AliCloud - ECS

• ECS - Elastic Compute Service
  • overall
    • Billing
    • Architecture
    • responsibilities
    • The advantage
    • virtualization
  • physical locations
    • Regions
    • Zones (datacenters)
    • connectivity
    • Instance Failover
  • ECS Instance
    • ECS Instance Types
    • ECS Storage
      • Block Storage
      • Cloud Disks
    • ECS Snapshots
    • ECS Image
  • ECS Networking
    • VPC
    • ECS communication
    • Security Groups
    • IP address
    • ENI
  • ECS Setting
    • Instance Metadata
    • User data

---

ECS - Elastic Compute Service

---

Overall

Elastic Compute Service (ECS)

• a computing service with flexible processing capacity.
• a high-performance, stable, reliable, and scalable IaaS-level solution
• used to deploy virtual servers known as Instances.
• essentially a Virtual Machine that lives on Alibaba’s public cloud.

---

Billing

• PAYG: pay-as-you-go basis,
• subscription: upfront subscription
• Pre-emptible Instance: PAYG instance, with PAYG lower price (Bid-based)
• RI: Reserved Instance

use cause:

• log
• no worries of interrept

---

Architecture

ECS comprises the following major components:

• Instance: A virtual computing environment that includes basic computing components such as CPU, memory, network bandwidth, and disks.
• Image: provides the operating system, initial application data, and pre-installed software for instances.
• Block Storage: A block storage device based on the Object Storage Service (OSS) which features high performance and low latency distributed cloud disks.
• Security Groups: Used by a logical group of instances located in the same region that have the same security requirements and require access to each other.
• Network: A logically isolated private cloud network.

---

responsibilities

IaaS or Infrastructure as a Service

• Alibaba provides and manages the virtualization, servers, storage, and networking.
• customer select the operating system, install applications and manage the data.

In the diagram, you can see the different responsibilities when you provision a server on premise and when you provision a server within Alibaba Cloud ECS Instances can easily deploy and manage applications with better stability and security, compared to physical servers on premise.

• ECS Instances provide resizable compute capacity in the cloud. They are designed to make large scale computing easier. You can create instances with a variety of operating systems.
• Alibaba supports most mainstream Linux and Microsoft Windows Server systems.
• And you can run as many or as few instances as you like.

---

The advantage

Unlike provisioning on-premise machines,

• provide a host of built-in security solutions, such as Virtual Firewalls, Internal network isolation, public IP Access, Anti-Virus and Denial of Service Attack protection.

• get a lot more flexibility, stability, and security than you would get in the own Cloud environment because you benefit from all the work Alibaba has done, to improve and grow its public cloud offerings, to improve its own security and provide stable service, so an ECS is a Virtual Machine that you run on Alibaba Cloud.

• If you compare ECS with a traditional OffCloud Deployment, the key benefit is operations and maintenance costs are lower.

  • do not have to purchase any hardware upfront.

  • can scale and remove restheces based on actual business needs.

  • For an ECS instance, physical server management, storage, physical networking configuration, power cooling and virtualization, these things are all Alibaba Clouds problem, you only worry about launching the virtual Machine, logging into it, and setting up the software that you want, so you get lower O&M burdens by moving to ECS.
• flexibility,
  • can create a VM and destroy a VM anytime you want without waiting.
  • Instances are delivered within minutes, enabling rapid deployment with little or no wait time.
• If you buy physical hardware, you’re then committed to that hardware, even if you end up not using it.
  • Cloud deployments can in fact be cheaper than OffCloud deployments.

virtualization

• What really makes ECS work is virtualization.

• virtualization

  • The Elastic Compute Service is provided via a virtualization layer that is provisioned within the Data Centres around the world.

  • The Data Centres contain thousands of racks and this is where the virtualization technology sits.

  • multiple datacenters around the world, in each datacenter have racks of physical servers, each physical servers running Linux, and then it’s running a virtualization layer.

  • In many cases it is Kernel Virtual Machine or KVM.

