To keep the system secure, users can associate a dedicated instance with a security group, in which a whitelist of inbound and outbound rules can be set up. Before setting up such association, you need to create a security group first. Fore more information on how to create a security group, please see Manage Security Groups.

Create a Security Group

The security group allows all inbound and outbound access by default. If a user wants to build a whitelist of inbound and outbound rules for a dedicated instance, it needs to create a security group and then define its desired inbound and outbound rules in this security group. After that, it needs to associate a dedicated instance with this security group, and disassociate the Baidu Cloud Compute with the default security group.

The user can create a security group through a console by following the rules below:

• At most 20 security groups can be created for each account.
• After the security group quota runs out, the button turns into grey, indicating that no more security groups can be created.
• When creating a security group, you can specify detailed rules through the “Inbound” and “Outbound” tabs of “Port Settings”.
• Up to 50 inbound rules and 50 outbound rules can be added to each security group.

The specific operation steps are as follows:

1. Enter the DCC list, select the "Security Group" on the left navbar to enter the "Security Group" interface of the Baidu Cloud Compute console.

2. Click "Create a Security Group" to enter the "Create a Security Group" interface.
3. Enter the security group name and description as required.
4. Select a port setting method. The inbound and outbound rules are set up as two independent tabs, and can be set up with the following methods:

a) When "Allow Accessing All Ports" is Off, you can select "Add a Rule" to set up inbound and outbound rules. When doing so, you can select the shortcut template on the right for quick settings.

b) When "Allow Accessing All Ports" is Off, if no rules have been added, it may cause that the Baidu Cloud Compute cannot communicate with the outside. In this way, you can only remotely log in to and access the Baidu Cloud Compute through VNC, so please select this option carefully.

c) When "Allow Accessing All Ports" is On, all service ports of the Baidu Cloud Compute are exposed to the network environment. Under such conditions, some security risks may be available, so please select this option carefully.

5. After clicking “OK”, the “Security Group Details” page pops up, on which you can create a security group.

Associate with a Security Group

You can select one or more instances from the dedicated instance list, and then click the "Associate with a Security Group" button to associate the corresponding instance with one or more security groups. If multiple security groups are associated, the BCC instance is restricted by multiple security group rules.

1. Enter the dedicated instance list, select a dedicated instance to associate with a security group, and then click the "Associate with a Security Group" button.

2. Select a security group to associate with in the pop-up window, and then click "Ok” to complete the association operation.