DocsICP FilingConsole
官方文档
首页

Cloud-native applications

更新时间:
复制 MD 格式
产品详情
我的收藏

Secure Access Service Edge (SASE) provides network connectivity for cloud-native applications, allowing you to centrally view and manage public access points. When combined with a zero-trust policy, applications are accessible only through SASE, enhancing your security posture.

Background

The rise of cloud-native technologies and hybrid work models presents new security and operational challenges for traditional VPNs and public exposure management. SASE incorporates the zero-trust philosophy to enable application connection and public access reduction for services such as cloud databases, cloud middleware, and developer tools. By using the SASE client, users can connect without exposing public IP addresses. All access requests are proxied through SASE and evaluated against multi-dimensional criteria, including identity, device, and environment, to achieve stealth access and least-privilege authorization. This allows enterprises to centralize control over external service entry points, reduce the attack surface, and improve the security and efficiency of remote access.

How it works

Enterprises can use SASE to establish secure private connections for cloud-native applications. By combining a zero-trust policy with public access reduction, you can precisely control access permissions and ensure that only authorized users connect through the SASE App. This enables application-level stealth access and security control.

View and configure cloud-native applications

Supported cloud-native applications

  • Cloud storage: Object Storage Service (OSS).

  • Cloud Network: PrivateLink.

  • Cloud Databases: RDS, PolarDB, Tair (Redis OSS-compatible), Lindorm, MongoDB, AnalyticDB for MySQL, AnalyticDB for PostgreSQL, ClickHouse, ClickHouse Enterprise Edition, SelectDB, PolarDB for Xscale, DMS, DAS, Bastionhost.

  • Cloud middleware: RocketMQ 5.0, Kafka, MSE registry, and MSE cloud-native gateway.

  • Development tools: Alibaba Cloud Management Console, Alibaba Cloud DevOps.

  1. Log on to the SASE console.

  2. In the left-side navigation pane, choose Private Access > Network Settings.

  3. On the Services on Alibaba Cloud > Cloud-native Application tab, you can view the cloud-native applications that SASE supports. SASE currently supports only certain applications in the cloud database, cloud middleware, and developer tools categories.

  4. In the All Cloud Apps area on the left, click a cloud-native application to view its details and perform the following operations.

    image

    • Application connection: In the Application Connection column of the application list, toggle the switch to enable or disable the connection.

    • View internet exposure risk: In the Internet Exposure Risk column of the application list, view the exposed public addresses.

    • Public access reduction: For applications with exposed public addresses, click Not Disabled in the Actions column to reduce public access.

      Note

      • For some cloud products, security policies or product limitations prevent you from directly disabling public access. In these cases, go to the product's console to configure an allowlist or denylist, or downgrade the configuration to reduce public access.

      • Disabling public access blocks all public connections, reducing exposure and enhancing security. This action is irreversible. You can still access the application through SASE. Ensure that you have configured and enabled a zero-trust policy for all cloud applications.

Related documents

Previous:Connect to resources in a CEN-attached VPCNext:Enable network connections for services outside Alibaba Cloud