Purchasing and Enabling HSS

Scenario

HSS helps you identify and manage the assets on your servers, eliminate risks, and defend against intrusions. There are also proactive protection and security operations functions available to help you easily detect and handle threats. For details about the server security protection functions provided by HSS, see Product Functions.

The following is an example to describe how to buy and enable HSS.

• Server: EulerOS 2.9 Huawei Cloud ECS
• Protection quotas
  • Billing mode: Yearly/Monthly
  • Version specification: Premium edition
  • Quantity: 1

Process

Preparations

1. Before purchasing HSS, create a Huawei account and subscribe to Huawei Cloud. For details, see Registering a Huawei ID and Enabling Huawei Cloud Services and Real-Name Authentication.

   If you have enabled Huawei Cloud services and completed real-name authentication, skip this step.

2. Ensure that your account has sufficient funds to prevent failures in purchasing HSS protection quotas. For details, see Topping Up an Account.
3. If you perform operations as an IAM user, ensure that the IAM user has been assigned the HSS FullAccess permission. For details, see Creating a User and Granting Permissions .

   When purchasing HSS protection quotas, you need to assign the BSS Administrator permission to IAM users.

4. A Huawei Cloud ECS for which HSS will be enabled is available.

Step 1: Purchase HSS Quota

1. Log in to the management console.
2. Click in the upper left corner and select the region and project.
3. Click in the upper left corner of the page and choose Security & Compliance > HSS.
4. In the upper right corner of the Dashboard page, click Buy HSS.
5. Configure parameters.

   Table 1 Parameters for purchasing HSS

   Parameter	Example	Description
   Billing Mode	Yearly/Monthly	Select the billing mode. For more information, see Pricing Details. Yearly/Monthly: You can buy a prepaid yearly/monthly package if you intend to use the service for a long time. The fee is lower than that of pay-per-use. Pay-per-use: You pay for the used resources based on the actual service duration (in hours), without a minimum fee.
   Region	CN-Hong Kong	Select the region of server. After the HSS is purchased, the region cannot be changed. Exercise caution when selecting a region.
   Edition Specifications	Premium edition	HSS provides basic, professional, premium, WTP, and container editions. Functions vary depending on editions. For details about functions supported by each edition, see Functions.
   Enterprise Project	default	This parameter is displayed only when you use an enterprise account to purchase protection quotas. It enables unified management of cloud resources by project.
   Tag	Not added	Tags are used to identify server security, facilitating cloud resource classification and management.
   Automatically assign	Not selected	When a server or container node is added and the agent is installed for the first time, it will be bound to an available yearly/monthly quota. Only unused quotas will be bound, and no new order or fee will be generated.
   Required Duration	1 month	Select the required duration. The longer the subscription period, the higher the discount. You do not need to configure the pay-per-use billing mode.
   Auto-Renewal	Not selected	If this option is selected, the system automatically renews the service based on the subscription period. You do not need to configure the pay-per-use billing mode.
   Quantity	1	Set the value based on the actual number of servers.

6. In the lower right corner of the page, click Next.
7. After confirming that the order, select I have read and agree to the Host Security Service Disclaimer.
8. Click Pay Now and complete the payment.
9. Click Host Security Service to return to the HSS console.

Step 2: Install an Agent

1. In the navigation pane, choose Installation & Configuration > Server Install & Config.
2. Choose Agents > Servers Without Agents.
3. In the Operation column of the target server, click Install Agent. The Install Agent dialog box is displayed.
   Figure 1 Installing an agent
   

4. Select and set the server verification information.

   Table 2 Parameters for installing the agent

   Parameter	Example	Description
   Server Authentication Mode	Account and Password	Account and password: Use the server IP address and password to verify the installation. Key: Authenticate the installation using a cloud key (in DEW) or a user-created key (Linux only).
   Allow direct connection with root permissions	Select it.	The root account can be used to directly log in to the server. After you enter the root user password and login port, HSS will use your root account to install the agent for the server.
   Server Root Password	-	Set the parameters based on the actual server information.
   Server Login Port	22	Enter the actual login port of the server.

   Figure 2 Enter the server verification information.
   

5. Click OK to start installation.
6. Choose Servers With Agents page and view the agent status of the target server.

   If the Agent Status is Online, the agent is successfully installed.

Step 3: Enable Protection

1. In the navigation pane on the left, choose Asset Management > Servers & Quota.
2. In the Operation column of a server, click Enable.
3. In the dialog box that is displayed, select the mode.

   Table 3 Parameters for enabling protection

   Parameter	Example	Description
   Billing Mode	Yearly/Monthly	The value must be the same as the charging mode specified by Step 1: Purchase HSS Quota.
   Edition	Premium edition	The value must be the same as the version selected in Step 1: Purchase HSS Quota.
   Select Quota	90e0ca09-ed16-4de0-b91c-ac7169beada9	Select the quota purchased in Step 1: Purchase HSS Quota.

4. After confirming the information, select I have read and agree to the Host Security Service Disclaimer.
5. Click OK.
6. If the Protection Status of the target server is Protected, the protection is enabled successfully.
   Figure 3 Viewing the protection status
   

Follow-Up Procedure

Enable active protection for servers.