Got it

Huawei Security Approach Used for Cloud Based Products

Created: Jun 17, 2021 19:10:43Latest reply: Nov 21, 2021 13:27:23 297 3 0 0 0
  Rewarded HiCoins: 0 (problem resolved)

hello,

Please tell me which security approach / technique is used by Huawei for Cloud Based Products.

  • x
  • convention:

Featured Answers

Best answer

Recommended answer

olive.zhao
Admin Created Jun 18, 2021 00:45:57

Hello, friend!

Security Architecture

The HUAWEI CLOUD Stack security solution is proposed by Huawei in rise to threats and challenges posed to the cloud computing platforms. The infrastructure layer of HUAWEI CLOUD Stack is based on the FusionSphere cloud operating system and its management system ManageOne. FusionSphere virtualizes physical resources into virtual resources and forms a virtualization resource pool, including computing virtualization, storage virtualization, and network virtualization. ManageOne is a management system of the virtualization platform. It manages different heterogeneous virtualization platforms, provides operation and O&M for data centers, and displays resources and management GUIs in a unified manner.

Cloud infrastructure security refers to the cloud operating system and Hypervisor security, including virtual resource isolation, data storage security, and network transmission security.

Data storage security

User data isolation, data access control, and residual information protection, and data backup are adopted to ensure the integrity and security of user data.

VM isolation

Resources of VMs on the same physical server are isolated, preventing data theft and malicious attacks and ensuring the independent running environment for each VM. End users can only access resources allocated to their own VMs, such as hardware and software resources and data, ensuring secure VM isolation.

Network transmission security

Network plane isolation, firewalls, and transmission encryption are adopted to ensure service operation and security.

O&M and operation management security

Security measures are carried out from the aspects of the account, password, user rights, logs, and transmission to enhance security of daily O&M operations.

In addition, the security of each management host is ensured by repairing web application vulnerabilities, hardening the OS and database, and installing patches and antivirus software.

Cloud service security and security as a service (CloudGuard)

Provides tenants with all resources, functions, and performance required for performing specific security tasks. Tenants can perform security configuration, query, and monitoring on controllable resources as required.

And Huawei cloud stack has many security services: SIS, SSA, EdgeFW.

SIS

Security Index Service (SIS) is a security assessment service for your cloud environment. It provides you with unified, clear, and multi-dimensional security views.

SSA

Security Situation Awareness (SSA) helps you understand and analyze the security situation you are facing. Through security situation overview, threat management, and asset management and by combining big data analytics, SSA helps you mine valuable information from massive datasets, understand past security events, and forecast the future security situation.

CFW

With a distributed architecture, Cloud Firewall (CFW) implements fine-grained access control for each virtual machine (VM). With visual traffic, CFW allows you to configure security policies associated with your service language.

EdgeFW

Edge Firewall (EdgeFW) bridges the internal network and the external network. EdgeFW provides border security protection for the north-south traffic between the cloud data center and external networks, and supports intrusion prevention system (IPS) and network antivirus (AV) functions for EIPs.

Hope this can help you!

View more
  • x
  • convention:

All Answers
Gustavo.HdezF
Gustavo.HdezF Admin Created Jun 17, 2021 19:13:28

Hello User. we are reviewing your question and we will answer you shortly. Thanks.
View more
  • x
  • convention:

olive.zhao
olive.zhao Admin Created Jun 18, 2021 00:45:57

Hello, friend!

Security Architecture

The HUAWEI CLOUD Stack security solution is proposed by Huawei in rise to threats and challenges posed to the cloud computing platforms. The infrastructure layer of HUAWEI CLOUD Stack is based on the FusionSphere cloud operating system and its management system ManageOne. FusionSphere virtualizes physical resources into virtual resources and forms a virtualization resource pool, including computing virtualization, storage virtualization, and network virtualization. ManageOne is a management system of the virtualization platform. It manages different heterogeneous virtualization platforms, provides operation and O&M for data centers, and displays resources and management GUIs in a unified manner.

Cloud infrastructure security refers to the cloud operating system and Hypervisor security, including virtual resource isolation, data storage security, and network transmission security.

Data storage security

User data isolation, data access control, and residual information protection, and data backup are adopted to ensure the integrity and security of user data.

VM isolation

Resources of VMs on the same physical server are isolated, preventing data theft and malicious attacks and ensuring the independent running environment for each VM. End users can only access resources allocated to their own VMs, such as hardware and software resources and data, ensuring secure VM isolation.

Network transmission security

Network plane isolation, firewalls, and transmission encryption are adopted to ensure service operation and security.

O&M and operation management security

Security measures are carried out from the aspects of the account, password, user rights, logs, and transmission to enhance security of daily O&M operations.

In addition, the security of each management host is ensured by repairing web application vulnerabilities, hardening the OS and database, and installing patches and antivirus software.

Cloud service security and security as a service (CloudGuard)

Provides tenants with all resources, functions, and performance required for performing specific security tasks. Tenants can perform security configuration, query, and monitoring on controllable resources as required.

And Huawei cloud stack has many security services: SIS, SSA, EdgeFW.

SIS

Security Index Service (SIS) is a security assessment service for your cloud environment. It provides you with unified, clear, and multi-dimensional security views.

SSA

Security Situation Awareness (SSA) helps you understand and analyze the security situation you are facing. Through security situation overview, threat management, and asset management and by combining big data analytics, SSA helps you mine valuable information from massive datasets, understand past security events, and forecast the future security situation.

CFW

With a distributed architecture, Cloud Firewall (CFW) implements fine-grained access control for each virtual machine (VM). With visual traffic, CFW allows you to configure security policies associated with your service language.

EdgeFW

Edge Firewall (EdgeFW) bridges the internal network and the external network. EdgeFW provides border security protection for the north-south traffic between the cloud data center and external networks, and supports intrusion prevention system (IPS) and network antivirus (AV) functions for EIPs.

Hope this can help you!

View more
  • x
  • convention:

Unicef
Unicef MVE Created Nov 21, 2021 13:27:23

Good answers
View more
  • x
  • convention:

Comment

You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.
Information Protection Guide
Thanks for using Huawei Enterprise Support Community! We will help you learn how we collect, use, store and share your personal information and the rights you have in accordance with Privacy Policy and User Agreement.