How Can I Configure Network Security for SMS?
You need to install the Agent on the source server to be migrated. During the migration, the source server needs to communicate with the SMS service and the destination server.
Source Server Network Requirements
- SMS depends on some HUAWEI CLOUD services. During the migration, ensure that the Agent on the source server can call the APIs of the services that SMS depends on in the region where the target ECS is located. You can view the URLs of the dependent services in the cloud-region.json file in the SMS-Agent/config directory. Figure 1 lists the URLs to be opened when the target ECS is located in the CN North-Beijing1 region.
- If DNS cannot be configured for the source server, you need to enable the IP address corresponding to the URL. The IP address of each API can be obtained by running the ping url command. Figure 2 shows an example of opening the IP address.
Target Server Network Requirements
- If the target ECS runs a Windows OS, enable ports 8899 and 8900. If the target ECS runs a Linux OS, enable port 22.
- If a network ACL is configured for the target ECS, and the network ACL is associated with the subnet where the destination ECS resides, you need to enable the corresponding ports in the network ACL.
For details about how to configure the security group rules for a VPC, see How Can I Configure the Security Group Rules for Target ECSs?