  • Alibaba uses XEN and KVM Virtualisation to provision its ECS Instances.

  • These instances, in turn, run on top of the X-Dragon Compute Platform and the Apsara distributed file system called Pangu, which provides the storage system.

• launch

  • When you launch an ECS instance, it create a KVM Virtual Machine and launching it on one of these physical servers inside of the datacenter.

  • Because the workload is living within this Virtual Machine, it can be moved around between physical machines as needed,
  • if a physical server fails, we can simply migrate the Virtual Machine to a different physical server that’s healthy.

• Apsara 飞天

  • In order to do all of this migration and management and decide where to schedule the Virtual Machines, we have a management layer running on top of the cluster of Linux machines inside of the datacenter, we call this layer Apsara

  • Apsara is the self-developed distributed system for managing the Cloud platform, all of the products are built on top of Apsara.

  • Essentially, Apsara handles storage, scheduling, resthece management, and distributed coordination for all of the products that run on the public Cloud

    • some of the components of Apsara here in orange,
    • the public Cloud products running on top in gray.

• Pangu 盘古

  • the distributed file system is a key component of all of the storage services, including storage for the ECS instances.
  • When you allocate an ECS instance disk, that’s actually running on top of a distributed file system, which gives you extra reliability over and above what you would get with a single physical block device.

---

physical locations

• physical locations with one or more data centers spread all over the world reduce network latency.

• Currently, Alibaba Cloud has 22 regions across the world at 66 zones.

---

Regions

• The region is where Alibaba Cloud Services launch the Instance

• Choose a region to optimize latency, minimize cost or address regulatory requirements.

• There are specific regions in mainland China and other International regions available,

• Having multiple regions around the world means that you can provision servers closer to the users.

---

Zones (datacenters)

• Within each of those regions, we have multiple datacenters, multiple zones.

  • Zones refer to physical Data Centres within a region that have independent power supplies and networks.

  • Each zone is a physical data center with independent power and network connectivity.

• Fault isolation can easily deep performed between zones,

  • so if a single zone fails, the other zones in the region are not affected.

  • Because each region contains multiple zones, it’s possible to build failure tolerant architectures by deploying multiple ECS instances into each zone
  • If Zone A were to fail, the instance in zone B can continue to serve requests.

• High Availability

  • Users can separate ECS Instances into different zones in a region to facilitate, for example, ‘High Availability’.

  • ECS Instances created in a single region will have private, low latency intranet network connectivity to other zones in the same region.

  • However, ECS instances created in different regions, by default will not have private network connectivity.

  • The network latency for instances within the same zone, however, is lower than when communicating across zones in the same region.

• trade off between network latency and high availability.

  • build a multi-zone architecture/deployment
    • high availability and can tolerate a slight network latency
  • have the absolute fastest communication possible between all of the VMs
    • put them all in a single zone.

---

connectivity

connectivity between regions and zones.

• Within a single region
  • all of the zones are connected together over Alibaba Clouds private network
  • traffic that passes between the zones within a region is free
• Between region
  • Between regions, have to use
    • the public internet
    • VPN gateway on top of the public internet,
    • Cloud enterprise network CEN - a paid private network connects multiple regions.
  • You will incur a
    • public bandwidth charge for using the public internet
    • or a VPN gateway charge for having a VPN tunnel
    • or a CAN network charge for the enterprise multi-region private network.
  • We do have a private network between the regions, but we charge you for bandwidth if you use that multi-region private network, that’s a major distinction.

---

Instance Failover

• SLA:
  • 99.975 percent for a single Virtual Machine
  • 99.995 percent for multi-zone Virtual Machines.

• ESC is deployed in all 22 of the worldwide regions.

• the Machines all use modern Intel Xeon CPUs,
  • sometimes with CPU frequencies up to 3.2 or even 3.8 gigahertz
  • initialize or release up to a 100 of these Virtual Machines in as little as 10 minutes.

• These Virtual Machines run as though they were the very own physical machine.

