Community Blog Secure Cloud Storage Meets with Secure Network Coding

Secure Cloud Storage Meets with Secure Network Coding

This article introduces you secure cloud storage and secure network on cloud to protect your business data from disaster.

How to Automate Backups with Alibaba Cloud Object Storage Service

We can automatically upload backups to Alibaba Cloud OSS with Minio Client and cronjob. Alibaba Cloud OSS is a suitable backup storage solution.

Offsite backups are an important security measure. They allow restoring data in case of hardware failure, accidental deletion, or any other catastrophic event. Automating backups improves the reliability of the backup process and ensures recent data gets backed up regularly.

We will use the Alibaba Cloud Object Storage Service (OSS) as an offsite backup storage solution. Data will be backed up by a simple bash script which gets executed regularly by a cronjob. Minio Client will be used to transfer the backups to OSS.

Alibaba Cloud OSS is a suitable backup storage solution. Rarely accessed objects such as backups can be stored reliably, cheaply and securely. The first 5 GB of storage can be used completely free of charge.


Make sure you have an Alibaba Cloud account before you start. Sign up now to receive $ 300 in free credit. Create an ECS server or connect to an existing one with SSH to follow along. All you need is a Linux-based system.

Step 0 – Add a New User (Optional)

It is a good idea to use an account with limited system access for the execution of the backup script. Doing so increases security because an attacker will have limited possibilities if the user which executes the backup script gets compromised. Run the following command to add a new user with the name backup.

sudo adduser backup

Limit the new user's system rights as much as possible without restricting it's ability to upload backups to OSS.

Step 1 – Create OSS Bucket

Next, we will create an OSS bucket for the backups. A bucket is a namespace for a collection of objects. Each object is uniquely identified by the bucket name and the object key.

First, navigate to the Alibaba Cloud Console. Open the Products dropdown from the main navigation bar and click on the Object Storage Service link in the Storage & CDN section. You will be asked to accept the OSS Terms of Service if you have not used OSS before. Click on Create Bucket to create a bucket for the backup objects.

Enter the bucket's name, choose a region, pick a storage class and set the access control restrictions. We will use the bucket name backup-demo and the region EU Central 1.

The three available storage classes offer the same data reliability and service availability guarantees.

They mainly differ in their data access features and pricing. Infrequent Access storage offers real time access and lower storage fees compared to Standard storage. At least 30 days of storage are billed for any object, even if the object is deleted shortly after creation. The minimum billable size of objects is 128 KB. Archive storage offers even lower storage fees but data must be unfrozen to become readable, which takes one minute. The minimum billable storage duration is 60 days and the minimum billable size of objects is 128 KB.

Considering the properties of the different storage classes, Infrequent Access storage will be the best class for most backup use cases. It combines real-time access and lower storage fees compared to Standard storage. More information about the storage classes can be found here.

Related Blogs

10 Years of Cloud Intelligence: High-Speed and Secure Global Network Coverage

Alibaba Cloud's network have become increasingly prominent over the past decade, spanning over 20 Data Center regions, 61 AZs, and 2,500+ CDN nodes worldwide.

The Evolution of Networking

When Alibaba Cloud launched ten years ago, networking was already fundamental to communications and connectivity. However, the idea of a massive-scale, highly stable, low latency, and high-speed network that enables cross-region connections was still some way off.

Over the past decade, cloud-specific networks have become increasingly prominent, and this has become a scalable, reliable and cost-effective solution that is used by many businesses. Alibaba Cloud now delivers secure and reliable communication with its network of 20 Data Center regions, 61 Availability Zones, and large node network of 2,500+ CDN nodes and 110+ Point of Presence nodes, shortening geographic distances.

As part of that evolution, the time taken to build a VPC has decreased dramatically, and networks are easy to set-up, install and manage. In fact, it takes just five minutes to set up a multi-region network.

Flexible and Secure

Cloud Enterprise Network (CEN) makes it easy to build reliable private networks, allowing for secure and seamless communication across the Mainland China region.

Our networking services deliver secure and reliable communications to and from data centers in 20 regions globally including seven in China. With more than 61 availability zones deployed around the world, Alibaba Cloud's large node network reduces geographic distances between our technology and your customers. [1]

The cloud infrastructure comes with a suite of security services, designed to protect the network application system. Highly advanced security features can prevent DDoS attacks up to hundreds of gigabytes in size, as well as providing protection from other attacks.

