Compute
Elastic Cloud Server
Huawei Cloud Flexus
Bare Metal Server
Auto Scaling
Image Management Service
Dedicated Host
FunctionGraph
Cloud Phone Host
Huawei Cloud EulerOS
Networking
Virtual Private Cloud
Elastic IP
Elastic Load Balance
NAT Gateway
Direct Connect
Virtual Private Network
VPC Endpoint
Cloud Connect
Enterprise Router
Enterprise Switch
Global Accelerator
Management & Governance
Cloud Eye
Identity and Access Management
Cloud Trace Service
Resource Formation Service
Tag Management Service
Log Tank Service
Config
OneAccess
Resource Access Manager
Simple Message Notification
Application Performance Management
Application Operations Management
Organizations
Optimization Advisor
IAM Identity Center
Cloud Operations Center
Resource Governance Center
Migration
Server Migration Service
Object Storage Migration Service
Cloud Data Migration
Migration Center
Cloud Ecosystem
KooGallery
Partner Center
User Support
My Account
Billing Center
Cost Center
Resource Center
Enterprise Management
Service Tickets
HUAWEI CLOUD (International) FAQs
ICP Filing
Support Plans
My Credentials
Customer Operation Capabilities
Partner Support Plans
Professional Services
Analytics
MapReduce Service
Data Lake Insight
CloudTable Service
Cloud Search Service
Data Lake Visualization
Data Ingestion Service
GaussDB(DWS)
DataArts Studio
Data Lake Factory
DataArts Lake Formation
IoT
IoT Device Access
Others
Product Pricing Details
System Permissions
Console Quick Start
Common FAQs
Instructions for Associating with a HUAWEI CLOUD Partner
Message Center
Security & Compliance
Security Technologies and Applications
Web Application Firewall
Host Security Service
Cloud Firewall
SecMaster
Anti-DDoS Service
Data Encryption Workshop
Database Security Service
Cloud Bastion Host
Data Security Center
Cloud Certificate Manager
Edge Security
Situation Awareness
Managed Threat Detection
Blockchain
Blockchain Service
Web3 Node Engine Service
Media Services
Media Processing Center
Video On Demand
Live
SparkRTC
MetaStudio
Storage
Object Storage Service
Elastic Volume Service
Cloud Backup and Recovery
Storage Disaster Recovery Service
Scalable File Service Turbo
Scalable File Service
Volume Backup Service
Cloud Server Backup Service
Data Express Service
Dedicated Distributed Storage Service
Containers
Cloud Container Engine
SoftWare Repository for Container
Application Service Mesh
Ubiquitous Cloud Native Service
Cloud Container Instance
Databases
Relational Database Service
Document Database Service
Data Admin Service
Data Replication Service
GeminiDB
GaussDB
Distributed Database Middleware
Database and Application Migration UGO
TaurusDB
Middleware
Distributed Cache Service
API Gateway
Distributed Message Service for Kafka
Distributed Message Service for RabbitMQ
Distributed Message Service for RocketMQ
Cloud Service Engine
Multi-Site High Availability Service
EventGrid
Dedicated Cloud
Dedicated Computing Cluster
Business Applications
Workspace
ROMA Connect
Message & SMS
Domain Name Service
Edge Data Center Management
Meeting
AI
Face Recognition Service
Graph Engine Service
Content Moderation
Image Recognition
Optical Character Recognition
ModelArts
ImageSearch
Conversational Bot Service
Speech Interaction Service
Huawei HiLens
Video Intelligent Analysis Service
Developer Tools
SDK Developer Guide
API Request Signing Guide
Terraform
Koo Command Line Interface
Content Delivery & Edge Computing
Content Delivery Network
Intelligent EdgeFabric
CloudPond
Intelligent EdgeCloud
Solutions
SAP Cloud
High Performance Computing
Developer Services
ServiceStage
CodeArts
CodeArts PerfTest
CodeArts Req
CodeArts Pipeline
CodeArts Build
CodeArts Deploy
CodeArts Artifact
CodeArts TestPlan
CodeArts Check
CodeArts Repo
Cloud Application Engine
MacroVerse aPaaS
KooMessage
KooPhone
KooDrive
Help Center/ Host Security Service/ FAQs/ Container Security/ How Do I Switch from CGS to HSS?

How Do I Switch from CGS to HSS?

Updated on 2025-01-07 GMT+08:00

You can integrate CGS into the HSS console to centrally manage servers and use the new functions.

Functions of the New and Old CGS

Currently, CGS has been integrated into the HSS console for unified management. The existing functions have been optimized and some new functions have been added.

