文档中心API Explorer
ZHEN
文档中心ZVF技术设计ZVF

Security

Compute Security

HTTPS-encrypted UI Login

The system uses HTTPS by default for accessing the UI management interface, providing enhanced security.
  • HTTPS Protocol: ZStack ZSphere automatically redirects to the HTTPS address on port 443 by default. You can access the UI management interface by entering the management node IP address in your browser, for example, https://management_node_ip.
  • HTTP Protocol: HTTP protocol is disabled by default, but you can configure it manually if needed.
  • The system supports PKCS12 format certificates by default. Currently, only PKCS12 and JKS format certificates are supported. If you are using certificates in other formats, convert them to a supported format.

VM Console

The VM console provides users with a streamlined entry point for monitoring and managing virtual machines. You must have appropriate permissions to access the VM console. Two authentication methods are supported for console login: SSH key authentication and username/password.
  • SSH Key Authentication
    • You can use SSH key authentication to log in to Linux virtual machines.
    • An SSH key is a pair of cryptographic keys generated by an algorithm: a public key, which is shared openly, and a private key, which is kept secure by the user.
    • After a public key is attached to a virtual machine, you can use the corresponding private key to SSH into the virtual machine from another virtual machine without requiring a password.
    • To attach a public key during the virtual machine creation, ensure that the VM image has cloud-init pre-installed. The recommended cloud-init versions are 0.7.9, 17.1, 19.4, or later.
    • To attach a public key after the virtual machine creation, ensure that the virtual machine is running and has QEMU Guest Agent (QGA) installed and running. You can install QGA by installing the VMTools. If you install QGA by using other methods, install version 2.5 or later.
  • Username/Password
    • You can log into virtual machines using a username and password.
    • The fixed username for Linux virtual machines is root, and the fixed username for Windows virtual machines is administrator.
    • After a password is injected into a virtual machine, you can use the username or password to SSH into the virtual machine from another virtual machine.
    • Ensure that the VM image has cloud-init pre-installed. The recommended cloud-init versions are 0.7.9, 17.1, 19.4, or later.

High Availability

VM HA

Virtual machines support the high availability (HA) mode. This policy can trigger automatic VM restart when a VM is stopped due to routine maintenance (planned) or unexpected failures (unplanned), thereby improving VM availability.

NeverStop VM HA Mechanism:
  • The system uses polling and trigger-based mechanisms to monitor the virtual machine status. If the virtual machine is confirmed to be stopped, a VM configured with HA will be automatically restarted.
  • The system uses polling and trigger-based mechanisms to monitor the virtual machine status. If the VM status cannot be definitively determined, the following detection process is initiated:
    1. Based on the existing network configuration, select the most accurate method to probe the status of the host where the virtual machine resides.
    2. If the status of the host is abnormal, the HA-enabled virtual machine will attempt to restart automatically.

IP/MAC/ARP Spoofing Protection

In traditional networks, IP/MAC/ARP spoofing has always been a severe challenge. Through IP/MAC/ARP spoofing, attackers can disrupt the network environment and intercept network secrets.

The system isolates abnormal protocol access initiated by virtual machines at the host's data link layer and blocks virtual machine MAC/ARP spoofing. It also prevents virtual machine IP spoofing at the host's network layer.

Images and Snapshots

Images

You can create images from virtual machines. An image contains a complete data information of a virtual machine. You can use images to quickly replicate corresponding resources.

ZStack ZSphere provides protection for image integrity and security:
  • Images use encryption algorithms to protect integrity. When an image is downloaded from the image storage to a data storage, it must pass encryption algorithm verification. The download only proceeds if the verification is successful.
  • Image files are stored in slices in the image storage. The sliced image files must be reassembled by ZStack ZSphere before you can read their specific content, thereby ensuring the image data security.

Snapshots

You can create snapshots for virtual machines. A snapshot is essentially a data state file of a disk at a specific time. Before performing important operations, creating a snapshot for a virtual machine can retain the data state (including the memory state) at that specific time, facilitating quick rollback in case of failures. For long-term backup, it is recommended that you use the backup service.

The snapshot feature is applied in the following scenarios:
  • Quick Failure Recovery: If an unexpected failure occurs in the production environment, you can use the snapshot rollback feature to quickly restore the environment to the normal state. This method is a temporary solution. For comprehensive long-term data protection, it is recommended that you use the backup service.
  • Data Development: By creating snapshots of production data, you can acquire near real-time authentic production data for applications such as data mining, report query, and development testing.
  • Improve Operation Fault Tolerance: Before major operations such as system upgrades or business data migration, we recommend that you create one or more snapshots. If any problem occurs during the upgrade or migration process, you can use snapshots to restore the normal system data state in time.

