All Products
Search
Document Center

Data Management:Access IP whitelist

Last Updated:Dec 06, 2019

Background

  • DMS Enterprise allows you to configure a whitelist so that users can access DMS Enterprise only from authorized IP addresses.

Overview

  • Default settings
    • By default, the whitelist feature is enabled when DMS Enterprise is activated. The default value is 0.0.0.0/0, indicating that users can access DMS Enterprise from all IP addresses. You can add specified IP addresses to the whitelist in the format of the default value.
  • Features
    • Disable the whitelist feature
      • When you disable the whitelist feature, a dialog box appears, in which you can confirm that you want to disable this feature and accesses from all IP addresses are allowed. The original whitelist is not deleted, but does not take effect.
    • Enable the whitelist feature
      • When you enable the whitelist feature, a dialog box appears, in which you can confirm that you want to enable this feature and only accesses from IP addresses added to the whitelist are allowed.
    • Add an IP address to the whitelist
      • When you add an IP address to the whitelist, you can add the IP address with descriptions as required. With descriptions, you can quickly recognize the IP address in later use.
    • Delete an IP address from the whitelist
      • When you delete an IP address from the whitelist, you can delete configurations for the IP address as required.
    • Change an IP address in the whitelist
      • When a source IP address is changed, you can change the IP address in the whitelist as required.

Best practices

  • We recommend that you enable the whitelist feature when users access DMS Enterprise from the enterprise network. The egress IP addresses of the enterprise network are fixed. You can add these egress IP addresses to the whitelist for accessing DMS Enterprise.

FAQ

  • Q: What can I do if a staff member needs to access DMS Enterprise from home?
    • A: If your enterprise offers a virtual private network (VPN), the staff member can access DMS Enterprise from home by using the VPN. This does not require other operations because the staff member still uses the egress IP address of the enterprise network to access DMS Enterprise.
    • If your enterprise does not offer a VPN, you need to add the IP address of the staff member's device to the whitelist.
  • Q: What can I do if the enterprise has multiple branches with different IP addresses?
    • A: You can add the IP addresses of different branches to the whitelist for accessing DMS Enterprise as required.
  • Q: Can I revoke the access permission from an IP address that is added to the whitelist for a temporary requirement?
    • A: You can delete the IP address from the whitelist to forbid the access from this IP address.
  • Q: What can I do if the enterprise IP address changes and cannot be used to access DMS Enterprise because the enterprise data center restarts upon power-off?
    • A: Submit a ticket to Alibaba Cloud and provide the Alibaba Cloud account information. At the same time, log on to the DMS Enterprise console and submit a ticket to disable the whitelist feature. Then, the DMS Enterprise administrator logs on to the DMS Enterprise console and updates IP addresses in the whitelist.
    • In the future, DMS Enterprise will allow DMS Enterprise administrators to disable the whitelist feature by using short message verification. Then, DMS Enterprise administrators can log on to the DMS Enterprise console and update IP addresses in the whitelist.
  • Q: Are there any risks when the whitelist feature is enabled but the IP address is set to 0.0.0.0/0?
    • A: No security risk exists because DMS Enterprise provides other two security assurances: 1. Users can log on to the DMS Enterprise console only with the accurate Alibaba Cloud account name and password. 2. Enterprise staff cannot access effective user data by using an Alibaba Cloud account or a RAM user account if their accounts are not registered with DMS Enterprise. You can view authorized users by choosing System Management > User Management. DMS Enterprise administrators can add specified IP addresses to the whitelist or disable the whitelist feature as required.