Best Practices for ECS

Access

We recommend that you use the Virtual Network Computing (VNC) when logging in to your ECS for the first time and check that the ECS is running properly.

For details, see:

• Login Using VNC

The next time you log in, you can choose a proper login method based on your local environment and whether your ECS has an EIP bound. For details, see Logging In to an ECS.

System Updates

• Linux image source updates

  To obtain the latest system updates and software installation dependencies, update the image source before using an ECS.

• Windows patches and drivers updates

  To improve the fault rectification capability and performance of ECSs, periodically update Windows patches and drivers.

  You can enable Windows automatic updates to detect the latest patches and driver versions.

Data Storage

• Storage security

  To ensure data storage security, use the system disk to store OS data and use data disks to store application data. This ensures data security and prevents data loss caused by system faults. As service demand changes, you can expand storage capacity by:

  • Expanding disk capacity: You can expand both system disks and data disks. For details, see Expanding Capacity for an In-use EVS Disk.
  • Adding data disks: You can add only data disks. After adding disks, you need to attach and initialize them before they can be used.

• Data encryption

  To further protect data security, both the system and data disks can be encrypted. For details, see Managing Encrypted EVS Disks.

Security Management

• Identity authentication

  To securely control access to resources and centrally manage permissions, use IAM users and Enterprise Management for identity authentication, permissions management, and resource group management. For details, see Assigning Permissions to O&M Personnel and Multi-project Management Cases.

• Access control
  To control inbound and outbound access to ECSs and improve security, set access control policies based on:

  • ECSs: Configure security group rules to control access to ECSs.
  • Subnets: Configure network ACLs to control access to all ECSs in a given subnet.
• Server security

  In addition to the basic edition of Host Security Service (HSS), use advanced editions to enhance the security of your ECSs. For details about HSS editions, see Edition details and HSS.

Backup and Restore

• Data backup and restore

  To quickly restore data in case of virus intrusion, mis-deletion, and hardware or software faults, back up data periodically. For details, see Cloud Backup and Recovery (CBR).

  After the backup is successful, you can restore data using a cloud server backup or use a backup to create an image.

• Service disaster recovery (DR)

  For high service DR capabilities, deploy ECSs in the same region in different AZs. For details about AZs, see Region and AZ and Step 1: Configure Basic Settings.

Resource Management

• Monitoring

  Use Cloud Eye to keep informed of ECS performance metrics and statuses in real time, and receive alarms if any exceptions occur.

• Tracing

  Use Cloud Trace Service (CTS) to record operations on your ECSs for later query, auditing, and backtracking.

• Logging

  Use Log Tank Service (LTS) to collect ECS logs for centralized management. With LTS, you can analyze large volumes of logs efficiently, securely, and in real time and gain insights into improving availability and performance of applications.