Samsung Cloud Platform provides VPC services to support the use of a logically isolated, customer-dedicated private network space in the cloud environment.
VPC (Virtual Private Cloud) is a service that provides a logically isolated, customer-dedicated private network space in a cloud environment. Depending on the use case, you can create a General Subnet and a Local Subnet for communication between servers, and freely select NAT Gateway and Internet Gateway to configure various networks. You can create multiple VPCs and operate them independently. VPC Peering enables connectivity configuration between VPCs.

Service Architecture Diagram

Component

Subnet

A Subnet refers to the IP address range of a VPC. Depending on the purpose, use a General Subnet to create Subnets for Public or Private use. It is a service that lets users segment the network within a VPC to match their purpose and scale. Subnet provides a regular Subnet and a Local Subnet for communication between servers.

General Subnet Creation/Query/Deletion: When creating a VPC, a Subnet is created by default and can be used according to its purpose. For example, you can separate and use a Public Subnet that can access the Internet and a Private Subnet that cannot.
VPC Endpoint Subnet Create/Read/Delete: Access to the Samsung Cloud Platform is possible via a private connection from an external network linked to the VPC, enabling entry into the VPC.
Local Subnet Creation/Query/Deletion: It does not allow connections to other subnets or external access, and only permits direct connections between Virtual Server-Virtual Server or Bare Metal Server-Bare Metal Server, so it can be configured only for Virtual Server-Virtual Server communication within the VPC.

Subnet types

It denotes a Sub_network, an IP address space subdivided into smaller units for use in an IP network. Subnet types are divided based on how routing for the Subnet is configured.

type	Detailed description
Public Subnet	A Subnet that can access the internet can be configured using a General Subnet.
Private Subnet	A Subnet that cannot access the internet can be configured using a General Subnet.
VPC Endpoint Subnet	Subnet configuration that can be used for a VPC Endpoint
Local Subnet	Configure a subnet that cannot connect to other subnets or external networks.

Table. Subnet type

Internet Gateway

Create an Internet Gateway to connect it to a VPC, view its details, or delete an unused Internet Gateway. You can use an Internet Gateway to connect VPC resources to the Internet.
You can assign a Public IP to instances and load balancers that are connected to the internet, allowing external access.

NAT Gateway

You can create a NAT Gateway, connect it to a subnet, view its details, or delete an unused NAT Gateway.
To create a NAT Gateway for a subnet, you must first create an Internet Gateway and attach it to the VPC. When you create a NAT Gateway, internet access is allowed for all resources in the subnet. To restrict internet access, apply firewall rules.
A NAT Gateway can be created for the General type, and it is a service that maps a single representative public IP to a Virtual Server without a public IP NAT for outbound internet usage.

Public IP

If you want to use the same IP address each time you stop and start an instance, reserve a Public IP and use it.
This is a service that creates a desired public IP within the available Public IP Pool of Samsung Cloud Platform and assigns it to compute resources for use.
Compute resources assigned with the designated public IP will not have their IP changed even after reboot.

Port

Provides a connection point to attach a single device, such as a server’s NIC, to the network. This enables adding additional NICs beyond the default provision.

VPC Endpoint

Provides an entry point for the VPC that enables access to the Samsung Cloud Platform via a private connection from an external network connected to the VPC.

VPC Peering

You can communicate via IP through a 1:1 private route between VPCs. By default, peering is provided between VPCs in the same account, and only one connection is allowed between different accounts.

Private NAT

From compute resources within the VPC, you can use Direct Connect to map the customer’s IP and establish a connection.

Transit Gateway

Transit Gateway is a gateway service that easily connects the customer’s network with the Samsung Cloud Platform network and serves as a connection hub for multiple VPCs within the cloud environment.
Through the Transit Gateway, you can configure a variety of network topologies that meet customer requirements. Additionally, it provides independent firewall configurations and routing capabilities for each connected network segment, enabling thorough security management.

PrivateLink

It is a service that connects internal Samsung Cloud Platform data to a private path between the VPC and the SCP service without exposing it to the internet.

PrivateLink Service is for service providers, and PrivateLink Endpoint is for service users.

Constraints

Samsung Cloud Platform’s VPC limits the number of VPCs and subnets that can be created as follows.

Category	Default quota	Detailed description
VPC	5	Default VPC creation limit per account
VPC IP range	6	Number of IP range creation limits per VPC (default 1 + additional 5)
VPC Peering	5	VPC Peering creation limit per account
Subnet	3	Maximum number of default subnets per VPC
Private NAT	3	Default Private NAT creation limit per VPC
Transit Gateway	3	Maximum number of Transit Gateways per account
Transit Gateway connection from VPC	5	Maximum number of VPC connections per Transit Gateway (only the same account can be connected)

Table. VPC constraints

Prior Service

VPC has no prerequisite services.

1.1.1 - ServiceWatch Metrics

VPC - Internet Gateway sends metrics to ServiceWatch. The metrics provided by default monitoring are data collected at 5‑minute intervals.

Reference

For how to view metrics in ServiceWatch, refer to the ServiceWatch guide.

Basic Metrics

Internet Gateway

The following are the basic metrics for the Internet Gateway namespace.

The indicators whose names are shown in bold below are the indicators selected as major indicators among the basic indicators provided by Internet Gateway. Key metrics are used to configure service dashboards that are automatically built for each service in ServiceWatch.

Each metric provides guidance in the user guide on which statistical value is meaningful to query, and among the meaningful statistics, the values displayed in bold text are the primary statistics. In the service dashboard, primary metrics can be viewed using the primary statistical values.

Performance items	Detailed description	unit	Meaningful statistics
Network In Total Bytes_Internet	Cumulative traffic volume from Internet Gateway → VPC	Bytes	Total Average Maximum Minimum
Network Out Total Bytes _Internet	Cumulative traffic volume heading from VPC → Internet Gateway	Bytes	Total Average Maximum Minimum
Network In Total Bytes _Internet_Delta	Cumulative traffic volume over 5 minutes from Internet Gateway → VPC (Internet)	Bytes	Total Average Maximum
Network Out Total Bytes _Internet_Delta	Cumulative traffic volume over 5 minutes from VPC → Internet Gateway (Internet)	Bytes	Total Average Maximum Minimum

Table. VPC - Internet Gateway Basic Metrics

1.2 - How-to guides

Users can create the service by entering the required information for the VPC service and selecting detailed options through the Samsung Cloud Platform Console.

Create VPC

You can create and use a VPC service in the Samsung Cloud Platform Console.

To create a VPC, follow these steps.

Click the All Services > Networking > VPC menu. Navigate to the VPC’s Service Home page.

On the Service Home page, click the Create VPC button. You will be taken to the Create VPC page.

In the Service Information Input area, enter or select the required information.

Category	Required	Detailed description
VPC name	Required	Name of the VPC to create Enter using English letters and numbers, 3 to 20 characters
IP range	Required	IP range to use in IP range format `/16 ~ /28` enter within the range Example: `192.168.0.0/24`
Explanation	Select	Enter description for VPC

Table. VPC Service Information Input Items

Enter or select the required information in the Additional Information Input area.
Category
Required status
Detailed description
tag Select Add Tag
Up to 50 can be added per resource
After clicking the Add Tag button, enter or select Key, Value values
Table. VPC additional information input fields

Summary Check the detailed information and estimated billing amount generated in the panel, and click the Create button.
- Once creation is complete, check the created resources on the VPC List page.

Category	Required status	Detailed description
tag	Select	Add Tag Up to 50 can be added per resource After clicking the Add Tag button, enter or select Key, Value values

Check VPC detailed information

The VPC service allows you to view and edit the full list of resources and detailed information. The VPC Details page consists of the Details, IP Range Management, Tags, Activity Log tabs.

To view detailed VPC information, follow these steps.

Click the All Services > Networking > VPC menu. Navigate to the VPC’s Service Home page.
On the Service Home page, click the VPC menu. You will be taken to the VPC List page.

VPC List page, click the resource to view its details. You will be taken to the VPC Detail page.

VPC Details page displays status information and additional feature information, and consists of the Details, IP Range Management, Tags, Activity History tabs.

Category	Detailed description
status	VPC status Active: operating normally Deleting: deletion in progress Creating: creation in progress Error: unable to determine current status If it persists, contact the registered administrator
Service termination	Cancel service button If you cancel the service, the running service may be terminated immediately, so consider the impact of service interruption thoroughly before proceeding with the cancellation

Category

Detailed description

status

VPC status

Active: operating normally

Deleting: deletion in progress

Creating: creation in progress

Error: unable to determine current status
- If it persists, contact the registered administrator

Service termination

Cancel service button

If you cancel the service, the running service may be terminated immediately, so consider the impact of service interruption thoroughly before proceeding with the cancellation

Table. VPC status information and additional features

Detailed Information

VPC List page lets you view detailed information of the selected resource and edit it if necessary.

Category	Detailed description
service	Service name
Resource Type	Resource Type
SRN	Unique resource ID in Samsung Cloud Platform In VPC, it refers to the VPC SRN
Resource Name	VPC name
Resource ID	VPC’s unique resource ID
constructor	User who created the VPC
Creation date	VPC creation timestamp
Editor	User who modified the VPC information
Modification date and time	Timestamp of VPC information modification
VPC name	VPC resource name
VPC ID	VPC unique ID
External connection	External resource information
IP range	VPC IP range
description	VPC description Edit Click the icon to edit the description

Table. VPC detailed information tab items

IP range management

On the VPC List page, you can view and add the IP range information associated with the selected resource.

Category	Detailed description
IP range	Added IP range information
Creation date and time	IP range addition timestamp
Add IP range	Add IP range Enter within the range 0.0.0.0/16 - 0.0.0.0/28 Example: 192.168.0.0/16

Category

Detailed description

IP range

Added IP range information

Creation date and time

IP range addition timestamp

Add IP range

Enter within the range 0.0.0.0/16 - 0.0.0.0/28

Example: 192.168.0.0/16

Table. VPC IP range management tab items

Reference

When adding an IP range to a VPC, you cannot add it in the following cases.

IP range currently used in the VPC
In the VPC peering rule associated with the current VPC, the destination is the address range added to the peer VPC.
The address range added as a remote destination in the Direct Connect rule linked to the current VPC.
The address range whose destination was added as remote in the Transit Gateway rule attached to the current VPC.
The NAT IP range currently used by the Private NAT attached to the VPC

Category	Detailed description
Tag list	Tag list You can view the Key, Value information of tags Up to 50 tags can be added per resource When entering tags, search and select from the list of previously created Keys and Values

Job History

You can view the operation history of the selected resource on the VPC List page.

Category	Detailed description
Task History List	Resource Change History Check operation date and time, resource name, operation details, operation result, and operator information

Table. VPC operation history tab detailed information items

Terminate VPC

You can terminate unused VPCs to reduce operating costs.

Caution

A VPC cannot be deleted if it has associated Subnet, Internet Gateway, or Direct Connect resources.
You can only terminate when the VPC service status is Acrive or Error.
If you cancel the service, the currently operating service may be stopped immediately. Proceed with the cancellation only after fully considering the impact of the service interruption.

To terminate the VPC, follow these steps.

Click the All Services > Networking > VPC menu. Navigate to the VPC’s Service Home page.
On the Service Home page, click the VPC menu. You will be taken to the VPC List page.
On the VPC List page, select the resource to terminate, and click the Terminate Service button.
After termination is complete, verify on the VPC List page that the resource has been terminated.

1.2.1 - Subnet

Create Subnet

You can create and use the VPC Subnet service in the Samsung Cloud Platform Console.

To create a Subnet, follow these steps.

All Services > Networking > VPC Click the menu. Go to the VPC’s Service Home page.

On the Service Home page, click the Create Subnet button. You will be taken to the Create Subnet page.

In the Service Information Input area, enter or select the required information.

Category	Required	Detailed description
Subnet type	Required	Select Subnet type General: Can configure as Public or Private Local: Can be assigned by selecting either Virtual Server or Bare Metal Server A Local Subnet is a Subnet for communication only between servers and cannot communicate with the outside VPC Endpoint: VPC Endpoint can be configured
VPC name	Required	Select the VPC to which the subnet will be attached from the list of existing VPCs Click + Create New to create a VPC and then select it
VPC IP range	Select	Automatically input the CIDR range of the selected VPC
Subnet name	Required	Subnet name to create Enter using English letters and numbers, within 3 to 20 characters
IP range	Required	IP range to use in IP range format `/16 ~ /28` Enter within the range Example: `192.168.0.0/24` IP ranges cannot overlap with IP ranges (other subnets) already in use within the VPC
Gateway IP	Required	Display the Gateway IP address of the Subnet The first IP of the entered IP range is automatically filled in Cannot be modified after service creation

Table. Subnet service information input fields

In the Additional Information Input area, enter or select the required information.

Category	Required status	Detailed description
description	Selection	Enter description for Subnet
IP allocation range	Selection	You can set the range within the IP range to be used Select either the entire IP range or an individual specification Subnet sub-resources receive IP assignments from the entered entire IP range or from the individually specified range set by the user When selecting individual specification, enter the starting IP address and the ending IP address
DNS Name Server	Selection	After selecting Use, enter DNS Name Server IP.
Host path	Select	Use after selection, enter the host path Enter the destination IP range and Next Hop IP address Destination IP ranges must not overlap each other
tag	Selection	Add Tag Up to 50 can be added per resource After clicking the Add Tag button, enter or select Key, Value values

Table. Subnet additional information input fields

Summary Check the detailed information and estimated billing amount generated in the panel, and click the Create button.
- After creation is complete, check the created resources on the Subnet List page.

Check Subnet detailed information

The Subnet service allows you to view and edit the full resource list and detailed information. Subnet Details page consists of Details, Virtual IP Management, Tags, Activity Log tabs.

To view detailed Subnet information, follow these steps.

Click the All Services > Networking > VPC menu. Navigate to the VPC’s Service Home page.
Click the Subnet button on the Service Home page. You will be taken to the Subnet List page.

On the Subnet List page, click the resource for which you want to view detailed information. You will be taken to the Subnet Details page.

Subnet Details page displays status information and additional feature information, and consists of Details, Virtual IP Management, Tags, Operation History tabs.

Category	Detailed description
status	Subnet status Creating: Creation in progress Active: Operating normally Editing: Modification in progress Deleting: Deletion in progress Failed: State where creation failed Error: Current status unknown If it occurs continuously, contact the registered administrator
Delete Subnet	Subnet Delete Button

Category

Detailed description

status

Subnet status

Creating: Creation in progress

Active: Operating normally

Editing: Modification in progress

Deleting: Deletion in progress

Failed: State where creation failed

Error: Current status unknown
- If it occurs continuously, contact the registered administrator

Delete Subnet

Subnet Delete Button

Table. Subnet status information and additional features

Detailed Information

On the Subnet List page, you can view the operation history of the selected resource.

Category	Detailed description
Service	Service name
Resource Type	Resource Type
SRN	Unique resource ID in Samsung Cloud Platform In Subnet, it refers to the Subnet SRN
Resource Name	Subnet resource name
Resource ID	Unique resource ID in the service
constructor	User who created the Subnet
Creation date	Subnet creation time
Editor	User who modified the Subnet information
Modification date and time	Subnet information modification timestamp
Subnet type	Subnet type
VPC name	The VPC to which the subnet belongs
Subnet name	Subnet name
Subnet ID	Subnet unique ID
IP range	Used IP range
Gateway IP	Gateway IP address of the Subnet
DHCP IP	the second IP address among the used IP ranges Edit click the icon to edit
description	Subnet additional description Edit Click the icon to edit
IP allocation range	IP allocation range
DNS Name Server	Use DNS Name Server
Host path	Host route (destination IP range, Next Hop IP address) information

Table. Subnet detailed information tab items

Virtual IP Management

Subnet List page lets you view the virtual IP information of the selected resource, and you can reserve or delete it.

Category	Detailed description
Virtual IP reservation	Virtual IP usage reservation
Virtual IP	Virtual IP information Click the IP to go to the Virtual IP detail page
Public Nat IP	Public NAT IP information
Number of connected ports	Number of ports connected to the IP
Reservation date and time	Virtual IP reservation date and time
Return	Virtual IP Return button Select multiple items and click the Return button at the top of the list to return them in bulk

Table. Subnet Virtual IP Management Tab Items

Caution

If a Port or NAT IP is attached to a Virtual IP, it cannot be returned. Delete the attached resources first.
You can return the Virtual IP only when the Subnet status is Active or Error.

Category	Detailed description
Tag list	Tag list You can view the Key, Value information of tags Up to 50 tags can be added per resource When entering tags, you can search and select from the existing list of created Keys and Values

Job History

On the Sunnet List page, you can view the operation history of the selected resource.

Category	Detailed description
Task History List	Resource Change History Check operation date/time, resource name, operation details, operation result, and operator information

Table. Subnet operation history tab detailed information items

Managing Virtual IP

You can reserve or manage Virtual IPs for use in a Subnet.

Reserve Virtual IP

You can reserve a Virtual IP for use in the Subnet.

To reserve a Virtual IP, follow these steps.

Click the All Services > Networking > VPC menu. Navigate to the VPC’s Service Home page.
Click the Subnet button on the Service Home page. You will be taken to the Subnet List page.
On the Subnet list page, click the resource to reserve a Virtual IP. You will be taken to the Subnet details page.
On the Subnet Details page, click the Virtual IP Management tab. You will be taken to the Virtual IP Management tab page.
On the Virtual IP Management tab page, click the Virtual IP Reservation button. The Virtual IP reservation window opens.
In the Virtual IP Reservation window, set the detailed items and click OK.
- Virtual IP: If you select Auto-Generated, an automatically generated IP will be reserved, and if you select Input, you can reserve an IP that you manually entered.
- Description: Enter additional description for Virtual IP.
When the reservation confirmation window appears, click Confirm.

Check Virtual IP detailed information

You can view detailed information about the Virtual IP.

To view detailed information about the Virtual IP, follow these steps.

Click the All Services > Networking > VPC menu. Navigate to the VPC’s Service Home page.
On the Service Home page, click the Subnet button. You will be taken to the Subnet List page.
Subnet list page, click the resource to reserve a Virtual IP. Subnet details page will be displayed.
On the Subnet Details page, click the Virtual IP Management tab. You will be taken to the Virtual IP Management tab page.

Click the resource to view on the Virtual IP Management tab page. You will be taken to the Virtual IP Details page.

*Virtual IP Details The page displays the connected ports and detailed information.

Category	Detailed description
Virtual IP	Virtual IP address
Public NAT IP	Public NAT IP address and status Edit icon can be clicked to edit Enable after setting, you can select an existing IP or create one to add Public NAT IP cannot be modified after configuration; changes require reconfiguration
Connection Port	Port information connected to the Virtual IP Add button to click to add a connected port, you can add by connecting an existing port or creating a new one Delete button to click to remove the connected port
Explanation	Virtual IP description Click the Edit icon to modify
constructor	User who reserved a Virtual IP
Creation date	Virtual IP reservation date and time
Editor	User who modified the Virtual IP information
Modification date	Date and time the Virtual IP information was modified

Table. Virtual IP detailed information items

Terminate Subnet

You can delete an unused Subnet.

Caution

You cannot cancel the service if there are connected resources. Delete the connected resources first.
You can delete a service only when its status is Active or Error.
Because data cannot be recovered after a service is deleted, be sure to fully consider the impact before proceeding with a Subnet deletion.

To delete a Subnet, follow these steps.

Click the All Services > Networking > VPC menu. Navigate to the VPC’s Service Home page.
On the Service Home page, click the Subnet menu. You will be taken to the Subnet List page.
On the Subnet List page, click the resource to delete. Navigate to the Subnet Details page.
On the Subnet Details page, click the Delete button.
After deletion is complete, check the Subnet list to confirm that the resource has been removed.

Preliminary Service

This is a list of services that must be pre-configured before creating the service. Please refer to the guide provided for each service for details and prepare in advance.

Service Category	Service	Detailed description
Networking	VPC	A service that provides an isolated virtual network in a cloud environment

Table. Subnet pre-service

1.2.2 - Port

Create Port

You can create and use a Port service in the Samsung Cloud Platform Console.

To create a port, follow these steps.

Click the All Services > Networking > VPC menu. Navigate to the VPC Service Home page.

On the Service Home page, click the Create Port button. You will be taken to the Create Port page.

In the Service Information Input area, enter or select the required information.

Category	Required	Detailed description
VPC name	Required	Select the VPC to create the Port Click + Create New to create the VPC and then select it
Subnet name	Required	Select the Subnet to create the Port Click + Create New to create a Subnet and then select it
Port name	Required	Port name that is easy to identify Enter using English letters, numbers, `-` within 3 to 20 characters
IP allocation method	Required	Select IP allocation method Automatic allocation: IP is automatically assigned within the IP allocation range of the Subnet Manual entry: The entered IP is assigned within the Subnet’s range When Manual entry is selected, enter the IP address to use for the Port in Fixed IP address
Explanation	Selection	Enter description for Port
Security Group	Select	When Use is selected, you can select up to 5 Security Groups.

Table. Port service information input fields

Enter or select the required information in the Additional Information Input area.
Category
Required status
Detailed description
tag Select Add Tag
Up to 50 can be added per resource
After clicking the Add Tag button, enter or select Key and Value values
Table. Port additional information input fields

Summary Check the detailed information and estimated billing amount generated in the panel, and click the Create button.
- After creation is complete, check the created resources on the Port List page.

Category	Required status	Detailed description
tag	Select	Add Tag Up to 50 can be added per resource After clicking the Add Tag button, enter or select Key and Value values

Check detailed information of Port

The Port service allows you to view and edit the full resource list and detailed information. Port Details page consists of Details, Tags, Activity Log tabs.

To view detailed port information, follow these steps.

Click the All Services > Networking > VPC menu. Go to the VPC’s Service Home page.
On the Service Home page, click the Port menu. You will be taken to the Port List page.

Port List page, click the resource (Port name) to view detailed information. You will be taken to the Port Details page.

Port Details page displays status information and additional feature information, and consists of Details, Tags, Activity Log tabs.

Category	Detailed description
status	Port status Active: Operating normally Down: Not connected to the resource, or connected but not functioning Error: Current status cannot be determined If it occurs continuously, contact the registered administrator
Delete Port	Button to delete the port

Category

Detailed description

status

Port status

Active: Operating normally

Down: Not connected to the resource, or connected but not functioning

Error: Current status cannot be determined
- If it occurs continuously, contact the registered administrator

Delete Port

Button to delete the port

Table. Port status information and additional functions

Detailed Information

On the Port list page, you can view detailed information of the selected resource and edit the information if needed.

Category	Detailed description
Service	Service name
Resource Type	Resource Type
SRN	Unique resource ID in Samsung Cloud Platform In Port, it refers to the Port SRN
Resource Name	Port resource name
Resource ID	Unique resource ID in the service
Resource ID	Port’s unique resource ID
constructor	User who created the Port
Creation date and time	Port creation timestamp
Editor	User who modified the port information
Modification date and time	Date and time the port information was modified
Port name	Port resource name
Port ID	Port resource ID
Subnet name	Click the connected Subnet name or Subnet entry to go to the detail page.
Connected resources	Connected device information
Static IP	Static IP information
MAC address	MAC address information
Explanation	Description of the Port Edit icon can be clicked to edit
Security Group	Connected Security Group information Edit icon can be clicked to change the Security Group
Virtual IP	Connected Virtual IP information

Table. Port detailed information tab items

Category	Detailed description
Tag list	Tag list You can view the Key, Value information of the tag Up to 50 tags can be added per resource When entering a tag, you can search and select from the list of previously created Keys and Values

Job History

On the Port list page, you can view the operation history of the selected resource.

Category	Detailed description
Task History List	Resource Change History Check operation date/time, resource name, operation details, operation result, and operator information

Table. Port operation history tab detailed information items

Delete Port

You can release unused ports to reduce operating costs.

Caution

If there are connected resources such as Virtual Server or PrivateLink, you cannot delete the service. Delete the connected resources first.
After deleting a service, the running service may be stopped immediately. Consider the impact of deleting the service thoroughly before proceeding with the deletion.

To delete a Port, follow these steps.

Click the All Services > Networking > VPC menu. Go to the VPC’s Service Home page.
On the Service Home page, click the Port menu. You will be taken to the Port List page.
On the Port List page, click the resource (Port name) you want to delete. You will be taken to the Port Detail page.
On the Port Details page, click the Delete Port button.
After the deletion is complete, check whether the resource has been removed from the Port list.

Preliminary Service

This is a list of services that must be pre-configured before creating the service. Please refer to the guide provided for each service and prepare in advance.

Service Category	Service	Detailed description
Networking	VPC	A service that provides an isolated virtual network in a cloud environment

Table. Port pre-service

1.2.3 - Internet Gateway

Create Internet Gateway

You can create and use the Internet Gateway service in the Samsung Cloud Platform Console.

To create an Internet Gateway, follow these steps.

Click the All Services > Networking > VPC menu. Navigate to the VPC’s Service Home page.

On the Service Home page, click the Internet Gateway Creation button. You will be taken to the Internet Gateway Creation page.

Enter or select the required information in the Service Information Input area.

Category	Required	Detailed description
VPC name	Required	Select the VPC that connects to the Internet Gateway Click + New to create a VPC and then select it
Category	Required	Select Internet Gateway type Choose from Dedicated Internet Gateway, Secured Internet Gateway, Group Gateway
Internet Gateway name	Selection	Automatically create IGW_{VPC name}
Explanation	Select	Enter a description of the Internet Gateway
Use firewall	Select	Select whether to use the firewall
Whether to save firewall logs	Select	Select whether to save Firewall logs When using the Firewall, save connection logs For more details, see Using Firewall Log Saving

Table. Internet Gateway Service Information Input Items

In the Additional Information Input area, enter or select the required information.
Category
Required status
Detailed description
Tag Select Add Tag
Up to 50 can be added per resource
After clicking the Add Tag button, enter or select Key, Value values
Table. Internet Gateway additional information input fields

Category	Required status	Detailed description
Tag	Select	Add Tag Up to 50 can be added per resource After clicking the Add Tag button, enter or select Key, Value values

Caution

You cannot attach an Internet Gateway and a Group Gateway to the same VPC simultaneously.

Summary Check the detailed information and estimated billing amount generated in the panel, and click the Create button.
- Once creation is complete, check the created resource on the Internet Gateway List page.

Internet Gateway Check detailed information

The Internet Gateway service allows you to view and edit the full resource list and detailed information. Internet Gateway Details page consists of Details, Tags, Activity Log tabs.

To view detailed information about the Internet Gateway, follow these steps.

Click the All Services > Networking > VPC menu. You will be taken to the VPC Service Home page.
On the Service Home page, click the Internet Gateway menu. Navigate to the Internet Gateway list page.

On the Internet Gateway List page, click the resource to view detailed information. You will be taken to the Internet Gateway Details page.

Internet Gateway Details page displays status information and additional feature information, and consists of Details, Tags, Activity History tabs.

Category	Detailed description
status	Internet Gateway status Creating: Creating resource Ative: Normal connection status Deleting: Deletion in progress Error: Unable to determine current status If it persists, contact the registered administrator
Delete Internet Gateway	Internet Gateway Delete Button

Category

Detailed description

status

Internet Gateway status

Creating: Creating resource

Ative: Normal connection status

Deleting: Deletion in progress

Error: Unable to determine current status
- If it persists, contact the registered administrator

Delete Internet Gateway

Internet Gateway Delete Button

Table. Internet Gateway status information and additional features

Detailed Information

On the Internet Gateway List page, you can view detailed information of the selected resource and edit the information if needed.

Category	Detailed description
Service	Service name
Resource Type	Resource Type
SRN	Unique resource ID in Samsung Cloud Platform In Internet Gateway, it refers to the Internet Gateway SRN
Resource Name	Internet Gateway resource name
Resource ID	Unique resource ID in the service
constructor	User who created the Internet Gateway
Creation date and time	Internet Gateway creation timestamp
Editor	User who modified the Internet Gateway information
Modification date and time	Date and time the Internet Gateway information was modified
Internet Gateway name	Internet Gateway name
Internet Gateway ID	Internet Gateway resource ID
VPC name	VPC name
VPC name	VPC ID
Category	Internet Gateway type
description	Description of Internet Gateway Edit Click the icon to edit
Firewall name	Clicking the Firewall takes you to the detail page.
Use Fireawall	Use firewall
NAT Gateway	Clicking NAT Gateway navigates to the detail page
Whether to save NAT logs	NAT log storage Edit icon can be clicked to modify Enabled: Store logs Disabled: Do not store logs

Table. Internet Gateway Detailed Information Tab Items

Category	Detailed description
Tag list	Tag list You can view the Key, Value information of the tag Up to 50 tags can be added per resource When entering a tag, you can search and select from the list of previously created Keys and Values

Job History

On the Internet Gateway List page, you can view the operation history of the selected resource.

Category	Detailed description
Task History List	Resource Change History Check operation date/time, resource name, operation details, operation result, and operator information

Table. Internet Gateway operation history tab detailed information items

Managing Internet Gateway Resources

You can manage resources, such as enabling Internet Gateway log storage.

Using NAT Log Storage

Reference

To store NAT logs, first create a bucket in Object Storage for log storage and configure that bucket in the NAT Logging log repository. Then, when you enable log storage in the NAT detail view, NAT logs will begin to be saved to the Object Storage bucket. The log repository settings can be verified in NAT Logging. For more information, see NAT Logging.

If you configure a log repository, Object Storage charges for log storage will be applied.

To use NAT log storage, follow these steps.

Click the All Services > Networking > VPC menu. Navigate to the VPC’s Service Home page.
On the Service Home page, click the Internet Gateway menu. Navigate to the Internet Gateway List page.
On the Internet Gateway List page, click the resource to view detailed information. You will be taken to the Internet Gateway Details page.
Click the Modify NAT log storage setting button. You will be taken to the Modify NAT log storage setting popup.
Modify NAT Log Storage Setting In the popup window, select Use for the log repository, and click the Confirm button.

Caution

If the log repository is not configured in NAT Logging, the log repository use setting cannot be enabled.

Do not use NAT log storage

To use NAT log storage, follow these steps.

Click the All Services > Networking > VPC menu. Navigate to the VPC’s Service Home page.
On the Service Home page, click the Internet Gateway menu. You will be taken to the Internet Gateway List page.
Internet Gateway List page, click the resource to view detailed information. You will be taken to the Internet Gateway Details page.
Click the Modify NAT log storage setting button. You will be taken to the Modify NAT log storage setting popup.
Modify NAT log storage setting In the popup window, deselect Use for the log storage, and click the Confirm button.
Notification Check the message in the popup window and click the Confirm button.

Caution

If log storage is disabled, the service’s log storage will be halted, and tracking and management through log analysis will be impossible in the event of a security incident.

Delete Internet Gateway

Caution

NAT Gateway, Firewall rules, VPN, etc. If there are connected resources, you cannot terminate the service. Delete the connected resources first.
After deleting the service, internet communication for resources under the VPC will be interrupted. Proceed with the deletion only after fully considering the impact of deleting the Internet Gateway.

To delete an Internet Gateway, follow these steps.

Click the All Services > Networking > VPC menu. Navigate to the VPC’s Service Home page.
On the Service Home page, click the Internet Gateway menu. You will be taken to the Internet Gateway List page.
On the Internet Gateway List page, click the resource you want to delete. Navigate to the Internet Gateway Details page.
On the Internet Gateway Details page, click the Delete button.
After the deletion is complete, verify that the resource has been removed from the Internet Gateway list.

Pre-service

This is a list of services that must be pre-configured before creating the service. Please refer to the guide provided for each service for details and prepare in advance.

Service Category	Service	Detailed description
Networking	VPC	A service that provides an isolated virtual network in a cloud environment

Table. Internet Gateway preliminary service

1.2.4 - NAT Gateway

Creating NAT Gateway

You can create and use the NAT Gateway service in the Samsung Cloud Platform Console.

To create a NAT Gateway, follow these steps.

Click the All Services > Networking > VPC menu. Navigate to the VPC’s Service Home page.

On the Service Home page, click the Create NAT Gateway button. You will be taken to the Create NAT Gateway page.

In the Service Information Input area, enter or select the required information.

Category	Required	Detailed description
VPC name	Required	Select the VPC to connect + Create new to create a VPC and then select it
Subnet name	Required	Select the connected Subnet Click + Create New to create a Subnet and then select it
NAT Gateway name	Select	Create NAT_GW_{subnet name}
IP for NAT Gateway	Required	Select a Public IP for NAT Gateway + New Click to create an IP and then select it
description	Select	Enter a description for the NAT Gateway

Table. NAT Gateway Service Information Input Items

Enter or select the required information in the Additional Information Input area.
Category
Whether required
Detailed description
Tag Select Add Tag
Up to 50 can be added per resource
After clicking the Add Tag button, enter or select Key and Value values
Table. NAT Gateway additional information input fields

In the Summary panel, review the detailed information and estimated billing amount, then click the Create button.
- When creation is complete, verify the created resource on the NAT Gateway list page.

Category	Whether required	Detailed description
Tag	Select	Add Tag Up to 50 can be added per resource After clicking the Add Tag button, enter or select Key and Value values

Check NAT Gateway detailed information

The NAT Gateway service allows you to view and edit the full resource list and detailed information. NAT Gateway Details page consists of Details, Tags, Activity Log tabs.

Click the All Services > Networking > VPC menu. Go to the VPC’s Service Home page.
On the Service Home page, click the NAT Gateway menu. You will be taken to the NAT Gateway List page.

On the NAT Gateway List page, click the resource whose details you want to view. You will be taken to the NAT Gateway Details page.

NAT Gateway Details page displays status information and additional feature information, and consists of Details, Tags, Activity History tabs.

Category	Detailed description
status	NAT Gateway status Creating: Creation in progress Active: Operating normally Deleting: Deletion in progress
Delete NAT Gateway	Button to terminate the service Terminate the NAT Gateway when there are no connected services Since terminating the service may cause the running service to stop immediately, proceed with the termination only after fully considering the impact of service interruption

Category

Detailed description

status

NAT Gateway status

Creating: Creation in progress

Active: Operating normally

Deleting: Deletion in progress

Delete NAT Gateway

Button to terminate the service

Terminate the NAT Gateway when there are no connected services

Since terminating the service may cause the running service to stop immediately, proceed with the termination only after fully considering the impact of service interruption

Table. NAT Gateway status information and additional features

Detailed Information

NAT Gateway List page lets you view detailed information of the selected resource and modify it if necessary.

Category	Detailed description
service	Service name
Resource Type	Resource Type
SRN	Unique resource ID in Samsung Cloud Platform In NAT Gateway, it refers to the NAT Gateway SRN
Resource name	NAT Gateway resource name
Resource ID	Unique resource ID in the service
constructor	User who created the NAT Gateway
Creation Timestamp	NAT Gateway creation timestamp
Editor	User who modified NAT Gateway information
Modification date and time	Date and time the NAT Gateway information was modified
NAT Gateway name	NAT Gateway name
NAT Gateway ID	NAT Gateway resource ID
VPC name	VPC name connected to NAT Gateway Click the VPC to go to the detail page
VPC ID	VPC resource ID connected to the NAT Gateway
Subnet name	Subnet name connected to NAT Gateway Click the Subnet to go to the detail page
Subnet ID	Subnet resource ID connected to the NAT Gateway
Subnet IP range	Subnet IP range information
IP for NAT Gateway	NAT Gateway IP information
description	Description of NAT Gateway Edit icon can be clicked to modify

Table. NAT Gateway Detailed Information Tab Items

Category	Detailed description
Tag list	Tag list You can view the Key, Value information of the tag Up to 50 tags can be added per resource When entering a tag, you can search and select from the list of previously created Keys and Values

Job History

You can view the operation history of the selected resource on the NAT Gateway List page.

Category	Detailed description
Task History List	Resource Change History Check operation date and time, resource name, operation details, operation result, and operator information

Table. NAT Gateway operation history tab detailed information items

Delete NAT Gateway

Caution

If you delete the NAT Gateway, all resources in that subnet cannot communicate with the internet, except for resources that have 1:1 NAT configured.

To delete a NAT Gateway, follow these steps.

Click the All Services > Networking > VPC menu. Go to the VPC’s Service Home page.
On the Service Home page, click the NAT Gateway menu. Navigate to the NAT Gateway List page.
Click the resource to view detailed information on the NAT Gateway List page. You will be taken to the NAT Gateway Details page.
On the NAT Gateway Details page, click the Delete button.
After deletion is complete, verify that the resource has been removed from the NAT Gateway list.

Pre-service

This is a list of services that must be pre-configured before creating the service. Please refer to the guide provided for each service and prepare in advance.

Service Category	Service	Detailed description
Networking	VPC	A service that provides an isolated virtual network in a cloud environment

Table. NAT Gateway prerequisite services

1.2.5 - Public IP

Create Public IP

You can create and use a Public IP service in the Samsung Cloud Platform Console.

To create a Public IP, follow these steps.

Click the All Services > Networking > VPC menu. Navigate to the VPC’s Service Home page.
On the Service Home page, click the Public IP reservation button. You will be taken to the Public IP reservation page.
- Enter or select the required information in the Service Information Input area.
  Category
  Required status
  Detailed description
  Category Required Select the gateway to reserve the Public IP
  Default: Internet Gateway
  description Select Enter description for Public IP
  Table. Public IP Service Information Input Items
- In the Additional Information Input area, enter or select the required information.
  Category
  Required status
  Detailed description
  Tag Select Add Tag
  Up to 50 can be added per resource
  After clicking the Add Tag button, enter or select Key and Value values
  Table. Public IP additional information input fields
Summary Check the detailed information and estimated billing amount generated in the panel, and click the Create button.
- Once creation is complete, check the created resources on the Public IP List page.

Category	Required status	Detailed description
Category	Required	Select the gateway to reserve the Public IP Default: Internet Gateway
description	Select	Enter description for Public IP

Category	Required status	Detailed description
Tag	Select	Add Tag Up to 50 can be added per resource After clicking the Add Tag button, enter or select Key and Value values

View detailed information of Public IP

The Public IP service allows you to view and edit the full resource list and detailed information. Public IP Details page consists of Details, Tags, Activity Log tabs.

To view detailed information about the public IP, follow these steps.

Click the All Services > Networking > VPC menu. Navigate to the VPC’s Service Home page.
On the Service Home page, click the Public IP menu. You will be taken to the Public IP List page.

On the Public IP List page, click the resource to view detailed information. You will be taken to the Public IP Detail page.

Public IP Details page displays status information and additional feature information, and consists of Details, Tags, Activity Log tabs.

Category	Detailed description
status	Public IP status Attached: attached state Reserved: reserved state Error: cannot determine current state If it occurs continuously, contact the registered administrator
Return Public IP	Public IP Return Button

Category

Detailed description

status

Public IP status

Attached: attached state

Reserved: reserved state

Error: cannot determine current state
- If it occurs continuously, contact the registered administrator

Return Public IP

Public IP Return Button

Table. Public IP status information and additional features

Detailed Information

Public IP List page lets you view detailed information of the selected resource and edit the information if needed.

Category	Detailed description
Service	Service name
Resource Type	Resource Type
SRN	Unique resource ID in Samsung Cloud Platform In Public IP, it refers to the Public IP SRN
Resource name	Public IP resource name
Resource ID	Unique resource ID in the service
constructor	User who created the Public IP
Creation date	Public IP creation timestamp
Editor	User who modified the Public IP information
Modification date and time	Date and time the public IP information was modified
IP address	Designated (reserved) IP address
Category	Gateway information with reserved Public IP
Public IP ID	Public IP resource ID
description	Description of Public IP Edit Click the icon to edit the description
Connection resource type	Resource information associated with the designated (reserved) IP address
Connection resource name	Resource name associated with the designated (reserved) IP address

Table. Public IP detailed information tab items

Category	Detailed description
Tag list	Tag list You can view the Key, Value information of the tag Up to 50 tags can be added per resource When entering a tag, you can search and select from the list of previously created Keys and Values

Job History

On the Public IP List page, you can view the operation history of the selected resource.

Category	Detailed description
Task History List	Resource Change History Check operation date/time, resource name, operation details, operation result, and operator information

Table. Detailed information items for the Port operation history tab

Return Public IP

Caution

You can only return the Public IP service when its status is Reserved. Verify the service status before submitting a return request.

To delete a Public IP, follow these steps.

Click the All Services > Networking > VPC menu. Go to the VPC’s Service Home page.
On the Service Home page, click the Public IP button. You will be taken to the Public IP List page.
On the Public IP List page, click the resource to view detailed information. You will be taken to the Public IP Details page.
On the Public IP Details page, click the Public IP Release button.
After the return is completed, check whether the resource has been deleted from the Public IP list.

Pre-service

This is a service that must be installed in advance before creating this service. Please refer to the provided user guide and prepare accordingly.

Service Category	Service	Detailed description
Networking	VPC	It is a service that provides an isolated virtual network in a cloud environment.

Table. Public IP pre-service

1.2.6 - Private NAT

Users can create the Private NAT service by entering the required information and selecting detailed options through the Samsung Cloud Platform Console.

Creating Private NAT

You can create a Private NAT service in the Samsung Cloud Platform Console and use it.

To create a Private NAT, follow these steps.

All Services > Networking > VPC Click the menu. 1. Navigate to the VPC’s Service Home page.

On the Service Home page, click the Create Private NAT button. 2. Navigate to the Create Private NAT page.

In the Service Information Input area, enter or select the required information.

Category	required status	Detailed description
Private NAT name	Required	Enter the Private NAT name Enter using letters and numbers, 3 to 20 characters
Connection resource type	Required	Select the connection resource to connect the Private NAT You can choose between Direct Connect and Transit Gateway Transit Gateway can be selected after connecting the uplink line
Connection resource name	Essential	Display entries of the selected connection resource Click + New Creation in the list to create a connection resource
NAT IP range	Essential	Enter the NAT IP range to use Enter in CIDR format, e.g., 192.168.2.0/23 Cannot overlap with the connected VPC IP or other Private NAT IP ranges
Explanation	Selection	Enter description for Private NAT

Table. Private NAT Service Information Input Items

Reference

It must not overlap with the IP range of the VPC connected to the selected Direct Connect or Transit Gateway.
It must not overlap with other Private NAT ranges that are connected to the selected Direct Connect or Transit Gateway.
It must not overlap with the IP range of the on‑premise network connected to the selected Direct Connect or Transit Gateway.
Some IP ranges are reserved for management and cannot be used.

Additional Information Input area, enter or select the required information.
Category
Required status
Detailed description
Tag Selection Add Tag
Up to 50 per resource can be added
After clicking the Add Tag button, enter or select Key, Value values
Table. Private NAT additional information input fields

Summary Check the detailed information and estimated charges generated in the panel, and click the Create button.
- When creation is complete, verify the created resources on the Private NAT List page.

Category	Required status	Detailed description
Tag	Selection	Add Tag Up to 50 per resource can be added After clicking the Add Tag button, enter or select Key, Value values

Check Private NAT detailed information

The Private NAT service allows you to view and edit the complete resource list and detailed information. On the Private NAT Details page, it consists of Detail Information, IP Management, Tags, Operation History tabs.

To view detailed information about Private NAT, follow these steps.

All Services > Networking > VPC menu, click it. 1. Navigate to the VPC’s Service Home page.
On the Service Home page, click the Private NAT menu. 2. Go to the Private NAT List page.
Private NAT List page, click the resource to view detailed information. 3. Navigate to the Private NAT Details page.
- Private NAT Details page displays status information and additional feature information, and consists of Details, IP Management, Tags, Activity Log tabs.
  Category Detailed description
  status Private NAT status
  Active: Running
  Creating: In progress
  Deleting: In progress
  Error: An error occurred
  Delete Private NAT Button to delete Private NAT
  Table. Private NAT status information and additional features

Category	Detailed description
status	Private NAT status Active: Running Creating: In progress Deleting: In progress Error: An error occurred
Delete Private NAT	Button to delete Private NAT

Detailed Information

Private NAT List page allows you to view detailed information of the selected resource and edit the information if necessary.

Category	Detailed description
service	Service name
Resource Type	Resource Type
SRN	Unique resource ID in Samsung Cloud Platform
Resource Name	Private NAT resource name
Resource ID	Unique resource ID in the service
Constructor	User who created a Private NAT
Creation date and time	Date and time the Private NAT was created
Modifier	User who modified the Private NAT information
Modification date	Date and time the Private NAT information was modified
Private NAT name	Private NAT resource name
Connection resource type	Information about resources connected to Private NAT
NAT IP range	NAT IP range information in use
Connection resource name	Clicking the resource information or resource name linked to the Private NAT navigates to the detailed information page.
Explanation	Description of Private NAT Edit icon can be clicked to edit the description

Table. Private NAT detailed information tab items

IP Management

Private NAT List page allows you to view the Private NAT IP, and you can reserve or release it.

Category

Detailed description

Private NAT IP List

Active Private NAT list

Private NAT IP, associated resources, and status can be viewed

Click the Private NAT IP Reservation button to add an IP

Click the Release button to delete the selected IP

Table. Private NAT IP Management Tab Items

Job History

On the Private NAT List page, you can view the operation history of the selected resource.

Category	Detailed description
Task History List	Resource Change History Operation Timestamp, Resource Name, Operation Details, Operation Result, Operator Information Check

Table. Private NAT operation history tab detailed information items

Managing Private NAT IP

You can reserve or release a Private NAT IP.

Reserve Private NAT IP

To reserve a Private NAT IP, follow these steps.

All Services > Networking > VPC Click the menu. 1. Navigate to the VPC’s Service Home page.
On the Service Home page, click the Private NAT menu. 2. Private NAT List Go to the page.
Private NAT List page, click the resource to reserve an IP. 3. Go to the Private NAT Details page.
On the Private NAT Details page, click the IP Management tab. 4. Navigate to the IP Management tab page.
Click the IP Management tab page’s Private NAT IP Reservation button. 5. The Private NAT IP reservation window appears.
Enter the Private NAT IP to be used in the Private NAT IP reservation window and click the Confirm button. 6. A notification confirmation dialog appears.
In the alert dialog, click the Confirm button. 7. Check whether a resource entry has been added to the IP list.

Return Private NAT IP

Caution

You can only return a Private NAT IP when its status is Reserved.

To return the Private NAT IP, follow these steps.

All Services > Networking > VPC Click the menu. 1. Navigate to the VPC’s Service Home page.
On the Service Home page, click the Private NAT menu. 2. Navigate to the Private NAT List page.
On the Private NAT List page, click the resource to reserve an IP. 3. Go to the Private NAT Details page.
On the Private NAT Details page, click the IP Management tab. 4. Navigate to the IP Management tab page.
On the IP Management tab page, click the Return button for the IP item you want to return. 5. A notification confirmation dialog appears.
Verify that the selected resource has been deleted from the IP list.

Delete Private NAT

You can cancel unused Private NAT to reduce operating costs.

Caution

If the Private NAT service status is Creating, Editing, or Deleting, the service cannot be terminated.

To cancel Private NAT, follow the steps below.

All Services > Networking > VPC Click the menu. 1. Navigate to the VPC’s Service Home page.
On the Service Home page, click the Private NAT menu. 2. Go to the Private NAT List page.
On the Private NAT List page, click the resource to delete. 3. Go to the Private NAT Details page.
On the Private NAT Details page, click the Delete Private NAT button.
After termination is complete, check whether the resource has been deleted from the Private NAT list.

Preliminary service

This service must be installed in advance before creating this service. Please prepare by referring to the user guide provided in advance.

Service Category	service	Detailed description
Networking	VPC	A service that provides an isolated virtual network in a cloud environment
Networking	Direct Connect	A service that securely and quickly connects the customer’s network with the Samsung Cloud Platform environment.

