All Products
Search

This Product

    :Use CEN to connect ECS instances to a CSG instance

    Document Center

    :Use CEN to connect ECS instances to a CSG instance

    更新時間:Jun 18, 2024

    This topic describes how to use Cloud Enterprise Network (CEN) to enable Elastic Compute Search (ECS) instances in different virtual private clouds (VPCs) to communicate with the same Cloud Storage Gateway (CSG) instance.

    Background information

    CSG is a storage service that helps you seamlessly integrate on-premises applications, infrastructure, and data storage into Alibaba Cloud. You can deploy virtual devices compatible with standard storage protocols in an on-premises data center and on Alibaba Cloud to connect your storage applications and workloads to Alibaba Cloud storage and computing services.

    On Alibaba Cloud, many enterprise users interconnect multiple VPCs to run a large number of ECS clusters. However, CSG V1.0.31 and earlier versions support interconnecting ECS instances that are deployed only in the same VPC. These versions do not support interconnecting ECS instances that are deployed in different VPCs. Starting from version 1.0.32, CSG supports multiple VPC CIDR blocks: 192.168.0.0/16, 172.16.0.0./12, and 10.0.0.0/8.

    This topic shows how to configure CEN instances and security groups to enable ECS instances in three different VPCs to communicate with the same CSG instance.

    拓扑图

    • SG represents a security group.

    • VPC represents a virtual private cloud. 172.16.0.0/12 and other CIDR blocks are the supported CIDR blocks.

    Configure a CEN instance

    1. Log on to the CEN console.

    2. Create a CEN instance. For more information, see Step 2: Create a CEN instance.

    3. Attach network instances. For more information, see Step 3: Attach network instances.

      Attach the three VPCs to the CEN instance.

    Configure security groups

    Configure security groups to enable all the CEN instances to share the same CSG instance. In this example, you need to configure the following security groups: SG-10 and SG-192.

    1. Log on to the ECS console.

    2. Choose Network & Security > Security Groups.

    3. On the Security group page, find the security group and click Manage Rules in the Actions column.

    4. On the Security Group Details tab, go to the Access Rule section and click the Inbound or Outbound tab based on your business requirements.

    5. Add a security group rule. Select All ICMP (IPv4) from the Protocol Type drop-down list. For more information about how to configure other parameters, see Add a security group rule.

      If you need to use Lightweight Directory Access Protocol (LDAP) and Active Directory (AD), set Protocol Type to Custom TCP or Custom UDP, and Port Range to 53/636.

    The security group configuration allows all ECS instances attached to the CEN instance to connect to the bucket by using the CSG instance over the Network File System (NFS), Server Message Block (SMB), or Internet Small Computer System Interface (iSCSI) protocol. This implementation provides many benefits in scenarios such as storage scaling, cross-region sharing, data dissemination, adaption to traditional applications, and backup arching. For more information, see CSG scenarios.

    Access the CSG instance

    • Access file gateways
      • For more information about how to access file gateways from a client that runs the Linux operating system, see Access an NFS share.
      • For more information about how to access file gateways from a client that runs the Windows operating system, see Access an SMB share.
    • Access block gateways