All Products
Search
Document Center

DataWorks:Load balancing and high availability for SSH nodes

Last Updated:Jun 21, 2026

Alibaba Cloud Network Load Balancer (NLB) provides intelligent load balancing for DataWorks SSH nodes, preventing a single point of failure and simplifying task configuration. This topic describes how to deploy and use this solution in DataWorks to ensure that SSH tasks run stably.

Background

In DataWorks, an SSH data source is typically configured with the host address of a fixed ECS instance. If that host becomes unhealthy (for example, it crashes or runs out of resources), SSH nodes may fail to run. To address this, you can add multiple ECS instances to a server group of a Network Load Balancer (NLB) instance. NLB uses its internal algorithm to distribute task requests to available ECS instances and continuously checks their health. If an ECS instance fails, NLB automatically routes requests to other healthy instances. This prevents a single instance failure from interrupting tasks and ensures high availability.

As shown in the preceding figure:

  • Without load balancing: DataWorks SSH node tasks can run only on the connected ECS instance. If that instance is overloaded or fails, tasks are delayed or interrupted.

  • With load balancing: DataWorks SSH node tasks are automatically routed to an ECS instance in the server group based on the NLB policy. NLB also performs health checks on the server group. If it detects an unhealthy ECS instance, it automatically routes tasks to other healthy instances, ensuring continuity and high availability.

This solution prevents resource exhaustion and single points of failure, improving task execution efficiency and reliability.

Prerequisites

  • The RAM user that you want to use is added to your workspace.

    If you want to use a RAM user to develop tasks, you must add the RAM user to your workspace as a member and assign the Develop or Workspace Administrator role to the RAM user. The Workspace Administrator role has more permissions than necessary. Exercise caution when you assign the Workspace Administrator role. For more information about how to add a member and assign roles to the member, see Add members to a workspace.

  • A serverless resource group is associated with your workspace. For more information, see the topics in the Use serverless resource groups directory.

Limitations

  • The code in an SSH node cannot exceed 128 KB.

  • The DataWorks resource group, ECS instances, and NLB instance must be in the same VPC and region.

Prepare the environment

To enable load balancing and high availability for SSH nodes, create at least two ECS instances and add unique sample data to each for verification.

Create ECS instances

Follow these steps to create the required ECS instances.

  1. Purchase ECS instances.

    Go to the ECS instance buy page, select the Custom Launch tab, and configure the following parameters to create the ECS instances. For details on other parameters, see Create an instance on the Custom Launch tab.

    Parameter

    Description

    Region

    Select the region where your DataWorks workspace resides.

    Network and zone

    Select the same Virtual Private Cloud (VPC) and vSwitch used for the serverless resource group.

    Security Group

    Select the security group that is bound to the vSwitch of the serverless resource group.

    Other parameters

    Configure other parameters based on your business requirements.

  2. Set the quantity.

    On the right side of the ECS instance buy page, find the Quantity option and enter the number of ECS instances you need. This tutorial uses two instances.

  3. Click Create Order to complete the creation and purchase of the ECS instances.

Prepare sample data

On the two ECS instances you created, write unique sample data to each so you can distinguish the results later.

  1. Log on to the ECS instances.

    1. Go to the ECS console, switch to the region where the ECS instances reside, and find the two instances you created.

    2. In the Operation column for an instance, click Remote connection. In the Remote connection dialog box, select Sign in now.

    3. On the Instance Login page, configure authentication information and complete the logon.

  2. Create sample data.

    • On ECS Instance 1, run the following command:

      echo "I am the first server" > /tmp/a.txt
    • On ECS Instance 2, run the following command:

      echo "I am the second server" > /tmp/a.txt

Configure the NLB instance

Follow these steps to create an NLB instance, configure a backend server group by adding two ECS instances, and set up a listener to enable load balancing.

Create an NLB instance

You can create an NLB instance by following these steps. For more information, see Prerequisites for creating an NLB instance and Create and manage an NLB instance.

  1. Go to the NLB instance buy page.

    Log on to the Network Load Balancer console. In the top navigation bar, select the region. On the Instances page, click Create NLB to go to the Cloud Service Buy Page.