Table. Private NAT Preliminary Service

1.2.7 - VPC Endpoint

Create VPC Endpoint

You can create and use a VPC Endpoint service in the Samsung Cloud Platform Console.

To create a VPC Endpoint, follow these steps.

Click the All Services > Networking > VPC menu. Go to the VPC’s Service Home page.

On the Service Home page, click the Create VPC Endpoint button. You will be taken to the Create VPC Endpoint page.

In the Service Information Input area, enter or select the required information.

Category	Required status	Detailed description
VPC name	Required	Select the VPC to create the Endpoint Click + Create new to create a VPC and then select it
Usage > Target Service	Required	Select the target service for which to create the VPC Endpoint
Purpose > Connected Resources	Required	Select the resource to create a VPC Endpoint
VPC Endpoint name	Required	Enter the VPC Endpoint name Enter using letters and numbers, 3 ~ 20 characters
VPC Endpoint IP > Subnet name	Required	Select VPC Endpoint Subnet + Create New Click to create a Subnet and then select it
VPC Endpoint IP > IP	Required	Enter the IP to be used for the VPC Endpoint Example: `192.168.x.x`
description	Select	Enter a description for the VPC Endpoint

Table. VPC Endpoint Service Information Input Items

Enter or select the required information in the Additional Information Input area.

Category

Whether required

Detailed description

tag

Select

Add Tag

Up to 50 can be added per resource

Add Tag button after clicking, input or select Key, Value values

Table. VPC Endpoint additional information input fields

Reference

After registering the VPC Endpoint, you need to configure the Direct Connect firewall to integrate internal services of the Samsung Cloud Platform. Refer to the port information for each service and register the firewall rules.

Service	Port information
DNS	TCP 53, UDP 53
Object Storage	TCP 8080, 8443, 80, 443, 4430
File Storage	(NFS) TCP/UDP common 111, 300, 302, 304, 2049, 635, 4045, 4046, 4049 (CIFS) UDP 135, 137, 138, 389 / TCP 135, 139, 445, 40001
Container Registry (authentication server, Registry)	TCP 443

Table: Allowed ports per target service

Summary Verify the detailed information and estimated billing amount generated in the panel, then click the Create button.
- When creation is complete, check the created resources on the VPC Endpoint List page.

Check VPC Endpoint details

The VPC Endpoint service allows you to view and edit the full list of resources and detailed information. VPC Endpoint Details page consists of Details, Tags, Activity Log tabs.

Endpoint To view detailed information, follow these steps.

Click the All Services > Networking > VPC menu. Go to the VPC’s Service Home page.
Click the VPC Endpoint menu on the Service Home page. You will be taken to the VPC Endpoint List page.

On the VPC Endpoint List page, click the resource for which you want to view detailed information. You will be taken to the VPC Endpoint Details page.

VPC Endpoint Details page displays status information and additional feature information, and consists of Details, Tags, Activity History tabs.

Category

Detailed description

status

VPC Endpoint status

Active: operating normally

Creating: creation in progress

Deleting: deleting resource connection

Deleted: resource connection deleted

Delete VPC Endpoint

Button to delete the VPC Endpoint connection resource

Table. VPC Endpoint status information and additional features

Detailed Information

VPC Endpoint List page lets you view detailed information of the selected resource and edit the information if needed.

Category	Detailed description
Service	Service name
Resource Type	Resource Type
SRN	Unique resource ID in Samsung Cloud Platform In VPC Endpoint, it refers to the VPC Endpoint SRN
Resource name	VPC Endpoint resource name
Resource ID	Unique resource ID in the service
constructor	User who created the VPC Endpoint
Creation date and time	VPC Endpoint creation timestamp
Editor	User who modified the VPC Endpoint information
Modification date	Date and time the VPC Endpoint information was modified
VPC Endpoint name	VPC Endpoint name
VPC name	Click the connected VPC name or VPC item to go to the detail page.
VPC ID	Connected VPC ID
Target Service	Connected target information
Connection resource information	Connected resource information
Subnet name	Endpoint subnet information; click the subnet item to navigate to the detail page.
VPC Endpoint IP	VPC Endpoint IP information
description	Description of VPC Endpoint Edit icon can be clicked to edit

Table. VPC Endpoint detailed information tab items

Job History

VPC Endpoint List page allows you to view the operation history of the selected resource.

Category	Detailed description
Task History List	Resource Change History Check operation date and time, resource name, operation details, operation result, and operator information

Table. VPC Endpoint operation history tab detailed information items

Delete VPC Endpoint

You can cancel unused Endpoints to reduce operating costs.

Caution

If there are connected resources such as Object Storage, Container Registry, you cannot cancel the service. Delete the connected resources first.
Deleting a VPC Endpoint can cause the running service to stop immediately. Carefully consider the impact of deleting the service before proceeding with the deletion.

To terminate a VPC Endpoint, follow these steps.

Click the All Services > Networking > VPC menu. Navigate to the VPC’s Service Home page.
Click the VPC Endpoint menu on the Service Home page. You will be taken to the VPC Endpoint List page.
On the VPC Endpoint List page, click the resource you want to delete. You will be taken to the VPC Endpoint Details page.
On the VPC Endpoint Details page, click the Delete Endpoint button.
When the termination is complete, check whether the resource has been deleted from the VPC Endpoint list.

Pre-service

This is a list of services that must be pre-configured before creating the service. Please refer to the guide provided for each service for details and prepare in advance.

Service Category	Service	Detailed description
Networking	VPC	A service that provides an isolated virtual network in a cloud environment
Networking	Direct Connect	A service that securely and quickly connects the customer’s network to the Samsung Cloud Platform

Table. VPC Endpoint prerequisite services

1.2.8 - VPC Peering

Users can create the service by entering the required information for the VPC Peering service and selecting detailed options through the Samsung Cloud Platform Console.

Create VPC Peering

You can create and use the VPC Peering service in the Samsung Cloud Platform Console.

To create a VPC Peering, follow these steps.

Click the All Services > Networking > VPC menu. Navigate to the VPC’s Service Home page.

On the Service Home page, click the Create VPC Peering button. You will be taken to the Create VPC Peering page.

Enter or select the required information in the Service Information Input area.

Category	Required status	Detailed description
VPC Peering name	Required	Enter VPC Peering name Enter using letters and numbers, 3~20 characters
Requested VPC name	Required	Select the VPC to request VPC Peering Click + New in the list to create a VPC
Approved Account	Required	Select the account of the VPC to approve VPC peering, then select that VPC or enter its information Same account: select the approved VPC name Click + New creation in the list to create a VPC Different account: enter the approved Account ID and approved VPC ID
description	Select	Enter a description of VPC Peering

Table. VPC Peering service information input items

In the Additional Information Input area, enter or select the required information.
Category
Whether required
Detailed description
Tag Select Add Tag
Up to 50 can be added per resource
After clicking the Add Tag button, enter or select Key and Value values
Table. VPC Peering additional information input fields

Check the detailed information and estimated billing amount generated in the Summary panel, and click the Create button.
- When connecting a VPC from another Account, the peering proceeds after an approval process, so the connection may take some time.
- When creation is complete, check the created resource on the VPC Peering List page.

Check VPC Peering details

The VPC Peering service allows you to view and edit the full list of resources and detailed information. VPC Peering Details page consists of Details, Rules, Tags, Activity Log tabs.

To view detailed VPC Peering information, follow these steps.

Click the All Services > Networking > VPC menu. Navigate to the VPC’s Service Home page.
On the Service Home page, click the VPC Peering menu. You will be taken to the VPC Peering List page.

VPC Peering List Click the resource to view detailed information on the page. You will be taken to the VPC Peering Details page.

VPC Peering Details page displays status information and additional feature information, and consists of Details, Rules, Tags, Activity History tabs.

Category

Detailed description

status

VPC Peering status

Active: operational

Requesting: connection or deletion request in progress

Creating: connecting

Creating Requesting: connection request in progress

Deleting Requesting: deletion request in progress

Editing: editing

Rejected: rejected

Canceled: canceled

Error: error occurred
- If it persists, contact the registered administrator

VPC Peering deletion/VPC Peering deletion request

Button to request deletion of VPC Peering resources

Cancel Connection Request: Can cancel if a VPC Peering connection was requested

Approve Connection: Can approve when a VPC Peering connection request is received
- Reject Connection: Click to reject the connection

Cancel Deletion Request: Can cancel if a VPC Peering deletion was requested

Approve Deletion: Can approve when a VPC Peering deletion request is received
- Reject Deletion: Click to reject the deletion

Reapproval Request: Request reapproval when VPC approval was denied

Table. VPC Peering status information and additional features

Detailed Information

VPC Peering List page lets you view detailed information of the selected resource and edit it if needed.

Category	Detailed description
Service	Service name
Resource Type	Resource Type
SRN	Unique resource ID in Samsung Cloud Platform
Resource name	VPC Peering resource name
Resource ID	Unique resource ID in the service
constructor	User who created the VPC Peering
Creation date	Timestamp of VPC Peering creation
Editor	User who modified the VPC Peering information
Modification date and time	Timestamp of VPC Peering information modification
VPC Peering name	VPC Peering name
Request information	The VPC name and VPC ID information of the VPC that requested VPC Peering, clicking the VPC name navigates to the detail information page When connecting to a VPC in another account, the VPC name is not displayed
Approval information	The VPC name and VPC ID of the VPC that approved the VPC peering; clicking the VPC name takes you to the detail page When connecting to a VPC in another account, the VPC name is not displayed
Explanation	Description of VPC Peering Edit icon can be clicked to modify the description

Table. VPC Peering detailed information items

rule

VPC Peering List page lets you view the rules associated with the selected resource, and add or remove them.

Category

Detailed description

List of rules

Connected Rules List

You can view the source, destination, destination IP range, and status of connected rules

Click the Add Rule button to add a rule

Click the Delete button to delete the selected rule

Table. VPC Peering rule tab items

Job History

You can view the operation history of the selected resource on the VPC Peering List page.

Category	Detailed description
Task History List	Resource Change History Check operation date and time, resource name, operation details, operation result, and operator information

Table. VPC Peering operation history tab detailed information items

Managing VPC Peering Rules

You can add or delete rules for VPC Peering.

Add Rule

Caution

You can add rules only when the VPC peering status is Active.
If you enter the destination IP incorrectly in the routing configuration, communication failures may occur. Verify the destination IP information once more before creating the rule.

To add a rule to VPC Peering, follow these steps.

Click the All Services > Networking > VPC menu. Navigate to the VPC’s Service Home page.
Click the VPC Peering menu on the Service Home page. You will be taken to the VPC Peering List page.
On the VPC Peering List page, click the resource to delete. Navigate to the VPC Peering Details page.
On the VPC Peering Details page, click the Rules tab. You will be taken to the Rules tab page.
On the Rule tab page, click the Add Rule button. The Add Rule dialog appears.
Enter the origin and destination in the rule addition window and click the Confirm button. A notification confirmation window will appear.
- It must not duplicate an already entered rule.
- You can enter within the IP address range of the destination VPC.
- It should be entered the same as the subnet range.
- The destination IP range 0.0.0.0/0 cannot be used.
Click the Confirm button in the notification dialog. Verify that the resource entry has been added to the rule list.

Delete Rule

Caution

You can delete the connected rules only when the VPC Peering service status is ACtive or Error.
If the status of the linked rule is Creating or Deleting, it cannot be deleted.

To delete a VPC Peering rule, follow these steps.

Click the All Services > Networking > VPC menu. Go to the VPC’s Service Home page.
On the Service Home page, click the VPC Peering menu. You will be taken to the VPC Peering List page.
On the VPC Peering List page, click the resource you want to delete. Navigate to the VPC Peering Details page.
VPC Peering Details page, click the Rules tab. You will be taken to the Rules tab page.
Rule tab page, click the Delete button of the item to delete. A notification confirmation dialog appears.
Click the Confirm button in the alert dialog. Verify that the selected resource in the rule list has been deleted.

Terminate VPC Peering

You can terminate unused VPC Peering to reduce operating costs.

Caution

If a rule is attached to the VPC Peering, you cannot terminate the service. Delete all attached rules before terminating the service.
You can only terminate the VPC Peering service when its status is Active, Rejected, Canceled, or Error.

Terminate VPC Peering of the same Account

To terminate a VPC peering within the same account, follow these steps.

Click the All Services > Networking > VPC menu. Navigate to the VPC’s Service Home page.
Click the VPC Peering menu on the Service Home page. You will be taken to the VPC Peering List page.
On the VPC Peering List page, click the resource to delete. Navigate to the VPC Peering Details page.
On the VPC Peering Details page, click the VPC Peering Delete button.
After termination is complete, verify that the resource has been deleted from the VPC Peering list.

Terminate VPC Peering connected to another account

To terminate a VPC peering connected to another account, follow these steps.

Click the All Services > Networking > VPC menu. Navigate to the VPC’s Service Home page.
Click the VPC Peering menu on the Service Home page. You will be taken to the VPC Peering List page.
On the VPC Peering List page, click the resource you want to delete. You will be taken to the VPC Peering Details page.
On the VPC Peering Details page, click the VPC Peering Delete Request button.
Once the cancellation is complete, verify that the resource has been removed from the VPC Peering list.
- The deletion request must be approved by the counterpart account for the termination to be processed correctly.

Pre-service

This is a service that must be installed in advance before creating this service. Please refer to the provided user guide and prepare accordingly.

Service Category	Service	Detailed description
Networking	VPC	A service that provides an isolated virtual network in a cloud environment

Table. VPC Peering prerequisite service

1.2.9 - Transit Gateway

Users can create the service by entering the required information for the Transit Gateway service and selecting detailed options through the Samsung Cloud Platform Console.

Create Transit Gateway

You can create and use the Transit Gateway service in the Samsung Cloud Platform Console.

To create a Transit Gateway, follow these steps.

All Services > Networking > VPC Click the menu. 1. Navigate to the VPC’s Service Home page.

On the Service Home page, click the Create Transit Gateway button. 2. Go to the Transit Gateway creation page.

In the Service Information Input area, enter or select the required information.

Category	Required status	Detailed description
Transit Gateway name	Required	Enter the Transit Gateway name Enter using letters and numbers, 3 to 20 characters
Explanation	Selection	Enter description for Transit Gateway

Table: Transit Gateway service information input fields

Additional Information Input area, please enter or select the required information.
Category
required status
Detailed description
tag Select Add Tag
Up to 50 per resource can be added
After clicking the Add Tag button, enter or select Key, Value values
Table. Transit Gateway additional information input fields

Summary Check the detailed information and estimated charges generated in the panel, and click the Create button.
- Once creation is complete, check the created resources on the Transit Gateway List page.

Check Transit Gateway Details

The Transit Gateway service lets you view and modify the complete resource list and detailed information. In the Transit Gateway Details page, it is composed of Details, Connected VPC Management, Rules, Tags, Activity History tabs.

To view the detailed information of the Transit Gateway, follow these steps.

Click the All Services > Networking > VPC menu. 1. Navigate to the VPC’s Service Home page.
On the Service Home page, click the Transit Gateway menu. 2. Go to the Transit Gateway List page.

On the Transit Gateway List page, click the resource to view its detailed information. 3. Go to the Transit Gateway Details page.

Transit Gateway Details page displays status information and additional feature information, and consists of the Details, Connected VPC Management, Rules, Tags, Activity History tabs.

Category

Detailed description

status

Transit Gateway status

Active: Running

Creating: In progress

Editing: In progress

Deleting: In progress

Error: An error occurred

Delete Transit Gateway

Button to delete Transit Gateway resources

Table. Transit Gateway status information and additional features

Detailed Information

On the Transit Gateway list page, you can view detailed information of the selected resource and, if necessary, edit the information.

Category	Detailed description
service	Service name
Resource Type	Resource Type
SRN	Unique resource ID in Samsung Cloud Platform
Resource name	Transit Gateway resource name
Resource ID	Unique resource ID in the service
Constructor	User who created the Transit Gateway
Creation date and time	Transit Gateway creation time
Modifier	User who modified the Transit Gateway information
Modification date	Date and time the Transit Gateway information was modified
Transit Gateway name	Transit Gateway resource name
Use Uplink	Uplink information connected to the Transit Gateway Click Linked services (IGW, BM VPC), quick access to line request/modify/termination to go to the service request page
Explanation	Description of the Transit Gateway Edit Click the icon to edit the description
Firewall connection status	Firewall connection management and status display Firewall connection When you click the button, a connection request After connecting, you can add or delete Firewalls in the list

Table. Transit Gateway detailed information tab items

Connected VPC Management

Transit Gateway list page allows you to view the VPCs connected to the selected resource, and to add or delete them.

Category

Detailed description

VPC list

Connected VPC list

You can view connected VPC information and status

Click the Add VPC Connection button to add a VPC

Click the Delete button to delete the selected VPC

Table. Transit Gateway connection VPC management tab items

Rule

On the Transit Gateway list page, you can view the rules attached to the selected resource, and add or delete them.

Category

Detailed description

Rule List

Connected Rules List

You can view the source, destination, destination IP range, and status of connected rules

Click the Add Rule button to add a rule

Click the Delete button to delete the selected rule

Table. Transit Gateway rule tab items

Job History

Transit Gateway list page allows you to view the operation history of the selected resource.

Category	Detailed description
Task History List	Resource Change History Work Timestamp, Resource Name, Work Details, Work Result, Operator Information

Table. Detailed information items for the Transit Gateway operation history tab

Manage Transit Gateway integration services

You can request, modify, and cancel the Uplink and Firewall connection services required to use the Transit Gateway service.

To request the Transit Gateway integration service, follow the steps below.

All Services > Networking > VPC Click the menu. 1. Navigate to the VPC’s Service Home page.
On the Service Home page, click the Transit Gateway menu. 2. Go to the Transit Gateway List page.
On the Transit Gateway List page, click the resource you want to delete. 3. Go to the Transit Gateway Details page.
On the Transit Gateway Details page, click Linked Services (IGW, BM VPC), Quick Access to Line Request/Modification/Termination. 4. Navigate to the service request page.

On the Service Request page, enter or select the required information in the mandatory input fields.

Input field	Detailed description
Title	Enter the title of the service request Example: TGW Uplink circuit request
Region	Select the location of Samsung Cloud Platform Automatically filled with the region corresponding to the Account
service	Select service category and service Service Category: Networking Service: Transit Gateway
Task classification	Select the type you want to request TGW Uplink line request/modification/termination: After selecting the work type, enter detailed information in the service request category field
content	Fill in the detailed items of the service request form Service request type: manually enter one of Apply / Modify / Terminate Account name/ID: Enter the account name and ID Transit Gateway name/ID: Enter the created Transit Gateway name and ID Applicant information: Enter applicant’s email, phone number, etc. Service request task type: Choose and enter either Uplink line connection or BM VPC Firewall connection Firewall usage: Enter whether the firewall is used
Attachment	If you have additional files you want to share, proceed with the upload Attached files can be up to 5 files, each within 5 MB Only doc, docx, xls, xlsx, ppt, ppts, hwp, txt, pdf, jpg, jpeg, png, gif, tif files can be attached

Table. Linked Service Creation Request Items

On the service request page, click the Request button.
- After the request is completed, check the submitted details on the Support Center > Service Request List page.
- When the service request operation is completed, you can view the requested resources on the Transit Gateway Details page.

Reference

VPC connection for BareMetal

VPC Peering does not support firewalls.
When you cannot use a Security Group, such as with BareMetal, you can configure VPC Peering using a Transit Gateway firewall.
- However, in a peered BM VPC, communication via UpLink (external) is not possible, and it cannot be connected to a Transit Gateway together with other VM VPCs.

Managing VPC connections of the Transit Gateway

You can add or remove VPCs on a Transit Gateway.

Add VPC connection

To add a VPC attachment to a Transit Gateway, follow these steps.

All Services > Networking > VPC Click the menu. 1. Navigate to the VPC’s Service Home page.
On the Service Home page, click the Transit Gateway menu. 2. Go to the Transit Gateway List page.
Transit Gateway List page, click the resource you want to delete. 3. Navigate to the Transit Gateway Details page.
On the Transit Gateway Details page, click the Connected VPC Management tab. 4. Navigate to the Connected VPC Management tab page.
On the Connected VPC Management tab page, click the Add VPC Connection button. 5. The VPC connection addition window appears.
In the Add VPC Connection window, select the VPC and click the Confirm button. 6. A notification confirmation window appears.
- Click +New in the list to create a VPC and select it.
In the alert confirmation dialog, click the Confirm button. 7. Check whether a resource entry has been added in the VPC connection list.

Delete VPC connection

To delete a Transit Gateway’s VPC attachment, follow these steps.

Click the All Services > Networking > VPC menu. 1. Navigate to the VPC’s Service Home page.
On the Service Home page, click the Transit Gateway menu. 2. Go to the Transit Gateway List page.
On the Transit Gateway List page, click the resource you want to delete. 3. Go to the Transit Gateway Details page.
On the Transit Gateway Details page, click the Connected VPC Management tab. 4. Navigate to the Connected VPC Management tab page.
On the Connected VPC Management tab page, click the Delete button for the item you want to delete. 5. A notification confirmation window appears.
In the alert dialog, click the Confirm button. 6. Verify whether the selected resource has been deleted from the VPC connection list.

Managing Transit Gateway rules

You can add or delete rules in the Transit Gateway.

Add rule

Caution

You can add rules only when the Transit Gateway service status is Active.
If the destination IP is entered incorrectly in the routing configuration, communication failures may occur. * Please double-check the destination IP information before creating the rule.

Reference

Transit Gateway must complete both routing rule registration and firewall rule registration to operate correctly.

Register routing rule
- Rule 1: Register VPC - Transit Gateway rule
- Rule 2: VPC - Uplink rule registration (when connecting Uplink line)
Register firewall rule
- Add a Transit Gateway firewall and add the firewall purpose (e.g., TGW Uplink, TGW BM VPC, etc.).
  Next, select the firewall from the firewall product list and register the rule. (When adding a firewall purpose, default set to All/deny)

To add a rule to the Transit Gateway, follow these steps.

All Services > Networking > VPC Click the menu. 1. Navigate to the VPC’s Service Home page.
On the Service Home page, click the Transit Gateway menu. 2. Go to the Transit Gateway List page.
Transit Gateway List page, click the resource you want to delete. 3. Transit Gateway Details Navigate to the page.
On the Transit Gateway Details page, click the Rules tab. 4. Go to the Rules tab page.
On the Rule tab page, click the Add Rule button. 5. The rule addition window appears.

In the rule addition window, enter the origin and destination, and click the Confirm button. 6. A notification confirmation dialog appears.

Category	Detailed description
Rule type	Select type for adding Transit Gateway rule Select from VPC-TGW rule, TGW-Uplink rule
Connected VPC name	Select the connected VPC when choosing a VPC‑TGW rule
origin	When selecting a VPC‑TGW rule, the destination is automatically selected when configured.
Destination	Select rule destination When selecting a VPC‑TGW rule, set to either VPC or TGW When selecting a TGW‑Uplink rule, set to either TGW or remote Cannot register if it duplicates an existing rule; can input up to the x.x.x.x/28 range
Destination IP range	Enter the destination IP range to use

Table. Rule addition input items

Caution

VPC-TGW rule When entering, check the following items.
- When the destination is a VPC.
  - It can be entered within the VPC IP range.
  - It should be entered the same as the subnet range.
  - 0.0.0.0/0 cannot be used as the destination IP range.
- When the destination is a Transit Gateway.
  - Some IP ranges are reserved for management and cannot be used.
  - The VPC IP address range cannot be entered.
  - The destination IP range 0.0.0.0/0 can be entered only when the VPC’s Internet Gateway is not attached.
TGW-Uplink Rule When entering, check the following items.
- When the destination is a Transit Gateway.
  - You can enter values within the VPC IP address range connected to the Transit Gateway.
  - 0.0.0.0/0 cannot be used as the destination IP range.
- When the destination is remote
  - You cannot enter the VPC IP address range connected to the Transit Gateway.
  - The destination IP range 0.0.0.0/0 can be entered only when the Transit Gateway does not have an Internet Gateway attached.
  - D, E class IP ranges cannot be entered.

In the alert dialog, click the Confirm button. 7. Check whether a resource entry has been added in the rule list.

Delete rule

Caution

You can delete the rule only when the Transit Gateway service status is Active.
If the rule status is Creating or Deleting, the rule cannot be deleted.

To delete a Transit Gateway rule, follow these steps.

All Services > Networking > VPC Click the menu. 1. Navigate to the VPC’s Service Home page.
On the Service Home page, click the Transit Gateway menu. 2. Navigate to the Transit Gateway List page.
On the Transit Gateway List page, click the resource you want to delete. 3. Go to the Transit Gateway Details page.
On the Transit Gateway Details page, click the Rules tab. 4. Navigate to the Rules tab page.
On the Rules tab page, click the Delete button of the item you want to delete. 5. A notification confirmation window appears.
In the alert dialog, click the Confirm button. 6. Verify that the selected resource has been deleted from the rule list.

Managing Firewall Connections

You can attach or detach a firewall for use with the Transit Gateway.

Connect to Firewall

To add a Firewall connection to the Transit Gateway, follow these steps.

All Services > Networking > VPC Click the menu. 1. Navigate to the VPC’s Service Home page.
On the Service Home page, click the Transit Gateway menu. 2. Go to the Transit Gateway List page.
Transit Gateway List page, click the resource to which you will connect the Firewall. 3. Go to the Transit Gateway Details page.
On the Transit Gateway Details page, click the Details tab. 4. Go to the Detailed Information tab page.
On the Detailed Information tab page, click the Connect Firewall button. 5. A firewall connection confirmation window appears.
In the Firewall connection confirmation window, click the Confirm button. 6. Check the connection status in the Firewall connection status item.

Add Firewall

After the Firwall connection is completed, you can add a Firewall.

To add a Firewall to a Transit Gateway, follow these steps.

All Services > Networking > VPC Click the menu. 1. Navigate to the VPC’s Service Home page.
On the Service Home page, click the Transit Gateway menu. 2. Go to the Transit Gateway List page.
Transit Gateway List page, click the resource where you want to add a Firewall. 3. Navigate to the Transit Gateway Details page.
On the Transit Gateway Details page, click the Detailed Information tab. 4. Go to the Detailed Information tab page.
On the Detailed Information tab page, click the Add button in the Firewall list. 5. The Firewall addition window appears.
In the Firewall add dialog, select the purpose and click the Confirm button. 6. Check whether a resource item has been added to the Firewall list.

Delete Firewall

You can delete the firewall after the firewall connection is completed.

To delete a firewall from a Transit Gateway, follow these steps.

All Services > Networking > VPC Click the menu. 1. Navigate to the VPC’s Service Home page.
On the Service Home page, click the Transit Gateway menu. 2. Go to the Transit Gateway List page.
On the Transit Gateway List page, click the resource to delete the firewall. 3. Go to the Transit Gateway Details page.
On the Transit Gateway Details page, click the Details tab. 4. Go to the Detailed Information tab page.
Click the Delete button on the Detailed Information tab page of the Firewall list. 5. A notification confirmation window appears.
In the alert dialog, click the Confirm button. 6. Check whether the resource entry has been removed from the Firewall list.

Disconnect Firewall

You can disconnect unused Firewall connections.

Caution

You can only disconnect when the Firewall service status is Active or Error.

To detach the firewall from the Transit Gateway, follow these steps.

All Services > Networking > VPC Click the menu. 1. Navigate to the VPC’s Service Home page.
On the Service Home page, click the Transit Gateway menu. 2. Go to the Transit Gateway List page.
Transit Gateway list page, click the resource to detach the Firewall connection. 3. Navigate to the Transit Gateway Details page.
On the Transit Gateway Details page, click the Details tab. 4. Navigate to the Detailed Information tab page.
On the Detailed Information tab page, click the Disconnect Firewall button. 5. A notification confirmation window appears.
In the alert dialog, click the Confirm button. 6. Check the disconnected status in the Firewall connection status item.

Terminate Transit Gateway

You can terminate unused Transit Gateways to reduce operating costs.

Caution

You cannot terminate the service if the uplink connected to the Transit Gateway is in use or if a firewall is connected. * After completing the termination request for the connected resource, cancel the service.
If VPC resources or rules are attached to the Transit Gateway, the service cannot be terminated. * Delete all linked resources and rules, then terminate the service.
If the Transit Gateway service status is Creating or Deleting, the service cannot be terminated.

To terminate the Transit Gateway, follow these steps.

All Services > Networking > VPC Click the menu. 1. Navigate to the VPC’s Service Home page.
On the Service Home page, click the Transit Gateway menu. 2. Go to the Transit Gateway List page.
On the Transit Gateway List page, click the resource you want to delete. 3. Go to the Transit Gateway Details page.
On the Transit Gateway Detail page, click the Transit Gateway Delete button.
After termination is complete, check whether the resource has been deleted from the Transit Gateway list.

Preliminary service

This is a service that must be installed in advance before creating this service. Please prepare by referring to the user guide provided in advance.

Service Category	service	Detailed description
Networking	VPC	It is a service that provides an isolated virtual network in a cloud environment.

Table. Transit Gateway prerequisite service

1.2.10 - PrivateLink Service

Users can create the service by entering the required information for the PrivateLink Service and selecting detailed options through the Samsung Cloud Platform Console.

Creating a PrivateLink Service

You can create and use a PrivateLink Service in the Samsung Cloud Platform Console.

To create a PrivateLink Service, follow these steps.

Click the All Services > Networking > VPC menu. Navigate to the VPC’s Service Home page.

On the Service Home page, click the PrivateLink Service Create button. You will be taken to the PrivateLink Service Create page.

Enter or select the required information in the Service Information Input area.

Category	Required status	Detailed description
PrivateLink Service name	Required	Enter the PrivateLink service name
Approval method	Required	Select approval method for PrivateLink Service input Automatic: Automatically approve when a PrivateLink Service connection request is received Manual: Manually approve after verification when a PrivateLink Service connection request is received The approval method cannot be changed after creation
High-speed data transfer	Selection	The default setting is disabled and not displayed in the Samsung Cloud Platform Console To use high-speed data transfer, submit a service usage request via Support Center > Contact, and once processing is complete, it can be selected on the screen
VPC name	Required	Select the VPC to connect Click + New to create a VPC and then select it
Subnet name	Required	Select the Subnet of the VPC to connect Click + New to create a Subnet and then select it
PrivateLink Service IP	Required	Select the Subnet to connect and enter the PrivateLink Service IP IP addresses already in use within the Subnet cannot be entered; the first and last IPs of the Subnet IP range cannot be used
Connection resource	Required	Select resources to connect to the chosen VPC Load Balancer: Select the Load Balancer to connect (cannot select LB when using a Local subnet) IP: Enter the Compute resource IP of the selected VPC
Security Group	Select	Click the Select button to choose the Security Group to connect Select up to 5 If you do not select a Security Group, all connections will be blocked
explanation	Select	Enter description for PrivateLink Service

Table. PrivateLink Service service information input items

In the Additional Information Input area, enter or select the required information.
Category
Required status
Detailed description
tag Select Add Tag
Up to 50 per resource can be added
Add Tag button after clicking, input or select Key, Value values
Table. PrivateLink Service additional information input fields

Summary Check the detailed information and estimated billing amount generated in the panel, and click the Create button.
- When creation is complete, check the created resource on the PrivateLink Service list page.

Reference

PrivateLink product is a service that provides an unidirectional private path (a type of tunnel). The PrivateLink product is used by creating a PrivateLink Service (exit) in the service provider account, creating a PrivateLink Endpoint (entry) in the user account, and then connecting to the PrivateLink Service.

The connection requirements for the PrivateLink product are as follows.

When creating a PrivateLink Endpoint, you can connect only to the single specified PrivateLink Service per endpoint. (Only one pair of ingress and egress exists)
Cannot attempt to establish a session to the PrivateLink Endpoint via the PrivateLink Service. (unidirectional)
In the provider account, when creating a PrivateLink Service, a connection to a single IP is provided by selecting a single LB or by manual entry.
In a user account, any client that the user account has permitted to access the PrivateLink Endpoint can use the PrivateLink Endpoint.
- It can be used in both General and Local Subnet.

View PrivateLink Service details

The PrivateLink Service allows you to view and edit the full list of resources and detailed information. PrivateLink Service Details page consists of Details, Connection Management, Tags, Activity Log tabs.

To view detailed information about the PrivateLink Service, follow these steps.

Click the All Services > Networking > VPC menu. Navigate to the VPC’s Service Home page.
From the Service Home page, click the PrivateLink Service menu. You will be taken to the PrivateLink Service list page.

On the PrivateLink Service List page, click the resource for which you want to view details. You will be taken to the PrivateLink Service Details page.

PrivateLink Service Details page displays status information and additional feature information, and consists of Details, Connection Management, Tags, Activity Log tabs.

Category

Detailed description

status

PrivateLink Service status

Active: Running

Creating: In progress

Deleting: In progress

Error: Error occurred

Delete PrivateLink Service

Button to delete PrivateLink Service resources

Table. PrivateLink Service status information and additional features

Detailed Information

On the PrivateLink Service List page, you can view detailed information of the selected resource and edit the information if needed.

Category	Detailed description
Service	Service name
Resource Type	Resource Type
SRN	Unique resource ID in Samsung Cloud Platform
Resource Name	PrivateLink Service resource name
Resource ID	Unique resource ID in the service
constructor	User who created the PrivateLink Service
Creation date and time	PrivateLink Service creation timestamp
Editor	User who modified the PrivateLink Service information
Modification date and time	Date and time the PrivateLink Service information was modified
PrivateLink Service name	PrivateLink Service resource name
PrivateLink Service ID	PrivateLink Service ID information
connected resource	Connected resources of PrivateLink Service Click the resource name to go to the detail page
PrivateLink Service IP	PrivateLink Service IP address
VPC name	Connected VPC Information Click the VPC name to go to the detail page
Subnet name	Connected Subnet information Click the Subnet name to go to the detail page
Port name	Port information of PrivateLink Service Click the port name to navigate to the detail page
Security Group	Configured Security Group information Click the Security Group name to go to the detail page
Approval method	Approval method for the configured PrivateLink Service
High-speed data transmission	Whether to use high-speed data transfer for the configured PrivateLink Service
Explanation	Description of the PrivateLink Service Edit icon can be clicked to modify the description

Table. PrivateLink Service detailed information tab items

Connection Management

On the PrivateLink Service List page, you can view the connection information of the selected resource. You can review connection requests and approve or reject them.

Category

Detailed description

PrivateLink Service List

PrivateLink Service connection list

View connection information and status, and manage connections

Approve: Approve the connection request

Reject: Reject the connection request

Block: Block the connected PrivateLink Endpoint

Reconnect: Reconnect a blocked PrivateLink Endpoint

If the connection status is Rejected or Error, actions such as approve/reject cannot be performed

Table. PrivateLink Service connection management tab items

Job History

PrivateLink Service List page allows you to view the operation history of the selected resource.

Category	Detailed description
Task History List	Resource Change History Check operation date and time, resource name, operation details, operation result, and operator information

Table. PrivateLink Service operation history tab detailed information items

Terminate PrivateLink Service

You can cancel unused PrivateLink Service to reduce operating costs.

Caution

If the Private Endpoint connected to the PrivateLink Service is in the Active, Requesting, Creating, Deleting, or Error state, the service cannot be terminated.
After configuring the Private Endpoint to block or reject connections, delete the PrivateLink Service.

To cancel the PrivateLink Service, follow these steps.

Click the All Services > Networking > VPC menu. Navigate to the VPC’s Service Home page.
From the Service Home page, click the PrivateLink Service menu. You will be taken to the PrivateLink Service List page.
On the PrivateLink Service List page, click the resource to delete. Go to the PrivateLink Service Details page.
On the PrivateLink Service Details page, click the Delete PrivateLink Service button.
When the termination is complete, check that the resource has been deleted from the PrivateLink Service list.

Preliminary Service

This is a service that must be installed in advance before creating this service. Please refer to the provided user guide and prepare accordingly.

Service Category	Service	Detailed description
Networking	VPC	It is a service that provides an isolated virtual network in a cloud environment.
Networking	Load Balancer	It is a service that distributes server traffic load in a cloud environment.

Table. PrivateLink Service prerequisite service

1.2.11 - PrivateLink Endpoint

Users can create the service by entering the required information for the PrivateLink Endpoint service and selecting detailed options through the Samsung Cloud Platform Console.

Creating a PrivateLink Endpoint

You can create and use a PrivateLink Endpoint service from the Samsung Cloud Platform Console.

To create a PrivateLink Endpoint, follow these steps.

Click the All Services > Networking > VPC menu. Navigate to the VPC’s Service Home page.

On the Service Home page, click the Create PrivateLink Endpoint button. You will be taken to the Create PrivateLink Endpoint page.

Enter or select the required information in the Service Information Input area.

Category	Required	Detailed description
PrivateLink Endpoint name	Required	Enter the PrivateLink Endpoint name
VPC name	Required	Select VPC to connect Click + Create new to create a VPC and then select it
Subnet name	Required	Select the Subnet of the VPC to connect Click + New to create a Subnet and then select it
PrivateLink Endpoint IP	Required	Select the Subnet to connect, then enter the PrivateLink Endpoint IP IP addresses currently in use within the Subnet cannot be entered, and the first and last IPs of the Subnet IP range cannot be used
PrivateLink Endpoint ID	Required	Enter the PrivateLink Service ID to connect Enter using letters and numbers, within 3 to 60 characters Before applying for the service, you need to verify the Service ID of the PrivateLink Service to connect; after creating the Endpoint, you must provide the Endpoint ID to the service provider
Security Group	Select	Click the Select button to choose the Security Group to connect Select up to 5 If no Security Group is selected, all connections are blocked
description	Select	Enter description for PrivateLink Endpoint

Table. PrivateLink Endpoint service information input fields

Enter or select the required information in the Additional Information Input area.
Category
Required
Detailed description
tag Selection Add Tag
Up to 50 per resource can be added
After clicking the Add Tag button, enter or select Key and Value values
Table. PrivateLink Endpoint additional information input fields

Summary Check the detailed information and estimated billing amount generated in the panel, and click the Create button.
- Once creation is complete, check the created resource on the PrivateLink Endpoint List page.

Reference

To request a connection to a service provider via PrivateLink, you must go through an approval process.
When applying for a service connection, you must verify the PrivateLink Service ID of the target in advance.
- Before applying for the service, an agreement on usage with the service provider must be completed.
After the user creates a PrivateLink Endpoint, they must provide the Endpoint ID to the service provider. The service provider can verify the user’s Endpoint ID and promptly approve its use.

Check PrivateLink Endpoint details

PrivateLink Endpoint service allows you to view and edit the full list of resources and detailed information. PrivateLink Endpoint Details page consists of Details, Tags, Activity Log tabs.

To view detailed information about the PrivateLink Endpoint, follow these steps.

Click the All Services > Networking > VPC menu. Navigate to the VPC’s Service Home page.
Click the PrivateLink Endpoint menu on the Service Home page. You will be taken to the PrivateLink Endpoint List page.

On the PrivateLink Endpoint List page, click the resource to view detailed information. You will be taken to the PrivateLink Endpoint Details page.

PrivateLink Endpoint Details page displays status information and additional feature information, and consists of Details, Connection Management, Tags, Activity Log tabs.

Category

Detailed description

status

PrivateLink Endpoint status

Requesting: connection request/awaiting approval, Cancel request button displayed

Active: creation completed, operating

Creating: in progress

Deleting: in progress

Disconnected: connection blocked

Rejected: connection denied, Request approval again button displayed

Error: error occurred

Canceled: connection request canceled, Request approval again button displayed

Delete PrivateLink Endpoint

Button to delete PrivateLink Endpoint resource

Table. PrivateLink Endpoint status information and additional features

Detailed Information

On the PrivateLink Endpoint List page, you can view detailed information of the selected resource and edit the information if needed.

Category	Detailed description
Service	Service name
Resource Type	Resource Type
SRN	Unique resource ID in Samsung Cloud Platform
Resource Name	PrivateLink Endpoint resource name
Resource ID	Unique resource ID in the service
constructor	User who created the PrivateLink Endpoint
Creation date and time	PrivateLink Endpoint creation timestamp
Editor	User who modified the PrivateLink Endpoint information
Modification date and time	Date and time the PrivateLink Endpoint information was modified
PrivateLink Endpoint name	PrivateLink Endpoint resource name
PrivateLink Endpoint ID	PrivateLink Endpoint ID information
PrivateLink Service ID	Connected PrivateLink Service ID information
PrivateLink Endpoint IP	PrivateLink Endpoint IP address
VPC name	Information about the connected VPC
Subnet name	Connected Subnet information
Port name	Port information of the PrivateLink Endpoint Click the port name to view detailed information
Security Group	Configured Security Group information Click the Security Group name to view detailed information
Explanation	Description of PrivateLink Endpoint Edit icon can be clicked to modify the description

Table. PrivateLink Endpoint detailed information tab items

Job History

On the PrivateLink Endpoint List page, you can view the operation history of the selected resource.

Category	Detailed description
Task History List	Resource Change History Check operation date and time, resource name, operation details, operation result, and operator information

Table. PrivateLink Endpoint operation history tab detailed information items

Terminate PrivateLink Endpoint

You can terminate unused PrivateLink Endpoints to reduce operating costs.

Caution

If the PrivateLink Endpoint service status is Requesting, Creating, or Deleting, the service cannot be terminated.

To terminate a PrivateLink Endpoint, follow these steps.

All Services > Networking > VPC Click the menu. Go to the VPC’s Service Home page.
Click the PrivateLink Endpoint menu on the Service Home page. You will be taken to the PrivateLink Endpoint List page.
On the PrivateLink Endpoint List page, click the resource you want to delete. Go to the PrivateLink Endpoint Details page.
On the PrivateLink Endpoint Details page, click the PrivateLink Endpoint Delete button.
After termination is complete, check whether the resource has been deleted from the PrivateLink Endpoint list.

Pre-service

This service must be installed in advance before creating it. Please refer to the provided user guide and prepare accordingly.

Service Category	Service	Detailed description
Networking	VPC	It is a service that provides an isolated virtual network in a cloud environment.

Table. PrivateLink Endpoint prerequisite service

1.2.12 - NAT Logging

To store NAT logs, first create a bucket in Object Storage for the logs and configure that bucket in the NAT Logging repository. Then, when you enable log storage in the NAT detail view, NAT logs will begin to be saved to the Object Storage bucket.

To store NAT logs, you need to configure the following steps in order.

To store NAT logs, you can create a bucket in Object Storage or use an existing bucket. To create a bucket, refer to Object Storage 생성하기.
To set the bucket for NAT Logging’s log repository, refer to NAT Logging 로그 저장소 사용하기.
To set the log storage option to Enabled in the NAT detailed view, refer to Using NAT Log Storage.

Using NAT Logging Log Repository

To set NAT log storage to enabled, you must first configure the log repository in NAT Logging.

Reference

To set up the NAT Logging log repository, you need an Object Storage bucket for log storage. Please create a bucket in the Object Storage service first. For detailed information, refer to Create Object Storage.

Click the All Services > Management > Network Logging > NAT Logging menu. You will be taken to the NAT Logging List page.
NAT Logging List page, click the top Log Storage Settings button. You will be taken to the Log Storage Settings popup.
Log storage settings In the popup window, select the log storage bucket. When you select a bucket, the log storage path is displayed.
Log storage settings In the popup window, after checking Log storage bucket and Log storage path, click the Confirm button.
Notification After reviewing the message in the popup window, click the Confirm button.

Information

After configuring the NAT Logging log repository, you must set the log storage option to Enabled in the NAT detail view for logging to begin. For more details, refer to Using NAT Log Storage.

NAT Logging list

If you configure the NAT Logging log storage bucket, the NAT Logging list will be displayed.

Click the All Services > Management > Network Logging > NAT Logging menu. You will be taken to the NAT Logging List page.
Category
required
Detailed description
Resource ID Required NAT resource ID
Save target Required NAT resource name
Save registration date and time Required NAT log repository registration timestamp
Table. NAT Logging list items

Reference

After configuring the NAT Logging log repository, you must set the log storage option to Enabled in the NAT detail view for logging to begin. For more details, see Using NAT Log Storage.

Check NAT Logging content

Refer to the information below to check the saved Log.

Stored log example: 2024-10-11T11:19:03,accept,259,17,192.168.2.173,46937,192.168.0.53,53,100.100.14.52,26937

Category	Explanation
2024-10-11T11:19:03	Log date and time (2024-10-11, 11:19:03)
accept	Action (deny / accept)
259	Firewall Rule ID (Policy ID) that generated the log
17	IP Protocol ID 1: ICMP 6: TCP 17: UDP
192.168.2.173	Source IP
46937	Departure Port
192.168.0.53	Destination IP
53	Destination Port
100.100.14.52	NAT-translated IP
26937	NAT-translated Port

NAT Logging Do not use log storage

In NAT Logging, you can set the log repository to be unused.

All Services > Management > Network Logging > NAT Logging Click the menu. You will be taken to the NAT Logging List page.
On the NAT Logging List page, click the top Log Storage Settings button. It will open the Log Storage Settings popup.
In the Log storage settings popup, select Log storage bucket as Not used, and click the Confirm button.

Reference

Log storage settings can be changed when no log storage target is configured. You can change the log storage bucket by selecting it as unused, confirming, and then reconfiguring it.

1.3 - API Reference

API Reference

1.4 - CLI Reference

CLI Reference

1.5 - Release Note

VPC

2026.03.19

FEATURE Add new VPC feature

Provide VPC IP range addition feature
- You can add a new IP range to the VPC for use.
Provides Virtual IP functionality
- You can reserve a Virtual IP in a Subnet for use.
Private NAT feature improvement
- You can also use Private NAT with Transit Gateway.

2025.10.23

FEATURE Add PrivateLink feature

You can connect internal Samsung Cloud Platform data to the SCP service via a private path between the VPC and the SCP service without exposing it to the internet.

2025.07.01

FEATURE Add new services besides Transit Gateway

Add Transit Gateway feature
- Easily connect the customer’s network with the Samsung Cloud Platform network and serve as a connection hub for multiple VPCs within the cloud environment.
Add VPC Peering feature
- You can perform IP communication over a 1:1 private route between VPCs.
Add Private NAT feature
- You can use Direct Connect from compute resources within the VPC to map the customer’s IP and establish a connection.

2025.02.27

FEATURE VPC Endpoint service addition

Add VPC functionality
- Provides an Endpoint (entry point) that allows access to the Samsung Cloud Platform via a private connection from external networks connected to the VPC.
Samsung Cloud Platform Common Feature Changes
- Account, IAM, Service Home, tags, and other common CX changes have been reflected.

2024.12.23

FEATURE Add NAT log storage feature

A feature to save NAT logs has been added.
You can determine whether to retain NAT logs and store them in Object Storage.

2024.10.01

NEW Official release of VPC service

The VPC service that provides an isolated virtual network space has been launched.

2024.07.02

NEW Beta version release

The VPC service that provides an isolated virtual network space has been launched.

2 - Security Group

2.1 - Overview

Service Overview

A Security Group is a virtual logical firewall that controls inbound/outbound traffic generated on virtual servers in Samsung Cloud Platform. The resources that can have a Security Group applied include Virtual Server, Database, Kubernetes Engine, etc. A Security Group is applied to the ports of the target resource, and multiple Security Groups can be applied depending on each resource’s characteristics.

When you first create a Security Group, it blocks all inbound and outbound traffic according to the default rule (Any/Deny).

Users can specify an IP address, port, and protocol to create inbound/outbound rules, and only traffic allowed by the created rules can access the target resources.

