Workload-Level Reference Architecture
For some small and medium-sized enterprises, a single Huawei Cloud account is sufficient for their IT system management. In such cases, customers deploy all their workloads within that one account.
Huawei Cloud provides a workload-level security reference architecture for a single account.
The security design of this architecture is as follows:
- Network security
- Anti-DDoS Service is used to defend against DDoS attacks.
- Web Application Firewall (WAF) is used to defend against web attacks.
- SSL certificates are used for communication encryption.
- Cloud Firewall (CFW) is implemented between Internet borders and VPCs.
- Operating environment security
- Host Security Service (HSS) protects host and container security.
- Network ACLs and security groups are used for access control in a VPC.
- Vulnerability Scan Service (VSS) is used to periodically scan vulnerabilities of cloud resources.
- Data security
- Data Security Center (DSC) ensures data security throughout the data lifecycle.
- Data encryption is enabled by default.
- Database Security Service (DBSS) is deployed for key databases.
- Cloud Backup and Recovery (CBR) is used to prevent loss of key data.
- Security operations
- SecMaster monitors the overall security of the cloud.
- Services such as Cloud Log Service (LTS), Cloud Trace Service (CTS), Config, and Cloud Eye are used to manage cloud resources.
- Threat Detection Service (TDS) is used to detect malicious activities and unauthorized behaviors in logs of various cloud services.
- Cloud Bastion Host (CBH) is used for O&M.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot