CDN secondary origin servers - CDN - Alibaba Cloud Documentation Center

The secondary origin servers on the cloud allow for regular synchronization of content from the primary origin to the secondary origin. When your primary origin fails, CDN automatically redirects the origin requests to the secondary origin to ensure service continuity.

Prerequisites

You have activated the Alibaba Cloud Function Compute service. For more information, see Activate Function Compute.
Note
If not, the secondary origin task cannot properly invoke functions.
You have activated the Alibaba Cloud Object Storage Service (OSS), and a bucket has been created. For more information, see Create buckets.

Billing

Function Compute

Function Compute powers the CDN secondary origin servers. Charges apply on a pay-as-you-go basis. The following table describes the billable items that are related to Function Compute. For pricing details, see Billing overview.

Billable item

Billing rules and methods

Internet data transfers

Fee of Internet data transfers = Tier unit price x Usage of Internet data transfers

Tier pricing: The first 200 GB of Internet data transfers per month is free of charge. Among the 200 GB of Internet data transfers, 20 GB can be used around the globe and 180 GB can be used only outside the Chinese mainland. You are charged for Internet data transfers greater than 200 GB based on tiered pricing. The tiered prices vary by region. For more information, see Internet data transfers.

Usage of Internet data transfers: You can view the usage of Internet data transfers on the Resource Usage page of the Function Compute console.

CU usage

CU usage fee = CU usage x Unit price

CU usage = Resource usage × CU conversion factor

Resource usage: You can view the resource usage on the Resource Usage page of the Function Compute console.

CU conversion factor: For more information, see CU conversion factors.

CU unit price: For more information, see Billable items and unit prices.

Billing example

Assume that you created a CPU function and enabled the express mode. The memory size is 512 MB, the vCPU capacity is 0.35 vCPUs, and the size of the temporary disk is 512 MB. The function is running in express mode for 50 hours: 10 hours in active state and 40 hours in idle state. The function is executed 1 million times. The fees incurred by the function are described as follows:

Note

In express mode, the memory usage and disk usage of a CPU instance are billed based on the execution duration. Active vCPU usage is billed based on the execution duration in active state. Idle vCPU usage does not incur fees.

Fee of Internet data transfers

Assume that each function invocation consumes 250 KB. The amount of Internet data transfers generated by 1 million invocations is 25 GB, which is less than 200 GB and incur no fees. In this case, you are not charged for Internet data transfers.

Fee of Internet data transfers = USD 0

CU usage fee

Resource usage type	Usage	Conversion factor	Converted CU usage
Active vCPU usage	12,600 vCPU-seconds	1 CU per vCPU-second	12,600 CUs
Idle vCPU usage	50,400 vCPU-seconds	0 CU per vCPU-second Note Idle vCPU usage does not incur fees.	0 CUs
Memory usage	90,000 GB-seconds	0.15 CU per GB-second	13,500 CUs
Disk usage	0 GB-seconds	0.05 CU per GB-second Note Disk usage up to 512 MB is free of charge. You are charged for disk capacity that exceeds 512 MB.	0 CUs
Function invocations	1,000,000 invocations	0.0075 CU per invocation	7,500 CUs
CU usage: 33,600 CUs

CU usage fee = Tier 1 unit price × Tier 1 usage = USD 0.000020 per CU × 33,600 CUs = USD 0.67

Total fee

Total fee for Function Compute = Fee of Internet data transfers + CU usage fee = USD 0 + USD 0.67 = USD 0.67

OSS storage
OSS bucket domain names are the only supported secondary origin address. OSS charges for storage based on the type, size, and duration of the stored files. For detailed pricing, see Storage fees.

Create a secondary origin task

Log on to the CDN console.
In the left-side navigation pane, click Application Center.
On the Application Center page, click the Secondary Origin Servers module and then click Try Now.
On the Secondary Origin Servers page, click Create Task.

Complete the following configurations.

Parameter	Description
Task Name	The name of the task.
Permission Management	When using the CDN secondary origin servers for the first time, you need to complete Function Compute authorization. On the authorization page, keep the following default settings: Role Name: `AliyunCDNServerlessDevsRole`. Role Description: `Serverless Devs Role for CDN Application`. System Template: `AliyunFCFullAccess`, `AliyunOSSFullAccess`.
Type	Domain name.
Domain name	The domain name of the accessible website that needs content backup.
Secondary Origin Address	The address where the backup content is stored in Alibaba Cloud OSS. Only the public endpoint of Alibaba Cloud OSS bucket can be entered as the secondary origin server address.
Task Type	Loop task.
Trigger Mode	The method to trigger the task. At Specific Interval: Trigger the task at specified time intervals. At Specific Time: Trigger the task at specified times, dates, or days of the week.
Resource Type	The type of resource to be backed up.

Configure secondary origin address

To add the Secondary Origin Address configured for the secondary origin task to the Origin Information, follow the instructions in Configure an origin server.

When adding secondary origin address information, consider the following parameter configurations:

Origin Infor: Select OSS Domain and enter the secondary origin address.
Priority: Select Secondary.

RAM User access

When a sub-account (RAM user) creates a CDN secondary origin servers task, it must have the following permissions.

Grant the RAM user system policies AliyunFCFullAccess and AliyunOSSFullAccess for full management of Function Compute and OSS.
1. Log on to the RAM Console.
2. In the left-side navigation pane, select Identities > Users.
3. Find the target RAM user and click Add Permissions in the Actions column.
4. In the Grant Permission panel, configure the details.
  - Select Account for the authorization scope.
  - Under Policy, choose Policy Type as System Policy.
  - In the Policy search box, enter AliyunFCFullAccess and AliyunOSSFullAccess, select them, and they will be added to the Selected Policy box.
5. Click Grant Permissions.
6. Click Close.

Create a custom permission policy and grant the RAM user ListRoles permission.

In the left-side navigation pane of the RAM Console, select Permissions > Policies.
Click Create Policy.

Select the JSON tab.

Create Permission Policy In the editor, enter the custom permission policy details.

{
    "Version": "1",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ram:CreateRole",
                "ram:AttachPolicyToRole",
                "ram:ListRoles"
            ],
            "Resource": "*"
        }
    ]
}

Click OK.
On the Create Policy page, enter the Name and Description for the policy.
Item
Description
Name
Enter an informative name for easy identification.
Description
Optional. Enter a description for the custom permission policy.
Click OK.
In the left-side navigation pane, select Identities > Users.
Find the target RAM user and click Add Permissions in the Actions column.

In the Add Permissions panel, configure the authorization details.

Item	Description
Resource Scope	Select Account, indicating that the corresponding permission application scope is global permission, and Resource Group Level cannot be selected.
Principal	The system will automatically fill in based on the target RAM user you select.
Policy	Select Policy Type as Custom Policy, enter the permission policy name you created in the above Custom Permission Policy in the text box, and add it to the Selected Policy area box.

Click Grant Permissions.
Click Close.

Item	Description
Name	Enter an informative name for easy identification.
Description	Optional. Enter a description for the custom permission policy.