Best Practices

Last updated: 2019-07-25 17:22:39


This document is designed to help users maximize the security and reliability during the use of CVM.

Security and Network

  • Limited access: Restrict access by using a firewall (Security Group) to only allow the trusted addresses to access instances, and set the most stringent rules in the Security Group. For example, to limit access via port/IP address.
  • Security level: Different security group rules can be created for instance groups of different security levels to ensure that instances running important business cannot be accessed easily from the outside.
  • Network logical isolation: Choose to use VPC to divide logical zones.
  • Account permission management: When it is necessary to use multiple different accounts to control the same set of cloud resources, you can control their access to cloud resources using the policy mechanism.
  • Secure login: Log in to user's Linux instances by use of [SSH Key] (/doc/product/213/6092) whenever possible. For the instances that you log in with password, the password needs to be changed from time to time.


  • Hardware storage: For the data that requires high reliability, use Tencent Cloud's cloud disks to ensure the persistent storage and reliability of data. Try not to choose Local Disk for storage. For more information, please see Cloud Block Storage Product Documentation.
  • Database: For databases that are frequently accessed and variable in size, use Tencent Cloud Database.

Backup and Recovery

  • Intra-region instance backup: You can back up your instances and business data using custom image and CBS snapshot. For more information, please see CBS Snapshot and Create Custom Image.
  • Cross-region instance backup: You can copy and back up instances across regions using Copy Image.
  • Blocking instance failures: You can use EIP for domain name mapping to ensure that the server can quickly redirect the service IP to another CVM instance when it is unavailable, thereby blocking instance failures.

Monitoring and Alarm

  • Monitoring and responding events: Periodically check monitoring data and set proper alarms. For more information, please see Cloud Monitor Product Documentation.
  • Handling emergent requests: With Auto Scaling, the stability of CVMs during peak hours can be guaranteed and unhealthy instances can be replaced automatically.