All Products
Search

This Product

    Global Accelerator:Network security

    Document Center

    Global Accelerator:Network security

    Last Updated:Aug 05, 2024

    Global Accelerator (GA) supports backend services that are deployed in virtual private clouds (VPCs). This prevents backend services from being exposed to the Internet and ensures network security. You can integrate Global Accelerator with Alibaba Cloud security services to protect your applications from attacks and ensure the security of backend services.

    Accelerate access to backend services that are deployed in VPCs

    You can specify the following resources in VPCs as the endpoints of Global Accelerator instances.

    GA instance type

    Resource in a VPC

    Standard Global Accelerator instance

    • Elastic Compute Service (ECS) instance

    • Classic Load Balancer (CLB) instance

    • Application Load Balancer (ALB) instance

    • NLB instance

    • Elastic network interface (ENI)

    • The private IP address and destination port of an ECS instance in a vSwitch

    Basic Global Accelerator instance

    • Secondary elastic network interface (ENI)

    • CLB instance

    • Elastic Compute Service instance

    • NLB instance

    After you specify the preceding resources in VPCs as the endpoints of Global Accelerator instances, clients can send requests to the accelerated IP addresses of Global Accelerator instances to connect to the global transmission network of Alibaba Cloud. Then, the requests are routed to the backend services in VPCs. This way, the backend services in VPCs can provide external services without the need to obtain public IP addresses.

    For more information about endpoints, see Overview of endpoints of a standard GA instance and Add and manage endpoint groups and endpoints for a basic GA instance.

    Attack mitigation

    You can use Global Accelerator together with Alibaba Cloud security services to protect your applications from attacks and ensure the security of backend services.

    Integrate GA with Anti-DDoS

    DDoS attacks are cyberattacks against targeted systems, which cause services to become unavailable to users. Global Accelerator is integrated with Anti-DDoS Origin Basic. Anti-DDoS Origin Basic can mitigate DDoS attacks at up to 5 Gbit/s for the accelerated IP addresses and endpoint group IP addresses of Global Accelerator instances free of charge. The mitigation capacity varies based on the region. When traffic exceeds the default scrubbing threshold of Anti-DDoS Origin Basic, traffic scrubbing is automatically triggered to protect against DDoS attacks.

    For more information about how Anti-DDoS Origin Basic works, see What is Anti-DDoS Origin? For more information about the scrubbing threshold for a Global Accelerator instance, see Anti-DDoS Origin Basic.

    Integrate GA with WAF to ensure application security

    Web Application Firewall (WAF) identifies malicious web traffic, scrubs traffic, filters out malicious traffic, and then forwards trusted traffic to servers. This protects web servers against attacks and ensures the security of data and services.

    For more information about WAF, see What is WAF? and Get started with WAF 3.0.

    For more information about how to integrate Global Accelerator with WAF, see Accelerate domain names hosted outside the Chinese mainland.