Hello, friend!
Security Architecture
The HUAWEI CLOUD Stack security solution is proposed by Huawei in rise to threats and challenges posed to the cloud computing platforms. The infrastructure layer of HUAWEI CLOUD Stack is based on the FusionSphere cloud operating system and its management system ManageOne. FusionSphere virtualizes physical resources into virtual resources and forms a virtualization resource pool, including computing virtualization, storage virtualization, and network virtualization. ManageOne is a management system of the virtualization platform. It manages different heterogeneous virtualization platforms, provides operation and O&M for data centers, and displays resources and management GUIs in a unified manner.
Cloud infrastructure security refers to the cloud operating system and Hypervisor security, including virtual resource isolation, data storage security, and network transmission security.
Data storage security
User data isolation, data access control, and residual information protection, and data backup are adopted to ensure the integrity and security of user data.
VM isolation
Resources of VMs on the same physical server are isolated, preventing data theft and malicious attacks and ensuring the independent running environment for each VM. End users can only access resources allocated to their own VMs, such as hardware and software resources and data, ensuring secure VM isolation.
Network transmission security
Network plane isolation, firewalls, and transmission encryption are adopted to ensure service operation and security.
O&M and operation management security
Security measures are carried out from the aspects of the account, password, user rights, logs, and transmission to enhance security of daily O&M operations.
In addition, the security of each management host is ensured by repairing web application vulnerabilities, hardening the OS and database, and installing patches and antivirus software.
Cloud service security and security as a service (CloudGuard)
Provides tenants with all resources, functions, and performance required for performing specific security tasks. Tenants can perform security configuration, query, and monitoring on controllable resources as required.
And Huawei cloud stack has many security services: SIS, SSA, EdgeFW.
SIS | Security Index Service (SIS) is a security assessment service for your cloud environment. It provides you with unified, clear, and multi-dimensional security views. |
SSA | Security Situation Awareness (SSA) helps you understand and analyze the security situation you are facing. Through security situation overview, threat management, and asset management and by combining big data analytics, SSA helps you mine valuable information from massive datasets, understand past security events, and forecast the future security situation. |
CFW | With a distributed architecture, Cloud Firewall (CFW) implements fine-grained access control for each virtual machine (VM). With visual traffic, CFW allows you to configure security policies associated with your service language. |
EdgeFW | Edge Firewall (EdgeFW) bridges the internal network and the external network. EdgeFW provides border security protection for the north-south traffic between the cloud data center and external networks, and supports intrusion prevention system (IPS) and network antivirus (AV) functions for EIPs. |
Hope this can help you!