Security Best Practices
Security is a shared responsibility between Huawei Cloud and you. Huawei Cloud provides secure cloud services. As a tenant, you should properly use the security capabilities provided by cloud services to protect data, and securely use the cloud. For details, see Shared Responsibility.
This section provides best practices for enhancing security of GeminiDB HBase API. You can continuously evaluate the security status of your GeminiDB HBase instances and combine different security capabilities provided by GeminiDB HBase API. By doing this, data in GeminiDB HBase instances can be protected from being disclosed or tampered with.
Consider the following aspects for your security configurations:
- Avoiding Binding EIPs to GeminiDB HBase Instances for Internet Access
- Avoiding Weak Passwords
- Enabling SSL
- Enabling Disk Encryption
- Enabling Data Backup
- Configuring Monitoring by Seconds and Alarm Rules
- Upgrading the Version
Avoiding Binding EIPs to GeminiDB HBase Instances for Internet Access
Do not deploy GeminiDB HBase API on the Internet or DMZ. Deploy GeminiDB HBase API on your internal network and use routers or firewalls to protect GeminiDB HBase API. Do not bind EIPs to GeminiDB HBase instances for Internet access. This prevents unauthorized access and DDoS attacks. You are not advised to bind EIPs to instances. If EIPs are necessary, set security groups.
Avoiding Weak Passwords
When setting or changing an account password, ensure that the password meets the password complexity requirements and do not use weak passwords. By doing so, passwords can be protected from hacker and rainbow table attacks. You can check password strength using the API.
Enabling SSL
If SSL is disabled, data transmitted between the HBase client and server is vulnerable to eavesdropping, tampering, and man-in-the-middle attacks. To improve data transmission security, you are advised to enable SSL. For details, see Encrypting Data over SSL.
Enabling Disk Encryption
Disk encryption improves data security. For details, see the description about disk encryption in Buying a GeminiDB HBase Instance.
Enabling Data Backup
GeminiDB HBase instances support automated and manual backups. You can periodically back up databases. If a database is faulty or data is corrupted, you can restore the database using backups to ensure data reliability. For details, see Data Backup.
Configuring Monitoring by Seconds and Alarm Rules
GeminiDB HBase instances are monitored by default. If a metric exceeds the specified threshold, an alarm is triggered and automatically sent to the cloud account through SMN, so you can stay on top of your GeminiDB HBase instance status. Configure monitoring and alarm rules based on service requirements. For details, see Monitoring and Alarms.
Upgrading the Version
A minor version of GeminiDB HBase API can be upgraded to add new functions, fix issues, and improve security and performance. You are advised to upgrade the version in a timely manner.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
