If you want to use Security Center to protect Elastic Compute Service (ECS) instances that reside in a virtual private cloud (VPC) and are inaccessible over the Internet, you can use the proxy access feature to add the ECS instances to Security Center for protection. This topic descries how to add ECS instances in a VPC to Security Center by using the proxy access feature.

How proxy access works

To use the proxy access feature, you must specify an ECS instance that resides in a VPC and is accessible over the Internet as the proxy server, install the Security Center agent on the ECS instance, and then configure Domain Name System (DNS) resolution to establish communications between other ECS instances in the VPC and Security Center. This way, Security Center can protect the other ECS instances in the VPC.

Important You can use the proxy access feature to protect the ECS instances in a VPC instead of the ECS instances in the classic network.

Prerequisites

  • A VPC is created. For more information, see Create a VPC and a vSwitch.
  • At least one ECS instance in the VPC is accessible over the Internet.
  • Alibaba Cloud DNS PrivateZone is activated. For more information, see Activate PrivateZone.

Step 1: Configure network settings

Before you can add ECS instances to Security Center, you must configure VPC and DNS settings.

  1. Log on to the Alibaba Cloud DNS console. In the left-side navigation pane, click PrivateZone.
  2. Create a zone named aegis.aliyun.com and configure the zone.
    1. On the PrivateZone page, click Add Zone.
    2. In the Add Zone dialog box, enter aegis.aliyun.com in the Zone Name field and click OK.
    3. On the PrivateZone page, find the zone named aegis.aliyun.com and click DNS Settings in the Actions column.
    4. On the Configure DNS Settings tab, click Add DNS Record.
    5. In the Add DNS Record dialog box, configure the parameters and click OK.
      Important You must repeat this step to add eight DNS records. The records differ only in the values of the Hostname parameter. You must specify the following values for the Hostname parameter:
      • update2, update3, update4, update5
      • jsrv2, jsrv3, jsrv4, and jsrv5
      Parameter Description
      Record Type Retain the default value A.
      Hostname Enter the record value of a host. Example: update2.
      Record Value Enter the private IP address of the proxy server.
      TTL Period Specify the time to live (TTL) for caching. Default value: 1 Minutes.
    6. Return to the PrivateZone page, find the zone named aegis.aliyun.com, and then click Associate VPC in the Actions column.
    7. In the Associate VPC panel, select the VPC in which the ECS instances to protect reside and click OK.
  3. Create zone named aegis.alicdn.com and configure the zone.
    1. On the PrivateZone page, click Add Zone.
    2. In the Add Zone dialog box, enter aegis.alicdn.com in the Zone Name field and click OK.
    3. On the PrivateZone page, find the zone named aegis.alicdn.com and click DNS Settings in the Actions column.
    4. On the Configure DNS Settings tab, click Add DNS Record.
    5. In the Add DNS Record dialog box, configure the parameters and click OK.
      Parameter Description
      Record Type Retain the default value A.
      Hostname This parameter is empty by default. Do not specify a value.
      Record Value Enter the private IP address of the proxy server.
      TTL Period Specify the TTL for caching. Default value: 1 Minutes.
    6. Return to the PrivateZone page, find the zone named aegis.alicdn.com, and then click Associate VPC in the Actions column.
    7. In the Associate VPC panel, select the VPC in which the ECS instances to protect reside and click OK.

Step 2: Create a cluster

  1. Log on to the Security Center console.In the left-side navigation pane, choose System Configuration > Feature Settings.
  2. On the Agent tab, click the Proxy Access tab. Then, click Create Cluster.
  3. In the Create Cluster dialog box, enter a cluster name and a description, and click OK.
    After you create a cluster, you cannot change the name of the cluster. We recommend that you enter an informative name.
  4. On the Proxy Access tab, find the cluster that you create and click Installation Command in the Actions column. In the Agent Installation Command dialog box , click Copy Command to save the command.
  5. Log on to the proxy server by using an account that has administrative rights and run the the installation command that you copy in the last step. For more information, see 44.
    You can view the status of the Security Center agent in the Security Center console approximately 5 minutes after the agent is installed on the proxy server. If the Security Center agent is successfully installed, the agent status for the proxy server changes to Online.

What to do next

Configure proxy settings

If you want to specify a transmission mode for data that is collected by Security Center and specify an upper limit on the network bandwidth for communications with Security Center, you can perform the following steps. The data includes file data, process data, and network logs.

  1. Log on to the Security Center console.In the left-side navigation pane, choose System Configuration > Feature Settings.
  2. On the Proxy Access tab of the Agent tab, find the cluster that you create in Step 2 and click Proxy Settings in the Actions column.
  3. In the Proxy Settings dialog box, configure the parameters and click OK.
    The following table describes the parameters that you can configure for Security Center to collect includes file data, network logs, and process data.
    Parameter Description
    Transmission Mode Select a data transmission mode from the drop-down list. Valid values:
    • Send Data Back to Management Center: In this mode, data is transmitted to Security Center to detect risks and threats.
    • Directly Cache to Specified Directory: In this mode, data is cached to the specified VPC to detect risks and threats. If you select this mode, collected logs are stored in the /usr/local/aegis/proxy/log/export.log file on the proxy server.
    Data Bandwidth Limit Select a value from the drop-down list. This parameter is required only if you select Send Data Back to Management Center for Transmission Mode.
    You can determine whether to impose an upper limit on the network bandwidth for the communications between the proxy server and Security Center based on your business requirements. Valid values:
    • Unlimited: Do not specify an upper limit.
    • Custom: Specify an upper limit based on your business requirements. If you select this option, specify a value that ranges from 1 to 65535. Unit: MB/s.

Delete the cluster

If you no longer want Security Center to protect the ECS instances that are added to Security Center by using the proxy access feature, you can perform the following steps to delete the cluster and DNS settings that are used. After you delete the cluster, Security Center cannot communicate with the ECS instances in the VPC. If you delete only the cluster and do not delete the DNS settings, the proxy server cannot connect to Security Center.

  1. In the Security Center console, delete the cluster that is created for the proxy server.
    1. Log on to the Security Center console.In the left-side navigation pane, choose System Configuration > Feature Settings.
    2. On the Proxy Access tab of the Agent tab, find the cluster and click Delete in the Actions column.
    3. In the Prompt message, click OK.
  2. In the Alibaba Cloud DNS console, delete the DNS settings of the zones named aegis.aliyun.com and aegis.alicdn.com.
    1. Log on to the Alibaba Cloud DNS console. In the left-side navigation pane, click PrivateZone.
    2. On the PrivateZone page, find the zone named aegis.aliyun.com and click DNS Settings in the Actions column.
    3. On the page that appears, select the DNS records whose Hostname is update2, update3, update4, update5, jsrv2, jsrv3, jsrv4, and jsrv5 and click Delete below the list of DNS records.
    4. In the Remove DNS Record message, click OK.
    5. Return to the PrivateZone page, find the zone named aegis.alicdn.com, and then click DNS Settings in the Actions column.
    6. On the page that appears, find the DNS record whose Hostname is empty and click Delete in the Actions column.
    7. In the Remove DNS Record message, click OK.