Best Practice

Last updated: 2019-09-19 17:13:40

PDF

Security Group and Network

  • Security group is a stateful virtual firewall for filtering packets. You can restrict access by using a firewall (security group) to allow the trusted addresses to access instances. Different security group rules for instance groups of different security levels are created to ensure that the instances running important business cannot be accessed easily from the outside.
  • You need to regularly repair, update and protect the operating system and applications on the instance.
  • With EIPs, you can quickly remap an address to another instance in your account (or NAT gateway instance) to block instance failures. For more information, see Elastic IP.
  • Log in to user's Linux instances by use of SSH Key whenever possible. For the instances that you log in with password, the password needs to be changed from time to time.
  • Choose to use Virtual Private Cloud to divide logical areas.

Storage

  • For the data that requires high reliability, use Tencent Cloud's Cloud Block Storage to ensure the persistent and reliable data storage. Try not to select Local Disk for storage (Rendering GA2 only supports Cloud Block Storage).
  • For databases that are frequently accessed and variable in size, use Tencent Cloud Database.
  • You can use COS to store important data, such as static web pages, massive images and videos.

Backup and Recovery