vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/dds/umn/dds_02_0013.html
Wang , Deng Ke 519944c837 DDS UMN 20221101 version 
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: Wang , Deng Ke <wangdengke2@huawei.com>
Co-committed-by: Wang , Deng Ke <wangdengke2@huawei.com>
2022-11-24 09:05:29 +00:00

57 lines
8.7 KiB
HTML
Raw Blame History

<a name="dds_02_0013"></a><a name="dds_02_0013"></a>
<h1 class="topictitle1">Setting a Security Group </h1>
<div id="body1522808547322"><div class="section" id="dds_02_0013__en-us_topic_0105284937_section3152058916230"><h4 class="sectiontitle"><strong id="dds_02_0013__b6455183611343">Scenarios</strong></h4><p id="dds_02_0013__en-us_topic_0105284937_p43222116204125">This section guides you on how to add a security group rule to control access from and to <span class="keyword" id="dds_02_0013__keyword67053543120">DDS DB instances</span> in a security group. This document describes how to set security groups.</p>
</div>
<div class="section" id="dds_02_0013__en-us_topic_0105284937_section1282916720425"><h4 class="sectiontitle">Background Information</h4><p id="dds_02_0013__en-us_topic_0105284937_p27630095204125">You can access a DDS DB instance in either of the following ways:</p>
<ul id="dds_02_0013__en-us_topic_0105284937_ul47344269204125"><li id="dds_02_0013__en-us_topic_0105284937_li23445242204125">Public network</li><li id="dds_02_0013__en-us_topic_0105284937_li10720689204125">Internal network</li></ul>
</div>
<div class="section" id="dds_02_0013__en-us_topic_0105284937_section14550984204232"><h4 class="sectiontitle">Precautions</h4><p id="dds_02_0013__en-us_topic_0105284937_p5854544204125">The default security group rule allows all outgoing data packets. ECSs and DDS DB instances can access each other in the same security group. After a security group is created, you can add security group rules to control the access from and to the DDS DB instances in the security group.</p>
<p id="dds_02_0013__en-us_topic_0105284937_p1012315204125">By default, a tenant can create a maximum of 500 security group rules. An excessive number of security group rules increases the network latency of the first packet. It is recommended that you add a maximum of 50 rules for each security group.</p>
<p id="dds_02_0013__en-us_topic_0105284937_p41200900204125">To access the DDS DB instances in a security group from external resources, create an inbound rule for the security group.</p>
</div>
<div class="section" id="dds_02_0013__en-us_topic_0105284937_section25078651204428"><h4 class="sectiontitle"><strong id="dds_02_0013__b15424473204153">Procedure</strong></h4><ol id="dds_02_0013__en-us_topic_0105284937_ol49383781586"><li id="dds_02_0013__en-us_topic_0105284937_li93899141586"><span>Log in to the management console.</span></li><li id="dds_02_0013__en-us_topic_0105284937_li1870917810588"><span>Click <span><img id="dds_02_0013__en-us_topic_0105284937_image070916845819" src="en-us_image_0284275018.png"></span> in the upper left corner and select a region and project.</span></li><li id="dds_02_0013__en-us_topic_0105284937_li297543615857"><span>Click <strong id="dds_02_0013__b1252154513410">Service List</strong>. Under <strong id="dds_02_0013__b125334514414">Network</strong>, click <strong id="dds_02_0013__b125554554120">Virtual Private Cloud</strong>.</span></li><li id="dds_02_0013__en-us_topic_0105284937_li3171015115916"><span>In the navigation pane on the left, choose <strong id="dds_02_0013__b1947515014118">Access Control</strong> &gt; <strong id="dds_02_0013__b204771850144115">Security Groups</strong>.</span></li><li id="dds_02_0013__en-us_topic_0105284937_li140569415930"><span>On the <strong id="dds_02_0013__b14671315174216">Security Group</strong> page, click the security group name.</span></li><li id="dds_02_0013__en-us_topic_0105284937_li5489049115946"><span>On the <strong id="dds_02_0013__b19546171814217">Inbound Rules</strong> tab, click <strong id="dds_02_0013__b1354831820421">Add Rule</strong>. In the displayed <strong id="dds_02_0013__b13549111811426">Add Inbound Rule</strong> dialog box, set required parameters to add inbound rules. On the <strong id="dds_02_0013__b17816182834210">Outbound Rules</strong> tab, click <strong id="dds_02_0013__b4819152854214">Add Rule</strong>. In the displayed <strong id="dds_02_0013__b082652894213">Add Outbound Rule</strong> dialog box, set required parameters to add outbound rules.</span></li><li id="dds_02_0013__en-us_topic_0105284937_li6900819151212"><span>Add a security group rule as prompted.