorkVO work = null;
-            for (NetworkGroupWorkVO w: vos) {       
+            for (SecurityGroupWorkVO w: vos) {       
            	//ensure that there is no job in Processing state for the same VM
            	if ( findByVmIdStep(w.getInstanceId(), Step.Processing) == null) {
            		work = w;
@ -121,7 +121,7 @@ public class NetworkGroupWorkDaoImpl extends GenericDaoBase<NetworkGroupWorkVO,
            }
            work.setServerId(serverId);
            work.setDateTaken(new Date());
-            work.setStep(NetworkGroupWorkVO.Step.Processing);
+            work.setStep(SecurityGroupWorkVO.Step.Processing);
            update(work.getId(), work);
@ -138,18 +138,18 @@ public class NetworkGroupWorkDaoImpl extends GenericDaoBase<NetworkGroupWorkVO,
 	public void updateStep(Long vmId, Long logSequenceNumber, Step step) {
 		final Transaction txn = Transaction.currentTxn();
 		txn.start();
-        SearchCriteria<NetworkGroupWorkVO> sc = VmIdSeqNumSearch.create();
+        SearchCriteria<SecurityGroupWorkVO> sc = VmIdSeqNumSearch.create();
        sc.setParameters("vmId", vmId);
        sc.setParameters("seqno", logSequenceNumber);
        final Filter filter = new Filter(HaWorkVO.class, null, true, 0l, 1l);
-        final List<NetworkGroupWorkVO> vos = lockRows(sc, filter, true);
+        final List<SecurityGroupWorkVO> vos = lockRows(sc, filter, true);
        if (vos.size() == 0) {
            txn.commit();
            return;
        }
-        NetworkGroupWorkVO work = vos.get(0);
+        SecurityGroupWorkVO work = vos.get(0);
        work.setStep(step);
        update(work.getId(), work);
@ -157,8 +157,8 @@ public class NetworkGroupWorkDaoImpl extends GenericDaoBase<NetworkGroupWorkVO,
 	}
 	@Override
-	public NetworkGroupWorkVO findByVmIdStep(long vmId, Step step) {
+	public SecurityGroupWorkVO findByVmIdStep(long vmId, Step step) {
-        SearchCriteria<NetworkGroupWorkVO> sc = VmIdStepSearch.create();
+        SearchCriteria<SecurityGroupWorkVO> sc = VmIdStepSearch.create();
        sc.setParameters("vmId", vmId);
        sc.setParameters("step", step);
        return findOneIncludingRemovedBy(sc);
@ -169,7 +169,7 @@ public class NetworkGroupWorkDaoImpl extends GenericDaoBase<NetworkGroupWorkVO,
 		final Transaction txn = Transaction.currentTxn();
 		txn.start();
-        NetworkGroupWorkVO work = lockRow(workId, true);
+        SecurityGroupWorkVO work = lockRow(workId, true);
        if (work == null) {
        	txn.commit();
        	return;
@ -183,7 +183,7 @@ public class NetworkGroupWorkDaoImpl extends GenericDaoBase<NetworkGroupWorkVO,
 	@Override
 	public int deleteFinishedWork(Date timeBefore) {
-		final SearchCriteria<NetworkGroupWorkVO> sc = CleanupSearch.create();
+		final SearchCriteria<SecurityGroupWorkVO> sc = CleanupSearch.create();
 		sc.setParameters("taken", timeBefore);
 		sc.setParameters("step", Step.Done);
@ -191,14 +191,14 @@ public class NetworkGroupWorkDaoImpl extends GenericDaoBase<NetworkGroupWorkVO,
 	}
 	@Override
-	public List<NetworkGroupWorkVO> findUnfinishedWork(Date timeBefore) {
+	public List<SecurityGroupWorkVO> findUnfinishedWork(Date timeBefore) {
-		final SearchCriteria<NetworkGroupWorkVO> sc = CleanupSearch.create();
+		final SearchCriteria<SecurityGroupWorkVO> sc = CleanupSearch.create();
 		sc.setParameters("taken", timeBefore);
 		sc.setParameters("step", Step.Processing);
-		List<NetworkGroupWorkVO> result = listIncludingRemovedBy(sc);
+		List<SecurityGroupWorkVO> result = listIncludingRemovedBy(sc);
-		NetworkGroupWorkVO work = createForUpdate();
+		SecurityGroupWorkVO work = createForUpdate();
 		work.setStep(Step.Error);
 		update(work, sc);
--- a/server/src/com/cloud/server/ManagementServer.java
+++ b/server/src/com/cloud/server/ManagementServer.java
@ -35,7 +35,7 @@ import com.cloud.exception.InvalidParameterValueException;
 import com.cloud.host.HostVO;
 import com.cloud.info.ConsoleProxyInfo;
 import com.cloud.network.IPAddressVO;
-import com.cloud.network.security.NetworkGroupVO;
+import com.cloud.network.security.SecurityGroupVO;
 import com.cloud.service.ServiceOfferingVO;
 import com.cloud.storage.DiskOfferingVO;
 import com.cloud.storage.GuestOSVO;
@ -529,14 +529,14 @@ public interface ManagementServer extends ManagementService {
 	List<SecondaryStorageVmVO> searchForSecondaryStorageVm(Criteria c);
-    NetworkGroupVO findNetworkGroupByName(Long accountId, String groupName);
+    SecurityGroupVO findNetworkGroupByName(Long accountId, String groupName);
    /**
     * Find a network group by id
     * @param networkGroupId id of group to lookup
     * @return the network group if found, null otherwise
     */
-    NetworkGroupVO findNetworkGroupById(long networkGroupId);
+    SecurityGroupVO findNetworkGroupById(long networkGroupId);
 	/**
 	 * Is the hypervisor snapshot capable.
