HCIP Cloud Service Solutions Architect V2.0 Training Material Part1

• IT has evolved from Information Technology to Intelligence Technology.
• Technically speaking, IT covers chips, media, software, and services.

• Kunpeng 920, the world's first 7 nm ARM-based server processor chip, together with
the Hi1710 intelligent management chip, will compete with NVIDIA's AI-based
training/inference chips. Apart from the two, there are also the Ascend series, the
Hi1812 intelligent SSD controller chip, and the Hi1822 intelligent converged network
chip.
• The five chips will work at the compute, management, AI, storage, and transmission
layers respectively, to form a collaborative "intelligent computing” troop in the AI field.
• Faced with AlphaGo's owner Google, who designed the tensor processing unit (TPU),
the chip veteran Intel, the new player in AI, NVIDIA, and the vendors coming from the
Internet industry, Facebook and Amazon, it is hard to predict whether Huawei can
outperform those competitors. Some people may be more pessimistic about Huawei’s
future.
• However, from aspects of technical strength, Huawei has internally-developed chips in

five fields. The full-stack AI capabilities enable Huawei offerings to behave well in
diverse application scenarios. That is Huawei’s unique competitiveness.
• Based on the five series of chips in device-edge-cloud, Huawei is able to build up a

complete, autonomous, and interconnected cloud-edge collaborative ecosystem. It will
help Huawei earn global customers’ recognition in public cloud, private cloud, and
hybrid cloud. Those powerful compute capabilities pave a way for the success of
HUAWEI CLOUD.
• RISC-V was born in 2010 at the University of California, Berkeley. It is simple, stable,
open-source, and free of charge.
• Compared with complex instructions, reduced instruction set computers (RISCs) are
25% simpler in instruction fetch and have unique advantages in speed and power
consumption.
• RISC-V can separate reference instructions from extended instructions, so that

customized modules and extensions can be implemented by using extended
instructions. This brings a revolutionary innovation to the chip industry.
• The ARM processor family are named after Cortex, including Cortex-A, Cortex-R, and
Cortex-M, which apply to different business scenarios. Cortex-A is designed for
consumer products such as smart phones and tablets; Cortex-R for solutions such as
the automobile braking system and power drive; Cortex-M for microcontrollers, which
are sensitive to costs and power consumption.
• Intel has always adhered to the business model of the entire industry chain, while ARM
has its open, cooperative business model.
• Solid state drives (SSDs) have a simple internal structure. An SSD has a PCB board
inside. The basic components on the PCB board are a controller chip, a cache chip
(absent in some low-end drives), and a flash memory chip.
• Not having mechanical parts such as magnetic heads, spindles, rotating motors, and
other moving parts that are integral to hard disk drives (HDDs), SSDs are free from
mechanical faults and can work properly in case of collisions, shocks, and vibrations.
Compared to HDDs, SSDs have absolute advantages in performance, reliability, power
consumption, and portability. These advantages have enabled SSDs to be widely
adopted in a wide range of industries.
• Advantages of SSDs:
▫ High-speed reads and writes: SSDs use flash memory chips as the storage media
and deliver higher read and write speeds than HDDs. SSDs do not have magnetic
heads, and the seek time is almost 0. SSDs have an amazing continuous write
speed. Most SSD vendors claim that their read and write speeds exceed 500 MB/s.
Apart from that, SSDs behave even better in random reads and writes, which are
more frequent in common data scenarios. SSDs are also superior to HDDs in the
access time. Their seek time is 0.1 ms or less, far shorter than 7200 rpm HDDs’,
12 ms to 14 ms.
▫ Robust against shocks and vibrations: HDDs are disk-based, and data is stored in
disk sectors. SSDs are made of flash memory chips, which are also applied in
MP3 players and USB flash drives. SSDs do not have any mechanical components
inside. SSDs can work properly even when they are moving at a high speed or are
even rolled over. Data loss is minimized in case of collisions, shocks, and
vibrations.
▫ Low power consumption: SSDs are more eco-friendly than HDDs.
▫ No noise: SSDs do not have mechanical motors or fans. The operating noise is 0
dB. Benefiting from flash memory chips, SSDs bring about little power
consumption and heat emission when they are operating. They are free from
mechanical failures due to no mechanical moving parts inside, and are insensitive
to collisions, shocks and vibrations.
▫ Wide operating temperature range: HDDs can operate properly in 5°C to 55°C.
Most SSDs can work at –10°C to +70°C. SSDs are smaller and lighter than
HDDs in the same capacity. SSDs are the same as HDDs in interface definitions,
interface specifications, basic functions, and usage, and are similar to HDDs in
sizes and shapes. Flash memory chips inside SSDs can operate properly at –40°C
to +85°C.
▫ Lightweight: An SSD is 20 to 30 grams lighter than a 1.8-inch HDD.

• Disadvantages of SSDs:
▫ Storage capacity: The maximum capacity of an SSD is only 4 TB. (Optimus MAX
released by SanDisk)
▫ Service life: Flash memory chips have a limited number of erasure times, causing
SSDs to have a shorter service life than HDDs. A P/E indicates one erasure of a
flash memory chip. The service life of a flash memory chip is measured by P/Es.
The service life of a 34 nm flash memory chip is about 5,000 P/Es, and that of a
25 nm one is about 3,000 P/Es. AS the SSD firmware algorithm improves, latest-
generation SSDs can suffer from fewer unnecessary data writes. A P/E is counted
only after a 120 GB file is written to a 120 GB SSD. If 50 GB is written to an SSD
every day and a P/E occurs every two days, a service life of 3,000 P/Es means that
the SSD can work for 20 years. The duration of 20 years is long enough because
by that time more advanced storage medium will already have appeared. (In
practice, users perform mainly random writes instead of continuous writes, and
bad sectors are more likely to occur within the service life.) Though theoretically
each sector of a single level cell (SLC) SSD can be erased for 100,000 times, some
applications, such as logging in an operating system, may repeatedly read and
write a sector. In this case, the actual service life of an SSD may be shorter than
the theoretical value. However, the life expectancy of storage units can be
prolonged using the balancing algorithm. As for the service life of writes, an SLC
SSD can be written 100,000 times, a cheaper multiple level cell (MLC) SSD 10,000
writes, and an even cheaper triple level cell (TLC) SSD 500 to 1,000 times.
▫ High prices:
▫ SSDs: $0.XX-$0.XX/GB
▫ 900 GB: $0.XX/GB
▫ 1.8 TB $0.XX/GB
▫ 3.6 TB: $0.XX/GB
▫ HDDs: $0.025-$0.26/GB
▫ 15K SAS: $0.XX/GB
▫ 10K SAS: $0.XX/GB
▫ 7.2K NL-SAS: $0.XX/GB
• A key obstacle to the performance of a data center is HDDs. The speed at which data
is transmitted at the opto-electronic method is 100 times slower than in flash memory.
• Non-Volatile Memory Express (NVMe) is a standard protocol for flash memory access.
It is efficient to alleviate the bottleneck that occurs when a flash memory chip
connects to a host through SAS or SATA, enabling faster communication between the
SSD and a host.
• Huawei OceanStor Dorado V3 supports both NVMe and SAS SSDs in a storage system,
which ensures the service quality of high-priority applications and maximizes the ROI
of customers. With SAN and NAS supported in a storage system and complete
enterprise-class features, Huawei OceanStor Dorado V3 provides high-quality services
for database and file sharing applications. In addition, the data reduction rate reaches
5:1, enabling both good performance and high efficiency.
• To maximize hardware performance and resource usage, enterprises' compute, storage,
network, and database resource pools are gradually shifting to distributed architecture.
• Windows: the most popular personal desktop operating system.
• UNIX: The earliest multi-user and multi-task operating system. It is a time-sharing

