ECS evaluation experience, use notes
Introduction to Alibaba Cloud Infrastructure
When running as a virtual machine, there are 1. instance (instance), and each instance instance has a 2. disk (disk). Due to the need for backup, we can take a 3. snapshot of the virtual machine at any time. The greatest convenience of the virtual machine is It can be cloned to generate a large number of new virtual machines, that is to say, our template, in the public cloud, our template is called 4. Image (image), and then our network in Alibaba Cloud includes 5. Classic network (security group) and virtual network (VPC) are two different network types.
In the entire large physical space, all data centers will be divided in the form of Region and zone. Region is the concept of a large geographical space. For China, it is divided into five large regions, foreign Silicon Valley, Dubai
Inside the region is our availability zone, also called zone. For the understanding of zone, it is a data center that is divided into thermal power and completely isolated.
Hangzhou and Beijing use the public network, and the network delay is relatively high. The zone and the zone are interconnected through the intranet, which can reach 10 Gigabit. Each zone instance runs inside the zone. We say inside the data center, all disk disks belong to only one zone, that is to say, they are visible within the zone. As a virtual private network, VPC can be seen in the region and across zones. Yes, inside a VPC is a security group, and a security group can be understood as a firewall. Because ECS instances inside a firewall all have to run the same application, so one more security group is visible in a Region, so it can be across zones. All memory, including CPU, of an instance comes from the same zone. To be clear, it only comes from a physical machine in the zone. EIP (elastic IP) is closely related to VPC, and the elastic IP is only within a Region. It can be seen that the EIP can be mounted on any instance in the Region. With maintenance changes and management needs, the EIP can be migrated from an instance in one zone to an instance in another zone. For ECS instances, we can pass If the backup is performed in the form of a snapshot, then for the snapshot, it is visible in the region, and the image of the virtual machine is also visible in the region.
Then we can see from the above that for the choice of a cloud product and service, the choice of a region is very, very important first. The most basic reason is that we can access nearby. According to the principle of nearest access, each user should choose their own If we want to migrate our services across regions, it is very, very difficult to do on Alibaba Cloud today. The only means of migration across regions that can be provided now is region copy, and the ECS instance is running Inside a data center, if a data center goes down, or if a physical machine in the data center goes down, an ECS instance can be cold migrated in the zone, and if a physical machine goes down, the ECS running on it Instances can be migrated from one physical machine to another, but they cannot be migrated across zones, which may bring us a new problem
ECS Concepts - Examples
As a virtual machine, it must include CPU, memory, and system disk (the preferred medium for saving the operating system). The size of the system varies according to the operating system.
Linux system disk size is 20GB
Windows system disk size is 40GB
For ECS instances, there is a new concept, instance specifications
Overview of ECS Disks
The three boxes represent different x86 physical servers. The Pangu distributed file system is deployed on these three physical servers, and all the disks are opened up through the Pangu distributed file system to become a unified file system to provide external services. , it is our cloud disk that provides services on the distributed file system. The ECS instance that the cloud disk can be mounted on is used as our system disk or our data disk. Another type of disk is called local SSD disk, local SSD disk It cannot be uninstalled as a built-in disk that is actually installed on the physical machine where the ECS instance is located, providing very good I/O performance.
Test throughput linux dd
The FIO method tests its IOPS. For cloud disks, cloud disks can be mounted. All cloud disks that can be mounted are called independent cloud disks.
For ECS backup, it is the simplest application backup method. Then we save the entire ECS system disk and its data disk to our OSS in the form of snapshots, incremental snapshots and full snapshots. ECS snapshots include manual Snapshots and automatic snapshots are two different ways. Manual snapshots can include our habits, or technical snapshots can be taken at any time if we need to use them. Day plus last weekend's snapshot, when our system has problems, we can roll back our system image through our snapshot.
For virtual machines, how to quickly clone is a very important function. Templates are called images on the Zi'an public cloud. The images provided by Alibaba Cloud include:
Custom image (the image of the fixed disk software installed by the customer according to our needs),
The third-party mirror market partners have installed and deployed applications,
system image
Officially provided mirror
Windows mirroring and linux mirroring
When using the image, pay attention to the cloud disk. If our ECS instance is mounted with an independent cloud disk, and the cloud disk is forcibly loaded during the ECS startup process, there may be problems. If we make this ECS instance an image , and then multiple ECS copies will be generated from the image, and there will be competition for independent cloud disks. For example, the independent cloud disk we mentioned before cannot be used as a shared disk, or it cannot be mounted for multiple operations. ECS instance, in this case, a newly generated or newly cloned ECS instance
It cannot be started, so when we make an image, we must comment out the commands that automatically mount the disk in the table below the ETC. In addition, everyone should pay attention to all newly generated images. He will put our system account and our The content of the DNS resolution of the network will be preserved. If you need to change it, you should prepare in advance.
