After you create an ApsaraDB for HBase cluster, you must configure a whitelist or add Elastic Compute Service (ECS) security groups for the cluster. This allows the clients included in a whitelist or security group to access the cluster.

Prerequisites

When you add an ECS security group as a whitelist for an ApsaraDB for HBase cluster, the ECS instance and the ApsaraDB for HBase cluster must be deployed in the same Virtual Private Cloud (VPC) network.

Background information

To ensure data security, access to a newly created ApsaraDB for HBase cluster is not allowed by default:
  • You are not allowed to access open source components in the cluster, such as the HBase, Ganglia, and HDFS components.
  • You are not allowed to read or write data in the ApsaraDB for HBase cluster.

Before you connect to the cluster, you must add the IP addresses of your clients to the whitelist.

Configure a whitelist

  1. Log on to the ApsaraDB for HBase console.
  2. Select the region where the cluster is deployed.
  3. Find the target cluster and click the cluster ID.
  4. In the left-side navigation pane, click Access Control.
  5. Click the Whitelist Setting tab and click Edit Whitelist.
    Configure a whitelist
  6. In the Edit Whitelist dialog box, enter the IP addresses or CIDR blocks that are used to access the cluster and click OK.
    Note
    • By default, the whitelist contains only the IP address 127.0.0.1. This indicates that no client is allowed to access the ApsaraDB for HBase cluster.
    • If you set Whitelist to 0.0.0.0/0 or leave it blank, all IP addresses are allowed to access your ApsaraDB for HBase cluster. To ensure data security, we recommend that you do not use the 0.0.0.0 IP address or 0.0.0.0/0 CIDR block.
    Edit a whitelist
    • If you want to use a public IP address to access open source components, enter the public IP address.
    • You can also enter a CIDR block. For example, you can enter 192.168.0.0/24 to specify all IP addresses in the subnet 192.168.0.X.
    • If you enter more than one IP address or CIDR block, you must separate them with commas (,). Do not add spaces before or after the commas. For example: 192.168.0.1,172.16.213.0/24.

Add security groups

A security group is a virtual firewall that is used to control inbound and outbound traffic of ECS instances in the security group. After a security group is added for an ApsaraDB for HBase cluster, the ECS instances in the security group can access the ApsaraDB for HBase cluster.
  • ApsaraDB for HBase Standard Edition and ApsaraDB for HBase Enhanced Edition are supported.
  • You can configure both the IP address whitelist and security groups for a cluster. All IP addresses in the IP address whitelist and all ECS instances in security groups are allowed to access the ApsaraDB for HBase cluster.
  • You can add up to three security groups for a cluster.
  1. Log on to the ApsaraDB for HBase console.
  2. Select the region where the cluster is deployed.
  3. Find the target cluster and click the cluster ID.
  4. In the left-side navigation pane, click Access Control.
  5. Click the Security Group tab and click Add Security Group.
    Add security groups
  6. In the Add Security Group dialog box, select the security groups and click OK.
    Add security groups