operating system. UNIX is mostly used on servers, workstations, and personal
computers. It plays an important role in creating Internet applications, computer
networks, and client/server models.
• Linux: Linux is a free and open UNIX-like operating system. There are many different
versions of Linux, and they all use the Linux kernel. Linux can run on various computer
hardware devices, such as mobile phones, tablets, routers, video game consoles,
desktop computers, mainframes, and supercomputers. Strictly speaking, the word
“Linux” refers only to the Linux kernel. In practice, people have been accustomed to
understanding “Linux” as an operating system that is built based on the Linux kernel
and uses tools and databases of GNU projects.
• Kernel versions: Linux is not an operating system strictly. It is only a kernel in an

operating system. What is a kernel? A kernel establishes a platform for communication
between computer software and hardware. A kernel provides system services, such as
file management, virtual memory, and device I/O.
• Release versions: They are secondary development of the kernel version. There are a
number of Linux release versions, among which Ubuntu and CentOS are mostly widely
used. CentOS is recommended for beginners.
• HarmonyOS: An operating system designed for a variety of devices covering mobile
phones, computers, tablets, TVs, automobiles, and smart wearables. It is compatible
with all Android and web applications. HarmonyOS is a future-oriented microkernel. If
Android applications are recompiled on HarmonyOS, their performance will increase by
more than 60%. The development trend of operating systems will be the convergence
among personal computers, mobile phones, and intelligent hardware devices. Full-
scene applications will bring powerful synergy effect and call for an ideal operating
system. As IoT and 5G develop further, there will be more and more intelligent
terminal devices emerging. An operating system that is collaborative, secure, and
reliable will be the final choice.
• Fuchsia is better suited to different sizes of screens than Android. For the next three
years, Google plans to let Fuchsia first run on smart speakers and smart home devices,
then move to larger devices such as laptops, and eventually replace Android to be the
world's largest mobile operating system.
• AliOS: from mobile phones to IoT
• Alibaba's AliOS, originally called Yun OS, was launched in 2011. It is developed based
on Linux and uses Alibaba Cloud VMs. In the early time AliOS was applied on smart
phones and was integrated with multiple Alibaba internally-developed applications,
including maps, input methods, browsers, and instant messaging tools. Mobile phones
with AliOS inside are privileged to use 100 GB cloud space and various cloud services
(such as maps and emails) provided by Alibaba Cloud. In addition, they can access
massive web services on the Internet through Alibaba Cloud’s cloud computing data
center, in a smooth way similar to using local applications. AliOS has brought smart
phones to the cloud era.
• Yun OS pioneered in supporting cloud applications. Cloud applications provide a

consistent user experience with local applications, while they are easier to use for they
do not need to be downloaded.
• In 2014, Yun OS debuted at the 2014 China Mobile Partner Conference. It caught
visitors’ eyes by the Powered by Yun OS ecosystem, which covered mobile phones, box
TVs, smart home devices, monitoring devices, access control devices, light control
devices, and curtains. In July 2014, Yun OS was included in the government’s
procurement list. Yun OS was the only one listed in the central government’s mobile
operating system procurement. In 2015, Alibaba showcased smart phones, smart
tablets, smart TVs, Tmall TV box, smart car machines, and smart home devices.
• However, Yun OS underperformed in the mobile phone market. In 2012, the planned
launch conference of Acer and Alibaba jointly developed A800 mobile phone was
canceled. The reason was that Google said that Acer, as a member of the Open
Handset Alliance, should not sell mobile phones running an incomplete Android
system. Therefore, Google did not allow Acer to develop and sell Yun OS mobile
phones. Google claimed that Yun OS was a branch of Android as it directly used the
Android runtime library, software framework, and development tools. However, Yun
OS was not completely compatible with Android and refused open source. Alibaba
expostulated that Google did not provide any evidence of cribbing, and that Yun OS
was not a branch of Android because Yun OS used Alibaba Cloud VMs. This VM
technology came from a company acquired by Alibaba.
• Alibaba did not succeed in the mobile phone operating system market. Currently, AliOS
is used in a few mid-range and low-end mobile phones. It can hardly compete with
Android and iOS.
• In 2014, Yun OS entered the embedded device market, and in 2017, changed its name
to AliOS. The new focus of AliOS has shifted to smart vehicles and IoT.
• Alibaba has established a complete set of systems for smart connected vehicles,
including PaaS and IaaS services and interconnection applications. Alibaba's
competitive advantage lies in the architecture and ecosystem of the scenario map
desktop + seamless and coherent service experience. It improves user experience
through voice interaction and online perception of vehicle maps.
• In 2017, the IoT embedded operating system AliOS Things officially started its open
source. AliOS Things allows devices to connect to the Alibaba Cloud. The ultra-low
power consumption and ultra-low memory requirements make AliOS Things applicable
to various small IoT devices, as well as to smart home, smart city, and new travel.
• Currently, there are three types of TaiShan 200 servers, which can cover mainstream
specifications and application scenarios.
▫ 2280 balanced server: The 2U 2-socket rack server configured with two Kunpeng
920 CPUs, supporting up to16 NVMe SSDs and 32 DDR4 DIMMs. It is applicable
to big data analytics scenarios.
▫ 5280 storage server: The 4U 2-socket rack server is configured with two Kunpeng
920 CPUs. Each server supports up to 40 drives. A single cabinet provides up to
5.6 PB mass storage capacity. The server is ideal for distributed storage scenarios.
▫ X6000 high-density server: It is a 2U high-density server with four nodes. Each

