Help Center> Elastic Cloud Server> Best Practices> Best Practices for ECS
Updated on 2023-11-13 GMT+08:00

Best Practices for ECS

To use ECSs more securely, reliably, flexibly, and efficiently, you are advised to follow the following best practices.

Access

We recommend that you use the Virtual Network Computing (VNC) when logging in to your ECS for the first time and check that the ECS is running properly.

For details, see:

The next time you log in, you can choose a proper login method based on your local environment and whether your ECS has an EIP bound. For details, see Logging In to an ECS.

System Updates

  • Linux image source updates

    To obtain the latest system updates and software installation dependencies, update the image source before using an ECS.

    Huawei Cloud image sources are stable and can be updated without accessing the Internet. For ECSs running EulerOS, CentOS, Debian, or Ubuntu, replace their image sources with Huawei Cloud images sources by referring to How Can I Use an Automated Tool to Configure a Huawei Cloud Image Source (x86_64 and Arm)?

  • Windows patches and drivers updates

    To improve the fault rectification capability and performance of ECSs, periodically update Windows patches and drivers.

    You can enable Windows automatic updates to detect the latest patches and driver versions.

Data Storage

  • Storage security

    To ensure data storage security, use the system disk to store OS data and use data disks to store application data. This ensures data security and prevents data loss caused by system faults. As service demand changes, you can expand storage capacity by:

  • Data encryption

    To further protect data security, both the system and data disks can be encrypted. For details, see Managing Encrypted EVS Disks.

Security Management

  • Access control
    To control inbound and outbound access to ECSs and improve security, set access control policies based on:
  • Server security

    In addition to the basic edition of Host Security Service (HSS), use advanced editions to enhance the security of your ECSs. For details about HSS editions, see Edition details and HSS Getting Started.

  • Critical operation protection

    To ensure account and operation security, enable operation protection. This will require user authentication for critical operations like stopping, restarting, or deleting resources. Operation protection takes effect for both you and users created using your account.

    For details, see Protection for Mission-Critical Operations.

Backup and Restore

Resource Management

  • Monitoring

    Use Cloud Eye to keep informed of ECS performance metrics and statuses in real time, and receive alarms if any exceptions occur.

  • Tracing

    Use Cloud Trace Service (CTS) to record operations on your ECSs for later query, auditing, and backtracking.

  • Logging

    Use Log Tank Service (LTS) to collect ECS logs for centralized management. With LTS, you can analyze large volumes of logs efficiently, securely, and in real time and gain insights into improving availability and performance of applications.