Full Transcript

IT2314 Compute Cloud Services Elastic Cloud Server An Elastic Cloud Server (ECS) is a basic computing unit that consists of vCPUs, memory, an OS, and Elastic Volume Service (EVS) disks. After an ECS is created, you can use it on the cloud similarly to how you would use your local computer or physic...

IT2314 Compute Cloud Services Elastic Cloud Server An Elastic Cloud Server (ECS) is a basic computing unit that consists of vCPUs, memory, an OS, and Elastic Volume Service (EVS) disks. After an ECS is created, you can use it on the cloud similarly to how you would use your local computer or physical server. ECS has the following advantages: A variety of specifications to choose from: Different ECS types are available for different applications. There are multiple, customizable specifications for each type. A wide range of available images: Public, private, and shared images can be selected. Different types of EVS disks: Common I/O, high I/O, general-purpose SSD, and ultra-high I/O EVS disks are available for different service requirements. Flexible billing: Yearly/monthly and pay-per-use billing modes are available for different applications. You can purchase and release resources as service levels fluctuate. Reliable data: Virtual block storage based on a distributed architecture provides robust throughput that is scalable and reliable. Security: The network is isolated from viruses and Trojans by security group rules. Security services, such as Anti-DDoS, Web Application Firewall and Vulnerability Scan Service, are also available to protect your ECSs. Flexible, easy-to-use: Elastic computing resources are automatically adjusted based on service requirements and policies to efficiently meet service requirements. Highly efficient O&M: Multi-choice management via the management console, remote access, and APIs with full management permissions. Cloud monitoring: Cloud Eye monitors your ECSs in real time, generating alarms and sending notifications when it detects abnormal metrics. Load balancing: Elastic Load Balance automatically distributes traffic to multiple ECSs to keep the loads on the servers balanced. It improves the fault tolerance of your applications and enhances application capabilities. Why ECS? Auto Scaling Automatic adjustment of compute resources Flexible adjustment of ECS configurations Flexible billing modes Competitive Edge Professional hardware devices Always available virtual resources Stability and Reliability A variety of EVS disk types: Common I/O, high I/O, ultra-high I/O, general purpose SSD, and extreme SSD disks are available for different service requirements. Reliable data: Scalable, reliable, high-throughput virtual block storage is based on a distributed architecture. This architecture ensures that data can be quickly migrated or restored, if necessary, which means you will not lose your data as the result of a single hardware fault. 03 Handout 1.1 *Property of STI  [email protected] Page 1 of 12 IT2314 Backup and restoration of ECSs and EVS disks: You can configure backup policies on the management console or use an API to back up ECSs and EVS disks periodically or at a specified time. Security A range of security services provide multi-dimensional protection: Security services, such as Web Application Firewall and Vulnerability Scan Service, are available to protect your ECSs. Security evaluation: The security of cloud environments is evaluated to help you quickly detect security vulnerabilities and threats. Security configurations are reviewed and suggestions are provided on how to improve system security. Actions will be recommended to reduce or avoid potential losses resulting from viruses or other malicious attacks. Intelligent process management: You can configure a whitelist to control which programs are allowed to run. Vulnerability scanning: Comprehensive scan services are provided, including general web vulnerability scan, third-party application vulnerability scan, port detection, and fingerprint identification. ECS Architecture 03 Handout 1.1 *Property of STI  [email protected] Page 2 of 12 IT2314 ECS works with other products and services to provide computing, storage, network, and image installation functions. ECSs are deployed in multiple Availability Zones (AZs) connected with each other through an intranet. If an AZ becomes faulty, other AZs in the same region will not be affected. With the Virtual Private Cloud (VPC) service, you can build a dedicated network, configure subnets and security groups, and allow the VPC to communicate with the external network through an EIP with bandwidth assigned. With the Image Management Service (IMS), you can create images for ECSs or create ECSs using private images for rapid service deployment. EVS provides storage and Volume Backup Service (VBS) provides data backup and recovery functions. Cloud Eye is a key service to help ensure ECS performance, reliability, and availability. You can use Cloud Eye to monitor ECS resource usage. Cloud Backup and Recovery (CBR) backs up data for EVS disks and ECSs and creates snapshots in case you need to restore them. Scenarios E-commerce Memory-optimized ECSs have a large memory size and provide high memory performance. They