Security Center can protect and manage the servers that are not deployed on Alibaba Cloud, including third-party cloud servers and servers in data centers. Before you use Security Center to protect these servers, you must add these servers to Security Center and synchronize the server information to Security Center.

Supported Security Center editions

Security Center Basic and all paid editions support the feature of multi-cloud configuration management.

Add multi-cloud assets to Security Center

After third-party servers are added to Security Center, the server information is synchronized to the Assets page of the Security Center console. This allows Security Center to protect and manage the servers in a centralized manner.
Note Only servers in Tencent Cloud are supported.
  1. Log on to the Security Center console.
  2. In the left-side navigation pane, click Settings.
  3. On the Settings page, click the Multi-cloud configuration management tab.
  4. On the Multi-cloud configuration management tab, click the Multi-cloud assets tab.
  5. On the Multi-cloud assets tab, click Add authorization.
  6. In the Access to assets outside the cloud panel, select a configuration method.
    You can select Quick configuration scheme or Manual configuration scheme.
    • Quick configuration scheme: You must obtain the AccessKey pair of the root account that owns the third-party cloud server. Then, Security Center automatically creates the AccessKey pair for the sub-account that is authorized to manage the third-party cloud server. This way, you can add the third-party cloud server to Security Center. If you select this option, perform the following steps:
      1. Log on to the management console of the third-party server.
      2. Obtain the AccessKey ID and AccessKey secret of the root account.

        You can view the guidelines on how to obtain the AccessKey ID and AccessKey secret in the Access to assets outside the cloud panel.

        Note The AccessKey pairs of root accounts are not automatically provided. You must manually create AccessKey pairs.
      3. Go to the Security Center console, open the Access to assets outside the cloud panel, and then select Quick configuration scheme.
      4. Click Next.
      5. In the Submit AK step, paste the AccessKey pair of the root account obtained in Step ii.
      6. Click Determine.

        After you complete this step, the third-party cloud server is added to Security Center. If more servers are created within the sub-account that belongs to the root account, information about the servers is automatically synchronized to Security Center.

      7. Click Synchronize Asset to immediately synchronize the server information to Security Center.

        If you do not click Synchronize Asset, the server information is automatically synchronized to Security Center one hour later.

        Note The synchronization requires a specific period of time. Wait until the synchronization is complete. Do not click Synchronize Asset again.
    • Manual configuration scheme: You must manually create the AccessKey pair for the sub-account that is authorized to manage the third-party cloud server. This way, you can add the third-party cloud server to Security Center. If you select this option, perform the following steps:
      1. Log on to the management console of the third-party server.
      2. Obtain the AccessKey ID and AccessKey secret of the sub-account.

        You can view the guidelines on how to obtain the AccessKey ID and AccessKey secret in the Access to assets outside the cloud panel.

        Note The AccessKey pairs of sub-accounts are not automatically provided. You must manually create AccessKey pairs.
      3. Go to the Security Center console, open the Access to assets outside the cloud panel, and then select Manual configuration scheme.
      4. Click Next.
      5. In the Submit AK step, paste the AccessKey pair of the sub-account obtained in Step ii. Enter the AccessKey pair of the sub-account
      6. Click Determine.

        After you complete this step, the third-party cloud server is added to Security Center.

      7. Click Synchronize Asset.
        Note The synchronization requires a specific period of time. Wait until the synchronization is complete. Do not click Synchronize Asset again.

Create an IDC probe

You can create IDC probes to scan servers and identify those that have the Security Center agent installed in a data center. Then, you can synchronize the information about the identified servers to the Assets page of the Security Center console. This way, Security Center can manage the servers in a centralized manner.

Note You can use only the servers that have the Security Center agent installed in data centers as IDC probes.
  1. Log on to the Security Center console.
  2. In the left-side navigation pane, click Settings.
  3. On the Settings page, click the Multi-cloud configuration management tab.
  4. On the Multi-cloud configuration management tab, click the IDC probe tab.
  5. On the IDC probe tab, click Added probe.
  6. In the Access to assets outside the cloud panel, configure the parameters. IDC probe settings - Access to assets outside the cloud
    The following list describes the parameters:
    • IDC room: the name of the data center. The data center houses the servers that you want the IDC probe to scan.
    • Network segment settings: the CIDR block that the IDC probe supports for scanning. Only class C addresses are supported. Therefore, you must enter a CIDR block that ranges from 192.168.0.0 to 192.168.255.255.
    • Cycle setting: the interval at which the IDC probe scans servers.
    • linux port: the SSH port of the Linux servers that the IDC probe scans. You can specify a non-standard port.
    • windows port: the Remote Desktop Protocol (RDP) port of the Windows servers that the IDC probe scans. You can specify a non-standard port.
    • Region: the region of the IDC probe. You need only to enter the city name. The value of this parameter is displayed on the Assets page.
  7. Click Next.
  8. In the Select assets step, select the server that you want to use as the IDC probe.
    After you specify the IDC probe, you can use it to scan servers in the data center and identify the servers that have the Security Center agent installed. You can select one or more servers.
  9. Click Determine.
    After you complete this step, the IDC probe is created. The IDC probe scans the servers that use the specified CIDR block in the data center at the specified interval. If the IDC probe identifies a server that has the Security Center agent installed, it automatically adds the server to the server list on the Assets page of the Security Center console.

Disable an IDC probe

If you no longer need an IDC probe, find the probe on the IDC probe tab and click Deactivation in the Operation column. After the IDC probe is disabled, the probe no longer scans the servers in the data center.
Note If a server is added to the data center after the IDC probe is disabled, the server information is not automatically synchronized to Security Center.

What to do next

Go to the Assets page. On the Server(s) tab, view the details of the servers that are not deployed on Alibaba Cloud and whose information is synchronized to Security Center. On the IDC probe findings tab, check whether the servers have the Security Center agent installed.