Encrypted Password Storage

ZStack ZSphere supports encrypted storage of all plaintext passwords to protect the privacy and autonomy of user data.

Supported scenarios for encrypted password storage include, but are not limited to:
  • Host passwords: Not displayed in plaintext.
  • Data storage passwords: Not displayed in plaintext.
  • Database passwords: Encrypted and stored by using keys and hidden from users directly.
  • Log passwords: All platform log passwords are either not displayed in plaintext or are hidden from users.

Resource Deletion Protection

Deletion Policy

ZStack ZSphere supports configuring deletion policies for critical resources to reduce the risk of accidental deletion.

The current deletion policies include Immediate Deletion, Delayed Deletion, and Never Delete.
  • Immediate Deletion: Resources are physically deleted directly and removed from the database. Deleted resources cannot be recovered.
  • Delayed Deletion: Resources are first marked as deleted in the database but are not physically deleted. Within a certain period, you can recover resources from the recycle bin in the UI or using APIs. During this period, resources still exist physically and occupy physical space (for example, disk space). After a certain period, resources are physically deleted and cannot be recovered.
  • Never Delete: Resources are marked as deleted in the database but are never physically deleted. They occupy physical space all the time.
Resources that currently support deletion policy include virtual machines, disks, images, and bare metal instances.
  • VM Deletion Policy: Immediate Deletion, Delayed Deletion, and Never Delete. The default policy is Delayed Deletion.
  • Disk Deletion Policy: Immediate Deletion, Delayed Deletion, and Never Delete. The default policy is Delayed Deletion.
  • Image Deletion Policy: Immediate Deletion, Delayed Deletion, and Never Delete. The default policy is Delayed Deletion.
  • Bare Metal Instance Deletion Policy: Immediate Deletion and Never Delete. The default policy is Never Delete.

UI Deletion Reminder

The UI provides a protection mechanism for deleting important resources. The system displays the consequences of deleting the resource and shows the number of directly associated virtual machines and disks. You must confirm the deletion to proceed, reducing the risk of accidental operation.

Monitoring and Alarm

The monitoring and alarm feature is primarily delivered through an monitoring system and the notification system. The monitoring system monitors time-series data and events, and the notification system pushes alarms to specified endpoints.

The monitoring system provides monitoring data metrics, including system performance and resource utilization, in forms such as large-screen monitors, dashboards, graphical charts, and banner notifications, allowing you to fully understand platform resource utilization, operational status, and health indicators. You can also customize alarms and endpoints to achieve flexible and fine-grained monitoring, promptly discover and diagnose related issues.

Characteristics of the monitoring system:
  • Time-Series Monitoring: The system currently supports monitoring two types of time-series data.
    • Resource Load Data: For example, virtual machine CPU utilization and host memory utilization.
    • Resource Capacity Data: For example, the number of available IP addresses and the total number of running virtual machines.
  • Event Collection: Collects predefined events that occur in ZStack ZSphere, such as host disconnection and virtual machine high availability activation.
  • Alerting: Generates alarms for time-series data or events and provides global notifications for important resources, such as available physical capacity of data storage.
  • Auditing: Records all operations and provides search functionality.
  • Customization: Allows you to customize alarms and alert message templates.
Characteristics of the notification system:
  • Pushes alarm messages to specified endpoints.
  • The system provides a system endpoint by default. You can set other types of endpoints.

Network Security

Security Group

Security groups for virtual machines provide control over TCP/UDP/ICMP and other data packets, enabling effective filtering and allowing you to enforce specific security rules for traffic on designated NICs.

Access Control Security

Two-Factor Authentication

ZStack ZSphere supports two-factor authentication (2FA) as an additional layer of security beyond static passwords. When 2FA is enabled, you must correctly enter a 6-digit dynamic security code from your authenticator app during each login attempt to gain access.

After 2FA is enabled and you successfully log in for the first time, the login QR code is no longer displayed. This helps prevent malicious login attempts and further enhances system security.

AccessKey Authentication

ZStack ZSphere supports AccessKey authentication.

Local AccessKey, consisting of AccessKey ID and AccessKey Secret, is a secure credential issued by ZStack ZSphere. Local AccessKey authorizes third-party users to call the ZStack ZSphere's APIs and access its resources. These credentials must be kept strictly confidential.

Task and Event

ZStack ZSphere provides unified log management, recording user logins and resource operations performed under various accounts. The logs capture details such as operation description, task result, operator, client IP, task creation and completion time, and operation return details. Through operation log auditing, you can meet requirements for security analysis, intrusion detection, resource change tracking, and compliance auditing.

上一篇O&M Management下一篇Openness and Compatibility