are designed for memory-intensive applications that involve a large amount of data, such as precision advertising, e- commerce big data analysis, and IoV big data analysis. E-commerce presents special challenges. Sudden Traffic Surges: Access traffic can surge to hundreds of times normal levels during promotions, flash sales, and sweepstakes. Servers become overloaded and e-commerce platforms may even crash. Poor User Experience: Massive amounts of static data, such as product pictures and video content, are usually stored on servers, resulting in slow loading, time-consuming and costly. Users in different network environments may experience delayed access to such data, resulting in poor user experience. Lack of Proper Analytics: Due to the lack of big data platforms and analysis tools, existing customers, financial products, and transaction data cannot be effectively analyzed. As a result, there are problems such as high promotion investment and low second-order rate. Security: E-commerce enterprises have to deal with risks in various processes, such as traffic diversion, registration and login, browsing and comparison, preference obtaining, ordering, payment, delivery, and evaluation. The vulnerabilities may come from credential stuffing, scalpers, web page tampering, DDoS attacks, data breaches, and Trojans. Graphics Rendering GPU-accelerated ECSs provide outstanding floating-point computing capabilities. They are suitable for applications that require real-time, highly concurrent massive computing. GPU-accelerated ECSs are classified as G series and P series ECSs. G series: Graphics-accelerated ECSs, which are suitable for 3D animation rendering and CAD P series: Computing-accelerated or inference-accelerated ECSs, which are suitable for deep learning, scientific computing, and CAE Data Analysis Disk-intensive ECSs are delivered with local disks for high storage bandwidth and IOPS. In addition, local disks are more cost-effective in massive data storage scenarios. Disk-intensive ECSs use local disks to provide high sequential read/write performance and low latency, improving file read/write performance. They provide powerful and stable computing capabilities, ensuring efficient data processing. 03 Handout 1.1 *Property of STI  [email protected] Page 3 of 12 IT2314 They provide high intranet performance, including robust intranet bandwidth and PPS, for data exchange between ECSs during peak hours. Disk-intensive ECSs are suitable for distributed Hadoop computing, large-scale parallel data processing, and log processing. Disk-intensive ECSs use hard disk drives (HDDs) and a default network bandwidth of 10GE, providing high PPS and low network latency. Each disk-intensive ECS supports up to 24 local disks, 48 vCPUs, and 384 GiB of memory. High-Performance Computing Each vCPU of a high-performance computing ECS corresponds to the hyper-thread of an Intel® Xeon® Scalable processor core. High-performance computing ECSs are suitable for high-performance computing scenarios. They provide massive parallel computing resources and high-performance infrastructure services to meet the requirements of high-performance computing and massive storage and ensure rendering efficiency. Bare Metal Server Bare Metal Server (BMS) combines the scalability of VMs with the high performance of physical servers. It provides dedicated servers on the cloud, delivering the performance and security required by core databases, critical applications, high-performance computing (HPC), and Big Data. Essentially, a BMS is a physical server. The difference is that BMSs can be easily configured and purchased on the cloud platform, but traditional physical servers can only be configured and purchased in person. BMSs support automatic provisioning, automatic O&M, VPC connection, and interconnection with shared storage. You can provision and use BMSs as easily as ECSs and enjoy excellent computing, storage, and network performance of physical servers. Why BMS? High security: BMS allows you to use dedicated compute resources, add servers to VPCs and security groups for network isolation, and integrate related components for server security. The BMSs running on the QingTian architecture can use EVS disks, which can be backed up for restoration. BMS interconnects with Dedicated Storage Service (DSS) to ensure the data security and reliability required by enterprise services. High performance: BMS has no virtualization overhead, allowing compute resources to be dedicated to running services. Running on QingTian, an architecture from Huawei that is designed with hardware-software synergy in mind, BMS supports high-bandwidth, low-latency storage and networks on the cloud, meeting the deployment density and performance requirements of mission-critical services such as enterprise databases, big data, containers, HPC, and AI. Agile deployment: The hardware-based acceleration provided by the QingTian architecture enables EVS disks to be used as system disks. The required BMSs can be provisioned within minutes when you submit your order. You can manage your BMSs throughout their lifecycle from the management console or using open APIs with SDKs. Quick integration of cloud services and solutions: Within a given VPC, cloud services and cloud solutions (such as databases, big data applications, containers, HPC, and AI solutions) can be quickly integrated to run on BMSs, accelerating cloud transformation. 