--- a/server/src/com/cloud/server/ManagementServerImpl.java
+++ b/server/src/com/cloud/server/ManagementServerImpl.java
@ -188,8 +188,8 @@ import com.cloud.network.dao.NetworkDao;
 import com.cloud.network.dao.RemoteAccessVpnDao;
 import com.cloud.network.dao.VpnUserDao;
 import com.cloud.network.router.DomainRouterManager;
-import com.cloud.network.security.NetworkGroupVO;
+import com.cloud.network.security.SecurityGroupVO;
-import com.cloud.network.security.dao.NetworkGroupDao;
+import com.cloud.network.security.dao.SecurityGroupDao;
 import com.cloud.offering.NetworkOffering;
 import com.cloud.offering.ServiceOffering;
 import com.cloud.server.auth.UserAuthenticator;
@ -283,7 +283,7 @@ public class ManagementServerImpl implements ManagementServer {
    private final AccountManager _accountMgr;
    private final AgentManager _agentMgr;
    private final ConfigurationManager _configMgr;
-	private final NetworkGroupDao _networkSecurityGroupDao;
+	private final SecurityGroupDao _networkSecurityGroupDao;
    private final IPAddressDao _publicIpAddressDao;
    private final DataCenterIpAddressDao _privateIpAddressDao;
    private final DomainRouterDao _routerDao;
@ -383,7 +383,7 @@ public class ManagementServerImpl implements ManagementServer {
        _consoleProxyMgr = locator.getManager(ConsoleProxyManager.class);
        _secStorageVmMgr = locator.getManager(SecondaryStorageVmManager.class);
        _storageMgr = locator.getManager(StorageManager.class);
-        _networkSecurityGroupDao  = locator.getDao(NetworkGroupDao.class);
+        _networkSecurityGroupDao  = locator.getDao(SecurityGroupDao.class);
        _publicIpAddressDao = locator.getDao(IPAddressDao.class);
        _privateIpAddressDao = locator.getDao(DataCenterIpAddressDao.class);
        _consoleProxyDao = locator.getDao(ConsoleProxyDao.class);
@ -4362,14 +4362,14 @@ public class ManagementServerImpl implements ManagementServer {
    }
 	@Override
-	public NetworkGroupVO findNetworkGroupByName(Long accountId, String groupName) {
+	public SecurityGroupVO findNetworkGroupByName(Long accountId, String groupName) {
-		NetworkGroupVO groupVO = _networkSecurityGroupDao.findByAccountAndName(accountId, groupName);
+		SecurityGroupVO groupVO = _networkSecurityGroupDao.findByAccountAndName(accountId, groupName);
 		return groupVO;
 	}
    @Override
-    public NetworkGroupVO findNetworkGroupById(long networkGroupId) {
+    public SecurityGroupVO findNetworkGroupById(long networkGroupId) {
-        NetworkGroupVO groupVO = _networkSecurityGroupDao.findById(networkGroupId);
+        SecurityGroupVO groupVO = _networkSecurityGroupDao.findById(networkGroupId);
        return groupVO;
    }
@ -4467,12 +4467,12 @@ public class ManagementServerImpl implements ManagementServer {
    public Map<String, String> listCapabilities(ListCapabilitiesCmd cmd) {
        Map<String, String> capabilities = new HashMap<String, String>();
-        String networkGroupsEnabled = _configs.get("direct.attach.network.groups.enabled");
+        String securityGroupsEnabled = _configs.get("direct.attach.security.groups.enabled");
-        if(networkGroupsEnabled == null) {
+        if(securityGroupsEnabled == null) {
-            networkGroupsEnabled = "false";
+            securityGroupsEnabled = "false";
        }             
-        capabilities.put("networkGroupsEnabled", networkGroupsEnabled);        
+        capabilities.put("securityGroupsEnabled", securityGroupsEnabled);        
        capabilities.put("cloudStackVersion", getVersion());
