- 1. Objective
- 2. Why Alibaba Cloud
- 3. Portal websites
- 4. Regions and zones
- 5. Endpoints
- 6. Accounts, constraints, and pricing
- 7. Resource management interfaces
- 8. Types of cloud services
- 9. Services
1. ObjectiveThis document is intended to help professionals, such as engineers, architects, and operations and maintenance (O&M) personnel, who are familiar with Azure services to understand how to navigate through Alibaba Cloud services. This document compares Alibaba Cloud with Azure in terms of products, characteristics, and solution architecture to reveal the similarities and differences between the two cloud providers regarding concepts, terminologies, and implementation. In addition, it provides quick-reference mappings of Azure products, concepts, and terminology to the corresponding products, concepts, and terminology on Alibaba Cloud. This section provides a general overview of the services provided by the two cloud providers. For more information, please navigate to the relevant categories for specific products.
2. Why Alibaba CloudFounded in 2009, Alibaba Cloud provides a comprehensive set of cloud computing services with global coverage to help you develop your businesses. Alibaba Cloud is the cloud computing branch of Alibaba Group, serving the internal demands of Alibaba’s extensive e-commerce ecosystem, including Taobao, Tmall, and Alipay. According to the Gartner’s report Market Share Analysis: Public Cloud Services, Worldwide, 2016, Alibaba Cloud is the third largest cloud service provider globally. Alibaba Cloud is also the leader of the Chinese market, with more than 40 cloud computing products and services, spanning across 18 data center regions globally.
3. Portal websitesIn principal, Azure provides three different kinds of portals: The Azure Account portal for managing your account, the Azure Subscription Portal for managing your resources, and the so-called Enterprise Agreement portal, which provides a dedicated experience and functionality for enterprise accounts in terms of cost management, and subscription administration comparable to AWS Organizations. Each of those is available for Azure’s four environments International Cloud, German Cloud, US Gov Cloud, and “China Cloud” which are strictly isolated from each other, meaning their authentication systems (Azure AD) do not have a trust-relationship with each other. That is, you need to create and manage different accounts for each of those environments.
Alibaba Cloud has an easier experience, and only provides two portals namely the Chinese Portal and Global Portal, which provide services for enterprises and individuals who are registered in China and abroad, respectively. The Global Portal consists of a bilingual console (English and Chinese) and a multilingual website (English, Chinese, and Japanese). On either portal, users can browse and read about Alibaba Cloud products and services, as well as register or log on to the portal to purchase and manage their cloud services. Because laws and security regulations vary from region to region and from country to country, the Chinese portal differs from the global portal to some extent in terms of products, solutions, support services, and marketplace product offerings. Due to exchange rates and local tax rates, prices on the Chinese portal and global portal may vary as well. For pricing details, see Pricing on Chinese Portal and Pricing on Global Portal.
To launch services in China and internationally, you do not need to have separate accounts on the Chinese Portal and Global Portal. For more information, see 6.1 Accounts.
4. Regions and zonesAzure resources are distributed globally in multiple positions, and these positions are marked by regions, availability zones, and availability sets. A region is a cluster of data centers. Each region represents a geographically separate area and may be composed of multiple separate availability zones.
Azure provides three different options (that can be combined) to protect applications at different scopes of failure: Availability Sets, Availability Zones, and Paired Regions.
Alibaba Cloud uses similar concepts. They differ, however, in certain ways that we like to discuss.
An Azure Availability Set protects applications at the scope of rack failure within one availability zone. Applications deployed within an availability set are thus spread across a configurable number of different hardware racks (fault domains) that share a common power source and network switch. Alibaba Cloud does not provide a comparable concept.
Both Azure and Alibaba Cloud provide so-called Availability Zones which are physically separate datacenters within a region. Each Availability Zone has a distinct power source, network, and cooling. Deploying VMs across availability zones helps to protect an application against datacenter-wide failures.
