At the Cloud Native + Open Source Virtual Summit China 2020 (KubeCon 2020), Yi Li, head of Alibaba Cloud Container Service, in his keynote speech titled "Cloud Native, the New Cornerstone of Digital Economic and Technological Innovation", introduced how Alibaba Cloud uses its cloud-native technology to empower the digital battle against the epidemic. He also explained the organization's insights into cloud-native operating systems, and gave a detailed introduction to four enterprise-class container services: Alibaba Cloud ACK Pro, ASM, ACR EE, and ACK@Edge.
Among the offerings, Alibaba Cloud Container Service for Kubernetes Professional Edition (ACK Pro) is a container service that fortifies reliability and security in large enterprise-class production environments and provides compensation clauses in its service-level agreement (SLA). The service is now available for public beta. Three other services have been launched for commercial use. Alibaba Cloud Service Mesh (ASM) is a service mesh that centrally and accurately controls the traffic of containerized microservice applications.
Alibaba Container Registry Enterprise Edition (ACR EE), is the first public-cloud container image repository that is provided as a dedicated instance and has consistently provided strong support for the Double 11 Shopping Festival in the Alibaba Economy. Its capabilities include multi-dimensional security assurance, global image distribution acceleration, improved DevSecOps delivery efficiency, and secure hosting and efficient distribution of cloud-native artifacts for enterprise users.
ACK Edge Kubernetes (ACK@Edge) features non-invasive enhancements and provides the capabilities of edge autonomy, edge units, edge traffic management, and support for native O&M APIs. This cloud-native solution supports centralized lifecycle management and resource scheduling for applications in edge computing scenarios.
The COVID-19 outbreak in 2020 accelerated the pace of digital life. We now work from home with DingTalk, go to school with Cloud Classroom, travel with a health code, and cook with groceries ordered online. This has become our routine with all the quarantine measures. This is all possible because of the business innovations supported by a series of cloud computing and cloud-native solutions.
The application deployment scheme built on Alibaba Cloud servers and containers scaled out DingTalk by adding 10,000 cloud hosts within two hours. This scheme significantly boosted the release and scaling efficiency of the application, helped it ride out the largest traffic peak in its history, and ensured a good experience for users working remotely across the country.
Schools are shut down but learning continues with support from Alibaba Cloud. The online learning platform Seewo saw its overall business performance increase by 30%, while its operation and maintenance costs drop by 50%. Another user from the same sector, Onion Academy, improved its resource utilization by 60%.
Built on the cloud-native big data platform, the health code application is elastic, resilient, and secure, capable of supporting hundreds of millions of calls on a daily basis.
Using ACK@Edge, Hema Fresh quickly implemented an AI system that achieves end-to-end digital integration of people, goods, and warehouses and enables collaboration across the cloud, the edge, and terminals. Developed on the cloud-native architecture, the solution has excellent resource scheduling and application management capabilities and enjoys the advantages of access to the nearest node and real-time processing from edge computing. Hema Fresh easily carried out an all-round cost reduction and efficiency improvement program that reduced the cost of computing resources by 50% at the retail store level and improved the efficiency of service activation for new stores by 70%.
The development of container technology opened the way for cloud-native computing. In Yi Li's view, Kubernetes-based cloud-native computing has become a new operating system. Many industries and enterprises have embraced and benefited from this young platform. Its features, such as containerized applications, container orchestration system, and Istio service mesh, decouple the dependencies in the traditional architecture, such as those between applications and runtime environments, resource orchestration and scheduling with the underlying infrastructure, and service implementation from service governance.
What is the cloud-native operating system from Alibaba Cloud like? What makes it special?
First, the infrastructure layer provides IaaS resources. For instance, the computing resources built on the 3rd-gen X-Dragon architecture are elastically scalable and deliver higher performance at a lower cost. The cloud-native distributed file system is designed for managing persistent data in containers. The cloud-native network accelerates application delivery and provides application-type load balancing and container network infrastructure.