Component

The components that make up a Security Group are as follows.

Component

Detailed description

Applicable target

Resources to which the Security Group is applied

Apply the Security Group to Virtual Server, Database, Kubernetes Engine, and Load Balancer

The Security Group is applied to the ports of the target resources, and multiple Security Groups can be applied depending on each resource’s characteristics.

Security Group Rules

When a Security Group is first created, it blocks all inbound and outbound traffic according to the default rule (Any/Deny)

Ping and SSH communication between servers in the same subnet are also blocked, and it can be used after the user configures the necessary rules

Add inbound/outbound allow rules by specifying target address, protocol, and port

Blocking rules cannot be set

Provides a bulk rule creation feature through form creation

Table. Security Group components

Constraints

The Security Groups of Samsung Cloud Platform have default quotas (limits) set. There is a maximum number of Security Groups that can be created and a maximum number of Security Group rules. The Samsung Cloud Platform Console is a place where you can view and manage quotas for Samsung Cloud Platform services and request quota increases for many resources.

Category	Default quota	Detailed description
Security Group	100 items	Number of default Security Groups that can be created per account
Number of Security Group rules	100 items	Maximum number of default rules that can be created per Security Group
Security Group rule count > project	1,000 items	Maximum number of default Security Group rules that can be created per account

Table. Security Group Constraints

Preceding Service

Security Group has no preceding service.

2.2 - How-to guides

Users can create the service by entering the required information for the Security Group service and selecting detailed options through the Samsung Cloud Platform Console.

Create Security Group

You can create and use the Security Group service in the Samsung Cloud Platform Console.

To create a Security Group, follow these steps.

Click the All Services > Networking > Security Group menu. Navigate to the Service Home page of the Security Group.

Click the Create Security Group button on the Service Home page. You will be taken to the Create Security Group page.

Enter the required information in the Service Information Input area.

Category

Required status

Detailed description

Security Group name

Required

Security Group name to create

English letters, numbers, and special characters (-) can be used, and up to 255 characters can be entered

Duplicate Security Group names are allowed within the project

Whether to save logs

Select

Select whether to store Security Group logs

Enabled: Store logs

Disabled: Do not store logs

Click Security Group Logging List Shortcut to go to the Security Group Logging list page

Table. Security Group service information input items

Reference

To store Security Group logs, first create a bucket in Object Storage for the logs, and configure that bucket as the log repository in Security Group Logging.

The log storage settings can be verified in Security Group Logging, and for more details, refer to Security Group Logging.
If you configure a log repository, Object Storage charges for log storage will be applied.

* In the **Additional Information Input** area, enter or select the required information.






  


Category
Required
Detailed description




tag
Select
Add TagUp to 50 can be added per resource
After clicking the Add Tag button, enter or select Key and Value values


Explanation
Select
User additional descriptionUp to 255 characters allowed




  Table. Security Group additional information input fields

Check the input information and click the Create button.
- When creation is complete, check the created resources on the Security Group List page.

Check Security Group detailed information

On the Security Group menu’s Security Group List page, you can view and edit the full resource list and detailed information.

To view detailed information about a Security Group, follow these steps.

Click the All Services > Networking > Security Group menu. Navigate to the Service Home page of the Security Group.
On the Service Home page, click the Security Group menu. You will be taken to the Security Group list page.
On the Security Group List page, click the resource for which you want to view detailed information. You will be taken to the Security Group Details page.
- Security Group Details page displays status information and additional feature information, and consists of Details, Rules, Tags, Activity History tabs.

Category

Detailed description

Service status

Security Group status

Creating: Creating

Active: Normal operation

Editing: Changing settings

Deploying: Deployment completed

Deleting: Terminating

Error: Error occurred

Service termination

Cancel service button

Table. Security Group status information and additional features

Detailed Information

Security Group List lets you view detailed information of the selected resource and edit the information when needed.

Category	Detailed description
service	Service name
Resource Type	Resource Type
SRN	Unique resource ID in Samsung Cloud Platform
Resource Name	Resource Name
Resource ID	Unique resource ID in the service
Constructor	User who created the service
Creation Date/Time	Service creation date and time
Editor	User who edited the service information
Modification date	Date and time the service information was modified
Security Group name	Resource Name
Security Group ID	Unique resource ID in the service
Number of Security Group rules	The rule quota and the number of rules currently in use for this Security Group
Security Group rule count/Account	Security Group rule quota for the account and the total number of rules in use across all Security Groups in the account
description	Additional description written by the user Click the Edit icon to edit
Whether to save logs	Security Group log storage option Enabled: Store logs Disabled: Do not store logs Click the Edit icon to modify the settings
Applicable Service	The service type, service name, and status of the service to which this Security Group is applied

Table. Security Group detailed information tab items

Rule

Security Group list page lets you view the rule list of the selected resource and add or delete rules.

Category	Detailed description
Excel download	Bulk rule entry Excel file download button
More	Additional Function Button Bulk Rule Input: Upload Excel file for bulk rule input Delete: Delete selected rules
Advanced Search	Rule Detail Search Button
Add rule	Add Rule button
direction	Traffic direction for servers with Security Group applied Inbound: External → Server Outbound: Server → External
Rule ID	Unique ID value for the rule
Target address	Target address for communicating with a server that has a Security Group applied
Remote Security Group name	The Security Group resource name displayed when the target is set to a Security Group
Remote Security Group ID	Security Group ID displayed when the target is set to a Security Group
Service	Protocol and Port
Explanation	Additional description written by the user
Delete	Delete rule

Table. Security Group rule tab items

Job History

You can view the operation history of the selected resource on the Security Group List page.

Category	Detailed description
Task History List	Resource Change History Check operation date/time, resource name, operation details, operation result, and operator information

Table. Work History Tab Items

Managing Security Group Resources

You can manage resources such as log storage settings and rule additions for a Security Group.

Using Log Storage

Reference

To store Security Group logs, first create a bucket in Object Storage for the logs, and then configure that bucket in the log repository of Security Group Logging.

The log storage settings can be verified in Security Group Logging, and for more details, refer to Security Group Logging.
If you configure a log repository, Object Storage charges will be applied for log storage.

To save Security Group logs, follow the steps below.

Click the All Services > Networking > Security Group menu. Navigate to the Service Home page of the Security Group.
On the Service Home page, click the Security Group menu. You will be taken to the Security Group list page.
On the Security Group List page, click the resource (Security Group name) for which you want to store logs. You will be taken to the Security Group Details page.
Click the Edit icon of Log Save Status. You will be taken to the Log Save Status Edit popup window.
Modify Log Saving Option In the popup window, select Use for the log repository, and click the Confirm button.

Caution

If a log storage is not configured in Security Group Logging, you cannot set the log storage use setting.

Disable log storage

To stop storing Security Group logs, follow these steps.

Click the All Services > Networking > Security Group menu. Navigate to the Service Home page of the Security Group.
On the Service Home page, click the Security Group menu. You will be taken to the Security Group list page.
On the Security Group List page, click the resource (Security Group name) that you do not want to log. You will be taken to the Security Group Details page.
Click the Edit icon of Log Save Option. It navigates to the Log Save Option Edit popup.
Modify Log Saving Option In the popup window, deselect Use for the log repository, and click the Confirm button.
Notification Check the message in the popup window and click the OK button.

Caution

If you disable log storage, log storage for the service will be stopped, and tracking and management through log analysis will not be possible in the event of a security incident.

Add rule

To add a Security Group rule, follow the steps below.

Click the All Services > Networking > Security Group menu. Navigate to the Service Home page of the Security Group.
On the Service Home page, click the Security Group menu. You will be taken to the Security Group list page.
Security Group List page, click the resource (Security Group name) to which you want to add a rule. Navigate to the Security Group Details page.
On the Security Group Details page, click the Rules tab. You will be taken to the Rules tab page.

on the Rules tab, click the Add Rule button. You will be taken to the Add Rule popup.

Category	Required	Detailed description
Target input method	Required	Configure rule remote type CIDR: Set target address by directly entering IP Security Group: Set to target the created Security Group
Remote > Target address	Required	If CIDR is selected, you must enter the target IP address Enter in CIDR (IP address/subnet mask) format using `,` and `-`, you can input multiple addresses at once, up to 100. Enter ‘0.0.0.0/0’ to use the entire IP range (ANY).
Remote > Security Group	Required	When Security Group is selected, a Security Group selection is required.
type	Required	Select protocol type to apply the rule Select destination port/Type: Select protocol type Internet Protocol: Enter protocol numbers, up to 100 can be entered All: Select the entire range for destination port/Type and protocol, meaning all ports for all protocols
Type > Protocol	Required	Select detailed protocol for the type Select the desired protocol among TCP, UDP, and ICMP; input fields vary depending on the selected protocol When ICMP is selected in the protocol, you can set the ICMP Type Select a commonly used Type, such as Echo, from the values defined for ICMP Type Click the Add button to add an input value When TCP/UDP is selected in the protocol, you can choose allowed ports such as SSH, HTTP, etc. When entering manually, you can input values from 1 to 65,535, and you can enter up to 100 entries at once using commas (,) or ranges (-) Click the Add button to add an input value When Internet Protocol is selected in the type `1 ~ 254` Enter a protocol number within 1 to 254
direction	Required	Target application criteria, traffic direction configuration Inbound rule: External → Server Outbound rule: Server → External
Explanation	Select	Additional description provided by the user

Table. Detailed items for adding Security Group rules

After reviewing the rules to be added, click the Confirm button.

Batch Create Rules

To add multiple Security Group rules at once, follow these steps.

Click the All Services > Networking > Security Group menu. Navigate to the Service Home page of the Security Group.
From the Service Home page, click the Security Group menu. You will be taken to the Security Group list page.
Security Group List page, click the resource (Security Group name) to which you want to add a rule. Security Group Details page will be displayed.
On the Security Group Details page, click the Rules tab. You will be taken to the Rules tab page.
Click the Excel Download button on the Rules tab. The bulk rule entry Excel file will be downloaded.
Enter the rule information into the batch rule entry Excel file, then save it.
More > Bulk Rule Input Click the button. Bulk Rule Input popup window opens.
Batch Rule Input In the popup window, click Attach File, attach the Excel file you prepared, and click Upload File.
- You cannot upload the attached Excel file if its format differs from the registration form or if the file is encrypted.
- You can upload up to 100 batch registration rules at a time. If you exceed the maximum number of registration rules, the upload will not be allowed.
- If you exceed the maximum number of rules that can be registered in the Account, you cannot upload the file.
Rule Confirmation Check the details in the popup window and click the Confirm button.

Delete rule

To delete a Security Group rule, follow these steps.

Click the All Services > Networking > Security Group menu. Navigate to the Service Home page of the Security Group.
On the Service Home page, click the Security Group menu. You will be taken to the Security Group list page.
Security Group List page, click the resource (Security Group name) for which you want to add a rule. Security Group Details page will be displayed.
On the Security Group Details page, click the Rules tab. You will be taken to the Rules tab page.
In the Rules tab, click the Delete button for the rule you want to delete.

Terminate Security Group

You can delete unused Security Groups.

Caution

If there are resources attached to the Security Group, you cannot terminate the Security Group service. Delete all attached resources and then terminate the service.

To delete a Security Group, follow these steps.

Click the All Services > Networking > Security Group menu. Navigate to the Service Home page of the Security Group.
Click the Security Group menu on the Service Home page. You will be taken to the Security Group List page.
On the Security Group List page, select the resource (Security Group name) to terminate, and click the Terminate Service button.
After termination is complete, check on the Security Group list page whether the resource has been deleted.

2.2.1 - Security Group Logging

To store Security Group logs, first create a bucket in Object Storage for log storage and configure that bucket in the Security Group Logging repository. Then, on the Security Group Details page, set up log storage, and the Security Group logs will be saved to the Object Storage bucket.

To save Security Group logs, follow these steps.

To store Security Group logs, you can create a bucket in Object Storage or use an existing bucket. To create a bucket, refer to Object Storage 생성하기.
To configure the bucket for the log repository of Security Group Logging, refer to Security Group Logging Log Repository Setup.
In the Security Group detail view, to set log storage to Enabled, please refer to Security Group Enable Log Storage.

Security Group Logging Configure log storage usage

To set the log storage option of a Security Group to Enabled, you must first configure a log repository in Security Group Logging.

Reference

To set up the log repository for Security Group Logging, you need an Object Storage bucket for log storage. First, create a bucket in the Object Storage service. For more details, refer to Create Object Storage.

To enable the log repository for Security Group Logging, follow these steps.

All Services > Management > Network Logging > Security Group Logging Click the menu. You will be taken to the Security Group Logging List page.
On the Security Group Logging List page, click the Log Storage Settings button at the top. You will be taken to the Log Storage Settings popup.
Log storage settings In the popup window, select the log storage bucket. When you select a bucket, the log storage path is displayed.
Log storage settings In the popup window, after checking Log storage bucket and Log storage path, click the Confirm button.
Notification After reviewing the message in the popup window, click the Confirm button.

guide

After configuring the log repository for Security Group Logging, you must set the log storage option to Enabled on the Security Group Details page for logging to begin. For more details, refer to Security Group Log Storage Usage.

Query Security Group Logging List

If you configure the log storage bucket for Security Group Logging, you can view the Security Group Logging list.

To view the Security Group Logging list, follow these steps.

Click the All Services > Management > Network Logging > Security Group Logging menu. Navigate to the Security Group Logging List page.
Security Group Logging List page, verify the resources in use and the log storage targets.
Category Detailed description
Resource ID Security Group ID
Save target Security Group name
Save registration date and time Security Group log storage registration timestamp
Table. Security Group Logging list items
Reference
After configuring the log repository for Security Group Logging, you must set the log storage option to Enabled in the Security Group detail view for logging to begin. For more details, see Security Group Log Storage Usage.

Security Group Logging Check detailed information

The stored logs have different detailed information depending on the protocol. Refer to the information below to view the details.

TCP / UDP

Example of stored log: 2024-10-11T02:18:39,drop,to-lport: tcp,198.19.65.2,6443,192.168.22.131,20427

Category	Explanation
2024-10-11T02:18:39	Log date and time (2024-10-11, 02:18:39)
drop	Action (drop / allow)
to-lport	Direction to-lport: inbound from-lport: outbound
tcp	Protocol (tcp / udp / icmp / ip)
192.168.65.2	Source IP
6443	Departure Port
192.168.22.131	Destination IP
20427	Destination Port

Table. TCP/UDP log detailed information items

ICMP

Saved log example: 2024-10-11T02:18:39,allow,to-lport: icmp,192.168.65.2,192.168.22.131,8

Category	description
2024-10-11T02:18:39	Log date and time (2024-10-11, 02:18:39)
to-lport	Direction to-lport: inbound from-lport: outbound
allow	Action (drop / allow)
tcp	Protocol (tcp / udp / icmp / ip)
192.168.65.2	Source IP
192.168.22.131	Destination IP
8	ICMP type ID

Table. ICMP log detailed information items

IP

Stored log example: 2024-10-11T02:18:39,deny,ip,192.168.65.2,192.168.22.131,103

Category	Explanation
2024-10-11T02:18:39	Log date and time (2024-10-11, 02:18:39)
deny	Action (drop / allow)
ip	Protocol
192.168.65.2	Source IP
192.168.22.131	Destination IP
103	IP Protocol ID 1: ICMP 6: TCP 17: UDP

Table. IP Log Detailed Information Items

Security Group Logging Disable Log Storage Configuration

In Security Group Logging, you can set the log storage to unused.

To disable the log repository for Security Group Logging, follow these steps.

Click the All Services > Management > Network Logging > Security Group Logging menu. You will be taken to the Security Group Logging List page.
Security Group Logging List page, click the top Log Storage Settings icon. You will be taken to the Log Storage Settings popup window.
Log storage configuration in the popup window, select log storage bucket as Not used, and click the Confirm button.

Reference

Log storage settings can be changed when no log storage target is configured.
To change the log storage bucket, first set it to disabled. Then you can modify it by re-enabling it.

2.2.2 - Migration Rules

Users can retrieve rules created in the V1 environment of the Samsung Cloud Platform Console and apply them to the V2 service.

Getting Security Group Rules

You can import rules created in the V1 environment of the Samsung Cloud Platform Console and migrate them to the V2 service for use.

Reference

When a Security Group rule is migrated to the V2 environment using the Migration feature, the Migration label appears before its name.
If a Security Group rule description exceeds 255 characters, part of the description will be omitted.
Each Security Group can have up to 200 rules, and any rule that exceeds the maximum allowable quantity will not be registered.

To retrieve the Security Group rules of V1, follow these steps.

All Services > Networking > Security Group menu, click it. 1. Navigate to the Service Home page of the Security Group.
On the Service Home page, click the Migration Rules menu. 2. Go to the Migration Rules page.

Select the rule information to retrieve from the Migration Rules page and click Done.

Category	Detailed description
Original rule environment	SCP v1 (Vmware) Auto-select
Applicable target	Select the Security Group list in the account to apply the transferred rule
Get rules	Click the Attach File button to upload the decrypted Security Group rule file After decrypting and saving the rule file extracted from the original environment, upload it
Rule List	View uploaded Security Group rule file details Delete: Delete selected rule Edit: Modify selected rule information, see [Edit transferred Security Group rule](#이관할-Security Group-규칙-수정하기) for details

Table. Migration Rules detailed items

After the Security Group rule transfer request is completed, verify that the transfer item has been added to the Security Group list.

Modify the Security Group rules to be transferred

You can edit each item when retrieving rules created in the V1 environment of the Samsung Cloud Platform Console.

To modify the Security Group rules to be imported from V1, follow these steps.

All Services > Networking > Security Group Click the menu. 1. Navigate to the Service Home page of the Security Group.
On the Service Home page, click the Migration Rules menu. 2. Go to the Migration Rules page.
In the rule import section, click Attach File to upload the Security Group rule file.

In the rule list, click Edit for the rule item you want to modify.

Category	Required or not	Detailed description
Target Input Method	Required	Remote rule type setting CIDR: Set the target address by entering the IP directly Security Group: Set to the created Security Group
Remote > Target address	Essential	If CIDR is selected, you need to enter the target IP address Enter in CIDR (IP address/subnet mask) format `, using` and `-` you can input multiple addresses up to 100 at once. To use the entire IP range (ANY), enter ‘0.0.0.0/0’
Remote > Security Group	Essential	When Security Group is selected, a Security Group must be chosen.
type	Required	Select protocol type to which the rule will be applied Select destination port/Type: Select protocol type Internet Protocol: Enter protocol numbers, up to 100 entries allowed All: Select destination port/Type and protocol for the entire range, meaning all ports for all protocols
Type > Protocol	Required	Select detailed protocol for the type Select the desired protocol among TCP, UDP, and ICMP; input fields vary depending on the selected protocol When ICMP is selected in the protocol, you can set the ICMP Type Select a commonly used Type, such as Echo, from the values defined for ICMP Type Click the Add button to add an input value When TCP/UDP is selected in the protocol, you can choose allowed ports such as SSH, HTTP, etc. When entering manually, you can input values from 1 to 65,535, and you can enter up to 100 entries at once using commas (,) or ranges (-) Click the Add button to add an input value When Internet Protocol is selected in the type `1 ~ 254` Enter a protocol number within the range
direction	Essential	Set the traffic direction for the applicable target Inbound rule: external → server Outbound rule: server → external
Explanation	Selection	Additional description written by the user

Table. Detailed items of the Security Group rule edit window

When the rule information edit is complete, click Confirm in the edit window.
Review the edited rule information and click Done.

2.3 - API Reference

API Reference

2.4 - CLI Reference

CLI Reference

2.5 - Release Note

Security Group

2026.05.21

FEATURE Add Security Group rule migration feature

For user convenience, a Migration Rules page has been added that allows you to import Security Group rules created in the V1 environment and apply them to the V2 service.

2026.03.19

FEATURE Security Group feature improvement

When adding a Security Group rule, multiple service ports can be selected
- Improved the console to allow selecting multiple service ports when adding a rule.

2025.07.01

FEATURE Securirty Group Add rule input method

Add Security Group rule input method
- A feature allowing IP protocol input has been added.
- A feature to select Well-known protocols has been added.

2025.02.27

FEATURE Common functionality change

Samsung Cloud Platform Common Feature Changes
- Account, IAM, Service Home, tags, and other common CX changes have been reflected.

2025.02.27

CHANGED Security Group feature improvement

Improved to allow entering multiple IPs when adding Security Group rules.

2024.12.23

FEATURE Add Security Group log storage feature

A feature to store Security Group logs has been added.
You can decide whether to store Security Group logs and store the logs in Object Storage.

2024.10.01

NEW Security Group service official version release

The Security Group service, which provides virtual firewall functionality for instance resources, has been launched.
You can control inbound and outbound traffic generated from instance resources through the Security Group service.

2024.07.02

NEW Beta version release

The Security Group service, which provides virtual firewall functionality for instance resources, has been launched.
You can control inbound and outbound traffic generated from instance resources through the Security Group service.

3 - Load Balancer

3.1 - Overview

Service Overview

The Load Balancer (LB) service of Samsung Cloud Platform automatically distributes traffic to available servers when there is an unpredictable traffic surge or server failure, ensuring the stability and continuity of customer services.

A Load Balancer serves as the service endpoint provided to clients, is deployed in a VPC subnet according to the service type (L4 / L7), and you can configure multiple services by adding listeners to the created Load Balancer.

The Listener receives client requests through the service port and processes traffic according to routing rules. L4 supports TCP / UDP / TLS protocols, and L7 supports HTTP / HTTPS protocols; in L7, you can specify an LB server group for each routing condition or set a redirect response for the request URL.

The LB server group forwards requests received by the Listener to specific servers based on load balancing and health checks. The servers receive client requests from the Load Balancer’s Source NAT IP through the ports configured for the members, and the server status is periodically monitored by the Load Balancer’s health check IP.

LB health check defines the member health check method registered in the LB server group. You can select a default LB health check resource provided for the LB server group, or create a new one to configure monitoring suitable for the application.

Features

Various load balancing methods: Round Robin, Least Connection, IP Hash, etc., are provided.
SSL Authentication Encryption and Offloading: Supports SSL offloading and allows selection of encryption level.
Enhanced Security: Use a firewall to manage Load Balancer communication and view connection logs by storing logs.

Service Architecture Diagram

Provided features

Load Balancer: Select the service type and configure the IP to be used by the Load Balancer.
Listener: Set the protocol, port, and routing rules. You can add multiple Listeners to a single Load Balancer.
LB server group: Sets the load balancing method. LB server group can be attached to a single Load Balancer.
Member: Select the server to add to the LB server group. You can choose Virtual Server or Bare Metal Server resources created in the same VPC as the Load Balancer, or enter an IP address directly.
LB health check: Sets the member health check method. LB health checks can be registered and used across multiple LB server groups.

Component

A Load Balancer consists of a Load Balancer (Listener), LB server group (member), and LB health check.

Load Balancer

The components that make up a Load Balancer are as follows. By configuring each component, you can set up load balancing suitable for the customer’s workload.

Component	Detailed description
Service Category	Load Balancer service type Classification of Listener protocols that can be created according to L4 / L7
Service Sunbet	Assign the Service IP, Source NAT IP, and Health Check IP required for the Load Balancer in the Subnet range of the VPC Subnet Subnet
Service IP	Service IP that the client accesses
Source NAT IP	IP used to forward server traffic in the Load Balancer
Health check IP	IP used for health checks in the Load Balancer
Listener	Resources connected to the Load Balancer protocol, port, LB server group settings

Table. Load Balancer components

LB server group

The elements that make up an LB server group are as follows. Traffic is delivered to members of the LB server group according to the settings of each component.

Component	Detailed description
Protocol	LB server group forwarding protocol
Load balancing	Traffic distribution method Deliver traffic to a specific member according to the load balancing method
LB health check	Member health check method LB Select from the list of resources created by the health check
Member	Server that processes client requests Set weights or modify activation status based on load balancing

Table. LB server group components

LB health check

The elements that make up the LB health check are as follows. Member health checks are performed according to the settings of each component.

Component	Detailed description
Protocol	Health check protocol
Health check port	Port used for health check
Period	Health check execution interval
Waiting time	Server response latency for health check
Detection count	Criteria for determining member health check status (Healthy / Unhealthy)

Table. LB health check components

Constraints

The Load Balancer of Samsung Cloud Platform has a default quota, which limits the number of Load Balancers, Listeners, LB server groups, and members that can be created. You can manage current usage through the Console and request additional quota for items that can be expanded.

Item	Default quota	Detailed description
LOAD_BALANCER.SERVICE_SUBNET.DEFAULT.COUNT	3	Number of Service Subnets per VPC that can create a Load Balancer
LOAD_BALANCER.DEFAULT.COUNT	50	Number of Load Balancers created per Region
LOAD_BALANCER.LISTENER.DEFAULT.COUNT	1000	Number of Listeners created per Region
LOAD_BALANCER.SERVER_GROUP.DEFAULT.COUNT	1000	Number of LB server groups created per region
LOAD_BALANCER.MEMBER.DEFAULT.COUNT	1000	Number of members that can be registered to the entire LB server group per region
LOAD_BALANCER.HEALTH_CHECK.DEFAULT.COUNT	500	Number of LB health checks created per region

Table. Load Balancer Constraints

Preliminary Service

This is a list of services that must be pre-configured before creating a Load Balancer service. Please refer to the guide provided for each service and prepare in advance.

Service Category	Service	Detailed description
Networking	VPC	A service that provides an isolated virtual network in a cloud environment

Table. Load Balancer prerequisite service

3.1.1 - ServiceWatch metric

The Load Balancer sends metrics to ServiceWatch. The metrics provided by basic monitoring are data collected at 5‑minute intervals.

Reference

Refer to the ServiceWatch guide for how to view metrics in ServiceWatch.

Basic Metrics

The following are the default metrics for the Load Balancer namespace.

The indicators whose names are displayed in bold text below are the key metrics selected from the basic metrics provided by Load Balancer. Key metrics are used to build the service dashboards that are automatically created for each service in ServiceWatch.

Each metric provides guidance in the user guide on which statistical values are meaningful when querying that metric, and among the meaningful statistics, the values shown in bold are the primary statistics. In the service dashboard, you can view key metrics using primary statistical values.

Performance items	Detailed description	unit	meaningful statistics
LB Status	Load Balancer status	-	-
LB Total Connections	LB cumulative connection count	Count	total
LB Total L4 Connections	Cumulative L4 connection count	Count	total
LB Total L7 Connections	Cumulative L7 connection count	Count	Total
LB Total SSL Connections	Cumulative SSL connection count	Count	Total
LB Total TCP Connections	Cumulative TCP connection count	Count	Total
LB Current Connections	Current number of active connections	Count	Total
LB Current SSL Connections	Current SSL connection count	Count	Total
LB Peak Connections	LB maximum connections	Count	Total
LB Total Requests	LB cumulative request count	Count	Total
LB Current Requests	LB current request count	Count	Total
LB Connection Rate (CPS)	Number of new inbound connections	Count	Total
LB Forward Bytes	Cumulative bytes transferred from the LB to the server	Bytes	total
LB Forward Bytes (Delta)	Cumulative bytes (Delta) delivered from LB to server	Bytes	Total
LB Forward Packets	Cumulative packets delivered from the LB to the server	Count	Total
LB Forward Packets (Delta)	Cumulative packets (Delta) delivered from the LB to the server	Count	Total
LB Reverse Bytes	Cumulative packets delivered from LB to the server	Bytes	Total
LB Reverse Bytes (Delta)	Cumulative bytes (Delta) received from the server	Bytes	Total
LB Reverse Packets	Cumulative packets received from the server	Count	Total
LB Reverse Packets (Delta)	Cumulative packets (Delta) received from the server	Count	Total
LB Current Responses	LB current response count	Count	total
LB Total Success Responses	Cumulative successful response count	Count	Total
LB Last Response Time	LB last response time	Milliseconds	Total
LB Fastest Response Time	LB shortest response time	Milliseconds	Total
LB Slowest Response Time	LB maximum response time	Milliseconds	Total
LB Total Failure Actions	Number of failures handled in LB	Count	Total
Listener Status	Listener status	Count	total
Listener Total Connections	Listener cumulative connection count	Count	Total
Listener Total L4 Connections	Cumulative L4 connection count	Count	Total
Listener Total L7 Connections	Cumulative L7 connection count	Count	Total
Listener Total SSL Connections	Cumulative SSL connection count	Count	total
Listener Total TCP Connections	Cumulative TCP connection count	Count	Total
Listener Current Connections	Current number of active connections	Count	Total
Listener Current SSL Connections	Current SSL connection count	Count	Total
Listener Peak Connections	Maximum number of connections for the listener	Count	Total
Listener Current Requests	Listener current request count	Count	Total
Listener Total Requests	Listener cumulative request count	Count	Total
Listener Connection Rate (CPS)	Number of new inbound connections	Count	Total
Listener Forward Bytes	Cumulative bytes transferred from the Listener to the server	Bytes	Total
Listener Forward Bytes (Delta)	Cumulative bytes (Delta) transmitted from the Listener to the server	Bytes	Total
Listener Forward Packets	Cumulative packets transmitted from the Listener to the server	Count	Total
Listener Forward Packets (Delta)	Cumulative packets (Delta) transmitted from the Listener to the server	Count	Total
Listener Reverse Bytes	Cumulative bytes received from the server	Bytes	Total
Listener Reverse Bytes (Delta)	Cumulative bytes (Delta) received from the server	Bytes	Total
Listener Reverse Packets	Cumulative packets received from the server	Count	Total
Listener Reverse Packets (Delta)	Cumulative packets (Delta) received from the server	Count	Total
Listener Current Responses	Listener current response count	Count	total
Listener Total Success Responses	Cumulative successful response count	Count	Total
Listener Last Response Time	Listener last response time	Milliseconds	Total
Listener Fastest Response Time	Listener minimum response time	Milliseconds	Total
Listener Slowest Response Time	Listener maximum response time	Milliseconds	Total
Listener Total Failure Actions	Number of failures processed in the Listener	Count	total
ServerGroup Status	LB server group status	Count	Total
ServerGroup Request Count	Cumulative request count for LB server group	Count	Total
ServerGroup Response Count	LB server group cumulative response count	Count	Total
ServerGroup 2xx Response Count	Number of HTTP 2xx responses	Count	Total
ServerGroup 3xx Response Count	Number of HTTP 3xx responses	Count	Total
ServerGroup 4xx Response Count	Number of HTTP 4xx responses	Count	Total
ServerGroup 5xx Response Count	Number of HTTP 5xx responses	Count	Total
ServerGroup Healthy Member Count	Number of healthy members	Count	Total
ServerGroup Unhealthy Member Count	Health check abnormal member count	Count	Total
ServerGroup Peak Connections	Maximum connections for LB server group	Count	Total

Table. Load Balancer basic metrics

3.2 - How-to guides

Users can create a service by entering the required Load Balancer information and selecting detailed options through the Samsung Cloud Platform Console.

Create Load Balancer

You can create and use a Load Balancer service from the Samsung Cloud Platform Console.

To create a Load Balancer, follow these steps.

Click the All Services > Networking > Load Balancer menu. You will be taken to the Load Balancer’s Service Home page.
On the Service Home page, click the Create Load Balancer button. You will be taken to the Create Load Balancer page.
On the Load Balancer Creation page, enter the information required to create the service and select detailed options.
- In the Service Information Input area, enter or select the required information.

Category	Required status	Detailed description
Load Balancer name	Required	Load Balancer resource name English uppercase and lowercase letters, numbers, and special characters(`-_`) must be entered with 3 to 63 characters
Service Category	Required	Load Balancer service type L4 or L7 select
VPC name	Required	VPC where the Load Balancer will be created Select from the VPC list + New selectable after creation
Service Subnet name	Required	VPC Subnet where the Load Balancer will be created Select from the list of Subnets created in the selected VPC + New If selected, it can be chosen after creation
Service IP	Select	Load Balancer’s service IP Enter one IP from the Service Subnet range in IP address format If not entered, it will be automatically assigned from the IP allocation range of the selected Subnet
Public NAT IP	Select	Select the Public NAT IP to use in the Load Balancer when allowing service access from external (Internet) sources If a VPC and Service Subnet are selected, or if the selected VPC is connected to an Internet Gateway, use can be set Select from the list of Public IPs created in the selected VPC + New Creation can be selected after it is created
Source NAT IP	Selection	IP used for member communication in the Load Balancer Enter one IP from the Service Subnet range in IP address format If not entered, an IP will be automatically assigned from the selected Subnet’s IP allocation range If a Load Balancer already exists in the selected Subnet, display the previously assigned IP information IP cannot be modified after the Load Balancer is created
Health check IP	Selection	IP to be used for health checks in the Load Balancer Enter two IPs from the Service Subnet range in IP address format, each separately If not entered, IPs will be automatically assigned from the selected Subnet’s IP allocation range (if only one IP is entered, the remaining IP will be automatically assigned) If a Load Balancer already exists in the selected Subnet, display the previously assigned IP information IP cannot be modified after the Load Balancer is created
Use firewall	Select	Set whether to use the firewall Select whether to enable the firewall for Load Balancer access control Use When selected, create firewall resources If not checked, create firewall resources in an unused state If a firewall is already in use in the selected subnet, display firewall resource information
Firewall log storage	Select	Select whether to store Firewall logs Enabled when set, store Firewall logs in the bucket configured in the log storage For more details, see Using Firewall Log Storage reference

Table. Load Balancer Service Information Input Items

In the Additional Information Input area, enter or select the required information.
Category
Required status
Detailed description
description Select Enter resource description
tag Select Add tags
Up to 50 tags can be added per resource
Table. Load Balancer additional information input fields

Check the created service information and the estimated billing amount, then click the Create button.

After creation is complete, check the created resources on the Load Balancer List page.

guide

Load Balancer service does not provide access control for Service IP and service ports.
- When creating a Load Balancer, select Use Firewall to manage communication between the client and the Load Balancer, and between the Load Balancer and members with Firewall rules, and we recommend using Save Firewall Logs to store access logs.
When creating a service and enabling the Firewall log storage feature, you must configure the log storage first. If the log storage is not configured, you cannot create a Load Balancer service.

Caution

When using a firewall, you must add rules required for Load Balancer communication. Register the rules, paying attention to the direction for each purpose.

If you do not add a rule, the Load Balancer service will not operate correctly.

Purpose	Source IP	Destination IP	Protocol	Destination Port/Type	direction
Client → LB connection	Client IP	LB Service IP	Listener protocol	Listener service port	Outbound
LB → Member connection	LB Source NAT IP	LB server group member IP	LB server group protocol	Member port	Inbound
LB → Member health check	LB health check IP	LB server group member IP	Health check protocol	Health check port When the health check port and member port differ, register the member port	Inbound

Figures and tables. Add Load Balancer firewall rule

Check Load Balancer detailed information

The Load Balancer service can be viewed and edited for the resource list and detailed information in the Load Balancer menu. The Load Balancer Details page consists of Details, Connected Resources, Tags, Activity Log tabs.

Follow these steps to view detailed information about the Load Balancer service.

Click the All Services > Networking > Load Balancer menu. You will be taken to the Load Balancer’s Service Home page.
From the Service Home page, click the Load Balancer menu. You will be taken to the Load Balancer list page.

Load Balancer List page, click the resource to view its details. You will be taken to the Load Balancer Details page.

Load Balancer Details page displays status information and additional feature information, and consists of Details, Connected Resources, Tags, Activity History tabs.

Category

Detailed description

status

Load Balancer resource status

Active: Service is operating normally

Deleting: Service termination request is being processed

Creating: Service creation request is being processed

Error: Unable to determine current status due to internal error

Editing: Service modification request is being processed

Service termination

Delete Load Balancer resource

Table. Load Balancer status information and additional feature items

Detailed Information

In the Detailed Information tab, you can view the detailed information of the resource selected from the Load Balancer list and edit the necessary information.

Category	Detailed description
Service	service name
Resource Type	Resource Type
SRN	Unique resource ID in Samsung Cloud Platform
Resource Name	Resource Name
Resource ID	Unique resource ID in the service
Creation date	Service creation date and time
Modification date and time	Service modification date and time
constructor	Service creation request user
Editor	User requesting service modification
Load Balancer name	Load Balancer name
Service IP	Load Balancer’s Service IP (used for communication between client and Load Balancer) Use one IP from the Service Subnet
Service Category	Load Balancer service type
Source NAT IP	Load Balancer’s Source NAT IP (used for communication between Load Balancer and servers) Use one IP from the Service Subnet
VPC name	VPC resource name where the Load Balancer is created Clicking the resource name navigates to the detail page
Service Subnet name	Subnet resource name where the Load Balancer was created Click the resource name to go to the detail page
Public NAT IP	Load Balancer’s Public NAT IP (used when configuring internet service) Edit icon can be clicked to modify the settings
Private NAT IP	Load Balancer’s Private NAT IP Edit click the icon to modify the settings
Health check IP	Load Balancer Health Check IP (used when performing health checks on LB server group members) Use two IPs in the Service Subnet
Explanation	Additional information or description about Load Balancer Edit icon can be clicked to modify
Firewall name	Firewall resource name connected to Load Balancer Click the resource name to navigate to the detail page

Table. Load Balancer detailed information tab items

Connected resources

Connected Resources tab lets you view the list of Listeners attached to the Load Balancer, and you can create or delete Listeners.

In the Connected Resources tab, selecting the Listener item takes you to the Listener Details page where you can view, edit, and delete the detailed information.
On the Listener Details page, clicking the Edit icon lets you modify the information.

Category	Detailed description
Create Listener	Create Listener button
Listener name	Listener resource name
Routing rules	Routing rules attached to the Listener Routing Action: Traffic routing method Configuration value: Configuration value for the routing action
Protocol	Protocol that the Listener receives
Port	Port that the Listener receives
Creation Date/Time	Listener creation time
Delete	Delete Listener button

Table. List of resources connected to Load Balancer

Job History

Work History tab allows you to view the work history of the selected resource.

Category	Detailed description
Work log	Task execution details
Work Date/Time	Task execution date and time
Resource Type	Resource Type
Resource name	Load Balancer name
Operation result	Task execution result (success/failure)
Operator Information	User information of the performed operation

Table. Load Balancer operation history list entries

Load Balancer Resource Management

You can manage resources such as creating and deleting Load Balancer listeners.

Create Listener

Create a Listener on the Load Balancer to receive client requests and handle traffic according to the Listener configuration.

information

The protocol that receives client requests varies depending on the Load Balancer service type.

L4 Load Balancer case: TLS, TCP, UDP protocols
When using an L7 Load Balancer: HTTP, HTTPS protocols

Creating a Listener in L4 Load Balancer

To create a Listener in the L4 Load Balancer, follow these steps.

Click the All Services > Networking > Load Balancer menu. You will be taken to the Load Balancer’s Service Home page.
On the Service Home page, click the Load Balancer menu. You will be taken to the Load Balancer list page.
Load Balancer List page, click the Load Balancer resource to create a Listener. You will be taken to the Load Balancer Details page.
On the Load Balancer Details page, click the Connected Resources tab. You will be taken to the Connected Resources tab page.
On the Connected Resources tab page, click the Create Listener button in the upper right.
Enter or select the required information in the Service Information Input area.
- The information that can be entered varies depending on the protocol.

Category	Required	Detailed description
Load Balancer	Required	Name of the Load Balancer resource where the Listener will be created
Listener name	Required	Listener resource name
Protocol	Required	Select Listener receive protocol TCP, UDP, TLS, TCP_Proxy
service port	Required	Enter Listener receiving port Enter a value between 1 and 65,534
Routing rules	Required	Routing rule configuration Routing Action: L4 Load Balancer is fixed to LB Server Group Forwarding LB Server Group: Select the LB server group that will handle client requests Can select from LB server groups created in the same Service Subnet as the Load Balancer LB server groups currently used by other Load Balancers cannot be selected For more information, see Create LB Server Group reference
Session retention time	Required	Client session keep-alive time setting Default: 120 seconds TCP, TLS protocols allow input in 60‑second increments between 60 and 3,600 seconds UDP protocol allows input in 60‑second increments between 60 and 180 seconds
Proxy Protocol	Select	Set whether to add client IP information to the proxy protocol header (when using TCP protocol) Insert the client IP address into the TCP proxy protocol header and forward it to the server (supports proxy protocol v1)
Persistence	Required	Select Sticky Session method (set when using TCP, TLS protocols) Source IP: Fix the connection server based on the client IP address
SSL certificate	Select	Select default encryption certificate and security level (when using the TLS protocol) Select the certificate to use for the client SSL/TLS Handshake Default certificate (required): Choose the certificate used for client connections SSL security level (required): Select the security level when encrypting client connections (SSL security level support items reference) High: Supports Cipher Suites of TLS 1.3 version Medium: Supports Cipher Suites including TLS 1.2 version Low (not recommended): Supports Cipher Suites including TLS 1.1 version
Server SSL security level	Required	Select security level when configuring End-to-End SSL (TLS protocol settings) Select Do not use when you do not encrypt the server connection

Table. Enter Listener service information – when using L4 Load Balancer

In the Additional Information Input area, enter or select the required information.

Category	Required	Detailed description
Explanation	Select	Enter resource description
tag	Select	Add tags Up to 50 tags can be added per resource

Table. Listener additional information input fields

Verify the created service information and click the Create button.
- When creation is complete, verify the created resource on the Load Balancer Details page’s Connected Resources tab.

Creating a Listener in L7 Load Balancer

Follow these steps to create a Listener in an L7 Load Balancer.

Click the All Services > Networking > Load Balancer menu. Go to the Load Balancer’s Service Home page.
On the Service Home page, click the Load Balancer menu. You will be taken to the Load Balancer list page.
On the Load Balancer List page, click the Load Balancer resource for which you want to create a Listener. You will be taken to the Load Balancer Details page.
Click the Connected Resources tab on the Load Balancer Details page. You will be taken to the Connected Resources tab page.
On the Connected Resources tab page, click the Create Listener button in the upper right.
In the Service Information Input area, enter or select the required information.
- The information that can be entered varies depending on the protocol.

Category	Required status	Detailed description
Load Balancer	Required	Load Balancer resource name where the Listener is created
Listener name	Required	Listener resource name
Protocol	Required	Select Listener reception protocol Select HTTP or HTTPS
service port	Required	Listener receive port input Enter a value between 1 and 65,534
Routing Rules > Routing Action	Required	Select routing processing method LB server group forwarding: Forward traffic to the LB server group URL redirection: Redirection response from the Load Balancer
Routing Rules > Routing Conditions	Required	When the routing action is LB server group forwarding, set the LB server group per routing condition URL Path: Set the LB server group per URL path Host Header: Set the LB server group based on the Host value Redirect Target: When the routing action is URL redirection, configure the redirect response Redirect URL Path: Enter the URL path to redirect to Redirect Host: Enter the Host value to redirect to Protocol/Port: Set the protocol and port for the redirect (HTTP protocol usage required) For detailed information on adding routing rules, see Edit Routing Rules reference
Persistence	Selection	Select Sticky Session mode (set when the routing action is LB server group forwarding) Source IP: Fix the connection server based on the client IP address Cookie: Fix the connection server based on the cookie initially inserted by the Load Balancer
Listener timeout setting > Session keep-alive time	Select	HTTP connection keep-alive time setting Enabled when you can input a value between 60 and 3,600 seconds Enabled → Disabled: Since it cannot be modified, it is recommended to use it only for services that require it
Listener timeout setting > HTTP connection timeout	Select	Set HTTP response timeout Client connection keep-alive time, server response wait time, and response timeout can be entered between 1 and 120 seconds when use is selected Use → Not use: Since it cannot be modified, it is recommended to apply it selectively to necessary services
X-Forwarded-For	Select	Set whether to insert client IP information When enabled, add the client IP address to the X-Forwarded-For header
X-Forwarded-Proto	Select	Set whether to insert client request protocol information When used, add the client request protocol to the X-Forwarded-Proto header
X-Forwarded-Port	Select	Set whether to insert client request port information When enabled, add the client request port to the X-Forwarded-Port header
HTTP 2.0	Select	Set whether to use HTTP/2 for client‑server connections
SSL certificate	Select	Select encryption certificate and security level (HTTPS protocol usage) Select the certificate to use for the client SSL/TLS Handshake Default certificate (required): Choose the certificate to use for client connections SSL security level (required): Select the security level when encrypting client connections (see SSL security level support items for reference) High: Supports Cipher Suites of TLS 1.3 version Medium: Supports Cipher Suites including TLS 1.2 version Low (not recommended): Supports Cipher Suites including TLS 1.1 version For multi-domain services, after creating the Listener, add the certificate to the SNI certificate.
Server SSL security level	Required	Select security level when configuring End-to-End SSL (HTTPSS protocol setting) If you do not encrypt the server connection, select Do not use

Table. Enter Listener service information - when using L7 Load Balancer

Reference

The routing rule’s URL path matching method is Starts with(prefix match).

It checks whether the entered URL path starts with a specific string, and if the beginning matches, the routing rule is applied.
Example: when the entered URL is /api/
- Matching URL: /api/users, /api/v1/login, /api/images/logo.png
- Unmatched URL: /auth/api/, /API/users

In the Additional Information Input area, enter or select the required information.

Category	Required status	Detailed description
Explanation	Select	Enter resource description
tag	Select	Add tags Up to 50 tags can be added per resource

Table. Listener additional information input fields

Verify the created service information and click the Create button.
- When creation is complete, verify the created resource on the Load Balancer Details page’s Connected Resources tab.

SSL security level support items

The list of TLS versions and Cipher Suites supported by the Listener for each SSL security level is as follows.

Security level	TLS version	Cipher Suite (encryption algorithm)
High	TLS 1.3	TLS13_AES_128_GCM_SHA256 TLS13_AES_256_GCM_SHA384 TLS13_CHACHA20_POLY1305_SHA256
Normal/Low	Normal: TLS 1.3, 1.2 Low: TLS 1.3, 1.2, 1.1	TLS13_AES_128_GCM_SHA256 TLS13_AES_256_GCM_SHA384 TLS13_CHACHA20_POLY1305_SHA256 RC4-MD5 RC4-SHA DES-CBC3-SHA DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-CHACHA20-PLY1305 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-CHACHA20-POLY135 ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-CHACHA20-POLY1305

Table. Supported items by SSL security level

Check Listener detailed information

On the Connected Resources tab of the Load Balancer Details page, you can select a Listener to view and edit its detailed information.

To view the Listener’s detailed information, follow these steps.

Click the All Services > Networking > Load Balancer menu. Navigate to the Load Balancer’s Service Home page.
On the Service Home page, click the Load Balancer menu. You will be taken to the Load Balancer List page.
On the Load Balancer List page, click the resource whose details you want to view. You will be taken to the Load Balancer Details page.
On the Load Balancer Details page, click the Connected Resources tab.
Click the Listener to view detailed information from the list of connected resources. It navigates to the Listener Details page.
- Listener Details page displays status information and additional feature information, and consists of Details, Tags, Activity Log tabs.

Category

Detailed description

status

Listener status

Active: The service is properly activated

Deleting: Processing service termination request

Creating: Processing service creation request

Error: Cannot determine current status due to an internal error

Editing: Processing service modification request

Delete Listener

Table. Listener status information and additional feature items

Detailed Information

Detailed Information tab allows you to view the Listener’s detailed information and edit the necessary details. Detailed information varies depending on the Load Balancer in use.

