LogoLogo
Our ServiceOther service
English
English
  • 🇬🇧VNG Cloud Help Center
  • Overview
    • About VNG Cloud
    • Product Updates (All)
      • 2024
  • vServer
    • Compute
      • What is vServer?
      • Announcements and updates
        • 2024
        • 2023
      • Getting started
        • UserData
      • Quota Limit
      • Instance
        • Connect to virtual server
          • Connecting a Windows Server by Remote Desktop (RDP)
          • Connecting to a Linux server by SSH Client
        • Flavor
        • Instance Lifecycle
        • Create an instance by using the wizard
        • Resize Instance
        • Restart Instance
        • Compute Encryption Volume
          • Using Compute Encryption Volume
      • Placement Group
      • Image
      • Network
        • Virtual Private Cloud (VPC)
        • DHCP Options Sets
          • DNS Server IP Address
        • Instance IP Address
        • Floating IP
        • External Interface
        • Virtual IP
        • Route Table
        • Peering
        • Test Internet Speed
        • Network ACL
        • Bandwidth
          • Package Bandwidth VNG Dedicated
          • Package Bandwidth Pay As You Go
          • Package Bandwidth Share
          • Package Bandwidth Dedicated
          • Payment Methods
      • Interconnect
        • Starts with Interconnect
        • Interconnect Features
        • Location connect and Bandwidth
        • Multicloud-Connection
        • Connections
          • Create a Dedicated Connection
          • View connection information
          • Update Connection
          • Delete Connection
        • UseCase
          • Multicloud Interconnect
          • Hybrid Interconnect
          • VPN Interconnect
          • Using a combination of Interconnect connection methods
      • Volume
        • Extend volume with Linux OS
        • Extend Volume with Windows OS
        • Volume Types
        • Check the IOPS performance
        • Convert Volume Type
      • Snapshot
        • Activate Snapshot
        • Create Snapshots
        • View Snapshot Information
        • Roll back VM by using a snapshot
        • Roll back a disk by using a snapshot
        • Delete Snapshot
        • How to calculate a Snapshot Service Charges
        • Disable Snapshot Service
        • UseCase Snapshot
          • Disaster Recovery
          • Develop and testing
          • Backup and restore the system periodically
          • Migrate data and applications between environments
          • Resist attacks from Hackers or malware infections
        • Share Snapshots
      • Security
        • SSH Key (Key pairs)
        • Security Groups
      • vBackup
        • Create backups for VM with policy
        • Create backups immediately (Back now)
        • Automatic Backup
        • Changing the backup policy
        • Restore Backup
        • Delete Backup
        • Backup Policies
          • Create, edit, delete backup policies
          • Schedule Structure of the Policy
      • Load Balancer
        • Deployment mode
        • Feature Comparison
        • Application Load Balancer
          • How it works (ALB)
          • Getting Started
          • Manage Load balancer
          • Listener
            • Add a HTTP listener
            • Add a HTTPS listener
            • Update & Delete a Listener
            • Listener Policies
            • Client Certificate Authentication
            • Config IP whitelist to load balancer
            • Config timeout
          • Certificate
            • Upload a certificate
          • Pool
            • Add & Update a Pool
            • Pool Members
              • Attach pool members
            • Config health check setting
            • Enable sticky session
            • Enable TLS encryption
            • Pool's algorithm
        • Network Load Balancer
          • How it works (NLB)
          • Getting Started (NLB)
          • Manage Load Balancer (NLB)
          • Listener (NLB)
            • Add a TCP Listener
            • Add a UDP Listener
            • Update & Delete Listener (NLB)
            • Config IP whitelist to load balancer
            • Config timeout
          • Pool
            • Add & Update a Pool
            • Pool Members
              • Attach pool members
            • Config health check setting (NLB)
            • Pool's algorithm
          • Common use cases
            • Config protocol Proxy with member Nginx
        • Monitor your load balancers
          • Metrics
          • Logs
        • Security
      • APIs & IaC
      • Terraform
        • Install Terraform
        • Manage vServer with Terraform
        • Manage vLB with Terraform
        • Reference Document
        • Argument Intergration with Terraform
      • Identity and Access Management (IAM) for vServer
        • Actions, resources, and required conditions for vServer Access Decentralization
        • Use Cases IAM
      • Pricing
    • vMarketplace
      • Third-party integration
      • Application Software Installation
        • Create & Install App
      • Network Software Installation
        • Juniper vSRX on HCM03
          • Create Juniper vSRX
          • Routing IP Range within VPC
        • Pfsense on HCM03
          • Create Pfsense App
          • Routing IP Range within VPC
          • VPN Client to Server
          • VPN Site to Site
            • Pfsense - AWS Cloud
          • Troublehooting - Disconnect network
          • Notice & Limitation
          • MTU & “DF flag” best practice on VNG Cloud
  • vStorage
    • Object storage
      • Object storage (HCM03, HAN01)
        • What is vStorage?
          • What is Region?
          • What is Farm?
          • Unit of Measurement
        • Announcements and Updates
        • Getting Started with vStorage
          • Step 1: Create a project
          • Step 2: Create a container
