Help Center> Host Security Service (New)> User Guide> Enabling HSS> Enabling Container Node Protection
Updated on 2023-01-20 GMT+08:00

Enabling Container Node Protection

Before enabling protection for a container node, you need to allocate quota to a specified node. If the protection is disabled or the node is deleted, the quota can be allocated to other nodes.

Check Frequency

HSS performs a full check in the early morning every day.

If you enable server protection before the check interval, you can view check results only after the check at 00:00 of the next day is complete.


  • The Agent Status of a server is Online. To check the status, choose Host Security Service > Asset Management > Containers & Quota.
  • You have created nodes on CCE.
  • The Protection Status of the node is Unprotected.


  1. Log in to the management console.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > Host Security Service (New).

    Figure 1 Accessing HSS

  3. In the displayed dialog box, click Try the new edition to switch to the HSS (New) console.

    • Currently, HSS is available in the following regions: CN South-Guangzhou, CN-Hong Kong, AP-Bangkok, and AP-Singapore.
    • On the HSS (New) console, you can click Back to Old Console in the upper left corner to switch to the HSS (Old) console.

  4. In the navigation pane, choose Asset Management > Containers & Quota.

    Figure 2 Accessing the container node management page

  5. In the Operation column of the node list, click Enable Protection.

    Figure 3 Enabling container protection

  6. You can buy quota in pay-per-use or yearly/monthly mode.

    • Yearly/Monthly
      In the displayed dialog box, select Yearly/Monthly, read the Container Guard Service Disclaimer, and select I have read and agreed to Container Guard Service Disclaimer
      Figure 4 Enabling yearly/monthly protection
      The quota can be allocated in the following ways:
      • Select Select a quota randomly. to let the system allocate the quota with the longest remaining validity to the server.
      • Select a quota to allocate.
    • On-demand

      In the displayed dialog box, select pay-per-use, read the Container Guard Service Disclaimer, and select I have read and agreed to Container Guard Service Disclaimer

      Figure 5 Enabling pay-per-use protection

  7. Click OK. If the Protection Status of the server changes to Protected, protection has been enabled.

    • During purchase, set Node Quantity to the number of nodes you want to protect.

Follow-Up Procedure

Disabling protection for a node

Choose Asset Management > Containers & Quota, click the Container Nodes tab, and click Nodes. In the Operation column, click Disable Protection.

If protection is disabled, the quota status will change from occupied to idle. You can allocate the idle quota to another node or unsubscribe unnecessary quota to avoid quota waste.

  • Before disabling protection, perform a comprehensive detection on the container, handle detected risks, and record operation information to prevent O&M errors and attacks on the container.
  • After protection is disabled, clear important data on the container, stop important applications on the container, and disconnect the container from the external network to avoid unnecessary loss caused by attacks.