search
HomeOperation and MaintenanceLinux Operation and MaintenanceAbout four secure intranet instance interoperability setting methods

This article introduces the four secure intranet instance interoperability setting methods, and focuses on the specific steps. The content of this article is very compact, and I hope you will study patiently.

Classic network intranet instance interoperability setting method

The security group is an instance-level firewall. In order to ensure the security of the instance, the "minimum authorization" principle must be followed when setting security group rules. The four types of security are introduced below. The intranet instance interconnection setting method.

Method 1. Use single IP address authorization

Applicable scenarios: Suitable for intranet interconnection scenarios between small-scale instances.

Advantages: Authorization by IP address, security group rules are clear and easy to understand.

Disadvantages: When the number of intranet interconnection instances is large, it will be limited by the 100 security group rules, and the later maintenance workload will be relatively large.

Setting method:

Select the instance that needs to be interconnected and enter the security group of this instance.

Select the security group to be configured and click Configure Rules.

Click the intranet inbound direction and click to add security group rules.

Add security group rules as described below:

Authorization policy: Allow;

Protocol type: Select the protocol type according to actual needs;

Port range: Set the port range according to your actual needs, in the format of "start port number/end port number";

Authorization type: address segment access;

Authorization object: Enter the desired intranet interoperability The intranet IP address of the instance must be in the format a.b.c.d/32. Where, the subnet mask must be /32.

About four secure intranet instance interoperability setting methods

Method 2. Join the same security group

Applicable scenario: If your application architecture is relatively simple , you can select the same security group for all instances. There is no need to set special rules between instances bound to the same security group, and the default network interconnection is required.

Advantages: Security group rules are clear.

Disadvantages: It is only applicable to simple application network architecture. When the network architecture is adjusted, the authorization method must be modified accordingly.

Method 3. Bind interoperability security group

Applicable scenarios: Add and bind a security group specifically for interoperability to instances that need to interoperate Group, suitable for multi-layer application network architecture scenarios.

Advantages: Simple operation, can quickly establish inter-instance interoperability, and can be applied to complex network architectures.

Disadvantages: The instance needs to be bound to multiple security groups, and the security group rules are less readable.

Setting method:

Create a new security group and name it "Interworking Security Group". There is no need to add any rules to the newly created security group.

Add the instances that need to communicate with each other and bind them to the newly created "interoperability security group", and use the default interconnection feature between instances in the same security group to achieve the effect of intranet instance interconnection.

Method 4. Security group mutual trust authorization

Applicable scenarios: If your network architecture is relatively complex, the applications deployed on each instance have For different business roles, you can choose to use security groups to authorize each other.

Advantages: Security group rules have a clear structure, are easy to read, and can be interoperated across accounts.

Disadvantages: The workload of configuring security group rules is relatively large.

Setting method:

Select the instance that needs to establish mutual trust and enter the security group of this instance.

Select the security group to be configured and click Configure Rules.

Click the intranet inbound direction and click to add security group rules.

Add security group rules as described below:

Authorization policy: Allow;

Protocol type: Select the protocol type according to your actual needs;

Port Scope: Set according to actual needs;

Authorization type: Security group access.

Authorization Object:

If you choose to authorize this account: According to your networking requirements, fill in the security group ID of the peer instance that requires intranet interoperability into the Authorization Object.

If you choose cross-account authorization: Authorization object should be filled in with the security group ID of the peer instance; the account ID is the peer account ID (can be found in Account Management > Security Settings).

About four secure intranet instance interoperability setting methods

About four secure intranet instance interoperability setting methods

##Recommendation

If the initial security group authorization is too large , it is recommended to adopt the following process to tighten the scope of authorization.

About four secure intranet instance interoperability setting methods

Deleting 0.0.0.0 in the figure refers to deleting the original security group rule that allows the 0.0.0.0/0 address segment.

If you change the security group rules improperly, your inter-instance communication may be affected. Please back up the security group rules you want to operate before modifying the settings so that you can restore them in time if interoperability problems occur.

The security group maps the role of the instance in the entire application architecture. It is recommended to plan the firewall rules according to the application architecture. For example: For a common three-tier Web application architecture, you can plan three security groups, and bind the instances where the corresponding applications or databases are deployed to the corresponding security groups:

Web layer security group: open port 80;

APP layer security group: open port 8080;

DB layer security group: open port 3306.