L4 Load Balancer Detailed Information

Category	Detailed description
Service	Service name
Resource Type	Resource Type
SRN	Unique resource ID in Samsung Cloud Platform
Resource Name	Resource Name
Resource ID	Unique resource ID in the service
constructor	User requesting listener creation
Creation Date/Time	Listener creation time
Editor	User requesting listener modification
Modification date	Listener modification timestamp
Listener name	Listener name
Protocol	Listener usage protocol
Port	Listener port
Session retention time	Client session retention time Edit icon can be clicked to edit
Proxy Protocol	Whether to insert client IP information Click the Edit icon to edit
Persistence	Use of sticky session Click the Edit icon to modify
Routing rules	Routing action and LB server group information Edit icon can be clicked to modify LB server group
SSL certificate	Default certificate and SSL security level, expiration date and time information Edit icon can be clicked to modify If a registered SNI certificate exists, the default certificate cannot be edited (it can be edited after deleting the SNI certificate)
SNI certificate	SNI Certificate Details Edit Click the icon to add SNI information and certificate for reference
Server SSL security level	Whether server connection is encrypted You can edit by clicking the Edit icon
Explanation	Additional information about the Listener Click the Edit icon to modify

Table. Listener Details Tab – When Using L4 Load Balancer

L7 Load Balancer Detailed Information

Category	Detailed description
Service	Service name
Resource Type	Resource Type
SRN	Unique resource ID in Samsung Cloud Platform
Resource Name	Resource Name
Resource ID	Unique resource ID in the service
constructor	User requesting listener creation
Creation Date/Time	Listener creation time
Editor	User requesting listener modification
Modification date	Listener modification timestamp
Listener name	Listener name
Protocol	Listener usage protocol
Port	Listener port
Session retention time	HTTP connection keep-alive time Edit Click the icon to change from disabled to enabled and modify the input value
Client connection keep-alive time	HTTP client connection keep-alive timeout Edit icon click to change from unused → used and modify input value
Server response latency	HTTP server response wait timeout Edit icon can be clicked to change from unused → used and modify the input value
X-Forwarded-For	Whether to insert client IP information Edit icon can be clicked to modify
X-Forwarded-Proto	Whether to insert client request protocol information Click the Edit icon to edit
X-Forwarded-Port	Whether to insert client request port information Edit icon can be clicked to edit
Persistence	Use of sticky session Edit icon can be clicked to modify
HTTP 2.0	Whether to use HTTP/2 for client-server connections Edit icon can be clicked to modify
Routing rules	Routing action and routing condition/redirect target information Click the Edit icon to modify routing condition or redirect target.
SSL certificate	Default certificate and SSL security level, expiration date and time information Edit icon can be clicked to modify If a registered SNI certificate exists, the default certificate cannot be edited (it can be edited after deleting the SNI certificate)
SNI certificate	SNI Certificate Details Edit Click the icon to add SNI information and certificate for reference
Server SSL security level	Whether server connection is encrypted Edit icon can be clicked to modify
Explanation	Additional information about the Listener Edit icon can be clicked to edit

Table. Listener Details Tab - When using L7 Load Balancer

Job History

You can view the Listener’s operation history.

Category	Detailed description
Work log	Task execution details
Operation Date/Time	Task execution date and time
Resource Type	Resource Type
Resource Name	Listener name
Operation result	Task execution result (success/failure)
Operator Information	Information about the user who performed the task

Table. Listener operation history tab items

Modify routing rules

On the Connected Resources tab of the Load Balancer Details page, you can modify the Listener’s routing rules.

To modify the Listener’s routing rules, follow these steps.

Click the All Services > Networking > Load Balancer menu. Navigate to the Load Balancer’s Service Home page.
From the Service Home page, click the Load Balancer menu. You will be taken to the Load Balancer list page.
On the Load Balancer List page, click the resource you want to view details for. You will be taken to the Load Balancer Details page.
On the Load Balancer Details page, click the Connected Resources tab.
Click the Listener to add a lighting condition from the list of connected resources. You will be taken to the Listener Details page.
On the Listener Details page, click the Edit icon of the Routing Rules item. The Edit Routing Rules popup window opens.

After modifying the routing rule according to the routing action, click the Confirm button.

Category

Required status

Detailed description

Routing Action

Current routing method (cannot be modified)

Routing condition

Required

If the routing action is LB server group forwarding, routing conditions can be modified

URL path: Modify request URL path and LB server group (up to 20 additions possible)

Host header: Modify request host and LB server group (up to 20 additions possible)

Redirect target

Required

When the routing action is URL redirection, the redirect target can be modified

Path: the URL path can be changed

Host: the host can be changed

Protocol/Port: cannot be modified (only HTTP → HTTPS redirection is allowed)

Table. Listener routing rule modification items

Delete Listener

To delete an unused Listener, follow these steps.

Click the All Services > Networking > Load Balancer menu to go to the Load Balancer’s Service Home page.
Click the Load Balancer menu on the Service Home page. You will be taken to the Load Balancer List page.
Load Balancer List page, click the Load Balancer resource whose Listener you want to delete. You will be taken to the Load Balancer Details page.
On the Load Balancer Details page, click the Connected Resources tab. You will be taken to the Connected Resources tab page.
On the Connected Resources tab page, click the Listener you want to delete. Navigate to the Listener Details page.
On the Listener Details page, click the Delete Listener button.

Terminate Load Balancer

You can reduce costs by terminating unused Load Balancers. However, since this may affect application services, request termination only after thorough prior review.

Caution

In the following cases, the Load Balancer cannot be terminated.

If there is a Listener attached to the Load Balancer: Delete the attached Listener on the Load Balancer Details page’s Connected Resources tab.
If you are using a Public NAT IP on the Load Balancer: Load Balancer Details page’s Details tab, deselect the Public NAT IP that is in use.
If you are using a Private NAT IP on the Load Balancer: Load Balancer Details page’s Details tab, deselect the Private NAT IP in use.
If there are rules registered in the Firewall: delete the Firewall rules in use from the Load Balancer Details page’s Detailed Information tab.
If connected to a PrivateLink Service: Check the connected Load Balancer on the PrivateLink Service Details page.

To cancel the Load Balancer, follow these steps.

Click the All Services > Networking > Load Balancer menu. You will be taken to the Load Balancer’s Service Home page.
On the Service Home page, click the Load Balancer menu. You will be taken to the Load Balancer List page.
Load Balancer List page, click the resource to terminate. You will be taken to the Load Balancer Details page.
On the Load Balancer Details page, click the Terminate Service button.
After termination is complete, check the resource termination status in the Load Balancer list.

3.2.1 - LB Server Groups

Users can create an LB server group through the Samsung Cloud Platform Console and connect it to a Load Balancer’s listener.

Create LB server group

Reference

You can create up to 1,000 LB server groups per account.

To create an LB server group, follow these steps.

Click the All Services > Networking > Load Balancer menu to go to the Load Balancer’s Service Home page.
On the Service Home page, click the LB Server Group menu. You will be taken to the LB Server Group List page.
On the LB Server Group List page, click the Create LB Server Group button. You will be taken to the Create LB Server Group page.

On the Create LB Server Group page, enter the information required to create a service and select detailed options.

Enter or select the required information in the Service Information Input area.

Category	Required status	Detailed description
LB server group name	Required	LB server group resource name Enter using English letters, numbers, and special characters (`-_`) with a length of 3 to 63 characters LB server group name must be unique within the Account
VPC name	Required	Select the VPC to create the LB server group Select the VPC where the Load Balancer that will connect to the LB server group is created
Service Subnet name	Required	Select the VPC Subnet to create the LB server group Select the Subnet where the Load Balancer that will connect to the LB server group is created
Load balancing	Required	Load Balancing Algorithm Selection Round Robin: Distribute sequentially among registered members Weighted round robin: Distribute sequentially in proportion to the weight assigned to each member Least Connection: Distribute to the member with the fewest connections Weighted least connection: Distribute to the higher‑priority member considering each member’s weight and connection count IP Hash: Distribute to a specific member based on the hash value of the client IP address
Protocol	Required	Select the receiving protocol for the LB server group Select the protocol to forward to members of the LB server group
LB health check	Required	Select LB health check Select an LB health check that was created in the same Service Subnet as the LB server group

Table. LB server group service information input fields

Enter or select the required information in the Additional Information Input area.
Category
Required status
Detailed description
Explanation Select Enter resource description
tag Select Add tags
Up to 50 tags can be added per resource
Table. LB server group additional information input fields

Check the created service information and the estimated billing amount, and click the Create button.
- When creation is complete, verify the created resources on the LB server group list page.

Check detailed information of LB server group

In the LB Server Group menu, you can view and edit the resource list and detailed information. The LB Server Group Details page consists of Details, Connected Resources, Tags, Operation History tabs.

To view detailed information about the LB server group, follow these steps.

Click the All Services > Networking > Load Balancer menu. You will be taken to the Load Balancer’s Service Home page.

On the Service Home page, click the LB server group menu. You will be taken to the LB server group list page.

You can modify column visibility by clicking the Settings button at the top right of the table.

Category	Display option	Detailed description
LB server group name	Basic	LB server group resource name
Protocol	Basic	LB server group protocol
Load Balancer name	Basic	Load Balancer resource name linked to the LB server group
LB Health Check ID	Basic	LB server group’s LB health check resource name
Number of members	Basic	Number of members registered in the LB server group
Creation date and time	Basic	LB server group creation time
status	Basic	LB server group resource status

Table. LB server group list items

On the LB server group list page, click the resource to view detailed information. It navigates to the LB server group details page.

LB Server Group Details At the top of the page, status information and descriptions of additional features are displayed.

Category

Detailed description

status

LB server group resource status

Active: The service is active and functioning normally

Deleting: Processing service termination request

Creating: Processing service creation request

Error: Cannot determine current status due to an internal error
- If this status persists, please contact through the Support Center

Editing: Processing service modification request

Delete LB server group

Delete LB server group resource

Table. LB server group status information and additional feature items

Detailed Information

In the Detailed Information tab, you can view the detailed information of a resource from the LB server group list, and edit it if necessary.

Category	Detailed description
service	Service name
Resource Type	Resource Type
SRN	Unique resource ID in Samsung Cloud Platform
Resource name	Resource name
Resource ID	Unique resource ID in the service
Constructor	User requesting service creation
Creation date	Service creation date and time
Editor	User requesting service modification
Modification date and time	Service modification date and time
Load Balancer name	Load Balancer resource name connected to the LB server group When the resource name is clicked, go to the detail page
LB server group name	LB server group name
VPC name	VPC resource name where the LB server group was created Click the resource name to go to the detail page
Service Subnet name	Subnet resource name where the LB server group is created Click the resource name to go to the detail page
Port	LB server group forwarding port
Protocol	LB server group forwarding protocol
Load balancing	LB server group traffic distribution method Edit icon can be clicked to edit
LB health check	LB health check resource name Click the Edit icon to edit
description	LB server group addition description Edit Click the icon to edit

Table. LB server group detailed information tab items

Connected resources

Connected Resources tab allows you to view the list of members connected to the LB server group, and you can add or delete members.

Category	Detailed description
Add member	Add LB Server Group Member button
Member name	Member name (server name) added to the LB server group
IP address	Member IP address
Port	Member receive port
weight	Load balancing weight Default 1 In an LB server group, when using weighted load balancing (Weighted Round Robin, Weighted Least Connection), values from 1 to 1000 can be entered
Activation	Member activation status Enable: Receiving client requests Disable: Excluded from receiving client requests
Creation date and time	Member addition date/time
Health check status	Health check status information Healthy: Health check is normal Unhealthy: Health check is abnormal Unknown: Health check status cannot be determined
status	Member resource status

Table. List of resources connected to the LB server group

Job History

Work History tab allows you to view the operation history of the selected resource.

Category	Detailed description
Work history	Task execution details
Operation date and time	Task execution date and time
Resource Type	Resource Type
Resource Name	LB server group name
Operation result	Task execution result (success/failure)
Operator Information	User information of the performed operation

Table. LB server group operation history list items

Managing LB Server Group Resources

You can view the member list of an LB server group and add or remove members.

Add member

You can add members to the LB server group to register server resources that will handle client requests.

To add a member to the LB server group, follow these steps.

Click the All Services > Networking > Load Balancer menu to go to the Load Balancer’s Service Home page.
On the Service Home page, click the LB Server Group menu. You will be taken to the LB Server Group List page.
On the LB Server Group List page, click the resource you want to edit detailed information for. You will be taken to the LB Server Group Detail page.
On the LB Server Group Details page, click the Connected Resources tab. You will be taken to the Connected Resources tab page.
On the Connected Resources tab page, click the Add Member button in the upper right.

Add Member After entering the required information in the popup window, click the Confirm button.

Category

Required status

Detailed description

LB server group name

basic

LB server group name for adding a member

target server

Required

Server information to add as a member

Virtual Server/Bare Metal Server: Select from the list of servers created in the same VPC as the LB server group

Enter IP Directly: Enter server IP directly

Click the Add button to add the target server

Member information

Required

Member Port and Weight Settings

Member Name: Display the server name and IP to be added as a member

Port: The port the member will receive

Weight: The weight applied to load balancing
- When using Weighted Round Robin or Weighted Least Connection load balancing, a value between 1 ~ 1000 is required

Table. LB server group member addition item

Click the OK button in the alert dialog.
Check if members have been added in the Connected Resources tab.

guide

Add the following rule to the Security Group of the server added as a member to allow communication between the Load Balancer and the LB server group members.

(Direction) Inbound rule, (Target address) Load Balancer’s Source NAT IP, (Protocol) LB server group protocol, (Allowed port) member port

Reference

If the LB server group is in Creating, Editing, Deleting, Error state, you cannot add members.
If the number of members that can be created in the Account to which the LB server group belongs is exceeded, you cannot add members. The maximum number of members that can be created in a single Account is 1,000.

Reference

Through VPC Peering, you can add a server created in another VPC as a member. After adding the target server by Enter IP Directly, check the Health Check Status of the added member in the Connected Resources tab.
For detailed information, refer to VPC > VPC Peering.

Member Edit

When you click a member name in the member list, you are taken to the Member Details page. You can view the member details, and you can click the Edit icon to change the information.

To edit member details, follow these steps.

Click the All Services > Networking > Load Balancer menu to go to the Load Balancer’s Service Home page.
On the Service Home page, click the LB Server Group menu. You will be taken to the LB Server Group List page.
On the LB Server Group List page, click the resource you want to edit details for. You will be taken to the LB Server Group Details page.
On the LB Server Group Details page, click the Connected Resources tab. You will be taken to the Connected Resources tab page.
Linked Resources tab page, click the member you want to edit. You will be taken to the Member Details page.
Edit the desired member information on the Member Details page.

Weight modification

It can be modified when using weighted load balancing (Weighted Round Robin, Weighted Least Connection).

Click the Edit icon of the Weight item. In the edit window, enter the weight to edit and click the Confirm button.

Port modification

To edit a member port, click the Edit icon in the Port field. In the edit window, enter the port to edit and click the Confirm button.

Activate edit

To modify member activation, click the Edit icon of the Activation item. In the edit window, set the activation status and click the Confirm button.

Reference

If you change the activation to Disable, the member will only handle existing connections and will stop new connections.

Delete member

To delete unused members, follow these steps.

Click the All Services > Networking > Load Balancer menu. You will be taken to the Load Balancer’s Service Home page.
On the Service Home page, click the LB Server Group menu. You will be taken to the LB Server Group List page.
On the LB Server Group List page, click the resource whose details you want to edit. You will be taken to the LB Server Group Details page.
On the LB Server Group Details page, click the Connected Resources tab. You will be taken to the Connected Resources tab page.
Linked Resources tab page, click the member you want to delete. You will be taken to the Member Details page.
On the Member Details page, click the Delete Member button.
Check whether the member has been deleted in the Connected Resources tab.

Terminate LB server group

You can terminate an unused LB server group. However, because it may affect the application service, please request termination only after thorough prior review.

guide

The LB server group cannot be terminated in the following cases.

If the LB server group is being used in a Listener: modify the Listener’s LB server group before deleting the LB server group.
If there are members registered in the LB server group: Delete all resources attached to the LB server group before terminating the LB server group.
When using an LB server group in an Auto Scaling Group: configure the load balancer so it is not used by the Auto Scaling Group, or adjust it so that the LB server group is not utilized. For more details, see Auto-Scaling Group > Load Balancer Usage.

To terminate the LB server group, follow these steps.

Click the All Services > Networking > Load Balancer menu. You will be taken to the Load Balancer’s Service Home page.
On the Service Home page, click the LB Server Group menu. You will be taken to the LB Server Group List page.
From the LB server group list, click the resource to be terminated. You will be taken to the LB server group detail page.
On the LB server group detail page, click the LB server group delete button.
Once the termination is complete, check the resource termination status in the LB server group list.

3.2.2 - LB Health Check

Users can create LB health checks through the Samsung Cloud Platform Console and use them for LB server groups.

Create LB health check

Reference

You can create up to 500 LB health checks per account.

To create an LB health check, follow these steps.

Click the All Services > Networking > Load Balancer menu. You will be taken to the Load Balancer’s Service Home page.
On the Service Home page, click the LB Health Check menu. You will be taken to the LB Health Check List page.
On the LB Health Check List page, click the Create LB Health Check button. You will be directed to the Create LB Health Check page.

On the LB Health Check Creation page, enter the information required to create the service and select detailed options.

In the Service Information Input area, enter or select the required information.

Category	Required	Detailed description
LB health check name	Required	LB health check resource name Enter using English uppercase and lowercase letters, numbers, and special characters (`-_`) with a length of 3 to 63 characters LB health check name must be unique within the Account
VPC name	Required	Select the VPC to create the LB health check Select the VPC where the LB server group that will use the LB health check is created
Service Subnet name	Required	Select the VPC Subnet to create the LB health check Select the Subnet where the LB server group that will use the LB health check is created
Health check method > Protocol	Required	Health Check Protocol Select the protocol to use for member health checks among TCP, HTTP
Health check method > Health check port	Required	Health check port Enter a value between 1 and 65,534 to use as the member health check port
Health check method > interval	Required	Health check interval Default is 5 seconds, input allowed between 1 and 180 seconds
Health check method > waiting time	Required	Health check response wait time Default 5 seconds, can be set between 1 and 180 seconds Cannot be set to a value larger than the interval
Health check method > detection count	Required	Number of times to evaluate health check status Default value 3 times, input allowed between 1 and 10
Health check method > HTTP method	Required	Set HTTP request method (HTTP protocol usage setting) Select GET or POST
Health check method > URL monitor	Required	Enter health check URL path (set when using HTTP protocol) Enter using English letters, numbers, and special characters (`/.-_?&=`) within 50 characters
Health check method > Response code	Required	Enter the HTTP response codes to receive from the server (HTTP protocol when used) Enter response codes in the 200 ~ 500 range
Health check method > request string	Required	Health check request string input (HTTP protocol POST method setting) Enter the content to include in the Request Body using English letters, numbers, and special characters (`/.-_?&=`) within 255 bytes

Table. LB health check service information input items

In the Additional Information Input area, enter or select the required information.
Category
Required status
Detailed description
description Select Enter resource description
tag Select Add tags
Up to 50 tags can be added per resource
Table. LB server group additional information input fields

Summary Check the service information and estimated charges created in the panel, and click the Create button.
- When creation is complete, check the created resources on the LB Health Check List page.

guide

Add the following rule to the Security Group of the server added as a member for member health checks in the Load Balancer.

(Direction) Inbound rule, (Target address) Load Balancer’s health check IP, (Protocol) health check protocol, (Allowed port) health check port
It is recommended to set the health check port the same as the member port.
If the health check port and the member port differ, the health check is performed using the member port.

guide

Configure the LB health check to a value that members added to the LB server group can respond to.

Since the Load Balancer determines member status based on health check responses, the LB health check results may differ from the actual service status.

View detailed LB health check information

In the LB Health Check menu, you can view and edit the resource list and detailed information. The LB Health Check Details page consists of Details, Connected Resources, Tags, Activity Log tabs.

To view detailed LB health check information, follow these steps.

Click the All Services > Networking > Load Balancer menu. You will be taken to the Load Balancer’s Service Home page.

On the Service Home page, click the LB Health Check menu. You will be taken to the LB Health Check List page.

You can modify the column visibility by clicking the Settings button at the top right of the table.

Category	Display option	Detailed description
LB health check name	Basic	LB health check resource name
Service Subnet ID	Basic	VPC Subnet name where the LB health check was created
Number of LB server groups	Basic	Number of LB server groups using LB health check
type	Basic	LB Health Check Type
Protocol	Basic	LB health check protocol
Creation date and time	Basic	LB health check creation timestamp
status	Basic	LB health check resource status

Table. LB health check list items

On the LB Health Check List page, click the resource to view detailed information. You will be taken to the LB Health Check Details page.

LB Health Check Details At the top of the page, status information and descriptions of additional features are displayed.

Category

Detailed description

status

LB health check resource status

Active: The service is active and functioning normally

Deleting: Processing service termination request

Creating: Processing service creation request

Error: Unable to determine current status due to an internal error
- If this status persists, please contact the Support Center

Editing: Processing service modification request

Delete LB health check

Delete LB health check resource

Table. LB health check status information and additional feature items

Detailed Information

Details tab allows you to view the resource’s detailed information from the LB health check list, and edit the information if needed.

Category	Detailed description
Service	Service name
Resource Type	Resource Type
SRN	Unique resource ID in Samsung Cloud Platform
Resource name	Resource Name
Resource ID	Unique resource ID in the service
constructor	User requesting service creation
Creation date and time	Service creation date and time
Editor	Service modification request user
Modification date and time	Service modification date and time
LB health check name	LB health check name
type	LB health check type
VPC name	VPC to use for LB health check Click the resource name to go to the detail page
Service Subnet name	VPC Subnet for LB health checks Click the resource name to go to the detail page
Health check method	LB health check method configuration information Edit icon can be clicked to modify
description	Additional information about LB health check You can edit by clicking the Edit icon

Table. LB health check detailed information tab items

Connected resource

In the Connected Resources tab, you can view detailed information about the LB server groups associated with the LB Health Check.

Category	Detailed description
LB server group name	LB server group resource name When you click the resource name, navigate to the LB server group detail page
Protocol	LB health check protocol
Load Balancer name	Load Balancer resource name linked to the LB server group
Number of members	Number of members added to the LB server group
Creation date and time	LB server group creation timestamp
status	LB server group resource status Active: The service is active and functioning normally Deleting: Processing service termination request Creating: Processing service creation request Error: Unable to determine current status due to an internal error If this status persists, please contact through the Support Center Editing: Processing service modification request

Table. LB health check connected resource list items

Job History

Work History tab allows you to view the operation history of the selected resource.

Category	Detailed description
Work history	Task execution details
Operation Date/Time	Execution date and time
Resource Type	Resource Type
Resource Name	LB health check name
Work result	Task execution result (success/failure)
Operator Information	User information of the performed operation

Table. LB health check job history list items

Modify LB health check method

LB Health Check Details page allows you to modify the health check method.

To modify the LB health check method, follow these steps.

Click the All Services > Networking > Load Balancer menu. You will be taken to the Load Balancer’s Service Home page.
On the Service Home page, click the LB Health Check menu. You will be taken to the LB Health Check List page.
LB Health Check List page, click the resource you want to edit details for. You will be taken to the LB Health Check Details page.
On the LB Health Check Details page, click the Edit icon of the Health Check Method. You will be taken to the Edit Health Check Method popup.
Modify health check method After editing the required information in the popup window, click the Confirm button.

Cancel LB health check

You can cancel the LB health check service you are not using.

Caution

default type LB health check resource cannot be deleted.
LB health check resources used by the LB server group cannot be deleted.

To disable the LB health check, follow these steps.

Click the All Services > Networking > Load Balancer menu. You will be taken to the Load Balancer’s Service Home page.
On the Service Home page, click the LB Health Check menu. You will be taken to the LB Health Check List page.
Click the resource to terminate from the LB health check list. You will be taken to the LB health check details page.
On the LB Health Check Details page, click the Delete LB Health Check button.
Once the termination is complete, check the resource termination status in the LB health check list.

3.3 - API Reference

API Reference

3.4 - CLI Reference

CLI Reference

3.5 - Release Note

Load Balancer

2026.03.19

FEATURE Add Load Balancer feature

A feature has been added to enable setting a Private NAT IP on the Service IP.
The ‘TCP_Proxy’ protocol has been added to the L4 Listener.

2026.03.19

CHANGED Load Balancer feature change

The conditions for creating L4 Listener service ports have been changed.
- It has been changed to allow creating a Listener on the same service port for both TCP and UDP protocols.
The method for entering L7 Listener routing rules has been changed.
- LB server group forwarding > Modified to allow users to add a ‘/’ path in the URL path.
- LB server group forwarding > The matching method for the entered path in the URL path has been changed from ‘Contains(Include match)’ to ‘Starts with(Start part match)’.
- LB server group forwarding > The ‘Default’ condition for the request host in the host header has been added.

2025.12.16

FEATURE Change LB health check settings and add LB health check, LB server group options

The method for configuring the LB health check port has been changed.
- You can select either a member port or manual entry, and when using manual entry, specify the port to use.
- Existing LB health checks are changed to the member port. (Same as the current health check method)
The HTTPS option has been added to the LB health check protocol.
- You can monitor the server’s TLS connection status.
When using URL redirection in an HTTP Listener, you can specify the target port for the redirection.
You can add Multi-node GPU Cluster resources to the LB server group members.

2025.10.23

FEATURE Add Load Balancer feature

When creating a Load Balancer, you can set the Source NAT IP and health check IP.
TLS protocol has been added to the L4 Listener.
- You can set up a TLS service over TCP.
A routing rule option has been added to the L7 Listener.
- Routing conditions allow you to set up branching by URL path or by host.
Supports multiple SSL certificates.
- By supporting SNI, you can register multiple certificates on a single Listener.

2025.07.01

FEATURE Add LB health check and LB server group feature

Add LB health check management feature
- You can create an LB health check, define the required health check method, and connect it to an LB server group for use.
Support for weighted load balancing of LB server groups
- Weighted Round Robin and Weighted Least Connection have been added to the load balancing options.
- You can set per-member weights to distribute server load.
Add LB server group member activation feature
- You can choose to activate members of the LB server group by disabling or enabling them.

2025.02.27

NEW Launch of new Load Balancer service

A Load Balancer service that provides more stable and enhanced features has been launched.
Provides an L7 Load Balancer that supports HTTP and HTTPS protocols.
Provides an L4 Load Balancer that supports TCP and UDP protocols.

4 - DNS

4.1 - Overview

Service Overview

The DNS service converts domain names, which are convenient for humans to recognize, into numeric IP addresses that the system can identify, allowing access to services.
With the DNS service, users can easily register the desired domain and manage its DNS records themselves.

Features

Easy Domain Registration: You can register and modify new domains via a web-based console. Without building separate DNS infrastructure or installing DNS solutions, you can easily create and manage domains through the web.
Support for Various Records: You can configure various resource record types such as A, AAAA, CNAME, TXT, MX, SPF, and it automatically scales to handle large query volumes without user intervention.
Convenient Hosting Environment Management: You can select and use a Public domain name, which is exposed to the Internet to provide web services, or a Private domain name, which is accessible only to designated internal users without an Internet connection, according to your usage environment and purpose.

Configuration diagram

Provided features

The DNS service provides the following functions.

Hosting Zone Creation/Management: You can create and manage Public Hosted Zones that are accessible from anywhere via the Internet, and Private Hosted Zones that are not exposed to the Internet and are only accessible within a designated network environment.
Public Domain Name Application: You can apply for a Public Domain Name that can be accessed from anywhere via the Internet.
Support for various resource records: You can select and use record types that suit your environment and purpose.

Record type	Detailed description
A	Specify the IPv4 address corresponding to the domain name so that the IP address can be resolved from the domain name.
AAAA	Specify the IPv6 address corresponding to the domain name so that the IP address can be resolved from the domain name.
TXT	Set text information for the domain
CNAME	Assign an alias for the domain name
MX	Specify the mail server for the user’s domain and subdomains
SPF	To prevent spam mail, verify the sending mail server’s IP address or domain name, etc. (Sender Policy Framework)
NS	Name server responsible for this domain (auto-generated)
SOA	Define the domain’s initial information (the starting point of authority) (auto-generated)

Component

Private DNS

To manage private domain names for use only within a designated network environment without exposing them to the internet, you must first create a Private DNS. The Private DNS name is used uniformly across all regions within the account. It can be initially created in any region of the account, and later it can be activated in other regions using the same Private DNS name from the Private DNS list. You can select the VPC to connect to Private DNS for each region. By using a common Private DNS name, you can share and manage the Private Hosted Zone information across all regions.

Hosted Zone

Private Hosted Zone allows you to create and manage domain names that can be used only in the network environment designated for VPCs connected to Private DNS. A Public Hosted Zone can manage the public domain name created through the Samsung Cloud Platform. Through a Hosted Zone, you can create and edit records that match your intended use.

Public Domain Name

You can apply for a Public Domain Name in partnership with Whois, the public domain name management provider. Public Domain Name can be purchased in one-year increments, and you can set or change the automatic renewal (in one-year increments) up to 7 days before the expiration date.

Constraints

The constraints of the DNS service are as follows.

Category	description
Number of Private DNS that can be created per account	1
Number of Hosted Zones that can be created in an Account	20
Number of records that can be registered per Hosted Zone	100

Reference

Requests to use Public Domain Name and Public Hosted Zone in the Korea South (kr-south) region are restricted.

Preceding Service

The DNS service has no prerequisite services.

4.1.1 - TLD List

TLD (Top-Level Domain) list

The following TLDs are available. When applying for a Public Domain Name, an annual fee is incurred that varies by TLD type.

TLD type	Public Domain Name registration fee (KRW/year, VAT excluded)
.COM	20,000
.NET	20,000
.ORG	20,000
.KR	24,000
.PE.KR	16,000
.BIZ	20,000
.INFO	20,000
.CN	65,000
.TV	90,000
.IN	65,000
.EU	80,000
.AC	286,000
.TW	100,000
.MOBI	44,000
.NAME	30,000
.CC	90,000
.JP	198,000
.ASIA	55,000
.ME	44,000
.TEL	44,000
.PRO	44,000
.SO	103,000
.SX	90,000
.CO	100,000
.XXX	200,000
.PW	44,000
.PH	100,000
.io	91,000
.app	42,500
.co.kr	24,000

4.1.2 - ServiceWatch Metrics

DNS sends metrics to ServiceWatch. The metrics provided by default monitoring are data collected at 5‑minute intervals.

Reference

Refer to the ServiceWatch guide for how to view metrics in ServiceWatch.

Basic Metrics

The following are the basic metrics for the Private DNS namespace.

The indicators whose names are displayed in bold below are the key indicators selected from the basic indicators provided by Private DNS. Key metrics are used to configure service dashboards that are automatically built for each service in ServiceWatch.

Each metric indicates, via the user guide, which statistical values are meaningful when viewing that metric, and among the meaningful statistics, the values shown in bold are the primary statistics. In the service dashboard, you can view key metrics using these primary statistical values.

Performance items	Detailed description	unit	Meaningful statistics
privatedns.operation.per_sec	Number of UDP-based data requests processed per second on user request	Count/Second	Average Total
privatedns.query.outbound.per_sec	Number of requests per second sent to external DNS servers for user queries	Count/Second	Total Average
privatedns.query.answers_slow	Number of requests sent to external DNS servers for user queries with slow responses (within 1 second)	Count/Second	Total Average
privatedns.response.nxdomain.per_sec	Number of NXDOMAIN responses received per second from external DNS servers for user queries	Count/Second	Maximum Total Average
privatedns.response.servfail.per_sec	Number of SERVFAIL responses received per second from external DNS servers for user queries	Count/Second	Average Total

Table. DNS Basic Metrics

4.2 - How-to guides

The user explains the items to verify before creating a DNS service through the Samsung Cloud Platform Console.

Preface before Using Private Domain Name Management

Before using Private Domain Name management, first verify the following items.

To manage private domain names for use only within a designated network environment without exposing them to the internet, you must first create a Private DNS.
The defined Private DNS name is used uniformly across all regions within the account. It can be initially created in any region within the account, and thereafter, in other regions, it is activated and used from the Private DNS list with the same Private DNS name.
You can optionally configure the VPCs you want to connect to Private DNS for each region. When first created or activated, no VPC is connected.
The Private DNS name may already be in use within the Samsung Cloud Platform, and you can verify its availability by performing a duplicate check when entering the domain name.
Hosted Zone information is shared across all regions. However, some detailed information (SRN, creator, modifier information) can only be viewed in the region where it was originally created.

General usage examples are shown below. For detailed usage instructions, refer to the How-to guides of the respective subservice.

Order	Subservice	Key procedures
STEP 1	Private DNS	Create Private DNS (Region A) → Connect VPC in Region A → Activate Private DNS (Region B) → Connect VPC in Region B
STEP 2	Hosted Zone	Create Private Hosted Zone → Register record
STEP 3	-	View detailed information, edit, and cancel

Table. Private Domain Name Management General Usage Procedure

Public Domain Name Management: Foreword Before Use

Before using Public Domain Name management, please check the following items first.

Public Domain Names intended for use on the internet can be managed through a Hosted Zone only for domain names that have been registered via the Samsung Cloud Platform.
The list of available top-level domains may change.

An example of the typical usage procedure is shown below. For detailed usage instructions, refer to the How-to guides of the respective subservice.

Category	Subservice	Main Procedure
STEP 1	Public Domain Name	Verify availability and apply for the Public Domain Name you wish to use
STEP 2	Hosted Zone	Create a Hosted Zone for the requested Public Domain Name → Register records
STEP 3	-	View detailed information, edit, cancel

Table. Public Domain Name Management General Usage Procedure

4.2.1 - Private DNS

Users can create the service by entering the required information for the Private DNS service and selecting detailed options through the Samsung Cloud Platform Console.

Create Private DNS

You can create and use a Private DNS service in the Samsung Cloud Platform Console.

Reference

Only one Private DNS service can be created per account.

To request the creation of a Private DNS service, follow the steps below.

All Services > Networking > DNS Click the menu. Proceed to the Service Home page.
Click the Private DNS Create button in the dropdown of the Service Home page. You will be taken to the Private DNS Create page.

On the Private DNS Creation page, enter the information required to create the service and select detailed options.

Enter or select the required information in the Service Information Input area.

Category

Required

Detailed description

Private DNS name

Required

Enter the Private DNS name to use

Enter using 3 - 20 characters, including lowercase letters, numbers, and the special character (-)

Cannot be the same as an existing name in use

VPC connection

Select

Click the Select button to choose a VPC

Up to 5 VPCs can be registered

Table. Private DNS service information input items

In the Additional Information Input area, enter or select the required information.

Category

Required status

Detailed description

description

Selection

Enter additional information and description for Private DNS

tag

Select

Add Tag

Up to 50 per resource can be added

After clicking the Add Tag button, enter or select Key, Value values

Table. Private DNS additional information input fields

Check the creation history and click the Create button.
- When creation is complete, check the created resources on the Private DNS List page.

Check Private DNS detailed information

Private DNS service allows you to view and edit the full resource list and detailed information. Private DNS Details page consists of Details, Tags, Activity Log tabs.

To view the detailed information of Private DNS, follow these steps.

Click the All Services > Networking > DNS menu. Navigate to the DNS Service Home page.
On the Service Home page, click the Private DNS menu. You will be taken to the Private DNS List page.

On the Private DNS List page, click the resource you want to view detailed information for. You will be taken to the Private DNS Details page.

Private DNS Details page displays the status and detailed information of Private DNS, and consists of Details, Tags, Activity History tabs.

Category

Detailed description

Service status

Private DNS status

Creating: creating

Activing: activating

Active: active

Inactive: inactive

Editing: editing settings

Deleting: deleting

Error: error occurred

Service termination

Button to disable Private DNS

Table. Private DNS status information and additional features

Detailed Information

Private DNS List page allows you to view detailed information of the selected resource and edit the information if necessary.

Category	Detailed description
Service	Service name
Resource Type	Resource Type
SRN	Unique resource ID in Samsung Cloud Platform
Resource Name	Resource Name
Resource ID	Unique resource ID in the service
Constructor	User who created the service
Creation date and time	Service creation timestamp
Editor	User who edited the service information
Modification date	Date and time the service information was modified
Initial creation location	Initial creation location of Private DNS
VPC connection	VPC information connected to Private DNS Edit icon can be clicked to change the VPC Click the connected VPC name to navigate to the detail page
Explanation	Private DNS description Edit Click the icon to edit the description

Table. Private DNS detailed information tab items

Job History

Private DNS List page lets you view the operation history of the selected resource.

Category

Detailed description

Task History List

Resource Change History

You can view operation details, operation time, resource type, resource name, operation result, and operator information

Operation History List When you click the corresponding resource in the list, the Operation History Details popup opens

Table. Private DNS operation history tab items

Activating Private DNS from a location other than its initial creation location

You can enable and use Private DNS in regions other than the region where it was originally created.

To enable the Private DNS service, follow these steps.

Click the All Services > Networking > DNS menu. Navigate to the DNS Service Home page.
On the Service Home page, click the Private DNS menu. You will be taken to the Private DNS List page.
Click the More > Activate button of the resource you want to enable from the Private DNS list. A notification dialog will appear.
- The activation button is displayed only for Private DNS entries with Inactive status.
Click OK in the alert dialog.

Configure VPC connection for Private DNS

You can configure the VPC information connected to the Private DNS service.

To configure the VPC connection for Private DNS, follow these steps.

Click the All Services > Networking > DNS menu. Go to the DNS Service Home page.
On the Service Home page, click the Private DNS menu. You will be taken to the Private DNS List page.
On the Private DNS List page, click the resource you want to view detailed information for. You will be taken to the Private DNS Details page.
On the Private DNS Details page, click the Edit icon of the VPC connection item. The VPC connection selection popup window opens.
In the VPC connection selection popup window, select the VPC to connect and click OK.
Check that the selected VPC is displayed in the VPC connection item.

Terminate Private DNS

You can request termination of the Private DNS service from the Samsung Cloud Platform Console.

Caution

If a Hosted Zone resource is attached to a Private DNS service, it cannot be terminated. To terminate the service, first delete the attached resource.

To request cancellation of the Private DNS service, follow the steps below.

Click the All Services > Networking > DNS menu. Navigate to the DNS Service Home page.
On the Service Home page, click the Private DNS menu. You will be taken to the Private DNS List page.
On the Private DNS List page, click the resource to view detailed information. You will be taken to the Private DNS Details page.
On the Private DNS Details page, click the Cancel Service button.
Once the termination is complete, check the service termination status in the Private DNS list.

4.2.2 - Hosted Zone

Users can create the service by entering the required information for the Hosted Zone service and selecting detailed options through the Samsung Cloud Platform Console.

Create Hosted Zone

You can create and use the Hosted Zone service in the Samsung Cloud Platform Console.

To request the creation of a Hosted Zone service, follow the steps below.

All Services > Networking > DNS menu, click it. You will be taken to the Service Home page.
Click the Create Hosted Zone button in the dropdown of the Service Home page. Proceed to the Create Hosted Zone page.

Create Hosted Zone page, enter the information needed to create the service, and choose detailed options.

Enter or select the required information in the Service Information Input area.

Category

Required status

Detailed description

Usage classification

Required

Select a domain appropriate for the purpose of the Hosted Zone

Private: Domain that can be used only within the Samsung Cloud Platform

Public: Domain that can be accessed from outside (the Internet)

Private DNS name to register

Required

Select from the pre-created Private DNS

Selectable only when Private is chosen in the usage classification

Hosted Zone name to register

Required

Enter the Hosted Zone name to use

Enter using lowercase letters, numbers, and hyphens (-), within 2 to 63 characters

When applying for a new domain, click the Check Availability button to verify duplication

Table. Hosted Zone service information input items

In the Additional Information Input area, enter or select the required information.

Category

Required status

Detailed description

Explanation

Select

Enter additional information and description for the Hosted Zone

tag

Select

Add Tag

Up to 50 can be added per resource

After clicking the Add Tag button, enter or select Key and Value values

Table. Hosted Zone additional information input fields

Check the generation history and click the Generate button.
- After creation is complete, check the created resources on the Hosted Zone list page.

Check Hosted Zone details

The Hosted Zone service allows you to view and edit the full list of resources and detailed information. Hosted Zone Details page consists of Details, Records, Tags, Activity Log tabs.

To view detailed information about the Hosted Zone, follow these steps.

All Services > Networking > DNS menu, click it. Then go to the Service Home page.
On the Service Home page, click the Hosted Zone menu. You will be taken to the Hosted Zone List page.

On the Hosted Zone List page, click the resource you want to view details for. You will be taken to the Hosted Zone Details page.

Hosted Zone Details page displays the Hosted Zone’s status information and details, and consists of Details, Records, Tags, Activity History tabs.

Category

Detailed description

Service status

Hosted Zone status

Creating: In progress

Active: Running

Editing: Changing settings

Deleting: Terminating

Error: An error occurred

Delete Hosted Zone

Button to delete the Hosted Zone

Table. Hosted Zone status information and additional features

Detailed Information

On the Hosted Zone List page, you can view detailed information of the selected resource and edit the information if needed.

Category	Detailed description
Service	Service name
Resource Type	Resource Type
SRN	Unique resource ID in Samsung Cloud Platform
Resource Name	Resource Name
Resource ID	Unique resource ID in the service
Constructor	User who created the service
Creation date and time	Service creation date and time
Editor	User who edited the service information
Modification date and time	Date and time the service information was modified
Hosted Zone name	Hosted Zone domain name
Usage classification	Display selected usage
Private DNS name	Selected Private DNS name
description	Hosted Zone description Edit Click the icon to edit the description

Table. Hosted Zone detailed information tab items

record

On the Hosted Zone List page, you can view the registered record information and add, modify, or delete records. A record is an item that configures communication with the DNS server, informing the server of the IP address associated with the domain and how to handle requests sent to the domain.

Category	Detailed description
Advanced Search	Record detailed search settings button
Add record	Add Record button
Name	Registered record name
type	Record Types A: Record that assigns an IPv4 address to a domain name AAAA: Record that assigns an IPv6 address to a domain name SPF: Record that registers the sending server’s IP to prevent spam email CNAME: Record that specifies an alias for a domain name MX: Record that designates the mail server for a domain TXT: Record that stores textual information (description) about a domain NS: Name server record responsible for the domain (automatically generated) SOA: Start of Authority record that defines the domain’s initial information (authority start point) (automatically generated)
value	IP address of the record
TTL	Time for DNS response servers to temporarily store records
Auto-generated	Indicate whether automatically generated
status	Service status display
More menu	Record editing and deletion are possible

Table. Items in the Records tab of the Hosted Zone

Job History

On the Hosted Zone List page, you can view the operation history of the selected resource.

Category

Detailed description

Task History List

Resource Change History

You can view operation details, operation time, resource type, resource name, operation result, and operator information

Operation History List When you click the corresponding resource in the list, the Operation History Details popup opens

Table. Hosted Zone operation history tab items

Managing records of a Hosted Zone

You can add or delete records in the Hosted Zone service.

Add Record

To add a record to a Hosted Zone, follow these steps.

Click the All Services > Networking > DNS menu. Navigate to the DNS Service Home page.
On the Service Home page, click the Hosted Zone menu. You will be taken to the Hosted Zone List page.
On the Hosted Zone List page, click the resource you want to view details for. You will be taken to the Hosted Zone Details page.
On the Hosted Zone Details page, click the Record tab. You will be taken to the Record tab page.
Record tab page, click the Add Record button. The Add Record window opens.

In the Add Record window, select the Type, Name, Value, and TTL fields, then click Confirm. A notification dialog will appear.

Category	Detailed description
A	Enter an IP address in IPv4 format Click the Add button to add an IP address, up to 8 can be registered
AAAA	Enter an IPv6-formatted IP address Click the Add button to add an IP address, up to 8 can be registered
SPF	Enter the IP of the server that sent the spam email If registering multiple servers, enter in the format v=spf1 ip4:211.214.160.28 ip4:211.214.16.29 ~all
CNAME	Enter a record alias in domain name format Registration is not possible if entered the same as a value of a different record type
MX	Enter the priority and mail server address Click the Add button to add a server address, up to 8 can be registered When entering priority, input a value within the range 0 - 65,535; the smaller the value, the higher the priority
TXT	Enter text Enter within 250 characters

Table. Detailed items by record type

Click Confirm in the notification dialog.
Check that the added item appears in the record list.

Modify Record

Caution

Records created by the system or records in an Error state cannot be edited.

To modify a Hosted Zone’s records, follow these steps.

Click the All Services > Networking > DNS menu. Navigate to the DNS Service Home page.
On the Service Home page, click the Hosted Zone menu. You will be taken to the Hosted Zone List page.
On the Hosted Zone List page, click the resource you want to view details for. You will be taken to the Hosted Zone Details page.
On the Hosted Zone Details page, click the Record tab. You will be taken to the Record tab page.
On the Record tab page, click the list’s More menu and select Edit. The Record Edit window opens.
In the record edit window, modify the desired fields and click OK.
Click OK in the notification dialog.

Delete Record

Caution

Records created by the system cannot be deleted.

To delete a record in a Hosted Zone, follow these steps.

Click the All Services > Networking > DNS menu. Navigate to the DNS Service Home page.
On the Service Home page, click the Hosted Zone menu. You will be taken to the Hosted Zone List page.
On the Hosted Zone List page, click the resource to view its details. You will be taken to the Hosted Zone Details page.
On the Hosted Zone Details page, click the Record tab. You will be taken to the Record tab page.
Record tab page, click the More menu of the list and click Delete. A confirmation alert opens.
Click Confirm in the alert dialog.

Terminate Hosted Zone

You can request cancellation of the Hosted Zone service from the Samsung Cloud Platform Console.

Caution

If a record is registered in the Hosted Zone service, you cannot cancel it. To cancel the service, first delete the registered record.

To request termination of the Hosted Zone service, follow the steps below.

Click the All Services > Networking > DNS menu. Navigate to the DNS Service Home page.
On the Service Home page, click the Hosted Zone menu. You will be taken to the Hosted Zone List page.
On the Hosted Zone List page, click the resource you want to view details for. You will be taken to the Hosted Zone Details page.
On the Hosted Zone Details page, click the Hosted Zone Delete button.
After the termination is complete, check the service termination status in the Hosted Zone list.

4.2.3 - Public Domain Name

Users can create the service by entering the required information for the Public Domain Name service and selecting detailed options through the Samsung Cloud Platform Console.

Create Public Domain Name

You can create and use the Public Domain Name service in the Samsung Cloud Platform Console.

To request the creation of a Public Domain Name service, follow these steps.

All Services > Networking > DNS Click the menu. You will be taken to the Service Home page.
Click the Public Domain Name Create button in the dropdown of the Service Home page. You will be taken to the Public Domain Name Create page.

On the Public Domain Name creation page, enter the information required to create the service and select detailed options.

Enter or select the required information in the Service Information Input area.

Category

Whether required

Detailed description

Domain name to register

Required

Enter the Public Domain Name to use

Enter using lowercase letters, numbers, and hyphens (-), within 2 to 63 characters

When applying for a new domain, click the Check Availability button to verify duplication

Purchase period

Required

Automatically selected as 1 year

Automatic extension

Required

Set whether to automatically renew when the domain usage period expires

Use selected, enter detailed information

Registrant Name (Business Name): Enter the registrant name or business name within 30 characters

Registrant Email: Enter the registrant’s email address

Registrant Address: Enter the registrant’s company address, click the Find Postal Code button to search and then enter the address

Phone Number: Enter the registrant’s phone number

Table. Public Domain Name Service Information Input Items

In the Additional Information Input area, enter or select the required information.