node is configured with two Kunpeng 920 CPUs. A single chassis supports four 2-
socket servers. A single cabinet provides up to 10,240 cores for high-density
computing. In addition, the server also supports liquid cooling to reduce power
consumption for heat dissipation. It is ideal for ultra-large data centers and high-
performance computing.
• Capital expenditure (CAPEX) is calculated using the following formula: CAPEX =
Strategic investment + Rolling investment. Capital investment expenditure refers to
those expenses that need to be amortized in multiple fiscal years for infrastructure
construction and expanded reproduction.
• Software vendors are shifting from the traditional license sales mode to the software
service mode, and hardware vendors are shifting from the traditional hardware sales
mode to the resource service sales mode.
• Infrastructure cloudification: Migrate enterprises' IT infrastructure, including compute,
storage, network, security defense, and office desktop resources, to the cloud.
• Business application cloudification: Deploy office, management, and service

applications on the cloud to improve enterprises’ digital and network capabilities.
• Platform system cloudification: Accelerate enterprises’ data-driven processes and utilize

each cloud platform system, including cloud database systems, IoT platforms,
blockchain platforms, and big data platforms, so as to improve enterprises’ digital,
network, and intelligentization capabilities.
• Data collaboration and innovation: Migrate data to the cloud and share the data
within and between each enterprise. Use big data mining and AI technologies to
optimize enterprises’ operations and management, promote collaborative innovation
between enterprises, and incubate new business models.
• Cloudification is an inevitable trend. It drives enterprises to adapt to the digital
economy, accelerate their digital, network-based, and intelligentization transformation,
and improve their innovation capabilities.
• Along the evolution path of application architecture, application functions become
more and more specific.
• Feature: Monolithic architecture is free of complicated code invoking and unclear code
responsibilities in applications. However, service logics are still running in the same
process.
• Advantages: easy to develop, understand, and test and deploy.
• Disadvantages: Increasing code functions bring complicated code logics, and cause
longer delivery periods, difficult maintenance, and poor scalability.
• Feature: The enterprise service bus (ESB) decouples applications, and modularizes
applications into each independent unit.
• Advantages: Complicated enterprise services are classified based on reusable

granularities. IT resources are integrated into standardized, easily operable services,
which are available to invoke. Microservices are a subset derived from SOA.
• As illustrated in the figure, different shops of the chain store request goods from
different suppliers, and the courier company places orders. The ESB completes the
interaction using XML files.
• The ESB performs the following functions:
▫ Monitors and routes messages between services: replenishes the inventory;

repairs and replaces devices (POS terminals and printers).
▫ Clears communication faults between service components: handles exception

based on event queues (synchronous or asynchronous).
▫ Controls service versions and deployments: More flexible control of service

versions improves service availability.
▫ Completes tasks to ensure service communication quality: event processing, data

conversion and mapping, message and event query and sorting, risk or exception
handling, and protocol conversion.
• The microservice architecture is developed from service-oriented architecture (SOA). It
divides a single application into multiple small service units by functionality. Services
communicate with each other using the general lightweight mechanism and can be
deployed in the production environment independently.
• The Internet industry is developing rapidly. There are a massive number of users,
whose requirements are changing all the time. The system architecture must be
flexible, easy to expand, and must maintain a high scalability and availability. The
microservice architecture is ideal for the Internet industry.
• Microservices are not silver bullets, while monolithic and SOA architectures are still in
use. Choose the most appropriate one from the three based on your own application
scenarios.
• Advantages:
▫ Various technology stacks are available to build services. Internet and open-
source technologies generate many efficient tools.
▫ The most appropriate tool can be chosen from multiple candidates to meet a
specific application scenario.
▫ Flexible architecture expansion, faults isolated between each node.
• Disadvantages:
▫ Difficult maintenance of a high number of servers in an architecture with more

fine-granular modules.
▫ O&M expertise required because services are developed using diverse technology
stacks.
▫ Even demanding requirements on network stability due to more frequent

communications between service modules.
▫ Example: Netflix
• User device layer: browsers, smart TVs, handy tablets, game consoles, and media
players.
• Access layer: User traffic is processed using the AWS ELB service. The IaaS layer of
Netflix is totally deployed on the AWS platform.
• Gateway layer: External requests are reversely routed to internal microservices. Netflix
uses their internally-developed Zuul gateway. This gateway performs only cross-plane
functions (reverse routing, security defense, rate limiting, circuit breaker, and logging),
but does not implement service logics. Gateways are deployed in stateless mode and
depend on front-end ELBs for load balancing.
• Aggregation service layer: aggregates, tailors, and processes background microservices

and exposes them to front-end devices. In the Netflix system, this layer is also called
the edge service layer or device adaptation layer. Considering the diversity of devices
and the variability of front-end services, the Netflix front-end team uses Groovy scripts
as the primary development language for the aggregation layer. These scripts are
compatible with Java and therefore can be easily adapted.
• Background basic service layer: This layer is also called the middle tier service.
• Data access layer: enables access to Cassandra NoSQL data storage (main data
persistence method adopted by Netflix), background services (Memcached, ZooKeeper,
S3, and SQS), and big data, and provides needed access tools.
• Cloud Native is an initiative that leverages the unique advantage of cloud computing
in deliveries to build and run applications.
• DevOps, continuous delivery, containers, and microservices are born suitable for cloud
scenarios. They are called cloud-native applications.
• The 12 factors of cloud-native applications:
▫ Codebase
▪ One codebase, multiple deployments
▫ Dependencies
▪ Explicit declaration of dependencies
▫ Configurations
▪ Configuration stored in the environment
▫ Backend services
▪ Back-end services used as additional resources
▫ Building, publishing, and running
▪ Strict separation of building and running
▫ Processes
▪ One or more stateless processes to run applications

• A private cloud provides services inside an enterprise, a public cloud provides services
for the public, and a hybrid cloud is a combination of a private cloud and a public
cloud.
• Dedicated Host (DeH) provides dedicated physical hosts. You can create ECSs on a
DeH to enhance isolation, security, and performance of your ECSs. After you migrate
services to a DeH, you can continue to use your server software licenses used before
the migration. That is, you can use the Bring Your Own License (BYOL) feature on the
DeH to reduce costs and independently manage your ECSs.
• Cloud Container Engine (CCE) provides highly scalable, high-performance enterprise-

class Kubernetes clusters and supports Docker containers. With CCE, it is easy to deploy,
manage, and expand containerized applications on HUAWEI CLOUD.
• Cloud Container Instance (CCI) provides serverless container engines, which eliminate
the need to create or manage server clusters when running containers.
• With a serverless architecture, enterprises do not need to create or manage servers.