03 Handout 1.1 *Property of STI  [email protected] Page 4 of 12 IT2314 BMS Architecture BMS works together with other cloud services to provide compute, storage, network, and imaging. BMSs are deployed in multiple availability zones (AZs) connected with each other through an internal network. If an AZ becomes faulty, other AZs in the same region will not be affected. With the Virtual Private Cloud (VPC) service, you can build a dedicated network for BMS, configure subnets and security groups, and allow resources deployed in the VPC to communicate with the Internet through an EIP (with bandwidth assigned). With the Image Management Service (IMS), you can install OSs on BMSs or create BMSs using private images for rapid service deployment. The Elastic Volume Service (EVS) provides storage, and the Volume Backup Service (VBS) provides data backup and restoration. Cloud Eye is a key tool to monitor BMS performance, reliability, and availability. Using Cloud Eye, you can monitor BMS resource usage in real time. Cloud Backup and Recovery (CBR) backs up data for EVS disks and BMSs, and uses snapshot backups to restore the EVS disks and BMSs when necessary. 03 Handout 1.1 *Property of STI  [email protected] Page 5 of 12 IT2314 Scenarios Core Database High security and performance: Each BMS is dedicated to a single tenant and provides ultra-high computing performance without virtualization overhead. In addition, a three-copy backup ensures data security and reliability. Quick provisioning: A BMS can be provisioned within minutes after you submit an order. The system automatically installs an OS, configures the network, and attaches disks for the BMS when receiving the order. Real Application Cluster (RAC): Shared EVS disks address the storage limitations faced by local disks. RAC deployment is available for core enterprise systems. Flexible deployment: BMSs can be deployed together with ECSs to meet diverse computing needs. They use VPC to communicate securely with other cloud resources and use EIPs to make themselves accessible from the Internet. High Performance Computing (HPC) High-performance ECS: Compute-intensive ECSs, such as general computing-plus (C6) and memory- optimized (M6) ECSs, use 2nd Gen Intel® Xeon® scalable processors to provide robust, stable computing performance, and Huawei-developed intelligent high-speed NICs to provide networks with ultra-high bandwidth and ultra-low latency. High-performance BMS: High-performance computing (H2) BMSs with 100 Git/s EDR InfiniBand NICs provide excellent computing performance with no virtualization overhead. You can apply for BMSs on demand through the management console. Excellent network performance: Secure, isolated virtual networks are provided for HPC users on the public cloud. The networks communicate with each other through intelligent high-speed NICs that deliver excellent bandwidth. Comparisons Between a BMS, ECS, and Physical Server A lack of flexibility is the main problem with physical servers. Although cloud computing is super popular right now, some enterprises may still choose physical servers for the absolute best possible performance. The only reason is that physical servers do not have performance loss due to no virtualization overhead. 03 Handout 1.1 *Property of STI  [email protected] Page 6 of 12 IT2314 However, it takes a long time to deploy physical servers, the O&M is complex, and the architecture cannot be reconstructed easily. When physical servers break down, it takes a lot of time, effort, and money to fix them. When Enterprises choose to avoid VMs (ECSs), it is typically because VMs are not able to provide the performance required by their core databases. Additionally, they do not want to adjust their core applications to adapt to VM deployment. These enterprises are faced with a dilemma. BMS is designed to address this dilemma. It provides physical servers exclusive to a particular enterprise's use, so they do not have to compromise on performance or resource isolation. Meanwhile, it delivers cloud capabilities such as online delivery, automatic O&M, VPC interconnection, and interconnection with shared storage. You can provision and use BMSs as easily as ECSs and enjoy excellent computing, storage, and network performance of physical servers. BMS can also offer services that ECSs cannot provide due to various architecture restrictions, such as virtualization services, high-performance computing services, services that have high requirements on I/O performance, and services that have high requirements on core data control and resource isolation. In addition, HUAWEI CLOUD provides O&M for BMSs, which helps keep your costs down. BMS Lifecycle Management Self-service application, simple configuration, provisioning in minutes, and full-lifecycle management You can create a common BMS, a BMS supporting quick provisioning, or a BMS running on a Dedicated Cloud (DeC). If you want to create a BMS that has the same OS and applications as an existing BMS, you can create a private image using the existing