How Does CSS Ensure Data and Service Security?
CSS uses network isolation, in addition to various host and data security measures.
- Network isolation
The entire network is divided into two planes: service plane and management plane. The two planes are deployed and isolated physically to ensure the security of the service and management networks.
- Service plane: This is the network plane of the cluster. It provides service channels for users and delivers data definitions, indexing, and search capabilities.
- Management plane: This is the management console, where you manage CSS.
- Host security
CSS provides the following security measures:
- The VPC security group ensures the security of the hosts in a VPC.
- Network access control lists (ACLs) allow you to control what data can enter or exit your network.
- The internal security infrastructure (including the network firewall, intrusion detection system, and protection system) monitors all network traffic that enters or exits the VPC through an IPsec VPN.
- Data security
Multiple replicas, cross-AZ deployment of clusters, and third-party (OBS) backup of index data ensure the security of user data.
General Consulting FAQs
- What Are Regions and AZs?
- How Does CSS Ensure Data and Service Security?
- Which CSS Metrics Should I Focus On?
- What Storage Options Does CSS Provide?
- What Is the Maximum Storage Capacity of CSS?
- How Can I Manage CSS?
- Which Elasticsearch Versions Does CSS Support?
- How Can I Access CSS?
- What Can the Disk Space of a CSS Cluster Be Used For?
- How Do I Check the Numbers of Shards and Replicas in a Cluster on the CSS Console?
- Can I Modify the TLS Algorithm of an Elasticsearch Cluster?
- What VM Specifications Does CSS Support?
- Can I Use the CSS Cluster Data as a Data Source?
- What Data Compression Algorithms Does CSS Use?
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
more