They can apply for the resources needed to run their applications and let servers to be
managed by dedicated maintenance personnel. Thus enterprises can spend more time
in application development and reduce IT costs. Traditionally, to run a container using
Kubernetes, enterprises need to create a Kubernetes server cluster and then create a
workload.
• Serverless containers of CCI do not require creating and managing Kubernetes clusters.
Instead, you can create and use container workloads using the console, kubectl, and
Kubernetes APIs. You only need to pay for the resources used for containers.
• Cloud Phone is a simulated mobile phone that runs apps on the cloud. The Cloud
Phone service provides cloud phones of various specifications for different scenarios.
Those cloud phones are able to run stably around the clock. Compatible with Android
native apps, they are powerful enough to run various large mobile games smoothly
and support mobile office. Cloud Phone offers a simulated app operating environment
with high performance, security, reliability, and compatibility.
• A VM is a complete operating environment composed of hardware infrastructure,
intermediate software layer, guest OS image, and application layer. The intermediate
software layer, hypervisor, is a hardware virtualization platform. It runs in the kernel
mode of the host OS to monitor and manage the VM. The Guest OS is the operating
system running on the VM.
• Applications in a container run directly on the host machine. The container does not
have virtual hardware or its own kernel. It is a lightweight virtualization technology.
• Physical server: One household lives in one building with an independent foundation
and an independent garden.
• VM: One building contains multiple suites, and each suite holds one household. The
households share the foundation and garden, and have their own independent
bathrooms, kitchens, and broadbands.
• Container: A suite is divided into multiple cubicles (capsule-style apartments). Each

cubicle holds a tenant. All the tenants share the foundation, garden, bathroom, kitchen,
and broadband.
• Dedicated Distributed Storage Service (DSS) provides you with dedicated storage pools.
With data redundancy and cache acceleration, DSS can deliver highly reliable, durable,
low-latency, and stable storage resources. By flexibly interconnecting with various
computing services, such as Elastic Cloud Server (ECS), Bare Metal Server (BMS), and
Dedicated Computing Cluster (DCC), DSS is ideal for high-performance computing
(HPC), online analytical processing (OLAP), and hybrid loads.
• Dedicated Enterprise Storage Service (DESS) provides dedicated HUAWEI CLOUD-

based storage services to enterprises. Optimized for enterprises' mission-critical
applications such as Oracle RAC and SAP HANA TDI, DESS provides the same superb
performance and reliability as private clouds and simplifies service deployment on
public clouds for enterprise users.
• Block storage: Data is stored in volumes or drives, such as drive C in Windows. Data is
accessed by byte. For block storage, the data content and format are unknown. As
shown in the preceding figure, data is stored like corn kernels. Block storage focuses
only on the entry and exit of corn kernels, and does not care about their relationship
and usage.
• File storage: Data is stored in directories and files such as C:\Users\Downloads\text.doc.

Data is stored and accessed in files and is organized based on the directory structure.
File storage enables advanced data management, for example, access control at the
file level. As shown in the preceding figure, the way to find the data is like the way to
find a corn kernel on a corncob. To find a corn kernel, first find the cornstalk, then the
corncob, and lastly the corn kernel according to the location.
• Object storage: Each piece of data has a unique ID. Data and metadata are packaged
as an object and are stored in an ultra-large pool. You can access the object
immediately by reporting its ID but the object is accessed as a whole. As shown in the
preceding figure, corn kernels are stored in a can, and each can of corn has a unique
factory number.
• HUAWEI CLOUD provides various network cloud services to help enterprises build on-
cloud networks, on-cloud interconnection, and hybrid cloud networks.
• Identity and Access Management (IAM) provides identity authentication and
permissions management. With IAM, you can create users for employees, applications,
or systems in your organization, and control the users' access to specified resources in
your account.
• Cloud Eye is a multi-dimensional resource monitoring platform. You can use Cloud Eye
to monitor the utilization of service resources, track the running status of cloud
services, configure alarm rules and notifications, and quickly respond to resource
changes.
• Cloud Trace Service (CTS) records operations on cloud resources in your account. You
can use the records to perform security analysis, track resource changes, audit
compliance, and locate faults. You can view the last 7 days of records via the console
and transfer them to Object Storage Service (OBS) for long-term storage.
• Log Tank Service (LTS) collects and stores logs, allowing you to query them in real
time. It simplifies decision making, helps you perform routine O&M, and improves log
processing efficiency.
• In addition to compute, storage, network, and management cloud services, HUAWEI
CLOUD also provides other common cloud services.
• How can the high concurrency be maintained for the database even when the number
of connected users increases?
• How can a relatively high resource utilization rate be ensured for the web servers?
• How can the O&M workload be reduced?

• For example, build a forum website on HUAWEI CLOUD:
▫ Deploy data nodes and service nodes on their different servers.
▫ Adapt the number of servers as workloads change.
▫ Make service traffic to be automatically distributed to multiple servers.
▫ Complete the ICP licensing for the website.

• Answer
▫ A
• This section analyzes the major problems and challenges in the off-cloud IT O&M,
disaster recovery (DR), and security scenarios.
• Off-cloud IT O&M includes the following aspects:
▫ Equipment rooms, such as diesel generators, UPS, air conditioners, cabinets, and
cabling
▫ IT network devices, such as servers, storage devices, switches, firewalls, and

routers
▫ Platform software, such as private clouds, virtualized platforms, and O&M and
management platforms
▫ Service systems
• IT O&M off the cloud involves many layers. Each layer requires professional personnel
and specific monitoring tools and software.
• In summary, the following problems exist:
▫ Initial investment is high.
▫ Labor cost is high, for it is difficult to employ professional O&M personnel.
▫ The maintenance and upgrade are complex, which may cause service faults due
to misoperations.
▫ The O&M team and R&D team may not make clear definition on their
responsibilities, affecting services.
▫ Professional O&M tools and process construction require a large amount of

manpower and material resources.
• Traditional active-active/active-passive DC solutions are implemented in the following
aspects:
▫ Network layer: uses external F5 load balancer and global DNS intelligent
resolution to implement network DR, for example, network communication
between data centers.
▫ Virtualization layer: implements cross-DC clusters or replication through

virtualization or host layer.
▫ Database layer: uses database replication tools, such as Oracle DataGuard, to

implement cross-DC replication.
▫ Storage device layer: replicates data in batches across regions at the storage
layer.
• Challenges come from high costs on multiple sets of commercial devices and software,
especially the costs on bare optical fibers between data centers, and from the long
construction period.
• The disaster recovery data center solution (geo-redundant mode) involves many
factors, such as how to select remote equipment rooms and how to establish private
lines or VPNs. A complete DR solution requires the support of related tools and regular
DR practice.
• Challenges:
▫ The initial investment cost of the DR center is as high as the construction cost of
the production center, and return on investment (ROI) cannot be seen in a short
period.
▫ To ensure the effectiveness of DR data, the cost of constructing networks

between data centers is high.
▫ The DR capacity cannot be accurately predicted. As a result, the DR capacity is

insufficient or too much investment is made in advance.
▫ DR construction is a professional process, bringing costs increase in processes,

tools, and human power.
• Off-cloud security must be considered from the following aspects:
▫ Physical locations, including boundary security, service partition isolation, unified

configuration and management, and security control center
▫ Information security compliance, including security assessment, such as graded

protection.
▫ Security certifications required by the industry, such as PCI-DSS and ISO27001.
• High investment in security construction and human resources, requiring professional

teams, devices, and security control systems.
• Regular evaluation requires the support of devices, software, and security regulations
in terms of network security, host security, and audit logs.
• Security investment is costly.