In terms of ECS network, let's talk about its security first. ECS security group is equivalent to a firewall. In the way of use, it adopts the ID table of Linux. Through the Linux IDtable , he can specify a whitelist, which is in our security group. Which network segments and which IPs are we allowed to access. Security groups are used as a means of isolation. All Alibaba Cloud accounts lack a security group. All ECS instances we create, whether we define a security group or not, will be in the default security group. A user can have up to 100 security groups, each security group has up to 1000 instances, and each instance can be added to up to 5 security groups, that is, our instance has up to five firewalls on its perimeter; There can be 100 rules, from which IP to access the ECS instance in my security group. In terms of network, we first provide a classic network and then a VPC. The simple understanding of VPC is network virtualization, and ECS provides customers with multi-tenancy. VPC provides customers with a multi-tenant network. VPC is based on SDN technology. We mainly use varvhar on Alibaba Cloud. lia , what is varcharlia , a network system and network communication is divided into 7 layers, the bottom is the physical link layer, on the Internet is the L2 data link layer, the upper is the L3 layer, including a total of 7 different layers, For a network, usually a network segment has a maximum of 256 IPs, which are mainly determined by the L2 link layer. Our microphone address, Zhao Cheng, has a very limited number of IPs, and the number of users on the public cloud is very limited. Every user wants to have a user-independent magnetic network, which will greatly increase the demand for network segments. How to solve this problem, varcharlin 's technology is mainly to send the data packets forwarded by the L2 data link layer to the L3 layer. For delivery, the transmitted data packets are packaged and unpackaged through different Aj at both ends of the physical server . This is equivalent to connecting the L3 layer and the L2 layer, which is often heard in the field of telecom operation. The so-called derqiao combines the second and third layers into one layer. There are two main billing methods for using ECS instances on Alibaba Cloud
ECS operation and maintenance management and API
First, we can manage it through the official console of Alibaba Cloud
The region of the Alibaba Cloud console, when we choose to manage and create ECS, we need to choose the region
What we see in the region is the ECS server. Entering a certain region, we can see ECS instances in Qingdao, including some instances, his operating system, operating status, network, all running on the ECS instance. His network will include two different types: public IP and private IP. We can access Alibaba Cloud's RDS database or OOS through our private IP.
Because it is an intranet, his traffic does not incur additional charges.
But after we click on a specific ECS instance, we can see the running status of the ECS instance, including CPU, disk, memory.... All are displayed to us in the form of a table or a graph, which is convenient for our management. Alibaba Cloud's console provides very good and very convenient management tools, but in some cases we will use open API. For our application development on Alibaba Cloud, there are two main application types. One is the business API or SDK (development and deployment of business programs) management API or SDK (product life cycle management and operation and maintenance on Alibaba Cloud)
An ECS instance can be called 5,000 times a day through the access key. There are a total of 5,000 access key pairs under one user name, and a maximum of 25,000 calls can be made. The API is not particularly convenient to use. When we do development on ECS At times, we provide SDKs in different languages
ECS is the most basic program service. All our applications and all computing services need to be deployed on our ECS. The front end can be load balanced through SOD, and all the structured and unstructured data below can be stored in our ECS. In the RDS database and our OSS object storage, for performance optimization, we can use OCS for read caching, MQ for write caching, and one write through the message mechanism. At the database level, if our RDS Can not meet our load capacity, it can be expanded and expanded through DODS distributed. In OSS, we save all static data. After Internet access, we can also accelerate content through CDN. Online transactions can be done through ODS. The front-end DDC carries out the DI chart loading line, and the monitoring and security of the entire system are completed through cloud shield and cloud monitoring. In this way, we can build a more complete framework. Through the explanation of the above content, I believe that everyone has a simple understanding of the ECS server.
ECS has public network IP and private network IP. If we want to improve the security of ECS, we only use private network IP instead of public network IP. All front-end requests are forwarded to the intranet IP of the ECS back-end, so that ECS will be more secure.
Copyright statement: The content of this article is contributed by Alibaba Cloud real-name registered users. The copyright belongs to the original author. The Alibaba Cloud developer community does not own the copyright and does not assume the corresponding legal responsibility. For specific rules, please refer to the " Alibaba Cloud Developer Community User Service Agreement " and " Alibaba Cloud Developer Community Intellectual Property Protection Guidelines ". If you find any content suspected of plagiarism in this community, fill out the infringement complaint form to report it. Once verified, this community will delete the allegedly infringing content immediately.
【ECS evaluation experience, use notes】There are five main components of ECS
When running as a virtual machine, there are 1. instance (instance), and each instance instance has a 2. disk (disk). Due to the need for backup, we can take a 3. snapshot of the virtual machine at any time. The greatest convenience of the virtual machine is It can be cloned to generate a large number of new virtual machines, that is to say, our template, in the public cloud, our template is called 4. Image (image), and then our network in Alibaba Cloud includes 5. Classic network (security group) and virtual network (VPC) are two different network types.
