Community Blog Start Hybrid Cloud and Multi-Cloud with Alibaba Cloud ACK One [Part Two]

Start Hybrid Cloud and Multi-Cloud with Alibaba Cloud ACK One [Part Two]

Part 2 of this 2-part series introduces hybrid cloud/multi-cloud deployment using Alibaba Cloud Distributed Cloud Container Platform (ACK One).

Part 2 of this 2-part series introduces hybrid cloud/multi-cloud deployment using Alibaba Cloud Distributed Cloud Container Platform (ACK One).


The Japanese market is a highly competitive marketplace for cloud infrastructure vendors, but nearly 30% of the Japanese domestic market is still on-premises.

Here are some what-ifs:

  • What if we could centrally manage multiple different clouds?
  • What if we could create a hybrid cloud environment (common infrastructure) with an on-premises environment?

These what-ifs sound like pipe dreams, but several products or services have already made them a reality. Alibaba Cloud ACK One is one of those services that makes the what-ifs above a reality. This article introduces ACK One.

In this article, the definition of hybrid/multi-cloud refers to "to combine multiple public clouds and on-premises networks to operate them as a centralized service infrastructure (common infrastructure).”


  1. What Is Alibaba Cloud ACK One?
  2. What Can Be Implemented with ACK One?
  3. Create a Demo
  4. ACK One-Based Approach to Security Isolation
  5. Comparison with Other Products
  6. Conclusion

1. What Is Alibaba Cloud ACK One?

Alibaba Cloud ACK One is a service that supports hybrid cloud/multi-cloud environments based on Kubernetes. Flexible configuration of multi-clusters across different environments is supported because ACK One centrally manages the Kubernetes clusters of AWS, Azure, Google Cloud, and on-premises data centers using the fully managed Kubernetes service, Alibaba Cloud Container Service for Kubernetes (ACK). With Kubernetes, you can operate ACK One based on ACK (even on other clouds or on-premises data centers) by simply logging on to the destination Kubernetes clusters in ACK One.


Alibaba Cloud ACK One product service has the following features:

  • Consistent Management

ACK One provides centralized management of Kubernetes clusters deployed on the cloud, at the edge, or in data centers. This ensures a consistent user experience when managing cloud-native applications in different environments based on Alibaba Cloud-standard best practices. Also, you can centrally implement security measures and cost-reduction plans.

  • Autonomous and Automatic Scheduling

ACK One allows you to manage the scheduling and distribution of jobs and job quotas for different tenants in multi-environment scenarios in a centralized manner. This improves resource utilization, enables data exchange between heterogeneous data sources in different regions, and accelerates AI computing and big data computing.

  • Data Backup and Disaster Recovery

ACK One allows you to back up, restore, and migrate data. This enables cross-region cluster redundancy and ensures service continuity based on an active-active application architecture.

  • Security and Compliance

ACK One provides security policies for applications in hybrid cloud and multi-cluster scenarios. ACK One performs inspections to detect configuration risks and security vulnerabilities.

  • Application Distribution

ACK One provides a distributed application delivery system that allows you to deploy applications across regions and clusters. This way, you can access the required applications from the closest access point in all regions.

  • Traffic Management

ACK One allows you to manage north-south and east-west traffic in multi-cluster and multi-region scenarios based on Alibaba Cloud standard best practices. Also, ACK One offers Alibaba Cloud Service Mesh (ASM) to manage the traffic of microservices. This feature is compatible with Istio.

  • Marketplace

This feature provides Alibaba Cloud services and cloud-native components validated by ACK One. You can deploy the services and components to a region or cluster with a few clicks.

As of October 28, 2022, ACK One is available in the following four regions: China (Hong Kong), Singapore, Indonesia (Jakarta), and Japan (Tokyo)

2. What Can Be Implemented with ACK One?

ACK One paved the way for hybrid cloud and multi-cloud, so we can implement what we have been able to do on the cloud or on-premises in a cheaper and easier way and achieve what we could not do before.

For example, we can perform the following operations:

  • Perform operations in Microservices using the Saga orchestration pattern


  • Send data analysis to BigQuery using Alibaba Cloud (in Mainland China) and the Google Cloud Platform (GCP) in regions outside Mainland China


  • Implement continuous integration (CI) or continuous delivery (CD) in a hybrid cloud/multi-cloud environment

Depending on the feature configurations, policies, and manifest files, you can freely switch between the development, staging, and production environments and switch between on-premises and cloud environments based on the environments where you want to deploy applications.


  • High-availability configurations using multi-cloud deployment

Build a three-tier web service with Kubernetes clusters offered by Alibaba Cloud and Azure. Global Traffic Management (GTM) manages the Kubernetes cluster in the event of failure by starting it and automatically switching it over while constantly checking its health. Data in the data layer (such as database) is replicated between Relational Database Service (RDS) instances using Data Transmission Service (DTS).


  • Automatic integration, operation, and maintenance using ACK One

Automatic deployment, centralized control, O&M of applications on the public cloud and on-premises environment


  • Multi-cloud online transaction processing (OLTP) distributed databases that are distributed and deployed on three or more data centers or clouds

Deploy and configure databases (such as TiDB, YugabyteDB, and CockroachDB) on multi-cloud OLTP distributed databases.


Additionally, it is possible to create various solutions with ACK One that could not be accomplished with a single cloud or on-premises platform.

For example, using the services of Azure Kubernetes Service (AKS), we are developing a machine learning model with Kubeflow, but:

  • The CPU/GPU cost is high.
  • The GPU specifications are low, so inference tasks take a long time, and the turnover rate is low.
  • The efficiency of distributed jobs is low because other clusters cannot be associated.


