How to Switch from CGS to HSS Console?

You can integrate CGS into the HSS console to centrally manage servers and use the new functions.

Functions of the New and Old CGS

Currently, CGS has been integrated into the HSS console for unified management. The existing functions have been optimized and some new functions have been added.

**Table 1** Functions of the new and old CGS
Function	Old CGS	New CGS (New HSS)
Container asset fingerprint management	×	√
Container node management	√	√
Private image management	√	√
Local image management	√	√
Official image management	√	×
Shared image management	×	√
Image vulnerability detection	√	√
Malicious image file detection	√	√
Image baseline check	√	√
Vulnerability escape detection	√	√
File escape detection	√	√
Abnormal container process detection	√	√
Abnormal container configuration detection	√	√
Abnormal container startup detection	√	√
Malicious container program detection	√	√
High-risk system call detection	√	√
Sensitive file access detection	√	√
Container software information check	√	√
Container file information check	√	√
Whitelist management	√	√
Container policy management	√	√

Switchover Process

To switch from CGS to HSS, disable CGS, apply for the HSS container edition, and enable protection.

Step 1: Disabling the Original CGS Protection.

Log in to the management console.
In the upper left corner of the page, select a region, click , and choose Security & Compliance > Container Guard Service. The Container Guard Service console is displayed.
Choose Clusters & Quotas under Container Guard Service to view the cluster protection list.
Click Disable Protection in the Operation column of the target cluster.

For easy management, you are advised to disable protection for all clusters.

Step 2: Installing an Agent

CGS (old) and HSS (new) are independent of each other. To use the HSS container edition, install a new agent.

Log in to the management console.
Click in the upper left corner of the page, select a region, and choose Security > Host Security Service.
In the navigation pane, choose Asset Management > Containers & Quota.
Click Nodes to check whether the nodes whose protection has been disabled exist in the node list.
- If the nodes are displayed on the HSS console (new), you do not need to install the agent.
- If the nodes are not displayed on the HSS console (new), you need to .

Step 3: Enabling Protection

Log in to the management console.
Click in the upper left corner of the page, select a region, and choose Security > Host Security Service.
In the navigation pane, choose Asset Management > Containers & Quota.
In the Operation column of the node list, click Enable Protection.
Click OK. If the Protection Status of the server changes to Protected, protection has been enabled.

A CGS quota protects one cluster node.

Parent topic: Container Guard Service

Previous topic: What Is the Log Processing Mechanism of CGS?

Next topic: How Do I Enable Node Protection?

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot