:Configure the network

Configure network

1. Log on to the console with an Alibaba Cloud account or as a RAM user with administration permissions. On the Instances page, click the Dedicated tab. Find your enterprise instance and click its name to go to the instance details page. On this page, you can see the current network status.

2. Click Modify in the Network Configuration section.

3. Click Modify, and select the network type you want to enable.

Configuration for access over the Internet

1. Select Access over Internet.

2. Configure the IP whitelist:

   1. For network safety reason, IP whitelist must be configured for access over the Internet.

   2. To allow access from your local environment only, add 127.0.0.1 to the whitelist.

   3. To allow access a specific segment, add an IP range like 10.10.10.0/24 to the whitelist.

   4. To allow access from any IP, add 0.0.0.0/0 to the whitelist.

   5. Separate IP addresses to be added with commas, and don't leave space before or after the commas.

3. Click Save to save the configuration for access over the Internet.

Configuration for access over VPC

1. Select Access over VPC.

2. Create Endpoint: If no active endpoint exists, fill in all the mandatory fields to create one. If you do not have VPC configuration permissions, follow the prompts to obtain authorization.

Create an endpoint

Enter the following details as prompted:

• VPC: Select a VPC or create a new one. For more details, see Create and manage a VPC. Make sure that the zone of the VPC switch aligns with the zone indicated on the network configuration page; otherwise, the switch information will not be retrievable.

• Security group: Select an existing security group or create a new one. When setting inbound rules, authorize the current VPC's IP range for access and open ports 80 and 443.

• Resource group (optional): Select an existing resource group.

Enable reverse access (optional)

Enable reverse access to allow the enterprise instance to access resources in your VPC. Reverse access is necessary in scenarios such as:

• Access enterprise user directory in your VPC.

• Access the dedicated database in your VPC (For example, AI Coding Assistant Lingma knowledge base uses its own storage service). See how to switch the enterprise knowledge base storage service connection.

Select Enable Reverse Access.

Configure reverse access security group rules

When reverse access is enabled, you can control the access to resources in your VPC by modifying ingress/egress rules of the security group selected when configuring endpoint.

In the security access rules, select the custom TCP and add the IP address of your VPC's target service to the inbound/outbound rules of the security group. Open all the ports for inbound access, and reject all the outbound access by defaut while only opening the ports required for the target service. For details on configuring inbound/outbound rules, see Add security group rules.

Save configurations

Click Save to apply configuration modifications, which will prompt an instance restart and temporary inaccessibility for about 5 minutes. When configuration takes effect, an endpoint will be created. If reverse access is enabled, a security group will also be created.

Before deploying network configuration in a production environment, make sure that the private network domain name is accessible. Once the instance reaches the In Use state, you can ping the active primary domain name from the intended access environment to check network connectivity.

When all the configurations is set, you can enter your VPC and start to work after accessing the private network domain name of the enterprise instance.