Help Center/ Host Security Service/ FAQs/ Container Security/ How Do I Switch from CGS to HSS?
Updated on 2024-11-15 GMT+08:00

How Do I Switch from CGS to HSS?

You can integrate CGS into the HSS console to centrally manage servers and use the new functions.

Functions of the New and Old CGS

Currently, CGS has been integrated into the HSS console for unified management. The existing functions have been optimized and some new functions have been added.

Table 1 Functions of the new and old CGS

Function

Old CGS

New CGS (New HSS)

Container asset fingerprint management

×

Container node management

Private image management

Local image management

Official image management

×

Shared image management

×

Image vulnerability detection

Malicious image file detection

Image baseline check

Vulnerability escape detection

File escape detection

Abnormal container process detection

Abnormal container configuration detection

Abnormal container startup detection

Malicious container program detection

High-risk system call detection

Sensitive file access detection

Container software information check

Container file information check

Whitelist management

Container policy management

Switchover Process

To switch from CGS to HSS, disable CGS, purchase the HSS container edition, and enable protection.

Figure 1 CGS switch procedure

Step 1: Disabling the Original CGS Protection.

  1. Log in to the management console.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > Container Guard Service. The Container Guard Service console is displayed.
  3. Choose Clusters & Quotas under Container Guard Service to view the cluster protection list.

    Figure 2 Viewing the protection status of a container cluster

  4. Click Disable Protection in the Operation column of the target cluster.

    For easy management, you are advised to disable protection for all clusters.

  5. After disabling the protection for all clusters, click the Protection Quotas tab. In the Operation column of quotas, click More > Unsubscribe to unsubscribe from them one by one.

    Figure 3 Unsubscribing from container edition quotas

    If the original quota billing mode is pay-per-use, the billing stops when you disable the protection.

Step 2: Installing an Agent

CGS (old) and HSS (new) are independent of each other. To use the HSS container edition, install a new agent.

  1. Log in to the management console.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > HSS.
  3. In the navigation pane, choose Asset Management > Containers & Quota.
  4. Click Nodes to check whether the nodes whose protection has been disabled exist in the node list.

    • If the nodes are displayed on the HSS console (new), you do not need to install the agent.
    • If the nodes are not displayed on the HSS console (new), you need to install an agent.

Step 3: Purchasing Container Edition Quotas on the HSS Console

  1. Log in to the management console.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > HSS.
  3. In the navigation pane, choose Asset Management > Containers & Quota.
  4. Click Buy CGS.
  5. Configure CGS specifications.

    Table 2 Parameters for purchasing HSS

    Parameter

    Description

    Example Value

    Billing Mode

    Only the Yearly/Monthly billing mode is supported.

    Yearly/Monthly

    Region

    • To minimize connection issues, purchase quota in the region of your servers.

    CN-Hong Kong

    Edition

    Select Container. For details about how to enable the pay-per-use billing mode, see Enabling Container Node Protection.

    Container

    Node Quantity

    Number of purchased container edition quotas

    10

    Required Duration

    • Select a duration as needed.
    • You are advised to select Auto-renew to ensure your servers are always protected.
    • If you select Auto-renew, the system will automatically renew your subscription as long as your account balance is sufficient. The renewal period is the same as the required duration.
    • If you do not select Auto-renew, manually renew the service before it expires.

    1 year

    Tags

    You can put tags on cloud resources of the same type to help you quickly search for resources.

    cgs-data

  6. In the lower right corner of the page, click Next.

    For details about pricing, see Product Pricing Details.

  7. After confirming that the order, select I have read and agree to the Host Security Service Disclaimer and click Pay Now.
  8. Click Pay Now and complete the payment.

Step 4: Enabling Protection

  1. Log in to the management console.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > HSS.
  3. In the navigation pane, choose Asset Management > Containers & Quota.
  4. In the Operation column of the node list, click Enable Protection.

    Figure 4 Enabling container protection

  5. You can buy quota in pay-per-use or yearly/monthly mode.

    • Yearly/Monthly

      In the displayed dialog box, select Yearly/Monthly, read the Container Guard Service Disclaimer, and select I have read and agreed to Container Guard Service Disclaimer.

      The quota can be allocated in the following ways:
      • Select Random quota to let the system allocate the quota with the longest remaining validity to the server.
      • Select a quota ID and allocate it to a server.
    • On-demand

      In the displayed dialog box, select Pay-per-use, read the Container Guard Service Disclaimer, and select I have read and agreed to Container Guard Service Disclaimer.

  6. Click OK. If the Protection Status of the server changes to Protected, protection has been enabled.

    A CGS quota protects one cluster node.