Updated on 2025-05-22 GMT+08:00

Workload-Level Reference Architecture

For some small and medium-sized enterprises, a single Huawei Cloud account is sufficient for their IT system management. In such cases, customers deploy all their workloads within that one account.

Huawei Cloud provides a workload-level security reference architecture for a single account.

The security design of this architecture is as follows:

  • Network security
    • Anti-DDoS Service is used to defend against DDoS attacks.
    • Web Application Firewall (WAF) is used to defend against web attacks.
    • SSL certificates are used for communication encryption.
    • Cloud Firewall (CFW) is implemented between Internet borders and VPCs.
  • Operating environment security
    • Host Security Service (HSS) protects host and container security.
    • Network ACLs and security groups are used for access control in a VPC.
    • Vulnerability Scan Service (VSS) is used to periodically scan vulnerabilities of cloud resources.
  • Data security
    • Data Security Center (DSC) ensures data security throughout the data lifecycle.
    • Data encryption is enabled by default.
    • Database Security Service (DBSS) is deployed for key databases.
    • Cloud Backup and Recovery (CBR) is used to prevent loss of key data.
  • Security operations
    • SecMaster monitors the overall security of the cloud.
    • Services such as Cloud Log Service (LTS), Cloud Trace Service (CTS), Config, and Cloud Eye are used to manage cloud resources.
    • Threat Detection Service (TDS) is used to detect malicious activities and unauthorized behaviors in logs of various cloud services.
    • Cloud Bastion Host (CBH) is used for O&M.