This topic describes how to use Function Compute to build a public, open, and secure cloud computing service platform that ensures data security, user privacy, and data usage.
Alibaba Cloud Function Compute is a fully managed event-driven computing service. Function Compute allows you to focus on writing and uploading code without the need to manage infrastructure resources such as servers. Function Compute prepares computing resources to ensure resource elasticity and reliability when you run your code and provides features such as logging, performance monitoring, and alerting.
Data security and user privacy are the top priorities of Alibaba Cloud. Alibaba Cloud is committed to building a public, open, and secure cloud computing service platform. Function Compute is developed based on the basic services of Alibaba Cloud. The following figure shows the security responsibilities of Function Compute and users. Function Compute ensures service security in aspects such as function access, function scheduling, and runtimes. Users are responsible for the security of identity credentials, function code, layers, and configurations.
From the perspective of data usage, Function Compute workflows include the control plane and the data plane. The following figure shows the workflows in detail.
Control-plane workflows
The control-plane workflow includes function permission control, and the addition, deletion, modification, and query of code and configurations. In most cases, the control-plane workflow involves secure transmission and storage of data, such as the function metadata, code, layers, and image caches.
Data-plane workflows
The data-plane workflow refers to the invocation process of a function. Three modules are involved in the invocation process of a function: the access service, scheduling service, and compute nodes.
The access service receives function invocation requests and initiates invocations.
The scheduling service manages the lifecycles of compute nodes and function instances and invocation routes.
A compute node includes multiple function instances. User code is run in the runtime environment of the function instances.
