ECS Ali cloud server security group is a cloud server firewall, stateful packet filtering and monitoring functions. User division of the security domain in the cloud. Previously, only common security group, recently Ali goes on-line enterprise security group, ECS can add more server instances, resilient network card and private network IP addresses. While streamlining security group setting specifications, easier to use. Enterprise Security Group suitable for operation and maintenance efficiency, ECS examples of specifications and scale computing nodes have a higher demand for the scene.
First, Ali cloud server security group and general corporate security group comparison
Ordinary different security groups and corporate security groups to see the table below.
| Feature Comparison | Common security group | Enterprise Security Group |
| Supports all instances Specifications | Yes | No, the example network type must be a private network VPC |
| VPC's proprietary network support | Yes | Yes |
| Support Network Classic | Yes | no |
| Support priority setting rules | Yes | no |
| Support licensed to other security groups | Yes | no |
| Support manual settings to allow access to the secure set of rules | Yes | Yes |
| Support manually set rules deny access security group | Yes | No, the Enterprise Security Group default deny any access requests |
| Elastic support binding network card to any instance specifications | No, the example network type must be a private network VPC | No, but examples of the type of network must be a proprietary network VPC |
| The number of IP addresses that can accommodate private network | 2000 | 65536 |
| Default support the same security group within ECS instance exchange | Yes | No, you need a separate set of rules that you add security |
See more of the official documentation .
Limitations
Usage restrictions and quotas enterprise security group
| Feature Comparison | Common security group | Enterprise Security Group |
| Supports all instances Specifications | Yes | No, the example network type must be a private network VPC |
| VPC's proprietary network support | Yes | Yes |
| Support Network Classic | Yes | no |
| Support priority setting rules | Yes | no |
| Support licensed to other security groups | Yes | no |
| Support manual settings to allow access to the secure set of rules | Yes | Yes |
| Support manually set rules deny access security group | Yes | No, the Enterprise Security Group default deny any access requests |
| Elastic support binding network card to any instance specifications | No, the example network type must be a private network VPC | No, but examples of the type of network must be a proprietary network VPC |
| The number of IP addresses that can accommodate private network | 2000 | 65536 |
| Default support the same security group within ECS instance exchange | Yes | No, you need a separate set of rules that you add security |