Unlike Availability Zones, which are physically separate datacenters but may be in relatively nearby geographic areas, regions are usually separated by hundreds of miles ensuring large scale disasters only impact one of the regions. In Azure, each region has a so-called paired region. These pairs are configured so that platform updates are rolled out to only one region in the pair at a time. Alibaba Cloud also provides regions, it does not know the concept, however, of paired regions as described above.
Alibaba Cloud provides the concept of region and Availability Zone.
- If your applications require high disaster recovery capabilities, we recommend that you deploy your instances in different zones of the same region.
- If your applications require low network latency between instances, we recommend that you create your instances in the same zone.
For more information about regions and zones, see the Alibaba Cloud Global Infrastructure.
The following table summarizes each option for both Azure and Alibaba Cloud.
|Azure / Alibaba Cloud||Availability Set / NA||Availability Zone / Availability Zone||(Paired) Region / Region|
|Scope of Failure||Rack||Datacenter||Region|
|Request Routing||Load Balancer Basic||Load Balancer Standard / Elastic Load Balancer||Traffic Manager / Alibaba Cloud DNS|
|Network Latency||< 0.6ms||< 0.6ms||< 100ms / < 100ms|
|Virtual Networking||VNET||VNET / VPC||Cross-Region VNET Peering / Express Connect, VPN Gateway|
5. EndpointsAn endpoint is the web address (URL) of your service, which can be accessed by a client application. To reduce the network latency of application requests, most Azure services are provided with endpoints to optimize user requests. These endpoints are exposed by so-called resource providers which can be activated / deactivated on a subscription level.
Azure Resource providers are organized in namespaces such as Microsoft.Compute, Microsoft.Storage, or Microsoft.Network.
Each of these resource types provide their own set of REST-full operations and APIs. Depending on the Azure environment you are using, the management endpoint that hosts these APIs is different. For instance, the resource provider APIs of the International Cloud are hosted at https://management.azure.com, while the APIs of the Chinese Cloud are hosted at https://management.chinacloudapi.cn).
Example: In order to talk to the REST API of a virtual machine named myVM in the resource group myrg in subscription 8d4dee44-4b28-4e05-9927-3a5d34a42bf5 in the International Cloud you would call
The call needs to be authorized by a JSON Web Token (JWT) added to the authorization header of the request. This token needs to be acquired by the oauth2 endpoint of the particular Azure Active Directory tenant the subscription is associated to.
Alibaba Cloud also exposes most of its services through a web-based API. It takes, however, a very different approach to it.Most basic services such as ECS and OSS are already activated by default meaning they can be used from the portal, by SDKs, or through the web-based interfaces right from the beginning. Others need to be explicitly activated in the portal before they can be used.
These service endpoints usually take the following format:
For example, in order to create a snapshot of a disk with the id 1033-60053321 that is hosted in the German region you would call:
https://ecs.eu-central1.aliyuncs.com/?Action=CreateSnapshot&DiskId=1033-60053321&<Common Request Parameters>
Depending on the service that is being used the format may vary slightly. If the region part is omitted the request is routed to the configured default region.
The authentication works by providing the access key id and a signature parameter to the request as part of the common request parameters. The access key id indicates the identity of the user while the signature parameter is the canonicalized query string which is symmetrically encrypted with the access key secret. Please refer to https://www.alibabacloud.com/help/doc-detail/25492.htm for details on how to compose a standardized request URL.
6. Accounts, constraints, and pricing
6.1 AccountsThe concept of an account in Azure and Alibaba Cloud differ.
In Azure an account can be thought of as your user directory (Azure Active Directory tenant) and the owner of the payment methods available for the individual subscriptions that are associated to it. Subscriptions are a grouping of resources with an assigned owner responsible for billing and permissions management. Subscriptions exist independently of their owner accounts and can be reassigned to new owners as needed. Azure accounts and thus subscriptions are strictly associated to an environment meaning you cannot operate workloads globally and within China from one single account. Identities and authorization rules (Role-based access control (RBAC) are separately managed at the Azure Active Directory tenant level (identities), and subscription level, respectively.
