Allowlist Mode Security Policies

Allowlist-based security policies ensure that east-west access between virtual machines conforms to the "least privilege" principle.

Hybrid Security Policy

Support configuration policies in both allowlist and blocklist simultaneously, enhancing flexibility and simplifying security management.

Sticky Policies

Security policies can follow virtual machines as they migrate automatically from host to host, cluster to cluster, without the need to reset them. Security policies are enforced independent of the physical host, segment, and IP address of the virtual machine.

VM Labels and Security Groups

Tag virtual machines with "labels" and "security groups" to provide a clear view of security policies. VMs can be dynamically assigned to "security groups" based on label or label combinations, simplifying security policies for non-contiguous IP addresses.

"One-Click Quarantine" of Suspected VMs

Isolate suspected and infected VMs with one click, and set dedicated access policies for them in order to process further operations such as shutdown and recovery.

Automated API-Based Security Management

Support API-based automation. The security management center can quickly issue/update security policies.

Rich Load Balancing Algorithms

Provide a variety of load balancing algorithms to cater to the diverse demands of multiple application scenarios, including round-robin, weighted round-robin, least connections, weighted least connections, source IP address hash, and destination IP address hash.

Comprehensive and Proactive Health Check

Periodically perform proactive health checks on the backend servers via TCP, HTTP, UDP, ICMP protocols. Support configuring multiple health monitors for the same group of backend servers, enabling a thorough health assessment on server pools.

Diverse Address Translation Methods

Offer FullNAT and DNAT for flexible address translation choices. Different virtual services within the same cluster can use different address translation methods.

Application Traffic Control and Concurrent Connection Management

Allow for setting inbound and outbound traffic limits for virtual services, and regulating the number of concurrent connections between clients and virtual services at a time. This prevents any single virtual service or client from monopolizing excessive resources, ensuring a balanced resource allocation and mitigating the impact of DoS attacks on the system.

Access Control Via Allowlists and Blocklists

Manage client IP addresses with allowlists and blocklists to enhance system security and robustness, safeguarding service resources from malicious requests and potential disruptions.

Customized Logically Isolated Space

Enable customizing logically isolated VPCs, allowing you to create dedicated VPC resources, manage subnets, allocate IP addresses, and autonomously control network traffic with gateway services and security services.

Multiple Gateway Services

Support configuring floating IP gateways, NAT gateways, Layer 3 routing gateways, Layer 2 bridging gateways, etc., enabling flexible interconnection between virtual machines and external networks to meet the requirements of different applications.

Well-Defined Traffic Planning

Support configuring routing tables and routing rules for VPC subnets to route traffic heading for destination addresses to specified next-hop gateway services, allowing you to manage VPC traffic models with convenience and ease.

Reliable Network Security Protection

Support setting distributed firewalls for VPCs, which offers service-aware security policies based on security groups, allowlisting mechanisms that secure east-west traffic between virtual machines, and one-click quarantine of infected VMs.

Open Cloud Network Collaboration Mode

Seamlessly connect with various cloud platforms through open APIs, providing enterprises with automated and flexible network configuration options to better support agile cloud applications.