• Both traditional data centers and private clouds face internal and external threats.
• Internal threats include unauthorized operations, data leakage, and internal ARP
attacks.
• External threats include DDoS attacks, SQL injection, web page tampering attacks, and
Hypervisor vulnerability attacks.
• Challenges facing off-cloud scenarios:
▫ Complex O&M: high O&M costs, complex O&M process, slow service rollout,
difficult O&M engineer recruit, and difficult O&M fault locating
▫ Difficult disaster recovery: The construction period of the DR data center is long,
requiring high investment in professional devices, software, and networks.
▫ Security risks: A large number of software and hardware devices are required to
resolve internal and external threats, leading to high costs. Furthermore,
professional and certificated engineers are needed to maintain the security
system.
• The HUAWEI CLOUD architecture consists of the following six modules:
• HUAWEI CLOUD portal
▫ Tenants can log in to the official website through the portal and manage orders,
accounts, and services in the user center. They can also create, use, and delete
cloud service resources on the console. Third-party applications can also use
cloud service APIs to schedule and reprogram resources.
• Cloud services
▫ Services include basic cloud services and management cloud services. These
services correspond to the products on the console.
• Cloud platform
▫ The cloud platform carries many system resources, including compute, storage,
and network resources. The virtualization layer converts resources into virtual
pools, enabling easy and dynamic resource scheduling.
• BSS (business support system)
▫ It provides cloud services with customer relationship management, billing,

payment, order management, unified ICT service/product catalog, and common
service/product catalog orchestration. This system is suitable for enterprise
management or ISVs.
▫ BSS can be provided by the customer and integrated with components in the
Huawei public cloud solution.
• OSS (operations support system)
▫ This system monitors the cloud services, and manages alarms generated for
physical and virtual resources and running software. OSS is mainly used to
manage assets and to manage infrastructure incidents, faults, and changes.
▫ OSS can be integrated with the customer's work order and event management
systems to implement automatic, standard, and process-based O&M.
• Cloud security
▫ The public cloud is a security model with shared responsibilities. Cloud service
providers and tenants need to assume their own security responsibilities, which
are clearly defined in contracts. Huawei provides technical support for carriers.
• From the perspective of tenant delivery, the public cloud is divided into four layers in
the top-down model. Globally unique services are deployed on the global layer. Region
resource management services are deployed on the region layer. Pod resource
management services are deployed on the pod layer. On the cluster layer, the smallest
layer, there are many computing and storage clusters made up by computing and
storage nodes respectively.
▫ Region: allows customers to select the nearest cloud data center with low latency
to tackle the problem of long latency in long-distance data transmission.
▫ AZ: physically isolated resource zones. Each AZ has independent cooling, fire
extinguishing, moisture-proof, and electricity facilities. In AZs, faults are isolated
physically.
▫ Virtual private cloud (VPC): used to isolate a customer network from other
networks.
▫ DC: a concept related to physical location. A DC can bear one or more sites. A DC
can contain one or more layer-2 networks.
▫ Pod: a resource pool made up by virtualized software. For the administrator, it is
a cloud platform software instance.
▫ Cluster: a pool of resources that have the same characteristics such as the same
CPU overcommitment rate.
▫ Server: physical servers.
▫ VM: virtual machines.

• Resource model:
▫ DC has no "room" concept. If two physical rooms are directly connected through
a high-speed intranet, they are considered as one DC. Otherwise, multiple DCs
exist.
• KVM is short for Kernel-based virtual machine. It was originally an open-source project
developed by Qumranet. In 2008, Qumranet was acquired by Red Hat. However, KVM
is still an open-source project supported by Red Hat and IBM.
• Server virtualization or VMs have the following four characteristics:
• Resource zone
▫ The virtual machine monitor (VMM) allocates server resources to multiple VMs.
Each VM runs its own OS (same as or different from the OSs running on other
VMs on the same server) and behaves like an independent computer so that
multiple applications can coexist on one server. Each OS gains access only to its
own virtual hardware such as the virtual NICs, virtual CPUs, and virtual memories
provided by the VMM.
• Isolation: VMs that run on the same server are isolated from each other.
▫ Even if one VM crashes or fails due to an OS failure, application crash, or driver

failure, other VMs can still run properly.
▫ If one VM is infected with worms or viruses, the worms and viruses are isolated
from other VMs as if each VM runs on an independent physical machine.
▫ Resources can be managed to provide performance isolation. Specifically, you can

specify the maximum and minimum resource usage for each VM to ensure that
one VM does not use all resources, leaving spare resources for other VMs in the
same system.
▫ Multiple loads, applications, or OSs can run concurrently on one physical server,
preventing issues such as application conflicts or DLL conflicts that may occur on
x86 servers.
• Encapsulation
▫ All VM data, including the hardware configuration, BIOS configuration, memory

status, disk status, and CPU status is stored into a group of files that are
independent from physical hardware. This enables users to clone, save, and
migrate a VM by copying, saving, and migrating several files.
• Hardware independence
▫ VMs run on the virtualization layer and use only virtual hardware provided by the
virtualization layer without being aware of the physical server. In this way, VMs
can run on any x86 server (IBM, Dell, HP and more) without modification. This
breaks the constraints between OSs and hardware and between applications and
OSs/hardware.
• HUAWEI CLOUD storage resource pool contains distributed storage FusionStorage and
enterprise-level storage OceanStor.
▫ FusionStorage provides block storage, file storage, and object storage. By default,
tenants use the distributed storage resource pool provided by FusionStorage.
▫ If tenants have special requirements on storage, OceanStor can be used.

• All network services on HUAWEI CLOUD support dual-AZ deployment. This means that
VPCs are decoupled from AZs, and tenants can easily achieve cross-AZ high reliability.
• Computing resource pool, network resource pool, and storage resource pool are
managed by OpenStack in a unified manner. Compared with open-source OpenStack,
HUAWEI CLOUD OpenStack has the following features:
▫ Network resource pool: The OpenStack network resource pool solution is

implemented by a component called Neutron. However, the open-source
Neutron component has many problems. Huawei has made great efforts to
develop the Neutron-based network resource pool solution to overcome the
defects.
▫ Huawei uses cascading and cascaded OpenStack as OpenStack management

