Updated on 2024-07-12 GMT+08:00

How to Switch from CGS to HSS Console?

You can integrate CGS into the HSS console to centrally manage servers and use the new functions.

Functions of the New and Old CGS

Currently, CGS has been integrated into the HSS console for unified management. The existing functions have been optimized and some new functions have been added.

Table 1 Functions of the new and old CGS

Function

Old CGS

New CGS (New HSS)

Container asset fingerprint management

×

Container node management

Private image management

Local image management

Official image management

×

Shared image management

×

Image vulnerability detection

Malicious image file detection

Image baseline check

Vulnerability escape detection

File escape detection

Abnormal container process detection

Abnormal container configuration detection

Abnormal container startup detection

Malicious container program detection

High-risk system call detection

Sensitive file access detection

Container software information check

Container file information check

Whitelist management

Container policy management

Switchover Process

To switch from CGS to HSS, disable CGS, apply for the HSS container edition, and enable protection.

Step 1: Disabling the Original CGS Protection.

  1. Log in to the management console.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > Container Guard Service. The Container Guard Service console is displayed.
  3. Choose Clusters & Quotas under Container Guard Service to view the cluster protection list.
  4. Click Disable Protection in the Operation column of the target cluster.

    For easy management, you are advised to disable protection for all clusters.

Step 2: Installing an Agent

CGS (old) and HSS (new) are independent of each other. To use the HSS container edition, install a new agent.

  1. Log in to the management console.
  2. Click in the upper left corner of the page, select a region, and choose Security > Host Security Service.
  3. In the navigation pane, choose Asset Management > Containers & Quota.
  4. Click Nodes to check whether the nodes whose protection has been disabled exist in the node list.

    • If the nodes are displayed on the HSS console (new), you do not need to install the agent.
    • If the nodes are not displayed on the HSS console (new), you need to .

Step 3: Enabling Protection

  1. Log in to the management console.
  2. Click in the upper left corner of the page, select a region, and choose Security > Host Security Service.
  3. In the navigation pane, choose Asset Management > Containers & Quota.
  4. In the Operation column of the node list, click Enable Protection.
  5. Click OK. If the Protection Status of the server changes to Protected, protection has been enabled.

    A CGS quota protects one cluster node.