Global Accelerator (GA) supports backend services that are deployed in virtual private clouds (VPCs). This prevents backend services from being exposed to the Internet and ensures network security. You can integrate Global Accelerator with Alibaba Cloud security services to protect your applications from attacks and ensure the security of backend services.
Accelerate access to backend services that are deployed in VPCs
You can specify the following resources in VPCs as the endpoints of Global Accelerator instances.
GA instance type | Resource in a VPC |
Standard Global Accelerator instance |
|
Basic Global Accelerator instance |
|
After you specify the preceding resources in VPCs as the endpoints of Global Accelerator instances, clients can send requests to the accelerated IP addresses of Global Accelerator instances to connect to the global transmission network of Alibaba Cloud. Then, the requests are routed to the backend services in VPCs. This way, the backend services in VPCs can provide external services without the need to obtain public IP addresses.
For more information about endpoints, see Overview of endpoints of a standard GA instance and Add and manage endpoint groups and endpoints for a basic GA instance.
Attack mitigation
You can use Global Accelerator together with Alibaba Cloud security services to protect your applications from attacks and ensure the security of backend services.
Integrate GA with Anti-DDoS
DDoS attacks are cyberattacks against targeted systems, which cause services to become unavailable to users. Global Accelerator is integrated with Anti-DDoS Origin Basic. Anti-DDoS Origin Basic can mitigate DDoS attacks at up to 5 Gbit/s for the accelerated IP addresses and endpoint group IP addresses of Global Accelerator instances free of charge. The mitigation capacity varies based on the region. When traffic exceeds the default scrubbing threshold of Anti-DDoS Origin Basic, traffic scrubbing is automatically triggered to protect against DDoS attacks.
For more information about how Anti-DDoS Origin Basic works, see What is Anti-DDoS Origin? For more information about the scrubbing threshold for a Global Accelerator instance, see Anti-DDoS Origin Basic.
Integrate GA with WAF to ensure application security
Web Application Firewall (WAF) identifies malicious web traffic, scrubs traffic, filters out malicious traffic, and then forwards trusted traffic to servers. This protects web servers against attacks and ensures the security of data and services.
For more information about WAF, see What is WAF? and Get started with WAF 3.0.
For more information about how to integrate Global Accelerator with WAF, see Accelerate domain names hosted outside the Chinese mainland.
Integrate GA with Cloud Firewall to implement fine-grained traffic control
Cloud Firewall provides a unified and comprehensive security isolation and control solution for your cloud network assets and includes Internet firewalls, VPC firewalls, and host firewalls. The Internet firewall controls the inbound and outbound traffic of all Internet-facing assets in a centralized manner at the Internet boundary.
You can use the Internet firewall to manage inbound and outbound traffic between your Internet-facing assets and the Internet in a fine-grained manner. This helps reduce the exposures of the Internet-facing assets on the Internet and security risks of business traffic.
The Internet firewall can protect the accelerated IP addresses of Global Accelerator. For more information about how to enable the Internet firewall for accelerated IP addresses, see Internet Firewall.
For more information about how to use GA and Cloud Firewall to implement region-specific access control, see Use GA together with Cloud Firewall to implement region-specific access control and acceleration.