By integrating AKS, ACK, and ACK One, you can solve the following Azure-specific issues through mutual collaboration:

  • By using GPU-shared resources optimized by Alibaba Cloud, all job resources can be centrally scaled.
  • GPU scheduling with non-uniform memory access (NUMA).
  • Distributed training jobs can be efficiently executed in a cost-effective way.


Alibaba Cloud ACK One can be used as a stepping stone to achieve multi-cloud approaches of Azure and AWS.

You can solve various problems in a single environment based on the deployment of ACK One. The cost of connecting to ACK One varies (※), but you can experience the true value and worth of the cloud.

The total cost may be high or low depending on the scenario.

3. Create a Demo

This article provides two demos:

3-1. A Demo Connecting Alibaba Cloud Kubernetes Clusters across Different Alibaba Cloud Accounts

In this demo, two Alibaba Cloud accounts are provided. This demo aims to create service access within multi-clusters across IPs and ports of the pod by connecting the two accounts with VPC peering connection and registering their Alibaba Cloud Kubernetes clusters with the ACK One cluster. The following figure shows the configuration and environment:



3-2. A Demo Connecting Alibaba Cloud Kubernetes Clusters to Google Kubernetes Engine (GKE)

In this demo, Alibaba Cloud and Google Cloud are connected with VPN Gateway. After registering Alibaba Cloud Kubernetes clusters and GKE with ACK One cluster, this demo aims to demonstrate that GKE can access the ACK service by connecting to the internal network over VPN Gateway. The following figure shows the configuration and environment:



This demo proves that if ACK One is Kubernetes, you can create a hybrid cloud/multi-cloud environment by registering Kubernetes clusters with platforms (such as on-premises and public cloud platforms).

4. Data Security

The ack-cluster-agent component is deployed in Kubernetes clusters when you register on-premises Kubernetes clusters and Kubernetes clusters of other clouds to ACK One. The ack-cluster-agent component only reads cluster version and node information from the clusters, thus eliminating potential risks. For example, a user or a service can see Kubernetes cluster information for other users or services. At the same time, the ack-cluster-agent component does not write data to the registered clusters or affect other components, thereby providing optimal isolation in terms of data security.

Security groups are configured for ACK One. If the 80/8080 port is not accessible, you cannot access the multi-cluster service. If the Kubernetes cluster deployed in a data center is registered with ACK using the public endpoint of the API server, you can control the access to the Server Load Balancer (SLB) of the API server listened on port 6443. This helps you avoid potential security risks.


Alibaba Cloud provides Security Center, which is a system that identifies, analyzes, notifies, and manages security threats on various platforms and infrastructures in real-time. Security Center can be installed and used in Kubernetes clusters registered with ACK One.

5. Comparison with Other Products

ACK One, as mentioned earlier, not only creates a hybrid cloud/multi-cloud environment, but also breaks away from cloud vendor lock-in. However, other public clouds provide similar services.

Multi-Cloud Support Hybrid-Cloud Support Multi-Cluster Management Centralized Configuration Management Service Mesh Fully Managed with Unified Management
Alibaba Cloud ACK One
Amazon ECS/EKS Anywhere × ×
Azure Arc
Google Cloud Anthos
Red Hat OpenShift
Rancher × × ×

〇 means support.
× means not support.
△ means in support but not fully done or planned for the future.

Also, the unique features of ACK One and the capability of product services (other than Alibaba Cloud) that support such features are not taken into account. Therefore, the writer plans to investigate further later.

6. Conclusion

Alibaba Cloud ACK One can link any Kubernetes platform and can control, operate, monitor, and manage several different environments in a unified manner. In addition, it provides features (such as automatic scaling) across different environments while maintaining resource balance, automatic failover, automatic backups, and cost visualization, and offering a variety of new options. ACK One is available for free during the public preview, so please try it if you are interested in ACK One. You can create a hybrid cloud/multi-cloud environment in the console with a few clicks.

*Start Hybrid Cloud and Multi-Cloud with Alibaba Cloud ACK One [Part One]:

This article has been translated from SoftBank.


  1. Gartner Releases Survey Results on Cloud Computing at Japanese Companies (Japanese site) – https://www.gartner.co.jp/ja/newsroom/press-releases/pr-20210614
  2. ACK One: https://www.alibabacloud.com/product/ack-One
  3. ACK One Documentation – https://www.alibabacloud.com/help/zh/container-service-for-kubernetes/latest/ack-One-overview
  4. https://www.alibabacloud.com/help/en/container-service-for-kubernetes/latest/use-instructions
  5. Security Center – https://www.alibabacloud.com/product/security-center
  6. Alibaba Cloud Distributed Cloud Container Platform for Kubernetes (ACK One) – https://www.alibabacloud.com/product/ack-One
  7. Amazon EKS Anywhere – https://aws.amazon.com/jp/eks/eks-anywhere/
  8. Azure Arc – https://azure.microsoft.com/ja-jp/products/azure-arc/#overview
  9. Google Cloud Anthos – https://cloud.google.com/anthos?hl=ja
  10. Red Hat OpenShift – https://www.redhat.com/ja/technologies/cloud-computing/openshift
  11. Rancher – https://www.rancher.com/
1 2 0
Share on

Hironobu Ohara

9 posts | 0 followers

You may also like


5899472934528320 August 3, 2023 at 7:53 pm

Nice article. I have a very similar case but I wonder whether establishing a VPN connection between a cluster in Mainland China and GCP data canter is legal?

Hironobu Ohara

9 posts | 0 followers

Related Products