Qudian: From 0 to 1 - cloud practices under high data security challenges
Created#More Posted time:Apr 14, 2017 14:05 PM
First of all, let's look at the basic business situation of the Qudian Group. Qudian Group was established in March 2014, and its predecessor is Qufenqi. In 2016, Qufenqi was officially restructured as Qudian Group. Qudian Group's current business is divided into two major parts: Laifenqi and Qudian, providing cash and physical installment services. In general, the Qudian Group is in the consumer finance industry.
Choice of the cloud platform
Qudian Group's products have been built on the cloud from the very beginning. In fact, at the beginning of the cloudization, Qudian did research a lot of cloud service providers. The finalization on Alibaba Cloud is based on the following considerations:
• The ability, reliability, and stability of the service, which is much valued by any enterprise or entrepreneurial team.
• Basic components, or basic service capabilities, which include RDS database support at the core, Redis, and MQ services. Some cloud vendors may be able to provide part of these services, but many vendors can not. However, Alibaba Cloud has a rich series of such products, and its product line of basic components is also very complete. For entrepreneur teams like Qudian, their initial focus is on business development and they may not have too many human, material and financial resources to take care of the infrastructure. If the cloud service provider can provide more basic service support to the entrepreneurial team, it will of course be preferred.
• Market evaluation or word of mouth. Qudian significantly values the reputation of Alibaba Cloud, which deserves the attention from entrepreneurial teams.
So Qudian's final choice of Alibaba Cloud is in fact a result of the comprehensive assessment on several indicators including the service capacity, basic components and market evaluation.
The cloudization road
Qudian belongs to the consumer finance industry, and is not identical with other internet companies. First at the data level, the consumer finance industry has a very high requirement on data security. Second, there is a financial regulation requirement of three centers in two places for disaster tolerance, which is different from other internet companies.
Qudian Group's cloudization road actually started from March 2014 when the business was just getting started. In the beginning, the team did not have many considerations. Self-built IDC is certainly unrealistic, because the hardware and various O&M will cost a large sum for any entrepreneurial team. Qudian's technical direction was to be cloud-based at the beginning.
We selected Alibaba Cloud ECS with the most basic services at the initial stage. Qudian's products are designed based on the LAMP architecture and developed using PHP. The Redis and RDS used on the backend are also key components, so some of the core data was also stored in Alibaba Cloud's RDS at first.
Alibaba Cloud RDS is relatively stable on the whole, but Qudian has a higher requirement on the stability, mainly manifested in the following two aspects:
• Data security. All the user information and transaction records of Qudian are stored in RDS. How to ensure that this data is not lost is an important requirement.
• Elastic expansion. The amount of business transactions is constantly expanding. How to prevent data from becoming a bottleneck for storage, and how to ensure the better expansion of storage without affecting the rapid development of business are also current concerns.
In fact, at the very beginning, Qudian created and maintained Redis on its own. But later there were some issues in O&M and fault resolution, or the technical ability level for handling problems was lacking, so Qudian finally chose to make the transformation. It migrated its self-built Redis to the Redis cluster provided by Alibaba Cloud. In fact, Alibaba Cloud Redis service was not stable during the beta period. But after more than one year of operation, Alibaba Cloud Redis service has made great progress and been improved a lot from the current point of view. We believe that Alibaba Cloud Redis service will have more room for development in the future.
In addition, sometimes PG is also used. That is to say, currently we use the two open-source databases of MySQL and PG.
Cloud architecture optimization
Qudian adopts the LAMP architecture in technology to quickly promote business development. From the entire business layer, the core of this infrastructure lies in the backend storage. Because for LAMP-architecture applications, PHP development will be very fast and boasts advantages whether in performance or in development costs. It should be noted that we must pay more attention to the DB layer, by starting from the establishment of database specifications.
The architecture of Qudian in its initial business stage is as follows.
With the development of Qudian business, there will be some larger challenges and new demands constantly emerging. Because the architecture has been designed to be on the cloud, now we need to start thinking about how to boost businesses faster through Alibaba Cloud. In this process Qudian used many other Alibaba Cloud services, such as Cache for acceleration, the MQ service for decoupling and asynchronous processing. During the process, various product lines and services of Alibaba Cloud were gradually leveraged by Qudian products.
The architecture of Qudian in its rapid business development stage is as follows.
From the whole process, we can say that Qudian has a deep dependence on Alibaba Cloud. Immediately after a new requirement arises, the technical team will first consider whether Alibaba Cloud offers such a service, and if the answer is yes, the service will be used. For the startup team, the business process from 0 to 1 must be implemented in the fastest way possible, so they may have limited energy to maintain Qudian's infrastructure in the early stages, and they need to rely on Alibaba Cloud's strong support. Choosing Alibaba Cloud to empower its cloudization road is a wise decision that Qudian has made in its nearly three years of business development. This road helps Qudian to achieve rapid iteration of products based on Alibaba Cloud.
