Data Security
In order to protect data, the following must be taken into account and implemented. ⚠️⚠️⚠️
Data Backup
-
In [Standalone Deployment] mode, you can execute the command
cat /etc/pdcaptain.json
on the deployment server or execute the commandcat service.sh | grep installDir=
in the root directory of the manager to view the data directory. You can set timed tasks to back up the data directory, and it is also recommended to take regular snapshots of the server. -
In [Cluster Deployment] mode, you need to back up the data directory of data storage server and middleware server regularly, and it is also recommended to take regular snapshots of these two types of servers. If the system is deployed by HAP's team, the delivery documentation provided by HAP will describe the data directory.
Access Policy
-
The deployment of HAP relies on the manager (especially for standalone deployments). The manager listens to port 38881 by default, and it provides later online upgrades, reboots, etc., in addition to assisting with the initial installation. Generally, 38881 does not need to be accessed and used by anyone other than operations and maintenance staff, so it is recommended that access policies be set for 38881 after the deployment is complete.
-
If you need to connect and access the storage components through external clients, you need to set up a whitelist for the exposed ports, especially for cloud server deployments. If the common ports (e.g. MySQL: 3306, MongoDB: 27017) are exposed to the Internet with weak passwords, it is unsecure. In addition to data leakage, it is also easier to be hacked. The attacker may delete data from the database (usually a README file will be left to prompt you to pay to retrieve the data).
Strong Password
- Strong password indicates the authentication requirements for HAP system to connect to various storage components, such as MySQL, MongoDB, Redis and other components, which also strengthens protection in cases where there is a need to expose ports to the public.