The network deployment of crucial businesses generally requires isolation among private, public and administrative networks. Data security and network isolation can be ensured through different routing and security group policies. Three ENIs on different subnets can be bound to the CVM server to achieve such an isolation.
• In other words, three auxiliary ENIs on three different subnets can be configured for the server in VPC, and the three subnets are used for data transfer on the private network, service offering on the public network and administration on the private network.
• Each ENI can be bound with different security group policies for differentiated security policy control of different networks, ensuring the security of the server and the private network.
• Each subnet can be configured with different routing tables, allowing each ENI to have its own routing policy. For example, if the route of the data transfer subnet on the private network is set to point to private traffic such as Direct Connect gateway, VPN gateway or VPC Peering Connection, and the route of the subnet where the public ENI resides is set to point to public traffic such as NAT gateway or public gateway, then the private and public networks can be isolated from each other.
• Different network ACL policies can be configured for the private, public and management networks to implement a 3-layer security policy control for subnets.