This topic describes how to use Cloud Enterprise Network (CEN) to enable Elastic Compute Search (ECS) instances in different VPC networks to communicate with the same Cloud Storage Gateway (CSG) instance.

Background information

CSG is a storage service that helps you seamlessly integrate on-premises applications, infrastructure, and data storage with Alibaba Cloud. You can deploy virtual devices complied with standard storage protocols in your on-premises data centers or on Alibaba Cloud. This allows you to seamlessly connect on-premises storage applications and workloads to Alibaba Cloud storage and computing services.

On Alibaba Cloud, many enterprise users interconnect multiple VPC networks to run a large number of ECS clusters. However, CSG V1.0.31 and earlier versions only support interconnecting ECS instances that are deployed in the same VPC network. These versions do not support interconnecting ECS instances that are deployed in different VPC networks. CSG V1.0.32 and later versions support multiple VPC CIDR blocks, including 192.168.0.0/16, 172.16.0.0/12, and 10.0.0.0/8. This example

shows how to configure CEN instances, Express Connect, and security groups to enable ECS instances in three different VPC networks to communicate with the same CSG instance.

002
  • SG represents security group.
  • VPC represents virtual private networks. 172.16.0.0/12 and other CIDR blocks represent the supported CIDR blocks.

Configure the CEN instance

  1. Log on to the CEN console.
  2. For more information about how to create CEN instances, see Step 2: Create a CEN instance.
  3. For more information about how to attach networks, see Step 3: Attach networks.
    Attach the three VPC networks to the same CEN instance.

Create security group rules

You can create security groups for the CSG instance to enable all Cloud Enterprise Network (CEN) instances to share the same CSG instance. In this example, you need to create the following security groups: SG-10 and SG-192.

  1. Log on to the ECS console.
  2. Choose Network & Security > Security Group.
  3. On the Security Groups page, find the target security group and click Add Rules.
  4. On the Security Group Rules page, click Add Security Group Rule.
  5. In the Add Security Group Rule dialog box that appears, set the required parameters.

    Set Authorization Type to IPv4 CIDR Block. For more information about the other parameters, see Add security group rules.

    If you need to use Lightweight Directory Access Protocol (LDAP) and Active Directory (AD), set Protocol Type to Customized TCP or Customized UDP, and Port Range to 53/636.

After you configure security group rules, all ECS instances in the VPC networks can access the CSG instance through CEN. CSG supports standard storage protocols NFS, SMB, and iSCSI, allowing instances using these protocols to store volumetric data on Object Storage Service (OSS) for other instances using new storage protocols. This facilitates storage expansion, cross-region data sharing, data distribution, compatibility with legacy applications, and backup data archiving and transfer. For more information, see Cloud Storage Gateway scenarios.

Access the CSG instance

  • Access file gateways
    • For more information about how to access file gateways from a client that runs the Linux operating system, see Access NFS shares.
    • For more information about how to access file gateways from a client that runs the Windows operating system, see Access SMB shares.
  • Access block gateways