BMS and then use the image to create a desired BMS. BMS Network Five types of networks are available for BMS: VPC, high-speed network, enhanced high-speed network, user- defined VLAN, and InfiniBand network. They are isolated from each other. Top-of-rack (ToR) refers to how the server cabinet is cabled up. The access switch is placed on top of the rack and the server is placed beneath it. HB indicates a high-speed network. QinQ represents an 802.1Q tunnel. VPC and high-speed network interfaces are generated by the system and cannot be changed. NIC bonding is used to group multiple interfaces together. BMSs can communicate with ECSs through VPCs or InfiniBand networks (if any). Only VPC supports security groups, EIPs, and ELB. For a high-speed network and user-defined VLAN, BMSs in the same network can only communicate with each other through layer-2 connections. 03 Handout 1.1 *Property of STI  [email protected] Page 7 of 12 IT2314 BMS Network: Virtual Private Cloud A Virtual Private Cloud (VPC) is a logically isolated, configurable, and manageable virtual network. It helps to improve the security of BMSs in the cloud system and simplifies network deployment. Advantages of VPC Flexible configuration: You can configure security groups, VPNs, IP address segments, and bandwidth in a VPC. High security: VPCs are logically isolated from each other. By default, different VPCs cannot communicate with each other. Network ACLs protect subnets, and security groups protect ECSs. Seamless Interconnection: By default, a VPC cannot communicate with the Internet, but you can use EIP, ELB, NAT Gateway, VPN, and Direct Connect to enable access to or from the Internet. By default, two VPCs cannot communicate with each other, but you can create a VPC peering connection to enable the two VPCs in the same region to communicate with each other using private IP addresses. High-speed access: More than 20 dynamic BGP connections to multiple carriers can be established. Dynamic BGP provides automatic failover in real time, automatically choosing the best alternative path when a network connection fails. BMS Network: High-Speed Network A high-speed network is an internal network between BMSs. It provides high bandwidth for connecting BMSs in the same AZ. If you want to deploy services requiring high throughput and low latency, you can create high-speed networks. High-speed networks share the same physical plane with VPCs. A high-speed network carries only east-west traffic and supports only layer-2 communication because it does not support layer-3 routing. Restrictions on using high-speed networks: o When creating a BMS, the network segment used by standard NICs cannot overlap with that used by high-speed NICs. o A high-speed network does not support security groups, EIPs, DNS, VPNs, or Direct Connect connections. o You must select different high-speed networks for different high-speed NICs configured for a BMS. o Once a BMS is provisioned, you cannot then later configure a high-speed network for it. BMS Network: Enhanced High-Speed Network An enhanced high-speed network is a high-quality, high-speed, low-latency internal network for BMSs to communicate with each other. Enhanced high-speed networks use upgraded hardware and software to allow BMSs in different PODs to communicate with each other. An enhanced high-speed network has the following advantages over a high-speed network: The bandwidth is at least 10 Gbit/s. The number of network planes can be customized and up to 4,000 subnets are supported. VMs on a BMS can access the Internet. BMS Network: User-Defined VLAN You can allocate VLAN subnets to isolate traffic in scenarios such as SAP HANA and virtualization. User-defined VLAN NICs are in pairs. You can configure NIC bonds to achieve high availability. User-defined VLANs in different AZs cannot communicate with each other. 03 Handout 1.1 *Property of STI  [email protected] Page 8 of 12 IT2314 BMS Network: InfiniBand Network An InfiniBand network features low latency and high bandwidth, and is good for high-performance computing (HPC) projects. An InfiniBand network supports two communication modes: Remote Direct Memory Access (RDMA) and Internet Protocol over InfiniBand (IPoIB). To create an InfiniBand network, you must select a flavor that supports InfiniBand NICs during BMS creation. After an InfiniBand network is provisioned, BMSs can communicate with each other using RDMA. When IPoIB communication is used, you need to configure IP addresses on the InfiniBand network port. You can use static IP addresses or IP addresses assigned using DHCP. InfiniBand is widely used for communication between servers (for example, replication and distributed working), between a server and a storage device (for example, SAN and DAS), and between a server and a network (for example, LAN, WAN, and the Internet). InfiniBand highlights: o A standard protocol o High bandwidth, low latency o RDMA o Offloaded transmission Image Management Service Image Management Service (IMS) allows you to manage the entire lifecycle of your images. You can create ECSs or BMSs from public, private, or shared images. You can also create a private image from a cloud server or an external image file to make it easier to