Network and Security

Network Access

Cloud products that are on the XRCLOUD can be accessed via the Internet or accessed via the intranet.

Internet Access: Internet access is a service provided by XRCLOUD for public data transmission to instances. The instance is assigned to a public IP address to communicate with other computers on the network.

Intranet Access: The intranet access (LAN) service is an entirely free intranet communication service provided by XRCLOUD through the IP address.

Network Environment

The network environment of XRCLOUD is a virtual private cloud. (VPC)

Virtual Private Cloud: The virtual private cloud builds a private network space that you can customize on the new cloud. The instance under the virtual private cloud can be launched under a preset, customized network segment, and it can also be isolated from other users.

Flexible Public IP

Flexible Public is also known as Elastic IP and EIP. It provides independent public IP resources.

Intranet Service

Intranet service is a local area network (LAN) services. It let the cloud services access each other via internal links. The cloud products that XRCLOUD provides can be accessed via the Internet or accessed via the XRCLOUD intranet. Communication in the same network is entirely free, which would allow you to build a network architecture flexibly.

Intranet IP address

Description

The intranet IP address is an IP address that cannot be accessed through the Internet, and it is an implementation form of the XRC intranet service. Each instance has a default network interface that assigns an intranet IP, which can be automatically allocated by the XRCLOUD or user-defined.

Important notice: Changing the intranet IP of the operating system will cause corruption towards intranet communication.

Attributes

The intranet service has user attributes, and different users are isolated from each other. For instance, the default cannot access other user's cloud service via the intranet. The intranet service has geographical attributes, and different areas are isolated from each other. Furthermore, the cloud service in different areas under the same account cannot be accessed through the intranet by default.

Applicable Scene

The internal network IP address can be used for load balancing. The intranet can access different elastic cloud server instances and all other cloud services.

Address Allocation

After the cloud server instance is activated, it will automatically be assigned a default intranet IP address.
Virtual Private Cloud: XRC private network CIDR supports the use of the following three segments.
172.16.0.0/16 - 172.25.0.0/16
192.168.0.0/16
Additional notes: the mask range should be around 16-28

Public Network Service

When an application is deployed on a cloud server instance, it needs to be publicly available. The data must be transmitted over the Internet and must have an IP address (also known as a public IP address).

Obtain: When you create a cloud server, select the purchase public IP address under the bandwidth selection. Afterward, the XRCLOUD system will automatically assign an elastic public IP address to the instance from the XRCLOUD public IP address pool. You will not be able to change this address, yet you can unbind it with your XRCLOUD account host at any time you want.

Configuration: You can log in to the cloud server instance with the public IP address on the Internet to configure it. For more information about logging into the cloud server instance, please refer to Log in to Linux Instance and Log in to Windows Instance.
Price: Please refer to the Pricing of Network Bandwidth.

Security Group

A security group is an access control list (ACL). It is a subnet-level and stateless optional security layer that controls the flow of the subnet data.

How to Use It :

You can use the same security group with multiple subnets, yet they will need to have the same network traffic control. Under such circumstances, setting the outbound and inbound rules can precisely control the traffic of the subnet.

For example, you can host multiple layers of web applications within the XRCLOUD private network. You will also be able to create separate subnets to deploy web service, logical service, and data layer services. Furthermore, with security groups, you can control the access between the three subnets above. Web Tier Network and database layer subnets cannot access each other, and only the logical layer can access the web and data layer subnets.

Rules for Security Group

Security group rules are part of the network ACL. When you add or remove a rule in the security group, it is automatically applied to the subnet associated with it.

Security group rules include the following components:

· Protocol types such as TCP, UDP, and HTTP.
· Destination port or port range.
· IP or IP range (in CIDR) of source data (inbound) or target data (outbound).
Strategy: Allow or deny.

XRCLOUD evaluates the packet based on the security group inbound/outbound rules associated with the subnet to determine whether the packet is allowed to flow to /or from the subnet.

Priority Rule

The application order of network ACL rules is: from the first rule (top of the list) to the last one (at the end of the list). If there is a rule or a partial rule conflict, the rule with the earlier position is applied by default.

For instance, you will need to allow all sources of IPs to access all ports of the cloud server and only reject machines with source IP address 192.168.233.11/24 HTTP access port 80. The settings can be set as the following :

Agreement TypePortSource IPStrategy
TCP80192.168.233.11/24Deny
ALLALL0.0.0.0/0Allow

No comments

Related recommendation

No related articles!

微信扫一扫,分享到朋友圈

Network and Security