forked from docs/virtual-private-cloud
Update content
This commit is contained in:
parent
4051c527ba
commit
9dedeb2785
Binary file not shown.
|
After Width: | Height: | Size: 33 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 19 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 1004 B |
Binary file not shown.
|
After Width: | Height: | Size: 42 KiB |
16
doc/best-practice/source/best_practice/index.rst
Normal file
16
doc/best-practice/source/best_practice/index.rst
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
:original_name: bestpractice_0001.html
|
||||||
|
|
||||||
|
.. _bestpractice_0001:
|
||||||
|
|
||||||
|
Best Practice
|
||||||
|
=============
|
||||||
|
|
||||||
|
- :ref:`VPC and Subnet Planning Suggestions <bestpractice_0002>`
|
||||||
|
- :ref:`Using IP Address Groups to Reduce the Number of Security Group Rules <bestpractice_0013>`
|
||||||
|
|
||||||
|
.. toctree::
|
||||||
|
:maxdepth: 1
|
||||||
|
:hidden:
|
||||||
|
|
||||||
|
vpc_and_subnet_planning_suggestions
|
||||||
|
using_ip_address_groups_to_reduce_the_number_of_security_group_rules
|
||||||
@ -0,0 +1,99 @@
|
|||||||
|
:original_name: bestpractice_0013.html
|
||||||
|
|
||||||
|
.. _bestpractice_0013:
|
||||||
|
|
||||||
|
Using IP Address Groups to Reduce the Number of Security Group Rules
|
||||||
|
====================================================================
|
||||||
|
|
||||||
|
Scenarios
|
||||||
|
---------
|
||||||
|
|
||||||
|
Finance and securities enterprises have high security requirements when planning cloud networks. Access to servers is often controlled based on IP addresses. To simplify security group rule configuration and provide refined security control, you can use IP address groups in case of the following scenarios:
|
||||||
|
|
||||||
|
- A security group has more than 40 rules.
|
||||||
|
- The direction, type, protocol, and port of security group rules are the same except the address.
|
||||||
|
|
||||||
|
Constraints
|
||||||
|
-----------
|
||||||
|
|
||||||
|
- An IP address group can contain a maximum of 20 IP addresses or IP address ranges.
|
||||||
|
|
||||||
|
Prerequisites
|
||||||
|
-------------
|
||||||
|
|
||||||
|
You have created one or more security groups for access control.
|
||||||
|
|
||||||
|
Typical Case
|
||||||
|
------------
|
||||||
|
|
||||||
|
For example, you plan to configure the following rules for security group A.
|
||||||
|
|
||||||
|
========= ==== ======== ========== =========================
|
||||||
|
Direction Type Protocol Port Range Source/Destination
|
||||||
|
========= ==== ======== ========== =========================
|
||||||
|
Inbound IPv4 TCP 22122 Source: 11.19.255.64/30
|
||||||
|
Inbound IPv4 TCP 22122 Source: 113.31.128.252/30
|
||||||
|
Inbound IPv4 TCP 22122 Source: 113.31.138.0/25
|
||||||
|
Inbound IPv4 TCP 22122 Source: 183.232.25.208/28
|
||||||
|
========= ==== ======== ========== =========================
|
||||||
|
|
||||||
|
The four inbound rules have the same port, type, and protocol but different source IP addresses. In this case, you can use an IP address group to reconfigure the security group rules.
|
||||||
|
|
||||||
|
Procedure
|
||||||
|
---------
|
||||||
|
|
||||||
|
**Create an IP address group.**
|
||||||
|
|
||||||
|
#. Log in to the management console.
|
||||||
|
#. Click |image1| in the upper left corner and select the desired region and project.
|
||||||
|
#. Under **Networking**, click **Virtual Private Cloud**.
|
||||||
|
#. In the navigation pane on the left, choose **Access Control** > **IP Address Groups**.
|
||||||
|
#. Click **Create IP Address Group**.
|
||||||
|
#. Set the parameters.
|
||||||
|
|
||||||
|
- **Name**: **ipGroup-A**
|
||||||
|
|
||||||
|
- **IP Address**:
|
||||||
|
|
||||||
|
11.19.255.64/30
|
||||||
|
|
||||||
|
113.31.128.252/30
|
||||||
|
|
||||||
|
113.31.138.0/25
|
||||||
|
|
||||||
|
183.232.25.208/28
|
||||||
|
|
||||||
|
|
||||||
|
.. figure:: /_static/images/en-us_image_0000001124559441.png
|
||||||
|
:alt: **Figure 1** Creating an IP address group
|
||||||
|
|
||||||
|
**Figure 1** Creating an IP address group
|
||||||
|
|
||||||
|
#. Click **OK**.
|
||||||
|
|
||||||
|
**Configure a security group rule.**
|
||||||
|
|
||||||
|
8. In the navigation pane on the left, choose **Access Control** > **Security Groups**.
|
||||||
|
9. Locate security group A and click **Manage Rule** in the **Operation** column.
|
||||||
|
10. Under **Inbound Rules**, click **Add Rule**.
|
||||||
|
11. Set the parameters.
|
||||||
|
|
||||||
|
- **Protocol & Port**: **TCP** and **22122**
|
||||||
|
|
||||||
|
- **Type**: **IPv4**
|
||||||
|
|
||||||
|
- **Source**: **ipGroup-A**
|
||||||
|
|
||||||
|
|
||||||
|
.. figure:: /_static/images/en-us_image_0000001124559429.png
|
||||||
|
:alt: **Figure 2** Configuring a security group rule
|
||||||
|
|
||||||
|
**Figure 2** Configuring a security group rule
|
||||||
|
|
||||||
|
12. Click **OK**.
|
||||||
|
|
||||||
|
**Delete old security group rules.**
|
||||||
|
|
||||||
|
13. Delete four old security group rules after the configured security group rule takes effect.
|
||||||
|
|
||||||
|
.. |image1| image:: /_static/images/en-us_image_0141273034.png
|
||||||
File diff suppressed because it is too large
Load Diff
@ -2,3 +2,7 @@
|
|||||||
Virtual Private Cloud - Best Practice
|
Virtual Private Cloud - Best Practice
|
||||||
=====================================
|
=====================================
|
||||||
|
|
||||||
|
.. toctree::
|
||||||
|
:maxdepth: 1
|
||||||
|
|
||||||
|
best_practice/index
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user