nodes, which breaks the limitation that the OpenStack management scale does
not apply to the public cloud in the open-source solution. Currently, Huawei has
contributed this solution to the open-source community.
• In summary, the HUAWEI CLOUD solution has the following advantages:
▫ Technology and continuous R&D, global resource deployment and nearby service,
security, customer-suited deployment, on-premises resources, local services,
cloud-and-network synergy, openness & no customer lock-in, and rich ecosystem.
• Cloud architecture design principles include the design of migrating enterprise
applications in the cloud, security design principles, availability design principles,
performance design principles, scalability design principles, and cost design principles.
• Enterprise IT architecture design not only focuses on a certain system capability, but
also requires an evolutionary, sustainable, and innovative platform for enterprises.
Continuous service changes will become a new normal. Both traditional IT
requirements (stability, compliance, and reliability) and innovative IT requirements
(agility, trial-and-error, and fast iteration) need to be met.
▫ In the traditional computing environment, the capacity is provided based on the

estimation of the theoretical maximum peak value. This may result in periodic
and expensive resource idleness or capacity insufficiency. After applications are
migrated to the cloud, enterprises can access as much capacity as possible and
dynamically expand the capacity to meet actual requirements. In addition,
enterprises only need to pay for the resources they use.
▫ For traditional applications migrated to the cloud, service capabilities and

efficiency need to be improved, speeding service innovation.
▫ For enterprise applications migrated to the cloud, enterprise-level platforms, IT

infrastructure and cloud services, data management and scheduling, and data
and application security are required.
▫ System performance, cost, security, and availability must be considered in the

design.
• Building a cloud-based software system is very similar to building a building. If the
foundation is not solid enough, structural problems that may damage the integrity and
functionality of the building may occur. When designing a solution for migrating
enterprise applications to the cloud, if you ignore security, reliability, scalability,
performance, and cost optimization, it may be difficult to build a system that meets
your expectations and requirements. Including these factors in the design helps to
build a stable and efficient system.
• Security: Evaluates system security to protect information, systems, and assets while
providing service values, such as network security, data security, host security, and
application security.
• Availability: The system dynamically obtains resources from infrastructure or service

faults to meet requirements and reduce service interruption. The single-AZ availability,
cross-AZ DR, cross-AZ active-active, and remote DR deployment should be considered
in the design.
• Performance: Effectively uses resources to meet system performance requirements,

such as computing resource performance, network resource performance, storage
resource performance, and data resource performance.
• Cost: Avoids or eliminates unnecessary costs or poor resources.
• Scalability: The system can be expanded based on the number of users or service
volume, for example, horizontal scalability and vertical scalability.
• The utilization of public clouds is increasing rapidly. Therefore, more sensitive content
will inevitably be put into potential risks. To help enterprises understand cloud security
issues and make wise decisions on cloud policies, the Cloud Security Alliance (CSA)
released 12 top cloud security threats.
• Key Security Requirements for Enterprise Cloudification
• On one hand, the existing security capabilities of the public cloud are used. The public
cloud platform has an end-to-end security technology system, including host security,
data security, firewall, advanced anti-DDoS (AAD), and situational awareness, as well
as complete security management processes and specifications. Also, a large security
expert team is available to ensure the security of the cloud platform at any time.
Therefore, the public cloud can better protect information security than the internal IT
teams of most enterprises.
• On the other hand, enterprises need to ensure service continuity, manage and control
the entire O&M process, and ensure data confidentiality without expanding key
security requirements.
• The security system design principles should focus on data protection and adopt the
policy of access control, permission control, and security control. In protection
solutions, network security, host security, application security, and data security should
be considered. Specifically,
▫ Network security: For example, the advanced anti-DDoS (AAD) service is used to
defend against heavy-traffic DDoS attacks for users such as gaming, finance, and
e-commerce users. It provides protection against mass attacks, and supports
accurate attack defense, and fast and reliable access.
▫ Host security: Host security service (HSS) associates plug-ins installed on hosts
with the cloud protection center to defend against attacks from the network
layer, system layer, and application layer, ensuring security for customers. HSS
provides comprehensive protection at the network, system, and application
layers, and has the advantage of precise defense.
▫ Application security: Cloud web application firewall (WAF) is used to prevent

service interruption caused by data leakage. A leakage occurs due to service
recovery failures from emergent vulnerabilities.
▫ Data security: Database security service (DBSS) is used to implement sensitive

data discovery, database security, dynamic data masking, and database audit. It
features simple deployment, rich functions, and real-time protection.
▫ The key management service can prevent key data leakage and manage keys
throughout the lifecycle, reducing costs.
• This slide is a schematic diagram. It provides eight basic protection solutions that need
to be considered for the security architecture design. Numbers 1 to 8 in the figure
represent basic protection solutions. For details about each basic protection solution,
see the description in the following slides.
• Eight Basic Protection Solutions for HUAWEI CLOUD Security Architecture Design
▫ Cloud System Security Principles:
▪ Minimize the use of public IP addresses: 1) Use ELB as the service ingress.
2) Use NAT gateway for proactive Internet access. 3) Bind the elastic IP
address (EIP) only to cloud bastion hosts (CBHs).
▪ Use the three core protections (anti-DDoS, WAF, and HSS): 1) Use the
cloud-based anti-DDoS and WAF solutions to protect core services. 2)
Deploy HSS for VMs.
▪ One O&M center (CBH): 1) Operations by internal personnel can be

audited. 2) Minimize the use of public IP addresses to prevent the risk of
host account cracking.
▫ AAD & anti-DDoS:
▪ With the industrialization of DDoS attacks, the attack cost and threshold
are lowered. Due to competition, DDoS attacks have become the most
common attacks. Huawei's new AAD can defend against common reflection
attacks and SYN large packet attacks (about 80% of the attacks) for free,
and can be deployed at the Internet egresses and ingresses.
▫ WAF
▪ WAF is deployed at the Internet egresses and ingresses to protect user

websites against malicious attacks. It provides protection against OWASP
attacks such as SQL injection and XSS, CC attacks, and malicious network
tampering.
▫ VPC + security group (SG) + Subnet ACL
▪ VPC provides logical network isolation between tenants. A security group

specifies the access rules between ECS servers. ACL firewalls are configured
between subnets and access control policies are made between subnets to
ensure basic isolation between different service areas and basic access
control at the host layer. You can customize areas and policies based on
customer service requirements.
• HSS
▫ A host is the main target of an attacker. If attackers break through the host, they
can do whatever they want. Attackers usually make use of system vulnerabilities,
brute force cracking, and insecure configurations to attack hosts and install
malicious programs to perform malicious operations, such as mining and Trojan
horses. HSS provides asset management, vulnerability management, intrusion
detection, baseline inspection, and web tamper protection (WTP) functions.
• DBSS
▫ Databases are vulnerable to unauthorized internal access, database dragging,

and intentional or unintentional high-risk operations. In some cases, dynamic
masking is required according to compliance requirements. In addition, event
audit and backtracking of database operations are also necessary. DBSS provides
database firewall, dynamic masking, and database audit functions.
• Direct Connect/VPN
▫ Direct Connect or VPN ensures channel security. The specific service is determined
based on the actual service scenario.
• CBH
▫ O&M personnel have excessive permissions, which may cause risky operations.
Multiple users use the same account to perform operations on the host, which
makes it difficult to audit, backtrack, and locate security events. CBH has four
main service values: asset management, data protection, O&M audit, and security
compliance. CBH centrally manages and controls all O&M operations, and
performs security audit, source tracing, and events evidence collection.
• HA concept
▫ High availability (HA) improves the system and application availability by