• ECS instance is a virtual machine that contains basic computing components such as the CPU, memory, operating system, network bandwidth, and disks.
• Once created, you can customize and modify the configuration of an ECS instance. For example: Add or remove additional Cloud Disks.

---

ECS Instance

---

ECS Instance Types

families ECS instances are categorized into different families

• based on the business needs to which those families can be applied,
• an instance family also has many instance types based on different CPU and memory configurations.
• An ECS instance defines two basic attributes:
  • the CPU
  • the memory configuration
• storage and networking capacity

instance types The instance types follow a naming convention which depicts the instance family, instance generation and instance size,

• for Example:
  • ecs.g5.large.
  • ecs is a prefix (All ECS instances have this in the name),
  • ‘g’ denotes instance family (in this case general purpose),
  • 5 denotes the instance generation and implies the CPU to RAM ratio, in this case, a ratio of 1 to 4 (this means that for each CPU there is 4 GB RAM), and large denotes the instance size.
• ecs.g5.large is the smallest instance in the general-purpose family and this instance has 2 CPUs, so with a ratio of CPU to RAM of 1 to 4 this instance has 2 CPUs and therefore 8GB of RAM.
• ecs.g5.xlarge is the next in the family tree so it has 4 CPUs and 16GB of RAM.
• ecs.g5.2xlarge is the next in the family tree so it has 8 CPUs and there 32GB of RAM.

3 main types of families:

• X86-Architecture
• Heterogeneous Computing,
• and ECS Bare Metal Instances.

X86-Architecture

• based on the workload:
  • general purpose instances,
  • compute optimized,
  • memory optimized,
  • high clock speed,
  • local SSD,
  • Big Data,
  • and even in SAP instance type specifically designed to run SAP as forehand workloads.
• X dragon
  • third generation virtualization technology
  • ali built, gives almost zero cost on the virtualization layer.
• 7 different subtypes as follows:
• Entry Level (Shared Burstable):
  • You can accumulate CPU credits for the burstable instances, and consume those credits to increase the computing power of the workloads when required.
  • Used for Web application servers, Lightweight applications, and development and testing environments.
• General Purpose:
  • Used for Websites, application servers, Game servers, Small and medium-sized database systems.
• Memory Optimised:
  • Used for data analysis and mining, and other memory-intensive enterprise applications.
• Big Data:
  • Used for Enterprises that need to compute, store, and analyze large volumes of data.
• Local SSD: Used for Online transaction processing (OLTP) and high-performance databases.
• High Clock Speed: Used for on-screen video and telecom data forwarding, High-performance scientific and engineering apps.

---

ECS Bare Metal Instances

• EBM*
• combines the elasticity of VM and the performance and features of physical machines.
  • have no virtualization layer
  • The virtualization used by ECS Bare Metal Instances is optimized to support common ECS instances and nested virtualization.

• ECS Bare Metal Instances use virtualization 2.0 to provide business applications with direct access to the processor and memory restheces of the underlying servers without virtualization overheads.

• These are ideal for applications that need to run in a non-virtualized environment.

• great choice for running the own virtualization scheme like VMware or Microsoft Hyper-V

---

Heterogeneous Computing

• 2 main subtypes as follows:
  • designed for workloads that require special purpose hardware.
  • include instances that offer a TPU or an FPGA card
• GPU-based compute-optimized:
  • Used for Rendering and multimedia encoding and decoding, Machine learning, high-performance computing, and high-performance databases, Other server-high end workloads that require powerful concurrent floating-point compute capabilities.
• Field-programmable-Gate-Array-based compute-optimized:
  • Used for Deep learning and reasoning, Genomics research, Financial analysis, Image transcoding, Computational workloads such as real-time video processing and security management.

HPC high-performance computing instance

• used to build supercomputing clusters.
  • built-in RDMA support
  • very high-speed convergent Ethernet connectivity.
  • designed for things like
    • very high-speed media of transcoding,
    • industry simulation,
    • rendering,
    • or even genetics.