Category

Required status

Detailed description

Explanation

Select

Enter additional information and description for the Public Domain Name

tag

Select

Add Tag

Up to 50 per resource can be added

After clicking the Add Tag button, enter or select Key, Value values

Table. Public Domain Name additional information input fields

Check the creation history and click the Create button.
- When creation is complete, check the created resource on the Public Domain Name list page.

Caution

The domain auto-renewal feature can be changed up to one week before the domain’s expiration date. If the auto-renewal feature is not used, the domain’s information will be deleted on the expiration date.

Check detailed information of Public Domain Name

The Public Domain Name service allows you to view and edit the full resource list and detailed information. The Public Domain Name Details page consists of Details, Registration Info, Tags, Activity Log tabs.

To view detailed information about the Public Domain Name, follow these steps.

All Services > Networking > DNS menu, click it. You will be taken to the Service Home page.
On the Service Home page, click the Public Domain Name menu. You will be taken to the Public Domain Name List page.

Click the resource on the Public Domain Name List page to view detailed information. You will be taken to the Public Domain Name Details page.

Public Domain Name Details page displays the status information and detailed information of the Public Domain Name, and consists of the Details, Registration Information, Tags, Activity History tabs.

Category

Detailed description

Service status

Public Domain Name status

Creating: In progress

Active: Running

Editing: Settings being changed

Registered: Renewal registration

Transfer Requested: Domain transfer request completed

Expired: Usage period expired

Domain transfer between accounts

Domain transfer request button between accounts

Cancel Transfer Request: Allows canceling a domain transfer request after the request is completed

Approve Transfer Request: Allows approving a transfer request when a domain transfer request is received

Reject Transfer Request: Allows rejecting a transfer request when a domain transfer request is received

Table. Public Domain Name status information and additional features

Detailed Information

On the Public Domain Name List page, you can view detailed information of the selected resource and edit the information if needed.

Category	Detailed description
service	Service name
Resource Type	Resource Type
SRN	Unique resource ID in Samsung Cloud Platform
Resource Name	Resource Name
Resource ID	Unique resource ID in the service
constructor	User who created the service
Creation date and time	Service creation timestamp
Editor	User who edited the service information
Modification date and time	Date and time the service information was modified
domain name	Public Domain Name domain name
Registration date	Public Domain Name domain registration date
Purpose classification	Display selected usage
Expiration date	Public Domain Name Domain Usage Expiration Date
Automatic extension	Display whether the auto-renewal feature is enabled Click the Edit icon to change the setting
description	Public Domain Name description Edit Click the icon to edit the description

Table. Public Domain Name detailed information items

Registration Information

On the Public Domain Name List page, you can view and edit domain registration information.

Category	Detailed description
Registrant name (business name)	The registrant’s name or business name entered when applying for the service
Registrant email	The email address of the registrant entered when applying for the service
Registrant address	The registered company’s address entered when applying for the service
phone number	Registrant’s phone number entered during service application

Table. Public Domain Name registration information tab items

Job History

You can view the operation history of the selected resource on the Public Domain Name List page.

Category

Detailed description

Task History List

Resource Change History

You can view the work details, work timestamp, resource type, resource name, work result, and operator information

Work History List When you click the corresponding resource in the list, the Work History Details popup opens

Table. Public Domain Name Work History Tab Detailed Information Items

Public Domain Request Transfer Between Accounts

You can transfer a registered Public Domain to a user of another account.

Reference

If the domain you want to migrate is being used as a Hosted Zone, you cannot request migration. Delete the existing Hosted Zone first, then request migration.
The domain you want to transfer must have auto-renewal set to unused to make a transfer request. After the domain transfer, you can enable auto-renewal in the account that received the transfer.
Domain transfer requests can be made only up to one month before the domain’s registration expiration date.

To transfer Public Domain information to another account user, follow the steps below.

Click the All Services > Networking > DNS menu. Navigate to the DNS Service Home page.
On the Service Home page, click the Public Domain Name menu. You will be taken to the Public Domain Name list page.
On the Public Domain Name List page, click the resource to view detailed information. You will be taken to the Public Domain Name Details page.
Public Domain Name Details on the page, click the Domain Transfer Between Accounts button. The Domain Transfer Between Accounts popup will open.
Domain transfer between accounts In the popup window, enter the account ID to transfer to and click the Confirm button.
- When the domain transfer request is completed, it changes to the Transfer requested status, and the applicant can click the Cancel transfer request button to cancel the transfer request.
- After a domain transfer request, if a user from another account approves the transfer, the domain information is deleted from the requesting account.
- If the user who received the prior request does not approve within 7 days of the approval request, the prior request will be automatically canceled.

Managing Public Domain Data Transfer Requests

If a user from another account transfers a Public Domain, you can approve or reject the request.

Approve Public Domain information transfer request

To approve a request to move to the Public Domain, follow these steps.

Click the All Services > Networking > DNS menu. Navigate to the DNS Service Home page.
On the Service Home page, click the Public Domain Name menu. You will be taken to the Public Domain Name List page.
Public Domain Name List page, click the resource to view detailed information. You will be taken to the Public Domain Name Details page.
Public Domain Name Details on the page, click the Approve Previous Request button. In the alert dialog, click the Confirm button.

Public Domain Reject request to transfer information

To reject a request before the Public Domain, follow these steps.

Click the All Services > Networking > DNS menu. Navigate to the DNS Service Home page.
On the Service Home page, click the Public Domain Name menu. You will be taken to the Public Domain Name List page.
Public Domain Name List page: click the resource to view detailed information. You will be taken to the Public Domain Name Details page.
On the Public Domain Name Details page, click the Reject Previous Request button. In the alert dialog, click the Confirm button.

Modify registration information of Public Domain Name

You can modify the registration information of a Public Domain Name.

To edit the registration information of a Public Domain Name, follow these steps.

Click the All Services > Networking > DNS menu. Navigate to the DNS Service Home page.
On the Service Home page, click the Public Domain Name menu. You will be taken to the Public Domain Name List page.
On the Public Domain Name List page, click the resource to view detailed information. You will be taken to the Public Domain Name Details page.
On the Public Domain Name Details page, click the Registration Information tab. You will be taken to the Registration Information tab page.
Registration Information tab page, click the Edit button. You will be taken to the Edit Registration Information page.
Go to the Edit Registration Information page. Modify the desired items and click the Done button.

4.3 - Release Note

DNS

2026.03.19

FEATURE DNS feature improvement

You can view measurement values for the following five items in conjunction with Service Watch.
- Number of server error responses (unit: seconds)
- NXDOMAIN response count (unit: seconds)
- Number of queries not responding within 1 second (unit: seconds)
- Number of outgoing UDP queries (unit: seconds)
- Number of UDP-based data request processing (unit: seconds)

2025.12.16

FEATURE Add functionality to transfer Public Domain Name between user accounts

Through the Samsung Cloud Platform, a registered Public Domain Name can be transferred to another user account within the allowed period.

2025.07.01

NEW Official release of DNS service version

We have officially launched a DNS service that can be used in private networks and internet environments. You can manage Private DNS and Private Hosted Zones for restricted networks, and apply for Public Domain Name registration and manage Public Hosted Zones for internet environments.

2024.07.02

NEW Beta version release

We have launched a beta DNS service that offers domain registration request and management capabilities based on user requests.

5 - VPN

5.1 - Overview

Service Overview

VPN (Virtual Private Network) is a service that connects the customer’s network to the Samsung Cloud Platform via an encrypted virtual private network.

Features

Prompt Service Delivery You can configure automated services through a web-based console, and after creating a service, you can use the VPN service immediately without any waiting time.
Thorough Secure Connection You can securely connect from a customer’s external network to the customer’s internal network built on the Samsung Cloud Platform via encrypted virtual tunneling using a performance‑ and reliability‑validated IPsec VPN.
Simple operating environment You can easily and quickly manage web-based deployment, capacity provisioning, and service updates without the need for a complex network environment setup.
Efficient Service Use You can manage costs efficiently because you only pay for the amount of service used, without any separate installation fees.

Provided features

VPN provides the following features.

Provide virtual tunneling encrypted with IPsec
- Compatible VPN: Secui – Bluemax (TG360),Paloalto,Axgate,Cisco-router/ASA/Meraki, Checkpoint,AWS,Azure,Vmware NSX-T
Create Virtual Private Gateway
- Create a gateway to connect the customer’s network to a private network that cannot be accessed from outside.
Create VPN Tunnel
- Select IPsec VPN Gateway (maximum of 5 VPN tunnels per VPN Gateway)
- In an IPsec VPN Gateway high-availability configuration, the Standby device automatically operates when a failure occurs on the Active device.

Constraints

Category	Default quota	Detailed description
VPN Gateway	3	Up to three can be created per account
VPN Tunnel	5	Up to 5 can be created per VPN Gateway

Table. VPN Constraints

Provision status by region

VPN is available in the environments below.

Region	Provision status
Korea West (kr-west1)	Provide
Korea East (kr-east1)	Provide
South Korea South 1 (kr-south1)	Not provided
South Korea South 2 (kr-south2)	Not provided
South Korea South 3(kr-south3)	Provide

Table. VPN availability status by region

Preliminary Service

Service Category	service	Detailed description
Networking	VPC	A service that provides an isolated virtual network in a cloud environment

Table. VPN pre-service

5.1.1 - ServiceWatch Metrics

VPN sends metrics to ServiceWatch. The metrics provided by default monitoring are data collected at a 1‑minute interval.

Reference

For checking metrics in ServiceWatch, refer to the ServiceWatch guide.

Basic Metrics

The following are the basic metrics for the VPN namespace.

The indicators whose names are displayed in bold below are the key indicators selected from the basic indicators provided by VPN. Key metrics are used to configure service dashboards that are automatically built for each service in ServiceWatch.

Each metric indicates, via the user guide, which statistical value is meaningful when viewing that metric, and among the meaningful statistics, the values shown in bold are the primary statistics. In the service dashboard, you can view key metrics using these primary statistical values.

Performance items	Detailed description	unit	meaningful statistics
Network In Total Bytes _vpn_tunnel	Cumulative traffic volume heading from VPN → VPC	Bytes	Total Average Maximum Minimum
Network Out Total Bytes _vpn_tunnel	Cumulative traffic volume from VPC → VPN	Bytes	Total Average Maximum Minimum
Network In Total Bytes _vpn_tunnel_Delta	Cumulative traffic volume over 5 minutes from VPN → VPC	Bytes	Total Average Maximum Minimum
Network Out Total Bytes _vpn_tunnel_Delta	Cumulative traffic volume over 5 minutes from VPC → VPN	Bytes	Total Average Maximum Minimum

Table. VPN basic metrics

5.2 - How-to guides

Create VPN

You can create and use a VPN service from the Samsung Cloud Platform Console.

Caution

You can create up to three VPNs per account. If you exceed the creation limit, you cannot create a new VPN.

To create a VPN, follow these steps.

Click the All Services > Networking > VPN menu. You will be taken to the VPN Service Home page.
On the Service Home page, click the Create VPN button. You will be taken to the Create VPN page.

On the VPN creation page, enter the information required to create the service and select detailed options.

Enter the required information in the Service Information Input area.

Category	Required status	Detailed description
VPN Gateway name	Required	Enter VPN Gateway name Enter using English letters and numbers, within 3 to 20 characters
Connected VPC name	Required	Select the VPC connected to the VPN Gateway Click + New to create a VPC and then select it
Public IP	Required	Select the IP for communicating with the remote site from the VPN Gateway.

Table. VPN Service Information Input Items

Enter or select the required information in the Additional Information Input area.

Category

Required status

Detailed description

Explanation

Selection

User additional description

tag

Selection

Add Tag

Up to 50 can be added per resource

After clicking the Add Tag button, enter or select Key, Value values.

Table. VPN service additional information input fields

Summary Check the detailed information and estimated billing amount generated in the panel, and click the Create button.
- After creation is complete, check the created resources on the VPN List page.

Check VPN detailed information

The VPN service allows you to view and edit the full resource list and detailed information. VPN Details page consists of Details, Tags, Activity Log tabs.

To view detailed information about the VPN service, follow these steps.

Click the All Services > Networking > VPN menu. You will be taken to the VPN’s Service Home page.
On the Service Home page, click the VPN menu. You will be taken to the VPN List page.
On the VPN List page, click the resource to view detailed information. You will be taken to the VPN Details page.
- VPC Details page displays status information and additional feature information, and consists of Details, Tags, Activity History tabs.

Detailed Information

On the VPN List page, you can view the operation history of the selected resource.

Category

Detailed description

Service status

Current status

Active: Operating normally

Creating: Creation in progress

Editing: Configuration in progress

Deleting: Deletion in progress

Error: Unable to determine current status
- If it occurs continuously, contact the registered administrator

Service termination

Cancel VPN service

Table. VPN status information and additional features

Category	Detailed description
Service	Service name
Resource Type	Resource Type
SRN	Unique resource ID in Samsung Cloud Platform
Resource name	VPN resource name
Resource ID	Unique resource ID in the service
constructor	User who created the service
Creation timestamp	Service creation timestamp
Editor	User who modified the service
Modification date and time	Date and time the service information was modified
VPN Gateway name	VPN Gateway name
Connected VPC name	VPC name connected to VPN
Public IP	IP information for communicating with remote sites from the VPN Gateway
Explanation	Additional description written by the user Edit icon can be clicked to edit

Table. VPN detailed information items

Job History

On the VPN Details page, you can view the operation history of the selected resource.

Category	Detailed description
Task History List	Resource Change History Check operation date/time, resource name, operation details, operation result, and operator information

Table. VPN operation history tab detailed information items

Terminate VPN

You can terminate unused VPCs to reduce operating costs. However, terminating a service may cause the running service to stop immediately, so you should thoroughly consider the impact of service interruption before proceeding with the termination.

Caution

If there are resources connected to a VPN, such as a VPN Tunnel, they cannot be terminated.
The VPN service cannot be canceled when its status is Creating or Editing.

To cancel the VPN, follow these steps.

Click the All Services > Networking > VPN menu. Go to the VPN Service Home page.
From the Service Home page, click the VPN menu. You will be taken to the VPN List page.
On the VPN List page, select the resource to cancel. Navigate to the VPN Details page.
On the VPN Details page, click the Cancel Service button.
Once the termination is complete, check on the VPN List page whether the resource has been terminated.

5.2.1 - VPN Tunnel

Create VPN Tunnel

In the Samsung Cloud Platform Console, you can configure IPSec Tunning with remote sites in the VPN service.

To create a VPN tunnel, follow these steps.

Click the All Services > Networking > VPN menu. Navigate to the VPN Service Home page.
On the Service Home page, click the Create VPN Tunnel button. You will be taken to the Create VPN Tunnel page.

On the VPN Tunnel creation page, enter the information required to create the service, and select detailed options.

Enter the required information in the Service Information Input area.

Category	Required status	Detailed description
VPN Tunnel name	Required	Enter VPN Tunnel name Enter using English letters and numbers, within 3 - 20 characters
VPC Gateway name	Required	Select the VPN Gateway to connect
VPC name	Basic	Automatically input VPC information connected to the VPN Gateway
Public IP	Basic	Automatic entry of IP information for communicating with remote sites from the VPN Gateway
Peer VPN GW IP	Required	Enter the IP information of the remote VPN Example: 192.168.10.0
Romote Subnet(CIDR)	Required	Enter the subnet address of the remote site to connect After entering the IP address, click the Add button; you can add up to 10 entries Example: 20.0.0.0/24
Pre-shared Key	Required	Enter the shared key (PSK) to be used for IKE mutual authentication between VPN gateways Enter between 8 and 64 characters It is recommended to use a 32-character alphanumeric string
Explanation	Select	User additional description

Table. VPN Tunnel Service Information Input Items

Enter or select the required information in the Tunnel Settings area.

Category	Required	Detailed description
IKE Settings > IKE Version	Required	Select IKE version
IKE Settings > Algorithm Settings	Required	Select Encryption Algorithm and Digest Algorithm, then click the Add button.
IKE configuration > Diffie-Hellman	Required	Diffie-Hellman Group Selection
IKE configuration > SA Lifetime	Required	Enter the VPN session (Security Association) lifetime
IPSec Settings > Algorithm Settings	Required	Select Encryption Algorithm and Digest Algorithm, then click the Add button.
IPSec Settings > Perfect Forward Secrecy (PFS)	Required	Select whether to use the PFS group
IPSec Settings > Diffie-Hellman	Required	Diffie-Hellman group selection
IPSec Settings > SA Lifetime	Required	Enter the VPN session (Security Association) lifetime

Table. VPN Tunnel configuration items

Enter the required information in the DPD additional settings area.
Category
Required
Detailed description
DPD additional settings > DPD probe interval Required Enter DPD test interval
Enter a value between 1 and 3,600 seconds
Table. VPN Tunnel DPD Additional Settings Input Items
In the Additional Information Input area, enter or select the required information.
Category
Required
Detailed description
tag Select Add Tag
Up to 50 can be added per resource
After clicking the Add Tag button, enter or select Key and Value values
Table. VPN Tunnel additional information input fields

Summary Check the detailed information and estimated billing amount generated in the panel, and click the Create button.
- When creation is complete, check the created resource on the VPN Tunnel List page.

Check VPN Tunnel detailed information

VPN Tunnel service allows you to view and edit the full resource list and detailed information. VPN Tunnel Details page consists of Details, Tags, Activity Log tabs.

To view detailed VPN information, follow these steps.

Click the All Services > Networking > VPN menu. Navigate to the VPN Service Home page.
On the Service Home page, click the Create VPN Tunnel button. You will be taken to the VPN Tunnel List page.
On the VPN Tunnel List page, click the resource to view detailed information. You will be taken to the VPN Tunnel Details page.
- VPN Tunnel Details page displays status information and additional feature information, and consists of Details, Tags, Activity Log tabs.

Category

Detailed description

Status

Current status

Active: Operating normally

Creating: Creating

Editing: Updating information

Deleting: Deleting

Error: Unable to determine current status
- If it persists, contact the registered administrator

Delete VPN Tunnel

VPN Tunnel delete button

Table. VPN Tunnel status information and additional features

Detailed Information

On the VPN Tunnel List page, you can view detailed information of the selected resource and, if necessary, edit the information.

Category	Detailed description
Service	Service name
Resource Type	Resource Type
SRN	Unique resource ID in Samsung Cloud Platform
Resource name	VPN resource name
Resource ID	Unique resource ID in the service
constructor	User who created the service
Creation date	Service creation timestamp
Editor	User who edited the service information
Modification date	Date and time the service information was modified
VPN Tunnel name	VPN Tunnel name
VPN Gateway name	VPN Gateway name
Public IP	Public IP information
Peer VPN GW IP	Peer VPN GW Information Click the Edit icon to modify
Remote Subnet (CIDR)	Remote Sunet information Click the Edit icon to edit
Pre-shared Key	Pre-shared Key information Edit Click the icon to edit
status	Current service connection status
description	VPN Tunnel additional description Edit icon can be clicked to modify
IKE	Click the Edit button to bulk edit configuration information.
IKE Version	IKE Version information
Encryption Algorithm/Digest Algorithm	Algorithm information
Diffie-Hellman	Diffie-Hellman information
SA LifeTime	SA LifeTime information
IPSec	Click the Edit button to bulk edit the configuration information.
Encryption Algorithm/Digest Algorithm	Algorithm information
Diffie-Hellman	Diffie-Hellman information
SA LifeTime	SA LifeTime information
Perfect Forward Secrecy(PFS)	PFS configuration information
DPD	DPD probe interval information Edit Click the icon to edit

Table. VPN Tunnel Detailed Information Items

Job History

VPN Tunnel List page allows you to view the operation history of the selected resource.

Category	Detailed description
Task History List	Resource Change History Check operation date and time, resource name, operation details, operation result, and operator information

Table. VPN Tunnel operation history tab detailed information items

Delete VPN Tunnel

You can reduce operational costs by deleting unused VPC tunnels. However, deleting a tunnel may cause the running service to stop immediately, so you should carefully consider the impact of service interruption before proceeding with the deletion.

To cancel the VPN, follow these steps.

Click the All Services > Networking > VPN menu. You will be taken to the VPN Service Home page.
On the Service Home page, click the Create VPN Tunnel button. You will be taken to the VPN Tunnel List page.
On the VPN Tunnel List page, click the resource to view detailed information. You will be taken to the VPN Tunnel Details page.
VPN Tunnel Delete Click the button.
After termination is complete, check the VPN Tunnel List page to see if the resource has been deleted.

5.3 - API Reference

API Reference

5.4 - CLI Reference

CLI Reference

5.5 - Release Note

VPN

2025.10.23

FEATURE Change the number of remote subnets added to the VPN Tunnel

You can input up to 10 Romote Subnet (CIDR).

2024.02.27

NEW Official release of VPN service

A VPN service that connects the customer network to the Samsung Cloud Platform via an encrypted (IPSec) virtual private network has been launched.

6 - Firewall

6.1 - Overview

Service Overview

A firewall is a virtual logical firewall service that controls traffic occurring in the VPC and Load Balancer of Samsung Cloud Platform.

The resources that can be applied in the firewall are Internet Gateway, Direct Connect, and Load Balancer, and you can set rules for communication between the VPC and the Internet, and between the VPC and the customer network, enabling secure network management.

When a firewall is first created, it blocks all inbound and outbound traffic according to the default rule (Any Deny).

Users can specify an IP address, port, and protocol to create inbound/outbound rules, and only traffic permitted by the created rules can communicate.

Component

The components that make up a firewall are as follows.

Component

Detailed description

Applicable target

Resources to which the firewall will be applied

Apply the firewall to Internet Gateway, Direct Connect, and Load Balancer

When creating the target resources, the firewall checks whether to use the firewall and is created together

Firewall size

Firewall is offered in five sizes according to rule quota

Extra Small: 5

Small: 100

Medium: 200

Large: 500

Extra Large: 1,000

Firewall rule

When a firewall is first created, it blocks all inbound/outbound traffic according to the default rule (Any Deny)

Add inbound/outbound allow rules by configuring target address, protocol, and port

Provides a bulk rule creation feature through form filling

Table. Firewall Service Components

Constraints

The Firewall of Samsung Cloud Platform has a rule quota (limit) that can be created per size. When creating a Firewall, it is created by default as Extra Small, and you can change the Firewall size on the Firewall Details page of the Samsung Cloud Platform Console.

Size	Rule quota	Detailed description
Extra Small	5	Maximum number of rules that can be created: 5
Small	100 items	Maximum number of rules that can be generated: 100
Medium	200	Maximum number of rules that can be generated: 200
Large	500	Maximum number of rules that can be generated: 500
Extra Large	1,000 items	Maximum number of rules that can be generated: 1,000

Table. Firewall constraints

Preceding Service

This is a list of services that must be pre-configured before creating a Firewall service. Please refer to the user guide (reference link) provided below for details and prepare in advance.

Service Category	Service	Detailed description
Networking	VPC	A service that provides an isolated virtual network in a cloud environment
Networking	Direct Connect	A service that quickly and securely connects the customer’s network with the Samsung Cloud Platform network.
Networking	Load Balancer	A service that distributes traffic across multiple servers to maintain stable service.

Table. Firewall Preliminary Service

6.2 - How-to guides

Users can create the Firewall service by entering the required information and selecting detailed options through the Samsung Cloud Platform Console.

Create Firewall

You can create and use a Firewall service in the Samsung Cloud Platform Console.

guide

The Firewall service must be enabled in the prerequisite service of Networking to be created. The enabled Firewall can be viewed in the Firewall list.

Firewalls cannot be created independently, unlike other services in the Samsung Cloud Platform Console.

To enable the firewall, follow these steps.

Click the All Services > Networking > Firewall menu. Navigate to the Firewall’s Service Home page.
On the Service Home page, click the service you want to create. You will be redirected to the service creation page.
- VPC Creation: Configure the VPC service’s Internet Gateway and Transit Gateway firewall.
  - When creating a VPC’s Internet Gateway service, set the Use Firewall option to Enabled. For detailed instructions, refer to Create Internet Gateway.
  - Create a Transit Gateway service for the VPC and apply for the associated service of the Uplink Firewall. For detailed instructions, refer to Create Transit Gateway.
- Direct Connet Creation: When creating a Direct Connect service, set the Firewall Use option to Enabled. For detailed instructions, refer to Direct Connect 생성하기.
- Load Balancer Creation: When creating a Load Balancer service, set the Firewall Use option to Enabled. For detailed instructions, see Load Balancer Creation.
After the prerequisite service creation is complete, verify that the corresponding Firewall resource appears in the Firewall list.

Check firewall detailed information

The Firewall service can view and edit the full resource list and detailed information in the resource management menu.

To view detailed information about the firewall, follow these steps.

Click the All Services > Networking > Firewall menu. Go to the Firewall’s Service Home page.

On the Service Home page, click Firewall List. You will be taken to the Firewall List page.

The Firewall List page shows the information below.

Category	Detailed description
Firewall name	Automatically generated in the Firewall pre-service type_Firewall format
Firewall classification	Firewall pre-service type (Internet Gateway, Direct Connect, Load Balancer)
Size	User-selected Firewall size
VPC name	VPC name connected to the firewall
Connection name	Automatically generate in the format preceding service name_Firewall for services using Firewall.
Number of rules	Number of rules used on this firewall
Whether to use	Whether the firewall is used (enabled) or not used (disabled) If not used, the Any Allow rule is applied and no charges are incurred for the firewall
status	Firewall status display More button can be clicked to set On/Off

Table. Firewall resource list items

On the Firewall List page, click the resource to view detailed information. It navigates to the Firewall Details page.
- Firewall Details page displays status information and additional feature information, and consists of Details, Rules, Tags, Activity Log tabs.
  Category Detailed description
  Service status Firewall status display
  Creating: In progress
  Active: Operational
  Editing: In progress
  Deploying: Completed
  Deleting: In progress
  Error: Occurred
  Table. Firewall status information

Detailed Information

On the Firewall List page, you can view detailed information of the selected resource and, if necessary, edit the information.

Category	Detailed description
Service	Service name
Resource Type	Resource Type
SRN	Unique resource ID in Samsung Cloud Platform
Resource Name	Resource Name
Resource ID	Service’s unique resource ID
constructor	User who created the service
Creation date and time	Service creation timestamp
Editor	User who edited the service information
Modification date and time	Date and time the service information was modified
Firewall name	Automatically generated as the connection name for the resource name_Firewall
Firewall ID	Service’s unique resource ID
Firewall classification	Firewall prerequisite service types (Internet Gateway, Direct Connect, Load Balancer)
Size	The Firewall size selected by the user Edit icon can be clicked to change the settings
Firewall rule count/quota	The firewall’s rule quota and the number of rules currently in use
VPC name	VPC name connected to the Firewall Click the VPC name to go to the detail page
VPC ID	VPC ID connected to the firewall
Connection name	{Firewall Prerequisite Service Name_Firewall} automatically generated Click the connection name to go to the detail page
Log saving option	Firewall log storage option Enabled: Store logs Disabled: Do not store logs Edit icon can be clicked to change settings

Table. Firewall detailed information

Rule

On the Firewall List page, you can view the rule list of the selected resource and add, modify, or delete rules.

Category	Detailed description
Excel download	Download the currently entered rule list as an Excel (*.xlsx) file
Advanced Search	Search for rules that match the conditions set by the user Support partial string (LIKE) matching search
Rule modification	Rules displayed in the rule list can be edited and deleted Click the button to go to the rule edit page
Add rule	Add new Firewall rule Click the button to navigate to the rule addition page
Order	Display rule order, apply top-down according to the rule order
Rule ID	Unique ID value for the rule Clicking the rule ID allows you to view detailed rule information in a popup window
Rule Index	Unique index value for the rule, used in log analysis
Source address	Origin address added to the rule
Destination address	Destination address added to the rule, displayed as the IP address according to the entered rule.
Service	Protocol and Destination Port
Operation	Traffic Allow/Deny distinction due to rules Allow: Allow traffic when it matches the rule Deny: Block traffic when it matches the rule
direction	Firewall traffic direction criteria Inbound: External → Internal Outbound: Internal → External
Active status	Indicates whether the rule is active; if it is inactive, the rule does not operate.
status	Rule status display

Table. Firewall rule list detailed information

Job History

On the Firewall List page, you can view the operation history of the selected resource.

Category

Detailed description

Task History List

Resource Change History

Check operation date/time, resource name, operation details, operation result, and operator information

Click the button to perform detailed search

Table. Firewall operation history tab detailed information items

Firewall Rule Management

You can add, modify, or delete firewall rules.

Caution

You can add or modify rules only when the firewall status is Active.
If you do not have permission to view the status in the preceding service, you cannot add a rule.

Reference

The firewall periodically caches the domain rules registered by the user and retains the IP information for a certain period.
If the cached result of the registered domain rule does not match the user’s IP, communication may be restricted.

Create Rule

In the Rules tab, you can directly input firewall rule information to add it.

To add a firewall rule, follow the steps below.

Click the All Services > Networking > Firewall menu. Navigate to the Firewall’s Service Home page.
On the Service Home page, click Firewall List. You will be taken to the Firewall List page.
On the Firewall List page, click the resource to which you want to add a rule. You will be taken to the Firewall Details page.
On the Firewall Details page, click the Rules tab. You will be taken to the Rules tab page.
Click the Add Rule button on the Rules tab. You will be taken to the Add Rule page.
Enter the required information on the Manual Input tab page.
After checking the added rules, click the Complete button.

Caution

On the rule addition page, if you navigate to another page without clicking the Confirm button after entering content, all entered items will be reset, so please be careful.

Category	Required?	Detailed description
Rule location	Required	Specify the location of the rule to create
Rule ID to copy	Selection	Enter the Firewall rule ID to copy and click the Search button to select.
Source address	Required	Source addresses to add to the rule in CIDR (IP/Subnet Mask) format, using commas (,), and ranges (-), can be entered up to 128 at once
Destination address	Required	Select the type of destination address to add to the rule IP selection: You can enter multiple addresses at once, up to a maximum of 128, using CIDR (IP/Subnet Mask) format with commas (,), and ranges (-) Domain selection: You can enter full domain names in FQDN format, using commas (,), up to a maximum of 128 at once The type items vary depending on the selected destination address format
type	Required	Select protocol type to apply the rule Select destination port/Type: Select protocol type Internet Protocol: Enter protocol numbers, up to 128 can be entered All: Select destination port/Type and protocol for the entire range, meaning all ports for all protocols
Type > Protocol	Required	Select detailed protocol for the type Select the desired protocol among TCP, UDP, and ICMP; input fields vary depending on the selected protocol When ICMP is selected in the protocol, you can set the ICMP Type Select a commonly used Type such as Echo from the values defined for ICMP Type Click the Add button to add an input value When TCP/UDP is selected in the protocol, you can choose allowed ports such as SSH, HTTP, TELENT When entering manually, you can input values from 1 to 65,535, and you can enter up to 128 entries at once using commas (,), or ranges (-) Click the Add button to add an input value When Internet Protocol is selected in the type `1 ~ 254`Enter the protocol number within
Operation	Required	Traffic allow/deny classification based on rules Allow: Allow traffic when it matches the rule Deny: Block traffic when it matches the rule
Direction	Required	Firewall-based traffic direction Inbound: External → Internal Outbound: Internal → External
Explanation	Selection	Additional description provided by the user
Added rule	-	Entered rules verification list Move up: Move the selected rule up Move down: Move the selected rule down Delete: Delete the selected rule

Table. Add firewall rule > Direct input tab item

| Destination | Required | Destination address type to add to the rule

Select IP or FQDN

| | Destination IP | Required | When the destination address type is set to IP, enter the destination IP address to add to the rule

You can input multiple addresses at once, up to a maximum of 128, using CIDR (IP/Subnet Mask) format with commas (,) and ranges (-)

| | FQDN | Required | If you select the destination address type as FQDN, enter the domain address to add to the rule

Domain names can be entered in bulk using Comma(,) for up to 128 addresses at once

| –>

Batch create rules

To add multiple Firewall rules at once, follow these steps.

Click the All Services > Networking > Firewall menu. Navigate to the Firewall’s Service Home page.
On the Service Home page, click Firewall List. You will be taken to the Firewall List page.
On the Firewall List page, click the resource to which you want to add a rule. You will be taken to the Firewall Details page.
On the Firewall Details page, click the Rules tab. You will be taken to the Rules tab page.
Click the Add Rule button on the Rule tab. You will be taken to the Add Rule page.
Add Rule on the Batch Rule Input tab, click it.
Please select the rule location. If you do not select a location, it will be added at the very last order of the rule.
From File Selection, click the Download Form button. The bulk rule entry Excel file will be downloaded.
Enter the rule information into the batch rule input Excel file, then save it.
From File Selection, click Attach File to attach the Excel file you created, and click Add.
- You cannot upload if the attached Excel file format differs from the registration form or if the file is encrypted.
- You can upload up to 100 batch registration rules at a time. Uploads are not allowed if you exceed the maximum number of registration rules.
- If the number of rules set for the firewall size is exceeded, you cannot upload the file.
Added rule Check that the rule you entered appears in the list and adjust its order.
After checking the added rules, click the Complete button.

Modify Rules

You can select a firewall rule to view and edit its information.

To modify firewall rules, follow the steps below.

Click the All Services > Networking > Firewall menu. Go to the Service Home page of Firewall.
On the Service Home page, click Firewall List. You will be taken to the Firewall List page.
Firewall List page, click the resource to edit the rule. You will be taken to the Firewall Details page.
On the Firewall Details page, click the Rules tab. You will be taken to the Rules tab page.
Click the Edit Rule button on the Rules tab. You will be taken to the Edit Rule page.
- On the rule edit page, you can configure the items below.
  - Enable: Enables the selected rule.
  - Disabled: Disables the selected rule. Disabled rules are not applied to preceding services.
  - Delete: Delete the selected rule. Clicking Delete will mark the change as Pending Deletion.
  - Cancel Deletion: If it is in a pending deletion state, you can cancel the rule deletion.
On the Edit Rule page, click the Edit button for the item you want to modify. The Edit Rule popup will open.

Rule Edit Enter the item you want to modify in the popup window and click the Confirm button.

Category	Required?	Detailed description
Order	-	The order of rules can be changed by clicking Move Up/Move Down in the added rule list.
Rule ID	-	Cannot be changed to a unique ID value for the rule
Rule Index	-	Unique index value for the rule, usable in log analysis
Source address	Required	Source addresses registered in the rule in CIDR (IP/Subnet Mask) format, using commas (,) and ranges (-), can be entered and modified up to a maximum of 128 at once
Destination address	Required	Destination address to add to the rule in CIDR (IP/Subnet Mask) format, using commas (,) and ranges (-) to input multiple addresses at once, up to a maximum of 128, for modification
type	Required	Set the protocol type according to the selected destination address entry
Operation	Required	Traffic Allow/Deny classification can be changed by rules Allow: Allow traffic when it matches the rule Deny: Block traffic when it matches the rule
direction	Required	The access direction of traffic defined by the firewall rule can be changed Inbound: external → internal Outbound: internal → external
Rule location	Required	Rule position can be changed
Active status	Required	Whether the rule is active; if it is disabled, the rule does not operate.
status	-	State value for the rule
description	Select	User-provided additional description

Table. Detailed items for firewall rule modification

After reviewing the updated rules, click the Complete button.

Delete rule

Caution

You can delete only when the firewall is in Active state and the rule is in Active or Error state.

To delete a firewall rule, follow the steps below.

Click the All Services > Networking > Firewall menu. Go to the Firewall’s Service Home page.
On the Service Home page, click Firewall List. You will be taken to the Firewall List page.
Click the resource to edit the rule on the Firewall List page. Navigate to the Firewall Details page.
On the Firewall Details page, click the Rules tab. You will be taken to the Rules tab page.
In the Rule tab, click the Edit Rule button. You will be taken to the Edit Rule page.
On the Edit Rule page, select the rule to delete and click the Delete button.
- When the deletion request is completed, the change item will be marked as Scheduled for deletion.
- Click Cancel Deletion to cancel the rule deletion.
On the Edit Rule page, click the Complete button.

Managing Firewall Resources

You can modify the firewall size and change the log usage settings.

Modify Firewall Size

To modify the size of the firewall, follow these steps.

Click the All Services > Networking > Firewall menu. Go to the Firewall’s Service Home page.
On the Service Home page, click Firewall List. You will be taken to the Firewall List page.
Click the resource to edit on the Firewall List page. Navigate to the Firewall Details page.
On the Firewall Details page, click the Size Edit icon. You will be taken to the Size Edit popup.
Resize In the popup window, select the size to adjust, and click the Confirm button.

Reference

The firewall size is provided as the default Extra Small (rule quota 5), and you can change the firewall size to add firewall rules for use. For more details, refer to Firewall Constraints.

Firewall fees are charged based on the size of the Firewall service and traffic throughput.

Using Log Storage

Reference

To store firewall logs, first create a bucket in Object Storage for the logs and configure that bucket in the log repository of Firewall Logging. Then, by setting log storage in the firewall detail view, firewall logs will be saved to the Object Storage bucket.

The log storage settings can be checked in Firewall Logging. For more information, see Firewall Logging.
If you configure a log repository, Object Storage charges for log storage will be applied.

To use firewall log storage, follow these steps.

Click the All Services > Networking > Firewall menu. Go to the Service Home page.
On the Service Home page, click the Firewall menu. You will be taken to the Firewall List page.
Firewall List page, click the resource (Firewall) for which you want to enable log storage. You will be taken to the Firewall Details page.
On the Firewall Details page, click the Edit icon of Log Save Setting. You will be taken to the Edit Log Save Setting popup.
Modify Log Saving Option In the popup window, select Use for the log repository, and click the Confirm button.

Caution

If the log storage is not configured in Firewall Logging, you cannot configure the log storage use setting.

Disable log storage

To set firewall log storage to disabled, follow these steps.

Click the All Services > Networking > Firewall menu. You will be taken to the Service Home page.
On the Service Home page, click the Firewall menu. You will be taken to the Firewall List page.
Firewall List page, click the resource (Firewall) that does not use log storage. You will be taken to the Firewall Details page.
Click the Modify Log Save Setting button. You will be taken to the Modify Log Save Setting popup.
Modify Log Saving Option In the popup window, deselect Use for the log repository, and click the Confirm button.
Notification Check the message in the popup window and click the Confirm button.

Caution

If log storage is disabled, the service’s log storage will be halted, and tracking through log analysis will be impossible in the event of a security incident.

Disable Firewall

The Firewall service cannot be deleted on its own. Deleting the preceding service will also delete the associated Firewall. When you choose not to use the firewall while retaining the preceding service, you can set the firewall to an unused state on the firewall list page.

Caution

If you change the firewall to an unused state, all previously registered rules will be deleted.
You cannot delete a preceding service if there are firewall rules associated with it. Delete the firewall rules before deleting the preceding service.

To disable the firewall, follow these steps.

Click the All Services > Networking > Firewall menu. You will be taken to the Service Home page.
On the Service Home page, click the Firewall menu. You will be taken to the Firewall List page.
On the Firewall List page, click More > Unused for the resources you want to mark as unused.
After the usage change is completed, verify on the Firewall List page that the resource’s usage status has been changed to unused.

6.2.1 - Firewall Logging

To store firewall logs, first create a bucket in Object Storage for the logs and configure that bucket in the log repository of Firewall Logging. Then, on the Firewall Details page, set up log storage, and the firewall logs will be saved to the Object Storage bucket.

To save firewall logs, configure it according to the following steps.

To store firewall logs, you can create a bucket in Object Storage or use an existing bucket. To create a bucket, refer to Create Object Storage.
To set the bucket for the Firewall Logging log repository, refer to Firewall Logging 로그 저장소 사용하기.
To set the log storage option to Enabled in the detailed view of the Firewall, refer to Using Firewall Log Storage.

Firewall Logging Configure log storage usage

To set the firewall’s log storage to enabled, you must first configure the log repository in Firewall Logging.

Reference

Firewall Logging To set up a log repository, you need an Object Storage bucket for log storage. First, create a bucket in the Object Storage service. For more details, please refer to Create Object Storage.

To enable the Firewall Logging log repository, follow these steps.

Click the All Services > Management > Network Logging > Firewall Logging menu. Go to the Firewall Logging List page.
On the Firewall Logging List page, click the top Log Storage Settings button. You will be taken to the Log Storage Settings popup.
Log storage settings In the popup window, select the log storage bucket. When you select a bucket, the log storage path is displayed.
Log storage settings In the popup window, after verifying Log storage bucket and Log storage path, click the Confirm button.
Notification After reviewing the popup message, click the Confirm button.

guide

After setting the log repository, on the Firewall Details page, you must set the log saving option to Enabled for logging to start. For more details, refer to Using Firewall Log Storage.

View Firewall Logging List

If you configure the Firewall Logging log storage bucket, you can view the Firewall Logging list.

To view the Firewall Logging list, follow these steps.

Click the All Services > Management > Network Logging > Firewall Logging menu. You will be taken to the Firewall Logging List page.
On the Firewall Logging List page, verify the resources in use and the log storage targets.
Category Detailed description
Resource ID Firewall ID
Save target Firewall name
Save registration date and time Firewall log repository registration timestamp
Table. Firewall Logging list items

Reference

After setting the log repository for Firewall Logging, you must set the log storage option to Enabled in the Firewall detail view for logging to start. For more details, please refer to Using Firewall Log Storage.

Check detailed information of Firewall Logging

Refer to the information below to view the detailed contents of the stored log.

Stored log example: 2024-10-11T11:23:43,deny,0,17,4.1.1.100,45499,192.168.10.10,53

Category	description
2024-10-11T11:23:43	Date and time of the log occurrence (2024-10-11, 11:23:43)
deny	Action (deny / accept)
0	Firewall Rule ID (Policy ID) that generated the log
17	IP Protocol ID 1: ICMP 6: TCP 17: UDP
4.1.1.100	Source IP
45499	Departure Port
192.168.10.10	Destination IP
53	Destination Port

Table. Log detailed information items

Firewall Logging Configure to not use log storage

In Firewall Logging, you can set the log repository to unused.

Firewall Logging To disable the log repository, follow the steps below.

Click the All Services > Management > Network Logging > Firewall Logging menu. You will be taken to the Firewall Logging List page.
Firewall Logging List page, click the top Log Storage Settings button. You will be taken to the Log Storage Settings popup.
Log storage settings In the popup window, select Log storage bucket as Not used, and click the Confirm button.

Reference

Log storage settings can be changed when no log storage target is configured.
To change the log storage bucket, first set it to disabled. Then you can modify it by re-enabling it.

6.2.2 - Migration Rules

Users can retrieve rules created in the V1 environment of the Samsung Cloud Platform Console and apply them to the V2 service.

Get firewall rules

You can import rules created in the V1 environment of the Samsung Cloud Platform Console and migrate them to the V2 service for use.

Reference

When a firewall rule is transferred using the Migration feature, the Migration label appears before its name.
If a firewall rule description exceeds 100 characters, part of the description will be truncated and appended.
Rules that exceed the maximum quantity are not registered due to rule quantity limits based on firewall size.

To retrieve the V1 firewall rules, follow these steps.

All Services > Networking > Firewall Click the menu. 1. Navigate to the Service Home page of the Firewall.
On the Service Home page, click the Migration Rules menu. 2. Go to the Migration Rules page.

Select the rule information to retrieve from the Migration Rules page and click Done.

Category	Detailed description
Original rule environment	SCP v1 (Vmware) Auto-select
Applicable target	Select the Firewall list in the account to which the transferred rule will be applied
Get rules	Click the File Attachment button to upload the decrypted Firewall rule file After decrypting and saving the rule file extracted from the original environment, upload
Rule List	View uploaded Firewall rule file details Move Up: Move the selected rule up in the list Move Down: Move the selected rule down in the list Delete: Delete the selected rule Edit: Modify the selected rule information; see Edit Transferable Firewall Rule for details
Rule location	Set the position of the selected firewall rule After the last rule: Move the selected rule after the last rule Set before the specified rule / Set after the specified rule: Enter the rule ID to move the selected rule before or after the specified rule

Table. Migration Rules detailed items

After the firewall rule transfer request is completed, verify that the transferred item has been added to the firewall list.

Modify the Firewall rule to be transferred

You can edit each item when retrieving rules created in the V1 environment of the Samsung Cloud Platform Console.

To edit the Firewall rules to be imported from V1, follow these steps.

Click the All Services > Networking > Firewall menu. 1. Navigate to the Service Home page of the Firewall.
On the Service Home page, click the Migration Rules menu. 2. Go to the Migration Rules page.
Click Attach file in the rule import item to upload the Firewall rule file.

In the rule list, click Edit for the rule item you want to modify.

Category	Required or not	Detailed description
origin address	Essential	Source addresses to add to the rule in CIDR (IP/Subnet Mask) format, using commas (,), ranges (-) to input multiple addresses, up to a maximum of 128 at once
Destination address	Essential	Select the type of destination address to add to the rule IP: In CIDR (IP/Subnet Mask) format, you can enter multiple addresses at once using commas (,) and ranges (-), up to a maximum of 128. Domain: In FQDN format, you can enter up to 128 full domain names at once using commas (,). The type items vary depending on the selected destination address format.
type	Required	Select protocol type to which the rule will be applied Select destination port/Type: Select protocol type Internet Protocol: Enter protocol numbers, up to 128 entries allowed All: Select destination port/Type and protocol for the entire range, meaning all ports for all protocols
Type > Protocol	Required	Select detailed protocol for the type Select the desired protocol among TCP, UDP, and ICMP; input fields vary depending on the selected protocol When ICMP is selected in the protocol, you can set the ICMP Type Select a commonly used Type, such as Echo, from the values defined for ICMP Type Click the Add button to add an input value When TCP/UDP is selected in the protocol, you can select allowed ports such as SSH, HTTP, TELNET, etc. When entering manually, you can input values from 1 to 65535, and you can enter up to 128 entries at once using commas (,) or ranges (-) Click the Add button to add an input value When Internet Protocol is selected in the type `1 - 254`Enter the protocol number within the range
Operation	Required	Traffic allow/block classification by rule Allow: Allow traffic when it matches the rule Deny: Block traffic when it matches the rule
Direction	Essential	Firewall standard traffic direction Inbound: external → internal Outbound: internal → external
Active status	Required	Set rule activation status If disabled, the rule does not execute
Explanation	Selection	Additional description written by the user

Table. Detailed items of the Firewall rule edit window

When the rule information edit is complete, click Confirm in the edit window.
Review the modified rule information and click Done.

6.3 - API Reference

API Reference

6.4 - CLI Reference

CLI Reference

6.5 - Release Note

Firewall

2026.05.21

FEATURE Add firewall rule migration feature

For user convenience, a Migration Rules page has been added that allows you to import firewall rules created in the V1 environment and apply them to the V2 service.

2026.03.19

FEATURE Firewall rule management structure change

The method for entering and modifying/deleting firewall rules has been changed for user convenience. * When managing firewall rules, you can navigate to a separate page to perform the desired actions.

2025.10.23

FEATURE Add firewall rule input method

Add firewall rule input method
- In the KR WEST and KR EAST regions, you can enter the destination address in FQDN (Fully Qualified Domain Name) format.

2025.07.01

FEATURE Add firewall rule input method

Add firewall rule input method
- A feature to input IP protocols has been added.

2025.02.27

FEATURE Add Load Balancer-Firewall feature

Add firewall functionality
- You can use Firewall in the Load Balancer service.
Samsung Cloud Platform Common Feature Changes
- Account, IAM, Service Home, tags, and other common CX changes have been reflected.

2024.12.23

FEATURE Add firewall log storage feature

A feature to save firewall logs has been added.
You can decide whether to store firewall logs and store the logs in Object Storage.

2024.10.01

NEW Firewall service official version release

Through the Firewall service, you can control inbound and outbound traffic in a VPC.

