Enabling Container Security Protection

You can enable the container security edition for your containers.

To enable protection for a container node, you need to allocate a quota to the node. If the protection is disabled or the node is deleted, the quota can be allocated to another node.

Check Frequency

HSS performs a full check in the early morning every day.

After you enable server protection, you can view scan results after the automatic scan at 04:10 in the next morning.

Prerequisite

  • The Agent Status of a server is Online. To check the status, choose Host Security Service > Asset Management > Containers & Quota.

  • You have created a node on CCE.

  • The Protection Status of the node is Unprotected.

Procedure

  1. Log in to the management console.

  2. Click image1 in the upper left corner of the page, select a region, and choose Security > HSS. The HSS page is displayed.

  3. In the navigation pane, choose Asset Management > Containers & Quota.

    **Figure 1** Accessing the container node management page

    Figure 1 Accessing the container node management page

  4. Enable protection for one or multiple servers.

    • Enabling protection for a server

      1. In the Operation column of a server, click Enable Protection.

      2. In the dialog box that is displayed, confirm the information.

        Note

        A container security quota protects one cluster node.

      3. Confirm the information and click OK. If the Protection Status in the container list changes to Protected, it indicates the protection has been enabled.

    • Enabling protection in batches

      1. In the node list, select servers, and click Enable Protection above the list.

      2. In the dialog box that is displayed, confirm the information.

        Note

        A container security quota protects one cluster node.

      3. Confirm the information and click OK. If the Protection Status in the container list changes to Protected, it indicates the protection has been enabled.