Configuring an ECS

Access and Connection

We recommend that you use the Virtual Network Computing (VNC) when logging in to your ECS for the first time and check that the ECS is running properly.

For details, see:

• Login Using VNC
• Login Using VNC

The next time you log in, you can choose a proper login method based on your local environment and whether your ECS has an EIP bound. For details, see How Do I Log In to My ECS?.

System Updates

• Linux image source updates

  To obtain the latest system updates and software installation dependencies, update the image source before using an ECS.

  Huawei Cloud image sources are stable and can be updated without accessing the Internet. For ECSs running EulerOS, CentOS, Debian, or Ubuntu, replace their image sources with Huawei Cloud images sources by referring to How Can I Use an Automated Tool to Configure a Huawei Cloud Image Source (x86_64 and Arm)?

• Windows patches and drivers updates

  To improve the fault rectification capability and performance of ECSs, periodically update Windows patches and drivers.

  You can enable Windows automatic updates to detect the latest patches and driver versions.

Data Storage

• Storage security

  To ensure data storage security, use the system disk to store OS data and use data disks to store application data. This ensures data security and prevents data loss caused by system faults. As service demand changes, you can expand storage capacity by:

  • Expanding disk capacity: You can expand both system disks and data disks. For details, see Expanding Capacity for an In-use EVS Disk.
  • Adding data disks: You can add only data disks. After adding disks, you need to attach and initialize them before they can be used.

• Data encryption

  To further protect data security, both the system and data disks can be encrypted. For details, see Managing Encrypted EVS Disks.

Security Management

• Identity authentication

  To securely control access to resources and centrally manage permissions, use IAM users and Enterprise Management for identity authentication, permissions management, and resource group management. For details, see Assigning Permissions to O&M Personnel and Multi-project Management Cases.

• Login authentication

  To ensure that the password can be reset successfully, install one-click password reset plug-ins or update one-click password reset plug-ins after purchasing an ECS.

• Access control
  To control inbound and outbound access to ECSs and improve security, set access control policies based on:

  • ECSs: Configure security group rules to control access to ECSs.
  • Subnets: Configure network ACLs to control access to all ECSs in a given subnet.
• Server security

  In addition to the basic edition of Host Security Service (HSS), use advanced editions to enhance the security of your ECSs. For details about HSS editions, see Edition details and HSS Getting Started.

• Network security

  To protect an ECS with an EIP bound from online attacks, purchase Selecting DDoS Mitigation Editions.

• Critical operation protection

  To ensure account and operation security, enable operation protection. This will require identity authentication for critical operations like stopping, restarting, or deleting resources. Operation protection takes effect for your account and IAM users created using your account.

  For details, see Protection for Mission-Critical Operations.

Backup and Restore

• Data backup and restore

  To quickly restore data in case of virus intrusion, mis-deletion, and hardware or software faults, back up data periodically. For details, see Cloud Backup and Recovery (CBR).

  After the backup is successful, you can restore data using a cloud server backup or use a backup to create an image.

• Service disaster recovery (DR)

  For high service DR capabilities, deploy ECSs in the same region in different AZs. For details about AZs, see Region and AZ and Purchasing a Custom ECS.

• Service high availability (HA)

  To achieve HA through active/standby ECS switchovers, build highly available web server clusters with Keepalived.

Resource Management

• Monitoring

  Use Cloud Eye to keep informed of ECS performance metrics and statuses in real time, and receive alarms if any exceptions occur.

• Tracing

  Use Cloud Trace Service (CTS) to record operations on your ECSs for later query, auditing, and backtracking.

• Logging

  Use Log Tank Service (LTS) to collect ECS logs for centralized management. With LTS, you can analyze large volumes of logs efficiently, securely, and in real time and gain insights into improving availability and performance of applications.