minimizing downtime caused by routine (planned) O&M and unexpected system
breakdowns (unplanned).
▫ An HA system is the effective way to prevent the core computer system from
shutdown due to failures.
▫ HA technologies can automatically detect the errors and failures of server nodes
and service processes, and then automatically reconfigure the system to allow
other nodes in the cluster to take over services in case of system errors and
failures, without interrupting services.
▫ HA modes include active-passive and active-active.
• Disaster
▫ A disaster is an unexpected event (caused by human errors or natural factors)

that results in severe faults or breakdown of the system in one or more data
centers. In this case, services may be interrupted or become unacceptable. If the
system unavailability reaches a certain level at a specific time, the system must
be switched to the standby site.
• Disaster recovery
▫ Disaster recovery (DR) refers to the capability of recovering data, applications,

and services in data centers at different locations (local or remote) when the
production center is damaged by a disaster.
• DR
▫ In the DR mode, a redundant site is established in addition to the production site.

If the production site is damaged due to a disaster, the redundant site can take
over services from the production site to ensure service continuity. To achieve
higher availability, customers even establish multiple redundant sites.
• Cloud system HA design principles
▫ Enterprise cloudification availability is determined by the availability of the

service application layer, system architecture design, and lower-layer cloud
services.
▫ HA service application layer refers to reliability and robustness of the service

application layer (with capabilities like service retry and isolation, and graceful
failure).
▫ HA system architecture design refers to single node removal, HA cluster, DR

(cross-AZ and cross-region DR deployment), data backup, cloud security, and
standard O&M
▫ CSHA refers to reliable infrastructure and automatic recovery of services after

environment repair.
• Key points of cloud system HA design
▫ System reliability, data reliability, O&M reliability, and practice reliability

• Common cloud system HA design solutions
▫ Local HA solution: applies to the local production center in single-AZ scenarios.
▫ Intra-city HA/DR solution: used for the HA design in the intra-city DR center and
dual-AZ scenarios, including the active-active DC solution and active-passive DR
solution.
▫ Remote HA/DR solution: applies to remote DR centers and cross-region scenarios,

including the geo-redundant DR solution and active-passive DR solution.
• In single-AZ HA design, system availability, O&M availability, and data availability
should be considered.
• System availability
▫ HA services
▪ Decoupled deployment: Different components are deployed on different

ECSs.
▪ HA deployment: If HA (active/passive or cluster) deployment is not

supported, an emergency solution must be available, for example, CSBS
and emergency environment.
▪ Layered deployment: Services are deployed separately on the web layer,

service layer, and database layer.
▪ Auto scaling: The Auto Scaling (AS) service can be leveraged to adjust
computing resources to deal with service pressure changes.
▫ CSHA (network access layer)
▪ VPNs or Direct Connect connections are deployed in active-active or

active/passive mode.
▪ ELB: Multiple ECS instances run at the ELB backend to ensure system
availability and scalability. Health check is enabled. ELB is a potential fault
point in the system and needs to be monitored in Cloud Eye.
▪ NAT gateway: If a large number of ECSs need to access the Internet, you
are advised to use the SNAT function to prevent too many ECSs from being
exposed to the Internet.
▪ CSHA (ECS)
− Anti-affinity + HA: ECS groups are used to implement anti-affinity for

ECS clusters. Automatic recovery of the ECS is enabled, that is, when a
physical server is damaged, ECS instances restart in cold migration
mode.
− Data backup: (1) Data disk backup. You can perform consistent data
backup (Cloud Server Backup Service, CSBS) for multiple Elastic
Volume Service (EVS) disks of an ECS, or create snapshots or backups
(Volume Back Service, VBS) for a single EVS disk. 2) System disk
backup: Use IMS to create a private image for the ECS or use VBS to
back up the system disk.
− At least production services must be deployed in active/passive or

cluster mode.
• O&M availability
▫ Comprehensive application system monitoring is provided to help customers

detect and diagnose exceptions as soon as possible and reduce the service
interruption duration. Monitoring must cover the application running
environment (compute, storage, network, and middleware services) and the
service and interface statuses at each layer (databases, and frontend and
backend services) of applications. Based on the monitoring data, further
diagnosis and analysis can be performed, or automatic recovery measures can be
customized.
▫ Complete O&M management specifications and regulations should be

established, such as hierarchical account management and high-risk operations
control. CBH centrally manages and controls all O&M operations, and performs
security audit, source tracing, and events evidence collection.
• Data availability
▫ Data reliability backup and recovery solutions are available.
▫ Periodically verify the data backup and recovery reliability and emergency
practice scheme.
• Single-AZ HA has the following features:
▫ Service nodes are deployed in clusters. A single ECS node fault does not affect
services. You can configure anti-affinity groups to achieve host-or cabinet-level
reliability.
▫ Databases are deployed in clusters. A single instance fault does not affect
services.
▫ OBS has multiple copies at the bottom layer. A single node fault does not affect
services.
▫ Simple networking, low cost, and low DR level.
• Best practices for mission-critical ECSs:
▫ If customer servers carry the following types of services, you are advised to
enable the value-added services of ECS (CSBS, Cloud Eye, and HSS):
▪ Cloud servers that carry key services: These servers directly affect enterprise
operations and production and have low tolerance for service interruption.
▪ Cloud servers that carry core databases: Continuous service running

depends on continuous data reading.
▪ Cloud servers that store key enterprise data: Hard disk data contains key
operations data of enterprises and has high security requirements.
▪ Cloud servers that store highly-confidential data: Security protection must

be provided for confidential data.
• Dual-AZ deployment refers to the HA deployment design of two AZs in a region.
• In dual-AZ deployment, in addition to the single-AZ HA design, you also need to

consider the following:
▫ HA service modules are deployed in two AZs.
▫ Load balancing and mutual backup between two AZs in cross-AZ active-active
system.
• Service module
▫ For services that can be deployed in a cluster, resources are deployed in two AZs,
and load balancing is implemented between the two AZs through ELB.
• ECS HA
▫ The single-node ECS can implement VM-level DR protection (RPO = 0) using

SDRS.
• RDS and DCS HA
▫ Active and standby nodes are deployed in two AZs.