</span><p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="dds_02_0013__en-us_topic_0105284937_en-us_topic_0118534005_table532116198213" width="90%" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameter description</caption><thead align="left"><tr id="dds_02_0013__en-us_topic_0105284937_en-us_topic_0118534005_row731911191722"><th align="left" class="cellrowborder" valign="top" width="13.04%" id="mcps1.3.4.2.7.2.1.2.4.1.1"><p id="dds_02_0013__en-us_topic_0105284937_en-us_topic_0118534005_p17319119020"><strong id="dds_02_0013__b158649370431">Parameter</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="68.96%" id="mcps1.3.4.2.7.2.1.2.4.1.2"><p id="dds_02_0013__en-us_topic_0105284937_en-us_topic_0118534005_p431911191622"><strong id="dds_02_0013__b1047363994313">Description</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="18%" id="mcps1.3.4.2.7.2.1.2.4.1.3"><p id="dds_02_0013__en-us_topic_0105284937_en-us_topic_0118534005_p103191119621"><strong id="dds_02_0013__b17051140144319">Value Example</strong></p>
</th>
</tr>
</thead>
<tbody><tr id="dds_02_0013__en-us_topic_0105284937_en-us_topic_0118534005_row8320419723"><td class="cellrowborder" valign="top" width="13.04%" headers="mcps1.3.4.2.7.2.1.2.4.1.1 "><p id="dds_02_0013__en-us_topic_0105284937_en-us_topic_0118534005_p1432013199214">Protocol</p>
</td>
<td class="cellrowborder" valign="top" width="68.96%" headers="mcps1.3.4.2.7.2.1.2.4.1.2 "><p id="dds_02_0013__en-us_topic_0118534005_p432017191726">Specifies the network protocol. Allows all traffic or supports user-defined protocols, TCP, UDP, ICMP, and SSH.</p>
</td>
<td class="cellrowborder" valign="top" width="18%" headers="mcps1.3.4.2.7.2.1.2.4.1.3 "><p id="dds_02_0013__en-us_topic_0105284937_en-us_topic_0118534005_p1332014191216">TCP</p>
</td>
</tr>
<tr id="dds_02_0013__en-us_topic_0105284937_row15380125810476"><td class="cellrowborder" valign="top" width="13.04%" headers="mcps1.3.4.2.7.2.1.2.4.1.1 "><p id="dds_02_0013__en-us_topic_0105284937_p1538118582479">Port</p>
</td>
<td class="cellrowborder" valign="top" width="68.96%" headers="mcps1.3.4.2.7.2.1.2.4.1.2 "><p id="dds_02_0013__en-us_topic_0105284937_p1391312104488">Specifies the port allowing the access to ECSs or external devices. </p>
</td>
<td class="cellrowborder" valign="top" width="18%" headers="mcps1.3.4.2.7.2.1.2.4.1.3 "><p id="dds_02_0013__en-us_topic_0105284937_p1438118583479">8635</p>
</td>
</tr>
<tr id="dds_02_0013__en-us_topic_0105284937_en-us_topic_0118534005_row1732101910217"><td class="cellrowborder" valign="top" width="13.04%" headers="mcps1.3.4.2.7.2.1.2.4.1.1 "><p id="dds_02_0013__en-us_topic_0105284937_en-us_topic_0118534005_p16320131918211">Source/Destination</p>
</td>
<td class="cellrowborder" valign="top" width="68.96%" headers="mcps1.3.4.2.7.2.1.2.4.1.2 "><p id="dds_02_0013__en-us_topic_0105284937_p1953711281854">Specifies the supported IP address and security group.</p>
<ul id="dds_02_0013__en-us_topic_0105284937_en-us_topic_0118534005_ul474117187016"><li id="dds_02_0013__en-us_topic_0105284937_li204213179474"><strong id="dds_02_0013__b6421166468">IP address</strong>: indicates that the security group rule takes effect in a specified IP address range.<ul id="dds_02_0013__en-us_topic_0105284937_ul67881445105111"><li id="dds_02_0013__en-us_topic_0105284937_en-us_topic_0118534005_li87410184011">xxx.xxx.xxx.xxx/32 (IPv4)</li><li id="dds_02_0013__en-us_topic_0105284937_en-us_topic_0118534005_li1374113189012">xxx.xxx.xxx.0/24 (subnet)</li><li id="dds_02_0013__en-us_topic_0105284937_en-us_topic_0118534005_li167411218306">0.0.0.0/0 (any IP address)</li></ul>
</li><li id="dds_02_0013__en-us_topic_0105284937_li1390210401514"><strong id="dds_02_0013__b122046167469">Security group</strong>: indicates that this rule allows all IP addresses of ECSs to access DDS DB instances in the same specified security group.</li></ul>
</td>
<td class="cellrowborder" valign="top" width="18%" headers="mcps1.3.4.2.7.2.1.2.4.1.3 "><ul id="dds_02_0013__en-us_topic_0105284937_ul209321608538"><li id="dds_02_0013__en-us_topic_0105284937_li119329015535">192.168.10.0/24</li><li id="dds_02_0013__en-us_topic_0105284937_li209327055311">default</li></ul>
</td>
</tr>
</tbody>
</table>
</div>
</p></li><li id="dds_02_0013__en-us_topic_0105284937_li21369327151121"><span>Click <strong id="dds_02_0013__b842352706113845">OK</strong>.</span></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="dds_02_replica_set.html">Getting Started with Replica Sets</a></div>
</div>
</div>
View Git Blame Copy Permalink