The Ultimate Test

Alibaba Cloud's Networking capabilities are put to the test every year at the Global Shopping Festival, known as Double 11. Services such as Cloud Enterprise Network (CEN), Virtual Private Cloud (VPC), Server Load Balancer (SLB), Network Address Translation (NAT) gateway, and Express Connect play a vital role in reducing traffic peaks and enabling successful payments for millions of shoppers.[2]

The success of Double 11 relies heavily on sophisticated and massive network services, and, each year has been more successful than the last. In 2018 a record-breaking number of transactions were processed, hitting a Gross Merchandise Volume (GMV) of US $30.8 billion, up 27 percent year-on-year.

Looking Forward

Networks must continue to evolve rapidly in the coming years as increasing numbers of connected devices and Internet of Things-enabled products come online and require network access.

Many companies are currently opting for a multi-cloud or hybrid cloud strategy, so we will see increasingly complex networks in the near future. This increases potential vulnerabilities, and as businesses rely heavily on their networks, speed and security will become major areas of focus.

Cloud-native functions and Internet-based networking will mature, and DevOps principles will be integrated into networking approaches, so that networks to benefit from automation tools, improved development and continuous integration and sharing.

The evolution of networking is only just getting started. Alibaba Cloud is committed to continuously improving its network solutions, providing its customers with the access and security that they need to evolve and grow.

How to Use Alibaba Cloud Object Storage Service with QNAP

Backing up data on Alibaba Cloud OSS with Hybrid Backup Sync from QNAP can help you secure your data on-premises, as well in offsite locations.

Alibaba Cloud Object Storage Service (OSS) is an encrypted, secure, cost-effective, and easy-to-use object storage service that enables you to store, back up, and archive large amounts of data in the cloud, with a guaranteed reliability of 99.999999999%. RESTful APIs allow storage and access to OSS anywhere on the Internet.

The 3-2-1 Backup Strategy

The 3-2-1 backup strategy means you should:

Have at least three copies of your data.
Store the copies on two different media.
Keep one backup copy offsite.
For the Home users such a strategy could be difficult to achieve. Alibaba Cloud Object Storage Service with Hybrid Backup Sync from QNAP could help you secure your data not only on-premises but as well in offsite location.

Configure OSS on your QNAP

In order to sync your backups to OSS we need to perform three tasks: create OSS bucket, create RAM User and configure QNAP Hybrid Backup Sync.

OSS bucket creation

  1. Login to Alibaba Cloud
  2. Navigate to Object Storage Service (OSS) product.
  3. Click Create Bucket
  4. Provide Bucket Name, choose Region, Storage Class and Access Control List.
  5. Take note of your OSS Endpoint. It will be needed later on to configure as backup destination. In my case it is oss-eu-central-1.aliyuncs.com.

Hybrid Cloud Storage: Cross-Cloud Disaster Recovery

In this article, we will discuss the implementation of a fully hybrid cloud backup and disaster recovery solution on Alibaba Cloud with Hybrid Backup Recovery.

11.11 The Biggest Deals of the Year. 40% OFF on selected cloud servers with a free 100 GB data transfer! Click here to learn more.

In the previous article, we described Alibaba Cloud Storage Gateway-based Cross-Cloud Replication, which mainly deal with backup and recovery of files. If you need to protect a cloud database application in real time rather than some data files of a database, or protect an entire cloud host rather than some files and directories, then Hybrid Backup Recovery would be the perfect solution to meet your needs.

Hybrid Backup Recovery-based Cross-Cloud Disaster Tolerance Architecture
The following process diagram illustrates how cloud vendor T's Oracle server is backed up to Alibaba Cloud's cloud disaster recovery warehouse using a Hybrid Backup Recovery gateway, and then fails over to an Alibaba Cloud ECS instance. The Hybrid Backup Recovery gateway also supports failing back the latest data from the cloud disaster recovery warehouse to cloud vendor T's Oracle host. In this architecture diagram, you can see that the disaster tolerance deployment is symmetric at the source end and the target end. Note that the cloud disaster recovery warehouse is drawn with dots in the diagram. Unlike the cloud backup warehouse and OSS, the cloud disaster recovery warehouse is invisible to users.

