This article aims to help users improve the security and reliability of their CVM instances.
Security and Network
- Limited access: restrict access by using a firewall (Security Group to only allow the trusted addresses to access instances. The security group should also have stringent rules such as limiting access to ports and by IP addresses.
- Security level: different security group rules can be created for instance groups of different security levels to ensure that instances running important business cannot be easily accessed by external sources.
- Network logical isolation: use VPC to divide resources into logical zones.
- Account permission management: when it is necessary to allow multiple different accounts to access the same set of cloud resources, you can manage permissions to cloud resources using the policy mechanism.
- Secure login: log in to your Linux instances using the SSH key whenever possible. For the instances that you log in with a password, the password needs to be changed regularly.
- Hardware storage: for data that requires high reliability, use Tencent Cloud's cloud disks to ensure the persistent storage and reliability of data. Try not to use Local Disks for storage. For more information, see the Cloud Block Storage Product Documentation.
- Database: for databases that are frequently accessed and whose capacity frequently changes, use Tencent Cloud TencentDB.
Backup and Recovery
- Intra-region instance backup: you can back up your instances and business data using custom images and CBS snapshots. For more information, refer to CBS Snapshot and Creating Custom Images.
- Cross-region instance backup: you can copy and back up instances across regions by Copying Images.
- Blocking instance failures: you can use EIPs for domain name mapping to ensure that the server can quickly redirect the service IP address to another CVM instance when it is unavailable, thereby shielding instance failures.
Monitoring and Alarms
- Monitoring and event response: periodically check monitoring data and set proper alarms. For more information, refer to the Cloud Monitor Product Documentation.
- Handling request spikes: with Auto Scaling, the stability of CVMs during peak hours can be guaranteed and unhealthy instances can be replaced automatically.