    Important

    Select the same region as your DataWorks workspace. An incorrect region selection will require you to create a new instance.

  2. Configure and purchase the NLB instance.

    On the Cloud Service Buy Page, configure the following parameters to create an NLB instance:

    Parameter

    Description

    Network

    Network type

    Select internal-facing.

    VPC

    Select the VPC used by your serverless resource group.

    Zone

    Select the zone where the vSwitch of the serverless resource group resides.

    IP version

    Select IPv4.

    Management settings

    Instance name

    Enter a custom instance name.

    Resource group

    Select the default resource group.

  3. Confirm the purchase.

    After configuring all parameters, click Create. On the Confirm Order page, click Activate.

Create a backend server group

After the NLB instance enters the Active state, follow these steps to create and bind a backend server group to the NLB instance. For more information, see NLB server groups.

  1. Go to the instance details page.

    1. Log on to the Network Load Balancer console. In the top navigation bar, select the region. In the instance list, find the instance you created.

    2. Click the instance name to go to the instance details page.

  2. Create a backend server group.

    1. At the top of the instance details page, click Create Server Group to go to the Create Server Group page.

    2. Set Server Group Name to ECS_NLB, and then click Create.

  3. Add backend servers.

    1. In the Server group created successfully dialog box, click Add Backend Server.

    2. On the Backend Servers tab, click Add Backend Server to go to the Add Backend Server page.

    3. Select the two ECS instances you created.

    4. Click Next step to go to the Ports/Weights step.

  4. Configure ports and weights.

    1. Set the Port to 22.

    2. Click OK to complete the configuration.

Wait until the backend servers are added successfully.

Configure a listener

After you add the ECS instances to the backend server group, configure a listener for the NLB instance as follows. For more information, see Add a TCP listener.

  1. Go to the instance details page.

    1. Log on to the Network Load Balancer console. In the top navigation bar, select the region. In the instance list, find the instance you created.

    2. Click the instance name to go to the instance details page.

  2. Configure a listener.

    1. At the top of the instance details page, click Create Listener to open the Configure Server Load Balancer wizard.

    2. Set the listener protocol to TCP and set the listener port to 22.

    3. Click Next step.

  3. Select a server group.

    1. In the Select Server Group step, for Server Type, select the server group ECS_NLB that you created in Create a backend server group.

    2. Click Next step.

  4. Submit for review.

    In the Configuration Review step, confirm the ECS instances and listener port, and then click Submit.

Configure an SSH data source

After completing the preceding configurations, add the NLB instance as an SSH data source. For more information, see SSH data sources.

  1. Log on to the DataWorks console. In the target region, click More > Management Center in the left-side navigation pane. Select a workspace from the drop-down list and click Go to Management Center.

  2. In the left-side navigation pane, click Data Sources > Data Sources to go to the Data Sources page.

  3. On the Data Sources page, click Add Connection to go to the Add Connection page.

  4. On the Add Connection page, select SSH as the data source type to go to the Add SSH Data Source page. You can configure the parameters on this page as follows.

    Parameter

    Description

    Data source name

    Enter a custom name for the data source, for example, SSH_DB.

    Configuration mode

    Use the default User-created Data Store with Public IP Addresses.

    Authentication method

    We recommend DataWorks SSH Public Key Authentication.

    Host address

    Log on to the Network Load Balancer console. In the top navigation bar, select the region. Find the instance and click its name to open the instance details page. Copy the Domain Name to use as the Host Address.

    Host port

    The host port for the server is 22.

    Username

    The username for the server is root.

    Public key

    Click Generate Key Pair. The platform generates a public key based on the username you configured.

    Important

    Before you test the connection, add the public key to the .ssh/authorized_keys file on the two ECS hosts. Otherwise, the test will fail.

  5. Test resource group connectivity.

    In the Connection Configuration section, find the serverless resource group bound to your workspace, and click Test Connectivity in the Connected state column.

Run the SSH task

You can follow these steps to create and develop an SSH node, and then verify its functionality by checking the task results.

Create an SSH node

You can create an SSH node by following these steps. For more information, see Create an SSH node.

  1. Go to the Workspaces page in the DataWorks console. In the top navigation bar, select a desired region. Find the desired workspace and choose Shortcuts > Data Studio in the Actions column.