migrate workloads to the cloud or on the cloud. An image is a server or disk template that contains an operating system (OS), service data, and necessary application software, such as database software. IMS provides public, private, Marketplace, and shared images. Why IMS? Convenient: You can create a private from an ECS or external image file, or batch-create ECSs from an image. Flexible: You can manage images through the management console or using APIs. Centralized: IMS provides a self-service platform to simplify image management and maintenance. Secure: Public images come with multiple mainstream OSs, such as Windows Server, Ubuntu, and CentOS, which have been thoroughly tested to provide secure and stable services. Image Types Public image: A public image is a standard image provided by the cloud platform and is available to all users. It contains an OS and various preinstalled public applications. If a public image does not contain the application environment or software you need, you can use a public image to create an ECS and then install the software you need. Public images include the following OSs to choose from: Windows, CentOS, Debian, openSUSE, Fedora, Ubuntu, EulerOS, and CoreOS. When you use certain public images, the system recommends the Host Security Service (HSS) and server monitoring. HSS supports two-factor authentication for logins, defense against account cracking, and weak password detection to protect your ECSs against brute-force attacks. 03 Handout 1.1 *Property of STI  [email protected] Page 9 of 12 IT2314 Private image: A private image is only available to the user who created it. It contains an OS, service data, preinstalled public applications, and custom applications that the image creator added. A private image can be a system disk image, data disk image, or full-ECS image. o A system disk image contains an OS and pre-installed software for various services. You can use a system disk image to create ECSs and migrate your services to the cloud. o A data disk image contains only service data. You can use a data disk image to create EVS disks and use them to migrate your service data to the cloud. o A full-ECS image contains an OS, pre-installed software, and service data. Shared image: A shared image is a private image another user has shared with you. Marketplace image: A Marketplace image is a third-party image published in the Marketplace. It has an OS, application environment, and software pre-installed. You can use these images to deploy websites and application development environments in just a few clicks. No additional configuration is required. Marketplace images are provided by service providers who have extensive experience configuring and maintaining cloud servers. All the images are thoroughly tested and have been approved by HUAWEI CLOUD before being published. Scenarios Migrating Servers to the Cloud or in the Cloud You can import local images to the cloud platform and use the images to quickly create cloud servers for service migration to the cloud. You can also share or replicate images across regions to migrate ECSs between accounts and regions. A variety of image formats can be imported, including VMDK, VHD, QCOW2, RAW, VHDX, QED, VDI, QCOW, ZVHD2, and ZVHD. Image files in other formats need to be converted to one of these formats before being imported. You can use the open-source tool qemu-img or the Huawei tool qemu-img- hw to convert the image. Deploying a Specific Software Environment You can use shared or Marketplace images to quickly build custom software environments without having to manually configure environments or install any software. This is especially useful for Internet startups. In traditional batch service deployment, you need to evaluate different service scenarios, select an OS, database, and software, and install them. The deployment quality depends on the skills of R&D and O&M personnel. On the cloud platform, you can quickly create ECSs by using public, private, Marketplace, or shared images. You only need to identify sources of shared images. Public, private, and Marketplace images have been thoroughly tested to ensure security and stability. Backing Up Server Environments You can create an image from an ECS to back up the ECS. If the ECS breaks down for some reason, you can use the image to restore it. This is similar to system restoration with Ghost. You can create a Ghost recovery point for your PC. If the PC is infected with a virus or the system breaks down for some reason, you can restore it to the recovery point you created. On the public cloud, you can create a private image to back up an ECS. If periodic backup is required, you are advised to use cloud services such as Cloud Server Backup Service (CSBS) and Volume Backup Service (VBS) for the backup. Other Compute Services Auto Scaling (AS) automatically adjusts resources to keep up with changes in demand based on pre-configured AS policies. You can specify AS configurations and policies based on service requirements. These configurations 03 Handout 1.1 *Property of STI  [email protected] Page 10 of 12 IT2314 and policies free you from having to repeatedly adjust resources to keep up with service changes and spikes in demand, helping