va-bastionhost-ec2 (52.77.110.183)堡壘機 上線時堡壘機會關機,四台DB會將安全群組(va-bastionhost-sg)堡壘機拿掉,需要登入的時候才會加回去 並且不會讓任何人登入Master的機器,要登入只會登入slave機器 底下四台output流量關閉 input流量只會留特定port ``` 輸出規則 netsh advfirewall firewall add rule name="Block All Outbound Traffic" dir=out action=block 輸入規則 netsh advfirewall firewall add rule name="Allow RDP Inbound" protocol=TCP dir=in localport=3389 action=allow netsh advfirewall firewall add rule name="Allow SQL Server Inbound" protocol=TCP dir=in localport=17888 action=allow ``` ``` netsh advfirewall firewall add rule name="HTTP" protocol=TCP dir=in localport=80 action=allow ``` va-prod-mssql-publisher-ec2(13.213.99.227) now:r6in.8xlarge 32CPU 256G new:r6in.16xlarge 64CPU 512G 暫時備份都還是會在Master這台 備份排成設定 (丁丁) 上傳備份到s3排成設定 問題:詢問廠商對外流量關閉需要傳檔案到s3 那這樣要開特定的port傳到s3上面 的port要開多少 va-prod-mssql-subscriber1-ec2 (r6in.4xlarge)(16CPU 128G) va-prod-mssql-subscriber2-ec2 (r6in.4xlarge)(16CPU 128G) va-prod-mssql-subscriber3-ec2 (r6in.4xlarge)(16CPU 128G) 先降回4CPU --- 6/20 維護 四台data-e 規格都調成 12000 IOPS 1000M