Next, let's take a look at how to implement disaster tolerance backup and recovery of an Oracle server step by step.

implement disaster tolerance backup and recovery

Implementation of Hybrid Backup Recovery-based Cross-Cloud Disaster Tolerance

First, you can easily activate Hybrid Backup Recovery by logging on to your Alibaba Cloud console, and going to Hybrid Backup Recovery.
Hybrid Backup Recovery

Then, you can go to the Disaster Tolerance Center > Disaster Tolerance Center to create a Cloud disaster recovery gateway. You will need to name the gateway and select a specification for it. The configuration of Virtual Private Cloud and VSwitch involves the design and planning of the disaster tolerance solution. You can simply configure the Virtual Private Cloud on Alibaba Cloud in the same way as that of the protected source end. Should you have any questions, feel free to consult professional disaster tolerance engineers on the Hybrid Cloud Storage team. Click OK to complete the creation of the disaster recovery gateway.

Related Courses

Secure Your Data on Alibaba Cloud

With this certification course, you will understand where data should be secured in Alibaba Cloud, such as: storage technology, backup and recovery solutions, how to transmit data securely, which encryption algorithm to choose, and so on. You will also master the core skills of data security protection on Alibaba Cloud platform, including: how to implement automatic remote backup of data, how to implement encrypted storage in cloud environment, how to generate SSL certificate, etc.

Alibaba Cloud Storage Gateway

Cloud Storage Gateway is a gateway service that can be deployed on-premises, or in the cloud, to provide a seamless and secure connection between on-premises IT infrastructure and cloud-based storage services at the back end, such as Alibaba Cloud Object Storage Service (OSS).

Training and Certification

Validate your expertise with Alibaba Cloud Certification, gain recognition and visibility for your proven technical competencies. Choose from scenario-based / technical-based certifications and take the exam online or offline.

Related Market Products

Secure Your Data on Alibaba Cloud

This course will help you to fully understand Alibaba Cloud's overall data protection solution.

Secure Your Data in Alibaba Cloud

This course will help you to fully understand Alibaba Cloud's overall data protection solution. The courseware and Exam are in English, and the language of instruction is French.

Related Documentation

Use ClassicLink to connect a classic network to a CSG instance

This topic describes how to use ClassicLink to connect a classic network to a Cloud Storage Gateway (CSG) instance.

##Background information
CSG is a storage service that helps you seamlessly integrate on-premises applications, infrastructure, and data storage with Alibaba Cloud. You can deploy virtual devices complied with standard storage protocols in your on-premises data centers or on Alibaba Cloud. This allows you to seamlessly connect on-premises storage applications and workloads to Alibaba Cloud storage and computing services.

CSG automatically deploys gateways, allocates resources, and connects to Elastic Compute Service (ECS) instances deployed in VPC networks. In the public offering of Alibaba Cloud, a large number of ECS instances are deployed in classic networks. These ECS instances cannot automatically connect to CSG. You can use ClassicLink to connect a classic network to CSG. ClassicLink enables ECS instances in a classic network to communicate with cloud resources in a VPC network.

###Network Attached Storage Service Level Agreement

This Alibaba Cloud International Website Network Attached Storage (NAS) Service Level Agreement (“SLA”) applies to your purchase and use of the Alibaba Cloud International Website Network Attached Storage (NAS) (“Service”) and your use of the Service is subjected to the terms and conditions of the Alibaba Cloud International Website Product Terms of Service (“Product Terms”) between the relevant Alibaba Cloud entity described in the Product Terms (“Alibaba Cloud”, “us”, or “we”) and you. This SLA only applies to your purchase and use of the Services for a fee, and shall not apply to any free Services or trial Services provided by us.

Related Products

Cloud Enterprise Network

A global network for rapidly building a distributed business system and hybrid cloud to help users create a network with enterprise level-scalability and the communication capabilities of a cloud network

###Object Storage Service

An encrypted and secure cloud storage service that can store, process, and access massive amounts of data from anywhere in the world

0 0 0
Share on

Alibaba Clouder

2,600 posts | 750 followers

You may also like