Refers to a network architecture on SCP, which is designed to establish dedicated channels between the shared service zone and tenants in the resource pools. It centrally deploys shared service resources, such as NTP servers, licensing servers, NAS, cloud security service platforms, and application centers, and it allows multiple tenant VPCs to access the resources in a one-way manner. This meets tenants' unified requirements for basic services while ensuring network security (Shared services are only available to tenants and cannot access tenant networks).

Working Principles

The shared service network enables communication between VPCs and shared services through an elastic IP pool. Elastic IP addresses are bound to the routers of the shared service gateways, establishing dedicated data channels. The predefined or user-created shared services (Example: application center, cloud security service platform) on the platform are associated with resource pools through shared service gateways. Then, tenant VPCs can one-way access the shared services through these gateways, thereby achieving resource sharing and secure isolation.

Applicable Scenarios

• Basic service sharing for multiple tenants: A cloud provider provides a unified application center and NTP time sync service for multiple tenants. The shared service network enables all tenant VPCs to access these services in a one-way manner, preventing repeated deployment and reducing resource costs.

• Enterprise-level security compliance: Governments and enterprises in industries such as finance require deploying a cloud security service platform for compliance audit. The shared service network allows tenant VPCs to access the platform. The tenant business traffic can be forwarded to the platform in a one-way manner for security detection, thereby meeting compliance requirements.

• Centralized storage service: An enterprise requires establishing a centralized NAS storage service. The shared service network allows business tenant VPCs to access the service. Tenants can directly access the storage resources, thereby achieving centralized data management and sharing.

Related Concepts

• Share service: Basic services provided for access by multiple tenant VPCs, such as application center, cloud security service platform, NTP, and NAS storage. These services are only available to tenants to ensure security.

• Elastic IP pool: Used by the shared service network for communication between VPCs and public services. Elastic IP addresses are bound to the router of the shared service gateway to enable network connectivity.

• Shared service gateway: The gateway connecting shared services to resource pools. It is categorized into storage service and non-storage service types. It must be associated with an edge or resource pool. Supports configuring a default gateway.

• Tenant shared service: The set of shared services that a tenant can activate, including storage services (Example: block storage) and non-storage services (Example: application center, security center). Parameters such as bandwidth can be configured.

Constraints and Restrictions

• Shared services are only available to tenants and cannot access tenant VPCs, ensuring secure network isolation.

• Predefined services (Example: Kubernetes Engine, Block Storage Service - Block Storage) on the platform cannot be modified. Only the shared services customized by users can be edited.

• In a shared service gateway planning, a resource pool can be associated with multiple shared service gateways, but they must be distinguished as storage service or non-storage service types.

• The configurable bandwidth range for tenant shared services is 1-9999 Mbps. Exceeding the threshold will cause failed configuration.

• Deleting a shared service requires entering the administrator password for confirmation. Once deleted, the shared service cannot be restored. Please operate with caution.

• The shared service configuration for the specified resource pool is supported only for resource pools in SCP 5.8.8 and later.