In the entire large physical space, all data centers will be divided in the form of Region and zone. Region is the concept of a large geographical space. For China, it is divided into five large regions, foreign Silicon Valley, Dubai
Inside the region is our availability zone, also called zone. For the understanding of zone, it is a data center that is divided into thermal power and completely isolated.
Hangzhou and Beijing use the public network, and the network delay is relatively high. The zone and the zone are interconnected through the intranet, which can reach 10 Gigabit. Each zone instance runs inside the zone. We say inside the data center, all disk disks belong to only one zone, that is to say, they are visible within the zone. As a virtual private network, VPC can be seen in the region and across zones. Yes, inside a VPC is a security group, and a security group can be understood as a firewall. Because ECS instances inside a firewall all have to run the same application, so one more security group is visible in a Region, so it can be across zones. All memory, including CPU, of an instance comes from the same zone. To be clear, it only comes from a physical machine in the zone. EIP (elastic IP) is closely related to VPC, and the elastic IP is only within a Region. It can be seen that the EIP can be mounted on any instance in the Region. With maintenance changes and management needs, the EIP can be migrated from an instance in one zone to an instance in another zone. For ECS instances, we can pass If the backup is performed in the form of a snapshot, then for the snapshot, it is visible in the region, and the image of the virtual machine is also visible in the region.
Then we can see from the above that for the choice of a cloud product and service, the choice of a region is very, very important first. The most basic reason is that we can access nearby. According to the principle of nearest access, each user should choose their own If we want to migrate our services across regions, it is very, very difficult to do on Alibaba Cloud today. The only means of migration across regions that can be provided now is region copy, and the ECS instance is running Inside a data center, if a data center goes down, or if a physical machine in the data center goes down, an ECS instance can be cold migrated in the zone, and if a physical machine goes down, the ECS running on it Instances can be migrated from one physical machine to another, but they cannot be migrated across zones, which may bring us a new problem
【ECS evaluation experience, use notes】ECS product concept and function
ECS Concepts - Examples
As a virtual machine, it must include CPU, memory, and system disk (the preferred medium for saving the operating system). The size of the system varies according to the operating system.
Linux system disk size is 20GB
Windows system disk size is 40GB
For ECS instances, there is a new concept, instance specifications
Overview of ECS Disks
The three boxes represent different x86 physical servers. The Pangu distributed file system is deployed on these three physical servers, and all the disks are opened up through the Pangu distributed file system to become a unified file system to provide external services. , it is our cloud disk that provides services on the distributed file system. The ECS instance that the cloud disk can be mounted on is used as our system disk or our data disk. Another type of disk is called local SSD disk, local SSD disk It cannot be uninstalled as a built-in disk that is actually installed on the physical machine where the ECS instance is located, providing very good I/O performance.
Test throughput linux dd
The FIO method tests its IOPS. For cloud disks, cloud disks can be mounted. All cloud disks that can be mounted are called independent cloud disks.
For ECS backup, it is the simplest application backup method. Then we save the entire ECS system disk and its data disk to our OSS in the form of snapshots, incremental snapshots and full snapshots. ECS snapshots include manual Snapshots and automatic snapshots are two different ways. Manual snapshots can include our habits, or technical snapshots can be taken at any time if we need to use them. Day plus last weekend's snapshot, when our system has problems, we can roll back our system image through our snapshot.
【ECS evaluation experience, use notes】The concept of ECS mirroring
For virtual machines, how to quickly clone is a very important function. Templates are called images on the Zi'an public cloud. The images provided by Alibaba Cloud include:
Custom image (the image of the fixed disk software installed by the customer according to our needs),
The third-party mirror market partners have installed and deployed applications,
system image
Officially provided mirror
Windows mirroring and linux mirroring
When using the image, pay attention to the cloud disk. If our ECS instance is mounted with an independent cloud disk, and the cloud disk is forcibly loaded during the ECS startup process, there may be problems. If we make this ECS instance an image , and then multiple ECS copies will be generated from the image, and there will be competition for independent cloud disks. For example, the independent cloud disk we mentioned before cannot be used as a shared disk, or it cannot be mounted for multiple operations. ECS instance, in this case, a newly generated or newly cloned ECS instance
It cannot be started, so when we make an image, we must comment out the commands that automatically mount the disk in the table below the ETC. In addition, everyone should pay attention to all newly generated images. He will put our system account and our The content of the DNS resolution of the network will be preserved. If you need to change it, you should prepare in advance.
