Updated on 2025-08-05 GMT+08:00

Setting Security Group Rules for a GeminiDB HBase Instance

A security group is a collection of access control rules for ECSs and GeminiDB HBase instances that have the same security protection requirements and are mutually trusted in a VPC.

To ensure database security and reliability, configure security group rules to allow specific IP addresses and ports to access GeminiDB HBase instances.

This section describes how to configure security group rules for a GeminiDB HBase instance connected over a private network.

Usage Notes

  • By default, a tenant can create a maximum of 500 security group rules.
  • Too many security group rules will increase the first packet latency. You are advised to create a maximum of 50 rules for each security group.
  • Currently, a GeminiDB HBase instance can be associated with only one security group.
  • For details about the security group rules for connecting to an instance over a private network, see Table 1.
    Table 1 Security group rules

    Scenario

    Description

    Connecting to an instance over a private network

    Configure security group rules as follows:
    • If the ECS and GeminiDB HBase instance are in the same security group, they can communicate with each other by default. No security group rule needs to be configured.
    • If they are in different security groups, configure security group rules for them, separately.
      • Configure inbound rules for the security group associated with the GeminiDB HBase instance. For details, see Procedure.
      • The default security group rule allows all outbound data packets, so you do not need to set a security rule for the ECS. If not all outbound traffic is allowed in the security group, set an outbound rule for the ECS.

Procedure

  1. Log in to the Huawei Cloud console.
  2. In the service list, choose Databases > GeminiDB.
  3. On the Instances page, click the target instance go to the Basic Information page.
  4. Set security group rules.

    Method 1:

    In the Network Information area on the Basic Information page, click the security group.

    Figure 1 Security group

    Method 2

    On the Basic Information page, choose Connections in the navigation pane on the left. In the Security Group area on the right, click the name of the security group. The Security Group page is displayed.

  5. Add an inbound rule.

    1. Click the Inbound Rules tab.
      Figure 2 Inbound rule

    2. Click Add Rule. The Add Inbound Rule dialog box is displayed.
      Figure 3 Adding a rule
    3. Add a security group rule as prompted.
      Table 2 Inbound rule settings

      Parameter

      Description

      Example Value

      Protocol & Port

      • Protocol: Currently, GeminiDB HBase instances can be accessed only over TCP.
      • Port: The port (1 to 65535) for accessing the ECS.

      TCP

      Type

      IP address type. This parameter is available after IPv6 is enabled.

      • IPv4

      IPv4

      Source

      Source: The source can be an IP address, a security group, or an IP address group which allows access from IP addresses or instances in other security groups. For example:
      • xxx.xxx.xxx.xxx/32 (IPv4 address)
      • xxx.xxx.xxx.0/24 (subnet)
      • 0.0.0.0/0 (any IP address)
      • sg-abc (security group)

      0.0.0.0/0

      Description

      (Optional) Provides supplementary information about the security group rule.

      The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >).

      -

  6. Click OK.