Best Practices

Last updated: 2020-02-25 13:33:26

PDF

This document is designed to help users maximize the security and reliability during the use of CVM.

Security and Network

  • Limit Access: By using a firewall ( Security Group Allow the trusted address Access instance to restrict Access and configure the strictest rules in the security group. For example, restrict the port Access, IP address Access and so on.
    Security level: Different security group rules can be created for instance groups of different security levels to ensure that instances running important business cannot be accessed easily from the outside.
    Choose to use VPC For the division of logical zones.
  • Account Permission management: When multiple different account controls are required for the same group of cloud resources, users can use the Strategy mechanism Access Permission, who controls its cloud resources.
    Log in to your Linux instances using SSH key Whenever possible. For the instances that you Log in with Password , the password needs to be changed from time to time.

Storage

  • Hardware storage: For data that requires extremely high reliability, please use Tencent Cloud disk to ensure the persistent storage reliability of the data, and try not to choose Local disk . For more information, see HDD cloud disk product documentation .
  • Database: For databases with frequent Access and unstable capacity, you can use Tencent Cloud Database.

Backup and Recovery

  • Intra-region backup instance:Can be usedCustom image and Cloud Disk Snapshots To back up your instance and business data See Cloud Disk Snapshots and Create a custom image .
  • *Cross-region backup instance: * Can be used Replicate images Copy and backup instances across regions.
  • Block instance failure: Can be passed through Elastic IP Perform domain name mapping to ensure that the service IP can be quickly redirected to another Cloud Virtual Machine instance when the server is unavailable, thus shielding the instance from failures.

Monitoring and alarms

  • Monitor and respond to events: Check the monitoring data regularly and set appropriate alarms. For more information, see Cloud Monitoring Product documentation .
  • Unexpected request processing: Use Auto Scaling It can not only ensure the stability of Cloud Virtual Machine in the peak service, but also automatically replace unhealthy instances.