Help Center/ Scalable File Service Turbo/ Best Practices/ SFS Turbo Security Best Practices
Updated on 2025-04-10 GMT+08:00
View PDF
Share

SFS Turbo Security Best Practices

SFS Turbo provides scalable, high-performance file storage that can be used for AI training, AI generated content (AIGC), autonomous driving, rendering, EDA simulation, and enterprise NAS applications. SFS Turbo supports shared storage access to help enterprises easily process petabytes (PBs) of data and address service challenges in the intelligence era.

To help secure your workload on SFS Turbo file systems, follow the best practices below as needed:

Data Encryption

You can encrypt data on newly created file systems if needed.

You are advised to enable encryption when creating SFS Turbo file systems. For details, see Creating an SFS Turbo File System.

Encrypted Transmission

Encrypted transmission allows you to protect your data transmitted between clients and SFS Turbo file systems using the TLS protocol.

You are advised to use the TLS protocol to access data in SFS Turbo file systems. For details, see Protecting Data in Transit Using Encrypted Transmission.

Data Backup

In case of a virus attack, accidental deletion, or software or hardware fault, you can use an SFS Turbo backup to create a new SFS Turbo file system. Data on the new file system is the same as that in the backup.

  1. You are advised to enable backup when creating SFS Turbo file systems. For details, see Creating an SFS Turbo File System.
  2. If your file system is not associated with any SFS Turbo backup vault, you are advised to associate it with an SFS Turbo backup vault. For details, see Associating Resources with a Vault.
  3. If your file system is associated with an SFS Turbo backup vault but no policy is applied to the vault, you are advised to apply a backup policy. For details, see Applying a Policy to a Vault.
  4. If the applied backup policy is not enabled, you are advised to enable the policy. For details, see Modifying a Policy.

Network Isolation

Only clients in the same VPC as an SFS Turbo file system can access the file system data.

SFS Turbo supports security group rules. You can control client access to an SFS Turbo file system by configuring security group rules.

SFS Turbo supports IP address authentication. You can grant clients different permissions based on IP addresses or network ranges.

To better use these functions, before creating an SFS Turbo file system, you are advised to:

  1. Plan different subnets in the VPC. Specifically, plan a subnet for the SFS Turbo file system and plan different subnets for clients with different permissions. For details, see Creating a VPC and Subnet.
  2. Plan a security group. Specifically, configure inbound rules for the security group to only allow traffic over the ports required by SFS Turbo and add the planned client subnets as the source IP addresses. Different types of SFS Turbo file systems require different ports. For details, see Creating an SFS Turbo File System.
  3. When creating the SFS Turbo file system, select the subnet and security group planned for the file system. For details, see Creating an SFS Turbo File System.
  4. After the file system is created, configure authentication rules to grant clients different permissions based on IP addresses or CIDR blocks. For details, see Managing Permissions.