{{ secondMenu.name }}
Features:
Virtual Private Cloud (VPC) is a virtual private cloud to build an isolated virtual network environment that tenants can configure and manage independently, improve the security of resources in the user's enterprise cloud, and simplify the network deployment. Virtual Private Cloud provides tenants with a completely logically isolated private network. Tenants can also add subnets, access control, port mapping, deployment of NFV equipment, and other network and maintenance operations in the VPC.
Features:
Tenants can create subnets for virtual machines. The subnet in HCI corresponds to a network divided by an allocated switch under the VPC internal router. Tenant users can deploy virtual machines and NFV devices under the subnet.
Precautions
Prerequisite
N/A.
Steps
Login tenant account from https://SCP IP, navigate to Networking > Network Deployment to enter the VPC management interface.
Click the VPC name to enter the Subnet interface to view and manage subnet information. You can create, delete, and edit subnets.
Click New to create a new subnet, and insert the Name, Description, Network Segment, IP Range, and Gateway.
Click OK to complete the subnet creation.
When editing a subnet, you can only edit the subnet's Name and IP Range, not the subnet's Gateway and Network Segment.
Features:
Access control is the prime countermeasure for network security prevention and protection. By setting the access control list, access control between the cloud intranet and the external network can be achieved.
The access control list consists of the following parts: source/destination IP address, service type, and control action.
• Set the permissions of the cloud intranet to access the external network.
• Set the permissions for the external network to access the cloud intranet.
• Set the mutual access permissions between different network segments in the cloud network.
Precautions:
The service type can specify the built-in service of the system or customize the service, supporting TCP/UDP/ICMP/other protocols.
The action of access control includes Allow Access and Deny Access.
By default, an access control list is allowed for all-access, which means no restriction. Access control list matching order:
The access control list is matched from top to bottom. The newly added policy is matched first and placed at the top of the access control list.
Prerequisite
None.
Steps
Log in to the console, navigate to Networking > Network Deployment, in VPC select the appropriate VPC Name, then look for the ACL and click New.
Set the Source and Destination IP addresses, Any IP: from 0.0.0.0 to 255.255.255.255. Specified IP: Any IP address can be specified. Specified Subnet: the subnet that the platform has created. Specified IP Range: may define the IP range.
Set the Service type.
• Specified Service setting (for example, specify the TCP 3389 remote desktop service), as shown in the figure.
• Custom Service: Supports customization of TCP, UDP, ICMP, and other protocols. As shown in the figure.
To select the corresponding control action. After successfully adding the access control policy, you can tick the corresponding access control policy to Disable, Edit, and Delete. The disabled policy can be manually Enabled.
Features
After the edge network is bound with an elastic IP, it can be used for port mapping (port mapping refers to the mapping of a port of the IP address of the external network to a virtual machine in the internal network to provide corresponding services. When the user accesses this port of the IP, the server automatically maps the request to the virtual machine inside the corresponding LAN) below. Let's take a case as an example to explain how to configure the port mapping function: map the router's elastic IP address TCP 80 port to the virtual machine port 80.
Precautions:
None.
Prerequisite
If the VPC is not bound or does not have an elastic IP that meets the requirements, please click EIPs in blue for the setting.
Steps:
Log in to the tenant portal, and navigate to Networking > Network Deployment > VPC. Click the appropriate network Name and then choose Destination NAT and click New. As shown in the figure below.
Configure the source IP address that matches the DNAT policy. Configure the source IP address that matches the DNAT policy. All is selected by default (all IP addresses in the public network can access the mapped service) and Specified (only allow the specified IP address in the public network to access the mapped service).
Select the mapped Elastic IP and set the corresponding mapped port. Click the
sign to select the corresponding Protocol (support TCP, UDP, ICMP) and configure the Elastic IP port.
Click
to select the node that needs to publish the service, configure the internal IP port, and then click the OK button. According to the example, the configuration is as follows.
After the policy is added successfully, you may tick the specific destination NAT policy to Disable, Edit, and Delete. The disabled policy can be manually Enabled, as shown below.
Features:
Instruct users to add static routes, which can be created one by one or in batches.
Precautions:
None.
Prerequisite
None.
Steps:
Log in to the console, and navigate to Networking > Network Deployment. Under the VPC interface, select the appropriate network Name, choose Static Route, and click New or New Routes to create a static route.
Add Destination IP, Netmask, and Next-Hop IP. Destination IP: The destination network needs to be reached. Netmask: The corresponding destination network subnet mask. Next-Hop IP: The next-hop address of the target destination network.
Click OK to create the static route.
Features:
Instruct users to bind the VPC edge IP and modify the DNS server.
Precautions:
When different service provider provides the DNS server and the VPC edge IP, it may cause network disconnection or slowness. After changing the DNS server, it will be updated to all virtual machines within one day. If you need to update immediately, please change the DNS in the virtual machine.
Prerequisite
Bind an elastic IP to the VPC edge and must have sufficient elastic IP resources.
Steps:
Log in to the console, and navigate to Networking > Network Deployment. Under the VPC interface, select the appropriate network Name and then choose Network Settings. Click Associate Now if no elastic IP is associated, or bind an elastic IP. Click Edit to modify the DNS server configuration.
Features:
After the internal DNS is configured, the virtual machine in the VPC can access intranet servers through the domain name.
Precautions:
• Only repeated domain names are allowed, and one domain name can correspond to up to 8 IP addresses.
• Only duplicate IPs are allowed, which applies to scenarios where multiple domain names have the same IP.
Prerequisite
N/A.
Steps
Log in to the console, navigate to Networking > Network Deployment under the VPC interface, select the appropriate network Name and then choose Internal DNS. Click New to create an internal DNS. Click New to create a tenant VPC.
Configure the corresponding Domain Name, IP Address, and Description, and then click OK.
{{ $t('index.defaultHeader.chromeBrowserTip') }}