About This Document
Huawei Cloud Elastic Cloud Server (ECS) provides scalable cloud servers that offer secure, reliable, and high-performance compute resources. The QingTian system is the underlying virtualization platform for QingTian ECSs. It is a combination of custom-designed servers, data processors, system management components, and dedicated firmware for cloud data centers.
The QingTian system architecture supports multiple forms (VMs, bare metal servers, and containers) and heterogeneous compute. Based on the QingTian system, Huawei Cloud builds infrastructure cloud services with higher security, isolation, performance, and lower costs. QingTian also provides trusted computing, confidential computing, and a series of security features for multi-tenant isolation and cloud service isolation.
Huawei Cloud's top priority is to ensure the confidentiality, integrity, and availability of customers' workloads. It continuously invests in key security technologies and engineering best practices to meet and even exceed the most demanding customers' requirements for data security and privacy protection on the cloud.
This document describes the security design of the QingTian system and the multi-dimensional isolation capabilities provided based on the QingTian system to help you evaluate the applicability of ECS to sensitive workloads.
- QingTian System Overview: describes virtualization technologies and the architecture changes after QingTian is introduced.
- QingTian Threat Assumptions and Security Methods: describes the threat assumptions and security design methods of the QingTian system.
- QingTian System Components: describes the key security design of QingTian system components, including QingTian Cards (QingTian Controller and I/O offloading cards) and QingTian Hypervisor.
- QingTian Confidential Computing: describes the design concepts of QingTian confidential computing, including isolation design in two dimensions and cryptographic attestation.
- From Physical Isolation to Logical Isolation: describes how to enhance a series of security isolation technologies from physical isolation to logical isolation based on QingTian.
- Zero-Privilege O&M: describes the zero-privilege O&M concept of Huawei Cloud production systems and key security system protection practices.
- Case: Secure Cloud Migration of Financial Customer Data: provides a design reference for financial customers to protect cloud data security.
- Conclusion: summarizes the functions and advantages of the QingTian system.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