          • Step 3: Upload an object
          • Step 4: Download an object
          • Step 5: Copy Object to a Directory
          • Step 6: Delete the object and container
        • Features of vStorage
          • Working with projects
            • Projects overview
            • Project naming rules
            • Create a project
            • Viewing project properties
            • Resize a project
            • Renew a project
            • Auto-renew a project
            • Delete a project
            • Restore a project
            • IP Range ACLs for a project
          • Working with containers
            • Containers overview
            • Containers naming rule
            • Create a container
            • Viewing container properties
            • Search containers
            • Versioning container
            • Make container public
            • Make container private
            • ACLs for a container
            • CORS for a container
            • Container lifecycle
            • Delete a container
            • IP Range ACLs for a container
          • Working with directories and objects
            • Objects overview
            • Objects naming rule
            • Upload objects
            • Viewing directory and object properties
            • Search directories and objects
            • Share objects
            • Move objects
            • Copy objects
            • Rename an object
            • Set tags for objects
            • Set metadatas for objects
            • Download objects
            • Delete objects
            • Working with directories
          • Working with report
            • View summary reports across all regions
            • View summary reports on a specific region
            • View summary reports on a specific project
          • Working with trial project
          • Working with POC project
          • Working with vBackup project
          • Working with Archive project
        • Identity and Access Management
          • Managing vStorage access account
            • Root User Account
            • IAM User Account
              • Create an IAM User Account
              • Create Policies for IAM User Account
              • Attach Policies with IAM User Account
              • Delete an IAM User Account
            • Service Account
              • Create a Service Account
              • Create Policies for Service Account
              • Attach Policies with Service Account
              • vStorage Credentials
                • Create a S3 key
                • Create a Swift user
                • Attach S3 Keys and Swift Users to the Service Account
                • Delete S3 key, Swift user
              • Delete a Service Account
          • Managing Access to vStorage Resources
            • Access Permissions and Working Through vStorage
            • Access Permissions and Working Through IAM
            • Features, vStorage Resources, and Access Permissions
            • Access Permissions and Working Through Root User Account
            • Access Permissions and Working Through IAM User Account
            • Access Permissions and Working Through Service Account
        • 3rd Party Softwares
          • S3cmd
            • Integrating S3cmd with vStorage
            • Using S3cmd
          • Cyberduck
            • Integrating Cyberduck with vStorage
            • Using Cyberduck
          • Rclone
            • Integrating Rclone with vStorage
            • Using Rclone
          • Swift Client
            • Integrating SwiftClient with vStorage
            • Using SwiftClient
          • S3 SDK
            • Integrating S3 SDK with vStorage
            • Using S3 SDK
          • MinIO Client (MC)
            • Integrating MinIO Client with vStorage
            • Using MinIO Client
          • S3 Browser
            • Integrating S3 Browser with vStorage
            • Using S3 Browser
          • AWS CLI
            • Integrating AWS CLI with vStorage
            • Using AWS CLI
        • Resource Quota
        • Feature Limitations
        • Charging Fee
          • Charging for prepaid users
          • Charging for postpaid user
        • Monitoring vStorage
          • Monitoring vStorage Through Metrics
          • Monitoring vStorage Through Logs
        • Security
          • Access Control
          • Data in Transit Security
          • Data Security stored on vStorage
        • Usecase
          • Migrate data
            • [Rclone] Mount vStorage as Local Drive on Linux
            • [Rclone] Mount vStorage to Window server
            • [Rclone] Sync data from AWS S3 to vStorage
          • Optimize performance
        • API developers
          • vStorage API
            • Integrating vStorage API
            • Using vStorage API
          • vStorage Swift REST API
            • Integrating Swift REST API
            • Using Swift REST API
        • Storage gateway
          • Create and Use Storage Gateway
          • Replacing Fileserver with Gateway Application
      • Object storage (HCM04)
        • Getting Started with Object storage
          • Step 1: Create a project
          • Step 2: Create a bucket
          • Step 3: Upload/ Download objects
          • Step 4: Create a S3 Key
          • Step 5: Integrate 3rd party softwares with vStorage
          • Step 6: Use 3rd party softwares to action on vStorage
        • Features of Object Storage
          • Working with project
          • Working with bucket
            • Working with buckets via vStorage Portal
              • Bucket Versioning
              • Object Lock
              • Bucket Policy
              • Bucket ACLs
              • Bucket CORS
              • Bucket Event Notification
              • Bucket Lifecycle
            • Working with buckets via 3rd party software