        return capabilities;
    }
--- a/server/src/com/cloud/user/AccountManagerImpl.java
+++ b/server/src/com/cloud/user/AccountManagerImpl.java
@ -71,7 +71,7 @@ import com.cloud.network.NetworkVO;
 import com.cloud.network.dao.IPAddressDao;
 import com.cloud.network.dao.NetworkDao;
 import com.cloud.network.router.DomainRouterManager;
-import com.cloud.network.security.NetworkGroupManager;
+import com.cloud.network.security.SecurityGroupManager;
 import com.cloud.server.Criteria;
 import com.cloud.storage.StorageManager;
 import com.cloud.storage.VMTemplateVO;
@ -121,7 +121,7 @@ public class AccountManagerImpl implements AccountManager, AccountService {
    @Inject private NetworkDao _networkDao;
-	@Inject private NetworkGroupManager _networkGroupMgr;
+	@Inject private SecurityGroupManager _networkGroupMgr;
 	@Inject private NetworkManager _networkMgr;
 	@Inject private SnapshotManager _snapMgr;
 	@Inject private UserVmManager _vmMgr;
@ -1049,7 +1049,7 @@ public class AccountManagerImpl implements AccountManager, AccountService {
            UserVO dbUser = _userDao.persist(user);
-            _networkGroupMgr.createDefaultNetworkGroup(accountId);
+            _networkGroupMgr.createDefaultSecurityGroup(accountId);
            if (!user.getPassword().equals(dbUser.getPassword())) {
                throw new CloudRuntimeException("The user " + username + " being creating is using a password that is different than what's in the db");
--- a/server/src/com/cloud/vm/UserVmManagerImpl.java
+++ b/server/src/com/cloud/vm/UserVmManagerImpl.java
@ -132,7 +132,9 @@ import com.cloud.network.dao.LoadBalancerVMMapDao;
 import com.cloud.network.dao.NetworkDao;
 import com.cloud.network.router.DomainRouterManager;
 import com.cloud.network.rules.RulesManager;
-import com.cloud.network.security.NetworkGroupManager;
+import com.cloud.network.router.VirtualRouter.Role;
 import com.cloud.network.security.SecurityGroupManager;
 import com.cloud.network.security.SecurityGroupVO;
 import com.cloud.offering.NetworkOffering;
 import com.cloud.offering.ServiceOffering;
 import com.cloud.offerings.dao.NetworkOfferingDao;
@ -241,7 +243,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
    @Inject AccountVlanMapDao _accountVlanMapDao;
    @Inject StoragePoolDao _storagePoolDao;
    @Inject VMTemplateHostDao _vmTemplateHostDao;
-    @Inject NetworkGroupManager _networkGroupMgr;
+    @Inject SecurityGroupManager _networkGroupMgr;
    @Inject ServiceOfferingDao _serviceOfferingDao;
    @Inject NetworkOfferingDao _networkOfferingDao;
    @Inject EventDao _eventDao = null;
--- a/setup/db/create-index-fk.sql
+++ b/setup/db/create-index-fk.sql
@ -224,17 +224,17 @@ ALTER TABLE `cloud`.`launch_permission` ADD INDEX `i_launch_permission_template_
 ALTER TABLE `cloud`.`guest_os` ADD CONSTRAINT `fk_guest_os__category_id` FOREIGN KEY `fk_guest_os__category_id` (`category_id`) REFERENCES `guest_os_category` (`id`) ON DELETE CASCADE;
-ALTER TABLE `cloud`.`network_group` ADD CONSTRAINT `fk_network_group___account_id` FOREIGN KEY `fk_network_group__account_id` (`account_id`) REFERENCES `account` (`id`);
+ALTER TABLE `cloud`.`security_group` ADD CONSTRAINT `fk_security_group___account_id` FOREIGN KEY `fk_security_group__account_id` (`account_id`) REFERENCES `account` (`id`);
-ALTER TABLE `cloud`.`network_group` ADD CONSTRAINT `fk_network_group__domain_id` FOREIGN KEY `fk_network_group__domain_id` (`domain_id`) REFERENCES `domain` (`id`);