Second, at the container orchestration layer, Alibaba Cloud Container Service has served thousands of corporate customers and many production scenarios across different industries since its launch in 2015. An increasing number of customers are using the cloud-native architecture to implement most or even all of their applications. To meet the stringent requirements for reliability and security from large-and medium-sized enterprises, Alibaba Cloud has launched the enterprise edition of its container service, ACK Pro, with compensation clauses included in the SLA.
Alibaba Cloud ACK Pro is an enterprise-class service developed on the basis of the ACK Managed Edition cluster. It inherits all the advantages of the managed container service cluster, such as managed primary nodes and high availability. Also, compared with the managed version, it improves reliability, security, and scheduling performance of the cluster and offers a compensation SLA up to 99.95%. A single cluster can support 5,000 nodes. ACK Pro is the perfect choice for enterprises that run large-scale services in production environments and have rigorous requirements for stability and security.
Supporting the 3rd-gen X-Dragon architecture and optimized hardware-and-software design, the service can deliver superior performance to enterprise-class applications. Its lossless Terway container network can reduce latency by 30% compared with the router network. By using Alibaba Cloud sandboxed containers, it can provide enterprises with comprehensive security protection and satisfy their security and isolation requirements for applications. This improves performance by 30% compared with open-source systems. In addition, ACK Pro relies on efficient scheduling to optimize heterogeneous computing power and workloads and supports intelligent CPU scheduling optimization. While ensuring the SLA and density, the service QPS of web applications can be increased by 30%. Its support for GPU computing power sharing can reduce the cost of AI model prediction by more than 50%.
Using container solutions to deliver services in more than 10 international regions, ApsaraVideo can effectively manage resources on tens of thousands of nodes across the world. ACK Pro ensures high O&M efficiency and stability for large-scale computing resources at the infrastructure layer, allowing the ApsaraVideo team to channel more time and energy to their video services and create more value for customers.
Alibaba Cloud container services were among the first enterprise-class container platforms in China to be certified by the Chinese research institution CAICT for Trusted Cloud Container Security. In particular, Alibaba Cloud scored full marks in 49 categories and was awarded the highest level of certification for advanced security. Alibaba Cloud services lead the industry in China and are on a par with advanced international solutions in terms of minimized attack surfaces, binary validation of image signatures, and ciphertext BYOK encryption.
ACK Pro is now officially available for public beta. The service is a great fit for enterprises from the Internet, big data computing, financial, government, and cross-border business industries. Interested customers can visit the official Alibaba Cloud website to apply for a trial account.
Before the Service Mesh technology became available, the implementation logic of application service governance was usually carried out by embedding code libraries in applications. However, as applications become increasingly sophisticated and development teams grow in size, it will become more difficult to change and maintain code libraries. By using sidecar proxies, service mesh decouples service governance from applications, standardizes and consolidates service governance capabilities, and more effectively supports application services in various programming languages under different technical frameworks.
As the first fully-managed Istio-compatible service mesh, ASM, has been launched for commercial use and is now available for deployment in multiple regions. A leader in the community and industry in architecture design, the service hosts the components of the control plane on Alibaba Cloud, keeping them independent of the user clusters on the data plane. ASM provides components on the managed control plane for fine-grained traffic management and security management. The hosting mode decouples the Istio components from the lifecycle management of the managed Kubernetes clusters, making the architecture more flexible and improving the system scalability.
SUNMI, an ASM user, greatly benefits from the service mesh solution. The service helps the company solve the challenge of load imbalance caused by GRPC-HTTP 2.0 multiplexing, separate the control plane and the data plane, and use the visualization capability of ASM to manage the control plane and obtain an intuitive view of rule configuration. Meanwhile, it is seamlessly integrated with Tracing Analysis to solve the challenge of call chain troubleshooting and tracking in a service-based system.
As the infrastructure for the unified management of various computing services, ASM performs unified traffic management, provides unified service security and service observability, and supports unified data plane scalability, while providing the corresponding proven models. Its features, ranging from one-click activation, observable improvement, security hardening, support for various infrastructures, and multi-cluster hybrid management, can be applied in different user scenarios.
The enterprise edition of ACR EE is the first enterprise-class container service that offers dedicated instances on the public cloud. It is suitable for enterprises that have rigorous requirements for security and performance and deploy services in multiple regions on a large scale.