          • Working with objects and directories
            • Working with objects and directories via vStorage Portal
            • Working with objects and directories via 3rd party software
          • Working with reports
        • Resource Quota
        • Access Management
          • Working with Root User Account
          • Working with IAM User Account
          • Working with Service Account
          • Working with S3 Keys
          • Limitation
        • API Developers
        • 3rd party softwares
          • S3cmd
            • Integrate S3cmd with vStorage
            • Using S3cmd
          • Cyberduck
            • Integrate Cyberduck with vStorage
            • Using Cyberduck
          • Rclone
            • Integrate Rclone with vStorage
            • Using Rclone
          • S3 SDK
            • Integrate S3 SDK with vStorage
            • Using S3 SDK
          • S3 Browser
            • Integrate S3 Browser with vStorage
            • Using S3 Browser
        • Use case
          • Migrate data
            • [Rclone] Mount vStorage on Window server
            • [Rclone] Mount vStorage as Local Drive on Linux
            • [Rclone] Sync data from AWS S3 to vStorage
        • Charging Fee
    • Filestorage
      • What is FileStorage?
      • Announcements and Updates
      • Getting Started with FileStorage
        • Create a Public NFS File Storage
        • Create a Private NFS File Storage
        • Create a Private SMB File Storage
          • Create a Private SMB File Storage without Active Directory
          • Create a Private SMB File Storage with Active Directory
          • Create a Private SMB File Storage without Active Directory
          • Create a Private SMB File Storage with Active Directory
      • Features of FileStorage
        • Create a File Storage
          • Create a NFS File Storage
          • Create a SMB File Storage without AD
          • Create a SMB File Storage with AD
        • Edit a File Storage
        • Resize a File Storage
        • Delete a File Storage
      • Specifications
      • Access Management
        • File Storage features, resources, and access
      • Resource Quota
      • Charging Fee
    • Backup with Veeam
      • Getting started with Veeam
        • Step 1: Install Veeam Backup & Replication
        • Step 2: Initialize Repository
        • Bước 3: Create Job backup
        • Step 4: Data Recovery on Veeam
      • Features of Veeam
      • Access Management
      • Charging Fee
      • Monitoring Service
      • Security
      • Use case
      • Glossary
  • Backup Center
    • Announcements and Updates
    • Cloud Backup
      • Get Started with Backup Server
      • Backup Location
        • Create and Manage backup locations
      • Backup Server
        • Create Backup Plan (Backup Server)
        • Create Backup Server Point
        • Backup Server Point Management
        • Restore resources
        • Change backup policy
        • Change backup location
      • Backup Policy
      • Pricing
      • Use case
        • Migrate backup server from vStorage to Vault (backup location)
    • Disaster Recovery Center (DRC)
      • Operating model
      • Server Disaster Recovery (SDR)
        • Getting Started with SDR
        • SDR Management
          • Automatically activate Snapshot
          • Attach a Server
          • Start Replication
          • Periodic Backup and Recovery Point
          • Test Failover
          • Failover
          • Stop & Resume Replication
          • Restart Replication
          • Recovery Point Retention
        • Pricing
        • Access Management
        • Security
        • Monitoring
        • Service Limits
  • vMonitor Platform
    • What is vMonitor Platform?
      • What is vMonitor Platform Metric?
        • Metric Quota Class
      • What is vMonitor Platform Log?
        • Log Project Class
      • What is vMonitor Platform Synthetic?
        • Synthetic Test Quota Class
    • Announcements and Updates
      • Announcement and Instructions on Switching Packages on the vMonitor Platform
    • Getting Start with vMonitor Platform
      • Getting Start with Metrics
      • Getting Start with Logs
      • Getting Start with Synthetic
    • Features of vMonitor Platform
      • Dashboard
        • Widget
          • Line
          • Bar
          • Stack area
          • Pie
          • Number
          • Table
          • Log search
        • Query
          • Metric query
          • Log query
        • Variable, Save Querying and View
      • Notification
        • Working with SMS Notification Quota
        • Working with Email Notification Quota
        • Working with Notification
          • SMS
          • Email
          • Slack
          • Teams
          • Telegram
          • Webhook
      • Alarm
        • Metric Alarm
        • Log Alarm
      • Metrics
        • Working with Metric Quota
        • Working with Metric Agent
          • Installing Metric Agent on Server
            • Linux OS
            • Linux OS has internet connection limitations
            • Window OS
        • Working with Metric Information
        • Working with Product Metric
          • Working with vServer-Metric
          • Working with vLB-Metric
          • Working with vDB-Metric
          • Working with vStorage-Metric
        • Applications support integration
          • Kubernetes
        • Supported Metrics List
          • List Host's metrics
          • List vServer's metric
          • List vLB's metrics
          • List vDB's metrics
          • List vStorage's metrics
      • Logs
        • Working with Log Project Quota
        • Working with Log Agent
          • Prepare to initiate log push connection
          • Create a Certificate
          • Install Log Agent on OS
            • CentOS
            • Debian/ Ubuntu
            • Windows
