Configuring an ECS
To use ECSs more securely, reliably, flexibly, and efficiently, follow the best practices for ECS.
Access and Connection
We recommend that you use the Virtual Network Computing (VNC) when logging in to your ECS for the first time and check that the ECS is running properly.
For details, see:
The next time you log in, you can choose a proper login method based on your local environment and whether your ECS has an EIP bound. For details, see Logging In to an ECS.
System Updates
Data Storage
- Storage security
To ensure data storage security, use the system disk to store OS data and use data disks to store application data. This ensures data security and prevents data loss caused by system faults. As service demand changes, you can expand storage capacity by:
- Expanding disk capacity: You can expand both system disks and data disks. For details, see Expanding Capacity for an In-use EVS Disk.
- Adding data disks: You can add only data disks. After adding disks, you need to attach and initialize them before they can be used.
- Data encryption
To further protect data security, both the system and data disks can be encrypted. For details, see Managing Encrypted EVS Disks.
Security Management
- Identity authentication
To securely control access to resources and centrally manage permissions, use IAM users and Enterprise Management for identity authentication, permissions management, and resource group management. For details, see Assigning Permissions to O&M Personnel and Multi-project Management Cases.
- Access control
To control inbound and outbound access to ECSs and improve security, set access control policies based on:
- ECSs: Configure security group rules to control access to ECSs.
- Subnets: Configure network ACLs to control access to all ECSs in a given subnet.
- Server security
In addition to the basic edition of Host Security Service (HSS), use advanced editions to enhance the security of your ECSs. For details about HSS editions, see Edition details and HSS.
Backup and Restore
- Data backup and restore
To quickly restore data in case of virus intrusion, mis-deletion, and hardware or software faults, back up data periodically. For details, see Cloud Backup and Recovery (CBR).
After the backup is successful, you can restore data using a cloud server backup or use a backup to create an image.
- Service disaster recovery (DR)
For high service DR capabilities, deploy ECSs in the same region in different AZs. For details about AZs, see Region and AZ and Step 1: Configure Basic Settings.
Resource Management
- Monitoring
Use Cloud Eye to keep informed of ECS performance metrics and statuses in real time, and receive alarms if any exceptions occur.
- Tracing
Use Cloud Trace Service (CTS) to record operations on your ECSs for later query, auditing, and backtracking.
- Logging
Use Log Tank Service (LTS) to collect ECS logs for centralized management. With LTS, you can analyze large volumes of logs efficiently, securely, and in real time and gain insights into improving availability and performance of applications.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.