ACR EE supports the hosting of artifacts in conformity with OCI specifications such as multi-version Helm charts, in addition to support for multi-architecture container images. ACR EE provides enhanced support for global multi-region distribution and large-scale distribution. In addition, it provides multi-dimensional security protection such as network access control, security scanning, security encryption and signatures, and security audit, helping enterprises upgrade from DevOps to DevSecOps. The solution is widely used in the online environment by hundreds of enterprises, ensuring their secure hosting and efficient distribution of cloud-native artifacts.
For instance, an international retail giant that has established business presence in various regions around the world requires multi-region R&D collaboration and deployment. By using ACR EE, the customer only needs to configure the instance synchronization rules. The container images, after being iteratively updated, can be automatically synchronized to the specified regions worldwide in minutes and then trigger the automatic deployment of container services in ACK clusters. The service can also effectively address the challenge of unstable transcontinental network links and unsafe distribution, significantly improve business R&D iteration efficiency and deployment stability, and ensure the global deployment of services.
In addition to the automated global deployment of service images, many enterprises have also implemented containerized DevSecOps by using the cloud-native application delivery chain function of ACR EE and adopting traceable, observable, and self-configurable full-link practices.
Alibaba Cloud has been exploring the demand for edge computing + cloud native implementation. As part of this effort, it announced the major release of ACK@Edge at at KubeCon 2019. A year later, at KubeCon 2020, it has launched the enterprise edition of the solution. In addition, Alibaba Cloud also published the source code of the core capabilities of ACK@Edge and contributed a complete cloud-native edge computing project, OpenYurt, to the open-source community.
The service has been widely used in scenarios such as audio and video livestreaming, cloud gaming, industrial Internet, transportation and logistics, and City Brain. Its users include Hema Fresh, Youku, and ApsaraVideo, as well as many Internet and emerging retail enterprises.
After implemented ACK@Edge, the famous Chinese livestreaming platform YY can now use APIs to centrally manage and maintain edge container clusters and central container clusters. The service enables quick access to the edge computing power and autonomy of edge nodes and facilitates seamless integration with the Prometheus service for reporting of monitoring data. This significantly improves the overall O&M efficiency and resource utilization.
ACK@Edge is fit for a wide range of scenarios, including edge intelligence, smart buildings, smart factories, audio and video livestreaming, online education, and CDN.
Cloud-native technology can maximize the elasticity of the cloud environment and help enterprises reduce costs and improve efficiency. More importantly, it also provides more room for innovation. When cloud-native technology is used together with other new technologies, such as AI, edge computing, and confidential computing, it will become the intelligent, connected, and trusted innovation infrastructure for the digital economy.
"The development strategy for container services is to become a new cornerstone, create new computing power, and foster a new ecosystem," Yi Li said. "The cloud-native technology is becoming the most direct route to the value of the cloud. Our team will help enterprises better prepare to support distributed cloud architectures, such as hybrid cloud and cloud-edge integration, and achieve global application delivery. Alibaba Cloud is working hard on cloud-native-based software-hardware integrated technological innovations, such as X-dragon Hypervisor, Hanguang chips, and GPU scheduling in shared mode. In addition, we will provide the technology ecosystem and the Global Partner Program to enable more enterprises to enjoy the benefits of Alibaba's technologies in the age of the cloud.
Alibaba Clouder - July 12, 2019
Alibaba Container Service - July 19, 2019
Alibaba Cloud New Products - November 10, 2020
Alibaba Developer - March 3, 2020
Hologres - July 22, 2020
Alibaba Clouder - November 17, 2020
Link IoT Edge allows for the management of millions of edge nodes by extending the capabilities of the cloud, thus providing users with services at the nearest location.Learn More
A secure image hosting platform providing containerized image lifecycle managementLearn More
Alibaba Cloud Container Service for Kubernetes is a fully managed cloud container management service that supports native Kubernetes and integrates with other Alibaba Cloud products.Learn More
High Performance Computing (HPC) and AI technology helps scientific research institutions to perform viral gene sequencing, conduct new drug research and development, and shorten the research and development cycle.Learn More
More Posts by Alibaba Developer