Configure ISLP and security hardening

Information security level protection (ISLP) and security hardening secure the system and its confidential data.

Procedure

1. On the top navigation bar, click System.

2. From the left navigation pane, select Parameters.

3. Click the ISLP and Security Hardening tab.

4. Click Edit and then edit the parameters as needed.

5. Click Save.

Parameters

• Secure Mode: Select whether to enable the secure mode or not. You can enable secure mode only after you enable Mandatory HTTPS. You can create encrypted VMs only after the system is enabled with the secure mode. After you enable the secure mode, the following restrictions take effect:

• A storage volume can be used by only one VM.

• The login names of operators cannot be modified.

• An operator account can be used by only one user at a time.

• Users can access CAS only through HTTPS.

• If the security zone is configured, you cannot disable the secure mode.

• The security zone, secrecy policy, and security service workflows are available only when secure mode is enabled. If secure mode is disabled, those features are unavailable.

For a VM to access the VNC console, you must specify a VNC proxy server when the secure mode or mandatory HTTPS mode is enabled.

 

• Mandatory HTTPS: When secure mode is enabled, you can select whether to enable mandatory HTTPS mode. When this mode is enabled, you can access CVM only through HTTPS. To avoid task failure, do not edit this parameter when other tasks are running in the system.

 

• Root SSH Login Permission: Set whether to enable root SSH login permission on CVK hosts.

• If you enable this feature, operators can only add CVK hosts by using username root.

• If you disable this feature, operators can only add or log in to CVK hosts through SSH by using username sysadmin. The default password of user sysadmin is Sys@1234.

Changing the state of root SSH login permission switches the account used for login on all hosts managed by the system. When the system prompts for a password, enter the password of the correct account. If you have forgotten the password, you can enter a new password directly.