Data Management (DMS) provides the IP address whitelist feature for enhanced access control. This feature allows enterprises to restrict DMS access to authorized users within trusted network environments. This topic describes the scenarios and related operations of the IP address whitelist feature. This topic also provides answers to frequently asked questions (FAQs) about the IP address whitelist feature.
Scenarios
We recommend that you use the IP address whitelist feature in enterprise bandwidth environments in which static public IP addresses are used as outbound IP addresses. You can add static outbound IP addresses to a whitelist to allow enterprise users to access DMS only from these authorized IP addresses. You can contact technical support to configure outbound IP addresses of your enterprise network.
Feature description
Default settings
By default, the IP address whitelist feature is enabled when DMS is activated. The default whitelist setting is 0.0.0.0/0
, which indicates that users can access DMS from all IP addresses. You can add one or more IP addresses to a whitelist in the format of the default whitelist setting.
Go to the Access IP Whitelists page
- Log on to the DMS console V5.0.
Move the pointer over the icon in the upper-left corner and choose
.NoteIf you use the DMS console in normal mode, choose
in the top navigation bar.
Related operations
Disable the IP address whitelist feature
On the Access IP Whitelists page, click Click to Close. Then, users can access DMS from all IP addresses. The existing whitelists no longer take effect but are not deleted.
Enable the IP address whitelist feature
On the Access IP Whitelists page, click Click to Open. Then, the IP address whitelist feature is enabled. You can specify the IP addresses from which DMS can be accessed. Users cannot access DMS from the IP addresses that are not added to the whitelists.
Create an IP address whitelist
On the Access IP Whitelists page, click Create Whitelist. In the Add IP Whitelist dialog box, configure the IP Addresses and Description parameters, and then click Submit.
Separate multiple IP addresses with semicolons (;).
Delete an IP address whitelist
On the Access IP Whitelists page, find the IP address whitelist that you want to delete and click Delete in the Actions column. In the Prompt message, click OK.
Modify an IP address whitelist
On the Access IP Whitelists page, find the IP address whitelist that you want to modify and click Edit in the Actions column. In the Change IP Whitelist dialog box, modify the IP Addresses and Description parameters, and then click Submit.
FAQ
Q: What do I do if IP address whitelists are configured for an enterprise but an enterprise user needs to access DMS from home?
A:
If the enterprise offers a VPN, the user can access DMS from home by using the VPN. You do not need to modify the IP address whitelists because the user uses an outbound IP address of the enterprise network to access DMS.
If the enterprise does not offer a VPN, the enterprise administrator must add the IP address of the user device to a whitelist.
Q: What do I do if the enterprise has multiple branches with different IP addresses?
A: You can add the IP addresses of different branches to an IP address whitelist for accessing DMS based on your business requirements.
Q: Can I revoke the access permissions from an IP address that is added to a whitelist for temporary access?
A: Yes, you can remove the IP address from the whitelist.
Q: What do I do if the enterprise IP address changes and cannot be used to access DMS after the enterprise data center restarts upon power outage?
A:
Submit a ticket to Alibaba Cloud and provide the ID of the Alibaba Cloud account that activates DMS Enterprise. At the same time, log on to the DMS console and submit a ticket to disable the IP address whitelist feature. Then, a DMS administrator logs on to the DMS console and updates IP addresses in the whitelists.
In the future, a DMS administrator can log on to the DMS console, disable the IP address whitelist feature by using Short Message Service (SMS) verification, and then update IP addresses in the whitelists.
Q: Do security risks exist if the IP address whitelist feature is enabled but the default whitelist setting
0.0.0.0/0
is used?A: No security risks exist because DMS Enterprise provides two additional security assurances. After the IP address whitelist feature is enabled, you can add the specified IP addresses to a whitelist or disable the IP address whitelist feature as a DMS administrator based on your business requirements. The following two additional security assurances are provided:
Users can access DMS only by using a valid Alibaba Cloud account and password.
Enterprise users cannot access effective user data in DMS Enterprise by using an Alibaba Cloud account or a Resource Access Management (RAM) user if these accounts are not registered with DMS Enterprise.