Simple Application Server supports network isolation based on methods such as virtual private clouds (VPCs) and firewalls, thereby significantly enhancing the security of resource access.
VPC-based network isolation
Simple Application Server is integrated with Alibaba Cloud VPC. By default, simple application servers under the same account and region are assigned to the same VPC to facilitate communication. Take note that Elastic Compute Service (ECS) instances and ApsaraDB services utilizing the identical VPC cannot establish direct connections with these servers, despite being part of the same network infrastructure. For example, simple application servers cannot directly communicate with ApsaraDB RDS instances that reside within the same VPC.
To facilitate communication among ECS instances, ApsaraDB services, and simple application servers sharing the same VPC, you can enable the service interconnectivity feature. For more information, see Manage service interconnection.
Firewall-based attack blocking
Simple Application Server integrates a robust firewall system and employs advanced intrusion detection technologies to scrutinize and filter network traffic. This proactive approach enables early detection and effective blocking of potential security threats, ensuring system safety from the outset. By default, the system permits network traffic exclusively over ports 22, 80, and 443, with all other ports disabled for enhanced security. You have the flexibility to enable additional ports as needed. For more information, see Manage the firewall of a simple application server.
A firewall controls only the inbound traffic of a simple application server. All outbound traffic of a simple application server is allowed by default.
Inbound traffic: the traffic generated when data is transmitted to a simple application server over the Internet or a VPC.
Outbound traffic: the traffic generated when data is transmitted from a simple application server over the Internet or a VPC.