Performance and security
Double 11 is also a huge test for Qudian. Qudian will carry out three rounds of full-chain pressure tests every year, maybe in March, August and October, to make full preparations for the Double 11.
There are fluctuations in the traffic, so sometimes traffic peaks will appear. To cope with such a large traffic flow, Qudian will flatten some originally long-chain services, and make some adjustments in the architectural level to add MQ for decoupling and load shifting. When the traffic arrives, it is first cached in the MQ, and then the messages in the MQ are dispatched to the backend RDS and Redis based on different processing capabilities and different workers. The core purpose of doing so is to protect the stability of backend services to ensure that the backend is not overwhelmed by the traffic flow. The last part is to make special optimization at the RDS or DB level.
Redis has no problem for handling the challenges of Double 11 in terms of its performance. Alibaba Cloud Redis scalability and cluster models boast sound native support for the performance, and Redis itself also has powerful engines. Therefore the overall performance is relatively good.
On the security layer, Qudian is currently focusing on the security in three dimensions:
• On the link layer, Qudian currently uses Alibaba Cloud Security service to ensure security of requests.
• On the engine layer, the bottom layer of Alibaba Cloud database service encrypts the data. Even if the data is fetched, what the hacker gets will be an encrypted file which requires a key to be parsed. As a result, security at the engine level can be achieved.
• The fields at the core business level are encrypted. This is more closely related with the business. For example, the several elements of the financial industry: identity cards, passwords and cell phone numbers among others are all encrypted.
To sum up, Qudian's requirements on traditional databases partly involve the reliability, namely the requirement for a mechanism of three centers in two regions, and that the primary region should have multiple zones, and real-time backup databases should be in place in remote areas. Qudian manages to implement the policy of three centers in two regions with the help of Alibaba Cloud RDS. Another part of the requirements lies in the scalability of the database. The core demand focuses on the unlimited expansion of businesses and support of massive concurrent data. This can be achieved using Alibaba Cloud distributed database DDRS. In addition, the most core issue is still security, including link security, engine storage security and field security. The field security mainly relies on the business aspects, while the link and storage security can be achieved through Alibaba Cloud services.
Qudian's appeals for new-type databases focus on the stability and performance. Perhaps Alibaba Cloud Redis service didn't deliver outstanding performance in stability during the initial beta period. But in the recent year, Alibaba Cloud Redis databases have been greatly enhanced, and launched optimization in the system architecture and mergers with large middleground platforms, increasing the overall stability quickly.
Qudian once experienced a huge pain in that because there were no DB specifications in place, there are infinite number of columns in some databases in MySQL. The number sometimes reached hundreds, and there were also various large fields. Such non-standardization has set pitfalls for the follow-up work. Later, the technical team paid a very high price to fill up the pitfalls. If more time had been spent in DB designs and reviews in the initial stage, the post-maintenance and expansion would have been very convenient.
For the service stability and performance improvement, we may all know the use of a caching mechanism. In fact, the cache can be used in any layer. But it is not possible to add a cache in every layer in the early business construction period. It is recommended to add cache before the DB level, whether using Redis or MemCache, to prevent DB from being overwhelmed. DB is actually the core worth the most attention. If the DB fails, the whole system will be paralysed. All in all, it is necessary to standardize the DB layer in the design of the architecture, and the cache mechanism should be used as appropriate.
In fact, it is unable to forecast the future development when the architecture is designed. But with the business growth, the architecture also needs to be optimized constantly. For the architecture optimization, there is no starting point nor an end point, and it is always in progress. We need to constantly adapt to business development and adjust our own architecture.
Cloudization experience sharing
From the perspective of Qudian, it is not appropriate to introduce technical components such as middleware at the beginning of business growth. Since a new startup company's technical resources are very limited, they need to focus on their own business development, with less investment in infrastructure. In this case, you need to profoundly understand the internal mechanism for the introduction of middleware or other technical components, and be able to follow up on the emerged problems. If this capability is not ready yet, it is best not to introduce middleware, especially storage middleware.
If the business permits, it is recommended to move businesses onto the cloud for implementation through Alibaba Cloud Redis cluster or similar services, so as to meet a vast majority of demands. If you have higher requirements, such as disaster tolerance, and master-slave mechanism, you should think more at the business architecture level and should not fully rely on Redis. Any version of Redis may more or less has a probability of problems, and certain preventive measures must be taken at the business level for such problems.