Use Data Management (DMS) to provision all Dify-required resources — RDS for PostgreSQL (metadata database), Redis, and AnalyticDB for PostgreSQL (vector database) — from a single page.
Notes
Dify on DMS is currently available only in the China (Hangzhou), China (Hong Kong), Singapore, Indonesia (Jakarta), and Japan (Tokyo) regions.
For billing details, see Billing items (DMS). The price displayed on the purchase page at the time of order placement is final.
Instances purchased through this one-click process are automatically added to DMS with security hosting enabled, using flexible management as the default control mode.
Procedure
1. Preparations: Check and grant permissions
A RAM user must have one of the following permissions to view configuration pricing and create a Dify instance on the deployment page. If the required permissions are not granted, click Grant Permission button next to the permission on the deployment page to complete authorization.
In the RAM Console, attach system policies to the RAM user.
In the RAM Console, create a custom policy with least-privilege permissions and attach it to the RAM user.
The Alibaba Cloud account used for the one-click purchase must be granted Service-Linked Role (SLR) and Service Role (SR) permissions. For more information, see Manage RAM role permissions.
To deploy Dify by using existing resources, the following conditions must be met:
The current account has the DMS Administrator or DBA system role.
The instance has enabled security hosting.
2. Go to the deployment page
Log on to the Alibaba Cloud Management Console and navigate to the Dify on DMS deployment page.
3. Configure deployment parameters
On the deployment page, configure the parameters in the following sections.
Basic configuration
These parameters define the basic attributes and billing method.
Field | Description |
Billing Method | Different billing methods affect resource usage costs and billing cycles. |
Region | The geographic region where the service is deployed. All resources used by Dify on DMS must be in the same region to ensure normal operation and network connectivity. |
Deployed Version | The version type of Dify. Dify on DMS is designed for integration with Alibaba Cloud Data Management (DMS). The Enterprise Edition of Dify is a paid version optimized for medium to large organizations. You must purchase a separate license to use the features of the Enterprise Edition. |
Logon Method | The identity verification method for users to access the system. DMS Account Logon lets users log on to the Dify platform directly with their DMS accounts. No additional account setup is required during installation, and you can directly use the DMS identity verification mechanism. Dify Account Logon uses a user's mailbox and password for logon. Users can log on using an internal or public endpoint or IP address, and the accounts are managed by the users themselves. This topic is based on the scenario where a DMS Account is selected. For more information, see Dify Account Version User Manual. |
SR Authorization | The Service Role authorization. This role grants permissions to the current service. If the role is not authorized, click Grant Permission to request the permissions. |
SLR Authorization | The Service-Linked Role authorization. This role is used to delegate operations on other service resources. If the role is not authorized, click Grant Permission to request the permissions. |
Activate Related Services | Indicates whether dependent services are activated. If not, click Grant Permission to request access. |
Workspace Creation Method | Deploy Dify in an existing workspace, or create a new one with Dify. |
Workspace Name | Workspace name, used to distinguish project or team environments. Must be unique. |
Network Type | The network deployment type. Currently fixed to VPC. |
VPC | The ID of the VPC instance where the service runs. |
Zone and vSwitch | The primary availability zone and its corresponding vSwitch (Subnet), used for deploying the primary node to ensure high availability and low latency. |
Standby Zone and vSwitch | The standby availability zone and vSwitch, used for disaster recovery and failover. It is enabled when the primary availability zone becomes unavailable to improve system availability. |
Internet NAT Gateway | Specifies whether to configure an Internet NAT gateway. The gateway provides resources in the private network with the ability to access the Internet. |
Endpoint | To enable internal and public access addresses, you must activate PrivateZone, EIP, and ALB. This generates pay-as-you-go bills. For pricing details, see PrivateZone billing, EIP billing, and ALB billing rules. |
Dify configurations
Configure the data storage method for the Dify application. You can use an enterprise SSD (ESSD) or Object Storage Service (OSS).
Field Name | Parameter Description |
Dify Version | The version information of the currently deployed Dify platform. It indicates the feature set, API operations, and capabilities of the core application. |
Storage Configuration | You can select either an enterprise SSD (ESSD) or OSS. |
Number Of Replicas | The number of copies of the data that are created during storage to ensure high reliability. |
Deployment Resource Specification | The computing resource configuration of the deployment instance. It affects performance and concurrent processing capabilities. |
If you select OSS, configure the OSS information.
Path | If you set Storage Configuration to OSS, you must specify the file storage path. |
OSS Bucket | If you set Storage Configuration to OSS, you must specify a bucket name. The bucket is used to store unstructured data such as static resources, attachments, and backups. |
Database configurations
Configure a metadatabase, cache, and vector database for Dify. You can create new instances or import existing ones. To import existing instances, see Preparations for creating a Dify instance based on an existing database.
Metadatabase configuration
To create a new instance, select the appropriate specifications, storage class, and storage space based on your business payload.
To import an existing instance, select a PostgreSQL instance that has security hosting enabled.
Redis database
To create a new instance, select an appropriate Redis configuration.
To import an existing instance, select a Redis instance that has security hosting enabled.
Vector database
To create a new instance, select an appropriate AnalyticDB configuration.
To import an existing instance, select a vector database instance that has security hosting enabled.
Security configurations
Configure access credentials and network security policies for the database.
Field Name | Parameter Description |
Database Account | A unified account created for all newly purchased databases. |
Password | The password for the database account. |
Security Group | A virtual firewall used to control network access traffic for associated cloud resources. |
4. Deploy and verify
After you configure all the parameters, the estimated cost is displayed on the right side of the page. After you confirm the configuration, click Buy Now.
After you complete the payment, you are automatically redirected to the deployment details page. On this page, you can view the real-time deployment progress. The entire process takes 15 to 30 minutes.
