Basic Concepts
CDM Cluster
A CDM cluster is a CDM instance. It consists of one or more VMs. You can create multiple CDM clusters for different purposes. For example, you can create a CDM cluster for the financial department and the procurement department respectively to isolate data access permissions.
Local Environment
A local environment is a data storage system in the IDC that you have built or rent, or on the third-party cloud, including relational databases and file systems.
Local Data
Local data is stored in the IDC that you have built or rent, or on the third-party cloud, including data stored in relational databases, NoSQL databases, OLAP databases, and file systems.
Connector
A connector is a built-in object template used for connecting to a data source. Currently, CDM uses connectors to connect to OBS, MRS, and databases. New connectors can be added to CDM as well.
Link
A link is an object set up based on a connector and used to connect to a specific data source.
To create a link, you must specify the link name, connector, data source address, and authentication information. For example, to connect to a MySQL database, you must set the host IP address, port number, username, and password.
After a link is set up, it can be used by multiple jobs as either a source or a destination link.
Job
A job is a data migration task that you have created to migrate data from a specific data source to another. To create a job, you must specify a source link, destination link, and data mapping rules.
Source Job Configuration
During job creation, the source link specifies the data source from which data is extracted. The job parameters of different source links vary. For example, the table or directory from which data is exported is specified in the job configuration at the source end.
Destination Job Configuration
During job creation, the destination link specifies the data source to which data is loaded. The job parameters of different destination links vary. For example, the table or directory to which data is imported is specified in the job configuration of the destination end.
Field Mapping
During job creation, especially jobs of migrating data between heterogeneous data sources, you must configure the mapping between the source and destination data sources, such as field mapping and field type mapping.
Account
The account registered with the cloud owns your cloud resources and has full access permissions for the resources. You can use the account to reset user passwords and assign permissions. You can use your account to receive and pay all bills generated by your IAM users' use of resources. To log in to the management console using an account, choose Account Login.
IAM User
IAM users are created by an account to use cloud services. Each IAM user has their own password and access key to access cloud services using the console or APIs. The users manage cloud resources for the account based on assigned permissions. IAM users do not own resources or make payments. It is the account that controls user permissions and pays the bills. To log in to the management console as an IAM user, choose IAM User Login.
User Group
User groups facilitate centralized user management and streamlined permissions management. IAM users must be added to a user group to obtain the permissions required for accessing specified resources or cloud services in the account. A user can be added to multiple groups, which allows them to inherit different permissions.
The default user group admin has all of the permissions required to use all of the cloud resources. Users in this group can perform operations on all the resources, including but not limited to creating user groups and users, assigning permissions, and managing resources.
Policy and Authorization
A policy is a set of permissions defined in JSON format. It defines which operations on which cloud resources are allowed. There are two types of policies: system policy and custom policy.
- System policies are pre-defined by IAM and cannot be modified.
- If system policies do not meet your requirements, you can create custom policies for fine-grained access control.
Authorization is the process of granting required permissions for a user to perform a task. After a system or custom policy is assigned to a user group, users in the group inherit the permissions defined by the policy to manage resources.
For example, the content of the CDM Administrator policy defining all permissions of CDM is as follows:
{ "Version": "1.1", "Statement": [ { "Action": [ "cdm:*:*", "ecs:*:*", "vpc:*:*", "evs:*:*", "bss:*:*", "CTS:*:*", "eps:*:*", "obs:*:*", "CES:*:*" ], "Effect": "Allow" } ] }
Project
A project corresponds to a service region. Default projects are defined to group and physically isolate resources (including computing, storage, and network resources) across regions.
- Users can be granted permissions in a default project to access all resources in the region associated with the project.
- If you need more refined access control, you can create subprojects under a default project and create resources in subprojects. Then you can assign required permissions for users to access only the resources in specific subprojects.
Identity Credentials
Identity credentials are used for authentication when you or your IAM users access cloud services through the console or APIs. Identity credentials include the password and access keys, which can be managed in IAM.
- Password: A common identity credential for logging in to the management console or calling cloud service APIs.
- Access key: An access key ID/secret access key (AK/SK) pair, which is used only for calling cloud service APIs. Each access key provides a signature for cryptographic authentication to ensure that access requests are secret, complete, and correct.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.