forked from docs/doc-exports
zhengxiu
93d856d5c5
Reviewed-by: Pruthi, Vineet <vineet.pruthi@t-systems.com> Co-authored-by: zhengxiu <zhengxiu@huawei.com> Co-committed-by: zhengxiu <zhengxiu@huawei.com>
18 lines
3.4 KiB
HTML
18 lines
3.4 KiB
HTML
<a name="EN-US_TOPIC_0000001960397625"></a><a name="EN-US_TOPIC_0000001960397625"></a>
|
|
|
|
<h1 class="topictitle1">How Does CSS Ensure Data and Workload Security?</h1>
|
|
<div id="body8662426"><p id="EN-US_TOPIC_0000001960397625__en-us_topic_0076852832_p25071515153118"><span id="EN-US_TOPIC_0000001960397625__en-us_topic_0076852832_text1739017401693">CSS</span> uses network isolation in addition to various host and data security measures.</p>
|
|
<ul id="EN-US_TOPIC_0000001960397625__en-us_topic_0076852832_ul1892414323310"><li id="EN-US_TOPIC_0000001960397625__en-us_topic_0076852832_li8924163263111">Network isolation<p id="EN-US_TOPIC_0000001960397625__en-us_topic_0076852832_p4650609320"><a name="EN-US_TOPIC_0000001960397625__en-us_topic_0076852832_li8924163263111"></a><a name="en-us_topic_0076852832_li8924163263111"></a>The entire network is divided into two planes: service plane and management plane. The two planes are deployed and isolated physically to ensure the security of the service and management networks.</p>
|
|
<ul id="EN-US_TOPIC_0000001960397625__en-us_topic_0076852832_ul06574073313"><li id="EN-US_TOPIC_0000001960397625__en-us_topic_0076852832_li1515616590327">Service plane: This is the network plane of the cluster. It provides service channels for users and delivers data definitions, indexing, and search capabilities. </li><li id="EN-US_TOPIC_0000001960397625__en-us_topic_0076852832_li6182175917322">Management plane: This is the management console, where you manage <span id="EN-US_TOPIC_0000001960397625__en-us_topic_0076852832_text17947472920">CSS</span>.</li></ul>
|
|
</li><li id="EN-US_TOPIC_0000001960397625__en-us_topic_0076852832_li137646345314">Host security<p id="EN-US_TOPIC_0000001960397625__en-us_topic_0076852832_p143720134517"><a name="EN-US_TOPIC_0000001960397625__en-us_topic_0076852832_li137646345314"></a><a name="en-us_topic_0076852832_li137646345314"></a><span id="EN-US_TOPIC_0000001960397625__en-us_topic_0076852832_text14734145515910">CSS</span> provides the following security measures:</p>
|
|
<ul id="EN-US_TOPIC_0000001960397625__en-us_topic_0076852832_ul17390102914514"><li id="EN-US_TOPIC_0000001960397625__en-us_topic_0076852832_li13901298458">The VPC security group ensures the security of the hosts in a VPC.</li><li id="EN-US_TOPIC_0000001960397625__en-us_topic_0076852832_li4390102918458">Network access control lists (ACLs) allow you to control what data can enter or exit your network.</li><li id="EN-US_TOPIC_0000001960397625__en-us_topic_0076852832_li1839012916458">The internal security infrastructure (including the network firewall, intrusion detection system, and protection system) monitors all network traffic that enters or exits the VPC through an IPsec VPN.</li></ul>
|
|
</li><li id="EN-US_TOPIC_0000001960397625__en-us_topic_0076852832_li55738695818">Data security<p id="EN-US_TOPIC_0000001960397625__en-us_topic_0076852832_p1532919171598"><a name="EN-US_TOPIC_0000001960397625__en-us_topic_0076852832_li55738695818"></a><a name="en-us_topic_0076852832_li55738695818"></a><span id="EN-US_TOPIC_0000001960397625__en-us_topic_0076852832_text812416214105">CSS</span> uses multiple replicas, cross-AZ deployment of clusters, and third-party (OBS) backup of index data to ensure the security of user data.</p>
|
|
</li></ul>
|
|
</div>
|
|
<div>
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="css_02_0051.html">General Consulting</a></div>
|
|
</div>
|
|
</div>
|
|
|