This topic describes the background, scenarios, and standard rules for best practices in high availability architecture.
Background
Multi-zone architecture is a crucial strategy for achieving high availability in your business operations. The zones within Alibaba Cloud operate independently, ensuring that one zone's availability does not impact another. A system utilizing multi-zone architecture offers robust data reliability, enabling real-time business recovery in the event of a primary zone failure. This compliance package helps identify Alibaba Cloud resources not employing multi-zone architecture.
Scenarios
This compliance package is ideal for scenarios demanding high service continuity and data reliability.
Default rules
Rule Name |
Rule Description |
Verifies that each RDS instance is configured with multi-zone architecture, resulting in a Compliant status. |
|
Evaluates OSS buckets to ensure the Zone-Redundant Storage (ZRS) feature is enabled, which is critical for consistent service and data restoration in the event of a data center outage, resulting in a Compliant status. |
|
Checks if each Redis instance employs multi-zone architecture, resulting in a Compliant status. |
|
Assesses whether SLB instances are configured with multi-zone architecture, resulting in a Compliant status. |
|
Verifies that each ALB instance utilizes multi-zone architecture to avoid business disruption in case of a zone failure, resulting in a Compliant status. |
|
Checks for multi-zone resource distribution within ALB server groups, resulting in a Compliant status. This rule is not applicable to server groups of the IP or Function Compute type. |
|
Ensures that each scaling group is associated with at least two vSwitches, resulting in a Compliant status. |
|
Verifies that each ApsaraDB for MongoDB instance is configured with multi-zone architecture, resulting in a Compliant status. |
|
Checks for the activation of the hot standby cluster feature and multi-zone data distribution in each PolarDB cluster, resulting in a Compliant status. |
|
Ensures that each endpoint service is configured across multiple zones, resulting in a Compliant status. |
|
Use Multi-Zone SLB Instances and Add Resources from Multiple Zones to Server Groups |
Checks for multi-zone architecture in SLB instances and multi-zone resource addition to server groups used by all listeners, resulting in a Compliant status. |
Assesses whether each Elasticsearch instance employs multi-zone architecture, resulting in a Compliant status. |
|
Verifies the use of region-level ACK clusters with nodes distributed across three or more zones, resulting in a Compliant status. |
|
Use High-Availability Edition MSE Registration Configuration Centers |
Checks for the use of Professional or Serverless Edition MSE registration configuration centers deployed across multiple zones, resulting in a Compliant status. |
Evaluates whether MSE cloud-native gateways are deployed across different zones, resulting in a Compliant status. |
|
Assesses whether Enterprise Dual-engine or SM Edition Bastionhost is deployed across multiple zones for stability, resulting in a Compliant status. Historical editions are Not applicable. |
|
Verifies that each VPN Gateway is configured with two vSwitches for high availability across zones, resulting in a Compliant status. |
|
Ensures that each TransitRouter VPC connection is configured with two vSwitches distributed in different zones for high availability, resulting in a Compliant status. |
|
Checks whether network load balancer instances are configured with multi-zone architecture, resulting in a Compliant status. |
|
Verifies that each AnalyticDB for PostgreSQL instance employs multi-zone architecture, resulting in a Compliant status. |
|
Checks whether each Lindorm instance is configured with multi-zone architecture, resulting in a Compliant status. |
|
Assesses whether each HBase cluster utilizes multi-zone architecture, resulting in a Compliant status. |
|
Verifies that each Tablestore instance employs a zone-redundant architecture, resulting in a Compliant status. |
|
Associate Container Image Instances with Zone-Redundant OSS Buckets |
Checks whether each container image instance is linked to zone-redundant OSS buckets, resulting in a Compliant status. |
Ensures that each KMS instance is configured with multi-zone architecture, resulting in a Compliant status. |
|
Checks whether each RocketMQ 5.0 instance uses multi-zone architecture, resulting in a Compliant status. |
|
Verifies that each Flink instance is configured with multi-zone architecture, resulting in a Compliant status. |
|
Assesses whether each Gateway Load Balancer instance employs multi-zone architecture, resulting in a Compliant status. |
|
Establish Connections for Both Primary and Secondary Tunnels of Dual-Tunnel VPN Gateways |
Checks for established connections in both the primary and secondary tunnels of dual-tunnel VPN Gateways, resulting in a Compliant status. |
Ensures the use of region-level ACS clusters with nodes distributed across three or more zones, resulting in a Compliant status. |
|
Checks whether each Log Service project employs a zone-redundant architecture, resulting in a Compliant status. |
|
Verifies that each API Gateway instance utilizes multi-zone architecture, resulting in a Compliant status. |
|
Assesses whether each Kafka instance is configured with multi-zone architecture, resulting in a Compliant status. |
|
Checks for multi-zone architecture in each PolarDB-X 2.0 instance, resulting in a Compliant status. |
|
Add Resources from Multiple Zones to Network Load Balancer Server Groups |
Verifies that resources within server groups of each network load balancer instance are distributed across multiple zones, resulting in a Compliant status. If no resources are added to the server group or the resource type is IP, the evaluation is Not applicable. |
Checks whether each ClickHouse cluster instance employs multi-zone architecture, resulting in a Compliant status. Note that only the Community Edition is included. |
|
Use Zone-Disaster Recovery Architecture for MaxCompute Projects |
Ensures that each MaxCompute project is configured with a zone-disaster recovery architecture, resulting in a Compliant status. |
Checks for the configuration of multiple origin servers for each CDN domain name, resulting in a Compliant status. |
|
Verifies the configuration of multiple origin servers for each DCDN domain name, resulting in a Compliant status. |
|
Checks whether each ESSD data disk is configured with zone-redundant architecture, resulting in a Compliant status. System disks are considered Not applicable. |
|
Ensures that each Express Connect circuit is in high-reliability mode with two access points requested for the same region, resulting in a Compliant status. |