This topic describes the background information, scenarios, and default rules of the BestPracticesForHighAvailabilityArchitecture compliance package.
Background information
The multi-zone architecture helps implement high availability for your business. The availability of the zones in Alibaba Cloud is independent and does not affect each other. A system that uses the multi-zone architecture provides high data reliability. If the primary zone fails, the system can restore business in real time. You can use the BestPracticeForMultiZoneArchitecture compliance package to check whether the multi-zone architecture is used by each Alibaba Cloud resource.
Scenarios
This compliance package is suitable for scenarios in which you have high requirements for service continuity and data reliability.
Default rules
Rule name | Description |
Checks whether each ApsaraDB RDS instance uses the multi-zone architecture. If so, the evaluation result is Compliant. | |
Checks whether the zone-redundant storage (ZRS) feature is enabled for each Object Storage Service (OSS) bucket. If so, the evaluation result is Compliant. If the ZRS feature is disabled, OSS cannot provide available and durable services and ensure data recovery when a data center becomes unavailable. | |
Checks whether the Deployment Type parameter of each ApsaraDB for Redis instance is set to Dual-zone Deployment. If so, the evaluation result is Compliant. | |
Checks whether each SLB instance uses the multi-zone architecture. If so, the evaluation result is Compliant. | |
Checks whether each Application Load Balancer (ALB) instance uses the multi-zone architecture. If so, the evaluation result is Compliant. If a failure occurs on an ALB instance when you deploy the instance in only one zone, business may be disrupted. | |
Checks whether the associated resources of the server groups of each ALB instance are distributed across multiple zones. If so, the evaluation result is Compliant. This rule applies to only ALB instances whose server groups have associated resources. This rule does not apply to ALB instances whose server groups have no associated resources or IP addresses, or server groups of the Function Compute type. | |
Checks whether at least two vSwitches are attached to each scaling group. If so, the evaluation result is Compliant. | |
Checks whether each ApsaraDB for MongoDB instance uses the multi-zone architecture. If so, the evaluation result is Compliant. | |
Checks whether the hot standby cluster feature is enabled for each PolarDB cluster and data of the cluster is distributed across multiple zones. If so, the evaluation result is Compliant. | |
Checks whether multiple zones are configured for each endpoint service. If so, the evaluation result is Compliant. | |
Checks whether each SLB instance uses the multi-zone architecture and the resources of multiple zones are added to the server group that is used by all listeners of the SLB instance. If so, the evaluation result is Compliant. | |
Checks whether each Elasticsearch cluster is of the multi-zone architecture. If so, the evaluation result is Compliant. | |
Checks whether region-level ACK clusters whose nodes are distributed across three or more zones are used. If so, the evaluation result is Compliant. | |
Checks whether a Serverless MSE instance or Microservices Registry Professional Edition of Microservices Engine (MSE) is used and nodes are deployed in multiple zones. If so, the evaluation result is Compliant. | |
Checks whether an MSE cloud-native gateway is deployed in different zones. If so, the evaluation result is Compliant. | |
Checks whether Bastionhost Enterprise Edition or SM Edition is deployed in multiple zones to ensure stability. If so, the evaluation result is Compliant. This rule does not apply to historical versions of Bastionhost. | |
Checks whether two vSwitches are configured for the VPN gateway to ensure the high availability of cross-zone services. If so, the evaluation result is Compliant. | |
Checks whether two vSwitches distributed in different zones are configured for the VPC connected to the transit router to ensure the high availability of cross-zone services. If so, the evaluation result is Compliant. | |
Checks whether each Network Load Balancer (NLB) instance uses the multi-zone architecture. If so, the evaluation result is Compliant. | |
Checks whether each AnalyticDB instance uses the multi-zone architecture. If so, the evaluation result is Compliant. | |
Checks whether each Lindorm instance uses the multi-zone architecture. If so, the evaluation result is Compliant. | |
Checks whether each HBase cluster uses the multi-zone architecture. If so, the evaluation result is Compliant. | |
Checks whether each Tablestore instance uses the ZRS architecture. If so, the evaluation result is Compliant. | |
Checks whether each Container Registry instance is associated with an OSS bucket that uses the ZRS architecture. If so, the evaluation result is Compliant. | |
Checks whether each Key Management Service (KMS) instance uses the multi-zone architecture. If so, the evaluation result is Compliant. | |
Checks whether each ApsaraMQ for RocketMQ 5.0 instance uses the multi-zone architecture. If so, the evaluation result is Compliant. | |
Checks whether each Realtime Compute for Apache Flink workspace uses the multi-zone architecture. If so, the evaluation result is Compliant. | |
Checks whether each Gateway Load Balancer (GWLB) instance uses the multi-zone architecture. If so, the evaluation result is Compliant. | |
Checks whether the dual-tunnel mode is supported for the VPN gateways and the active and standby tunnels are connected. If so, the evaluation result is Compliant. | |
Checks whether region-level Container Compute Service (ACS) clusters whose nodes are distributed across three or more zones are used. If so, the evaluation result is Compliant. | |
Checks whether each Simple Log Service project uses the ZRS architecture. If so, the evaluation result is Compliant. | |
Checks whether each API Gateway instance uses the multi-zone architecture. If so, the evaluation result is Compliant. | |
Checks whether each ApsaraMQ for Kafka instance uses the multi-zone architecture. If so, the evaluation result is Compliant. | |
Checks whether each PolarDB-X 2.0 instance uses the multi-zone architecture. If so, the evaluation result is Compliant. | |
Checks whether the associated resources of the server groups of each NLB instance are distributed across multiple zones. If so, the evaluation result is Compliant. This rule does not apply to the server groups in which no resources exist or the resource type is IP. | |
Checks whether each ApsaraDB for ClickHouse instance uses the multi-zone architecture. If so, the evaluation result is Compliant. Only ApsaraDB for ClickHouse Community-compatible Edition is supported. | |
Checks whether each MaxCompute project uses the zone-disaster recovery architecture. If so, the evaluation result is Compliant. | |
Checks whether multiple origin servers are configured for the Content Delivery Network (CDN) domain name. If so, the evaluation result is Compliant. | |
Checks whether multiple origin servers are configured for the Dynamic Content Delivery Network (DCDN) domain name. If so, the evaluation result is Compliant. | |
Checks whether each Enhanced SSD (ESSD) uses the ZRS architecture. If so, the evaluation result is Compliant. This rule does not apply to the system disk. | |
Checks whether Express Connect is in high-reliability mode and two endpoints are applied for Express Connect in the same region. If so, the evaluation result is Compliant. |