2024.07.02

NEW Beta version release

The Firewall service has been released.

7 - Direct Connect

7.1 - Overview

Service Overview

Samsung Cloud Platform provides a Direct Connect service that supports safe and fast connections between the customer’s network and the Samsung Cloud Platform environment.

Through Direct Connect, you can allocate the internal private network range of an existing system to Samsung Cloud Platform resources for use. You can deploy backend systems such as application servers in a private network range without internet access, and enhance security by applying Samsung Cloud Platform network services such as Security Groups.

Through Direct Connect, customers can seamlessly migrate their existing systems to Samsung Cloud Platform even if they hard-code IP addresses on devices or have architecture dependencies on IP.

Direct Connect Connection Creation

Supports connecting by selecting a single VPC to connect to the customer network.
Access can be blocked through the Direct Connect Firewall, and a Route configuration feature is provided to ensure a secure connection path.

Constraints

Category	Default quota	Detailed description
Direct Connect	5	Based on the account, you can create one VPC per service zone (1:1).

Table. Direct Connect constraints

Preceding Service

This is a list of services that must be pre-configured before creating the service. Please refer to the guide provided for each service and prepare in advance.

Service Category	Service	Detailed description
Networking	VPC	A service that provides an isolated virtual network in a cloud environment
Networking	Security Group	Virtual firewall that controls server traffic

Table. Direct Connect pre-service

7.1.1 - ServiceWatch Metrics

Direct Connect sends metrics to ServiceWatch. The metrics provided by default monitoring are data collected at 5‑minute intervals.

Reference

To check metrics in ServiceWatch, refer to the ServiceWatch guide.

Basic Metrics

The following are the basic metrics for the Direct Connect namespace.

The indicators whose names are displayed in bold below are the key indicators selected from the basic indicators provided by Direct Connect. Key metrics are used to configure service dashboards that are automatically generated for each service in ServiceWatch.

Each metric indicates through the user guide which statistical value is meaningful when viewing that metric, and among the meaningful statistics, the statistical values shown in bold text are the primary statistics. In the service dashboard, primary metrics can be viewed using the primary statistical values.

Indicator Name	Detailed description	unit	Meaningful statistics
DirectConnect Network In Bytes	Cumulative traffic volume toward VPC from Direct Connect	Bytes	Total Average Maximum Minimum
DirectConnect Network Out Bytes	Cumulative traffic volume from VPC to Direct Connect	Bytes	Total Average Maximum Minimum
DirectConnect Network In Bytes_Delta	Cumulative traffic volume over 5 minutes from Direct Connect → VPC	Bytes	Total Average Maximum Minimum
DirectConnect Network Out Bytes_Delta	Cumulative traffic volume over 5 minutes from VPC → Direct Connect	Bytes	Total Average Maximum Minimum

Table. Direct Connect Basic Metrics

7.2 - How-to guides

Users can create the service by entering the required information for the Direct Connect service and selecting detailed options through the Samsung Cloud Platform Console.

Create Direct Connect

You can create and use the Direct Connect service in the Samsung Cloud Platform Console.

To create Direct Connect, follow these steps.

Click the All Services > Networking > Direct Connect menu. Navigate to the Service Home page of Direct Connect.

On the Service Home page, click the Create Direct Connect button. You will be taken to the Create Direct Connect page.

Enter or select the required information in the Service Information Input area.

Category	Required status	Detailed description
Direct Connect name	Required	A name for Direct Connect that is easy to identify Enter using English letters (uppercase and lowercase) and numbers, within 3 to 20 characters
Use Uplink	Required	Bandwidth of the communication port for remote communication Select port capacity of 1G or 10G
VPC	Required	Select a VPC for communicating with remote locations
Explanation	Selection	Enter a description of Direct Connect
Use firewall	Select	Select whether to use Direcrt Connect Firewall.
Whether to save firewall logs	Select	Firewall log saving option Select whether to save firewall logs When using the firewall, connection logs are saved For more details, refer to Using Firewall Log Saving.

Table. Direct Connect service information input items

In the Additional Information Input area, enter or select the required information.
Category
Required status
Detailed description
Tag Select Add Tag
Up to 50 can be added per resource
After clicking the Add Tag button, enter or select Key, Value values
Table. Direct Connect additional information input fields

Summary Check the detailed information and estimated charges generated in the panel, and click the Complete button.
- Once creation is complete, check the created resources on the Direct Connect List page.

Direct Connect View detailed information

The Direct Connect service allows you to view and edit the full resource list and detailed information from the Resource Management menu. The Direct Connect Details page consists of Details, Rules, Tags, Activity Log tabs.

To view the detailed information of Direct Connect, follow these steps.

Click the All Services > Networking > Direct Connect menu. You will be taken to Direct Connect’s Service Home page.
On the Service Home page, click the Direct Connect menu. You will be taken to the Direct Connect List page.

On the Direct Connect List page, click the resource for which you want to view detailed information. You will be taken to the Direct Connect Details page.

The Direct Connect Details page displays status information and additional feature information, and consists of Details, Rules, Tags, Activity History tabs.

Category

Detailed description

Status

Current status

Active: Operating normally

Deleting: Deletion in progress

Creating: Creation in progress

Failed: Failed

Error: Unable to determine current status
- If it occurs continuously, contact the registered administrator

Service termination

Button to terminate the service

Terminate Direct Connect when there are no linked services

When terminating a service, the running service may be stopped immediately; therefore, proceed with the termination only after fully considering the impact of service interruption

Table. Direct Connect status information and additional features

Detailed Information

Direct Connect List page lets you view detailed information of the selected resource and, if needed, modify the information.

Category	Detailed description
Service	Service name
Resource Type	Direct Connect resource type
SRN	Unique resource ID in Samsung Cloud Platform In Direct Connect, it refers to the Direct Connect SRN
Resource name	Direct Connect resource name
Resource ID	Unique resource ID in Direct Connect
Constructor	User who created Direct Connect
Creation timestamp	Direct Connect creation date and time information
Editor	User who modified Direct Connect information
Modification date and time	Date and time the Direct Connect information was modified
Direct Connect name	Direct Connect VPC resource name
Using UPlink	Port range allocated for line connection
Line request/cancellation SR shortcut	Service for connecting the line in the Samsung Cloud Platform local segment that connects to the customer’s line Line Request/Termination SR Shortcut button to go to the Support Center popup’s Service Request tab The external line connection of Samsung Cloud Platform for customer integration is created through the Network Line Service via an SDS sales representative
Connected VPC name	Name of the VPC connected to Direct Connect
Firewall name	Firewall name
Use firewall	Firewall usage

Table. Direct Connect detailed information tab items

Rule

You can register or modify communication rules between remote sites and the VPC.

Category	Detailed description
Destination IP	Destination IP information
Destination	Routing direction
Creation timestamp	Creation timestamp information
status	Connection status Active: Operating normally Deleting: Deletion in progress Creating: Creation in progress Error: Unable to determine current status If it occurs continuously, contact the registered administrator
Delete	You can delete the rule.

Table. Direct Connect rule tab items

Job History

On the Direct Connect List page, you can view the operation history of the selected resource.

Category	Detailed description
Task History List	Resource Change History Check operation date and time, resource name, operation details, operation result, and operator information

Table. Direct Connect operation history tab detailed information items

Direct Connect Add Rule

Click the All Services > Networking > Direct Connect menu. You will be taken to the Service Home page of Direct Connect.
On the Service Home page, click the Direct Connect menu. You will be taken to the Direct Connect List page.
On the Direct Connect List page, click the resource to which you want to add a rule. You will be taken to that resource’s Direct Connect Details page.
On the Direct Connect Details page, click the Rules tab.
Click the Add Rule button in the Rules tab. You will be taken to the Add Rule popup.
Add Rule Enter the required information in the popup window, and click the Confirm button.
Category Detailed description
Destination IP Enter destination IP range
Example: 192.168.25.0/24
Destination Choose between the VPC and the remote location according to the routing direction.
Table. Direct Connect rule additional input fields

Terminate Direct Connect

Caution

Direct Connect cannot be terminated when there are connected resources.

To cancel Direct Connect, follow the steps below.

Click the All Services > Networking > Direct Connect menu. You will be taken to Direct Connect’s Service Home page.
On the Service Home page, click the Direct Connect menu. You will be taken to the Direct Connect List page.
On the Direct Connect List page, click the resource to terminate. You will be taken to that resource’s Direct Connect Details page.
On the Direct Connect Details page, click the Cancel Service button.
When termination is complete, check on the Direct Connect List page whether the resource has been terminated.

7.3 - API Reference

API Reference

7.4 - CLI Reference

CLI Reference

7.5 - Release Note

Direct Connect

2025.02.27

NEW Common functionality change

Samsung Cloud Platform Common Feature Changes
- Account, IAM, Service Home, tags, and other common CX changes have been reflected.

2024.10.01

NEW Official release of Direct Connect service

We are launching the Direct Connect service that quickly and securely connects the customer’s network with the Samsung Cloud Platform network.

8 - Cloud LAN-Campus

8.1 - Overview

Service Overview

Cloud LAN-Campus is a service that provides a user‑authentication‑based wired and wireless integrated network environment within the customer’s premises. By offering simple user/device authentication, it delivers a wired and wireless integrated network access environment for various purposes that can be freely used regardless of location within the premises, based on SDN (Software Defined Network). It minimizes the need for physical network equipment and uses the cloud to easily connect multiple geographically distributed locations. This allows enterprises to reduce the complexity of infrastructure deployment and operation, and to build a flexible and scalable network environment. Additionally, with network and firewall design/configuration optimized for the customer’s environment, professional operating systems, and enhanced security management, the site network can be operated more reliably and efficiently.

Provided features

Cloud LAN-Campus provides the following features.

Campus Network: Providing wired and wireless network usage environment and integrated authentication services for the site
- NW Access: Infrastructure (AP, NW Switch, etc.) and SDN system services for site network usage
- NW Authentication: User/device authentication-based network segmentation, integrated management of authentication and security policies across multiple sites, support for various authentication methods (AD, certificates, etc.) and policy operation/management through the service portal (user/administrator)
Campus Firewall: Enterprise firewall design and integrated configuration, operation, and management service provision

Features

Rapid Business Site Network Work Environment: Provides a unified wired/wireless network usage environment through a user authentication-based SDN (Software Defined Network) solution. IP Mobility and separated networks based on device purpose are applied instantly, and users can easily perform network topology changes via the service portal.
Network Security Enhancement: By applying logical network segmentation and an authentication-based unified wired/wireless security management system, consistent security policies can be enforced for users and devices. Even when users access the headquarters and multiple sites, the same network access environment and security policies can be applied, and authentication information is securely managed under the Samsung Cloud Platform security framework.
Multi-Vendor Acceptance and Total Network Service Provision: Performing multi-vendor network integration certification makes the site’s SDN equipment configuration flexible. Additionally, by providing an integrated service framework instead of the customer designing/building/operating/managing the network infrastructure themselves, operational and management efficiency improves. We provide optimized network designs per site and fast, reliable network services through a dedicated team.
Service-Type Integrated Billing System: The billing system can reduce initial investment costs, and when needed, network infrastructure can be expanded and capacity increased. It provides usage-based authentication services, and no separate operational staff or maintenance contracts are required.
Various authentication methods and scalability: We provide the optimal authentication solution for customers using various authentication methods. Additionally, we enable functional expansion through integration with client systems (groupware, security systems, etc.) and allow differentiated policy management based on security levels per site.

Component

Cloud LAN-Campus provides services across the entire on‑premises network. The components are listed below, and related services can be created.

Category	Detailed description
Network authentication	Network access authentication and network segmentation, security policy management Multi-vendor network unified authentication management Apply unified policies between headquarters and branches, support roaming Provide various authentication methods (certificates, AD, account/MAC, etc.) and scalability
Service portal	Provision of unified wired/wireless authentication service portal User portal: Create/modify/manage user policies Administrator portal: Authentication policy management and monitoring
wired/wireless network	Design and integrated configuration/operation/management of SDN-based wired/wireless networks
WIPS	Wireless Intrusion Prevention System Configuration/Operation/Management
Network solution	Configuration, operation, and management of network solutions such as DHCP and NMS
Firewall	Enterprise firewall design and integrated configuration/operation/management

Table. Cloud LAN‑Campus components

Constraints

When using the Cloud LAN-Campus service, there are the following limitations.

To use CLAN authentication, network communication/connection between the customer’s premises and the Samsung Cloud Platform region is required.
- Use Cloud Last Mile, dedicated lines, VPN, etc.
If the use of a specific vendor’s network or firewall equipment is required, prior consultation is necessary.
After creating the service to configure equipment within the site, the service’s start and end times are finalized after consulting with the responsible AM.
When using AD integration for authentication, the authentication-related policy rules must be properly deployed to the user’s PC in advance.
- AD functional issues require oversight by the client’s AD administrator.
The network segmentation certificate method is supported for the designated OS type (currently limited to Windows), and additional costs apply beyond the certification fee.

Provision status by region

Cloud LAN-Campus can be provided in the environments below.

Region	Availability
Korea West (kr-west1)	Provided
South Korea South 1 (kr-south1)	Not provided
South Korea South 2 (kr-south2)	Not provided
South Korea 3 (kr-south3)	Not provided

Table. Cloud LAN-Campus Availability by Region

Preceding Service

Cloud LAN-Campus has no prerequisite services.

8.2 - How-to guides

Users can create the service by entering the required information for the Cloud LAN-Campus service and selecting detailed options through the Samsung Cloud Platform Console.

Reference

The Cloud LAN-Campus service includes detailed services Campus Network and Campus Firewall, which can be created separately.

Create Campus Network

You can create and use the Campus Network service in the Samsung Cloud Platform Console.

Click the All Services > Networking > Cloud LAN-Campus menu. Navigate to the Cloud LAN-Campus Dashboard page.
Cloud LAN-Campus Dashboard page, click the Create Campus Network button. You will be taken to the Create Campus Network page.

On the Campus Network Creation page, after entering the relevant information in the service information input area, click the Complete button.

Select the service type from NW Access or NW Authentication, and enter the detailed information accordingly.

NW Access: Select items that require network services, and after creation, the equipment configuration size and monthly service fee are determined through design/consulting.

NW Authentication: Create an authentication tenant using the generated resource name. Billing is monthly based on usage per tenant, and tenant-specific policy management is available in the CLAN admin portal.

Category	Required status	Detailed description
Campus Network name	Required	Enter the Campus Network name to create Automatic duplicate check is performed, and resources are created with the entered name Use English letters, numbers, and special characters (`-` `_`) to input 3-30 characters
Service Category	Required	Select the type of service to create Select between NW Access and NW Authentication
Service Category > NW Access	Required	NW Access Service Creation Item Input Contract period: Select from 4 to 7 years [Wired] NW Access: Select whether to use wired NW [Wireless] NW Access: Select whether to use wireless NW [Wireless] WIPS usage: Select whether to use wireless WIPS Network solution: Select whether to use network solutions such as DHCP
Service Category > NW Authentication	Required	Select NW network segmentation method Account/Device: AD integration, network segmentation via account/MAC information, etc. Certificate: Network segmentation through certificate binding

Table. Edge Server list items

After creation is complete, check the created resources on the Campus Network List page.
- When a service is created, the resource status is Request, and the service proceeds under the confirmation of the responsible Samsung SDS AM.
- After creating the service, you can contact the Samsung SDS account manager for progress updates and related inquiries.
  guide
  - When the Cloud LAN-Campus service creation is complete, a customer representative will contact you separately for site consulting and architecture optimization design.
  - After completing the consultation with the customer’s representative, network equipment installation work for actual service use within the site proceeds, and service provision begins according to the agreed schedule.

Campus Network Check detailed information

The Cloud LAN-Campus service allows you to view and edit the full resource list and detailed information. Cloud LAN-Campus Details page consists of Details, Tags, Activity Log tabs.

To view detailed information about Cloud LAN-Campus, follow these steps.

Click the All Services > Networking > Cloud LAN-Campus menu. Navigate to the Service Home page.
On the Service Home page, click the Campus Network menu. You will be taken to the Campus Network List page.

On the Campus Network List page, click the resource to view detailed information. You will be taken to the Campus Network Details page.

Campus Network Details page displays status information and additional feature information, and consists of Details, Tags, Activity Log tabs.

Category

Detailed description

Service status

Service status: Billing is monthly, starting at the Active month and ending at the Deleted month

Request: Service creation status

Creating: Workplace equipment installation and authentication system setup in progress

Active: Service in progress

Deleting: Service termination request status

Deleted: Service termination completed (removed from resource list)

Service termination

Cancel Service button

Table. Cloud LAN-Campus status information and additional functions

Detailed Information

Campus Network List page lets you view detailed information of the selected resource and edit the information when necessary.

Category	Detailed description
Service	Service name
Resource Type	Resource Type
SRN	Unique resource ID in Samsung Cloud Platform
Resource name	Resource Name
Resource ID	Service’s unique resource ID
Constructor	User who created the service
Creation date and time	Service creation date and time
Contract period	Service contract period Can be changed through discussion and request with the responsible AM
Service start date	Service start date
Contract expiration date	Service contract expiration date
Explanation	Additional description written by the user
Service Category	Created service classification information (NW Access / NW Authentication)
NW Access	Managed Service Managed Service Information
NW Access > [Wired] NW Access	Use wired network service
NW Access > [Wired] L2 Quantity	Number of wired Access switches in service
NW Access > [Wireless] NW Access	Wireless network service usage
NW Access > [Wireless] WIPS	Use of wireless WIPS service
NW Access > [Wireless] AP/Sensor quantity	Number of wireless AP/Sensor in service
NW Access > Network Solution	Network solution usage
NW Access > Network Solution Details	Details of the NW solution in service
NW Authentication	CLAN authentication tenant name CLAN authentication CLAN authentication tenant name Click the CLAN Admin Portal button to go to the CLAN Administrator Portal site
NW Authentication >Network Segmentation Status	Number of logically separated network domains, network domain types
NW Authentication > Current Month Usage Status	Current month’s CLAN authentication and other authentication usage status

Table. Campus Network detailed information tab items

Job History

You can view the operation history of the selected resource on the Campus Network List page.

Category

Detailed description

Task History List

Resource Change History

You can view operation details, operation time, resource type, resource name, operation result, and operator information

Operation History List Click the relevant resource in the list. Operation History Details A popup window will open.

Table. Campus Network Work History Tab Information Items

Terminate Campus Network

You can reduce operating costs by terminating the unused service.

To cancel the Campus Network, follow the steps below. To cancel the Cloud Network service, follow these steps.

Click the All Services > Networking > Cloud LAN-Campus menu. You will be taken to the Cloud LAN-Campus Dashboard page.
On the Cloud LAN-Campus List page, click the resource to terminate. You will be taken to the Cloud LAN-Campus Details page.
Cancel Service button, click it.
- After the termination is created, you can contact the Samsung SDS account manager for status updates and related inquiries.
After the termination is complete, check on the Cloud LAN-Campus list page whether the resource has been terminated.

Reference

If you request termination of the Cloud LAN-Campus service, a customer representative will contact you separately in advance to verify and process the termination.
The service will be terminated according to the schedule agreed upon with the customer representative.

8.2.1 - Campus Firewall Request Service

In the Samsung Cloud Platform Console, you can request the creation or termination of a Campus Firewall service for a Campus Network.

Request to Create Campus Firewall Service

You can create and use the Campus Firewall service in the Samsung Cloud Platform Console.

To request the creation of a Campus Firewall service, follow these steps.

Click the All Services > Networking > Cloud LAN-Campus menu. Navigate to the Service Home page.
On the Service Home page, click the Campus Firewall Service Request button. You will be taken to the Support Center > Service Request page.

On the Service Request page, enter or select the required information in the mandatory input fields.

guide

Select Campus Firewall Service Creation for the task type.

Input field	Detailed description
Title	Title of the service you want to request
Region	Select location of Samsung Cloud Platform Automatically filled with the account’s region
Service	Select the service category and service for the target service (auto-select) Service Category: Networking Service: Cloud LAN-Campus
Task classification	Select the Activity you want to perform Campus Firewall Service Creation: select if you are requesting this service Campus Firewall Service Termination: select if you are terminating this service Since this part is the process of creating a Campus Firewall service, select Campus Firewall Service Creation.
content	Enter detailed information required to create a Campus Firewall service Company/Corporation Name: Required Customer Information (Name / E‑Mail / Phone Number): Enter user information Content: Required
Attachment	If you have additional files you want to share, proceed with the upload Attachments can be up to 5 files, each within 5 MB Only doc, docx, xls, xlsx, ppt, ppts, hwp, txt, pdf, jpg, jpeg, png, gif, tif files are allowed

Table. Detailed contents of Campus Firewall service request items

Check the required information entered on the Service Request page, and click the Request button.
- The requested work is expected to take about 5–7 business days.

Reference

Once the service request is completed, a customer representative will contact you separately for site consulting and architecture optimization design.
After consulting with the customer’s representative is completed, the firewall equipment installation for actual service use within the site proceeds, and service provision begins according to the agreed schedule.
You can contact the responsible AM at Samsung SDS for progress updates and related inquiries.

Request to cancel Campus Firewall service

You can cancel the Campus Firewall service from the Samsung Cloud Platform Console.

Follow these steps to request termination of the Campus Firewall service.

Click the All Services > Networking > Cloud LAN-Campus menu. You will be taken to the Service Home page.
On the Service Home page, click the Campus Firewall Service Request button. You will be taken to the Support Center > Service Request page.

On the Service Request page, enter or select the required information in the mandatory input fields.

Information

Select Campus Firewall Service Termination as the task type.

Input field	Detailed description
Title	Title of the service you want to request
Region	Select location of Samsung Cloud Platform Automatically filled with the region of the Account
Service	Select the service category and service for the given service (auto-select) Service Category: Networking Service: Cloud LAN-Campus
Task classification	Select the Activity you want to perform Create Campus Firewall service: select if you are requesting this service Terminate Campus Firewall service: select if you are terminating this service In this section, you are terminating the Campus Firewall service, so select Campus Firewall service termination.
content	Enter detailed information required to cancel the Campus Firewall service Company/Corporation Name: Required Customer Information (Name/ E-Mail/ Phone Number): Enter user information Content: Required
Attachment	If you have additional files you want to share, proceed with the upload You can attach up to 5 files, each no larger than 5 MB Only doc, docx, xls, xlsx, ppt, ppts, hwp, txt, pdf, jpg, jpeg, png, gif, tif files can be attached

Table. Detailed contents of Campus Firewall service request items

Verify the required information entered on the Service Request page, then click the Request button.
- The requested work is expected to take about 5–7 business days.

Reference

When the service request is completed, a customer representative will contact you separately to cancel the service.
You can contact the responsible AM at Samsung SDS for progress updates and related inquiries.

8.3 - Release Note

Cloud LAN Campus

2025.02.27

NEW Cloud LAN Campus service official version launch

We have launched the Cloud LAN Campus service, which provides an authentication‑based integrated wired/wireless network service within the customer’s premises.

9 - Cloud LAN-Campus

9.1 - Overview

Service Overview

Cloud LAN-Campus is a service that provides a user authentication‑based integrated wired and wireless network environment within the customer’s premises. It offers a versatile integrated network access environment, based on SDN (Software Defined Network), that can be freely used regardless of location within the site through simple user/device authentication. By minimizing physical network equipment and leveraging the cloud, multiple geographically distributed locations can be easily connected. This allows enterprises to reduce the complexity of infrastructure deployment and operation, and to build a flexible, scalable network environment. Additionally, with network design/configuration optimized for the customer’s environment, professional operational systems, and enhanced security management, the site network can be operated more reliably and efficiently.

Provided features

Cloud LAN-Campus provides the following features.

Campus Network: Providing wired and wireless network usage environment and integrated authentication services for the site
- NW Access: Infrastructure (AP, NW Switch, etc.) and SDN system services for site network usage
- NW Authentication: User/device authentication-based network segmentation, integrated management of authentication/security policies across multiple sites, support for various authentication methods (AD, certificates, etc.) and policy operation/management through the service portal (user/administrator)

Features

Rapid Business Site Network Work Environment: Provides a unified wired/wireless network usage environment through a user-authentication-based SDN (Software Defined Network) solution. IP Mobility and device-purpose-based separated networks are applied instantly, and users can easily perform network topology changes via the service portal.
Network Security Enhancement: By applying logical network segmentation and an authentication-based unified wired/wireless security management system, consistent security policies can be enforced for users and devices. Even when users access the headquarters and multiple sites, the same network access environment and security policies can be applied, and authentication information is securely managed under the Samsung Cloud Platform security framework.
Multi-Vendor Acceptance and Total Network Service Provision: Performing multi-vendor network integration certification makes the SDN equipment configuration at each site flexible. Additionally, by providing an integrated service framework instead of customers designing/building/operating/managing the network infrastructure themselves, operational and management efficiency improves. We deliver fast and reliable network services with site-optimized network designs and dedicated teams.
Service-based Integrated Billing System: The billing system can reduce initial investment costs, and when needed, network infrastructure can be expanded and capacity increased. It provides usage-based authentication services, and no separate operational staff or maintenance contracts are required.
Various authentication methods and scalability: We provide the optimal authentication solution for customers using various authentication methods. Additionally, we enable functional expansion through integration with client systems (groupware, security systems, etc.) and allow differentiated policy management based on security levels per site.

Component

Cloud LAN-Campus provides services across the entire network within the site. The components are as follows, and related services can be created.

Category	Detailed description
Network authentication	Network access authentication and network segmentation, security policy management Multi-vendor network unified authentication management Apply unified policies between headquarters and branches, support roaming Provide various authentication methods (certificate, AD, account/MAC, etc.) and scalability
Service portal	Provision of unified wired/wireless authentication service portal User portal: create/modify/manage user policies Administrator portal: manage authentication policies and monitoring
wired/wireless network	Design and integrated configuration, operation, and management of SDN-based wired and wireless networks
WIPS	Wireless Intrusion Prevention System Configuration/Operation/Management
Network solution	Configuration/operation/management of network solutions such as DHCP, NMS

Table. Cloud LAN-Campus components

Constraints

When using the Cloud LAN-Campus service, there are the following limitations.

Network communication/connection between the customer’s site and the Samsung Cloud Platform region is required to use CLAN authentication.
- Use Cloud Last Mile, dedicated lines, VPN, etc.
If you need to use network equipment from a specific vendor, prior consultation is required.
After creating the service to configure equipment within the site, the start and end times of the service are finalized after consultation with the responsible AM.
When using AD integration for authentication, the authentication-related policy rules must be properly deployed to the user’s PC in advance.
- Issues with AD functionality require management by the client’s AD administrator.
The network segmentation certificate method is supported for the designated OS type (currently limited to Windows), and additional costs apply beyond the certification fee.

Provision status by region

Cloud LAN-Campus can be provided in the environments below.

Region	Provision status
Korea West (kr-west1)	Provided
South Korea South 1 (kr-south1)	Not provided
South Korea South 2 (kr-south2)	Not provided
South Korea 3 (kr-south3)	Not provided

Table. Cloud LAN-Campus Availability by Region

Preceding Service

Cloud LAN-Campus has no prerequisite services.

9.2 - How-to guides

Users can create the service by entering the required information for the Cloud LAN-Campus service and selecting detailed options through the Samsung Cloud Platform Console.

Campus Network Service Creation Request

You can create and use the Campus Network service in the Samsung Cloud Platform Console.

To request the creation of a Campus Network service, follow these steps.

Click the All Services > Networking > Cloud LAN-Campus menu. You will be taken to the Service Home page.
On the Service Home page, click the Cloud LAN-Campus Service Request button. You will be taken to the Support Center > Service Request page.

On the Service Request page, enter or select the required information in the mandatory input fields.

In the task type, select Campus Network Service Request.

Input field	Detailed description
Title	Title of the service you want to request
Region	Select location of Samsung Cloud Platform Automatically filled with the account’s region
Service	Select the service category and service for the given service (auto-select) Service Category: Networking Service: Cloud LAN-Campus
Task classification	Select the type you want to perform Campus Network service request: select if you are requesting a new service
content	Enter detailed information required to create a Campus Network service SCP account name: Enter the account name of Samsung Cloud Platform SCP project name: Enter the project name of Samsung Cloud Platform Company/Corporation name: Enter the company/corporation name Customer information (Name/E-mail/Phone number): Enter user information Desired service start date: Enter the service start date Network segmentation: Yes / No Wired network usage: Yes / No Wireless network usage: Yes / No Wireless WIPS usage: Yes / No Network solution usage (NMS, WAN accelerator, DHCP, etc.): Yes / No Estimated contract period: Enter 4 years, 5 years, or 6 years Operational service: Yes / No
Attachment	If you have additional files you want to share, proceed with the upload You can attach up to 5 files, each no larger than 5 MB Only doc, docx, xls, xlsx, ppt, ppts, hwp, txt, pdf, jpg, jpeg, png, gif, and tif files can be attached

Table. Detailed description of Campus Network service request items

Verify the required information entered on the Service Request page, then click the Request button.
- After the request is completed, check the submitted details on the Support Center > Service Request List page.
- The requested work takes approximately 5 to 7 business days.

reference

Once the service request is completed, a customer representative will contact you separately for site consulting and architecture optimization design.
Ask the Samsung SDS account manager about the progress and service-related matters.

Campus Network Service Cancellation Request

You can cancel the Campus Network service in the Samsung Cloud Platform Console.

To request termination of the Campus Network service, follow the steps below.

Click the All Services > Networking > Cloud LAN-Campus menu. Navigate to the Service Home page.
On the Service Home page, click the Cloud LAN-Campus Service Request button. You will be taken to the Support Center > Service Request page.

On the Service Request page, enter or select the required information in the mandatory input fields.

In the task category, select Campus Network Service Termination.

Input field	Detailed description
Title	Title of the service you want to request
Region	Select location of Samsung Cloud Platform Automatically filled with the account’s region
service	Select the service category and service for the given service (auto-select) Service Category: Networking Service: Cloud LAN-Campus
Task classification	Select the type you want to perform Campus Network service termination: select if you are requesting to terminate the service
content	Enter detailed information required for Campus Network service termination SCP Account Name: Enter the account name of Samsung Cloud Platform SCP Project Name: Enter the project name of Samsung Cloud Platform Customer Information (Name/Company/Department/E-mail/Phone Number): Enter user information Service Termination Request Date: Enter the service termination date Details: Enter additional information
Attachment	If you have additional files you want to share, proceed with the upload You can attach up to 5 files, each no larger than 5 MB Only doc, docx, xls, xlsx, ppt, ppts, hwp, txt, pdf, jpg, jpeg, png, gif, tif files can be attached

Table. Detailed description of Campus Network service request items

Check the required information entered on the Service Request page, and click the Request button.
- When the request is completed, check the submitted details on the Support Center > Service Request List page.
- The requested work takes approximately 5 to 7 business days.

Reference

When the service request is completed, a customer representative will contact you separately to cancel the service.
Contact the Samsung SDS account manager to inquire about the progress and service-related matters.

9.3 - Release Note

Cloud LAN Campus

2025.07.01

NEW Cloud LAN Campus_Enterprise Service Official Version Launch

We have launched the Cloud LAN Campus service, which provides an authentication‑based integrated wired/wireless network service within the customer’s premises.

10 - Cloud LAN-Data Center

10.1 - Overview

Service Overview

The Cloud LAN-Data Center can connect various networks such as servers, WAN Edge, and CX (Cloud eXchange) through a shared network infrastructure based on SDDC (Software-Defined Data Center) within a Samsung Cloud Platform region data center or a customer’s on-premises data center.

Features

Cloud LAN-Data Center provides the following features.

Rapid Network Access: When building a network environment in a Samsung Cloud Platform region or a customer’s on‑premises data center, a fast and secure, enterprise‑customized data center network can be configured using SDDC‑based infrastructure.
Cost Efficiency: By using logical configurations of virtualized infrastructure and optimized designs by experts, a customer-dedicated network with the same effect as a costly standalone physical network infrastructure can be built. The virtualized network environment reduces costs required for building physical infrastructure such as network equipment, data center floor space, and cabling.
Operational Continuity Maintenance: We provide a customized operational environment for each company, configured to preserve existing settings such as network security policies, IP schemes, and network protocols required in various on-premises environments.
Flexible network environment provision: Within an SDDC-based infrastructure, separating edge nodes (external network connection), service nodes (built-in equipment connection), and computing nodes (server connection) enables support for both hardware-type security and network solution appliances that require physical installation in the data center and virtualized equipment.

Provided features

Cloud LAN - Data Center provides the following features.

Diverse Network Integration Virtualization: Provides virtualized resources for flexible N/W configurations and enables the creation of customer-dedicated networks using various Types of vDevice.
Network/Security Solution Integration: Provides virtualization solutions in NFV form, and can configure networks by integrating various types of appliances.

Components

Cloud LAN-Data Center is a service that provides connections between various networks through virtual network configurations within a data center. The components are as follows, and related services can be created.

Category	Detailed description
Cloud LAN Network	Virtual space for logically separated network configuration within the Cloud LAN‑Data Center infrastructure
vRouter	Virtual resources for connecting external lines (L2, L3)
vSwitch	Virtual resources for dedicated customer H/W connections and VLAN provisioning
vFirewall	Virtual firewall to protect infrastructure created within the Cloud LAN-Data Center
vL4/L7	Virtual L4/L7 switch for traffic load balancing within the Cloud LAN-Data Center
vCore	Virtual resources for Full Mesh routing connections
vCable	Virtual Cable for routing connections between virtual resources
Interface	Provides a physical interface on the vDevice that can connect hardware equipment and circuits.

Table. Cloud LAN-Data Center components

Constraints

When using the Cloud LAN-Data Center service, there are the following limitations.

Please inquire 1:1 about the available creation capacity per region.

Provision status by region

Cloud LAN-Data Center can be provided in the environments below.

Region	Provision status
Korea West (kr-west1)	Provide
South Korea South 1 (kr-south1)	Not provided
South Korea South 2 (kr-south2)	Not provided
South Korea 3 (kr-south3)	Not provided

Table. Cloud LAN-Data Center regional offering status

Pre-service

Cloud LAN-Data Center has no prerequisite services.

10.2 - How-to guides

Users can create the service by entering the required information for the Cloud LAN Network service and selecting detailed options through the Samsung Cloud Platform Console.

Create Cloud LAN Network

You can create and use the Cloud LAN Network service in the Samsung Cloud Platform Console.

Reference

You can apply for up to 5 Cloud LAN Networks.

To request the creation of a Cloud LAN Network service, follow these steps.

Click the All Services > Networking > Cloud LAN-Data Center menu. You will be taken to the Cloud LAN-Data Center Service Home page.
On the Cloud LAN-Data Center Service Home page, click the Cloud LAN Network Create button. You will be taken to the Cloud LAN Network Create page.

On the Cloud LAN Network Creation page, enter the required information in the service information input area, and click the Complete button.

Enter or select the required information in the service information input area.

Category	Required status	Detailed description
Cloud LAN Network name	Required	Enter the name of the Cloud LAN Network to create Enter 3‑21 characters using English letters, numbers, and special characters
Cloud LAN Network location	Required	Select Cloud LAN Network location
description	Select	Enter additional information or description about the Cloud LAN Network service.

Table. Cloud LAN Network service information input items

In the Additional Information Input area, enter or select the required information.
Category
Required?
Detailed description
tag Select Add Tag
Up to 50 per resource can be added
After clicking the Add Tag button, enter or select Key and Value values
Table. Cloud LAN Network additional information input fields

Once creation is complete, check the created resources on the Cloud LAN Network List page.

Check detailed information of Cloud LAN Network

The Cloud LAN Network service allows you to view and edit the list of connected resources and detailed information. Cloud LAN Network Details page consists of Details, Connected Resources, Tags, Activity History tabs.

To view detailed information about the Cloud LAN Network, follow these steps.

Click the All Services > Networking > Cloud LAN-Data Center menu. Navigate to the Cloud LAN-Data Center Service Home page.
Cloud LAN-Data Center Service Home page, click the Cloud LAN Network menu. You will be taken to the Cloud LAN Network list page.
On the Cloud LAN Network List page, click the resource you want to view detailed information for. You will be taken to the Cloud LAN Network Details page.
- Cloud LAN Network Details page displays status information and additional feature information, and is composed of Details, Connected Resources, Tags, Activity History tabs.
  Category Detailed description
  Service status Service status display
  Creating: Creating
  Active: Running
  Deleting: Deleting
  Failed: Creation/Deletion failed
  Service termination Cancel Service button
  Table. Cloud LAN Network status information and additional functions

Detailed Information

Cloud LAN Network List page lets you view detailed information of the selected resource and modify it if necessary.

Category	Detailed description
Service	service name
Resource Type	Resource Type
SRN	Unique resource ID in Samsung Cloud Platform
Resource Name	Resource Name
Resource ID	Service’s unique resource ID
constructor	User who created the service
Creation date and time	Service creation timestamp
Editor	User who modified the service
Modification date and time	Date and time the service was modified
Service Information	Created service details Click the Edit icon in the description to edit

Table. Cloud LAN Network detailed information tab items

Connected resource

On the Cloud LAN Network List page, you can view the vDevice information assigned to the selected resources.

Category	Detailed description
vDevice List	Display vDevice information and status assigned to the created service

Table. Cloud LAN Network Connected Resources Tab Detailed Information Items

Job History

Cloud LAN Network List page allows you to view the operation history of the selected resource.

Category	Detailed description
Task History List	Resource Change History Operation Time, Resource ID, Resource Name, Operation Details, Event Topic, Operation Result, Check Operator Information

Table. Cloud LAN Network Work History Tab Detailed Information Items

Terminate Cloud LAN Network

To cancel the Cloud LAN Network, follow these steps.

Caution

If other resources are connected to the Cloud LAN Network, you cannot cancel the service. Delete all connected resources before canceling the service.
If the Cloud LAN Network service status is Creating or Deleting, the service cannot be terminated.
If you cancel the Cloud LAN Network service, it will be deleted immediately and cannot be recovered. Since canceling the service may cause the running service to stop immediately, please carefully consider the impact of service interruption before proceeding with the cancellation.

Click the All Services > Networking > Cloud LAN-Data Center menu. You will be taken to the Cloud LAN-Data Center Service Home page.
Cloud LAN-Data Center Service Home page, click the Cloud LAN Network menu. You will be taken to the Cloud LAN Network list page.
On the Cloud LAN Network List page, click the resource you want to view detailed information for. You will be taken to the Cloud LAN Network Detail page.
On the Cloud LAN Network Details page, click the Service Termination button.
When the termination is complete, check whether the resource has been deleted in the Cloud LAN Network list.

10.2.1 - vDevice

Users can create the service by entering the required information for the vDevice service and selecting detailed options through the Samsung Cloud Platform Console.

Create vDevice

You can create and use the vDevice service in the Samsung Cloud Platform Console.

Reference

To request a vDevice, a Cloud LAN Network must be created. * Check the Cloud LAN Network information before applying for a vDevice.
The detailed configuration of the generated vDevice uses a separate operating platform (NiO). * For NiO-related inquiries, please submit your request through Support Center > Contact and we will provide guidance.

To request the creation of a vDevice service, follow these steps.

All Services > Networking > Cloud LAN-Data Center menu, click it. 1. Navigate to the Cloud LAN-Data Center Service Home page.
On the Cloud LAN-Data Center Service Home page, click the Create vDevice button. 2. Navigate to the vDevice Creation page.

On the vDevice Creation page, enter the relevant information in the service information input area.

Enter or select the required information in the service information input area.

Category	required status	Detailed description
Cloud LAN Network name	Required	Select the Cloud LAN Network to assign the vDevice
vDevice Type	Required	Select the type of vDevice to create vRouter: virtual resource for connecting external lines (L2, L3) vSwitch: virtual resource for connecting customer-dedicated hardware and providing VLANs vFirewall: virtual firewall for protecting infrastructure created within the Data Center vCore: inter-resource connection service for Full-Mesh communication between virtual resources vL4/L7: virtual L4/L7 switch for traffic load balancing within Cloud LAN-Data Center vTAP : virtual resource for replicating traffic within Cloud LAN-Data Center and sending it to other devices
vDevice Type > vRouter	Required	Enter the name to create when selecting vRouter Enter using letters, numbers, and special characters, 3-21 characters long
vDevice Type > vSwitch	Required	Enter the name to create when selecting a vSwitch Use English letters, numbers, and special characters, 3-21 characters
vDevice Type > vFirewall	Required	Select creation information when choosing vFirewall vFirewall: Enter the name to create Vendor: Select vendor Type: Choose the plan of the selected vendor Redundancy: Choose whether to use redundancy, when Enabled is selected the cost for two firewalls is charged, and when not selected a single configuration is applied Log storage option: Choose whether to use log storage, logs are stored on a single server and even if redundancy is selected only one server’s fee is charged Contract period: Select contract period
vDevice Type > vCore	Required	Enter the name to create when selecting vCore Enter using letters, numbers, and special characters, 3 to 21 characters
vDevice Type > vL4/L7	Required	Select creation information when choosing vL4/L7 vL4/L7 name: Enter the name to create Unit: Enter the number of units to use (1-20) Redundancy: Choose whether to use firewall redundancy Contract period: Select the contract period
vDevice Type > vTAP	Required	Select creation information when choosing vTAP vTAP name: Enter the name to create Redundancy: Choose whether to use vTAP redundancy Contract period: Select contract period

Table. vDevice service information input items

Reference

When applying for a vFirewall, a Firewall Interface is created automatically. Detailed firewall information by vendor is as follows.

vendor	Firewall type	Interface count	Generated vFirewall Interface
SECUI	6 Gbs, 5,000 Rules	3	int / ext / dmz.1
SECUI	12 Gbs, 15,000 Rules	3	int / ext / dmz.1
SECUI	30 Gbs, 30,000 Rules	4	int / ext / dmz.1 / dmz.2
SECUI	60 Gbs, 100,000 Rules	5	int / ext / dmz.1 / dmz.2 / dmz.3
Fortinet	1 Gbs, 1,000 Rules	3	int / ext / dmz.1

Table. Detailed Firewall information by vendor

In the Additional Information Input area, enter or select the required information.
Category
required status
Detailed description
Tag Select Add Tag
Up to 50 can be added per resource
After clicking the Add Tag button, enter or select Key, Value values
Table. vDevice additional information entry fields

Summary Check the detailed information and estimated charges generated in the panel, and click the Complete button.
- When creation is complete, check the created resources on the vDevice List page.

Check vDevice detailed information

The vDevice service allows you to view and edit the list of connected resources and their detailed information. The vDevice Details page consists of Details, Connected Resources, Tags, Activity History tabs.

To view detailed information about the vDevice, follow these steps.

Click the All Services > Networking > Cloud LAN-Data Center menu. 1. Navigate to the Cloud LAN-Data Center Service Home page.
From the Cloud LAN-Data Center Service Home page, click the vDevice menu. 2. Navigate to the vDevice List page.
vDevice List page, click the resource to view detailed information. 4. Go to the vDevice Details page.
- vDevice Details page displays status information and additional feature information, and consists of Details, Connected Resources, Tags, Activity History tabs.
  Category Detailed description
  Service status Service status display
  Creating: Creating
  Active: Running
  Deleting: Deleting
  Failed: Creation/Deletion failed
  Delete vDevice Delete Service button
  Table. vDevice status information and additional functions

Detailed Information

On the vDevice List page, you can view detailed information of the selected resource and, if necessary, edit the information.

Category	Detailed description
service	Service name
Resource Type	Resource Type
SRN	Unique resource ID in Samsung Cloud Platform
Resource name	Resource Name
Resource ID	Service’s unique resource ID
Constructor	User who created the service
Creation date and time	Service creation date and time
Editor	User who modified the service
Modification date	Date and time of service modification
Service Information	Created service details The displayed items vary depending on the creation type

Table. vDevice detailed information tab items

Connected resource

On the vDevice List page, you can view the resources allocated to the selected resource.

Category	Detailed description
List of connected resources	Display detailed information and status of resources allocated to the created service The displayed items vary depending on the creation type

Table. vDevice Connected Resources Tab Detailed Information Items

Job History

You can view the operation history of the selected resource on the vDevice list page.

Category	Detailed description
Task History List	Resource Change History Operation Timestamp, Resource ID, Resource Name, Operation Details, Event Topic, Operation Result, Operator Information

Table. vDevice operation history tab detailed information items

Terminate vDevice

To terminate the vDevice, follow the steps below.

Caution

If other resources are connected to the vDevice, the service cannot be terminated. Delete all connected resources, then cancel the service.

Click the All Services > Networking > Cloud LAN-Data Center menu. 1. Navigate to the Cloud LAN-Data Center Service Home page.
On the Cloud LAN-Data Center Service Home page, click the vDevice menu. 2. Navigate to the vDevice List page.
On the vDevice List page, click the resource to view its detailed information. 4. Navigate to the vDevice Details page.
On the vDevice Detail page, click the vDevice Delete button.
After termination is complete, check whether the resource has been deleted from the vDevice list.

10.2.2 - Interface

Users can create the Interface service by entering its required information and selecting detailed options through the Samsung Cloud Platform Console.

Create Interface

You can create and use an Interface service in the Samsung Cloud Platform Console.

Reference

To request an Interface, a Cloud LAN Network and vDevice must be created. Before requesting an Interface, verify the Cloud LAN Network and vDevice information.
Interface is a function that assigns a physical port to a pre‑created vDevice. Interface can only be requested for vRouter and vSwitch.
When a vFirewall is created, interfaces are automatically generated to match the quantity specified for each spec.

To request the creation of an Interface service, follow these steps.

Click the All Services > Networking > Cloud LAN-Data Center menu. You will be taken to the Cloud LAN-Data Center Service Home page.
From the Cloud LAN-Data Center Service Home page, click the Create Interface button. You will be taken to the Create Interface page.

On the Interface creation page, enter the relevant information in the service information input area.

Enter or select the required information in the service information input area.

Category

Required status

Detailed description

Cloud LAN Network name

Required

Select the Cloud LAN Network to assign to the Interface

vDevice Type

Required

Select the type of vDevice to use

vRouter: virtual resource for connecting external lines (L2, L3)

vSwitch: virtual resource for connecting customer-dedicated hardware and providing VLANs

vDevice Type Details

Required

Select detailed information for vDevice type

vDevice Name: Select a vDevice

Interface Type: Select the type of Interface to use

Interface Name: Enter the Interface name

You can add up to 5 Interface entries; press the (+) button to add an entry, and the (x) button to delete an entry

Interface Redundancy: Set whether Interface redundancy is enabled; selecting redundancy incurs charges for two ports

Contract Period: Select the desired contract period

Table. Interface service information input fields

In the Additional Information Input area, enter or select the required information.
Category
Required status
Detailed description
Tag Select Add Tag
Up to 50 can be added per resource
Add Tag button after clicking, input or select Key, Value values
Table. Interface additional information input fields

Summary Check the detailed information and estimated billing amount generated in the panel, and click the Complete button.
- Once creation is complete, check the created resources on the Interface List page.

Check interface detailed information

The Interface service allows you to view and edit the list of connected resources and detailed information. Interface Details page consists of Detailed Information, Tags, Activity Log tabs.

To view detailed information about the Interface, follow these steps.

Click the All Services > Networking > Cloud LAN-Data Center menu. Go to the Cloud LAN-Data Center Service Home page.
On the Cloud LAN-Data Center Service Home page, click the Interface menu. You will be taken to the Interface List page.
Click the resource to view detailed information on the Interface List page. You will be taken to the Interface Details page.
- Interface Details page displays status information and additional feature information, and consists of Details, Tags, Activity Log tabs.
  Category Detailed description
  Service status Service status display
  Creating: In progress
  Active: Running
  Deleting: In progress
  Failed: Creation/Deletion failed
  Delete Interface Delete Service button
  Table. Interface status information and additional functions

Detailed Information

Interface list page allows you to view detailed information of the selected resource and edit the information if needed.