          • Install Log Agent on Docker
          • Install Log Agent on Kubernetes
        • Working with Log Project
          • Archive
          • Refill
          • Log mapping
          • Field mapping
        • Working with Log search
          • Search logs
          • Export logs
        • Working with Log pipeline
          • Processor Groups
          • Processor
            • Grok Parser
              • Grok Patterns
            • JSON Parser
            • CSV Parser
            • Field Remapper
            • Date Parser
            • GEO IP Parser
            • User-agent Parser
        • Working with Log2metric
        • Working with Product Logs
          • Working with vLB-Log
          • Working with vStorage-Log
          • Working with vCDN-Log
      • Synthetics
        • Working with Synthetic Test Quota
        • Working with Synthetic API Test
          • API Test with HTTP(s)
          • API Test with Ping
          • API Test with TCP
        • Working with Location
          • Public location
          • Private location
    • Identity and Access Management
    • Resource Quota
    • Pricing
    • Security
      • Access Permissions Security
      • Data Security During Transmission
  • VKS
    • What is VKS?
    • How VKS works?
    • Announcements and Updates
      • Release notes
    • Getting Started with VKS
      • Instructions for installing and configuring the kubectl in Kubenetes
      • Create a Public Cluster
        • Create a Public Cluster with Public Node Group
        • Create a Public Cluster with Private Node Group
          • Palo Alto as a NAT Gateway
          • Pfsense as a NAT Gateway
      • Create a Private Cluster
      • Expose a service through vLB Layer4
      • Expose a service through vLB Layer7
        • Automatically manage Certificates in VKS with Nginx Ingress Controller, Cert-Manager, and Let's Encr
      • Preserve Source IP when using NLB and Nginx LoadBalancer Controller
      • Integrate with Container Storage Interface (CSI)
      • Upgrading Control Plane Version
      • Upgrading Node Group Version
      • Use Terraform to create a Cluster and Node Group
      • Working with NVIDIA GPU Node Group
    • Clusters
      • Public Cluster and Private Cluster
      • Upgrading Control Plane Version
      • Whitelist
      • Stop POC
    • Node Groups
      • Auto Healing
      • Auto Scaling
      • Upgrading Node Group Version
      • Lable and Taint
    • Network
      • Working with Application Load Balancer (ALB)
        • Ingress for an Application Load Balancer
        • Configure for an Application Load Balancer
        • ALB Limitation
      • Working with Network load balancing (NLB)
        • Integrate with Network Load Balancer
        • Configure for a Network Load Balancer
        • NLB Limitation
      • CNI
        • Using CNI Calico Overlay
        • Using CNI Cilium Overlay
        • Using CNI Cilium VPC Native Routing
      • Load Balancer
        • Using Network Load Balancer
        • Using Application Load Balancer
      • Auto Scaling
      • Fleet Management
    • Storage
      • Working with Container Storage Interface (CSI)
        • Integrate with Container Storage Interface (CSI)
        • CSI Limitation
    • Security Group
    • Migration
      • Migrate Cluster from VKS to VKS
      • Migration Cluster from vContainer to VKS
      • Migrate Cluster from another platform to VKS
      • Migrate Limitation
    • Working VKS with Terraform
    • Monitoring
      • Metrics
    • Charging Fee
    • Reference
      • Kubernetes versions
      • Node Flavors
      • System Image
  • vDB
    • Relational Database Service (RDS)
      • Create a RDS Instance
      • Connect to RDS Instance
        • Connect to an RDS Instance via SSH Tunnel
      • Managing RDS Instance Information
      • Backing Up RDS Instance
      • Restoring RDS Instance
      • Managing Configuration Group in RDS Instance
      • Extend the usage period RDS Instance
      • Monitoring vDB with vMonitor Platform
      • Import Data into RDS Instance (MySQL/MariaDB) using mysqldump
      • Creating Read Replicas
      • Promote Read Relica to Standalone
      • vDB PostgreSQL - Supported Extensions
      • Configuring Replication with RDS (MySQL/MariaDB)
      • Attention & Limitations
    • MemoryStore Database Service (MDS)
      • Create MDS Instance
      • Connect MDS Instance
      • Manage MDS Instance
      • Manage MDS Config Group
      • Backup MDS Instance
    • Security (Bảo mật)
  • vCDN
    • Overview
      • What is CDN?
      • Overview Architecture
        • Network Architecture
        • Load Coordination Mechanism
        • Data Distribution Mechanism
          • PULL
          • PUSH
    • Getting Started with vCDN
      • Live Streaming
      • Video On Demand Streaming
      • Object Download
      • Web Accelerator
      • Transcoding and advanced features
        • Operating Model
        • Install Sigma Media Server
        • Use cases
          • Create Live Transcode Channel
          • Live Transcode combines recordings for later VOD playback
          • Create Simultaneous Restream Channels to Multiple Platforms (RTMP)
          • Transcode video files (MP4)
        • Sigma API developers
      • Using OBS Studio to Push Live Stream
    • Feature details
      • Security Link
      • CNAME
      • Cache Time
      • Development Mode
      • Origin
        • HTTP Origin
        • Object Storage S3
        • Host Origin
      • Optimize File Size
      • Cryptography
      • Caching
      • Automatically Redirect from HTTP to HTTPS
      • CDN Purge Cache
      • Page Rule
    • Access Management
    • Pricing
    • API Developers
    • Monitoring
    • Report
    • Security
      • Certificate Management
  • vCloudstack
    • Get Started with vCloudStack
      • Overview of features