  2. In the left-side navigation pane, click the image icon. Click the image icon next to Project Directory, and choose New Node > General > SSH to open the New Node dialog box.

  3. In the New Node dialog box, enter a custom Name for the SSH node.

  4. Click Confirm to go to the node editor.

Develop the SSH node

On the node editor page, add the following sample code and configure the execution environment.

  1. Write the SSH node code.

    In the code editor, enter the following sample command:

    cat /tmp/a.txt
  2. Configure the execution environment.

    • Data Source: From the Select a data source drop-down list at the top of the editor, select the SSH_DB data source.

    • Resource group configuration: In the right-side pane, click Run Configuration, and set Resource Group to your serverless resource group.

  3. Click the Save button in the toolbar to save the SSH node.

View task results

Run the SSH node multiple times and compare the output to verify that the load balancing is effective.

  1. Run the SSH node task.

    Click the Run button in the toolbar. After the first run completes, run the task again.

  2. View the task results.

    Note

    The output may differ between runs because the task is routed to a different ECS instance each time.

    Execution result 1.

    2025-04-11 16:53:05 INFO =============================================
    2025-04-11 16:53:06,657 INFO [SshWrapperMain.java:151] - Get PrivateKey Content OK
    2025-04-11 16:53:06,667 INFO [SshExecutorUtil.java:33] - User: xxx
    2025-04-11 16:53:06,668 INFO [SshExecutorUtil.java:34] - Host: xxx
    2025-04-11 16:53:06,668 INFO [SshExecutorUtil.java:35] - Port: 22
    2025-04-11 16:53:07,876 INFO [SshExecutorUtil.java:55] - session connect success
    2025-04-11 16:53:07,877 INFO [SshExecutorUtil.java:56] - code:
    cat /tmp/a.txt
    2025-04-11 16:53:07,894 INFO [SshExecutorUtil.java:66] - channel connect success
    I am the first server
    2025-04-11 16:53:09 INFO =============================================
    2025-04-11 16:53:09 INFO Exit code of the Shell command 0
    2025-04-11 16:53:09 INFO --- Invocation of Shell command completed ---
    2025-04-11 16:53:09 INFO Shell run successfully!
    2025-04-11 16:53:09 INFO Current task status: FINISH
    2025-04-11 16:53:09 INFO Cost time is: 3.238s

    Execution result 2:

    This output shows "I am the second server", which indicates that the request was routed to the second ECS instance. The run log is as follows:

    2025-04-11 16:53:56 INFO ============================================================
    2025-04-11 16:53:57,632 INFO [SshWrapperMain.java:151] - Get PrivateKey Content OK
    2025-04-11 16:53:57,645 INFO [SshExecutorUtil.java:33] - User:
    2025-04-11 16:53:57,645 INFO [SshExecutorUtil.java:34] - Host:
    2025-04-11 16:53:57,645 INFO [SshExecutorUtil.java:35] - Port: 22
    2025-04-11 16:53:58,746 INFO [SshExecutorUtil.java:55] - session connect success
    2025-04-11 16:53:58,746 INFO [SshExecutorUtil.java:56] - code:
    cat /tmp/a.txt
    2025-04-11 16:53:58,764 INFO [SshExecutorUtil.java:66] - channel connect success
    I am the second server
    2025-04-11 16:53:59 INFO ============================================================
    2025-04-11 16:53:59 INFO Exit code of the Shell command 0
    2025-04-11 16:53:59 INFO --- Invocation of Shell command completed ---
    2025-04-11 16:53:59 INFO Shell run successfully!
    2025-04-11 16:53:59 INFO Current task status: FINISH
    2025-04-11 16:53:59 INFO Cost time is: 3.011s

How it works

The following explains how DataWorks uses NLB to ensure stable execution of high-concurrency SSH tasks:

This solution works by adding multiple ECS instances to an NLB server group and using the NLB instance's DNS name as the SSH data source in DataWorks. Task requests from the SSH node are then intercepted by the NLB listener, which distributes them to healthy ECS instances based on its load balancing policy. Execution results are returned through NLB and displayed in the SSH node's log.