百度智能云
All Product Document

          Cloud Compute Service

          • Cloud Compute Service
          • >
          • Operation Guide
          • >
          • Security
          • >
          • Security Group

          Security Group

          Last Updated2020-10-20
          • When you create a BCC instance, you can select the default security group or the custom security group.
          • You must select a security group for each BCC instance.
          • Each BCC instance can be associated with up to 10 security groups. If a BCC instance is associated with more than one security group, the rules for this BCC instance to take effect are a set of all rules associated with security groups.
          • Users can allow the communication between all BCC instances associated with this security group, or the communication between the instance associated with other security groups and the instance associated with this security group. The BCC instances associated with the same security group can communicate with each other by default.
          • The association of BCC instance is not supported under the security group dimension. It can be added to the security group through the BCC instance only.
          • You can not delete the default security group. You can add, delete or modify the rules. Only default security group provides the Quick Reset Initial Settings button.

          Rules for default security groups:

          • Inbound: It allows to acess all ports, i.e., it allows the traffic of all public IP to enter all ports of associated BCC.
          • Outbound: It allows to acess all ports, i.e., it allows all ports of associated BCC toaccess all port of all public IPs.

          Create a Security Group

          Application Scenarios

          The security group allows all inbound and outbound access by default. If a user wants to build a whitelist of inbound and outbound rules for a BCC instance, it needs to create a security group and then define its desired inbound and outbound rules in this security group. After that, it needs to associate a BCC instance with this security group, and disassociate the Baidu Cloud Compute with the default security group.

          If BCC is used as the backend server of BLB, you need to configure the security group rules to ensure the normal operation of business. See Security Group Settings of Backend Server for details.

          Relevant Rules

          The user can create a security group through a console by following the rules below:

          • At most 100 security groups can be created for each account.
          • After the security group quota runs out, the button turns into grey, indicating that no more security groups can be created.
          • When creating a security group, you can specify detailed rules through the “Inbound” and “Outbound” tabs of “Port Settings”.
          • Up to 50 inbound rules and 50 outbound rules can be added to each security group.

          Operation Steps:

          1. Select "Product Service" > "BCC" to enter the "Instance List" interface.
          2. Select "Security Group" in the left navigation bar to enter the "Security Group" interface of BCC console.

          image.png

          1. Click "Create a Security Group" to enter the "Create a Security Group" interface.

          image.png

          1. Enter the security group name and description as required.
          2. Select a port setting method. The inbound and outbound rules are set up as two independent tabs, and can be set up with the following methods:
          • When "Allow Accessing All Ports" is Off, you can select "Add a Rule" to set up inbound and outbound rules. When doing so, you can select the shortcut template on the right for quick settings.

          image.png

          • When "Allow Accessing All Ports" is Off, if no rules have been added, it may cause that the Baidu Cloud Compute cannot communicate with the outside. In this way, you can only remotely log in to and access the Baidu Cloud Compute through VNC, so please select this option carefully.

          • When "Allow Accessing All Ports" is On, all service ports of the Baidu Cloud Compute are exposed to the network environment. Under such conditions, some security risks may be available, so please select this option carefully.

            6.After clicking “OK”, the “Security Group Details” page pops up, on which you can create a security group.

          Edit a Security Group

          Application Scenarios

          When you need to modify the security group rules or change the security group name and description information, you can use this feature.

          Note: To ensure the system security, it is recommended that you do not change relevant configuration of Default Security Group. If you need a security group mechanism with other privilege, you can create a security group and bind it with the BCC instance.

          Relevant Rules

          You can edit all information other than the security group ID.

          Operation Steps:

          1. Select "Product Service" > "BCC" to enter the "Instance List" interface.
          2. Select "Security Group" in the left navigation bar to enter the "Security Group" interface of BCC console.
          3. Select "Security Group Name" to enter the "Edit Security Group" interface.

          For the "Protocol" to modify the rules, select "Edit" in the corresponding action bar to enter the "Edit" page.

          image.png

          1. Edit the corresponding information as required, and then click "OK" to change the security group information successfully.

          Copy a Security Group

          Application Scenarios

          You can quickly create the security groups of the same rules by copying the security group features.

          Relevant Rules

          • You can customize the security group name, and add the suffix Copy to the original security group name by default.
          • When it is up to the quota of 20 security groups, you can not copy the security group.

          Operation Steps:

          1. Select "Product Service" > "BCC" to enter the "Instance List" interface.
          2. Select "Security Group" in the left navigation bar to enter the "Security Group" interface of BCC console.
          3. For the "Security Group Name", select the "Copy" button in the corresponding action bar to pop up the "Copy Security Group ID" interface.

          image.png

          1. Click "OK" to copy the security group information successfully.

          Delete a Security Group

          Application Scenarios

          When you do not need the security group, you can delete the security group.

          Relevant Rules

          You can delete the unassociated custom security groups directly. You need to disassociate the associated security group before deletion.

          Operation Steps:

          1. Select "Product Service" -> "BCC" to enter the "Instance List" interface.
          2. Select "Security Group" in the left navigation bar to enter the "Security Group" interface of BCC console.
          3. Select "Security Group Name" to delete, and then click the "Delete" button in the action bar to pop up the "Delete Security Group" interface.

          image.png

          1. For the unassociated security group, click "OK" to delete this security group information directly.

          Note:

          • You can also batch delete the security groups. Select the security group to delete in the security group list, and click "Delete".
          • You need to disassociate with BCC instance of the associated security group before the deletion of associated security group. See Disassociate Security Group for details.

          Associate with a Security Group

          Application Scenarios

          After the creation of security group, you need to bind this associated security group to the corresponding BCC, so that this BCC can perform the network access control function according to the setting of security group rules.

          Relevant Rules

          You can select one or more instances from the BCC instance list, and then click the "Associate with a Security Group" button to associate the corresponding instance with one or more security groups. If multiple security groups are associated, the BCC instance is restricted by multiple security group rules.

          Operation Steps:

          1. Select "Product Service" -> "BCC", and then select "Instance" in the left navigation bar to see the BCC list created.
          2. Select the instance to associate with the security group. When you select multiple instances, the system associates with them in batch.
          3. Click the "Batch Operation" button, and then select the "Associate with Security Group" button to pop up the "Associate with Security Group" dialog.

          image.png

          1. Select the security group name to associate with.

          image.png

          1. Click "OK" to associate the BCC instance with the security group successfully.

          Disassociate a Security Group

          Application Scenarios

          When you need to switch a BCC instance to another security group, you need to disassociate it with the original security group. A BCC instance must associate with a security group at least.

          Relevant Rules

          • When you delete a security group, you need to disassociate the security group with the instance.
          • When a BCC instance associates with a security group only, you can not disassociate this security group.

          Operation Steps:

          1. Select "Product Service" -> "BCC", and then select "Instance" in the left navigation bar to enter the "Instance List" interface.
          2. Select corresponding link under the "instance name" to enter the "Instance Details" tab.
          3. Select the "Security Group" tab, and then drop down the page to the "Associated Security Group List" area.

          image.png

          1. Click "Disassociate" to disassociate the instance with corresponding security group.
          Previous
          Storage
          Next
          Key Pair