On Alibaba Cloud, any resources created under the Alibaba Cloud account are tied to that account. There is no further grouping. Identities and authorization rules (policies and permissions) are centrally managed at the account level.You only need one Alibaba Cloud account to operate globally and within China. This greatly simplifies billing, account management, and service deployments for products and services that are launched internationally.To purchase an ECS server that is located within the Mainland China territory, you will need to comply with China’s real-name authentication requirements.
6.2 Service constraintsAlibaba Cloud sets default service purchase quotas and constraints on accounts, which are similar to the subscription quotas on Azure. These limits are set to ensure optimized performance and security for users. Some of the quotas can be increased by opening a ticket on the Console.
6.3 PricingLike Azure, Alibaba Cloud employs different billing methods and prices for different services, allowing you to choose the proper billing model for your needs.Azure provides Reserved Instances (RIs) and PAYG as billing methods. Azure RIs need to be payed upfront and can be purchased as 1 year or 3-year purchase. They can be cancelled anytime with a cancellation fee of 12% or converted to different instance types. They do not, however, guarantee a capacity reservation. The reserved model is only available for Virtual Machines.
The two main types of billing methods at Alibaba Cloud are Subscription and Pay-As-You-Go. Subscription is more economical for long term usage, while Pay-As- You-Go is better for small-scale, experimental usage of Alibaba Cloud products. Subscriptions can be purchased for a variety of different services not only restricted to Virtual Machines. They cannot, however, be cancelled but need to be sold on the spot market.
7. Resource management interfaces
7.1 Web based consoleThe Azure web-based portal is an important entry point for Azure to manage service resources. Alibaba Cloud also provides a web-based portal (which is termed console) on which users create, manage, and monitor their resources.
7.2 Rest APIBoth Azure and Alibaba Cloud provide REST APIs for most functions provided by the console.
7.3 Command line interface (CLI)Like Azure, Alibaba Cloud provides a CLI through which users can interact with and manage cloud computing services and resources. Azure provides the Azure CLI, while Alibaba Cloud provides an Alibaba Cloud CLI tool. The CLI tools provide standard CLIs for most cloud computing services and are compatible with mainstream OSs, including Windows, Linux, and Mac OS X.
7.4 SDKsBoth Azure and Alibaba Cloud provide SDKs for different programming languages such as Python, Java, Go,PHP and Node JS for example.
8. Types of cloud servicesThe following sections compare general cloud computing services and the relevant characteristics of Azure and Alibaba Cloud, respectively. Generally speaking, cloud services are composed of a set of basic services, falling into computing, storage, network, and database services. Basic Azure and Alibaba Cloud services include:
|Computing||Azure Virtual Machines (including GPU types), Virtual Machine Scale Sets, Azure Container Service (AKS, fully managed K8 master, and ACS which supports K8, DC/OS, Swarm), Azure Batch Compute||Elastic Compute Service (ECS), Elastic GPU Service (EGS), Auto Scaling, Container Service(Supports both Kubernetes and Swarm), Spot Instances,E-HPC.|
|Storage||Azure Blob Storage, Table Storage, CosmosDB, Azure CDN (operated by Akamai or Verizon), Azure File Storage，StorSimple||Object Storage Service (OSS), Table Store, Alibaba Cloud CDN, Network Attached Storage (NAS)，Hybrid Cloud Storage Array|
|Network||Azure Virtual Network (VNET), ExpressRoute, Azure Network Loadbalancer (NAT included), Azure Reserved IP, VPN Gateway||Virtual Private Cloud (VPC), Express Connect, NAT Gateway, SLB, Elastic IP, VPN Gateway|
