Help Center/ Cloud Search Service/ FAQs/ General Consulting/ How Does CSS Ensure Data and Workload Security?
Updated on 2024-12-02 GMT+08:00

How Does CSS Ensure Data and Workload Security?

CSS uses network isolation in addition to various host and data security measures.

  • Network isolation

    The entire network is divided into two planes: service plane and management plane. The two planes are deployed and isolated physically to ensure the security of the service and management networks.

    • Service plane: This is the network plane of the cluster. It provides service channels for users and delivers data definitions, indexing, and search capabilities.
    • Management plane: This is the management console, where you manage CSS.
  • Host security

    CSS provides the following security measures:

    • The VPC security group ensures the security of the hosts in a VPC.
    • Network access control lists (ACLs) allow you to control what data can enter or exit your network.
    • The internal security infrastructure (including the network firewall, intrusion detection system, and protection system) monitors all network traffic that enters or exits the VPC through an IPsec VPN.
  • Data security

    CSS uses multiple replicas, cross-AZ deployment of clusters, and third-party (OBS) backup of index data to ensure the security of user data.