This topic describes how to use DMS to purchase and configure resources for the Dify account version with a single click. These resources include a metadatabase, Redis, and vector database instances.
Usage notes
You can purchase Dify resources only in the China (Hangzhou), China (Hong Kong), and Singapore regions.
The system automatically registers the purchased Dify resources with DMS and enables the security hosting feature for Dify resources. By default, the control mode for Dify resources is set to Flexible Management.
Procedure
1. Preparations: Check and grant permissions
Before you deploy, ensure that the account has the required permissions to access and create resources. If the permissions have not been granted, click the Grant Permission button on the deployment page to complete the authorization.
Your account must have the following permissions:
AliyunDMSFullAccessAliyunRAMReadOnlyAccessAliyunECSReadOnlyAccessAliyunVPCReadOnlyAccessAliyunComputeNestUserReadOnlyAccessAliyunROSReadOnlyAccessAliyunGPDBReadOnlyAccessAliyunRDSReadOnlyAccessAliyunKvstoreReadOnlyAccess
If you import existing database resources, in addition to the basic read-only permissions listed above, the following requirements must be met:
You must be logged on with an account that has the administrator or DBA role in DMS.
The relational database, Redis, and vector database instances that you want to import must already be added to DMS.
Security hosting must be enabled for all instances.
2. Go to the deployment page
Log on to the Alibaba Cloud Management Console and go to the Dify on DMS deployment page.
3. Configure deployment parameters
On the deployment page, configure the parameters in the following sections.
Basic configurations
These parameters define the basic properties and billing method of the service.
Field | Description |
Billing Method | The billing method for the service. Different billing methods affect resource costs and settlement. |
Region | The geographic region where the service is deployed. All resources used by Dify on DMS must be in the same region to ensure service operation and network connectivity. |
Deployment Version | The Dify version type. Dify on DMS is designed for integration with Alibaba Cloud Data Management (DMS). Dify Enterprise Edition is a paid version optimized for medium to large organizations. You must purchase a separate license to use the features of the Enterprise Edition. |
Logon Method | The authentication method for users. With DMS account logon, users log on to Dify directly with their DMS accounts without extra setup. With Dify account logon, users log on with an email and password, and manage their own accounts. They can log on through a private network, public endpoint, or IP address. This topic uses Dify account logon. For more information about DMS account logon, see this topic. |
SR Role Authorization | Authorization for a service role (SR). This role grants permissions to the current service. If not granted, click Grant Permission to request the permissions. |
SLR Role Authorization | Authorization for a service-linked role (SLR). This role is used to delegate operations on other service resources. If not granted, click Grant Permission to request the permissions. |
Associated Service Activation | Indicates whether dependent services associated with this service are activated. If not, click Grant Permission to request the permissions. |
Workspace Creation Method | The method to create a workspace. |
Workspace Name | The name of the workspace. It must be unique and is used to distinguish between different project or team environments. |
Network Type | The network deployment type. The default is Virtual Private Cloud. |
VPC | The ID of the VPC instance where the service runs. |
Zone and vSwitch | The primary zone and its corresponding subnet. The primary node is deployed here to ensure high availability and low latency. |
Secondary Zone and vSwitch | The secondary zone and vSwitch. They are used for disaster recovery and failover. They are enabled when the primary zone is abnormal to improve system availability. |
Internet NAT | Specifies whether to configure an Internet NAT gateway. This provides resources in a private network with access to the Internet. |
Private and Public Endpoints | To enable private and public endpoints, you must activate PrivateZone, EIP, and ALB. This will generate pay-as-you-go bills. For pricing details, see PrivateZone billing, EIP billing, and ALB billing rules. |
DIFY configuration
Configure the data storage method for the Dify application. You can choose between two storage configurations: enterprise SSD (ESSD) and OSS.
Field | Description |
DIFY Version | Information about the currently deployed Dify version. This indicates the feature set, API operations, and capabilities of the core application. |
Storage Configuration | Select either enterprise SSD (ESSD) or OSS. |
Number of Replicas | The number of times data is replicated during storage to ensure high reliability. |
Deployment Resource Specification | The compute resource configuration of the deployment instance. This affects performance and concurrent processing capabilities. |
If you select OSS, configure the OSS information.
Path | If you set Storage Configuration to OSS, specify the file storage path. |
OSS Bucket | If you set Storage Configuration to OSS, specify the bucket name. The bucket is used to store unstructured data such as static resources, attachments, and backups. |
Database configuration
Configure a metadatabase, cache, and vector database for Dify. You can create new instances or import existing ones. For more information about importing existing instances, see Preparations for creating a Dify instance based on existing databases.
Metadatabase configuration
Create an instance: Select the appropriate specifications, storage class, and storage space based on your business workload.
Import an existing instance: Select a PostgreSQL instance for which security hosting is enabled.
Redis database
Create an instance: Select an appropriate Redis configuration.
Import an existing instance: Select a Redis instance for which security hosting is enabled.
Vector database
Create an instance: Select an appropriate AnalyticDB configuration.
Import an existing instance: Select a vector database instance for which security hosting is enabled.
Security configuration
Configure access credentials and network security policies for the database.
Field | Description |
Database Account | A unified account created for all newly purchased databases. |
Password | The password for the database account. |
Security Group | A virtual firewall that controls network access traffic for associated cloud resources. |
4. Deploy and verify
After you configure all parameters, the estimated cost appears on the right side of the page. Confirm the configuration and click Buy Now.
NoteEnsure that your Alibaba Cloud account has a sufficient balance to cover the Order amount before you activate pay-as-you-go services or purchase subscription resources. Fees are deducted directly from your account balance.
After you complete the payment, the page automatically redirects to the deployment details page. You can view the real-time deployment progress on this page. The deployment process takes approximately 15 to 30 minutes.
Examples
Configure a whitelist
On the Dify workspace page, in the left navigation pane, click . On the Dify Resources page, in the Basic Configurations section, click the Configure Whitelist button next to Instance Public Endpoint.
On the Entries tab, click the Add Entry button.
In the Add Policy Group Entry dialog box, enter the IP address of your local machine and any other IP addresses to include.
Click the Add button to complete the whitelist configuration.
Set up an administrator account and log on
After you configure the whitelist, on the workspace page, click in the navigation pane on the left.
When you open the Dify Studio page for the first time, the Set Administrator Account page is displayed. You must set the administrator's email, username, password, and other information.
After the setup is complete, log on to use Dify.
Add a user
After you log on, click your profile picture in the upper-right corner, and then select Settings from the dialog box that appears.
On the Settings page, click Members in the left navigation pane.
On the Members page, click the Add button.
Enter the new team member's email, select a role, and click Send Invitation.
After the invitation is sent, copy the invitation link. The new member can open this link to go to the logon page.
After opening the link, the new member must enter a password. This password will be their logon password.
Click Log On. Set a username and then click Join to add the user.
Embed an application into a third-party page
This feature applies only to Chatflow applications and not to Workflow applications.
After you develop an application, click in the upper-right corner to publish the application.
Once the application is published, click Embed in Website.
In the Embed in your website dialog box, select an embedding format and click the
button to copy the code.Paste the code into the source code of your website. Open the webpage to view the embedded interface.