      • Initialize VM on vCloudStack
      • Network Configuration
      • Load Balancer in vCloudStack
        • Create Application LB in vCloudStack
          • Listener for Application LB
          • Pool in vCloudstack
          • Certificate in vCloudstack
        • Create Network LB in vCloudStack
          • Listener for Network LB
          • Pool (NLB) in vCloudStack
        • Advanced Features
      • Volumes in vCloudStack
      • Backup in vCloudStack
      • Snapshots in vCloudStack
    • Get start with Admin Site
      • User Management
      • Access Management
      • Track resource usage information
      • Physical Infrastructure Monitoring
  • vContainer Registry
    • Getting Started
    • Repository
      • Create a repository
      • Edit quota limit
      • Manage image
      • Repository History
    • Repository user
      • Create repository user
      • Edit user information
      • Edit user permission
      • Refresh secret key
      • Change user status
  • vColocation
    • Accessing the vColo Customer Portal
    • Dashboard
    • Space list
      • View rack layout
      • View rack detail
      • Filter list
    • Ticket request
      • Open a ticket
      • Ticket list
  • DataSync
    • What is DataSync?
    • Announcements and Updates
    • Getting Start with DataSync
    • Features of DataSync
      • Create a Transfer Job
      • Run a Transfer Job
        • Run one time
        • Run schedule
      • Monitor Transfer Job Results
      • Stop a Transfer Job
      • Edit a Transfer Job
      • Xóa Transfer Job
      • Retry a Transfer Job
    • Identity and Access Management
      • Managing DataSync access account
        • Root User Account
        • IAM User Account
          • Create an IAM User Account
          • Create Policies for IAM User Account
          • Attach Policies with IAM User Account
          • Delete an IAM User Account
      • Managing Access to DataSync Resources
        • Features, DataSync Resources, and Access Permissions
        • Access Permissions and Working Through IAM
        • Access Permissions and Working Through Root User Account
    • Resoure Quota
    • Charging Fee
    • Monitoring
      • Monitoring DataSync Through Metrics
      • Monitoring DataSync Through Logs
    • Security
      • Data in Transit Security
      • Access Control
      • Data Security stored on vStorage
    • Usecase
      • Transfer data from Amazon S3 to vStorage
      • Transfer data from vStorage to vStorage cross account
      • Transfer data from vStorage to vStorage same account
  • vNetwork
    • Endpoint
      • Create Endpoint
      • Rename Endpoint
      • Delete Endpoint
      • View List of Endpoints
    • Public NAT Instance
      • Create NAT
      • Rename NAT
      • Delete NAT
      • Add/ Remove NAT Port
    • Cross Connect
      • Create Cross Connect
      • Create a VPC Connection
      • Delete Cross Connect
      • Resize Bandwidth
      • Bandwidth Packages
      • VPC Connection Conditions
      • UseCase
    • VPN (Virtual Private Network) Site To Site
      • Create VPN Site-to-Site
        • VPN Connect Condition
        • Add/Update/Delete more Site And Tunnel
        • Support IPSEC Configuration
      • Change VPN Bandwidth
      • VPN Packages
      • Delete VPN
      • Demo Site-to-Site VPN
      • FAQ
  • Key Management System
    • Customer Managed Key
    • VNG Cloud Managed Key
  • Service Health
  • Veka.ai
  • Identity and Access Management (IAM)
    • Getting Start with IAM
    • Common Usecases
      • Access control by job function
      • Access control to specific resources
      • Managing Resources with Terraform and Service Account
      • Use Deny permission to deny access
      • Authorization for access between root user accounts with Service Account Impersonate feature
    • IAM for VNG Cloud's Services
      • IAM for vServer
      • IAM for vStorage
      • IAM for vMonitor
      • IAM for DataSync
    • Types of IAM Identifiers
      • User Accounts
        • How to login to VNG Cloud
      • User Groups
      • Service accounts
      • vStorage Credential
      • Identity Providers
    • IAM Access Management
      • Access Management via Policy
      • VNG Managed Policy
    • Audit Logs Management
    • Limitation
    • Security for IAM
  • Billing & Payment
    • vConsole – Management channel for billing and resources
      • What is vConsole
      • Getting Started
    • What's Billing & Payment
    • Experience with Billing & Payment
      • Prepaid & Postpaid Users
      • Resource lifecycle management
        • Create resource
        • Resize resource configuration
        • Renew resource
        • Auto-renew resources - policy & terms
        • Recover resource
        • Delete resource
        • Resource POC
          • Converting resource from POC to Prepaid
      • Payment
        • Online payment
        • Payment of POC resources
        • Credit hold
        • Automatic invoice payment
        • Apply coupon at payment step
      • Invoice management
  • vCalculator - Service estimated tool
  • Partner Portal user guide
    • Partner Portal Overview
    • Partner Registration
    • Registration of Partner Discount
    • Registration of Partner's Customer
    • Set Up Discounts for Customers
    • Top up Credit for Customer
    • View Report on Partner Portal
    • DEAL Registration
    • View List of DEAL
    • View Detail Deal Information
    • Update Deal Stage
    • View Partner Discount by Deal
    • View Customer Discount by Deal
  • Getting start with VNG Cloud account
    • Register
    • Update Profile
    • Two-Factor Authentication (2FA)
    • Change Password Guide
    • Remove Account Guide
    • Change Phone Number Guide
  • FAQ
    • vServer
    • vStorage
    • vNetwork
    • vCDN
    • vDB
    • NTP server
    • DDoS
Powered by GitBook
LogoLogo

