Help Center> Cloud Server Backup Service> User Guide> Backup> Enabling Application-Consistent Backup> Changing a Security Group
Updated on 2022-02-22 GMT+08:00
View PDF

Changing a Security Group

Context

A security group is a collection of access control rules for ECSs that have the same security protection requirements and are mutually trusted in a VPC. After a security group is created, you can create different access rules for the security group to protect the ECSs that are added to this security group. The default security group rule allows all outgoing data packets. ECSs in a security group can access each other without the need to add rules. The system creates a security group for each cloud account by default. Users can also create custom security groups by themselves.

When creating a security group, you need to add the inbound and outbound access rules and enable the ports required for application-consistent backup to prevent application-consistent backup failures.

Description

Before using the application-consistent backup function, you need to change the security group. To ensure network security, CSBS has not set the inbound direction of a security group, so you need to manually configure it.

In the outbound direction of the security group, ports 1 to 65535 on the 100.125.0.0/16 network segment must be configured. In the inbound direction, ports 59526 to 59528 on the 100.125.0.0/16 network segment must be configured. The default outbound rule is 0.0.0.0/0, that is, all data packets are permitted. If the default rule in the outbound direction is not modified, you do not need to configure the outbound direction.

Procedure

  1. Access the cloud server console.
  2. In the navigation tree on the left, choose Elastic Cloud Server or Bare Metal Server. On the page displayed, select the target server. Go to the target server details page.
  3. Click the Security Group tab and select the target security group. Click Modify Security Group Rule for an elastic cloud server on the right of the ECS page. Click Change Security Group for a bare metal server. In the dialog box displayed, click Manage Security Group.
  4. On the Security Groups page, click the Inbound Rules tab, and then click Add Rule. The Add Inbound Rule dialog box is displayed, as shown in Figure 1. Select TCP for Protocol/Application, enter 59526-59528 in Port & Source, select IP address for Source and enter 100.125.0.0/16. After supplementing the description, click OK to complete the setting of the inbound rule.

    Figure 1 Adding an inbound rule

  5. Click the Outbound Rules tab, and then click Add Rule. The Add Outbound Rule dialog box is displayed, as shown in Figure 1. Select TCP for Protocol/Application, enter 1-65535 in Port & Source, select IP address for Source and enter 100.125.0.0/16. After supplementing the description, click OK to complete the setting of the outbound rule.

    Figure 2 Adding an outbound rule