Cloud Firewall visualizes the traffic between different types of business to help you learn the access relationships between types of business. This way, you can determine the access control policies to apply.
Prerequisites
Before you can visualize traffic, you must create business groups and application groups and add applications to these groups.
Background information
Take note of the following concepts:
Business group: In east-west traffic visualization, a business group is a set of application groups for a specific type of business. For example, a web portal business group can contain a web application group and a database application group.
Application group: In east-west traffic visualization, an application group is a set of applications that provide the same service or similar services. For example, all Elastic Compute Service (ECS) instances that are deployed with MySQL can be added to the same database application group.
Application: The smallest unit in east-west traffic visualization. By default, an application is a set of all open ports on an ECS instance. You can create an application by cloning a specified application through a specified port.
Step 1: Create a business group
Log on to the Cloud Firewall console.
In the left-side navigation pane, choose
.On the Custom Groups page, click the Business Groups tab.
On the Business Groups tab, select a virtual private cloud (VPC) in which you want to create a business group.
ImportantYou can select an existing VPC or a classic network-type instance. You can specify only one VPC for each business group.
Click Create Business Group.
In the Create Business Group dialog box, configure the parameters.
Name: Enter the name of the business group. The name must be 1 to 40 characters in length.
Description: Enter the description of the business group.
Importance Degree: Specify the importance degree of the business group. This helps you distinguish business groups of different importance degrees in the business relations graph. Valid values: Moderate, Important, and Critical.
On the Application Groups page, you can filter business groups by importance degree.
Click OK.
The new business group belongs to the VPC that you select. In the business group list, you can click Modify or Delete to manage the business group.
NoteYou cannot delete a business group that contains application groups.
Step 2: Create an application group
Log on to the Cloud Firewall console.
In the left-side navigation pane, choose
.On the Custom Groups page, click the Application Groups tab.
On the Application Groups tab, select a VPC in which you want to create an application group.
Click Create Application Group.
In the Create Application Group dialog box, configure the parameters.
Name: Enter the name for the application group. The name must be 1 to 40 characters in length.
Description: Enter the description of the application group.
Importance Degree: Specify the importance degree of the application group. This helps you distinguish application groups of different importance degrees in the business relations graph. Valid values: Moderate, Important, and Critical.
On the Application Groups page, you can click a business group, and filter application groups by importance degree.
Business Group: You can select Select Existing Business Group or Create Business Group.
If you select Select Existing Business Group, you must select an existing business group in the Name drop-down list that appears below Business Group.
ImportantThe new application group is automatically added to the VPC to which the specified business group belongs.
If you select Create Business Group, you must configure the Name, Description, and Importance Degree parameters that appear below Business Group.
Click OK.
Optional. Click Assign in the Actions column to change the business group to which the new application group belongs.
After you complete this operation, the value of Application Groups on the Business Groups tab changes.
After you create an application group, you can also click Modify or Delete to manage the application group.
NoteYou cannot delete an application group that contains applications.
Step 3: Specify an application group and a business group for an application
On the Applications tab, you can view the numbers of business groups, application groups, applications, and ECS instances in Cloud Firewall.
Log on to the Cloud Firewall console.
In the left-side navigation pane, choose
.On the Custom Groups page, click the Applications tab.
Search for an application.
Click Assign in the Actions column, and add the application to a business group and an application group that you create.
NoteAfter you complete this operation, the value of Business groups and Application groups on the Business Groups tab changes.
Optional. Choose More > Clone in the Actions column to create a clone of the application.
After you activate Cloud Firewall, a default application is created for each ECS instance. The traffic bound to an ECS instance is automatically mapped to the default application. If the applications of an ECS instance are associated with different types of business, you can choose More > Clone to clone an application and click assign to specify a new business group and application group for the application. When you clone an application, you can modify the values of the ECS Instance ID, Port, and Process Name parameters.