Overview of Security Whitepaper
DDS is a secure and trusted document database service provided by eSurfing Cloud. DDS supports multiple architectures and provides key database capabilities on the cloud, such as high availability, high reliability, high security, scaling, fast backup and restoration, and monitoring. It provides customers with a complete performance monitoring system and multiple security protection measures, and is equipped with a professional database management platform, allowing users to easily set up, operate and expand document database services.
To ensure the security of operations, data and service, and support customers to carry out business activities safely and orderly, eSurfing Cloud prohibits O&M personnel from deleting instances and backup data while removing resources, accessing customer database instances without the written authorization from customers, and processing and transferring customer data.
DDS provides many features to ensure the reliability and security of tenant database, such as VPC, security group, permission setting, SSL connection, automatic/manual backup, cross-AZ deployment. These features can help tenants better manage and protect their databases.
Network Isolation
The DDS instance runs in an independent VPC, which is not shared with other instances. After the instance is created, DDS will assign the tenant the IP address of this subnet to connect to the database. The DDS instance runs in a tenant independent virtual private cloud, which can improve the security of the DDS instance.
Storage Isolation
Storage resources are allocated according to the tenant dimension, and each tenant's instance is independent of other tenant's instances, with resource isolation and no impact on each other.
Access Control
When tenants create a DDS instance, the system defaults to synchronously creating a database master account for the tenant, which allows the tenant to operate the DDS instance database they have created. Tenants can create users with other permissions based on business needs to achieve permission separation. When tenants create a DDS instance, they can restrict the inbound and outbound rules of the security group where the database instance is located through VPC, thereby controlling the network range that can connect to the database.
Encrypted Transmission
The DDS instance supports SSL encrypted transmission of database. Tenants can download the certificate from the tenant console and provide it when connecting to the database to authenticate the database server and achieve encrypted transmission.
Automatic Backup and Manual Backup
DDS supports automatic backup and manual backup. The automatic backup feature is enabled by default. When the database fails or the data is damaged, the database can be restored through backup. Users can set the number of historical backups to retain based on the size of data volume and backup space, or manually create backups according to their own needs.
Instance Disaster Recovery
DDS supports the high availability of clusters. When tenants select the active/standby instance types, if a single node fails, DDS will automatically route services to other nodes to achieve high availability.
Data replication
DDS supports the deployment of highly available instances (sharded cluster and replica set). Tenants can choose to deploy highly available instances in single- or multi-AZs. When tenants select highly available instances, DDS will actively establish and maintain synchronous replication of the database. In the event of the primary node fails, DDS will automatically promote the secondary node to the primary node to achieve high availability.
Data Deletion
When tenants delete the DDS instance, the data stored in the database instance is deleted, and no one can view or recover the data.