Category	Detailed description
service	Service name
Resource Type	Resource Type
SRN	Unique resource ID in Samsung Cloud Platform
Resource name	Resource Name
Resource ID	Service’s unique resource ID
constructor	User who created the service
Creation Timestamp	Service creation timestamp
Editor	User who modified the service
Modification date and time	Date and time the service was modified
vDevice Type	vDevice Type information
vDevice name	vDevice name
Interface Type	Interface Type information
Port redundancy	Whether to use port redundancy
Contract period	Selected contract term

Table. Interface detailed information tab items

Job History

On the Interface list page, you can view the operation history of the selected resource.

Category	Detailed description
Task History List	Resource Change History Operation Time, Resource ID, Resource Name, Operation Details, Event Topic, Operation Result, Check operator information

Table. Interface work history tab detailed information items

Terminate Interface

To cancel the Interface, follow these steps.

Click the All Services > Networking > Cloud LAN-Data Center menu. You will be taken to the Cloud LAN-Data Center Service Home page.
On the Cloud LAN-Data Center Service Home page, click the Interface menu. You will be taken to the Interface List page.
On the Interface List page, click the resource for which you want to view detailed information. You will be taken to the Interface Details page.
On the Interface Details page, click the Delete Interface button.
When the termination is complete, check whether the resource has been deleted in the Interface list.

10.2.3 - vCable

Users can create the service by entering the required information for the vCable service and selecting detailed options through the Samsung Cloud Platform Console.

Create vCable

You can create and use the vCable service in the Samsung Cloud Platform Console.

Reference

To request a vCable, a Cloud LAN Network and a vDevice must be created. Before requesting a vCable, verify the Cloud LAN Network and vDevice information.
Only vCable configurations between vDevices created in the same Cloud LAN Network are possible.

To request the creation of a vCable service, follow these steps.

Click the All Services > Networking > Cloud LAN-Data Center menu. You will be taken to the Cloud LAN-Data Center Service Home page.
On the Cloud LAN-Data Center Service Home page, click the Create vCable button. You will be taken to the Create vCable page.

On the vCable Creation page, enter the relevant information in the service information input area.

Enter or select the required information in the service information input area.

Category

Required status

Detailed description

Cloud LAN Network name

Required

Select the Cloud LAN Network to assign the vCable.

vCable Type

Required

Select the type of vCable to create

Static: Provides a 1:1 connection between vDevices; when configuring vDevice A and vDevice B, select different virtual resources

vCore: Provides Multi Peering between vDevices, connecting multiple vDevices to enable connections between vDevices

vCable Type > Details

Required

Enter detailed information according to vCable Type

vCable Name: Enter the name of the vCable to create

vDevice A: Select vDevice A

vDevice B: Select vDevice B

Select vDevice A and B sequentially; if a vFirewall Interface is selected from the A list, it will not appear in the B list

When the vCable Type is Static, vCore cannot be selected on vDevice A or vDevice B

When the vCable Type is vCore, vCore can be selected only on vDevice A

A vDevice can be connected to only one vCable

A vFirewall can connect a vCable using a vFirewall Interface

Table. vCable Service Information Input Items

In the Additional Information Input area, enter or select the required information.
Category
required or not
Detailed description
tag Select Add Tag
Up to 50 can be added per resource
Add Tag After clicking the Add Tag button, enter or select Key, Value values
Table. vCable additional information input fields

Summary Check the detailed information and estimated billing amount generated in the panel, and click the Complete button.
- When creation is complete, check the created resources on the vCable List page.

Check vCable detailed information

The vCable service allows you to view and edit the list of connected resources and detailed information. vCable Details page consists of Details, Tags, Activity Log tabs.

To view detailed vCable information, follow these steps.

Click the All Services > Networking > Cloud LAN-Data Center menu. You will be taken to the Cloud LAN-Data Center Service Home page.
On the Cloud LAN-Data Center Service Home page, click the vCable menu. You will be taken to the vCable List page.
Click the resource to view detailed information on the vCable List page. You will be taken to the vCable Detail page.
- vCable Details page displays status information and additional feature information, and consists of Details, Tags, Work History tabs.
  Category Detailed description
  Service status Service status display
  Creating: Creating
  Active: Running
  Deleting: Deleting
  Failed: Creation/Deletion failed
  Delete vCable Delete Service button
  Table. vCable status information and additional functions

Detailed Information

On the vCable List page, you can view detailed information of the selected resource and edit the information if needed.

Category	Detailed description
service	Service name
Resource Type	Resource Type
SRN	Unique resource ID in Samsung Cloud Platform
Resource name	Resource name
Resource ID	Service’s unique resource ID
constructor	User who created the service
Creation date and time	Service creation timestamp
Editor	User who modified the service
Modification date and time	Date and time the service was modified
vDevice Type	vDevice Type categories
vDevice A name	vDevice A name
vDevice B name	vDevice B name

Table. vCable detailed information tab items

Job History

You can view the operation history of the selected resource on the vCable List page.

Category	Detailed description
Task History List	Resource Change History Operation Time, Resource ID, Resource Name, Operation Details, Event Topic, Operation Result, Check operator information

Table. vCable operation history tab detailed information items

Terminate vCable

To cancel vCable, follow the steps below.

Click the All Services > Networking > Cloud LAN-Data Center menu. You will be taken to the Cloud LAN-Data Center Service Home page.
On the Cloud LAN-Data Center Service Home page, click the vCable menu. You will be taken to the vCable List page.
On the vCable List page, click the resource to view its details. You will be taken to the vCable Details page.
On the vCable Details page, click the Delete vCable button.
After termination is complete, verify that the resource has been deleted from the vCable list.

10.2.4 - vEdge

Users can apply for the service by entering the required information for using the vEdge service through the Samsung Cloud Platform Console.

Create vEdge

You can request and use the vEdge service from the Samsung Cloud Platform Console.

To request the creation of a vEdge service, follow these steps.

Click the All Services > Networking > Cloud LAN-Data Center menu. You will be taken to the Cloud LAN-Data Center Service Home page.
On the Service Home page, click the vEdge Service Request button. You will be taken to the Support Center > Service Request List > Service Request page.

On the Service Request page, enter or select the required information in the mandatory input fields.

In the task category, select vEdge creation.

Input field	Detailed description
Title	Enter the title of the service request Example: vEdge Service Creation Request
Region	Select the location of the Samsung Cloud Platform Automatically filled with the region corresponding to the Account
service	Select the service category and service. If you click the vEdge service request button, it is entered automatically Service Category: Networking Service: vEdge
Task classification	Select the type you want to request Create vEdge: select when requesting a new service
content	Guidance on the service application process and reference information
Attachment	If you have a file you want to share via the repository, proceed with the upload You can attach up to 5 files, each no larger than 5 MB Only files with the following extensions are allowed: doc, docx, xls, xlsx, ppt, ppts, hwp, txt, pdf, jpg, jpeg, png, gif, tif

Table. vEdge Service Creation Request Items

Check the required information entered on the Service Request page, and click the Request button.
- When the request is completed, check the submitted details on the Support Center > Service Request List page.

Check vEdge application details

You can view the vEdge service subscription and cancellation history in the Samsung Cloud Platform Console.

To check the vEdge service application details, follow these steps.

Click the All Services > Management > Support Center menu. Go to the Support Center > Service Home page.
On the Support Center Service Home page, click the Service Request menu. You will be taken to the Service Request List page.
On the Service Request List page, click the Title of the service request you submitted. You will be taken to the Service Request Details page.
On the Service Request Details page, view the request status and information.

Information

When a service request is received, the sales/operations staff verify the service application details and proceed with the vEdge service for the entered information.

Terminate vEdge

To request cancellation of the vEdge service, follow the steps below.

Click the All Services > Management > Support Center menu. You will be taken to the Support Center > Service Home page.
On the Support Center Service Home page, click the Service Request button. You will be taken to the Service Request List page.
On the Service Request List page, click the Service Request button. You will be taken to the Service Request page.

Service Request page: enter or select the required information in the mandatory input fields.

Select vEdge termination in the task category.

Input field	Detailed description
Title	Enter the title of the service request Example: vEdge Service Termination Request
Region	Select the location of Samsung Cloud Platform Automatically filled with the region corresponding to the Account
Service	Select service category and service Service Category: Networking Service: vEdge
Task classification	Select the type of request you want to make vEdge termination: select if you are terminating the service
content	Guide to the service application process and reference information
Attachment	If you have additional files you want to share, proceed with the upload You can attach up to 5 files, each within 5 MB Only doc, docx, xls, xlsx, ppt, ppts, hwp, txt, pdf, jpg, jpeg, png, gif, tif files can be attached

Table. vEdge Service Termination Request Items

Check the required information entered on the Service Request page, and click the Request button.
- When the request is completed, check the submitted details on the Support Center > Service Request List page.
- Service termination takes 5–7 business days, including the cancellation request date.

10.3 - Release Note

Cloud LAN-Data Center

2026.05.21

FEATURE Change of offered services in a specific region, addition of vTAP option

The services provided in specific Samsung offering regions (kr-west1/kr-east1) have changed.
The vTAP option has been added to the Cloud LAN - Data Center service in Samsung’s offering.

2025.07.01

NEW Cloud LAN-Data Center Common Feature Change

Samsung Cloud Platform Common Feature Changes
- Account, IAM, Service Home, tags, and other common CX changes have been reflected.

2025.02.27

NEW Cloud LAN-Data Center service official launch

We have launched the Cloud LAN-Data Center service, which provides connections between various networks through virtual network configurations within the data center.

11 - Cloud WAN

11.1 - Overview

Service Overview

Cloud WAN is a service that provides network connectivity between Samsung Cloud Platform global regions and customer locations. This offering is based on network traffic usage and provides differentiated operational management services according to the selected service level.

The Cloud WAN service consists of the customer virtual backbone Cloud WAN Network, the Segment that provides logical network segmentation by purpose, and the Attachment that connects Samsung Cloud Platform Compute resources or receives a dedicated line from the customer’s site and connects it to a Segment.

For example, to configure a backbone network connection from a system in a Samsung Cloud Platform region to a customer’s overseas location, the following settings are required in the user console. First, create the customer’s virtual backbone Cloud WAN Network. Next, select the access location, service level, contract period, and other options to create a segment that fits the intended use. Then, by attaching the segment at the region or the customer’s location, the backbone network between the SCP region and the customer locations is connected, enabling communication between them.

Service Architecture Diagram

Provided features

Cloud WAN provides the following features.

Rapid Backbone Network Configuration: Customers using Samsung Cloud Platform can select desired site locations, create a virtual global backbone network, and configure a fast and secure cloud network between Samsung Cloud Platform regions and customer sites, as well as among customer sites.
Providing Various Network Edge Connection Types: By offering various Edge types that can connect to Cloud WAN, Samsung Cloud Platform Compute resources can be conveniently connected via Transit Gateway, and customers’ on‑premise local lines can be connected via Site Connect.
Cost Optimization Through Multi-Path Selection Feature: Unlike traditional backbone network line services based on line bandwidth, we charge only for the actual usage in the desired segment, and provide a transmission path option (Gold/Silver) selection feature based on traffic characteristics, enabling line cost optimization.
Service Level-Based Operations Management: Customers can choose the utilization mode of the Cloud WAN backbone transport network, the provided features, monitoring, fault management, and technical support level, and receive differentiated network operations management services according to the selected service level.

Component

The Cloud WAN service provides a global customer virtual backbone network. The components are as follows, and users can create resources directly through the user Console.

Category	Detailed description
Cloud WAN Network	Customer-specific virtual backbone network
Segment	Logical virtual routing domains in Cloud WAN Network, categorized by usage Access Location, service level, contract period, multiple path option selection
Access Location	Physical base location for constructing a Segment
Attachment	Connect Samsung Cloud Platform or the customer’s dedicated line Edge resources
Transit Gateway	Edge connection type for connecting Samsung Cloud Platform Compute resources
Site Connect	Edge connection type for connecting customer site dedicated line resources (CE equipment)
CE equipment	Network equipment that receives the dedicated line at the customer’s site (Customer Edge)
Segment Sharing	Provides routing exchange settings to enable mutual communication among resources connected to different segments.

Table. Cloud WAN components

Constraints

The Cloud WAN service has the following limitations.

You can create one Cloud WAN Network per account.
You can create up to five Segments in a single Cloud WAN Network.
You can create up to 50 Attachments in a single Segment.
You can create up to 10 Segment Sharings for a single Segment.
Connections between Segment and Attachment are allowed only within the same project, through request and approval.
- However, Segment Sharing can be linked across different projects through request and approval.

Provision status by region

The Cloud WAN service is available in the environments below.

Region	Provision status
Korea West 1 (kr-west1)	Provided
Korea East 1 (kr-east1)	Not provided
South Korea South 1 (kr-south1)	Not provided
South Korea South 2 (kr-south2)	Not provided
Korea South 3(kr-south3)	Not provided

Table. Cloud WAN regional availability status

Preliminary Service

This is a list of services that must be pre-configured before creating the service. Please refer to the guide provided for each service and prepare in advance.

Service Category	Service	Detailed description
Networking	Transit Gateway	A service that securely and quickly connects Compute resources within the Samsung Cloud Platform to a Cloud WAN Segment.

Table. Cloud WAN Pre‑Service

11.1.1 - Monitoring Metrics

Cloud Monitoring service termination notice

According to Samsung Cloud Platform’s policy, the Cloud Monitoring service is scheduled to be discontinued in September 2026.
Accordingly, after the September 2026 release, resource monitoring of the Samsung Cloud Platform via Cloud Monitoring will no longer be possible.

With the new alternative service, you can continuously conduct resource monitoring by using ServiceWatch, released in October 2025.
ServiceWatch provides more modern and powerful features, replacing Cloud Monitoring to deliver a smooth monitoring environment.

Block Storage is planned to be integrated with ServiceWatch starting after the September 2026 release.
Detailed information about ServiceWatch can be found in the ServiceWatch Overview.

Cloud WAN monitoring metrics

The table below shows the monitoring metrics for Cloud WAN that can be viewed in Cloud Monitoring. For detailed usage of Cloud Monitoring, see the Cloud Monitoring guide.

Performance items	Detailed description	unit
Instance Status	Attachment connection status	status
Network in bytes	In bytes (inbound traffic usage per interval)	bytes
Network In Error Packets	In Error Packet count (number of received error packets per cycle)	Cnt
Network In Packets [Broadcast]	In Broadcast Packet count (number of Broadcast packets per cycle)	Cnt
Network In Packets [Dropped]	In Dropped Packet count (number of dropped packets per cycle)	Cnt
Network In Packets [Multicast]	In Multicast Packet count (number of Multicast packets per cycle)	Cnt
Network In Packets [Unicast]	In Unicast Packet count (number of Unicast packets per cycle)	Cnt
Network out bytes	Out bytes(Outbound traffic usage per interval)	bytes
Network Out Error Packets	Out Error Packet count (number of transmission error packets per cycle)	Cnt
Network Out Packets [Broadcast]	Out Broadcast Packet count (number of Broadcast packets per cycle)	Cnt
Network Out Packets [Dropped]	Out Dropped Packet count (number of dropped packets per cycle)	Cnt
Network Out Packets [Multicast]	Out Multicast Packet count (number of Multicast packets per cycle)	Cnt
Network Out Packets [Unicast]	Out Unicast Packet count (Unicast packet count per cycle)	Cnt

Table. Cloud WAN basic monitoring metrics

11.2 - How-to guides

Users can enter the required Cloud WAN information and select detailed options to create a service through the Samsung Cloud Platform Console.

Create Cloud WAN Network

You can create and use a Cloud WAN Network in the Samsung Cloud Platform Console.

Caution

Only one Cloud WAN Network can be requested per account.

To create a Cloud WAN Network, follow these steps.

All Services > Networking > Cloud WAN Click the menu. 1. Navigate to the Service Home page of Cloud WAN.
On the Service Home page, click the Create Cloud WAN Network button. 2. Go to the Create Cloud WAN Network page.

On the Create Cloud WAN Network page, enter the information required to create the service and select detailed options.

In the Service Information Input area, enter or select the required information.

Category	required status	Detailed description
Cloud WAN Network name	Required	Enter the name of the Cloud WAN Network to create Enter using English letters (uppercase and lowercase) and numbers, 3 to 20 characters

Table. Cloud WAN Network Service Information Input Items

Additional Information Input area, enter or select the required information.
Category
required status
Detailed description
Explanation Select Enter resource description
tag Select Add tag
Up to 50 tags can be added per resource
Table. Cloud WAN Network additional information entry items

In the summary panel, review the service information and estimated charges, then click the Create button.
- Once creation is complete, check the created resources on the Cloud WAN Network List page.

Check detailed information of Cloud WAN Network

The Cloud WAN Network service can view and edit the full resource list and detailed information from the Cloud WAN Network menu. Cloud WAN Network Details page is composed of the Detail Information, Connected Resources, Tags, and Operation History tabs.

To view detailed information about the Cloud WAN Network, follow these steps.

Click the All Services > Networking > Cloud WAN menu. 1. Navigate to the Service Home page of Cloud WAN.
On the Service Home page, click the Cloud WAN Network menu. 2. Go to the Cloud WAN Network List page.

Cloud WAN Network List page, click the resource for which you want to view detailed information. 3. Cloud WAN Network Details Navigate to the page.

Cloud WAN Network Details page displays status information and additional feature information, and consists of Details, Connected Resources, Tags, Activity History tabs.

Category

Detailed description

status

Current service status

Creating: Service creation in progress

Active: Service operating normally

Deleting: Service deletion in progress

Failed: Service failed

Error: Service status cannot be determined

Service termination

Service termination button

If there are no connected services, the Cloud WAN Network can be terminated

Table. Cloud WAN Network status information and additional feature items

Detailed Information

Detailed Information tab allows you to view the detailed information of the selected Cloud WAN Network.

Category	Detailed description
service	Service name
Resource Type	Resource Type (Cloud WAN Network)
SRN	Unique resource ID in Samsung Cloud Platform
Resource name	Resource Name
Resource ID	Unique resource ID in the service
Constructor	Service creation request user
Creation date and time	Service creation date and time
Modifier	Service modification request user
Modification timestamp	Service modification date and time
Cloud WAN Network name	Cloud WAN Network name
Segment count	Number of used segments
Explanation	Description of the service Edit icon can be clicked to edit the description

Table. Cloud WAN Network detailed information tab items

Connected resource

In the Connected Resources tab, you can view Segment connection status information.

Category	Detailed description
Segment name	Segment resource name
Segment ID	Segment ID information
status	Service resource status information

Table. Cloud WAN Network Connected Resources Tab Items

Job History

In the Work History tab, you can view the operation history of the selected resource.

Category

Detailed description

Task History List

Resource Change History

You can view operation date/time, resource type, resource name, operation details, operation result, operator name, and path information

To perform an advanced search, click the Advanced Search button

Table. Cloud WAN Network Operation History Tab Detailed Information Items

Terminate Cloud WAN Network

Terminating an unused Cloud WAN Network can reduce operating costs.

Caution

If there are resources connected to the Cloud WAN Network, the service cannot be terminated. * Delete the connected resources first, then terminate the service.
If the service status of Cloud WAN Network is Creating or Deleting, the service cannot be terminated.

To cancel the Cloud WAN Network, follow the steps below.

Click the All Services > Networking > Cloud WAN menu. 1. Navigate to the Service Home page of Cloud WAN.
On the Service Home page, click the Cloud WAN Network menu. 2. Cloud WAN Network List Navigate to the page.
On the Cloud WAN Network List page, click the resource to terminate. 3. Cloud WAN Network Details Navigate to the page.
Cloud WAN Network Details on the page, click the Cancel Service button.
After termination is complete, check the resource termination status in the Cloud WAN Network list.

Create Segment

You can create a Segment in the Samsung Cloud Platform Console and use it.

Caution

You can request up to 5 Segments per Cloud WAN Network.

To create a Segment, follow these steps.

All Services > Networking > Cloud WAN Click the menu. 1. Navigate to the Service Home page of Cloud WAN.
From the Service Home page’s drop-down, click the Create Segment button. 2. Navigate to the Create Segment page.

Segment creation page, enter the information required to create the service and select detailed options.

In the Service Information Input area, enter or select the required information.

Category	required status	Detailed description
Cloud WAN Network name	Required	Select Cloud WAN Network Click +Create New to create a Cloud WAN Network and then select it
Segment name	Selection	After entering the Segment name, click the Duplicate Check button
Access Location	Required	Select the location to connect the Segment Only one Access Location can be selected Detailed Information > Connected Resources tab allows adding Access Locations one at a time Access Locations can be added up to the number of Cloud WAN service deployment locations
Service type	Required	Select Segment service type Select usage region (global) * Global is for connecting domestic and overseas regions Select service level (PremiumPlusG) * Dedicated TAM assignment, advanced technical support service provided Select contract term (none, 3 years, 5 years, 7 years) * Contract discount rate automatically applied based on term
Multiple paths	Selection	Multi-path transmission selection (available after July 2026) Default path: Gold (3-way architecture, critical tasks) Optional path : Silver (2-way architecture, standard)

Table. Segment service information entry fields

In the Additional Information Input area, enter or select the required information.
Category
required status
Detailed description
Explanation Selection Enter description for Segment
tag Selection Add tags
Up to 50 tags can be added per resource
Table. Segment additional information input fields

In the summary panel, check the service information and estimated charges, and click the Create button.
- When creation is complete, check the created resources on the Segment list page.

Caution

After creating the Segment, set the following in the Details > Connected Resources tab.

Link the attachment created in the same account to the segment.
To connect between different accounts, configure Segment Sharing.

Check segment detailed information

You can view and edit Segment in the Segment menu, where you can see the full resource list and detailed information. The Segment Details page consists of the Details, Connected Resources, Multi-Path, Tags, Activity History tabs.

To view the detailed information of the Segment, follow these steps.

All Services > Networking > Cloud WAN Click the menu. 1. Navigate to the Service Home page of Cloud WAN.
On the Service Home page, click the Segment menu. 2. Navigate to the Segment list page.

On the Segment List page, click the resource to view detailed information. 3. Go to the Segment Details page.

Segment Details page displays status information and additional feature information, and consists of Details, Connected Resources, Multi-Path, Tags, Activity History tabs.

Category

Detailed description

status

Current service status

Creating: Service is being created

Active: Service is operating normally

Deleting: Service deletion requested

Failed: Service creation failed

Error: An unknown error occurred in the service

Delete Segment

Segment delete button

If there is no connected service, the Segment can be deleted

Table. Segment status information and additional feature items

Detailed Information

Detailed Information tab allows you to view detailed information of the selected Segment.

Category	Detailed description
service	Service name
Resource Type	Resource Type (Segment)
SRN	Unique resource ID in Samsung Cloud Platform
Resource name	Resource name
Resource ID	Unique resource ID in the service
Constructor	Service creation request user
Creation date and time	Service creation date and time
Modifier	Service modification request user
Modification date	Service modification date and time
Segment name	Segment name
Access Location count	Number of access locations (Access Location) connected to the segment
Regional classification	Select usage region (global, domestic) Domestic is currently unavailable
Service level	Select provided service level (PremiumPlusG, LIteG) iteG is currently unavailable
Contract period	Service usage commitment period Apply discount rates by commitment period
Attachment count	Number of Attachments linked to Segment
Multiple paths	Select the transmission path option (Gold/Silver) used by Segment Available after July 2026
Explanation	Description of the Segment Click the Edit icon to edit the description

Table. Segment detailed information tab items

Connected resource

In the Connected Resources tab, you can check the connection status information for Access Location, Segment Sharing, and Attachment.

Category

Detailed description

Access Location

Check the location information linked to the Segment

Click Add to add an Access Location entry

Click Delete to remove the selected Access Location entry

If the selected Access Location has an Attachment or multi-path rule attached, it cannot be deleted; you must first delete the linked resources before deletion is possible

If only one Access Location is configured for the Segment, that entry cannot be deleted; at least one Access Location must be configured

Segment Sharing

To connect between different projects, you can request a Segment Sharing connection

Click Create Sharing to add a Segment sharing item

Sharing can only be created between the same service levels

Click Approve in the list to approve the connection request

Click Delete to remove the selected item

Attachment connection

In Segment, you can request to connect an Attachment created in the same project

Click Approve in the list to approve the connection request

The Transit Gateway of Samsung Cloud Platform must be pre‑created in the Transit Gateway menu, then attached (* Transit Gateway Attachment will be available after March 2027)

Table. Segment linked resources tab items

Multiple Paths

In the Multi-Path tab, you can add or remove optional path rules for multi-path.

Reference

The multi-path feature is scheduled to be available after July 2026.

Add Multi-Path Rule

To add a multi-path rule, follow these steps.

All Services > Networking > Cloud WAN menu, click. 1. Navigate to the Service Home page of Cloud WAN.
On the Service Home page, click the Segment menu. 2. Segment list Go to the page.
Segment List page, click the resource to view detailed information. 3. Go to the Segment Details page.
On the Segment Details page, click the Multiple Paths tab.
Click the Add Rule button on the Multi-Path tab page. 5. The add rule popup appears.

Enter the detailed information in the popup window and click Confirm.

Category	required status	Detailed description
Departure Access Location	Essential	Select the source location information of the multipath rule
Source IP range	Essential	Enter the source IP range When entering an IP address, register the IP range in CIDR format (e.g., 192.168.10.0/24)
Destination IP range	Essential	Enter destination IP range When entering an IP address, register the IP range in CIDR format (e.g., 192.168.10.0/24) Cannot set both source IP range and destination IP range to 0.0.0.0/0
protocol	Selection	Select protocol
Port direction	Selection	Select the port direction for the chosen protocol
Port number	Select	If TCP or UDP protocol is selected, enter the port number Allowed range: 1 - 65,535 Port numbers can be entered up to a maximum of 5, separated by commas (e.g., 80, 443)
Explanation	Selection	Enter multiple path rule description

Table. Multiple path rule addition input items

Caution

If you enter information identical to an already registered rule, you cannot register it as a new multi‑path rule.
You can apply for up to 20 multi-path rules.

Checking Multiple Path Rules

To verify the multi-path rule, follow the steps below.

Click the All Services > Networking > Cloud WAN menu. 1. Navigate to the Service Home page of Cloud WAN.
On the Service Home page, click the Segment menu. 2. Go to the Segment list page.
Segment List page, click the resource to view detailed information. 3. Go to the Segment Details page.
Segment Details on the page, click the Multiple Paths tab.

Multi-Path tab page, view detailed information.

Category	Detailed description
Departure Access Location	Source location information of the multi‑path rule
Source IP range	Source IP range
Destination IP range	Destination IP range
protocol	Protocol information
Port direction	Protocol port direction
Port number	Port numbers of TCP and UDP protocols
Explanation	Explanation of multi-path rule

Table. Multi-path rule detailed information items

Reference

If you click the Detailed Search button on the right side of the rule list, you can set search filters and perform a search.

You can quickly view multiple rules by searching with the desired filter among Source Access Location, Source IP, Destination IP, and Description.

Delete Multi-Path Rule

To delete a multi-path rule, follow these steps.

All Services > Networking > Cloud WAN menu, click. 1. Navigate to the Service Home page of Cloud WAN.
On the Service Home page, click the Segment menu. 2. Segment list Go to the page.
Segment List page, click the resource to view detailed information. 3. Go to the Segment Details page.
On the Segment Details page, click the Multiple Paths tab.
On the Multi-path tab page, click the Delete button. 5. The rule will be deleted.

Job History

Job History tab allows you to view the job history of the selected resource.

Category

Detailed description

Task History List

Resource change history

You can view the operation date/time, resource type, resource name, operation details, operation result, operator name, and path information

To perform an advanced search, click the Advanced Search button

Table. Segment operation history tab detailed information items

Delete Segment

Deleting unused Segments can reduce operating costs.

Caution

You cannot delete it if there is an attachment connected to the segment, or if segment sharing or multiple path rules exist. * Delete the connected resources first, then terminate the service.
If the service status of a Segment is Creating, Deleting, Inactive, or Failed, the service cannot be deleted.

To delete a Segment, follow these steps.

All Services > Networking > Cloud WAN menu, click it. 1. Navigate to the Service Home page of Cloud WAN.
On the Service Home page, click the Segment menu. 2. Go to the Segment list page.
Segment list page, click the resource you want to delete. 3. Go to the Segment Details page.
On the Segment Details page, click the Delete Segment button.
After deletion is complete, check the resource deletion status in the Segment list.

Create Attachment

You can create and use the Attachment service in the Samsung Cloud Platform Console.

Caution

You can request up to 50 attachments per segment.

To create an Attachment, follow these steps.

Click the All Services > Networking > Cloud WAN menu. 1. Navigate to the Service Home page of Cloud WAN.
From the Service Home page dropdown, click the Create Attachment button. 2. Navigate to the Create Attachment page.

On the Attachment creation page, enter the information required to create the service and select detailed options.

In the Service Information Input area, enter or select the required information.

Category	required status	Detailed description
Cloud WAN Network name	Required	Select the Cloud WAN Network to request the Attachment Click +New creation to create a Cloud WAN Network and then select it
Segment name	Select	Select the Segment to attach the Attachment +Create New when clicked, a Segment is created and selected
Access Location	Required	Select the location connected to the Segment
Connection type	Required	Site Connect Detailed connection information settings Attachment name: Enter attachment name ASN information: Enter ASN information within the range 1-65,534. Note that 65,001 cannot be used Port capacity: Select port capacity BGP Password: Enter the password to be used for BGP (Border Gateway Protocol) when configuring BGP routing with the customer’s Customer Edge equipment When establishing a Site Connect connection, additional CE router and SR tasks are performed, taking several days until final connection
Connection type	Required	Select a connectable Transit Gateway (available after March 2027) When selecting an Access Location with Multi-AZ enabled, only Transit Gateway can be set in the connection type Only Transit Gateway items within the same project are displayed TGW items that already have a TGW Peering connection or an Attachment connection are not shown in the list When a TGW item is selected, the Attachment name is generated automatically

Table. Attachment service information input fields

Additional Information Input area, enter or select the required information.
Category
required status
Detailed description
Explanation Select Enter description for Attachment
tag Select Add tags
Up to 50 tags can be added per resource
Table. Attachment additional information input fields

In the summary panel, verify the service information and estimated charges, then click the Create button.
- After creation is complete, check the created resources on the Attachment List page.

Check attachment details

Attachment can be viewed and edited in the Attachment menu, where you can see the full resource list and detailed information. The Attachment Details page consists of the Details, Tags, and Work History tabs.

To view the detailed information of the Attachment, follow the steps below.

Click the All Services > Networking > Cloud WAN menu. 1. Navigate to the Service Home page of Cloud WAN.
On the Service Home page, click the Attachment menu. 2. Go to the Attachment List page.

On the Attachment list page, click the resource to view detailed information. 3. Navigate to the Attachment Details page.

Attachment Details page displays status information and additional feature information, and is composed of Details, Tags, Activity History tabs.

Category

Detailed description

status

Current service status

Creating: Creating service

Active: Service operating normally

Requesting: Service request in progress, Attachment request can be canceled

Deleting: Service deletion request in progress

Failed: Service creation failed

Error: An unknown error occurred in the service

Delete Attachment

Attachment Delete Button

Table. Attachment status information and additional feature items

Detailed Information

Detailed Information tab allows you to view the detailed information of the selected Attachment.

Category	Detailed description
service	Service name
Resource Type	Resource type (Attachment)
SRN	Unique resource ID in Samsung Cloud Platform
Resource name	Resource Name
Resource ID	Unique resource ID in the service
Constructor	Service creation request user
Creation date and time	Service creation date and time
Modifier	Service modification request user
Modification date	Service modification date and time
Attachment name	Attachment name
Segment name	Name of the Segment linked to the Attachment
Access Location	Attachment connection point (Access Location)
Connection type	Attachment connection type (Site Connect or Transit Gateway)
ASN information	When selecting Site Connect, the AS Number entered directly by the user is set to a value within the range 1~65,534, and 65,001 cannot be used
Port capacity	Port capacity configured when selecting Site Connect
BGP Password	The BGP password entered when selecting Site Connect View button click opens a popup where you can enter the Samsung Cloud Platform Console password and then verify the BGP password Edit icon click allows password change; after changing, the BGP password must also be updated on connected devices
Explanation	Description of the attachment Edit icon can be clicked to edit the description

Table. Attachment detailed information tab items

Job History

Job History tab allows you to view the job history of the selected resource.

Category

Detailed description

Task History List

Resource change history

You can view operation date/time, resource type, resource name, operation details, operation result, operator name, and path information

To perform an advanced search, click the Advanced Search button

Table. Attachment work history tab detailed information items

Delete Attachment

Deleting unused Attachment can reduce operating costs.

To delete the attachment, follow these steps.

All Services > Networking > Cloud WAN Click the menu. 1. Navigate to the Service Home page of Cloud WAN.
On the Service Home page, click the Attachment menu. 2. Go to the Attachment list page.
Attachment List page, click the resource you want to delete. 3. Navigate to the Attachment Details page.
On the Attachment Details page, click the Attachment Delete button.
After deletion is complete, check the resource deletion status in the Attachment list.

11.3 - Release Note

Cloud WAN

2026.05.21

FEATURE Add BGP Password setting feature when connecting Site

Cloud WAN > Attachment > Site Connect When you select this type, the BGP Password configuration feature is added when setting up BGP routing with the customer’s Customer Edge equipment.

2025.07.01

NEW Official release of Cloud WAN service

Samsung Cloud Platform has launched the Cloud WAN service that provides network connectivity between global regions and customer sites.

12 - SASE

12.1 - Overview

Service Overview

SASE is a service that integrates network and security functions on a cloud basis, allowing users to securely access corporate assets and applications from anywhere. It routes traffic via optimal paths and provides consistent security services for both internal and external environments through SASE points of presence located in Samsung Cloud Platform global regions.

Features

Global SASE Fabric: We continuously expand service coverage upon customer demand by linking SASE hubs that utilize the systematic Samsung SDS Global network infrastructure with vPOPs prepared across all regions.
All in One Security: It covers a security layer that includes advanced SSL/TLS analysis, sophisticated application awareness/policy, and AI/ML‑based real‑time behavior analysis within a single solution, optimizing operational complexity and performance.
Network/Security Unification: By delivering network and security integrated on a single operating system based on a unified architecture, traffic is processed swiftly.
End to End Full Managed: Provide the required infrastructure for connecting customer sites as a packaged solution under a single contract, and deliver comprehensive operational services ranging from monitoring to incident notification and reporting.

Service Architecture Diagram

SASE hub: Configure a gateway and control unit in Samsung SDS Global POP and CSP vPOP to provide network connectivity and security functions
SASE circuit: Physical circuit connecting the customer site and the SASE hub, configured as an SD‑WAN or VPN over internet/MPLS/dedicated line
SASE Edge: Customer edge device for connecting to the SASE circuit, using a router/SD‑WAN device/VPN device on‑premises and a PC/mobile or similar customer‑owned endpoint device off‑premises.

Provided features

The SASE service provides the following features.

WAN Edge Network
- Provide intra- and inter-region communication between various edge devices (SD-WAN devices, routers, VPN devices, PC, Mobile, etc.)
- Providing optimal application-specific routes using SD-WAN
- Provides traffic control (QoS) and TCP acceleration capabilities for high-quality networks.
SSE(Secure Service Edge) security
- ZTNA: Provide least privilege, security, and private connections for internal applications
- SWG: Provides gateway security to protect internal users from insecure traffic such as that on the Internet.
- CASB: Provides the ability to apply corporate security policies between users and cloud applications.
- FWaaS : Provides inspection and control of all service traffic through a cloud-based firewall
  - RBI, DLP, SANDBOX, etc. provide additional advanced security features
Unified Orchestrator and DEM(Digital Experience Monitoring)
- Integrated network and security management for cloud, on-premises, and edge devices
- Monitoring of user experience (identifying issues such as network performance degradation, app interruptions, and determining their causes)

Constraints

The constraints of the SASE service are as follows.

Service is unavailable in the China region, but will be offered in the future.

Provision status by region

SASE is available in the environments below.

Region	Provision status
Korea West (kr-west1)	Provided
Korea East (kr-east1)	Not provided
South Korea 1 (kr-south1)	Not provided
South Korea South 2 (kr-south2)	Not provided
South Korea 3 (kr-south3)	Not provided

Table. SASE regional availability status

Prior Service

SASE has no preceding service.

12.2 - How-to guides

Users can create the SASE service by entering the required information and selecting detailed options through the Samsung Cloud Platform Console.

Create SASE

You can create and use SASE services in the Samsung Cloud Platform Console.

To request the creation of a SASE service, follow these steps.

Click the All Services > Networking > SASE menu. Navigate to the Service Home page of SASE.
On the Service Home page, click the Create SASE button. You will be taken to the Create SASE page.

On the SASE creation page, enter the information required to create the service.

Enter the required information in the Service Information Input area.

Category	Required status	Detailed description
SASE name	Required	SASE name to be used by the user Enter using letters and numbers, 3-20 characters
Service level	Required	Select SASE service level
Service Type	Required	Select SASE service type Agent type: Enter the number of agents to use in increments of 10, within 1-10,000 Edge type: Choose whether to enable inter‑region connections, and select the upstream country and connection bandwidth for the site Click ‘+’ to add up to 10 items, click ‘X’ to delete an item
Contract period	Required	Select SASE contract period
Other requests	option	Enter request details when applying for SASE service

Table. SASE Service Information Input Items

Check the detailed information and estimated charges generated in the summary panel, and click the Create button.
- When creation is complete, check the created resource on the Resource List page.

Check SASE detailed information

The SASE service can view and edit the full resource list and detailed information from the SASE menu. The SASE Details page consists of Details, Activity Log tabs.

To view detailed information about SASE, follow these steps.

Click the All Services > Networking > SASE menu. Navigate to SASE’s Service Home page.
On the Service Home page, click the SASE menu. You will be taken to the SASE List page.

On the SASE List page, click the resource to view detailed information. You will be taken to the SASE Details page.

SASE Details page displays status information and additional feature information, and consists of Detailed Information, Work History tabs.

Category

Detailed description

status

Current service status

Request: Service request in progress

Creating: Service registration completed

Active: Service approved and successfully created

Deleting: Service termination request in progress

Previous state change

Previous state change button

In Creating, Active, Deleting states, it is possible to change to the previous state

Service termination

Cancel Service button

Table. SASE status information and additional feature items

Detailed Information

Detailed Information tab lets you view the detailed information of the selected SASE.

Category	Detailed description
Service	Service name
Resource Type	Resource Type (SASE)
SRN	Unique resource ID in Samsung Cloud Platform
Resource name	Resource name
Resource ID	Unique resource ID in the service
Constructor	User requesting service creation
Creation date and time	Service creation date and time
Editor	User requesting service modification
Modification date	Service modification date/time
Service Details	SASE service selection items Click the edit icon to modify each service detail item
Service level	SASE service level Click the edit icon to modify the service level
Contract period	SASE Service Commitment Period
Other requests	SASE service request Click the edit icon to modify the request

Table. SASE detailed information tab items

Job History

Work History tab allows you to view the operation history of the selected resource.

Category

Detailed description

Task History List

Resource Change History

You can view the operation date and time, resource type, resource name, operation details, operation result, and operator name.

To perform an advanced search, click the Advanced Search button.

Table. SASE operation history tab detailed information items

Terminate SASE

If you cancel unused SASE, you can reduce operating costs.

Caution

If a SASE Lastmile resource is connected, you cannot cancel the SASE service. Delete the connected SASE Lastmile first.

To cancel SASE, follow the steps below.

Click the All Services > Networking > SASE menu. Navigate to the Service Home page of SASE.
On the Service Home page, click the SASE menu. You will be taken to the SASE List page.
SASE List page, click the resource to cancel. You will be taken to the SASE Details page.
On the SASE Details page, click the Service Termination button.
When the termination is complete, check the resource termination status in the SASE list.

12.2.1 - SASE Lastmile

Users can create the service by entering the required information for the SASE Lastmile service and selecting detailed options through the Samsung Cloud Platform Console.

Create SASE Lastmile

You can create and use the SASE Lastmile service in the Samsung Cloud Platform Console.

To request the creation of a SASE Lastmile service, follow these steps.

Click the All Services > Networking > SASE menu. Navigate to the Service Home page of SASE.
On the Service Home page, click the SASE Lastmile Create button. It navigates to the SASE Lastmile Create page.

On the SASE Lastmile Creation page, enter the information required to create the service.

Enter the required information in the Service Information Input area.

Category

Required status

Detailed description

SASE name

Required

Select the SASE service to use

Click + New Creation to create a SASE service and then select it

Site

Required

Select detailed items for the SASE site to use

Site name: Select the site to use

Connection bandwidth, Parent country: Automatically fill in selected SASE information

Circuit: Apply then select circuit1, circuit2

Customer Edge: Apply then select Customer Edge1, Customer Edge2

Table. SASE Lastmile Service Information Input Items

Verify the detailed information and estimated charges generated in the summary panel, and click the Create button.
- After creation is complete, check the created resource on the Resource List page.

Check detailed information of SASE Lastmile

The SASE Lastmile service can view and edit the full resource list and detailed information from the SASE Lastmile menu. The SASE Lastmile Details page consists of Detail Information, Task History tabs.

To view detailed information about SASE Lastmile, follow these steps.

Click the All Services > Networking > SASE menu. Navigate to the Service Home page of SASE.
On the Service Home page, click the SASE Lastmile menu. You will be taken to the SASE Lastmile List page.

SASE Lastmile List page, click the resource to view detailed information. You will be taken to the SASE Lastmile Details page.

SASE Lastmile Details page displays status information and additional feature information, and consists of Details, Work History tabs.

Category

Detailed description

status

Current service status

Request: Service request in progress

Creating: Service request completed

Active: Service approved and successfully created

Deleting: Service termination request in progress

Previous state change

Previous state change button

In Creating, Active, Deleting states, it is possible to revert to the previous state

Delete SASE Lastmile

Cancel Service button

Table. SASE Lastmile status information and additional feature items

Detailed Information

Detailed Information tab allows you to view detailed information of the selected SASE Lastmile.

Category	Detailed description
Service	Service name
Resource Type	Resource Type (SASE Lastmile)
SRN	Unique resource ID in Samsung Cloud Platform
Resource name	Resource Name
Resource ID	Unique resource ID in the service
Constructor	Service creation request user
Creation date and time	Service creation date and time
Editor	Service modification request user
Modification date	Service modification date and time
Site	Site configuration information Click the edit icon to modify the Site settings

Table. SASE Lastmile detailed information tab items

Job History

Work History tab allows you to view the operation history of the selected resource.

Category

Detailed description

Task History List

Resource Change History

You can view the operation date and time, resource type, resource name, operation details, operation result, operator name, and path information

To perform an advanced search, click the Advanced Search button

Table. Detailed information items for the SASE Lastmile job history tab

Terminate SASE Lastmile

If you cancel the unused SASE Lastmile, you can reduce operating costs.

To cancel SASE Lastmile, follow the steps below.

Click the All Services > Networking > SASE menu. Navigate to the Service Home page of SASE.
On the Service Home page, click the SASE Lastmile menu. You will be taken to the SASE Lastmile List page.
SASE Lastmile List page, click the resource to cancel. You will be taken to the SASE Lastmile Details page.
On the SASE Lastmile Details page, click the SASE Lastmile Delete button.
When the termination is complete, check the resource termination status in the SASE Lastmile list.

12.3 - Release Note

SASE

2026.03.19

FEATURE SASE service ledger creation automation

The automatic ledger creation feature via the Samsung Cloud Platform user console has been added.

2025.07.01

NEW Official release of SASE service

We have launched a SASE service that combines networking and security functions into a single cloud-based platform.

13 - Cloud Last Mile

13.1 - Overview

Service Overview

Cloud Last Mile is a service that provides Last Mile circuits for network connectivity from the customer’s site to the Samsung Cloud Platform region, as well as Customer Edge resources within the customer’s site. Resources installed and operated at the customer’s site can be easily requested through a service request in the Samsung Cloud Platform user console.

Features

Provision of Circuits and Edge Packages: We provide Last Mile circuits and Edge resources for connecting the customer’s site to external networks as a package, combining optimal equipment that matches the application types the customer primarily uses.
Various Edge Connection Types Provided: You can select virtual resources or physical equipment types, and choose from various functions needed for network connections such as routers, SD-WAN, WAN accelerators, firewalls, etc.
Provision of Last Mile line monitoring service: Samsung Cloud Platform region’s network equipment-connected Last Mile line connection status and traffic usage information can be conveniently checked using the monitoring service. The monitoring service is provided using NiO, Samsung SDS’s proprietary platform.

Service Architecture Diagram

Provided features

The Cloud Last Mile service provides the following features.

Last Mile line
- Line provision type: dedicated line or internet
- Upstream connection type: Cloud LAN - Data Center, On-Premise equipment in Samsung SDS data center
Customer Edge Resource Provisioning Type
- uCPE(VNF: Virtual Network Function): router, SD-WAN, WAN accelerator, firewall
- Physical equipment: SD-WAN
Last Mile line monitoring service
- Monitoring Last Mile line up/down status and traffic usage

Constraints

The constraints of the Cloud Last Mile service are as follows.

Since it is offered only as a package of the line and Edge equipment, the line or equipment cannot be provided separately.
Depending on the upstream country’s connection method, it may be necessary to set up customer-dedicated equipment within the Samsung Cloud Platform region.
When connecting to shared equipment in a higher-tier country, port fees may be charged depending on the associated product.

Provision status by region

Cloud Last Mile is available in the environments below.

Region	Provision status
Korea West (kr-west1)	Provide
Korea East (kr-east1)	Not provided
South Korea South 1 (kr-south1)	Not provided
South Korea South 2 (kr-south2)	Not provided
South Korea 3 (kr-south3)	Not provided

Table. Cloud Last Mile regional availability status

Prior Service

Cloud Last Mile has no prior service.

13.2 - How-to guides

Users can create the Cloud Last Mile service by entering the required information and selecting detailed options through the Samsung Cloud Platform Console.

Create Cloud Last Mile

You can create and use the Cloud Last Mile service in the Samsung Cloud Platform Console.

To request the creation of a Cloud Last Mile service, follow these steps.

Click the All Services > Networking > Cloud Last Mile menu. You will be taken to the Service Home page of Cloud Last Mile.
Click the Create Cloud Last Mile button on the Service Home page. You will be taken to the Create Cloud Last Mile page.

Enter the information required to create the service on the Cloud Last Mile Creation page.

Enter the required information in the Service Information Input area.

Category	Required status	Detailed description
Cloud Last Mile name	Required	Enter the Cloud Last Mile name the user will use using English letters and numbers, 3-20 characters
Installation area	Required	Select installation region for Cloud Last Mile
Installation address	Required	Enter Cloud Last Mile installation address
Contract period	Required	Select contract period for Cloud Last Mile service
Installation request date	Required	Select Cloud Last Mile installation request date Select a date at least two months after today in the calendar
Other requests	Option	Enter request details when applying for Cloud Last Mile service

Table. Cloud Last Mile service information entry items

Check the detailed information created in the summary panel and click the Create button.
- When creation is complete, check the created resource on the Resource List page.

Check detailed information of Cloud Last Mile

The Cloud Last Mile service allows you to view and edit the full resource list and detailed information from the Cloud Last Mile menu. The Cloud Last Mile Details page consists of Details, Connected Resources, and Task History tabs.