Address

  • VNG Corporation

Contact us

  • support@vngcloud.vn
  • 1900 1549

About us

  • About VNG Cloud
  • Get started our cloud
On this page
  • Initial Setup
  • IAM Use Case with vServer
  • vServer Permissions for User Groups
  • Assigning System Administrator Permissions to a User Group
  • Assigning Developer Permissions to a User Group
  • Assigning Support Permissions to a User Group
  1. vServer
  2. Compute
  3. Identity and Access Management (IAM) for vServer

Use Cases IAM

PreviousActions, resources, and required conditions for vServer Access DecentralizationNextPricing

Last updated 1 year ago

This article describes a simple business use case for IAM to help you understand how to implement the service to control user access to the VNG Cloud services you use. This example illustrates two ways that the company Example can apply IAM, including using VNG Cloud vServer.


Initial Setup

Sasha Nguyen and Alex Thompson are the co-founders of Example Company. When founding the company, they understood the importance of a robust identity access management system to protect their resources. They decided to implement Identity Access Management (IAM) for their organization to ensure that only authorized individuals could access the company’s resources and services.

First, Sasha and Alex created a VNG Cloud account (Root user account). They used this account to access the IAM service. Their account was attached to the AdministratorAccess policy, meaning they had full control over all company resources and services with the Root user account.

As the company expanded, Sasha and Alex began hiring employees for various positions. Sasha took on the responsibility of overseeing company operations, while Alex managed the engineering teams. However, they couldn't grant Root user account access to these employees, as it would exceed the authority of each job position. Therefore, they needed to provide employees with User accounts derived from the Root user account on the IAM homepage with specific permissions to access and use the resources.

First, they identified the different roles within the company. For example, they had roles for developers, network administrators, database administrators, and support staff. Each role would have different access permissions to the company's resources and services. Sasha and Alex then created User accounts and user groups (Groups) corresponding to each role. These user groups would contain employees with similar access and roles, making it easier to manage access permissions for each group.

To manage access permissions, Sasha and Alex used IAM policies. They defined what each role and user group could and could not do. They assigned policies and roles to different groups to provide users with the correct level of access to VNG Cloud resources. They used VNG Cloud-managed policies for job functions in the IAM Management Console to create the following permission groups:

  • Administrator

  • Billing

  • Developers

  • Network administrators

  • Database administrators

  • System administrators

  • Support users

They then assigned these policies to User accounts or Groups with the corresponding roles and provided usernames and passwords for the User accounts to employees to access and use the resources.

To guide the implementation of the IAM Identity Center, Sasha and Alex referred to the comprehensive "" section in the VNG Cloud IAM User Guide. This step-by-step guide provided detailed instructions for initial configuration. Additionally, they consulted the "" section of the user guide to better understand how to grant user access within the IAM Identity Center.

As the innovative company continued to grow, Sasha and Alex remained diligent in reviewing and updating access permissions for each employee. They regularly adjusted access permissions and levels to ensure that employees had the appropriate access privileges for their roles and responsibilities within the organization or revoked them as needed.


