Tencent Distributed Cloud is deployed in the customer data center. The cloud environment is operated and maintained by Tencent Cloud, while the customer is responsible for the operation and maintenance of the overall environment and network of the data center. Therefore, a special design for environmental security is required to meet the security management requirements of Tencent Cloud and the business security requirements of the customer.
CDC Security Management Solution
Cabinet Security: CDC supports the provision of smart cabinets, which can support smart door locks and support remote switches for daily shutdown to prevent unauthorized personnel from touching the equipment. When deployed in the customer cabinet, the dynamic environment monitoring system will still be deployed. The dynamic environment system also has door opening detection, and there are cameras to monitor the physical environment around the CDC 24 hours a day, which can detect and alarm unauthorized physical access in a timely manner.
Equipment Security: Each physical device is deployed with Tencent's self-developed security agent, which can detect illegal physical ports and network connections, and can perform intelligent analysis on device operations. Unauthorized physical intrusions can be detected and alarmed in a timely manner.
Network Security: A dedicated VPN channel is built between the CDC and the cloud region, and control data is transmitted through the VPN channel to avoid information security risks caused by unauthorized retention of traffic. At the same time, the servers and switches in the CDC only support authorized ports and IPs for communication. Tencent's internal security protection system will conduct security checks on access from the cloud to the cloud to avoid intrusion.
CDZ Security Management Solution
Cabinet Security: CDZ will isolate the cabinets of the customer data center used, and arrange engineers to guard on site to avoid unauthorized access.
Equipment Security: Each physical device is deployed with Tencent's self-developed security agent, which can detect illegal physical ports and network connections, and can perform intelligent analysis on device operations. Unauthorized physical intrusions can be discovered and alarmed in time.
Network Security: CDZ and the cloud region are directly connected at the second layer through a dedicated line to avoid network intrusion.