To view detailed information about Cloud Last Mile, follow these steps.

Click the All Services > Networking > Cloud Last Mile menu. You will be taken to the Service Home page of Cloud Last Mile.
From the Service Home page, click the Cloud Last Mile menu. You will be taken to the Cloud Last Mile List page.

Cloud Last Mile List page, click the resource to view detailed information. You will be taken to the Cloud Last Mile Detail page.

Cloud Last Mile Details page displays status information and additional feature information, and consists of Details, Connected Resources, Operation History tabs.

Category

Detailed description

status

Current service status

Request: Service request in progress

Creating: Service registration completed

Active: Service approved and successfully created

Service termination

Cancel Service button

Table. Cloud Last Mile status information and additional feature items

Detailed Information

In the Detailed Information tab, you can view the detailed information of the selected Cloud Last Mile.

Category	Detailed description
Service	Service name
Resource Type	Resource Type (Cloud Last Mile)
SRN	Unique resource ID in Samsung Cloud Platform
Resource name	Resource Name
Resource ID	Unique resource ID in the service
Constructor	User requesting service creation
Creation date and time	Service creation date and time
Editor	Service modification request user
Modification date and time	Service modification date and time
Service Details	Service detailed configuration information Click the edit icon to modify the service detailed configuration

Table. Cloud Last Mile detailed information tab items

Connected resources

In the Connected Resources tab, you can view the Circuit and Edge information linked to the selected Cloud Last Mile.

Category	Detailed description
Circuit and Edge ID	Circuit and Edge ID Information When ID is clicked, navigate to the Circuit and Edge detail page
Resource type	Circuit and Edge resource type
Connection type	Circuit and Edge connection type
Resource Details	Circuit and Edge resource detailed configuration information

Table. Cloud Last Mile Connected Resources Tab Items

Job History

In the Work History tab, you can view the operation history of the selected resource.

Category

Detailed description

Task History List

Resource Change History

You can view the operation date and time, resource type, resource name, operation details, operation result, operator name, and path information

To perform an advanced search, click the Advanced Search button

Table. Cloud Last Mile Work History Tab Detailed Information Items

Terminate Cloud Last Mile

If you cancel the unused Cloud Last Mile, you can reduce operating costs.

Caution

If a Circuit and Edge resource is connected, you cannot cancel the Cloud Last Mile service. Delete the connected Circuit and Edge first.

To cancel Cloud Last Mile, follow these steps.

Click the All Services > Networking > Cloud Last Mile menu. You will be taken to the Service Home page of Cloud Last Mile.
On the Service Home page, click the Cloud Last Mile menu. You will be taken to the Cloud Last Mile list page.
On the Cloud Last Mile List page, click the resource to be terminated. Proceed to the Cloud Last Mile Details page.
Click the Cancel Service button on the Cloud Last Mile Details page.
After termination is complete, check the resource termination status in the Cloud Last Mile list.

13.2.1 - Circuit and Edge

Users can create the service by entering the required information for the Circuit and Edge service through the Samsung Cloud Platform Console.

Create Circuit and Edge

You can create and use the Circuit and Edge service in the Samsung Cloud Platform Console.

To request the creation of a Circuit and Edge service, follow the steps below.

Click the All Services > Networking > Cloud Last Mile menu. Navigate to the Service Home page of Cloud Last Mile.
On the Service Home page, click the Create Circuit and Edge button. You will be taken to the Create Circuit and Edge page.

On the Circuit and Edge Creation page, enter the information required to create a service.

Enter the required information in the Service Information Input area.

Category	Required	Detailed description
Cloud Last Mile name	Required	Select the Cloud Last Mile service to use + New click to create a Cloud Last Mile service and then select it
Resource type	Required	Select resource type to use
Resource Type > Circuit	Required	Select the connection type of the circuit SD-WAN: Select the license to use VPN: Choose the line type and enter the line bandwidth Enter the line bandwidth within 1-1,000
Resource Type > Customer Edge	Required	Select usage type for Customer Edge Physical equipment: Select the manufacturer and performance of the physical equipment to use Virtual resources: Enter the Customer Edge name and select the type Select cCPE specifications Select use with up to three VNF functions, and choose the manufacturer and performance for each item

Table. Input fields for Circuit and Edge service information

Check the detailed information generated in the summary panel, and click the Create button.
- After creation is complete, check the created resource on the Resource List page.

Check detailed information for Circuit and Edge

The Circuit and Edge service allows you to view and edit the full resource list and detailed information from the Circuit and Edge menu. The Circuit and Edge Details page consists of Details, Activity Log tabs.

To view detailed information of Circuit and Edge, follow the steps below.

Click the All Services > Networking > Cloud Last Mile menu. You will be taken to the Service Home page of Cloud Last Mile.
On the Service Home page, click the Circuit and Edge menu. You will be taken to the Circuit and Edge list page.

Circuit and Edge List Click the resource to view detailed information on the page. Circuit and Edge Details page will be opened.

Circuit and Edge Details page displays status information and additional feature information, and consists of Details, Activity Log tabs.

Category

Detailed description

status

Current service status

Request: Service request in progress

Creating: Service registration completed

Active: Service approved and successfully created

Deleting: Service termination request in progress

Previous state change

Previous state change button

In Creating, Active, Deleting states, you can revert to the previous state

Delete Circuit and Edge

Cancel Service button

Table. Circuit and Edge status information and additional feature items

Detailed Information

Detailed Information tab allows you to view the detailed information of the selected Circuit and Edge.

Category	Detailed description
service	Service name
Resource Type	Resource Type (Circuit and Edge)
SRN	Unique resource ID in Samsung Cloud Platform
Resource name	Resource Name
Resource ID	Unique resource ID in the service
Constructor	User requesting service creation
Creation date and time	Service creation date and time
Editor	User requesting service modification
Modification date and time	Service modification date and time
Service Details	Service detailed configuration information Click the edit icon to modify the service detailed configuration

Table. Circuit and Edge detailed information tab items

Job History

In the Work History tab, you can view the operation history of the selected resource.

Category

Detailed description

Task History List

Resource Change History

You can view the operation date and time, resource type, resource name, operation details, operation result, operator name, and path information

To perform an advanced search, click the Advanced Search button

Table. Circuit and Edge Work History Tab Detailed Information Items

Terminate Circuit and Edge

If you cancel unused Circuit and Edge, you can reduce operating costs.

To cancel Circuit and Edge, follow the steps below.

Click the All Services > Networking > Cloud Last Mile menu. You will be taken to the Service Home page of Cloud Last Mile.
On the Service Home page, click the Circuit and Edge menu. You will be taken to the Circuit and Edge list page.
On the Circuit and Edge List page, click the resource to cancel. You will be taken to the Circuit and Edge Details page.
Circuit and Edge Details page, click the Circuit and Edge Delete button.
When termination is complete, check the resource termination status in the Circuit and Edge list.

13.3 - Release Note

Cloud Last Mile

2026.03.19

FEATURE Cloud Last Mile service ledger creation automation

The automatic ledger creation feature via the Samsung Cloud Platform user console has been added.

2025.07.01

NEW Cloud Last Mile Service Official Version Release

We have launched the Cloud Last Mile service, which provides a Last Mile line for network connectivity from the customer’s site to the Samsung Cloud Platform region and Customer Edge resources within the customer’s site.

14 - Global CDN

14.1 - Overview

Service Overview

Global CDN is a service that delivers static content stored on web servers or object storage to users more quickly and securely through numerous edge servers distributed across a global network. It distributes the load of the origin server during traffic spikes to protect the origin server, and by downloading content from nearby edge servers, it can provide users with fast and reliable web services.

Notice

Samsung Cloud Platform’s Global CDN service is provided through the services and infrastructure of the global CDN provider Akamai. Akamai informs that, in accordance with the Information and Communications Network Act, if it receives a list of url suspected of containing illegal information from the Broadcasting and Media Communications Commission, it may take measures to restrict user access to those url.

Features

Easy CDN Service Use: Through the web-based console of Samsung Cloud Platform, you can conveniently request Global CDN services. You can easily configure Samsung Cloud Platform’s origin server settings and the caching policy of Global CDN edge servers, enabling rapid content delivery service usage.
Service Availability Improvement: Even when many users request content simultaneously, generating excessive traffic, users can access content quickly without any degradation in usability thanks to edge servers distributed across multiple locations. Therefore, when used for tasks that require reliable global services, it ensures service availability.
Secure Content Usage: Supports HTTP, HTTPS, and HTTP/2 protocols, enabling content integration with various origin servers. When the cached content’s validity period expires or a validation check confirms changes to the origin content, the edge server’s existing cache is removed. Subsequently, when a user requests content, the new content from the origin server is cached, ensuring the user always receives valid, up-to-date content.
Efficient Cost Management: Even in work environments that require large-scale traffic, such as downloading massive files, stable service is possible without extensive resource usage. Additionally, Global CDN usage fees are charged only based on content consumption, enabling efficient cost management.

Service Architecture Diagram

Provided features

The Global CDN service provides the following features.

Original Settings: Set the location and path of the origin server, and by providing built‑in compression for origin content, reduce traffic and improve response speed.
Caching Settings: Set the cached content delivery policy and cache expiration time, and when the content’s validity period expires (TTL expiration), you can delete (Purge) the expired cached content on the edge server.
Content Protection: By communicating with the origin server via the HTTPS protocol, the security of the content delivery path is strengthened, and the powerful security features of the Global CDN network can protect content and users from DDoS attacks and web‑based attacks.

Component

Connection between the origin and the global CDN network

Category	Explanation
Original location and path configuration	Based on the main name or IP address, set the origin server’s location, protocol, port number, and file path to connect the origin to the Global CDN network
Forward host header	Configure the Host header value that the Global CDN forwards to the user when requesting the origin server.
Cache key hostname	Configure cache key information to identify content on the Global CDN Edge server
Custom header(request)	Set whether to use custom header

Table. Connection settings between the origin and the global CDN network

Caching in a Global CDN Network

Category	description
Caching options	Configuring caching options on a global CDN network using the origin server’s Cache-Control and expiration times
Content Delivery Policy	Setting a transmission policy based on validity after TTL expiration
Cache expiration time	Set expiration time for cached content
Detailed policy	Configure usage of Ignore query string, Range request, Custom header

Table. Caching settings in the global CDN network

Constraints

The constraints of the Global CDN service are as follows.

Category	description
Maximum number of domains that can be created per account	20

Table. Global CDN constraints

Provision status by region

Global CDN is available in the environments listed below.

Region	Provision status
Korea West (kr-west1)	Provided
Korea East (kr-east1)	Provided
South Korea South 1 (kr-south1)	Not provided
South Korea 2 (kr-south2)	Not provided
South Korea 3 (kr-south3)	Not provided

Table. Global CDN Availability by Region

Prior Service

The Global CDN service has no prerequisite services.

14.1.1 - ServiceWatch Metrics

Global CDN sends metrics to ServiceWatch. The metrics provided by default monitoring are data collected at 5‑minute intervals.

Reference

To view metrics in ServiceWatch, refer to the ServiceWatch guide.

Basic Metrics

The following are the basic metrics for the Global CDN namespace.

The indicators whose names are displayed in bold below are the key indicators selected from the basic metrics provided by Global CDN. Key metrics are used to configure service dashboards that are automatically built for each service in ServiceWatch.

Each metric provides guidance in the user guide on which statistical value is meaningful when viewing that metric, and among the meaningful statistics, the values displayed in bold text are the primary statistics. In the service dashboard, primary metrics can be viewed using the primary statistical values.

Performance items

Detailed description

unit

Meaningful statistics

cdn.data.transmitted.bytes.total

Data transferred via the CDN service

Bytes

Total

Average

Maximum

Minimum

cdn.requests.hits.total

Number of service requests received through the CDN service

Count

Total

Average

Maximum

Minimum

Table. Global CDN Basic Metrics

14.2 - How-to guides

Users can create the service by entering the required information for the Global CDN service and selecting detailed options through the Samsung Cloud Platform Console.

Create Global CDN

You can create and use the Global CDN service in the Samsung Cloud Platform Console.

Reference

To use the Global CDN service, you need to add allow rules to the firewall and security group of the origin server.

To request the creation of a Global CDN service, follow these steps.

Click the All Services > Networking > Global CDN menu. Go to the Service Home page.
On the Service Home page, click the Global CDN Create button. You will be taken to the Global CDN Create page.

On the Global CDN Creation page, enter the information required to create the service and select detailed options.

Enter or select the required information in the Service Information Input area.
Category
Required status
Detailed description
CDN name Required Enter the Global CDN name to use
Cannot use the same name as an existing one
CDN domain Required Enter the domain name of the Global CDN to use
Table. Global CDN Service Information Input Items

Enter or select the required information in the Original Settings area.

Category	Required	Detailed description
Original location > domain or IP	Required	Enter the origin server location Enter the domain name (recommended) or the origin server’s public IP directly
Source location > Protocol	Required	Select protocol to use The service protocol and the source protocol must be set identically
Original location > Port number	Required	Enter one source port to use Allowed source ports: 72, 80-89, 443, 488, 591, 777, 1080, 1088, 1111, 1443, 2080, 7001, 7070, 7612, 7777, 8000-9001, 9090, 9901-9908, 11080-11110, 12900-12949, 45002
Original path	Select	Enter the directory path of the original file Example: /aaa/bbb/ccc/
Forward host header	Required	Set the Host header value delivered to the user when requesting the origin server from the Global CDN Incoming host header: service domain name Origin host name: origin domain name Custom Value: Enter the domain name directly in the standard domain format, such as www.abc.com
Cache key hostname	Required	Configure cache key information to identify content on the Global CDN Edge server Incoming host header: Use the domain the user accesses as the cache key Origin hostname: Use the configured origin domain as the cache key
Custom header (request)	Selection	When the Global CDN Edge server requests the origin server, change a specific Header Select Use to enter Header name and Header value Add items with the (+) button and delete with the (X) button Up to 10 entries can be entered

Table. Global CDN origin configuration input fields

Reference

You can request multiple Global CDN services from a single Account.
In the Global CDN service, only one origin location can be set.

Enter or select the required information in the Caching Settings area. Decide how to handle the Cache header delivered to the Global CDN Edge server.

Category	Required	Detailed description
Caching options	Required	Set the caching policy applied to all content delivered to the Global CDN Edge server (recommended: Honor origin cache-control and expires) Honor origin cache-control and expires: Follows both the origin’s cache-control and expiration policies Cache: Follows the Global CDN provider’s policy Honor origin expires: Follows the origin’s expiration time policy Honor origin cache-control: Follows the origin server’s cache control policy
Content Delivery Policy	Required	Validate content authenticity with the origin server from the Global CDN Edge server Provide only valid content: Configure not to send when TTL expires (recommended) Provide all cached content: Provide all cached content regardless of TTL expiration
Cache expiration time	Required	Enter the expiration time for cached content on the Global CDN Edge Enter a value between 3,600 – 2,592,000 seconds
Ignore query string	Selection	Set whether to use the query string when applying the caching policy Use setting ignores the query sting
Allow range request	Selection	Provides large file optimization for objects larger than 100 MB Use when enabled, supports optimization up to 1.8 GB
Custom header (response)	Select	Change a specific Header when requesting the origin server from the Global CDN Edge server using setting, enter Header name and Header value (+) button to add items, and (X) button to delete Up to 10 entries can be entered

Table. Global CDN caching configuration input fields

In the Additional Information Input area, enter or select the required information.
Category
Required
Detailed description
tag Select Add Tag
Up to 50 can be added per resource
After clicking the Add Tag button, enter or select Key, Value values
Table. Global CDN additional information input fields

Check the application details and click the Create button.
- When creation is complete, check the created resource on the Global CDN List page.

Check Global CDN detailed information

The Global CDN service allows you to view and edit the full resource list and detailed information. Global CDN Detail page consists of Detailed Information, Tags, Activity Log tabs.

To view detailed information about the Global CDN, follow these steps.

Click the All Services > Networking > Global CDN menu. Navigate to the Service Home page of Global CDN.
On the Service Home page, click the Global CDN menu. You will be taken to the Global CDN List page.

On the Global CDN List page, click the resource to view detailed information. You will be taken to the Global CDN Details page.

Global CDN Details page displays the status and detailed information of Global CDN, and consists of Details, Tags, Activity History tabs.

Category	Detailed description
Service status	Status of Global CDN Creating: Creating / when Global CDN starts Active: Creation complete / operating, information can be modified Inactive/Pending: Operation stopped Aborted: Failed to activate after Property creation Stopped/stopping: Operation halted / halting Editing: Changing settings Starting: Starting Deleting: Terminating Mismatching: When the version of the Console and the Global CDN partner differ Error: Error occurred
Start	Start Service button
Stop	Stop Service button
Apply Purge	Apply Purger feature button
Service termination	Button to cancel Global CDN

Table. Global CDN status information and additional features

Detailed Information

Global CDN List page allows you to view detailed information of the selected resource and edit the information if needed.

Category	Detailed description
Service	service name
Resource Type	Resource Type
SRN	Unique resource ID in Samsung Cloud Platform
Resource name	Resource Name
Resource ID	Unique resource ID in the service
Constructor	User who created the service
Creation date and time	Service creation timestamp
Editor	User who edited the service information
Modification date	Date and time the service information was modified
CDN name	CDN name
CDN domain	CDN domain information
CDN configuration version	Configuration (Property) information applied to the Global CDN service If the Property version and the active version retrieved from the Global CDN partner differ, it cannot be controlled from the Console. Activating the version verified in the Console enables full functionality.
description	Additional description entered by the user Click the Edit icon to enable editing
Original settings	Entered CDN origin information You can view the origin location, protocol, port number, origin path, forward host header, cache key hostname, and custom header (request) details
Caching Settings	Entered CDN description caching options, content delivery policies, cache expiration time, ignore query string, allow range requests, and custom header (response) details can be viewed

Table. Global CDN detailed information tab items

Job History

On the Global CDN List page, you can view the operation history of the selected resource.

Category

Detailed description

Task History List

Resource Change History

You can view operation details, operation time, resource type, resource name, operation result, and operator information

Operation History List When you click the corresponding resource in the list, the Operation History Details popup opens

Table. Global CDN operation history tab items

Change Global CDN Settings

You can change and apply the Global CDN service settings.

To change the Global CDN settings, follow the steps below.

Click the All Services > Networking > Global CDN menu. Navigate to the Service Home page of Global CDN.
On the Service Home page, click the Global CDN menu. You will be taken to the Global CDN List page.
On the Global CDN List page, click the resource to view detailed information. You will be taken to the Global CDN Details page.
On the Global CDN Details page, click the Edit button. You will be taken to the Global CDN Edit page.
Global CDN Edit page, modify the desired information and click Done. An edit notification window will appear.
Click Confirm in the alert dialog. The service information update is complete.

Control Global CDN Operation

You can stop or restart the Global CDN service.

To control the operation of the Global CDN, follow these steps.

Click the All Services > Networking > Global CDN menu. Navigate to the Service Home page of Global CDN.
On the Service Home page, click the Global CDN menu. You will be taken to the Global CDN List page.
On the Global CDN List page, click the resource to view detailed information. You will be taken to the Global CDN Details page.
On the Global CDN Details page, click the control button. It controls the service operation.
- Start: Run the Global CDN service.
- Stop: Stops the operation of the Global CDN service.

Caution

Starting or stopping the service takes more than an hour to propagate worldwide.
If you stop the service, the provision of the service domain will be discontinued. Be careful when using the service stop function.

Applying Global CDN Purge

Purge is a feature that forcibly deletes content cached on CDN Edge servers. If the content is modified before the object expires, you can use Purge to delete the existing content on the CDN Edge and then configure it to be refreshed with the new content.

Caution

When a purge is applied, all content stored on the CDN edge is deleted, which may cause simultaneous content requests from the CDN edge to the origin.
Executing a purge can increase requests to the origin server, potentially causing load. Exercise caution when applying a purge.

To apply a purge to the Global CDN, follow the steps below.

Click the All Services > Networking > Global CDN menu. Navigate to the Service Home page of Global CDN.
On the Service Home page, click the Global CDN menu. You will be taken to the Global CDN List page.
On the Global CDN List page, click the resource to view detailed information. You will be taken to the Global CDN Details page.
On the Global CDN Details page, click the Apply Purge button. The Apply Purge window opens.
In the Purge settings window, configure the detailed items and click OK. An edit notification window will open.
- Content Selection: Select the type of content to which Purge will be applied.
- Path Information Input: When Full Domain is selected, the configured domain information is displayed, and when Path Input is selected, you can directly enter the path excluding the domain.
Click OK in the alert dialog. The purge will be applied.

Terminate Global CDN

You can request termination of the Global CDN service in the Samsung Cloud Platform Console.

Caution

Global CDN can only be canceled when it is in a stopped state. To cancel the product, first click the Stop button to change its status.

To request termination of the Global CDN service, follow the steps below.

Click the All Services > Networking > Global CDN menu. Navigate to the Service Home page of Global CDN.
On the Service Home page, click the Global CDN menu. You will be taken to the Global CDN List page.
On the Global CDN List page, click the resource to view detailed information. You will be taken to the Global CDN Details page.
On the Global CDN Details page, click the Cancel Service button.
After the termination is complete, check the service termination status in the Global CDN list.

14.3 - API Reference

API Reference

14.4 - CLI Reference

CLI Reference

14.5 - Release Note

Global CDN

2026.03.19

FEATURE Global CDN feature improvement

By integrating with Service Watch, you can view measurement values for the following two items.
- Check Global CDN status
- Check Global CDN processed data volume
  - Data from 30 minutes ago is displayed due to the processing time of external CDN network traffic.

2025.07.01

NEW Official release of Global CDN service

We have launched a Global CDN service that delivers static content stored on web servers or object storage to users more quickly and securely via edge servers distributed across the global network.

15 - GSLB

15.1 - Overview

Service Overview

GSLB (Global Server Load Balancing) automatically distributes network traffic to an available adjacent region based on DNS when traffic increases in a specific global area. When a specific server fails, we load‑balance network traffic to an available new resource to ensure the service continues reliably.

Features

Stable Service Provision: By using the health check function (Health Check) that verifies the normal operation of connected resources, if a failure occurs on a specific server, the resource is immediately Fail over and removed from domain responses, redirecting traffic to other resources to provide stable service.
Easy Service Port Configuration: Through the web-based console, you can conveniently create GSLB and set/manage service ports. For L4-level load balancing, multiple ports can be configured (e.g., 80, 443, 8080-8090), and you can apply and manage several load balancing rules simultaneously.
Efficient Cost Management: Because the billing method is granularly applied so that fees are determined based on the number of configured domains, the number of added Health Check resources, and the number of queries, costs can be managed efficiently.

Service Architecture Diagram

Provided features

The GSLB service provides the following features.

GSLB Creation/Management: You can register multiple resources to a single GSLB.
Load Balancing Algorithm Selection: Provides the Ratio method, which distributes traffic proportionally to the weight (Weight) of each connection target, and the Round Robin method, which cycles traffic and distributes it evenly.
Health Check Settings: check interval (Interval), service down detection time (Timeout), response wait time (Probe Timeout), protocols (ICMP, TCP, HTTP, HTTPS), and service ports can be configured.

Constraints

The limitations of the GSLB service are as follows.

Category	Explanation
Maximum number of domains that can be created per account	20
Maximum number of connectable resources per domain	8

Table. GSLB constraints

Reference

For GSLB to monitor the target, an allow rule must be added to the target resource’s firewall and security group.

Provision status by region

The GSLB service is available in the environments below.

Region	Provision status
Korea West (kr-west1)	Provide
Korea East (kr-east1)	Provided
South Korea South 1 (kr-south1)	Not provided
South Korea 2 (kr-south2)	Not provided
South Korea South 3 (kr-south3)	Not provided

Table. GSLB provision status by region

Preliminary Service

The GSLB service has no prerequisite services.

15.2 - How-to guides

Users can create the service by entering the required information for the GSLB service and selecting detailed options through the Samsung Cloud Platform Console.

Create GSLB

You can create and use a GSLB service in the Samsung Cloud Platform Console.

To request the creation of a GSLB service, follow these steps.

All Services > Networking > GSLB Click the menu. You will be taken to the Service Home page.
On the Service Home page, click the Create GSLB button. You will be taken to the Create GSLB page.

On the GSLB Creation page, enter the information required to create a service and select detailed options.

Enter or select the required information in the Service Information Input area.

Category	Required status	Detailed description
Purpose	Required	Automatically input PUBLIC when creating GSLB
domain name	Required	Enter the GSLB domain name to use Enter using lowercase English letters and numbers, between 4 and 40 characters Cannot use the same name as an existing one
Add connection target > IP	Required	Enter the target IP address
Add connection target > Location	Required	Select the location to perform monitoring for the connection target It is recommended to specify a location close to the IP server
Add connection target > Description	Select	Enter additional information or description about the connection target
Add connection target > Connection target list	Required	Display added target IP, location, and description entries Enter target IP, location, and description, then click the Add button to add the entry Up to 8 target connections can be added to a single GSLB service Click x to remove an entry from the list, click the Delete All button to remove all entries from the list

Table. GSLB Service Information Input Items

Enter or select the required information in the Connection Target Monitoring Settings area.

Category	Required	Detailed description
Health Check	Required	Select the protocol type for health check ICMP, TCP, HTTP, HTTPS can be selected (recommended to use HTTPS for security)
Interval	Required	Enter the time interval (seconds) for performing health checks.
Timeout	Required	Enter the waiting time (seconds) to determine the server’s status (UP or DOWN) during a health check.
Probe Timeout	Required	Enter the response timeout (seconds) Enter the domain name (recommended) or the origin server’s public IP directly
Service Port	Required	When using TCP/HTTP/HTTPS protocols, enter the port to be used for health checks Enter the domain name (recommended) or directly input the origin server’s public IP
User Name	Select	Enter the username to use when authentication is required for health check communication when using the HTTP/HTTPS protocol.
Password	Select	Enter the password to use when authentication is required for health check communication while using the HTTP/HTTPS protocol Include English letters, numbers, and special characters (@$!%*#?&) and enter it within 8 - 20 characters
Send String	Selection	When using the HTTP/HTTPS protocol, enter the string to be sent when checking a specific web page Example) GET /www/example/index.html For HTTP 1.0/1.1, use /r/n for line breaks, and special characters (<, >, #) cannot be used in the string
Receive String	Required	When using the HTTP/HTTPS protocol, enter the string to be received as a health‑check response The string must contain only English letters (uppercase and lowercase) and numbers

Table. GSLB connection target monitoring configuration input items

Enter or select the required information in the Load Balancing Policy Settings area.

Category

Required status

Detailed description

Algorithm

Required

Select load balancing method

Ratio: Distribute traffic proportionally to the weight (Weight) of each connection target

Round robin: Distribute traffic evenly based on a round-robin method

Connection target

Required

Enter Weight for each target when selecting Ratio

Weight is the weighting applied to each target when distributing service requests; enter a value between 0 and 100.

Click the detail view icon of the description item to view target information

Table. GSLB load balancing policy input items

In the Additional Information Input area, enter or select the required information.

Category

Required

Detailed description

Explanation

Selection

Enter additional information or description about the GSLB service.

tag

Select

Add Tag

Up to 50 per resource can be added

After clicking the Add Tag button, enter or select Key, Value values

Table. GSLB additional information input fields

Check the creation history and click the Create button.
- When creation is complete, check the created resource on the GSLB List page.

Reference

To monitor the connection targets, GSLB must add allow rules to the firewall and security group.

Check GSLB detailed information

The GSLB service allows you to view and edit the full resource list and detailed information. GSLB Details page consists of Details, Targets, Tags, Activity Log tabs.

To view detailed GSLB information, follow these steps.

Click the All Services > Networking > GSLB menu. Navigate to the Service Home page of GSLB.
On the Service Home page, click the GSLB menu. You will be taken to the GSLB List page.
On the GSLB List page, click the resource to view detailed information. You will be taken to the GSLB Details page.
- The GSLB Details page displays the GSLB’s status and detailed information, and consists of the Details, Targets, Tags, Activity Log tabs.
  Category Detailed description
  Service status GSLB status
  Creating: In progress
  Active: Running
  Editing: In progress
  Deleting: In progress
  Error: An error occurred
  Service termination Button to cancel GSLB
  Table. GSLB status information and additional features

Detailed Information

On the GSLB List page, you can view detailed information of the selected resource and, if necessary, edit the information.

Category	Detailed description
Service	Service name
Resource Type	Resource Type
SRN	Unique resource ID in Samsung Cloud Platform
Resource Name	Resource Name
Resource ID	Unique resource ID in the service
constructor	User who created the service
Creation date and time	Service creation date and time
Editor	User who edited the service information
Modification date	Date and time the service information was modified
Domain name	GSLB domain information
Purpose	GSLB usage
Algorithm	Configured GSLB algorithm information Edit Click the icon to modify the settings
Health Check	Configured GSLB health check information Edit icon can be clicked to change settings
Explanation	Entered GSLB description Edit icon can be clicked to modify the description

Table. GSLB Detailed Information Tab Items

Connection target

On the GSLB List page, you can view the connection target information of the selected resource and, if necessary, edit the information.

Category	Detailed description
IP	Destination IP address
Resource ID	GSLB Resource ID
Location	Location to perform monitoring of the connection target
description	Enter additional information or description for the connection target Click the detail view icon to view the information
Whether to use	Indicate whether the connection target is used
Weight	Display the weight of the connection target
Connection status	Connection status display Connected: normal connection status Disconnected: disconnected state
Edit connection target	Add or modify connection target For detailed instructions, see Modify connection target information

Table. GSLB Connection Target Tab Items

Job History

On the GSLB List page, you can view the operation history of the selected resource.

Category

Detailed description

Task History List

Resource Change History

You can view operation details, operation time, resource type, resource name, operation result, and operator information

Operation History List When you click the corresponding resource in the list, the Operation History Details popup opens

Table. GSLB operation history tab items

Modify connection target information

You can add, modify, or delete GSLB connection target information.

To change the GSLB connection target information, follow these steps.

Click the All Services > Networking > GSLB menu. Navigate to the Service Home page of GSLB.
On the Service Home page, click the GSLB menu. Navigate to the GSLB List page.
On the GSLB List page, click the resource to view its details. You will be taken to the GSLB Details page.
On the GSLB Details page, click the Connection Targets tab. You will be taken to the Connection Targets tab page.
Connection Target tab page, click the Edit Connection Target button. You will be taken to the Edit Connection Target page.
On the Edit Connection Target page, modify the information you want.
- Add: Enter the target IP, select the location, and enter a description, then click the Add button to add the item.
- Delete: To delete the linked target item, click the Delete button.
- You can modify the Weight for each item in the connection target list.
When the edit is complete, click Done. An edit notification window will open.
Click OK in the alert dialog. The service information update is complete.

Reference

You can add up to 8 targets to a single GSLB service.
When adding a connection target, it is recommended to set the location field to a position close to the target server.

Configuring the Regional Routing Controller

You can query the Regional Routing Controller and change its usage status.

To change the usage status of the Regional Routing Controller, follow these steps.

All Services > Networking > GSLB Click the menu. Navigate to the Service Home page of GSLB.
On the Service Home page, click the Regional Routing Controller menu. You will be taken to the Regional Routing Controller List page.
Retrieve the resource to view detailed information on the Regional Routing Controller List page.
- Advanced Search button can be clicked to select domain, connection location, and usage status for the search.

On the Regional Routing Controller List page, view the resource information and change its usage status.

Category	Detailed description
domain name	Registered domain name When you click the domain name, you will be taken to the GSLB Details > Connection Targets tab page
Purpose	Domain purpose
Connection location	Location to perform monitoring of the connection target
Connection target by location	Number of connection targets by location
Whether to use	Display the connection target usage status, and you can change the usage status by clicking the More button Use: Enable the connection target Stop: Disable the connection target You can also set usage by selecting a domain from the list and choosing Use or Stop at the top

Table. Regional Routing Controller List

Click Confirm in the alert dialog. The domain usage status change is complete.

Terminate GSLB

You can request termination of the GSLB service in the Samsung Cloud Platform Console.

To request cancellation of the GSLB service, follow the steps below.

Click the All Services > Networking > GSLB menu. Navigate to the Service Home page of GSLB.
On the Service Home page, click the GSLB menu. You will be taken to the GSLB List page.
On the GSLB List page, click the resource you want to view detailed information for. You will be taken to the GSLB Details page.
On the GSLB Details page, click the Cancel Service button.
After the termination is complete, check the service termination status in the GSLB list.

15.3 - API Reference

API Reference

15.4 - CLI Reference

CLI Reference

15.5 - Release Note

GSLB

2025.12.16

FEATURE Add Regional Routing Controller service

You can control the usage of traffic you want to connect via GSLB on a per-region basis.

2025.07.01

NEW Official release of GSLB service

We have launched a GSLB service that can automatically distribute network traffic to adjacent regions based on DNS when traffic increases in a specific global region, providing stable service.

16 - Cloud Virtual Circuit

A service that provides 1:1 virtual circuits based on line bandwidth between Global Samsung Cloud Platform regions or customer locations.

16.1 - Overview

Service Overview

The Cloud Virtual Circuit service provides a 1:1 virtual circuit based on line bandwidth between global Samsung Cloud Platform regions or customer locations.

Features

Cloud Virtual Circuit offers the following features and benefits.

Mesh-shaped point-to-point connection: The Samsung Cloud Platform infrastructure is connected across all global regions, allowing point-to-point virtual circuit services to be used anywhere from source to destination.
No-Contract Short-Term Line Service: Unlike traditional network line services, it offers a no-contract pricing plan, allowing cost-effective use when short-term line service is needed.
Special Feature Provision: Provides a special function that can split a single virtual circuit into multiple logical circuits for different purposes.

Service Architecture Diagram

Provided features

The Cloud Virtual Circuit service provides the following features.

Korean and global service provision
- South Korea: Suwon, Sangam, Chuncheon, Gumi, Nonhyeon
- Global: New Jersey, San Jose, São Paulo, London, Frankfurt, Hong Kong, Singapore, Delhi, Dubai, Tokyo
Provision of point-to-point virtual circuit service between global regions (L2VPN-based)
- You can select the origin and destination access locations in all service regions.
- A single cloud virtual circuit configures up to two virtual links for redundancy.
- Provided circuit bandwidth:
  - 10, 20, 50, 100, 200, 300, 400, 500, 600, 700, 800, 900 Mbps
  - 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 Gbps

Reference

The maximum domestic line bandwidth is 10 Gbps, while the maximum bandwidth for Korea‑global and global‑global links is 1 Gbps.

Provides logical circuit separation (Multi VLAN): Up to five separate VLANs can be used on a single cloud virtual circuit.

Component

Cloud Virtual Circuit provides a 1:1 virtual backbone connection between global locations. The components are as follows, and resources can be created via the related self‑service in the user console.

Category	content
Cloud Virtual Circuit	Virtual resources that accommodate up to two Virtual Links for the same 1:1 endpoint
Origin Access Location	1:1 Virtual circuit’s source Access Location information
Destination Access Location	1:1 virtual circuit destination Access Location information
Multi VLAN	A feature that splits a single Virtual Link into multiple logical circuits for provisioning.
Virtual Link	Within a Cloud Virtual Circuit, a virtual circuit based on dedicated line bandwidth (line bandwidth, contract term, transmission path level option selection)
CE equipment	Network equipment that receives the dedicated line for the customer site (Customer Edge)

Table. Cloud Virtual Circuit components

Constraints

Cloud Virtual Circuit has the following limitations.

For each Cloud Virtual Circuit, you can create up to two Virtual Links.
The Multi VLAN feature can create up to five per Cloud Virtual Circuit.

Provision status by region

The Cloud Virtual Circuit service can be provided in the following environments.

Region	Provision status
Korea West 1 (kr-west1)	Provided
Korea East 1 (kr-east1)	Not provided
South Korea South 1 (kr-south1)	Not provided
South Korea South 2 (kr-south2)	Not provided
South Korea South 3 (kr-south3)	Not provided

Table. Cloud Virtual Circuit regional availability status

Prior Service

There are no services that need to be pre‑configured before creating this service.

16.2 - How-to guides

Users can apply for the Cloud Virtual Circuit service through Service Request in the Samsung Cloud Platform Console.

Apply for Cloud Virtual Circuit

You can request a Cloud Virtual Circuit through the Support Center of the Samsung Cloud Platform Console.

To apply for a Cloud Virtual Circuit, follow the steps below.

Click the All Services > Networking > Cloud Virtual Circuit menu. Navigate to the Service Home page of Cloud Virtual Circuit.
On the Service Home page, click the Cloud Virtual Circuit Service Request button. You will be taken to the Service Request page in the Support Center.

Select and enter the information required to apply for a Cloud Virtual Circuit.

Category	Required status	Detailed description
Title	Required	Enter the title of the service request using Korean, English, numbers, and special characters (`+=,.@-_`) within 64 characters
Region	Required	Select the region to request the service
Service	Required	Networking service group Cloud Virtual Circuit service selection
Task classification	Required	Cloud Virtual Circuit New Application Select
content	Required	Enter information for Cloud Virtual Circuit application

Table. Cloud Virtual Circuit Service Request Items

Check the input information and click the Request button.

guide

After submitting a service request, you cannot modify or delete the content you have entered.
After submitting a service request, you can view the request details on the Support Center’s Service Request List page. Refer to View Service Request Details.

Cloud Virtual Circuit Terminate

You can request the termination of a Cloud Virtual Circuit from the Support Center in the Samsung Cloud Platform Console.

To apply for a Cloud Virtual Circuit, follow the steps below.

Click the All Services > Management > Support Center menu. You will be taken to the Service Home page.
On the Service Home page, click the Cloud Virtual Circuit Service Request menu. You will be taken to the Service Request page.

Select and enter the information required to cancel the Cloud Virtual Circuit.

Category	Required status	Detailed description
Title	Required	Enter a title for the service request using Korean, English, numbers, and special characters(`+=,.@-_`) within 64 characters
Region	Required	Select the region for which you want to request service termination.
Service	Required	Networking service group Cloud Virtual Circuit service selection
Task classification	Required	Cloud Virtual Circuit Cancellation Request Select
content	Required	Enter information for Cloud Virtual Circuit termination request

Table. Cloud Virtual Circuit Service Termination Request Items

Check the input information and click the Request button.

guide

After submitting a service request, you cannot modify or delete the content you entered.
After submitting a service request, you can view the request details on the Support Center’s Service Request List page. Refer to 서비스 요청 상세 정보 확인하기.

16.3 - Release Note

Cloud Virtual Circuit

2025.09.08

NEW Official release of Cloud Virtual Circuit service

We have officially launched the Cloud Virtual Circuit service.
- Users can request a 1:1 virtual circuit based on the line bandwidth between Global Samsung Cloud Platform regions or customer sites.

17 - Private 5G Cloud

17.1 - Overview

Service Overview

Private 5G Cloud is a service based on the Samsung Cloud Platform that provides Private 5G Core and Edge solutions to enterprise customers. By leveraging the cloud, it minimizes the deployment of physical 5G network equipment, enabling the construction of a flexible and scalable network environment optimized for the customer’s private environment, and allowing easy connection of multiple geographically distributed locations.

Provides a dedicated enterprise 5G Core in a cloud environment, ensures service availability through stable operation, and enables real-time processing of large internal data and secure protection of critical data via Edge solutions.

Features

Stable Operation: Private 5G Cloud combines a 5G Core that has been validated for quality and reliability with cloud security policies. It also provides 24‑hour monitoring services by specialized 5G operations personnel. This enables regular system diagnostics and rapid response in case of failures, allowing the service to be operated stably. Efficient Cost Management: By deploying a Private 5G network on the Samsung Cloud Platform, you can reduce initial investment costs for building a 5G system and minimize operational expenses. It enables a fast and secure cloud‑based Private 5G network, as well as flexible operation and capacity scaling.
Private Edge Solution Offering: We provide application management and Edge Computing services based on Kubernetes that apply the 3GPP MEC standard. By configuring an Edge Computing service environment within the client’s premises, ultra‑low‑latency data transmission is possible, and because all data and services reside within the client’s premises, the company’s valuable information can be securely protected.. Various Integration Features: You can access a variety of solutions and software validated in the Private 5G Open Lab through the marketplace. Customers can leverage the pre-configured development environment and related ecosystem to adopt emerging technologies such as AI, machine learning, and big data, and can use customized solutions.

Service Architecture Diagram

Provided features

Private 5G Cloud provides the following features. Private 5G Cloud Core: Provision of cloud-based 5G wireless network and authentication services Private 5G Core CP: Processing customer-specific 5G signal control in the cloud domain UPF: Data processing of each customer’s unique service in the customer’s site area 5G network: handling dedicated network services (VPN/dedicated line) between the cloud and the customer’s premises

Component

Private 5G Cloud provides services across the entire 5G network within the customer’s site, and its components are as follows.

5G Core network

User authentication, session management, data processing
Customer device registration/deletion/modification/management

Service Portal

Provision of a 5G integrated service portal
- User portal: Create/modify/manage user policies
- Admin Portal: Authentication Policy Management and Monitoring

Network Solution

Configure cloud network solutions such as VPN and dedicated lines

Provision status by region

Private 5G Cloud can be provided in the environments below.

Region	Provision status
Korea West 1 (kr-west1)	Provided
Korea East 1 (kr-east1)	Provide
South Korea South 1 (kr-south1)	Provide
South Korea South 2 (kr-south2)	Provided
South Korea 3 (kr-south3)	Provided

Table. Private 5G Cloud regional offering status

Prior Service

This is a list of services that must be pre‑configured before creating the service. Please refer to the guide provided for each service for details and prepare in advance.

Service Category	service	Detailed description
Compute	Virtual Server	Virtual server optimized for cloud computing
Networking	VPC	A service that provides an isolated virtual network in a cloud environment
Networking	Security Group	Virtual firewall that controls server traffic
Networking	Direct Connect	A service that securely and quickly connects the customer’s network with the Samsung Cloud Platform
Networking	Firewall	A service that provides a firewall for traffic between the VPC, the Internet, and the customer’s network.
Networking	VPN	A service that connects the customer’s network and Samsung Cloud Platform via an encrypted virtual private network Provides security services by connecting the region and the customer’s site through Internet IPsec tunneling

Table. Private 5G Cloud pilot service

17.2 - How-to guides

Users can enter the required information for the Private 5G Cloud service, select detailed options, and create the service through the Samsung Cloud Platform Console.

Create Private 5G Cloud

You can create and use a Private 5G Cloud service from the Samsung Cloud Platform Console.

To create a Private 5G Cloud, follow these steps.

Click the All Services > Networking > Private 5G Cloud menu. You will be taken to the Private 5G Cloud Service Home page.
On the Service Home page, click the Private 5G Cloud Service Request button. You will be taken to the Service Request page.
On the Service Request page, select or enter the required information for Private 5G Cloud.
information
In the task category, select Private 5G Cloud Service Creation and create it.

Input field	Detailed description
Title	Title of the service you want to request
Region	Select location of Samsung Cloud Platform Automatically filled with the project’s region
service	Select the service group and service for the given service Service group: Networking Service: Private 5G Cloud
Task classification	Select the task to perform Create Private 5G Cloud service: select if you want to create this service
content	Enter detailed information required to create a Private 5G Cloud [Basic Information] Account Name: Enter account name Customer Name/Company/Department/E-mail/Phone Number: Enter user information Desired Service Start Date: Enter the start date the user wishes for the service [Application Information] Purpose of Use: Enter the intended use of the Private 5G Cloud Example: manufacturing, logistics, robotics, CCTV, video analytics Usage Period (default 3 years): Enter the service usage period
Attachment	Proceed with upload only if there are additional files you want to share Attachments can be up to 5 files, each within 5MB Only doc, docx, xls, xlsx, ppt, ppts, hwp, txt, pdf, jpg, jpeg, png, gif, tif files can be attached

Table. Detailed request items for creating a Private 5G Cloud service

Review the entered generation information and click the Request button.
- Once creation is complete, check the Service Request List page to see if the resource was created.
- This provisioning process involves steps such as purchasing physical servers, delivery, configuration, and site setup, and requires a minimum of eight weeks of business days.

Check Private 5G Cloud application details

You can view the application and cancellation history of the Private 5G Cloud service in the Samsung Cloud Platform Console.

Reference

To view the service application and termination request history of Private 5G Cloud, follow the steps below.

To check your Private 5G Cloud service application details, follow the steps below.

Click the All Services > Management > Support Center menu. Navigate to the Support Center > Service Home page.
On the Support Center Service Home page, click the Service Request menu. You will be taken to the Service Request List page.
On the Service Request List page, click the Title of the service request you submitted. You will be taken to the Service Request Details page.
Service Request Details page, check the request status and information.

guide

When a service request is received, the sales/operations representative verifies the service application details and proceeds with the Private 5G Cloud service for the provided information.

Terminate Private 5G Cloud

You can reduce operating costs by terminating the Private 5G Cloud service whose contract period has expired.

Reference

If you terminate the service, the running service may be stopped immediately, so you should proceed with the termination only after fully considering the impact of the service interruption.
To request service termination before the contract period expires, you must first complete the termination of the Private 5G Cloud contract through prior consultation between the user’s contract manager and Samsung SDS contract manager, and then proceed with termination according to the steps below.

To cancel Private 5G Cloud, follow the steps below.

Click the All Services > Networking > Private 5G Cloud menu. You will be taken to the Private 5G Cloud Service Home page.
On the Service Home page, click the Private 5G Cloud Service Request button. You will be taken to the Service Request page.
On the Service Request page, select or enter the required information for Private 5G Cloud.
Information
In the task category, select Private 5G Cloud Service Termination and cancel it.

Input field	Detailed description
Title	Title of the service you want to request
Region	Select location of Samsung Cloud Platform Automatically filled with the project’s region
service	Select the service group and service for this service Service group: Networking Service: Private 5G Cloud
Task classification	Select the task you want to perform Private 5G Cloud service termination: select if you wish to cancel this service
Content	Private 5G Cloud Enter detailed information required for termination [Basic Information] Account Name: Enter account name Customer Name/Company/Department/E-mail/Phone Number: Enter user information Desired service termination date: Enter the service termination date the user wishes
Attachment	Only proceed with upload if there are additional files you want to share Attachments can be up to 5 files, each within 5MB Only the following file types can be attached: doc, docx, xls, xlsx, ppt, ppts, hwp, txt, pdf, jpg, jpeg, png, gif, tif

Table. Detailed items for Private 5G Cloud service termination request

Review the entered generation information and click the Request button.
- After the termination is complete, check on the Service Request List page whether the resource has been terminated.
- The termination process is completed after the physical server is returned, and it takes at least 3–4 weeks of business days.

17.3 - Release Note

Private 5G Cloud

2025.09.08

NEW Private 5G Cloud service launch

A Private 5G Cloud product that provides 5G services to customers based on the Samsung Cloud Platform has been launched.

Category	required	Detailed description
Resource ID	Required	NAT resource ID
Save target	Required	NAT resource name
Save registration date and time	Required	NAT log repository registration timestamp

Category	Detailed description
Destination IP	Enter destination IP range Example: `192.168.25.0/24`
Destination	Choose between the VPC and the remote location according to the routing direction.

Category	required status	Detailed description
Explanation	Selection	Enter description for Segment
tag	Selection	Add tags Up to 50 tags can be added per resource

Category	required status	Detailed description
Explanation	Select	Enter description for Attachment
tag	Select	Add tags Up to 50 tags can be added per resource

Category	Required status	Detailed description
CDN name	Required	Enter the Global CDN name to use Cannot use the same name as an existing one
CDN domain	Required	Enter the domain name of the Global CDN to use