---

ECS Storage

---

Block Storage

• a high-performance, low latency block storage service.
• supports random or sequential read and write operations.
• Block Storage is similar to a physical disk, you can format a Block Storage device and create a file system on it to meet the data storage needs of the business.

---

Cloud Disks

• based on the Apsara distributed file system called “Pangu”.
• 3 redundant copies

  are stored on different physical servers under different switches in the datacentre.

• This provides high data reliability in the case of a failure.

Cloud Disk Type

• 3 types of Cloud Disk
• Ultra Disk:
  • Cloud disks with high cost-effectiveness, medium random IOPS performance, and high data reliability.
• Standard SSD:
  • High-performance disks that feature consistent and high random IOPS performance and high data reliability.
• Enhanced SSD:
  • ultra-high performance disks based on the next-generation distributed block storage architecture.
  • Each ESSD can deliver up to 1 million of random IOPS and has low latency.

Cloud Disks Target

• Cloud Disks can be mounted to any instance in the same zone,
  • but cannot be mounted to instances across zones

    .

• ECS Storage provides architecture-based Cloud disks for the operating system disks and data disks.

• System disk
  • by default has the same life cycle as the ECS instance to which it is mounted, and is released along with the ECS instance. (This auto release function can be changed.)
  • Shared access to system disks is not allowed

    .

  • System disk sizes can be 20GB and 500GB.
    • dependent on the operating system being provisioned.
      • Linux and FreeBSD systems default to 20GB.
      • CoreOS systems default to 30GB.
      • Windows systems default to 40GB.
• Data disks
  • have the same life cycle as the corresponding instance, and are released along with the instance by default. (auto-release function can be changed.)
  • can be created separately or at the same time as an ECS instance.
    • created separately can be released separately or at the same time as the corresponding ECS instance.
  • s hared access to a data disk is not allowed .
  • sizes can be between 20GB and 32TB
  • up to 16 Data Disks can be attached to a single ECS Instance.

PL1: system PL3: database

---

ECS Snapshots

• Snapshots are complete, read-only copies of disk data at certain points in time.

Usecase

• Disaster recovery and backup:
  • create a snapshot for a disk, use it to create another disk to implement zone- or geo-disaster recovery.
• Environment clone:
  • use a system disk snapshot to create a custom image,
  • and then use the custom image to create an ECS instance to clone the environment.
• Data development:
  • Snapshots can provide near-real-time production data for applications
  • such as data mining, report queries, and development and tests.
• Enhanced fault tolerance:
  • roll a disk back to a previous point in time by using a snapshot to reduce the risk of data loss caused by an unexpected occurrence.
  • create snapshots on a regular basis to prevent losses caused by unexpected occurrences.
  • These unexpected occurrences can include, for example,
    • writing incorrect data to disks,
    • accidentally deleting data from a disk,
    • accidentally releasing ECS instances,
    • data errors caused by application errors,
    • and data loss due to hacking attempts.
• before high-risk operations:
  • such as changing operating systems, upgrading applications, and migrating business data.

snapshot policy

• Snapshots can be created manually or automatically by creating a snapshot policy.
• When the maximum number of snapshots has been reached, the oldest snapshot is deleted as a new one is created.
• Snapshots are charged based on the storage space used and the amount of time they are kept.

incremental copy

• Up to 64 snapshots can be created per disk
• and each snapshot is an incremental copy of the previous snapshot.

---

ECS Image

Images are a template of a runtime environment for an ECS Instance.

4 main types.

• Public System Images:
  • Public images licensed by Alibaba Cloud are highly secure and stable. These public images include most Windows Server and mainstream Linux systems.
  • These images only include standard system environments and you can apply the own customization and configurations based on these images.
• Marketplace Images:
  • Alibaba Cloud Marketplace images are classified into the following 2 types.
    • Images provided by Alibaba Cloud
    • and Images provided by Independent Software Vendors and licensed by Alibaba Cloud Marketplace
  • An Alibaba Cloud Marketplace image contains an operating system and pre-installed software.
  • The operating system and pre-installed software are tested and verified by the ISV and Alibaba Cloud to ensure that the images are safe to use.
  • These are suitable for website building, application development, and other personalized use scenarios.
• Custom Image:
  • Custom images are created from Instances or system snapshots, or imported from the local device.
  • Only the creator of a custom image can use, share, copy, and delete the image.
  • These custom images can be used to create more instances, saving you the effort of creating a new system from scratch.
• Shared Image:
  • A shared image is a custom image that has been shared to other users or accounts.
  • Alibaba Cloud cannot guarantee the security and integrity of the images shared with you. You use them at the own risk and discretion.

