To ensure infrastructure security, HUAWEI CLOUD's data centers feature high security, high availability, and high reliability. The HUAWEI CLOUD service platform is designed, developed, and deployed in compliance with rigorous security standards. The platform leverages best practices in the industry, as well as Huawei's advanced technologies and extensive telecommunications experience.
Physical Device and Environment Security
HUAWEI CLOUD prepares complete security protection policies, procedures, and measures for physical devices and environments. These materials meet the Class-A requirements stipulated in GB 50174 Code for Design of Electronic Information System Room, as well as T3+ requirements stipulated in TIA 942 Telecommunications Infrastructure Standard for Data Centers.
All HUAWEI CLOUD data centers must be built in appropriate locations, with equipment rooms and information system components properly arranged during design, construction, and operation. These measures protect physical devices and environments against unauthorized access and potential hazards, such as fire and electromagnetic leakage. Sufficient physical space, as well as power, network, and cooling capacity are also necessary for quick infrastructure expansion.
The HUAWEI CLOUD O&M team strictly adheres to access control and security protection measures, routine monitoring audits, and emergency response procedures, ensuring the security of physical devices and environments.
HUAWEI CLOUD divides and isolates networks into security zones and planes based on the security zone division principles in ITU E 408 and industry best practices in network security. Nodes in the same security zone have the same security levels and mutual trust relationships. Taking network architecture design, device selection, and system O&M into consideration, HUAWEI CLOUD leverages multi-layer security isolation, access control, and border protection technologies on its network. In addition, HUAWEI CLOUD strictly complies with the required management and control measures to ensure network security.
Cloud Platform Security
HUAWEI CLOUD uses the unified virtualization platform (UVP) developed by Huawei as the host OS. UVP is a key technical platform based on Huawei's cloud DC solution. UVP converts physical server resources, such as CPU, memory, and I/O, to a group of logical resources that can be centrally managed, flexibly scheduled, and dynamically allocated. Based on these logical resources, Huawei UVP constructs multiple isolated virtual machines (VMs) that can simultaneously run on a single physical server. To ensure host system security, Huawei hardens service security and tailors host OSs to retain only the components necessary for required services. UVP isolates host OSs from client OSs by leveraging CPU, memory, and I/O isolation technologies. UVP also uses different permissions for Hypervisor and client OSs to ensure the security of resources on the platform.
Data security refers to all-directional protection of confidentiality, integrity, availability, durability, certification, authorization, and non-repudiation of users' data assets. HUAWEI CLOUD highly values the data assets of cloud service users and considers data security the core of Huawei cloud security policies. HUAWEI CLOUD follows industry best practices in identity authentication, permission management, data isolation, transfer security, storage security, data deletion, and physical data destruction. This effectively protects users' data by ensuring that users' privacy, ownership, and control over their data cannot be infringed upon.