The above is the detailed content of About four secure intranet instance interoperability setting methods. For more information, please follow other related articles on the PHP Chinese website!

Statement
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
什么是linux设备节点什么是linux设备节点Apr 18, 2022 pm 08:10 PM

linux设备节点是应用程序和设备驱动程序沟通的一个桥梁;设备节点被创建在“/dev”,是连接内核与用户层的枢纽,相当于硬盘的inode一样的东西,记录了硬件设备的位置和信息。设备节点使用户可以与内核进行硬件的沟通,读写设备以及其他的操作。

Linux中open和fopen的区别有哪些Linux中open和fopen的区别有哪些Apr 29, 2022 pm 06:57 PM

区别:1、open是UNIX系统调用函数,而fopen是ANSIC标准中的C语言库函数;2、open的移植性没fopen好;3、fopen只能操纵普通正规文件,而open可以操作普通文件、网络套接字等;4、open无缓冲,fopen有缓冲。

linux中什么叫端口映射linux中什么叫端口映射May 09, 2022 pm 01:49 PM

端口映射又称端口转发,是指将外部主机的IP地址的端口映射到Intranet中的一台计算机,当用户访问外网IP的这个端口时,服务器自动将请求映射到对应局域网内部的机器上;可以通过使用动态或固定的公共网络IP路由ADSL宽带路由器来实现。

linux中eof是什么linux中eof是什么May 07, 2022 pm 04:26 PM

在linux中,eof是自定义终止符,是“END Of File”的缩写;因为是自定义的终止符,所以eof就不是固定的,可以随意的设置别名,linux中按“ctrl+d”就代表eof,eof一般会配合cat命令用于多行文本输出,指文件末尾。

什么是linux交叉编译什么是linux交叉编译Apr 29, 2022 pm 06:47 PM

在linux中,交叉编译是指在一个平台上生成另一个平台上的可执行代码,即编译源代码的平台和执行源代码编译后程序的平台是两个不同的平台。使用交叉编译的原因:1、目标系统没有能力在其上进行本地编译;2、有能力进行源代码编译的平台与目标平台不同。

linux怎么判断pcre是否安装linux怎么判断pcre是否安装May 09, 2022 pm 04:14 PM

在linux中,可以利用“rpm -qa pcre”命令判断pcre是否安装;rpm命令专门用于管理各项套件,使用该命令后,若结果中出现pcre的版本信息,则表示pcre已经安装,若没有出现版本信息,则表示没有安装pcre。

linux怎么查询mac地址linux怎么查询mac地址Apr 24, 2022 pm 08:01 PM

linux查询mac地址的方法:1、打开系统,在桌面中点击鼠标右键,选择“打开终端”;2、在终端中,执行“ifconfig”命令,查看输出结果,在输出信息第四行中紧跟“ether”单词后的字符串就是mac地址。

linux中rpc是什么意思linux中rpc是什么意思May 07, 2022 pm 04:48 PM

在linux中,rpc是远程过程调用的意思,是Reomote Procedure Call的缩写,特指一种隐藏了过程调用时实际通信细节的IPC方法;linux中通过RPC可以充分利用非共享内存的多处理器环境,提高系统资源的利用率。

See all articles

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

AI Hentai Generator

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)
2 weeks agoBy尊渡假赌尊渡假赌尊渡假赌
Repo: How To Revive Teammates
1 months agoBy尊渡假赌尊渡假赌尊渡假赌
Hello Kitty Island Adventure: How To Get Giant Seeds
4 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Hot Tools

SAP NetWeaver Server Adapter for Eclipse

SAP NetWeaver Server Adapter for Eclipse

Integrate Eclipse with SAP NetWeaver application server.

EditPlus Chinese cracked version

EditPlus Chinese cracked version

Small size, syntax highlighting, does not support code prompt function

Dreamweaver Mac version

Dreamweaver Mac version

Visual web development tools

Notepad++7.3.1

Notepad++7.3.1

Easy-to-use and free code editor

VSCode Windows 64-bit Download

VSCode Windows 64-bit Download

A free and powerful IDE editor launched by Microsoft