Managing Private Images

Private Image Lifecycle

After you create a private image, you can use it to create cloud servers or EVS disks. You can also share the image with other accounts or replicate it to other regions. Figure 1 shows the lifecycle of a private image.

Figure 1 Private image lifecycle

Creating an ECS from a Private Image

After a system disk image or full-ECS image is created, in the image list, you can locate the image and click Apply for Server to create new ECSs.

Related operations:

Creating an ECS from an Image

Modifying an Image

You can modify the following attributes of an image: name, description, minimum memory, maximum memory, and advanced features such as NIC multi-queue and SR-IOV driver.

Related operations:

Modifying an Image

Sharing Images

You can share an image with other Huawei Cloud accounts. These accounts can use the shared image to quickly create cloud servers or EVS disks identical to your own.

Assume that user A wants to share an image with user B. The process is as follows:

To share the same image with D, A can add D as the tenant who can use the image.

When B has deployed services on the instances created from the shared image and does not need the image any longer, B can reject the shared image.

A can stop the sharing of an image with others.

Related operations:

• Sharing Specified Images
• Replicating a Shared Image
• Adding Tenants Who Can Use Shared Images
• Rejecting Accepted Images
• Stopping Sharing Images
• Image Sharing FAQ

Exporting an Image

You can export private images to your OBS bucket and download them to your local PC for backup.

You can export images of cloud servers from the cloud platform and then use the exported images to create cloud servers for use in on-premises clusters or private clouds. The following figure shows the process of exporting an image.

The following images cannot be exported:

• Public images
• Full-ECS images
• ISO images
• Private images created from a Windows or SUSE public image
• Private images created from a KooGallery image

Related operations:

• Exporting an Image
• Image Export FAQ

Encrypting an Image

You can create encrypted images to improve data security. KMS envelope encryption is used. Encrypted images can be created from external image files or encrypted cloud servers.

Related operations:

• Encryption Methods
• Encrypting an Image
• Image Encryption FAQ

Replicating Images Within a Region

You can replicate an image within a region to make encrypted or unencrypted copies or enable some advanced features (such as fast server creation).

Related operations:

Replicating Images Within a Region

Replicating Images Across Regions

You can replicate private images created in one region to another region. Cross-region replication can be used together with image sharing for cross-region, cross-account image replication.

Figure 2 Typical cross-region replication

Related operations:

Replicating Images Across Regions

Tagging Images

You can tag your private images for easier management and search.

A maximum of 10 tags can be added for a private image. You can add tags when you create an image or add them on the details page of the image you created.

Related operations:

Managing Tags

Exporting an Image List

You can export the public or private image list in a given region as a CSV file for local maintenance and query.

Related operations:

Exporting an Image List

Converting the Image Format

Only image files in VMDK, VHD, QCOW2, RAW, VHDX, QED, VDI, QCOW, ZVHD2, or ZVHD format can be imported to Huawei Cloud. Image files in other formats need to be converted before being imported. You can use the open-source tool qemu-img or the Huawei tool qemu-img-hw to convert the image.

qemu-img can be used for mutual conversion of formats VHD, VMDK, QCOW2, RAW, VHDX, QCOW, VDI, and QED but cannot be used for the format conversion into ZVHD or ZVHD2. To convert an image file into any of the two formats, use qemu-img-hw.

Related operations:

• Converting the Image Format Using qemu-img
• Converting the Image Format Using qemu-img-hw

Deleting Images

You can delete images that will be no longer used. Deleting an image does not affect the cloud servers or EVS disks created from that image.

Related operations:

Deleting Images

Managing Permissions

You can use Identity and Access Management (IAM) for fine-grained permissions control over your IMS resources. With IAM, you can:

• Create IAM users for employees based on the organizational structure of your enterprise. Each IAM user has their own security credentials, providing access to IMS resources.
• Grant users only the permissions required to perform a given task based on their job responsibilities.
• Entrust a Huawei Cloud account or cloud service to perform professional and efficient O&M on your IMS resources.

Related operations:

• Permissions
• Creating a User and Granting Permissions
• Creating a Custom Policy

Auditing Key Operations

Cloud Trace Service (CTS) records operations on cloud resources in your account. You can use the logs to perform security analysis, track resource changes, audit compliance, and locate faults.

Once CTS is enabled, it starts recording IMS operations. You can check the records generated over the last seven days on the CTS console.

Related operations:

• IMS Operations Audited by CTS
• Viewing Traces

APIs

IMS provides Representational State Transfer (REST) APIs that can be called through HTTPS requests. You can call these APIs to create, register, replicate, and share images.

Related operations:

API Overview

SDKs

IMS provides SDKs in multiple programming languages to facilitate secondary development. Currently, Java, Python, Go, and .NET SDKs are available.

Related operations:

IMS SDKs