|Database||Azure MySQL / Postgresql, Azure SQL, Azure Redis, CosmosDB for MongoDB, Azure Database Migration Service||ApsaraDB for RDS(MySQL/SQL Server/Postgresql), ApsaraDB for Redis,ApsaraDB for MemCache, ApsaraDB for MongoDB, HybridDB for PostgreSQL,HiTSDB,Data Transmission Service (DTS)|
|Virtual Servers||Azure Virtual Machines||Elastic Compute Service (ECS)|
|GPU Servers||Azure Virtual Machines (NC, ND, NV series)||Elastic GPU Service (EGS)|
|Auto Scale||Virtual Machine Scale Sets||Auto Scaling|
|Container Management||Azure Container Service (ECS) Azure Container Service for Kubernetes (EKS)||Container Service(Supports both Kubernetes and Swarm)|
|Pre-emptible VMs||Azure Batch Compute||Alibaba Batch Compute|
|high-performance computing||Azure HPC Pack||ECHP|
|Work management||Azure Batch||Batch Compute|
- Storage & CDN
|Object Storage||Azure Blob Storage / Azure Storage v2||Object Storage Service (OSS)|
|NoSQL Database||Azure Table Storage, CosmosDB (supports MongoDB, Cassandra APIs)||Table Store,MongoDB|
|Content Delivery||Azure CDN (operated by Akamai and Verizon)||Alibaba Cloud CDN|
|Shared File Storage||Azure File Storage, Data Lake Store (WebHDFS)||Network Attached Storage (NAS)|
|Hybrid Storage||StorSimple||Hybrid Cloud Storage Array|
|Networking||Virtual Network (VNET)||Virtual Private Cloud (VPC)|
|Dedicated Network||ExpressRoute||Express Connect|
|NAT Gateway||N/A (part of Network Load Balancer)||NAT Gateway|
|Load Balancing||Network Load Balancer (Level 4) / Application Gateway (Level 7)||Server load Balancer(SLB)(SUupports bot layer 4 and layer 7)|
|Elastic IP||Reserved IP||Elastic IP|
|Cross-premises Connectivity||VPN Gateway||VPN Gateway|
|Relational Database||Azure MySQL / PostgreSQL, Azure SQL, Azure Managed SQL Instances||ApsaraDB for RDS (MySQL, PostgreSQL, MS SQL), Distributed RDS|
|Caching||Azure Redis||ApsaraDB for Redis/Memcache|
|Elastic Data Warehouse||Azure SQL Data Warehouse||HybridDB for PostgreSQL|
|NoSQL - Document Storage||CosmosDB for MongoDB,CosmosDB SQL (aka DocumentDB)||ApsaraDB for MongoDB|
|NoSQL – Key/Value||CosmosDB Table,CosmosDB Cassandra||Table Store|
|NoSQL – Graph||CosmosDB Graph (Tinkerpop, Gremlin)||N/A|
|Time-series Database||Time Series Insights||High-Performance Time Series Database (HiTSDB)|
|Database Migration||Database Migration Service||Data Transmission Service (DTS)|
|DDoS Mitigation||DDoS Protection Service||Anti-DDoS Basic|
|DDoS Mitigation||DDoS Protection Service||Anti-DDoS Pro|
|Mobile Security||Visual Studio App Center||Mobile Security|
|Web Application Security||Part of Application Gateway||Web Application Firewall|
|Instance Security||N/A||Server Guard|
|Certificate Service||Part of Azure AppService, not standalone||SSL Certificates Service|
- Monitoring & Management
|Authentication and Authorization||Azure Active Directory + Role-based Access Control||Resource Access Management|
|Encryption||Azure KeyVault||Key Management Service|
|Resource Orchestration||Azure Resource Manager||Resource Orchestration Service|
- Domains & Websites
|Web Applications||Azure AppService||Web Hosting|
|Domain Name||Azure DNS||Domains|
|Domain Name System (DNS)||Azure DNS, Azure Traffic Manager||Alibaba Cloud DNS|
|Big Data Processing||Azure||MaxCompute ,E-MapReduce|
|Data Visualization||PowerBI||DataV ,QuickBI|
- Application Service
|Notification Service||Notification Hubs, Azure EventGrid||Message Service|
|API Service||API Management||API Gateway|
|Log Service||Log Analytics, App Insights||Log Service|
|Email Sending and Receiving||Through 3rd party offering SendGrid||DirectMail|
|Queues||Azure Queue Storage, Azure Service Bus||Message Queue|
- Media Services
|Live Video Streaming||Azure Media Services||ApsaraVideo Live|
|Media Transcoding Service||Azure Media Services||ApsaraVideo for Media Processing|