IAM Use Case with vServer

vServer Permissions for User Groups

At Example, different user groups require different permissions:

Nhóm quyền

Phân quyền

Mô tả

System Administrator

vServerFullAccess

This user group typically requires extensive permissions to manage all aspects of the resources. They may need permissions to create and manage resources, configure networks, set up security controls, and manage IAM policies and roles. Therefore, they need permissions to create and manage Images, Servers, VPCs, Volumes, Security Groups, etc. Alex attached the managed policy vServerFullAccess to the System Administrators user group to grant its members permission to perform all actions on vServer.

Developer

ListServer, GetServer, StartServer, StopServer, RebootServer

Since they only need to work with the Servers, Alex created and attached a policy to the Developers user group that allows developers to invoke the following permissions: ListServer, GetServer, StartServer, StopServer, RebootServer.

Support

vServerReadOnlyAccess

They should not be able to perform any vServer actions except listing the existing vServer resources. Therefore, Alex created and attached a policy to the Support user group that only allows them to invoke vServerReadOnlyAccess.


Assigning System Administrator Permissions to a User Group

Taylor Smith was hired as a project manager, so he needs access to all company resources to manage access and deploy IT projects related to VNG Cloud infrastructure. Therefore, Alex granted Taylor a User account with vServerFullAccess permissions following these steps:

Step 1: Create a User Account in the IAM System

  1. Open the User account tab.

  2. Select "Create a user account."

  3. In the Account user name field, Alex entered the name for the User account as Sysad01.

  4. Enter the password for the User account in the Account password field.

  5. Then click "Create User Account."

At this point, Alex created a separate User account for Taylor with the following information:

  • User account: Username: Sysad01 ; Password: Asddehj

Step 2: Create a User Group

After creating the User account, Alex proceeded to create a user group:

  1. Select "Create a group."

  2. Alex entered the Group name as SysAd in the Name field and added a description in the Description field.

  3. Proceed to the next step. In the User field, Alex selected the Sysad01 User account to add to the Group.

  4. Then click "Create a Group."

A Group named SysAd will be created, including the User account: Sysad01.

Step 3: Assign Permissions to the User Group

Currently, IAM provides several default policies that help users quickly and efficiently set up access permissions. Therefore, for the SysAd user group, Alex added the vServerFullAccess policy following these steps:

  1. Click to view the details of the vServerFullAccess policy on the list page.

  2. Then, in the Policy usage menu, click Attach.

  3. In the Group tab, Alex selected the SysAd group and clicked Add.

After completing these steps, the SysAd group will include the User account Sysad01 with the vServerFullAccess policy.

Step 4: Access Resources Using the IAM Account (User account) After creating the User account: Sysad01, Alex granted this account to Taylor, who then used it to access the company's resources:

  1. On the login screen, select "SIGNIN WITH IAM USER ACCOUNT."

  2. Enter the Root email information: Admin@vngcloud.vn, User name: Sysad01, Password: Asddehj.

  3. The screen will navigate to the vServer management page, where you can interact with the resources granted in the Policy assigned to the User account.


Assigning Developer Permissions to a User Group

Johnson Miles and Scott Enzi joined the company as Developers, so they need permissions to work with Servers, such as viewing the list, starting, or stopping Servers. However, they cannot create or change Server configurations and view billing information. Therefore, Alex granted them User accounts in the Devs user group with the Developer policy. Johnson and Scott can then use the User account username and password to access and use the granted resources:

Step 1: Create a User Account in the IAM System

  1. Open the User account tab.

  2. Select "Create a user account."

  3. In the Account user name field, Alex entered the name for the User account as Dev01.

  4. Enter the password for the User account in the Account password field.

  5. Then click "Create User Account."

At this point, Alex created two separate User accounts for Johnson Miles and Scott Enzi with the following information:

  • User account 1: Username: Dev01 ; Password: Asddehj1

  • User account 2: Username: Dev02 ; Password: Aseeeghe2

Step 2: Create a User Group

After creating the User accounts, Alex proceeded to create a user group:

  1. Select "Create a group."

  2. Alex entered the Group name as DevGroup in the Name field and added a description in the Description field.

  3. Proceed to the next step. In the User field, Alex selected the Dev01 and Dev02 User accounts to add to the Group.

  4. Then click "Create a Group."

A Group named DevGroup will be created, including the two User accounts: Dev01 and Dev02.

Step 3: Assign Permissions to the User Group

After creating the Group, Alex needed to create a policy to assign to the Group:

  1. Create a new policy by clicking "Create a Policy."

  2. In the Information screen, in the Name field, Alex entered the name of the Policy as Developers.

  3. Proceed to the Permissions step. Alex selected Product: vServer.

  4. In the Action field, Alex selected the permissions: ListServer, GetServer, StartServer, StopServer, RebootServer.

  5. Currently, Alex grants the Developer group permissions to all Servers, so he selected All Resources in the Resource field.

