Help Center/ Database Security Service/ User Guide/ Purchasing Database Audit
Updated on 2024-12-19 GMT+08:00

Purchasing Database Audit

Before using the database audit function, you need to purchase database audit. Database audit charges yearly or monthly.

Constraints

  • DBSS cannot be used across regions. The database to be audited and the database audit instance you purchased must be in the same region.
  • Ensure the VPC of the database audit instance is the same as that of the node (application side or database side) where you plan to install the database audit agent. Otherwise, the instance will be unable to connect to the agent or perform audit.

    For details about how to choose the node, see How Do I Determine Where to Install an Agent?

Impact on the System

Database audit works in out-of-path mode, which neither affects user services nor conflicts with the local audit tools.

Prerequisites

The instance account has related permissions.

Ensure that the DBSS System Administrator, VPC Administrator, ECS Administrator, and BSS Administrator policies have been configured for the account used for purchasing instances.

  • VPC Administrator: Users with this set of permissions can perform all execution permission for VPC. It is a project-level role, which must be assigned in the same project.
  • BSS Administrator: Users with this set of permissions can perform any operation on menu items on pages My Account, Billing Center, and Resource Center. It is a project-level role, which must be assigned in the same project.
  • ECS Administrator: Users with this set of permissions can perform any operations on an ECS. It is a project-level role, which must be assigned in the same project.

Procedure

  1. Log in to the management console.
  2. Click and choose Security & Compliance > Database Security Service. The Dashboard page is displayed.
  3. In the upper right corner, click Buy Database Audit.
  4. Select a region, a project, an AZ, and an edition.

    Figure 1 Selecting an AZ and an edition

    Select an enterprise project. The DBSS you purchase will be put under this project. Billing and permissions management are performed based on enterprise projects.

    Table 1 describes the database audit editions.
    Table 1 Database audit editions

    Edition

    Maximum Databases

    System Resource

    Performance

    Professional

    6

    • CPU: 8 vCPUs
    • Memory: 32 GB
    • Hard disk: 1,084 GB
    • Peak QPS: 6,000 queries/second
    • Database load rate: 7.2 million statements/hour
    • Stores 600 million online SQL statements.
    • Stores 10 billion archived SQL statements.

    Advanced

    30

    • CPU: 16 vCPUs
    • Memory: 64 GB
    • Hard disk: 2,108 GB
    • Peak QPS: 30,000 queries/second
    • Database load rate: 10.8 million records/hour
    • Stores 1.5 billion online SQL statements.
    • Stores 60 billion archived SQL statements.
    • A database instance is uniquely defined by its database IP address and port.

      The number of database instances equals the number of database ports. If a database IP address has N database ports, there are N database instances.

      Example: A user has two database IP addresses, IP1 and IP2. IP1 has a database port. IP2 has three database ports. IP1 and IP2 have four database instances in total. To audit all of them, select professional edition DBSS, which supports a maximum of six database instances.

    • To change the edition of a DBSS instance, unsubscribe from it and purchase a new one.
    • The cloud native edition can be purchased only on the RDS console.
    • The table above lists the system resources consumed by a database audit instance. Ensure your system has the required configurations before purchasing database audit instances.
    • Online SQL statements are counted based on the assumption that the capacity of an SQL statement is 1 KB.

  5. Set database audit parameters, as shown in Figure 2. For details about related parameters, see Table 2.

    Figure 2 Setting database audit parameters
    Table 2 Database audit parameters

    Parameter

    Description

    VPC

    You can select an existing VPC, or click View VPC to create one on the VPC console.

    NOTE:
    • Select the VPC of the node (application or database side) where you plan to install the agent. For more information, see How Do I Determine Where to Install an Agent?
    • To change the VPC of a DBSS instance, unsubscribe from it and purchase a new one.

    For more information about VPC, see Virtual Private Cloud User Guide.

    Security Group

    You can select an existing security group in the region or create a security group on the VPC console. Once a security group is selected for an instance, the instance is protected by the access rules of this security group.

    For more information about security groups, see Virtual Private Cloud User Guide.

    Subnet

    You can select a subnet configured in the VPC or create a subnet on the VPC console.

    Name

    Instance name

  6. Set Required Duration. See Figure 3.

    Figure 3 Setting the required duration
    After you select Auto-renew, the system automatically renews the instance upon expiry if your account balance is sufficient. You can continue to use the instance. Table 3 describes the auto-renewal period.
    Table 3 Auto-renewal period description

    Required Duration

    Auto-renewal Period

    1/2/3/4/5/6/7/8/9 months

    1 month

    1 year

    1 year

  7. (Optional) Add tags to the database audit instance. If you have configured tag policies for DBSS, you need to add tags to your DBSS instances based on the tag policies. If a tag does not comply with the policies, DBSS instance may fail to be created. Contact your organization administrator to learn more about tag policies.
  8. Confirm the configuration and click Next.

    For any doubt about the pricing, click Pricing details to understand more.

  9. On the Details page, read the Database Audit of Database Security Service Disclaimer, select I have read and agree to the Database Audit of Database Security Service Disclaimer, and click Submit.
  10. On the displayed page, select a payment method.
  11. After you pay for your order, you can view the creation status of your instances.

Follow-Up Procedure

  • If the Status of the instance is Running, you have successfully purchased the database audit instance.
  • If the instance status is Creation failed, you will be automatically refunded. You can click More in the Operation column and view details in the Failure Details dialog box.