Understand the security of VPC in the cloud in minutes

With the advent of the cloud era, the scale of networks continues to expand, and security issues such as ARP spoofing, broadcast storms, and host scanning have become increasingly serious. To solve these problems, network isolation technology has emerged, such as virtual private cloud (VPC). So what is VPC? What effects does it have ? how to use it? The following analysis allows you to understand in minutes.

#HCIA #Cloud #certificate #VPC #Knowledge #Usage

What is VPC?

The full name of VPC (Virtual Private Cloud) is virtual private cloud. It builds an isolated virtual network environment for the Elastic Cloud Server (ECS), which is independently configured and managed by users, aiming at improving the security of resources on the user cloud and simplifying users’ network deployment. Users can define network characteristics such as security groups, IP address segments, and bandwidth in the VPC. They can also easily manage and configure the internal network through the VPC to make safe and fast network changes. At the same time, users can customize the access rules of ECS within and between security groups to strengthen the security protection of ECS.

Generally speaking, VPC is to establish a logically isolated virtual network space for users on the cloud. And users can use the inner resources conveniently, just like using a private cloud.

What functions does VPC have?

Everyone has understood the basic definition of VPC. Let's take a look at how to use VPC. Let's analyze it through an architecture diagram.

Looking this picture, everyone may be very confused. What are network ACL and security groups? What differences are there? Let's start with the security group. The security group is a logical grouping composed of ECS with the same security requirements in an area. The security group is bound to the ECS to achieve the same function as a firewall. The instances of different security groups are not connected by default, but mutual access between the two security groups can be authorized.

Similar to security groups, network ACL are also security protection strategies. If you want to add an additional layer of security protection, you can enable network ACL. The network ACL is a protection for the sub-net. And the data flow in and out of the sub-net is controlled through the outgoing and incoming rules associated with the sub-net. The security group only has the "allow" policy, but the network ACL can "deny" and "allow".

In fact, VPC is just like our WeChat Moments. We can not only set "Do not watch our Wechat Moments", but also set "Do not let him see my Wechat Moments" to achieve flexible settings.


Little Tips of Using VPC

If two elastic cloud servers in the same VPC cannot communicate with each other, how can we troubleshoot?

1. Check security group rules: Check whether the security group corresponding to the elastic cloud server is configured with rules for the outbound and inbound directions;

2. Check the network ACL: check whether the outbound and inbound rules of the network ACL are configured correctly;

3. Check the NIC information of the elastic cloud server:

a) If the elastic cloud server has multiple network cards, then the policy routing needs to be configured;

b) Check whether the CPU usage is too high;

c) Check whether the network card is configured, and then you should obtain the private IP address.

d) Check the port: Check whether the security group rules and network ACL rules allow the port to be released.

Have you answered this little question? If you answer it, congratulations on mastering some basic concepts of VPC; if you don’t answer it, don’t panic. The knowledge of the system is waiting for you.

Where do we learn the related knowledge?

Do you want to know more about VPC? The Huawei HCIA-Cloud Service certificate will introduce in detail the VPC product technology, operation management, common problems and the relationship with other services. Passing the HCIA-Cloud Service certificate will prove that you have a certain understanding of Huawei cloud service products and technologies. And you must have mastered the application scenarios and usage methods of Huawei's various cloud service products, and have the ability to independently use Huawei cloud service products.

The cloud era has being coming. And let’s learn the Huawei cloud service certificate, walk with the cloud, walk with the times, and open up a better career future.

18 views

About

Launched in 2016 as 591Lab International and locally in China known as “WUQIUYAO Tech. Ltd” we are committed to offering our clients excellent experience on ISACA, PMI, Cisco and Huawei examination preparatory services. We focus strongly on popular exams, and exam preparations services. We provide our customers with the complete training needed to earn the best scores for their respective Management and IT career certifications. We have a huge list of satisfied customers with top grades to back up all the claims we make.

Quick Links

Contact

This material is not sponsored by, endorsed by, or affiliated with Cisco Systems, Inc & Huawei Technologies Co., Ltd. Cisco Certified Internetworking Engineer, the Cisco Systems logo and the CCIE™ logo are trademarks or registered trademarks of Cisco Systems, Inc. in the United States and certain other countries.Huawei Certified Internetwork Expert, the Huawei logo and the HCIE™ logo are trademarks or registered trademarks of Huawei Technologies Co., Ltd . in China and certain other countries All other trademarks are trademarks of their respective owners. 

© Copyright 591Lab 2020. All Rights Reserved.