  6. Then click "Create Policy" to create the new policy.

  7. After that, on the Policy list page, select the newly created Developers policy.

  8. On the Policy detail page, select the Policy usage tab and click Attach.

  9. In the Group tab, Alex selected the DevGroup and clicked Add.

After completing these steps, the SysAd group will include the two User accounts Dev01 and Dev02 with the Developers policy.

Bước 4: Truy cập vào tài nguyên sử dụng IAM account (User account)

Sau khi tạo 2 User account: Dev01, Dev02, Alex đã cấp quyền sử dụng account này cho Johnson và Scott, họ đã sử dụng để truy cập vào tài nguyên của Công ty và sử dụng chúng:

  1. Tại màn hình Đăng nhập: chọn SIGNIN WITH IAM USER ACCOUNT

  2. Nhập thông tin Root email: Admin@vngcloud.vn, Username: Dev01 ; Pasword: Asddehj1 / Username: Dev02 ; Pasword: Aseeeghe2

  3. Màn hình sẽ điều hướng sang trang quản lý vServer, tại đây có thể thao tác vào các tài nguyên được cấp quyền trong Policy đã gán với User account.

Step 4: Access Resources Using the IAM Account (User account)

After creating the two User accounts: Dev01 and Dev02, Alex granted these accounts to Johnson and Scott, who then used them to access the company's resources:

  1. On the login screen, select "SIGNIN WITH IAM USER ACCOUNT."

  2. Enter the Root email information: Admin@vngcloud.vn, Username: Dev01 ; Password: Asddehj1 / Username: Dev02 ; Password: Aseeeghe2.

  3. The screen will navigate to the vServer management page, where you can interact with the resources granted in the Policy assigned to the User account.


Assigning Support Permissions to a User Group

Step 1: Create a User Account in the IAM System

  1. Open the User account tab.

  2. Select "Create a user account."

  3. In the Account user name field, Alex entered the name for the User account as Supo01.

  4. Enter the password for the User account in the Account password field.

  5. Then click "Create User Account."

At this point, Alex created a separate User account for Taylor with the following information:

  • User account: Username: Supo01 ; Password: Asddehj3

Step 2: Create a User Group

After creating the User account, Alex proceeded to create a user group:

  1. Select "Create a group."

  2. Alex entered the Group name as SupportGroup in the Name field and added a description in the Description field.

  3. Proceed to the next step. In the User field, Alex selected the Supo01 User account to add to the Group.

  4. Then click "Create a Group."

A Group named SupportGroup will be created, including the User account: Supo01.

Step 3: Assign Permissions to the User Group Currently, IAM provides several default policies that help users quickly and efficiently set up access permissions. Therefore, for the SupportGroup user group, Alex added the vServerReadOnlyAccess policy following these steps:

  1. Click to view the details of the vServerReadOnlyAccess policy on the list page.

  2. Then, in the Policy usage menu, click Attach.

  3. In the Group tab, Alex selected the SupportGroup and clicked Add.

After completing these steps, the SupportGroup will include the User account Supo01 with the vServerReadOnlyAccess policy.

Step 4: Access Resources Using the IAM Account (User account) After creating the User account: Supo01, Alex granted this account to Taylor, who then used it to access the company's resources:

  1. On the login screen, select "SIGNIN WITH IAM USER ACCOUNT."

  2. Enter the Root email information: Admin@vngcloud.vn, User name: Supo01, Password: Asddehj3.

The screen will navigate to the vServer management page, where you can interact with the resources granted in the Policy assigned to the User account.

A company like Example often uses IAM to interact with services such as VNG Cloud vServer. To understand this part of the use case, you need a basic understanding of VNG Cloud vServer. For more information on VNG Cloud vServer, see the .

Alex created a VNG Cloud account on the homepage: using the Root user account information: Admin@vngcloud.vn, password: 12345678@!

Navigate to the IAM homepage: using the Root user account to log in.

Open the Group tab at .

Open the Policy tab at .

Access the vServer dashboard at: .

Access the IAM homepage at: .

Open the Group tab at .

Open the Policy tab at .

Truy cập vào bảng điều khiển vServer tại:

Access the vServer dashboard at: .

Access the IAM homepage at: .

Open the Group tab at .

Open the Policy tab at .

Access the vServer dashboard at: .

Getting Started
Permission List for VNG Cloud Account Access
vServer User Guide
https://sso.vngcloud.vn/cas/login?service=https%3A%2F%2Fportal3.vngcloud.vn%2F
https://hcm-3.console.vngcloud.vn/iam/
https://hcm-3.console.vngcloud.vn/iam/user-groups
IAM Policies
VNG Cloud vServer
IAM Console
IAM User Groups
IAM Policies
https://hcm-3.console.vngcloud.vn/vserver/
VNG Cloud vServer
IAM Console
IAM User Groups
IAM Policies
VNG Cloud vServer