Setting Security Group Rules for a GeminiDB HBase Instance
A security group is a collection of access control rules for ECSs and GeminiDB HBase instances that have the same security protection requirements and are mutually trusted in a VPC.
To ensure database security and reliability, configure security group rules to allow specific IP addresses and ports to access GeminiDB HBase instances.
This section describes how to configure security group rules for a GeminiDB HBase instance connected over a private network.
Usage Notes
- By default, a tenant can create a maximum of 500 security group rules.
- Too many security group rules will increase the first packet latency. You are advised to create a maximum of 50 rules for each security group.
- Currently, a GeminiDB HBase instance can be associated with only one security group.
- For details about the security group rules for connecting to an instance over a private network, see Table 1.
Table 1 Security group rules Scenario
Description
Connecting to an instance over a private network
Configure security group rules as follows:- If the ECS and GeminiDB HBase instance are in the same security group, they can communicate with each other by default. No security group rule needs to be configured.
- If they are in different security groups, configure security group rules for them, separately.
- Configure inbound rules for the security group associated with the GeminiDB HBase instance. For details, see Procedure.
- The default security group rule allows all outbound data packets, so you do not need to set a security rule for the ECS. If not all outbound traffic is allowed in the security group, set an outbound rule for the ECS.
Procedure
- Log in to the Huawei Cloud console.
- In the service list, choose Databases > GeminiDB.
- On the Instances page, click the target instance go to the Basic Information page.
- Set security group rules.
Method 1:
In the Network Information area on the Basic Information page, click the security group.
Figure 1 Security groupMethod 2
On the Basic Information page, choose Connections in the navigation pane on the left. In the Security Group area on the right, click the name of the security group. The Security Group page is displayed.
- Add an inbound rule.
- Click the Inbound Rules tab.
Figure 2 Inbound rule
- Click Add Rule. The Add Inbound Rule dialog box is displayed.
Figure 3 Adding a rule
- Add a security group rule as prompted.
Table 2 Inbound rule settings Parameter
Description
Example Value
Protocol & Port
- Protocol: Currently, GeminiDB HBase instances can be accessed only over TCP.
- Port: The port (1 to 65535) for accessing the ECS.
TCP
Type
IP address type. This parameter is available after IPv6 is enabled.
- IPv4
IPv4
Source
Source: The source can be an IP address, a security group, or an IP address group which allows access from IP addresses or instances in other security groups. For example:- xxx.xxx.xxx.xxx/32 (IPv4 address)
- xxx.xxx.xxx.0/24 (subnet)
- 0.0.0.0/0 (any IP address)
- sg-abc (security group)
0.0.0.0/0
Description
(Optional) Provides supplementary information about the security group rule.
The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >).
-
- Click the Inbound Rules tab.
- Click OK.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot