ECS Insight capabilities - Elastic Compute Service - Alibaba Cloud Documentation Center

ECS Insight assesses Elastic Compute Service (ECS) usage from the ECS Basics, Cost Insight, Automation, Reliability, Elasticity, and Security dimensions and provides optimization suggestions based on the assessment results.

Assessment dimensions

Assessment dimension	Description
ECS Basics	Assesses whether all ECS instances and the associated resources in the current account are properly distributed, identifies potential risks to business performance and high availability, and provides corresponding optimization suggestions.
Cost Insight	Assesses the billing methods of ECS instances in the current account, the matching degree between instance types and workloads, and the reasonableness of fine-grained cost management, and provides corresponding optimization suggestions.
Automation	Assesses your use of automation capabilities to improve the O&M efficiency of ECS instances and associated resources, and provides corresponding optimization suggestions.
Reliability	Assesses whether ECS instances in the current account have potential risks related to single points of stability and business high availability, and provides corresponding optimization suggestions.
Elasticity	Assesses the usage of elasticity capabilities for ECS resources in the current account, identifies elasticity risks, and provides corresponding optimization suggestions.
Security	Assesses whether ECS instances and associated resources in the current account have data security, network security, and access security risks, and provides corresponding optimization suggestions.

Levels of assessment items

For each assessment item, ECS Insight provides different results and corresponding severity levels. The following section describes the assessment results corresponding to each severity level and the recommended operations:

Critical (high-risk item): indicates that the usage of resources in the current account does not meet the criteria of an assessment item and high risks exist. We recommend that you resolve the issue and optimize the usage based on the best practices. A high-risk item scores 0 points.
Warning (warned item): indicates that the usage of resources in the current account does not meet the criteria of an assessment item and risks exist. We recommend that you resolve the issue and optimize the usage based on the best practices. The score varies based on the scoring rules.
Information (information item): indicates that the usage of resources in the current account does not meet the criteria of an assessment item, but the issue is not serious. You can choose whether to optimize the usage based on your business requirements. The score varies based on the scoring rules.
Unassessed Item (unassessed item): indicates that the resources in the current account do not meet the assessment threshold for an assessment item and ECS Insight does not assess the resources based on the item. You do not need to take note of the assessment item.
OK (Scored item): indicates that the usage of resources in the current account meets the criteria of an assessment item and no risk exists. You do not need to take note of the assessment item. The item gets the full score.

ECS Basics

In the ECS Basics dimension, ECS Insight assesses whether all ECS instances and the associated resources in the current account are properly distributed, identifies potential risks to business performance and high availability, and provides corresponding optimization suggestions.

ECS Insight provides the following categories of capabilities in the ECS Basics dimension: Basic Computing Capabilities, Basic Storage Capabilities, Basic Network Capabilities, and Basic API & Resource Management Capabilities. Each category contains multiple assessment items. The following table describes the scores, scoring rules, and best practices of each assessment item.

Category	Category description	Assessment item	Assessment item description	Full score (points)	Scoring rules	Whether to return affected resources	Best practices
Basic Computing Capabilities	Assesses whether all ECS instances in the account are properly distributed across zones, regions, and instance families.	Proper Cross-zone Distribution of ECS Instances	Checks whether all ECS instances in the account are properly distributed across different zones to achieve high availability and zone redundancy.	10	High-risk item: If 10 or more ECS instances exist in the account and reside in the same zone, the item scores 0 points. Warned item: If 10 or more ECS instances exist in the account and are unevenly distributed across different zones, the item scores 5 points. Unassessed item: If fewer than 10 ECS instances exist in the account, the item is not assessed. Scored item: If 10 or more ECS instances exist in the account and are distributed across different zones, and the number of ECS instances in each zone varies by up to 20%, the item scores 10 points.	Yes	When you create ECS instances, select zones in which fewer ECS instances reside. For information about how to create an ECS instance, see Create an instance on the Custom Launch tab. Adjust the zone distribution of ECS instances based on your business requirements to enhance disaster recovery capabilities and reduce the risks caused by the failure of a single zone. For more information, see Migrate resources across zones on Alibaba Cloud. Use high-availability architectures to provide features, such as service distribution, scalability, and multi-zone deployment. For more information, see Deploy a high-availability architecture.
		No ECS Instances Deployed in Classic Network	Checks whether ECS instances that are deployed in the classic network, which are vulnerable to security risks, exist in the account.	10	High-risk item: If one or more ECS instances in the account are deployed in the classic network, the item scores 0 points. Scored item: If no ECS instances in the account are deployed in the classic network, the item scores 10 points.	Yes	Migrate specific or all ECS instances from the classic network to a virtual private cloud (VPC) based on your business requirements. For more information, see Migrate an ECS instance from the classic network to a VPC.
		No ECS Instances of Retired or Outdated Instance Families	Checks whether ECS instances of retired or outdated instance families exist in the account. If ECS instances have a pending following event, the instances belong to retired or outdated instance families: Instance Migration Events Due to Upgrades at Underlying Layer.	10	High-risk item: If one or more ECS instances that belong to retired or outdated instance families exist in the account, the item scores 0 points. Scored item: If no ECS instances that belong to retired or outdated instance families exist in the account, the item scores 10 points.	Yes	Migrate the ECS instances that belong to retired or outdated instance families at the earliest opportunity to improve the stability of ECS instances. For more information, see Events related to instance migration due to upgrades at the underlying layer.
Basic Storage Capabilities	Assesses whether disks in the account are properly used.	No Basic Disks	Checks whether cloud disks of retired disk categories exist in the account.	10	High-risk item: If one or more basic disks exist in the account, the item scores 0 points. Scored item: If no basic disks exist in the account, the item scores 10 points.	Yes	Create snapshots for basic disks and create cloud disks of other disk categories from the snapshots to migrate data from the basic disks to the new cloud disks. For more information, see Create a snapshot and Create a disk from a snapshot. Create custom images from the ECS instances to which basic disks are attached and use the custom images to create ECS instances to which cloud disks of other disk categories are attached to migrate data from the basic disks to the cloud disks of other disk categories. For more information, see Create a custom image from an instance and Create an instance by using a custom image.
Basic Storage Capabilities	Assesses whether disks in the account are properly used.	No Instances Equipped with Local Disks of Retired Disk Categories	Checks whether ECS instances that are equipped with local disks of retired disk categories exist in the account.	10	High-risk item: If one or more ECS instances in the account use local disks of retired disk categories, the item scores 0 points. Scored item: If no ECS instances in the account use local disks of retired disk categories, the item scores 10 points.	Yes	Back up the data of ECS instances that are equipped with local disks of retired disk categories based on your business requirements, release the ECS instances, and then create ECS instances that use local disks of new disk categories. For information about the instance types that are equipped with local disks, see Big data instance families and Instance families with local SSDs.
Basic Network Capabilities	Assesses whether security groups were properly configured for all ECS instances in the account.	Non-default Security Groups	Checks whether non-default security groups exist and are used in the account.	10	High-risk item: If only default security groups exist in the account or no non-default security groups in the account are associated with ECS instances, the item scores 0 points. Scored item: If non-default security groups exist in the account and one or more of the security groups are associated with one or more ECS instances, the item scores 10 points.	No	Create security groups and configure security group rules based on your business requirements to improve the security of ECS instances. For more information, see Create a security group. Configure security group rules based on your business scenarios, such as when a website deployed on your instance needs to provide external web services, you want to connect to your ECS instance from an on-premises server, instances that belong to different security groups need to communicate with each other over the internal network, and you want to allow access to a database deployed on an ECS instance. For more information, see Guidelines for using security groups and use cases.
Basic API & Resource Management Capabilities	Assesses whether API operations are properly called and all Resource Access Management (RAM) users and resources in the account are properly managed.	Proper Tag-based Grouping of Resources	Checks whether resources in the account are properly grouped based on tags.	20	Warned item: 10 or more ECS instances exist in the account. Tags are not added to label or group the ECS instances for batch management. Unassessed item: Fewer than 10 ECS instances exist in the account. The item is not assessed. Scored item: Custom tags are added to ECS instances in the account for instance grouping. The item scores 20 points.	Yes	We recommend that you use tag policies to identify resources to which specific tags are not added at the earliest opportunity and add at least two custom tags to each ECS instance to which tags are not added. For more information, see Perform automatic tag detection, Create tags and add tags to resources, and Best practices for tag design.
Basic API & Resource Management Capabilities		Proper API Call Success Rate	Checks whether a large number of API calls in the account failed.	20	Warned item: More than 100 API calls were made during a previous time period in the account, and the proportion of HTTP 4xx status codes in API responses was higher than 10%. The API call failure rate was high. Unassessed item: Fewer than 100 API calls were made during a previous time period in the account. The item is not assessed. Scored item: The number of failed API calls in the account during a previous time period was not large. The item scores 20 points.	Yes	Check whether the API responses meet your expectation based on your business requirements. For information about error codes, see Elastic Compute Service - Error Codes

Cost Insight

In the Cost Insight dimension, ECS Insight assesses whether the billing methods for the ECS instances and associated resources in the current account are properly used and whether fine-grained cost management and analysis have been performed.

ECS Insight provides the following categories of capabilities in the Cost Insight dimension: Basic ECS Cost Analysis Capabilities, Refined ECS Cost Insight Capabilities, and Cost Analysis Capabilities. Each category contains multiple assessment items. The following table describes the scores, scoring rules, and best practices of each assessment item.

Category	Category description	Assessment item	Assessment item description	Full score (points)	Scoring rules	Whether to return affected resources	Best practices
Basic ECS Cost Analysis Capabilities	Assesses whether resource costs in the account are properly managed to prevent waste and business interruptions.	ECS Instance Refund Limit Reached	Checks whether the account has reached the monthly maximum number of refunds for subscription ECS instances in the current month.	5	Warned item: If the account reached the maximum number of refunds for subscription ECS instances during a previous time period, the item scores 0 points. Scored item: If the account did not reach the maximum number of refunds for subscription ECS instances during a previous time period, the item scores 5 points.	Yes	To meet temporary business requirements, we recommend that you create Spot Instance ECS instances. For more information, see Pay-as-you-go.
		Use of Economical Mode	Checks whether ECS instances in the account are stopped in economical mode to prevent resource waste.	10	Warned item: If Spot Instance ECS instances that are stopped exist in the account and the instances are all stopped in standard mode, the item scores 0 points. Scored item: If Spot Instance ECS instances that are stopped in economical mode exist in the account, the item scores 10 points.	Yes	Stop Spot Instance ECS instances that are not required in economical mode based on your business requirements to reduce resource costs. For more information, see Economical mode. For spot instance ECS instances that are stopped in standard mode, you can restart the instances and stop them in economical mode based on your business requirements.
		ECS Instances Unavailable Due to Overdue Payments	Checks whether ECS instances in the account are unavailable due to overdue payments.	10	High-risk item: If specific ECS instances in the account are unavailable or have lost network connectivity due to overdue payments, the item scores 0 points. Scored item: If no ECS instances in the account are unavailable or have lost network connectivity due to overdue payments, the item scores 10 points.	Yes	If you want to use the ECS instances that are unavailable or have lost network connectivity due to overdue payments, we recommend that you complete the payments at the earliest opportunity to prevent the instances from being stopped or released. For more information, see How to pay an overdue bill. If you no longer require the ECS instances that are unavailable or have lost network connectivity due to overdue payments, we recommend that you create snapshots for disks attached to the instances to back up data and release the instances. For information about how to create snapshots, see Create a snapshot.
		ECS Instances Unavailable Due to Expiration	Checks whether subscription ECS instances in the account are unavailable due to expiration.	10	High-risk item: If specific ECS instances in the account are unavailable or have lost network connectivity due to expiration, the item scores 0 points. Scored item: If no ECS instances in the account are unavailable or have lost network connectivity due to expiration, the item scores 10 points.	Yes	If you want to use the ECS instances that are unavailable or have lost network connectivity due to expiration, renew the instances to extend the service life of the instances. For more information, see Renew a subscription instance. If you no longer require the ECS instances that are unavailable or have lost network connectivity due to expiration, we recommend that you create snapshots for disks attached to the instances to back up data and release the instances. For information about how to create snapshots, see Create a snapshot.
Refined ECS Cost Insight Capabilities	Assesses whether ECS advanced capabilities, such as upgrade capabilities, were used in the account to optimize costs.	Auto-renewal of Subscription ECS Instances	Checks whether auto-renewal is enabled for subscription ECS instances in the account to prevent service interruptions.	10	High-risk item: If subscription ECS instances exist in the account and auto-renewal is disabled for all the instances, the item scores 0 points. Warned item: If subscription ECS instances exist in the account and auto-renewal is enabled for one or more of the instances, the item scores 5 points. Unassessed item: If no subscription ECS instances exist in the account, the item is not assessed. Scored item: If subscription ECS instances exist in the account and auto-renewal is enabled for all the instances, the item scores 10 points.	Yes	Enable auto-renewal for subscription ECS instances that you want to retain for long-term use based on your business requirements. Auto-renewal helps reduce management costs and prevents the services on ECS instances from being interrupted if manual renewal for the instances fails. For more information, see Auto-renewal.
		Proper Spot Instance Utilization	Checks whether reserved instances in the account are underutilized.	10	High-risk item: If reserved instances exist in the account and the utilization of the reserved instances is lower than 90%, the item scores 0 points. Unassessed item: If no reserved instances exist in the account, the item is not assessed. Scored item: If reserved instances exist in the account and the utilization of the reserved instances exceeds 90%, the item scores 10 points.	Yes	After you purchase a reserved instance, you can view various information of the reserved instance, such as the ECS instances whose bills can be offset by the reserved instance and the normalization factor of the reserved instance. This helps you determine the usage status of the reserved instance. You can also view the billing details, utilization, and coverage rate of the reserved instance. For more information, see View reserved instances. Your workloads may change. For example, you may want your workloads to be dispersed across low-specification instances or concentrated on a few high-specification instances, or you may want to extend the capacity of instances across zones. To adapt to workload changes, you can split, merge, or modify existing reserved instances to match spot instances of different specifications and zones. For more information, see Split, merge, or modify reserved instances.
		Proper Savings Plan Utilization	Checks whether savings plans in the account are underutilized.	10	High-risk item: If savings plans exist in the account and the utilization of the savings plans is lower than 90%, the item scores 0 points. Unassessed item: If no savings plans exist in the account, the item is not assessed. Scored item: If savings plans exist in the account and the utilization of the savings plans exceeds 90%, the item scores 10 points.	Yes	To maximize cost savings, we recommend that you monitor the usage of savings plans and adjust savings plan configurations at the earliest opportunity based on your business requirements. Alibaba Cloud provides a utilization report and a coverage report for your savings plans. You can optimize the usage of savings plans based on the reports by following the suggestions in the View and optimize the usage of savings plans topic or the recommendations on the Savings Plan Purchase Scheme Calculation page in the Expenses and Costs console.
		Expiring Savings Plans	Checks whether savings plans that are about to expire within 30 days exist in the account.	5	Warned item: If savings plans that are about to expire within 30 days exist in the account, the item scores 0 points. Unassessed item: If no savings plans exist in the account, the item is not assessed. Scored item: If savings plans whose expiration dates are more than 30 days away exist in the account, the item scores 5 points.	Yes	Before a savings plan expires, you can manually renew or enable auto-renewal for the savings plan to extend the duration of the savings plan. You can renew a savings plan on the Overview tab of Savings Plan page in the Expenses and Costs console. You can also manually renew or enable auto-renewal for a savings plan on the Renewal page in the Expenses and Costs console. For more information, see Renewal guide for the international site (alibabacloud.com).
Cost Analysis Capabilities	Assesses whether the cost analysis tools of Alibaba Cloud were used in the account to analyze and optimize costs.	Use of Cost Center and Cost Allocation Tags for Cost Management	Checks whether the Cost Center and cost allocation tags are used in the account to manage costs.	10	Information item: If the Cost Center and cost allocation tags were not used to allocate costs in the account, the item scores 0 points. Scored item: If the Cost Center and cost allocation tags were used to allocate costs in the account during a previous time period, the item scores 10 points.	No	Use the Cost Center and cost allocation tags to allocate costs based on your business requirements. This provides references for enterprise cost allocation based on the resource usage and costs of split items. For more information, see Split Bill and Use tags to manage costs.
		Use of Budget Management	Checks whether the budget management feature is used in the account to manage costs.	5	Information item: If the budget management feature was not used in the account, the item scores 0 points. Scored item: If the budget management feature was used in the account during a previous time period, the item scores 5 points.	No	Use the budget management feature to manage costs in a fine-grained manner based on your business requirements. For more information, see Budget management.
		Unused Resources	Checks whether unused resources exist in the account.	10	High-risk item: If Elastic Block Storage (EBS) resources that remain unattached for three consecutive days or longer exist in the account, the item scores 0 points. Scored item: If EBS resources that remain unattached for three consecutive days or longer do not exist in the account, the item scores 10 points.	Yes	If you no longer require the EBS resources that remain unattached for three consecutive days or longer, we recommend that you release the resources to reduce costs.

Automation

In the Automation dimension, ECS Insight assesses your use of automation capabilities to improve the O&M efficiency of ECS instances and associated resources, and provides optimization suggestions.

ECS Insight provides the following categories of capabilities in the Automation dimension: Basic Automation Capabilities, Advanced Automation Capabilities, and Premium Automation Capabilities. Each category contains multiple assessment items. The following table describes the scores, scoring rules, and best practices of each assessment item.

Category	Category description	Assessment item	Assessment item description	Full score (points)	Scoring rules	Whether to return affected resources	Best practices
Basic Automation Capabilities	Assesses whether automation tools were used in the account.	Use of ECS API Operations for O&M and Management	Checks whether ECS API operations are called to manage ECS instances in the account.	10	Warned item: If 10 or more ECS instances exist in the account and no API operations are called to manage or maintain the instances, the item scores 0 points. Unassessed item: If fewer than 10 ECS instances exist in the account and no API operations are called to manage or maintain the instances, the item is not assessed. Scored item: If 10 or more ECS instances exist in the account and API operations are called to manage and maintain the instances, the item scores 10 points.	No	Call API operations to manage or maintain ECS instances based on your business requirements to improve O&M and management efficiency. For more information, see List of operations by function.
		Use of Latest SDKs to Create and Manage ECS Resources	Checks whether the latest SDKs are used to create or manage ECS instances in the account to improve O&M efficiency.	10	Warned item: If 10 or more ECS instances exist in the account and Auto Scaling SDKs, Resource Orchestration Service (ROS) SDKs, or Server Migration Center (SMC) SDKs are not used to manage or maintain the instances, the item scores 0 points. Unassessed item: If fewer than 10 ECS instances exist in the account, the item is not assessed. Scored item: If 10 or more ECS instances exist in the account and Auto Scaling SDKs, ROS SDKs, or SMC SDKs are used to manage and maintain the instances, the item scores 10 points.	No	Use the latest SDKs to create or manage ECS resources based on your business requirements to improve the management efficiency of cloud resources. For more information, see Create and manage an ECS instance by using an SDK.
		Use of Latest CLIs to Create and Manage ECS Resources	Checks whether the latest CLIs are used to create or manage ECS instances in the account to improve O&M efficiency.	10	Warned item: If 10 or more ECS instances exist in the account and the Auto Scaling CLI, ROS CLI, or SMC CLI is not used to manage or maintain the instances, the item scores 0 points. Unassessed item: If fewer than 10 ECS instances exist in the account, the item is not assessed. Scored item: If 10 or more ECS instances exist in the account and the Auto Scaling CLI, ROS CLI, or SMC CLI is used to manage and maintain the instances, the item scores 10 points.	No	Use the latest CLIs to create or manage ECS resources based on your business requirements to improve the management efficiency of cloud resources. For more information, see CLI Reference.
Advanced Automation Capabilities	Assesses whether advanced automation capabilities were used in the account.	Use of ROS to Provision ECS Resources	Checks whether ROS is used to provision resources in the account to improve O&M efficiency.	10	Information item: If ECS resources, RDS resources, or SLB resources existed in the account during a previous time period and ROS was not used to provision resources, the item scores 0 points. Unassessed item: If ECS instances existed in the account during a previous time period, but SLB resources or RDS resources did not exist in the account during the period, the item is not assessed. Scored item: If ECS resources, RDS resources, or SLB resources existed in the account during a previous time period and ROS was used to provision resources, the item scores 10 points.	No	Create stacks and use templates to deliver ECS-related resources based on your business requirements to improve delivery efficiency. For more information, see Create a stack. Go to the Solution Center page in the ROS console, select a solution based on your business scenario, and then debug and apply the solution.
		Use of Cloud Assistant for O&M and Management	Checks whether Cloud Assistant is used to deploy, operate, and maintain ECS resources in the account to improve instance management efficiency.	10	Information item: If Cloud Assistant was not used to execute tasks in the account during a previous time period, the item scores 0 points. Scored item: If Cloud Assistant was used to execute tasks in the account during a previous time period, the item scores 10 points.	No	Use Cloud Assistant to perform O&M on ECS instances based on your business requirements, including running commands and uploading files, to improve O&M efficiency. For more information, see Overview of Cloud Assistant and Use Cloud Assistant.
		Use of OOS for Automated O&M	Checks whether CloudOps Orchestration Service (OOS) is used to operate and maintain ECS instances in the account to improve instance management efficiency.	10	Information item: If OOS was not used to execute tasks in the account during a previous time period, the item scores 0 points. Scored item: If OOS was used to execute tasks in the account during a previous time period, the item scores 10 points.	No	Use OOS to batch manage ECS instances based on your business requirements, including starting or stopping ECS instances based on a schedule and temporarily upgrading ECS instance bandwidth, to improve management efficiency. For more information, see Manage multiple instances at a time, Start or stop instances at a scheduled time, and Temporarily upgrade the bandwidth.
Premium Automation Capabilities	Assesses whether premium automation capabilities were used in the account.	Use of OOS Scheduled O&M, Alert O&M, and Event-triggered O&M	Checks whether the Scheduled O&M, Alert O&M, and Event-triggered O&M features of OOS are used in the account to improve instance management efficiency.	10	Information item: If scheduled, event-triggered, or alert O&M tasks of OOS were not used in the account during a previous time period, the item scores 0 points. Scored item: If scheduled, event-triggered, or alert O&M tasks of OOS were used in the account during a previous time period, the item scores 10 points.	No	Use the scheduled, event-triggered, or alert O&M tasks of OOS based on your business requirements to improve O&M automation and efficiency. For more information, see Perform scheduled O&M, Create an alert O&M task, and Create an event-trigger O&M task.
		Use of Patch Management for O&M and Management	Checks whether the patch management feature is used to scan for or install system patches on ECS instances in the account to improve instance security.	10	Information item: If the patch management feature was not used to scan for or install system patches on ECS instances in the account during a previous time period, the item scores 0 points. Scored item: If the patch management feature was used to scan for or install system patches on ECS instances in the account during a previous time period, the item scores 10 points.	No	Use the patch management feature to automatically update system patches based on your business requirements to improve operating system security. For more information, see Patch management overview.
		Use of Software Package Management for O&M and Management	Checks whether the software package management feature is used to manage or upgrade applications in the account to improve instance management efficiency.	10	Information item: If the software package management feature was not used in the account during a previous time period, the item scores 0 points. Scored item: If the software package management feature was used in the account during a previous time period, the item scores 10 points.	No	Use the software package management feature to manage the software used by different teams in a unified manner based on your business requirements. This improves cloud management efficiency. For more information, see Manage custom software on multiple ECS instances at a time.
		Use of OOS Templates to Create Images	Checks whether OOS templates are used to create images in the account to improve instance management efficiency.	10	Information item: If OOS public or custom templates are not used to create custom images in the account, the item scores 0 points. Scored item: If OOS public or custom templates are used to create custom images in the account, the item scores 10 points.	No	Use OOS custom templates to create custom images based on your business requirements to improve image management efficiency. For more information, see Use OOS to create a custom image.

Reliability

In the Reliability dimension, ECS Insight assesses whether ECS instances have potential risks related to single points of stability and business high availability, and provides optimization suggestions.

ECS Insight provides the following categories of capabilities in the Reliability dimension: Instance Stability, Performance Reliability, and Application Reliability. Each category contains multiple assessment items. The following table describes the scores, scoring rules, and best practices of each assessment item.

Category	Category description	Assessment item	Assessment item description	Full score (points)	Scoring rules	Whether to return affected resources	Best practices
Instance Stability	Assesses whether proactive O&M was performed on important ECS instances in the account to improve instance stability.	Fast Response to Scheduled O&M Events	Checks whether pending O&M events exist in the account.	10	High-risk item: If one or more pending O&M events exist in the account, the item scores 0 points. Scored item: If no pending O&M events exist in the account, the item scores 10 points.	Yes	View and handle ECS system events and configure event-driven automatic response rules based on your business requirements to reduce business risks. For more information, see Query and handle ECS system events and Subscribe to ECS system event notifications.
		No Instances Automatically Stopped	Checks whether ECS instances in the account are automatically stopped due to overdue payments or security issues.	10	High-risk item: If the account has ECS instances that are stopped due to overdue payments or security issues, the item scores 0 points. Scored item: If ECS instances that are stopped due to overdue payments or security issues do not exist in the account, the item scores 10 points.	Yes	Add funds to your account at the earliest opportunity to complete the payments and reactivate the ECS instances based on your business requirements. For more information, see Overdue payments. Log on to the Security Center console and view and handle security risks. For more information, see View and handle alerts.
		Snapshots Created Within Previous 7 Days	Checks whether snapshots were created in the account within the previous 7 days to improve instance data reliability.	10	High-risk item: If no snapshots were created within the previous 7 days, the item scores 0 points even if snapshots exist in the account. Information item: If snapshots were created within the previous 7 days, snapshots exist in the account, and no snapshot policies exist in the account, the item scores 5 points. Scored item: If snapshots were created within the previous 7 days and snapshots and snapshot policies exist in the account, the item scores 10 points.	No	We recommend that you configure automatic snapshot policies for disks attached to important ECS instances to back up disk data on a periodic basis. For more information, see Create an automatic snapshot policy.
Performance Reliability	Assesses whether ECS instances that poorly performed in the account were detected and handled to improve performance reliability.	High CPU Utilization of ECS Instances	Checks whether ECS instances in the account have high CPU utilization.	10	High-risk item: If one or more ECS instances in the account have high CPU utilization, the item scores 0 points. Scored item: If no ECS instances in the account have high CPU utilization, the item scores 10 points. CPU utilization that exceeds 85% for longer than 8 hours in total is considered high.	Yes	Monitor the CPU utilization of ECS instances and configure alert rules based on your business requirements. If the CPU utilization is abnormal, you can handle the anomaly at the earliest opportunity to ensure that your business runs as expected. For more information, see Configure alert rules for an ECS instance.
		High Memory Usage of ECS Instances	Checks whether ECS instances in the account have high memory usage.	10	High-risk item: If ECS instances in the account have high memory usage, the item scores 0 points. Scored item: If no ECS instances in the account have high memory usage, the item scores 10 points. Memory usage that exceeds 85% for longer than 8 hours in total is considered high.	Yes	Monitor the memory usage of ECS instances and configure alert rules based on your business requirements. If the memory usage is abnormal, you can handle the anomaly at the earliest opportunity to ensure that your business runs as expected. For more information, see Configure alert rules for an ECS instance.
		High Storage Space Usage of Cloud Disks	Checks whether the storage space usage of cloud disks in the account is high.	10	High-risk item: If the storage space usage of cloud disks in the account exceeds 80%, the item scores 0 points. Scored item: If the storage space usage of cloud disks in the account does not exceed 80%, the item scores 10 points.	Yes	Monitor the storage space usage of cloud disks on ECS instances, and resize the cloud disks whose storage space usage is high at the earliest opportunity based on your business requirements to reduce business risks. For more information, see Configure alert rules for an ECS instance.
		High Cloud Disk Utilization	Checks whether cloud disks in the account have high utilization.	10	High-risk item: If cloud disks whose IOPS or BPS utilization exceeds 99% exist in the account, the item scores 0 points. Scored item: If cloud disks whose IOPS or BPS utilization exceeds 99% do not exist in the account, the item scores 10 points.	Yes	Change the category or size of the cloud disks whose IOPS or BPS utilization exceeds 99% based on your business requirements. For more information, see Block storage performance and Change the category of a disk.
		Excessive Security Group Rules Associated with ECS Instances	Checks whether the number of security group rules associated with ECS instances in the account is higher than expected.	10	High-risk item: If 50 or more security group rules are associated with one or more ECS instances that are deployed in VPCs in the account, the item scores 0 points. Scored item: If fewer than 50 security group rules are associated with each ECS instance that is deployed in a VPC in the account, the item scores 10 points.	Yes	Delete unnecessary security group rules based on your business requirements. This prevents excessive security group rules from being associated with a single ECS instance. For more information, see Guidelines for using security groups and use cases.
		Normal ECS Instance Network Performance	Checks whether the network performance of ECS instances in the account degrades.	10	High-risk item: If ECS instances in the account have incomplete Performance Degradation (performanceImpacted) events, the item scores 0 points. Scored item: If no ECS instances in the account have incomplete Performance Degradation (performanceImpacted) events, the item scores 10 points.	Yes	View and handle the Performance Degradation events based on your business requirements to prevent the events from affecting your business. For more information, see Query and handle ECS system events and Subscribe to ECS system event notifications.
Application Reliability	Assesses whether deployment sets were used in the account to improve application reliability and availability.	Proper Use of Deployment Sets	Checks whether deployment sets are used in the account to improve cluster availability.	10	Warned item: If more than two ECS instances existed in the account, multiple ECS instances resided in the same zone, and no ECS instances were deployed in deployment sets during a previous time period, the item scores 0 points. Unassessed item: If one or no ECS instances existed in the account during a previous time period, the item is not assessed. Scored item: If more than two ECS instances existed in the account, multiple ECS instances resided in the same zone, and multiple ECS instances were deployed in deployment sets during a previous time period, the item scores 10 points.	No	Create deployment sets and change the deployment sets of ECS instances based on your business requirements. Deploy ECS instances on different physical servers to improve the high availability and disaster recovery capabilities of your business. For more information, see Deployment set.

Elasticity

In the Elasticity dimension, ECS Insight assesses the usage of elasticity capabilities for ECS resources, identifies elasticity risks, and provides optimization suggestions.

ECS Insight provides the following categories of capabilities in the Elasticity dimension: Basic Elasticity Capabilities, Advanced Elasticity Capabilities, and Premium Elasticity Capabilities. Each category contains multiple assessment items. The following table describes the scores, scoring rules, and best practices of each assessment item.

Category	Category description	Assessment item	Assessment item description	Full score (points)	Scoring rules	Whether to return affected resources	Best practices
Basic Elasticity Capabilities	Assesses whether basic elasticity capabilities of ECS were used in the account.	Use of Auto Scaling to Frequently Create or Release ECS Instances	Checks whether Auto Scaling is used to frequently create or release ECS instances in the account.	10	Information item: If the RunInstances or DeleteInstances operation is frequently called to create or release pay-as-you-go or spot ECS instances in the account and Auto Scaling is not used, the item scores 0 points. Unassessed item: If the RunInstances or DeleteInstances operation is not frequently called to create or release pay-as-you-go or spot ECS instances in the account, the item is not assessed. Scored item: If the RunInstances or DeleteInstances operation is frequently called to create or release pay-as-you-go or spot ECS instances in the account and Auto Scaling is used, the item scores 10 points. The RunInstances or DeleteInstances operation is considered to be frequently called when the call frequency exceeds 3 times per day for 7 consecutive days.	No	We recommend that you use Auto Scaling based on your business requirements. This helps you cope with business traffic fluctuations while improving resource utilization and effectively reducing costs. For more information, see Usage process of Auto Scaling.
Basic Elasticity Capabilities		Use of Auto Provisioning for Large-scale Scaling Activities	Checks whether large-scale scaling activities are performed in the account but Auto Provisioning is not used.	10	Information item: If one or more large-scale scaling activities were performed in the account within the previous 7 days but Auto Scaling or Auto Provisioning is not used, the item scores 0 points. Unassessed item: If no large-scale scaling activities were performed in the account within the previous 7 days, the item is not assessed. Scored item: If one or more large-scale scaling activities were performed in the account within the previous 7 days and Auto Provisioning is used, the item scores 10 points. A large-scale scaling activity is a scaling activity that is performed to scale in or scale out more than 50 pay-as-you-go or spot ECS instances.	No
Advanced Elasticity Capabilities	Assesses whether infrequent scaling activities, high-load scaling groups, and scaling activities that have low success rates were detected in the account.	Active Scaling Groups Within the Previous Month	Checks whether scaling groups that do not have scaling activities for an extended period of time exist in the account.	10	Warned item: If scaling groups that did not have scaling activities for more than one month exist in the account, the item scores 0 points. Unassessed item: If no scaling groups exist in the account, the item is not assessed. Scored item: If scaling groups that had successful scaling activities in the previous month exist in the account, the item scores 10 points.	No	A scaling activity may fail to complete for specific reasons. You must troubleshoot the issue at the earliest opportunity. For more information, see Troubleshoot scaling activity exceptions.
		Proper Success Rate of Scaling Activities	Checks whether the scaling activities of scaling groups in the account have an appropriate success rate.	10	Warned item: If scaling groups existed in the account in the previous day and had a success rate of scaling activities that was lower than 90%, the item scores 0 points. Unassessed item: If no scaling groups existed in the account in the previous day, the item is not assessed. Scored item: If scaling groups existed in the account in the previous day and had a 90% or higher success rate of scaling activities, the item scores 10 points.	No	To improve the success rate of scale-out events, you can enable the Extend Launch Template feature when you create a scaling group. The Extend Launch Template feature allows you to specify multiple instance types for the scaling group at the same time. In this case, you can create a multi-instance type scaling group by using a launch template. For more information, see Create a multi-instance type scaling group by using a launch template. Troubleshoot scaling activity exceptions at the earliest opportunity. For more information, see Troubleshoot scaling activity exceptions.
		High-load Scaling Groups	Checks whether high-load scaling groups exist in the account.	20	High-risk item: If scaling groups in the account had average CPU utilization or memory usage that was higher than 95% for longer than 8 hours in total within the previous 7 days, the item scores 0 points. Warned item: If scaling groups in the account had average CPU utilization or memory usage that was higher than 85% for longer than 8 hours in total within the previous 7 days, the item scores 0 points. Unassessed item: If no scaling groups exist in the account, the item is not assessed. Scored item: If scaling groups in the account had proper average CPU utilization or memory usage within the previous 7 days, the item scores 20 points.	No	Create target tracking scaling rules of Auto Scaling to quickly trigger auto scaling and ensure system stability and availability. For more information, see Target tracking scaling rule. If your business has an outburst of traffic or you cannot predict the peak hours, use event-triggered tasks to automatically adjust the number of instances in a scaling group in real time based on the resource usage of your business. For more information, see Overview of event-triggered tasks.
Premium Elasticity Capabilities	Assesses whether premium elasticity capabilities, such as cost optimization policies and instance type combination, were used in the account to improve elasticity.	Use of Spot Instances or Cost Optimization Policies in Recurring Tasks	Checks whether spot instances or cost optimization policies are used in recurring tasks in the account.	20	Information item: If scaling groups that had an average instance lifetime of less than 1 hour and did not use spot instances within the previous 7 days exist in the account, the item scores 0 points. Unassessed item: If no scaling groups exist in the account, the item is not assessed. Scored item: If scaling groups that had an average instance lifetime of less than 1 hour and used spot instances within the previous 7 days exist in the account, the item scores 20 points.	No	Use scaling groups to reduce costs based on your business requirements. For more information, see Save your money with Auto Scaling and Combine a cost optimization policy with the selection of multiple instance types.
Premium Elasticity Capabilities		Use of Multi-instance Type and Multi-zone Scaling Groups	Checks whether risks that affect the scaling success rate of scaling groups in the account exist.	20	Information item: If scaling groups that do not span multiple zones or do not use multiple ECS instance types in scaling configurations existed in the account during a previous time period, the item scores 0 points. Unassessed item: If one or no ECS instances existed in the account during a previous time period, the item is not assessed. Scored item: If scaling groups that span multiple zones or use multiple ECS instance types in scaling configurations existed in the account during a previous time period, the item scores 20 points.	No	Select multiple zones by specifying multiple vSwitches when you create a scaling group. For more information, see Deploy resilient computing clusters with load-balanced distribution. Specify multiple instance types when you create a scaling configuration after you create a scaling group. For more information, see Use the Specify Instance Pattern feature in a scaling configuration.