+ALTER TABLE `cloud`.`security_group` ADD CONSTRAINT `fk_security_group__domain_id` FOREIGN KEY `fk_security_group__domain_id` (`domain_id`) REFERENCES `domain` (`id`);
-ALTER TABLE `cloud`.`network_group` ADD INDEX `i_network_group_name`(`name`);
+ALTER TABLE `cloud`.`security_group` ADD INDEX `i_security_group_name`(`name`);
-ALTER TABLE `cloud`.`network_ingress_rule` ADD CONSTRAINT `fk_network_ingress_rule___network_group_id` FOREIGN KEY `fk_network_ingress_rule__network_group_id` (`network_group_id`) REFERENCES `network_group` (`id`);
+ALTER TABLE `cloud`.`network_ingress_rule` ADD CONSTRAINT `fk_network_ingress_rule___security_group_id` FOREIGN KEY `fk_network_ingress_rule__security_group_id` (`security_group_id`) REFERENCES `security_group` (`id`);
-ALTER TABLE `cloud`.`network_ingress_rule` ADD CONSTRAINT `fk_network_ingress_rule___allowed_network_id` FOREIGN KEY `fk_network_ingress_rule__allowed_network_id` (`allowed_network_id`) REFERENCES `network_group` (`id`);
+ALTER TABLE `cloud`.`network_ingress_rule` ADD CONSTRAINT `fk_network_ingress_rule___allowed_network_id` FOREIGN KEY `fk_network_ingress_rule__allowed_network_id` (`allowed_network_id`) REFERENCES `security_group` (`id`);
-ALTER TABLE `cloud`.`network_ingress_rule` ADD INDEX `i_network_ingress_rule_network_id`(`network_group_id`);
+ALTER TABLE `cloud`.`network_ingress_rule` ADD INDEX `i_network_ingress_rule_network_id`(`security_group_id`);
 ALTER TABLE `cloud`.`network_ingress_rule` ADD INDEX `i_network_ingress_rule_allowed_network`(`allowed_network_id`);
-ALTER TABLE `cloud`.`network_group_vm_map` ADD CONSTRAINT `fk_network_group_vm_map___network_group_id` FOREIGN KEY `fk_network_group_vm_map___network_group_id` (`network_group_id`) REFERENCES `network_group` (`id`) ON DELETE CASCADE;
+ALTER TABLE `cloud`.`security_group_vm_map` ADD CONSTRAINT `fk_security_group_vm_map___security_group_id` FOREIGN KEY `fk_security_group_vm_map___security_group_id` (`security_group_id`) REFERENCES `security_group` (`id`) ON DELETE CASCADE;
-ALTER TABLE `cloud`.`network_group_vm_map` ADD CONSTRAINT `fk_network_group_vm_map___instance_id` FOREIGN KEY `fk_network_group_vm_map___instance_id` (`instance_id`) REFERENCES `user_vm` (`id`) ON DELETE CASCADE;
+ALTER TABLE `cloud`.`security_group_vm_map` ADD CONSTRAINT `fk_security_group_vm_map___instance_id` FOREIGN KEY `fk_security_group_vm_map___instance_id` (`instance_id`) REFERENCES `user_vm` (`id`) ON DELETE CASCADE;
 ALTER TABLE `cloud`.`op_nwgrp_work` ADD INDEX `i_op_nwgrp_work__instance_id`(`instance_id`);
 ALTER TABLE `cloud`.`op_nwgrp_work` ADD INDEX `i_op_nwgrp_work__mgmt_server_id`(`mgmt_server_id`);
--- a/setup/db/create-schema.sql
+++ b/setup/db/create-schema.sql
@ -1013,15 +1013,6 @@ CREATE TABLE  `cloud`.`service_offering` (
  PRIMARY KEY  (`id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 CREATE TABLE `cloud`.`security_group` (
  `id` bigint unsigned NOT NULL auto_increment,
  `name` varchar(255) NOT NULL,
  `description` varchar(4096) NULL,
  `domain_id` bigint unsigned NOT NULL,
  `account_id` bigint unsigned NOT NULL,
  PRIMARY KEY  (`id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 CREATE TABLE `cloud`.`network_rule_config` (
  `id` bigint unsigned NOT NULL auto_increment,
  `security_group_id` bigint unsigned NOT NULL,
@ -1032,14 +1023,6 @@ CREATE TABLE `cloud`.`network_rule_config` (
  PRIMARY KEY  (`id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 CREATE TABLE `cloud`.`security_group_vm_map` (
  `id` bigint unsigned NOT NULL auto_increment,
  `security_group_id` bigint unsigned NOT NULL,
