Access Management
When deploying and managing Server Disaster Recovery (SDR) on VNG Cloud, setting up access and authorization policies (IAM) is very important to ensure security and tight control of DR-related activities. Refer to the article below to manage access and authorization on SDR.
1. Endpoint list
Level | Action | Describe |
Write | DrPairAttachServer | Add master server to DRC |
Write | DrPairStartReplication | Initiate the copy process |
Write | DrPairTestFailover | Failover test |
Write | DrPairChangeRecoveryPoint | Change Recovery Point |
Write | DrPairCleanTestEnvironment | Delete failover test environment |
Write | DrPairCommitFailover | Confirm failover |
Write | DrPairDetachServer | Delete pairing information |
Write | DrPairFailover | Failover |
Write | DrPairRestartReplication | Restart the copy process |
Write | DrPairResumeReplication | Continue copying |
Write | DrPairStopReplication | Pause copying |
List | ListDrPairs | View pairing list |
Get | GetDrPair | View pairing details |
Get | GetDrPairHistory | View pairing operation history |
Get | GetDrPairRecoveryPoints | View recovery point list |
2. List of VNG Managed DR Policies
VNG Managed Policy is an IAM Policy created by default by the VNG Cloud IAM system. These Policies are managed by VNG Cloud itself to support users in quickly setting up the necessary access rights for IAM user accounts for resources of each specific Product. Let's find out the list of VNG Managed Policies for DR:
DRFullAccess: Includes full access to Disaster Recovery Center resources
DRReadOnlyAccess: Includes Read access only on resources in the Disaster Recovery Center system
3. Get Started Using IAM with DRC
This guide is intended to guide users to quickly start using IAM in DRC services by using the default permissions (defined by VNG Cloud Managed Policies) for the DRC system called DRFullAccess. However, the features and services at DRC are linked and inherited from vServer, so to be able to delegate permissions on DRC, you need to pay attention to the corresponding permissions of vServer (permissions on Server, Volume, ...)
3.1 Access IAM Console
Open your web browser and go to the IAM Console URL: https://hcm-3.console.vngcloud.vn/iam/
Log in as a Root User Account or a User Account with access granted. You will need to provide a username/email and password when logging in.
Once signed in, you'll see the IAM Console interface, which provides an overview of your IAM configuration.
3.2 Create a new IAM User Account
Click "Create user" in the left menu.
Click "Create a user account."
Enter your user account details, including username and password.
Review the settings and click "Create user account" in the upper right corner.
3.3 Accessing the DRC Portal with an IAM User Account
Open your web browser and go to the DRC website URL here:
Remember to log out of the Root User account and Log in with the IAM User Account created in step 2.
Once logged in, you will see an overview of the DRC website but will not have access to any features.
Note:
The IAM User account created in step 3.2 currently does not have permissions to perform actions on the DRC service.
To grant permissions to the above IAM User Account, refer to the instructions in Step 3.4 below . Note that this guide provides an example of DRFullAccess and vServerFullAccess.
3.4 Assign Permissions to IAM Accounts
Open your web browser and go to the IAM Console URL: https://hcm-3.console.vngcloud.vn/iam/
Log in as the Root User account . You may need to provide a username and password or use other authentication methods such as single sign-on (SSO) if configured.
Once signed in, you'll see the IAM Console interface, which provides an overview of your IAM configuration.
Click on "User account" in the left menu.
Search for an IAM user account by entering the username in the search box.
Click the line containing the IAM user account information in the search results.
By default, you will see the " Permission " tab on the IAM user account details page.
Click on the " Attach policies " button and then you will see a dialog box appear containing all the Policies.
Search for the DRFullAccess and vServerFullAccess policies by entering their exact names in the search box.
Tick the found result and click the "Attach" button in the lower right corner of the dialog box.
5. Re-access the vServer Portal with the IAM User Account
Re-access the DRC Portal by following the instructions in Step 3.3, and then you can access all the features on the DRC after assigning the DRFullAccess and vServerFullAccess policies to the IAM user account.
Last updated