---

ECS Networking

---

VPC

Virtual Private Cloud (VPC)

• a logically isolated Virtual Network.
• provides VLAN-level isolation and blocks outer network communications

• it is a requirement when provisioning an ECS Instance.

• VPC offers two major features,
  • customize their own network topology,
  • Assign Private IP address ranges, allocate network segments,
  • and Configure VSwitches.
• Customers can Integrate existing Datacentres through a dedicated line (Express Connect) or a VPN Gateway to form a hybrid cloud.

A VPC is made up of two main components:

• A Virtual Router (VRouter)
• and one or more Virtual Switches (VSwitch)

VSwitch

• a basic network device of a VPC network and is used to connect different ECS instances together in a subnet.
• A VPC can have a maximum of 24 VSwitches.

VRouter

• a hub that connects all of the VSwitches in the VPC and serves as a gateway device that can connect to other networks.

---

ECS communication

• VM1, VM2, and VM 3 can all communicate with each other, irrespective of the fact that they’re in different zones; they are in the same virtual private cloud network.

---

Security Groups

• act as virtual firewalls that provide Stateful Packet Inspection and packet filtering of network protocol, port and sthece IP traffic to allow or deny access.

• configure security group rules to control the inbound and outbound traffic of ECS instances in the group.

There are 2 classifications of security groups:

• Basic and Advanced.

Basic security groups

• support up to 2000 private IP Addresses,
• inbound and outbound rules can be configured to allow or deny ECS instances in basic security groups access to the Internet or intranet.

Advanced security groups

• new type of security group.
• an advanced security group can contain an unlimited number of private IP addresses.
• can only configure allow rules for inbound and outbound traffic,
• all non-allowed traffic is denied by default.

Default Security Group:

• When you create an ECS instance in a region through the ECS console, a default security group is created if no other security group has been created under the current account in this region.
• The default security group is a basic security group and has the same network type as the ECS instance.

Security groups have the following characteristics:

• must specify a security group when you create an ECS instance.
• Each ECS instance must belong to at least one security group but can be added to multiple Security Groups at the same time.
• ECS Instances cannot belong to both basic and advanced security groups at the same time
• ECS instances in the same security group can communicate with each other through the internal network.
• ECS instances in different security groups are isolated from each other.
• You can add security group rules to authorize mutual access between two security groups.
• You can configure security group rules only for basic security groups, to authorize mutual access between two security groups.
• regional concept, can managed ECS in different zones.

---

IP address

• Each VPC-Connected ECS instance is assigned a private IP address when it is created.
• That address is determined by the VPC and the CIDR block of the vSwitch to which the instance is connected.

A Private IP Address can be used in the following scenarios

• Load balancing
• Communication among ECS instances within an intranet
• Communication between an ECS instance and other cloud products (such as OSS and RDS) or within an intranet.

public IP address

• ECS instances support two public IP address types.
• NATPublicIP,
  • which is assigned to a VPC-Connected ECS instance.
  • This type of address can be released only, and cannot be disassociated from the instance.
• Elastic IP Address (EIP).
  • an independent public IP address that you can purchase and use.
  • EIPs can be associated to different ECS instances that reside within VPCs over time to allow public access to the ECS instances.

Their use cases are:

• do not want to retain the public IP address when the instance is released, use a NatPublicIP address
• want to keep a public IP address and associate it to any of the VPC-Connected ECS instances in the same region, use the EIP address

---

ENI

---

ECS Setting

Instance Metadata

User data

.