Security

In the Security dimension, ECS Insight assesses whether ECS instances and associated resources in the current account have data security, network security, and access security risks, and provides corresponding optimization suggestions.

ECS Insight provides the following categories of capabilities in the Security dimension: Instance Data Security, Instance Access Security, and Instance Network Security. Each category contains multiple assessment items. The following table describes the scores, scoring rules, and best practices of each assessment item.

Category	Category description	Assessment item	Assessment item description	Full score (points)	Scoring rules	Whether to return affected resources	Best practices
Instance Data Security	Assesses whether data protection capabilities, such as data encryption, were used in the account to improve instance data security.	Use of RAM Users and RAM Roles for Functional Operations	Checks whether RAM users and RAM roles, instead of the Alibaba Cloud account, are used to perform functional operations to improve account security.	15	High-risk item: If only the Alibaba Cloud account was used to call API operations of elastic computing services during a previous time period, the item scores 0 points. Warned item: If the Alibaba Cloud account, RAM users, and RAM roles were used to call API operations of elastic computing services during a previous time period, the item scores 5 points. Unassessed item: If no API operations of elastic computing services were called in the account during a previous time period, the item is not assessed. Scored item: If the Alibaba Cloud account was not used to call API operations of elastic computing services during a previous time period, the item scores 15 points.	Yes	We recommend that you use RAM users, RAM roles, and account groups to improve account security and ensure business security. For more information, see Create a RAM user and Grant permissions to a RAM user.
Instance Data Security		Use of Disk Encryption	Checks whether disk encryption is used in the account to improve data security.	10	Warned item: If unencrypted cloud disks were created and encrypted cloud disks were not created in the account during a previous time period, the item scores 0 points. Unassessed item: If no cloud disks exist in the account, the item is not assessed. Scored item: If encrypted cloud disks were created in the account during a previous time period, the item scores 10 points.	Yes	Encrypt system disks or data disks based on your business requirements to improve data security. For more information, see Encrypt a disk.
Instance Access Security	Assesses whether security hardening capabilities were used in the account to improve instance access security.	Use of Key Pairs (Linux Only)	Checks whether key pairs are used to log on to Linux ECS instances in the account to improve instance access security.	10	Information item: If Linux ECS instances existed in the account but key pairs did not exist in the account during a previous time period, the item scores 0 points. Unassessed item: If no Linux ECS instances existed in the account during a previous time period, the item is not assessed. Scored item: If key pairs existed in the account during a previous time period, the item scores 10 points.	No	Use key pairs to log on to Linux ECS instances based on your business requirements to improve instance access security. For more information, see Connect to a Linux instance by using an SSH key pair.
		Use of Non-root Users for Logons to Linux ECS Instances	Checks whether non-root users are used to log on to Linux ECS instances in the account to improve instance access security.	10	High-risk item: If root is configured as the logon username for all Linux ECS instances in the account, the item scores 0 points. Warned item: If root is configured as the logon username for specific Linux ECS instances in the account, the item scores 5 points. Unassessed item: If no Linux ECS instances exist in the account, the item is not assessed. Scored item: If a non-root username is configured as the logon username for all Linux ECS instances in the account, the item scores 10 points.	Yes	When you create a Linux ECS instance, configure the ecs-user account as the default logon account to reduce the risks of ECS instance operations and ensure data security. For information about how to create an ECS instance, see Create an instance on the Custom Launch tab. For an existing Linux ECS instance, bind an SSH key pair of a non-root user to the instance. For more information, see Bind an SSH key pair.
		Unrestricted Access to Specific Security Group Ports	Checks whether security groups in the account allow restricted access to specific ports.	15	High-risk item: If security groups that allow unlimited access to ports 20, 21, 1433, 1434, 3306, 3389, 4333, 5432, and 5500 exist in the account and are associated with ECS instances, the item scores 0 points. Scored item: If security groups that allow unlimited access to ports 20, 21, 1433, 1434, 3306, 3389, 4333, 5432, and 5500 do not exist in the account or are not associated with ECS instances, the item scores 15 points.	Yes	Modify security group rules to control access to critical ports based on your business requirements, such as ports 20, 21, 1433, 1434, 3306, 3389, 4333, 5432, and 5500. For more information, see Security group rules and Guidelines for using security groups and use cases.
		EOL of Operating Systems on ECS Instances	Checks whether the operating systems used by ECS instances in the account approached or already reached end of life (EOL).	10	High-risk item: If ECS instances in the account run operating systems that reached EOL, the item scores 0 points. Scored item: If no ECS instances in the account run operating systems that reached or approached EOL, the item scores 10 points.	Yes	Technical support for operating systems of ECS instances may be discontinued due to reasons such as EOL, end of third-party support, and evolution of open source projects. In this case, we recommend that you migrate or upgrade the operating systems. For more information, see Migrate and upgrade the operating system of an ECS instance.
Instance Network Security	Assesses whether the account was exposed to cybersecurity risks.	ECS Instances under DDoS Attacks	Checks whether ECS instances in the account are under DDoS attacks.	15	High-risk item: If one or more ECS instances in the account are under DDoS attacks or blackhole filtering is triggered for the instances due to DDoS attacks, the item scores 0 points. Scored item: If no ECS instances in the account are under DDoS attacks, the item scores 15 points.	Yes	Configure proper scrubbing thresholds based on your business requirements to prevent unexpected scrubbing. For more information, see Configure traffic scrubbing thresholds.