In terms of ECS network, let's talk about its security first. ECS security group is equivalent to a firewall. In the way of use, it adopts the ID table of Linux. Through the Linux IDtable , he can specify a whitelist, which is in our security group. Which network segments and which IPs are we allowed to access. Security groups are used as a means of isolation. All Alibaba Cloud accounts lack a security group. All ECS instances we create, whether we define a security group or not, will be in the default security group. A user can have up to 100 security groups, each security group has up to 1000 instances, and each instance can be added to up to 5 security groups, that is, our instance has up to five firewalls on its perimeter; There can be 100 rules, from which IP to access the ECS instance in my security group. In terms of network, we first provide a classic network and then a VPC. The simple understanding of VPC is network virtualization, and ECS provides customers with multi-tenancy. VPC provides customers with a multi-tenant network. VPC is based on SDN technology. We mainly use varvhar on Alibaba Cloud. lia , what is varcharlia , a network system and network communication is divided into 7 layers, the bottom is the physical link layer, on the Internet is the L2 data link layer, the upper is the L3 layer, including a total of 7 different layers, For a network, usually a network segment has a maximum of 256 IPs, which are mainly determined by the L2 link layer. Our microphone address, Zhao Cheng, has a very limited number of IPs, and the number of users on the public cloud is very limited. Every user wants to have a user-independent magnetic network, which will greatly increase the demand for network segments. How to solve this problem, varcharlin 's technology is mainly to send the data packets forwarded by the L2 data link layer to the L3 layer. For delivery, the transmitted data packets are packaged and unpackaged through different Aj at both ends of the physical server . This is equivalent to connecting the L3 layer and the L2 layer, which is often heard in the field of telecom operation. The so-called derqiao combines the second and third layers into one layer. There are two main billing methods for using ECS instances on Alibaba Cloud
ECS operation and maintenance management and API
First, we can manage it through the official console of Alibaba Cloud
The region of the Alibaba Cloud console, when we choose to manage and create ECS, we need to choose the region
What we see in the region is the ECS server. Entering a certain region, we can see ECS instances in Qingdao, including some instances, his operating system, operating status, network, all running on the ECS instance. His network will include two different types: public IP and private IP. We can access Alibaba Cloud's RDS database or OOS through our private IP.
Because it is an intranet, his traffic does not incur additional charges.
But after we click on a specific ECS instance, we can see the running status of the ECS instance, including CPU, disk, memory.... All are displayed to us in the form of a table or a graph, which is convenient for our management. Alibaba Cloud's console provides very good and very convenient management tools, but in some cases we will use open API. For our application development on Alibaba Cloud, there are two main application types. One is the business API or SDK (development and deployment of business programs) management API or SDK (product life cycle management and operation and maintenance on Alibaba Cloud)
An ECS instance can be called 5,000 times a day through the access key. There are a total of 5,000 access key pairs under one user name, and a maximum of 25,000 calls can be made. The API is not particularly convenient to use. When we do development on ECS At times, we provide SDKs in different languages
ECS is the most basic program service. All our applications and all computing services need to be deployed on our ECS. The front end can be load balanced through SOD, and all the structured and unstructured data below can be stored in our ECS. In the RDS database and our OSS object storage, for performance optimization, we can use OCS for read caching, MQ for write caching, and one write through the message mechanism. At the database level, if our RDS Can not meet our load capacity, it can be expanded and expanded through DODS distributed. In OSS, we save all static data. After Internet access, we can also accelerate content through CDN. Online transactions can be done through ODS. The front-end DDC carries out the DI chart loading line, and the monitoring and security of the entire system are completed through cloud shield and cloud monitoring. In this way, we can build a more complete framework. Through the explanation of the above content, I believe that everyone has a simple understanding of the ECS server.
ECS has public network IP and private network IP. If we want to improve the security of ECS, we only use private network IP instead of public network IP. All front-end requests are forwarded to the intranet IP of the ECS back-end, so that ECS will be more secure.
Copyright statement: The content of this article is contributed by Alibaba Cloud real-name registered users. The copyright belongs to the original author. The Alibaba Cloud developer community does not own the copyright and does not assume the corresponding legal responsibility. For specific rules, please refer to the " Alibaba Cloud Developer Community User Service Agreement " and " Alibaba Cloud Developer Community Intellectual Property Protection Guidelines ". If you find any content suspected of plagiarism in this community, fill out the infringement complaint form to report it. Once verified, this community will delete the allegedly infringing content immediately.
Related Articles
-
A detailed explanation of Hadoop core architecture HDFS
Knowledge Base Team
-
What Does IOT Mean
Knowledge Base Team
-
6 Optional Technologies for Data Storage
Knowledge Base Team
-
What Is Blockchain Technology
Knowledge Base Team
Explore More Special Offers
-
Short Message Service(SMS) & Mail Service
50,000 email package starts as low as USD 1.99, 120 short messages start at only USD 1.00
