vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/dds/umn/dds_02_0005.html
Wang , Deng Ke 519944c837 DDS UMN 20221101 version 
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: Wang , Deng Ke <wangdengke2@huawei.com>
Co-committed-by: Wang , Deng Ke <wangdengke2@huawei.com>
2022-11-24 09:05:29 +00:00

57 lines
7.5 KiB
HTML
Raw Blame History

<a name="dds_02_0005"></a><a name="dds_02_0005"></a>
<h1 class="topictitle1">Setting a Security Group</h1>
<div id="body1522808547321"><div class="section" id="dds_02_0005__section3152058916230"><h4 class="sectiontitle">Scenarios</h4><p id="dds_02_0005__p43222116204125">This section guides you on how to add a security group rule to control access from and to <span class="keyword" id="dds_02_0005__keyword943913121715">DDS DB instances</span> in a security group.</p>
</div>
<div class="section" id="dds_02_0005__section1282916720425"><h4 class="sectiontitle">Background Information</h4><p id="dds_02_0005__p27630095204125">You can access a DDS DB instance in either of the following ways:</p>
<ul id="dds_02_0005__ul47344269204125"><li id="dds_02_0005__li23445242204125">Public network</li><li id="dds_02_0005__li10720689204125">Internal network</li></ul>
</div>
<div class="section" id="dds_02_0005__section14550984204232"><h4 class="sectiontitle">Precautions</h4><p id="dds_02_0005__p5854544204125">The default security group rule allows all outgoing data packets. ECSs and DDS DB instances can access each other in the same security group. After a security group is created, you can add security group rules to control the access from and to the DDS DB instances in the security group.</p>
<p id="dds_02_0005__p1012315204125">By default, a tenant can create a maximum of 500 security group rules. An excessive number of security group rules increases the network latency of the first packet. It is recommended that you add a maximum of 50 rules for each security group.</p>
<p id="dds_02_0005__p41200900204125">To access the DDS DB instances in a security group from external resources, create an inbound rule for the security group.</p>
</div>
<div class="section" id="dds_02_0005__section25078651204428"><h4 class="sectiontitle"><strong id="dds_02_0005__b15424473204153">Procedure</strong></h4><ol id="dds_02_0005__ol49383781586"><li id="dds_02_0005__li93899141586"><span>Log in to the management console.</span></li><li id="dds_02_0005__li1870917810588"><span>Click <span><img id="dds_02_0005__image070916845819" src="en-us_image_0284275123.png"></span> in the upper left corner and select a region and project.</span></li><li id="dds_02_0005__li297543615857"><span>Click <strong id="dds_02_0005__b10763925113313">Service List</strong>. Under <strong id="dds_02_0005__b842352706191157">Network</strong>, click <strong id="dds_02_0005__b84235270619120">Virtual Private Cloud</strong>.</span></li><li id="dds_02_0005__li3171015115916"><span>In the navigation pane on the left, choose <strong id="dds_02_0005__b18843268317">Access Control</strong> &gt; <strong id="dds_02_0005__b188862267314">Security Groups</strong>.</span></li><li id="dds_02_0005__li140569415930"><span>On the <strong id="dds_02_0005__b9169741348">Security Group</strong> page, click the security group name.</span></li><li id="dds_02_0005__li5489049115946"><span>On the <strong id="dds_02_0005__b156479192710">Inbound Rules</strong> tab, click <strong id="dds_02_0005__b842352706174533">Add Rule</strong>. In the displayed <strong id="dds_02_0005__b84235270617460">Add Inbound Rule</strong> dialog box, set required parameters to add inbound rules. On the <strong id="dds_02_0005__b842352706155549">Outbound Rules</strong> tab, click <strong id="dds_02_0005__b84235270615562">Add Rule</strong>. In the displayed <strong id="dds_02_0005__b64452812619">Add Outbound Rule</strong> dialog box, set required parameters to add outbound rules.</span></li><li id="dds_02_0005__li6900819151212"><span>Add a security group rule as prompted.