- What's New
- Service Overview
- Billing
- Getting Started
- User Guide
- API Reference
- SDK Reference
-
FAQs
-
DeH FAQs
- What Is DeH?
- When a DeH Is Needed?
- Can I Use DeHs to Build Websites?
- Can I Buy DeHs by Myself?
- What Hypervisor Is Used by DeHs?
- Does Each DeH Have a Unique ID?
- What Are the Differences Between DeHs and BMSs?
- What Are the Differences Between DeH and DeC?
- What Are the Differences Between DeHs and ECSs?
- How Can I Query the Number of Available Resources on a DeH?
- Why Is It Not Possible to Successfully Create an ECS on a DeH Even When There Are More Available Resources on the DeH Than What the ECS Requires?
- Does DeH Support Capacity Expansion?
- What Is BYOL?
- How Do I Bring My Own Licenses to a DeH?
- Can I Attach an EVS Disk to a DeH?
- Is There a Limit on the Number of DeHs That I Can Purchase?
-
ECS FAQs
- What Are the Differences Between ECSs on DeHs and Those on Shared Hosts?
- What Are the Restrictions on Creating ECSs on a DeH?
- Can I Create ECSs of Different Flavors on a DeH?
- Can I Modify the Specifications of ECSs on DeHs?
- What Should I Do If I Fail to Create an ECS on a DeH?
- Can I Migrate ECSs in Resource Pools to DeHs?
- Billing FAQs
-
DeH FAQs
- Videos
- Glossary
-
More Documents
-
User Guide (Paris Region)
- Product Introduction
- Getting Started
- DeH Management
- ECS Management
- Tag Management
- Key Operations Recorded by CTS
- Managing Enterprise Projects
- Permission Management
-
FAQs
-
DeH FAQs
- What Is DeH?
- When a DeH Is Needed?
- Can I Use DeHs Build Websites?
- Can I Allocate DeHs by Myself?
- What Hypervisor Is Used by DeHs?
- Does Each DeH Have a Unique ID?
- What Are the Differences Between DeHs and BMSs?
- What Are the Differences Between DeH and DeC?
- What Are the Differences Between DeHs and ECSs?
- How Can I Query the Number of Available Resources on a DeH?
- Does DeH Support Capacity Expansion?
- What Is BYOL?
- How Do I Bring My Own Licenses to a DeH?
- Can I Attach an EVS Disk to a DeH?
- Is There a Limit on the Number of DeHs That I Can Purchase?
-
ECS FAQs
- What Are the Differences Between ECSs on DeHs and Those on Shared Hosts?
- What Are the Restrictions on Creating ECSs on a DeH?
- Can I Create ECSs of Different Flavors on a DeH?
- Can I Modify the Specifications of ECSs on DeHs?
- What Should I Do If I Fail to Create an ECS on a DeH?
- Can I Migrate ECSs in Resource Pools to DeHs?
- Billing FAQs
-
DeH FAQs
- Change History
- API Reference (Paris Region)
-
User Guide (Paris Region)
- General Reference
Copied.
Data Protection
User encryption allows you to use the encryption feature provided on the cloud platform to encrypt ECS resources, improving data security. User encryption includes image encryption and EVS disk encryption.
Image Encryption
Image encryption supports encrypting private images. When creating an ECS, if you select an encrypted image, the system disk of the created ECS is automatically encrypted, improving data security.
Use either of the following methods to create an encrypted image:
- Use an external image file.
- Use an existing encrypted ECS.
For more information about image encryption, see Encrypting Images.
EVS Disk Encryption
EVS disk encryption supports system disk encryption and data disk encryption.
- When creating an ECS, if you select an encrypted image, the system disk of the created ECS automatically has encryption enabled, and the encryption mode complies with the image encryption mode.
- When creating an ECS, you can encrypt added data disks.
For more information about EVS disk encryption, see EVS Encryption.
Impact on AS
If you use an encrypted ECS to create an Auto Scaling (AS) configuration, the encryption mode of the created AS configuration complies with the ECS encryption mode.
About Keys
The key required for encryption relies on Data Encryption Workshop (DEW). DEW uses a data encryption key (DEK) to encrypt data and uses a customer master key (CMK) to encrypt the DEK.
Table 1 describes the keys involved in the data encryption process.
|
Name |
Description |
Function |
|---|---|---|
|
DEK |
An encryption key that is used for encrypting data. |
Encrypts specific data. |
|
Custom key |
An encryption key created using DEW for encrypting DEKs. A custom key can encrypt multiple DEKs. |
Supports CMK disabling and scheduled deletion. |
|
Default key |
A master key automatically generated by the system when you use DEW for encryption for the first time. The name extension of a default CMK is /default, for example, evs/default. |
|
NOTE:
After disabling a CMK or scheduling the deletion of a CMK takes effect, the EVS disk encrypted using this CMK can still be used until the disk is detached from and then attached to an ECS again. During this process, the disk fails to be attached to the ECS because the CMK cannot be obtained, so the EVS disk becomes unavailable.
For details about DEW, see Data Encryption Workshop User Guide.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
