Security Best Practices
Security is a shared responsibility between Huawei Cloud and you. Huawei Cloud provides secure cloud services. As a tenant, you should properly use the security capabilities provided by cloud services to protect data, and securely use the cloud. For details, see Shared Responsibility.
This section provides best practices for enhancing security of GeminiDB Influx API. You can continuously evaluate the security status of your GeminiDB Influx instances and combine different security capabilities provided by GeminiDB Influx API. By doing this, data in GeminiDB Influx instances can be protected from being disclosed or tampered with.
Consider the following aspects for your security configurations:
- Avoiding Binding EIPs to GeminiDB Influx Instances for Internet Access
- Avoiding Weak Passwords
- Configuring Instance Access Logs
- Enabling SSL
- Enabling Disk Encryption
- Enabling Data Backup
- Configuring Monitoring by Seconds and Alarm Rules
- Upgrading the Version
Avoiding Binding EIPs to GeminiDB Influx Instances for Internet Access
Do not deploy GeminiDB Influx API on the Internet or DMZ. Deploy GeminiDB Influx API on your internal network and use routers or firewalls to protect GeminiDB Influx API. Do not bind EIPs to GeminiDB Influx instances for Internet access. This prevents unauthorized access and DDoS attacks. You are not advised to bind EIPs to instances. If EIPs are necessary, set security groups.
Avoiding Weak Passwords
When setting or changing an account password, ensure that the password meets the password complexity requirements and do not use weak passwords. By doing so, passwords can be protected from hacker and rainbow table attacks. You can check password strength using the API.
Configuring Instance Access Logs
After access logs are configured, new audit, error, and slow query logs of GeminiDB Influx instances will be uploaded to LTS for management. You can view, search for, and download audit, error, and slow query logs of GeminiDB Influx instances. The log data is graphically displayed to make it easier to analyze and understand. For details, see Managing Log Configurations.
Enabling SSL
If SSL is disabled, data transmitted between the InfluxDB client and server is vulnerable to eavesdropping, tampering, and man-in-the-middle attacks. To improve data transmission security, you are advised to enable SSL. For details, see Encrypting Data over SSL.
Enabling Disk Encryption
Disk encryption improves data security. For details, see the description about disk encryption in Buying a GeminiDB Influx Instance.
Enabling Data Backup
GeminiDB Influx instances support automated and manual backups. You can periodically back up databases. If a database is faulty or data is corrupted, you can restore the database using backups to ensure data reliability. For details, see Data Backup.
Configuring Monitoring by Seconds and Alarm Rules
GeminiDB Influx instances are monitored by default. If a metric exceeds the specified threshold, an alarm is triggered and automatically sent to the cloud account through SMN, so you can stay on top of your GeminiDB Influx instance status. Configure monitoring and alarm rules based on service requirements. For details, see Monitoring and Alarms.
Upgrading the Version
A minor version of GeminiDB Influx API can be upgraded to add new functions, fix issues, and improve security and performance. You are advised to upgrade the version in a timely manner.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