Table 1 Functions of the new and old CGS

Function

Old CGS

New CGS (New HSS)

Container asset fingerprint management

×

Container node management

Private image management

Local image management

Official image management

×

Shared image management

×

Image vulnerability detection

Malicious image file detection

Image baseline check

Vulnerability escape detection

File escape detection

Abnormal container process detection

Abnormal container configuration detection

Abnormal container startup detection

Malicious container program detection

High-risk system call detection

Sensitive file access detection

Container software information check

Container file information check

Whitelist management

Container policy management

Switchover Process

To switch from CGS to HSS, disable CGS, purchase the HSS container edition, and enable protection.

Figure 1 CGS switch procedure

Step 1: Disabling the Original CGS Protection.

  1. Log in to the management console.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > Container Guard Service. The Container Guard Service console is displayed.
  3. Choose Clusters & Quotas under Container Guard Service to view the cluster protection list.

    Figure 2 Viewing the protection status of a container cluster

  4. Click Disable Protection in the Operation column of the target cluster.

    NOTE:

    For easy management, you are advised to disable protection for all clusters.

  5. After disabling the protection for all clusters, click the Protection Quotas tab. In the Operation column of quotas, click More > Unsubscribe to unsubscribe from them one by one.

    Figure 3 Unsubscribing from container edition quotas
    NOTE:

    If the original quota billing mode is pay-per-use, the billing stops when you disable the protection.

Step 2: Installing an Agent

CGS (old) and HSS (new) are independent of each other. To use the HSS container edition, install a new agent.

  1. Log in to the management console.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > HSS.
  3. In the navigation pane, choose Asset Management > Containers & Quota.
  4. Click Nodes to check whether the nodes whose protection has been disabled exist in the node list.

    NOTICE:
    • If the nodes are displayed on the HSS console (new), you do not need to install the agent.
    • If the nodes are not displayed on the HSS console (new), you need to install an agent.

Step 3: Purchasing Container Edition Quotas on the HSS Console

  1. Log in to the management console.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > HSS.
  3. In the navigation pane, choose Asset Management > Containers & Quota.
  4. Click Buy CGS.
  5. Configure CGS specifications.

    Table 2 Parameters for purchasing HSS

    Parameter

    Description

    Example Value

    Billing Mode

    Only the Yearly/Monthly billing mode is supported.

    Yearly/Monthly

    Region

    • To minimize connection issues, purchase quota in the region of your servers.

    CN-Hong Kong

    Edition

    Select Container. For details about how to enable the pay-per-use billing mode, see Enabling Container Node Protection.

    Container

    Node Quantity

    Number of purchased container edition quotas

    10

    Required Duration

    • Select a duration as needed.
    • You are advised to select Auto-renew to ensure your servers are always protected.
    • If you select Auto-renew, the system will automatically renew your subscription as long as your account balance is sufficient. The renewal period is the same as the required duration.
    • If you do not select Auto-renew, manually renew the service before it expires.

    1 year

    Tags

    You can put tags on cloud resources of the same type to help you quickly search for resources.

    cgs-data

  6. In the lower right corner of the page, click Next.

    For details about pricing, see Product Pricing Details.

  7. After confirming that the order, select I have read and agree to the Host Security Service Disclaimer and click Pay Now.
  8. Click Pay Now and complete the payment.

Step 4: Enabling Protection

  1. Log in to the management console.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > HSS.
  3. In the navigation pane, choose Asset Management > Containers & Quota.
  4. In the Operation column of the node list, click Enable Protection.

    Figure 4 Enabling container protection

  5. You can buy quota in pay-per-use or yearly/monthly mode.

    • Yearly/Monthly

      In the displayed dialog box, select Yearly/Monthly, read the Container Guard Service Disclaimer, and select I have read and agreed to Container Guard Service Disclaimer.

      The quota can be allocated in the following ways:
      • Select Random quota to let the system allocate the quota with the longest remaining validity to the server.
      • Select a quota ID and allocate it to a server.
    • On-demand

      In the displayed dialog box, select Pay-per-use, read the Container Guard Service Disclaimer, and select I have read and agreed to Container Guard Service Disclaimer.

  6. Click OK. If the Protection Status of the server changes to Protected, protection has been enabled.

    NOTE:

    A CGS quota protects one cluster node.

We use cookies to improve our site and your experience. By continuing to browse our site you accept our cookie policy. Find out more

Feedback

Feedback

Feedback

0/500

Selected Content

Submit selected content with the feedback