This topic describes how to use Cloud Enterprise Network (CEN) to enable Elastic Compute Search (ECS) instances in different virtual private clouds (VPCs) to communicate with the same Cloud Storage Gateway (CSG) instance.
Background information
CSG is a storage service that helps you seamlessly integrate on-premises applications, infrastructure, and data storage with Alibaba Cloud. You can deploy virtual devices compatible with standard storage protocols in an on-premises data center and on Alibaba Cloud to connect your storage applications and workloads to Alibaba Cloud storage and computing services.
On Alibaba Cloud, many enterprise users interconnect multiple VPCs to run a large number of ECS clusters. However, CSG V1.0.31 and earlier versions support interconnecting ECS instances that are deployed only in the same VPC. These versions do not support interconnecting ECS instances that are deployed in different VPCs. Starting from version 1.0.32, CSG supports multiple VPC CIDR blocks: 192.168.0.0/16, 172.16.0.0./12, and 10.0.0.0/8.
This topic shows how to configure CEN instances and security groups to enable ECS instances in three different VPCs to communicate with the same CSG instance.
SG represents a security group.
VPC represents a virtual private cloud. 172.16.0.0/12 and other CIDR blocks are the supported CIDR blocks.
Configure a CEN instance
Log on to the CEN console.
Create a CEN instance. For more information, see Step 2: Create a CEN instance.
Attach network instances. For more information, see Step 3: Attach network instances.
Attach the three VPCs to the CEN instance.
Configure security groups
Configure security groups to enable the CEN instance to share the same CSG instance. In this example, you need to configure the following security groups: SG-10 and SG-192.
Log on to the ECS console.
In the left-side navigation pane, choose . On the Security group page, find the security group and click Manage Rules.
In the Access Rule section of the Security Group Details tab, select the traffic direction, click Add Rule or Quick Add, select a protocol type, set a port or port range, and specify authorization objects.
Select All ICMP (IPv4) from the Protocol Type drop-down list. For more information about how to configure other parameters, see Add a security group rule.
If you need to use Active Directory (AD), set Protocol Type to Custom TCP or Custom UDP, and set Port Range to 53/636.
The security group configuration allows all ECS instances attached to the CEN instance to connect to the bucket by using the CSG instance over the Network File System (NFS), Server Message Block (SMB), or Internet Small Computer System Interface (iSCSI) protocol. This implementation provides many benefits in scenarios such as storage scaling, cross-region sharing, data dissemination, adaption to traditional applications, and backup archiving. For more information, see CSG scenarios.
Access the CSG instance
- Access file gateways
- For more information about how to access file gateways from a client that runs the Linux operating system, see Access an NFS share.
- For more information about how to access file gateways from a client that runs the Windows operating system, see Access an SMB share.
- Access block gateways
- For more information about how to access block gateways from a client that runs the Linux operating system, see Use volumes on a Linux ECS instance.
- For more information about how to access block gateways from a client that runs the Windows operating system, see Use volumes on a Windows ECS instance.