</span><p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="dds_02_0005__en-us_topic_0118534005_table532116198213" width="90%" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Field description</caption><thead align="left"><tr id="dds_02_0005__en-us_topic_0118534005_row731911191722"><th align="left" class="cellrowborder" valign="top" width="19%" id="mcps1.3.4.2.7.2.1.2.4.1.1"><p id="dds_02_0005__en-us_topic_0118534005_p17319119020"><strong id="dds_02_0005__b6507101123818">Parameter</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="63%" id="mcps1.3.4.2.7.2.1.2.4.1.2"><p id="dds_02_0005__en-us_topic_0118534005_p431911191622"><strong id="dds_02_0005__b1979812213380">Description</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="18%" id="mcps1.3.4.2.7.2.1.2.4.1.3"><p id="dds_02_0005__en-us_topic_0118534005_p103191119621"><strong id="dds_02_0005__b84235270617550">Value Example</strong></p>
</th>
</tr>
</thead>
<tbody><tr id="dds_02_0005__en-us_topic_0118534005_row8320419723"><td class="cellrowborder" valign="top" width="19%" headers="mcps1.3.4.2.7.2.1.2.4.1.1 "><p id="dds_02_0005__en-us_topic_0118534005_p1432013199214">Protocol</p>
</td>
<td class="cellrowborder" valign="top" width="63%" headers="mcps1.3.4.2.7.2.1.2.4.1.2 "><p id="dds_02_0005__en-us_topic_0118534005_p432017191726">Specifies the network protocol. Allows all traffic or supports user-defined protocols, TCP, UDP, ICMP, and SSH.</p>
</td>
<td class="cellrowborder" valign="top" width="18%" headers="mcps1.3.4.2.7.2.1.2.4.1.3 "><p id="dds_02_0005__en-us_topic_0118534005_p1332014191216">TCP</p>
</td>
</tr>
<tr id="dds_02_0005__row15380125810476"><td class="cellrowborder" valign="top" width="19%" headers="mcps1.3.4.2.7.2.1.2.4.1.1 "><p id="dds_02_0005__p1538118582479">Port</p>
</td>
<td class="cellrowborder" valign="top" width="63%" headers="mcps1.3.4.2.7.2.1.2.4.1.2 "><p id="dds_02_0005__p1391312104488">Specifies the port allowing the access to ECSs or external devices. </p>
</td>
<td class="cellrowborder" valign="top" width="18%" headers="mcps1.3.4.2.7.2.1.2.4.1.3 "><p id="dds_02_0005__p1438118583479">8635</p>
</td>
</tr>
<tr id="dds_02_0005__en-us_topic_0118534005_row1732101910217"><td class="cellrowborder" valign="top" width="19%" headers="mcps1.3.4.2.7.2.1.2.4.1.1 "><p id="dds_02_0005__en-us_topic_0118534005_p16320131918211">Source/Destination</p>
</td>
<td class="cellrowborder" valign="top" width="63%" headers="mcps1.3.4.2.7.2.1.2.4.1.2 "><p id="dds_02_0005__p1953711281854">Specifies the supported IP address and security group.</p>
<ul id="dds_02_0005__en-us_topic_0118534005_ul474117187016"><li id="dds_02_0005__li204213179474"><strong id="dds_02_0005__b812614895114">IP address</strong>: indicates that the security group rule takes effect in a specified IP address range.<ul id="dds_02_0005__ul67881445105111"><li id="dds_02_0005__en-us_topic_0118534005_li87410184011">xxx.xxx.xxx.xxx/32 (IPv4)</li><li id="dds_02_0005__en-us_topic_0118534005_li1374113189012">xxx.xxx.xxx.0/24 (subnet)</li><li id="dds_02_0005__en-us_topic_0118534005_li167411218306">0.0.0.0/0 (any IP address)</li></ul>
</li><li id="dds_02_0005__li1390210401514"><strong id="dds_02_0005__b71025536519">Security group</strong>: indicates that this rule allows all IP addresses of ECSs to access DDS DB instances in the same specified security group.</li></ul>
</td>
<td class="cellrowborder" valign="top" width="18%" headers="mcps1.3.4.2.7.2.1.2.4.1.3 "><ul id="dds_02_0005__ul209321608538"><li id="dds_02_0005__li119329015535">192.168.10.0/24</li><li id="dds_02_0005__li209327055311">default</li></ul>
</td>
</tr>
</tbody>
</table>
</div>
</p></li><li id="dds_02_0005__li21369327151121"><span>Click <strong id="dds_02_0005__b842352706113845">OK</strong>.</span></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="dds_02_cluster.html">Getting Started with Clusters</a></div>
</div>
</div>
View Git Blame Copy Permalink