you reduce the resources and manpower required. Why AS? Automatic resource adjustment: AS adds ECS instances and increases bandwidth for your applications when the access volume increases and reduces unneeded resources when the access volume drops, ensuring system stability. Enhanced cost management: AS enables you to use instances and bandwidth on demand by automatically adjusting system resources, so utilization goes up and costs go down. Improved availability: AS ensures there are always enough resources deployed for your applications. When working with ELB, AS automatically associates a load balancing listener with any instances newly added to the AS group. Then, ELB automatically distributes access traffic to all instances in the AS group through the listener, which improves system availability. High fault tolerance: AS monitors the status of instances in an AS group, and replaces any unhealthy instances it detects. AS Architecture AS automatically adjusts compute resources based on service demands and configured AS policies. The number of ECS instances changes to match service demands, ensuring service availability. AS allows you to adjust the number of ECSs in an AS group and EIP bandwidths bound to the ECSs. Scaling control: You can specify thresholds and schedule when different scaling actions are taken. AS will trigger scaling actions on a repeating schedule, at a specific time, or when configured thresholds are reached. Policy configuration: You can configure alarm-based, scheduled, and periodic policies as needed. Alarm-based: You can configure alarm metrics such as vCPU, memory, disk, and inbound traffic. Scheduled: You can schedule actions to be taken at a specific time. Periodic: You can configure scaling actions to be taken at scheduled intervals, at a specific time, or within a particular time range. When Cloud Eye generates an alarm for a monitoring metric, for example, CPU usage, AS automatically increases or decreases the number of instances in the AS group or the EIP bandwidth. When the configured triggering time arrives, a scaling action is triggered to increase or decrease the number of ECS instances or the bandwidth. Scenarios Web Applications E-commerce: During big promotions, E-commerce websites need more resources. AS automatically scales out ECS instances and bandwidth within minutes to ensure that promotions go smoothly. Heavy-traffic portals: Service load changes are difficult to predict for heavy-traffic web portals. AS dynamically scales in or out of ECS instances based on monitored ECS metrics, such as vCPU usage and memory usage. AS Basic Concepts AS group: An AS group consists of a collection of instances and AS policies that have similar attributes and apply to the same scenario. It is the basis for enabling or disabling AS policies and performing scaling actions. 03 Handout 1.1 *Property of STI  [email protected] Page 11 of 12 IT2314 AS configuration: An AS configuration is a template specifying specifications for the instances to be added to an AS group. The specifications include the ECS type, vCPUs, memory, image, disk, and login mode. AS policy: An AS policy can trigger scaling actions to adjust the number of instances in an AS group. An AS policy defines the condition to trigger a scaling action and the operations to be performed. When the triggering condition is met, the system automatically triggers a scaling action. Scaling action: A scaling action adds instances to or removes instances from an AS group. It ensures that the number of instances in an application system is the same as the expected number of instances by adding or removing instances when the triggering condition is met, which improves system stability. Cooldown period: To prevent an alarm policy from being repeatedly triggered for the same event, we use a cooldown period. The cooldown period specifies how long any alarm-triggered scaling action will be disallowed after a previous scaling action is complete. The cooldown period is not used for scheduled or periodic scaling actions. Bandwidth scaling: AS automatically adjusts a bandwidth based on the configured bandwidth scaling policy. AS can only adjust the bandwidth of pay-per-use EIPs and shared bandwidths. It cannot adjust the bandwidth of yearly/monthly EIPs. Cloud Container Engine (CCE) is a highly scalable, high-performance, enterprise-class Kubernetes service for you to run containers and applications. With CCE, you can easily deploy, manage, and scale containerized applications on HUAWEI CLOUD. A Dedicated Host (DeH) is a physical server fully dedicated to your own services. DeH allows you to ensure performance by keeping compute resources isolated. DeH also allows you to use your existing software licenses, so you can leverage existing investments to save money. FunctionGraph allows you to run your code without provisioning or managing servers, while ensuring high availability and scalability. All you need to do is upload your code and set execution conditions, and FunctionGraph will take care of the rest. You pay only for what you use and you are not charged when your code is not running. 03 Handout 1.1 *Property of STI  [email protected] Page 12 of 12

Use Quizgecko on...
Browser
Browser