  `ip_address` varchar(15) NOT NULL,
  `instance_id` bigint unsigned NOT NULL,
  PRIMARY KEY  (`id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 CREATE TABLE `cloud`.`load_balancer` (
  `id` bigint unsigned NOT NULL auto_increment,
  `name` varchar(255) NOT NULL,
@ -1193,7 +1176,7 @@ CREATE TABLE `cloud`.`op_pod_vlan_alloc` (
    PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-CREATE TABLE `cloud`.`network_group` (
+CREATE TABLE `cloud`.`security_group` (
  `id` bigint unsigned NOT NULL auto_increment,
  `name` varchar(255) NOT NULL,
  `description` varchar(4096) NULL,
@ -1203,23 +1186,23 @@ CREATE TABLE `cloud`.`network_group` (
  PRIMARY KEY  (`id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-CREATE TABLE `cloud`.`network_ingress_rule` (
+CREATE TABLE `cloud`.`security_ingress_rule` (
  `id` bigint unsigned NOT NULL auto_increment,
-  `network_group_id` bigint unsigned NOT NULL,
+  `security_group_id` bigint unsigned NOT NULL,
  `start_port` varchar(10) default NULL,
  `end_port` varchar(10) default NULL,
  `protocol` varchar(16) NOT NULL default 'TCP',
  `allowed_network_id` bigint unsigned,
-  `allowed_network_group` varchar(255) COMMENT 'data duplicated from network_group table to avoid lots of joins when listing rules (the name of the group should be displayed rather than just id)',
+  `allowed_security_group` varchar(255) COMMENT 'data duplicated from security_group table to avoid lots of joins when listing rules (the name of the group should be displayed rather than just id)',
-  `allowed_net_grp_acct` varchar(100) COMMENT 'data duplicated from network_group table to avoid lots of joins when listing rules (the name of the group owner should be displayed)',
+  `allowed_sec_grp_acct` varchar(100) COMMENT 'data duplicated from security_group table to avoid lots of joins when listing rules (the name of the group owner should be displayed)',
  `allowed_ip_cidr`  varchar(44),
  `create_status` varchar(32) COMMENT 'rule creation status',
  PRIMARY KEY  (`id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-CREATE TABLE `cloud`.`network_group_vm_map` (
+CREATE TABLE `cloud`.`security_group_vm_map` (
  `id` bigint unsigned NOT NULL auto_increment,
-  `network_group_id` bigint unsigned NOT NULL,
+  `security_group_id` bigint unsigned NOT NULL,
  `instance_id` bigint unsigned NOT NULL,
  PRIMARY KEY  (`id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
--- a/setup/db/schema-21to22.sql
+++ b/setup/db/schema-21to22.sql
@ -6,3 +6,10 @@ SET foreign_key_checks = 0;
 ALTER TABLE `cloud`.`template_host_ref` ADD COLUMN `physical_size` bigint unsigned NOT NULL DEFAULT 0
 ALTER TABLE `cloud`.`snapshots` MODIFY COLUMN `id` bigint unsigned UNIQUE NOT NULL
 ALTER TABLE `vm_instance` DROP COLUMN `group`
 -- NOTE for tables below
 -- these 2 tables were used in 2.1, but are not in 2.2
 -- we will need a migration script for these tables when the migration is written
 DROP TABLE `cloud`.`security_group`;
 DROP TABLE `cloud`.`security_group_vm_map`;
--- a/utils/src/com/cloud/utils/net/NetUtils.java
+++ b/utils/src/com/cloud/utils/net/NetUtils.java
@ -731,7 +731,7 @@ public class NetUtils {
    	return (proto.equals("tcp") || proto.equals("udp") || proto.equals("icmp"));
    }
-    public static boolean isValidNetworkGroupProto(String p) {
+    public static boolean isValidSecurityGroupProto(String p) {
    	String proto = p.toLowerCase();
    	return (proto.equals("tcp") || proto.equals("udp") || proto.equals("icmp") || proto.equals("all"));
    }