• Disaster recovery data center solution (geo-redundant mode):
▫ Cross-AZ active-active and cross-region remote DR in the production region.
▫ The client switches traffic across regions through DNS. The client is unaware of
the switchover between AZs.
• For details about the key points of HA design in the production environment, see the
key points of single-AZ + dual-AZ design.
• The core of disaster recovery is to provide disaster recovery solutions for the access
layer, application layer, and data layer.
▫ Access layer
▪ Use DNS switchover to switch service flows to the DR region if a disaster

occurs.
▫ Application layer
▪ Deploy compute service resources of certain specifications in the DR region

in advance, such as CCE and ECS.
▫ Data layer
▪ Deploy database service resources of the required specifications in the DR

region in advance, such as DDM, RDS, and Redis.
▫ Service data DR
▪ RDS data can be backed up across regions using DRS or using OBS remote
replication.
▪ Persistent data of databases such as DDS cannot be backed up using its

own services. The production data carried by OBS at the production site is
backed up using the OBS cross-region replication (CRR).
▪ If a disaster occurs, data backed up in OBS is used to restore services.

• The performance of cloud applications is affected by many factors, including data
during transmission and software and hardware events. These factors may affect the
performance, making performance evaluation complex.
• Application performance is mainly affected by the latency, throughput, IOPS, and

concurrency, and is related to compute resources, network materials, storage
resources, and database resources.
• Compute resources: Large-scale infrastructure is shared, which means that resource

competition exists. Therefore, allocation of limited resources balances load changes.
▫ Compute resources affect the latency performance of applications.
• Network resources: The public cloud infrastructure is located outside the enterprise
data center. Therefore, the public cloud must use the WAN, which causes bandwidth
and latency problems. Multiple peer-to-peer networks, encrypted offloading, and
compression are factors that must be considered during the design.
▫ Network resources affect the throughput performance of applications.
• Storage resources: read and write performance of storage products with different
performance characteristics; disk I/O of unmeasurable elastic block storage.
▫ Storage resources affect the performance of application data transmission.

• Database resources: If an application uses a database, the database resource capability
affects application concurrency.
• The cloud infrastructure may have unpredictable performance. Load changes may
affect available CPU, network, and disk I/O resources. As a result, the performance of
applications that work at the same time is unpredictable.
▫ Performance bottlenecks are complex and may be associated in unexpected ways.

After a problem is resolved, the bottleneck may be pushed to other parts of the
system. As a result, the overall system performance is not improved as expected.
▫ In this way, the performance problem is not solved. Therefore, the performance
problem needs to be considered globally.
• Solution selection
▫ Different solutions are selected based on different scenarios, and multiple

methods are combined. The best solution for a particular system varies with the
type of workloads. A well-architecture system uses multiple solutions and
supports different functions to improve performance. This makes it easier to find
a way to meet the needs.
▫ Methods are continuously iterative and optimized and the data-driven method is
also used to optimize the selection of resource types and configuration options.
• Performance measurement
▫ Set performance measurement and monitoring metrics to capture key

performance metrics.
▫ As part of the deployment process, the performance test is automatically

triggered after the fast running test is successful.
▫ Use the visualization technology to identify performance problems, hotspots,

waiting status, or low utilization.
▫ Benchmarking drives workload improvements.

• Performance monitoring
▫ Determine the monitoring scope, measurement, and threshold.
▫ Create a complete view from multiple dimensions.
▫ Identify and process alarms in real time.
▫ Take proper storage policies for data management and retention.
▫ Analyze dashboards, reports, and insights.
• Solution balancing
▫ Ensure that the best approach is adopted. Balance consistency, durability, and
space with time or latency, depending on your needs, to provide higher
performance.
▫ For example, use DCS and CDN.

• This page describes how HUAWEI CLOUD basic cloud services improve application
performance in compute, storage, and network. Corresponding cloud services can be
selected for applications as required.
• Compute
▫ Instances
▫ Virtual server instances have different series and sizes. They provide a variety of
functions, including solid-state drives (SSDs) and graphics processing units
(GPUs). When an ECS instance starts, the specified instance type determines the
hardware of the host used for the instance.
▫ Cloud services: ECS, GPU acceleration, and FPGA acceleration
▫ Containers
▫ By using auto scaling, you can define metric-based auto scaling for services so
that the number of containers that support services increases as service
requirements increase.
▫ Cloud services: CCE, AS, and ELB
▫ Function
▫ The required memory size is selected. Then, the CPU power and other resources
are allocated proportionally.
▫ Cloud services: FunctionGraph and API Gateway

• Storage
▫ Block
▫ Data is accessed by only one instance; therefore, block storage should be used.
SSD backup storage (the performance depends on IOPS) and HDD backup
storage for throughput-intensive workloads (such as MapReduce and log
processing)
▫ Cloud service: EVS
▫ Files
▫ Each file operation has a small latency overhead, so it should be concurrent

access in multiple instances.
▫ Cloud service: SFS
▫ Objects
▫ Latency is reduced and throughput is increased for low-latency data access

across geographic regions.
▫ Cloud services: OBS and CDN
• Network
▫ Enhanced network
▫ Higher I/O performance and lower CPU usage than those of traditional virtual
network interfaces are provided. Enhanced networks provide higher bandwidth,
higher packet per second (PPS), and continuously reduced inter-instance latency.
▫ Cloud service: VPC
▫ Network functions
▫ Network functions are provided to reduce network distance or jitter.
▫ Cloud services: DNS, CDN, ELB, and VPN

• Scalability is a design indicator representing the computing and processing capabilities
of the software system. High scalability indicates flexibility. During the system
expansion and growth, the software can ensure vigorous vitality. The processing
capabilities of the entire system can be linearly increased by little modification or even
only adding hardware devices, achieving high throughput, low latency, and high
performance.
• Horizontal scaling refers to the feature of connecting multiple software and hardware.
In this way, multiple servers can be logically considered as an entity. When the system
is expanded by adding new nodes with the same functions, the system can be
horizontally expanded to redistribute loads among all nodes. The system and servers
are scaled out by adding more servers to the load balancing network so that incoming
requests can be distributed among all of these networks.
• Vertical scaling: When an existing IT resource is replaced by a resource with a larger or

smaller capacity, vertical scaling is performed. That is, the CPU performance of the
current server is expanded or shrank in the original place. When the system adds
processors, main storage, and interfaces to nodes, the system can be expanded
vertically or scaled up to meet more requests of each system. Scale-up functions by
increasing the number of processors or main storage to host more virtual servers.
• Scalability of cloud computing expands resource consumption as the load increases,
and developers create scalable architectures. For example, microservices and container-
based architectures encourage independent scaling.
• Latency and throughput are a pair of metrics to measure scalability. We hope to obtain
a system architecture with low latency and high throughput. Low latency is the system
response time that users can perceive. For example, a web page can be opened within
several seconds, the shorter the open time, the lower the latency. The throughput
indicates the number of concurrent users who can enjoy the low latency. If there are a
large number of concurrent users, users feel that the web page is opened slowly, this
means that the throughput of the system architecture needs to be improved.
• Cost Optimization Design:
▫ Consider the use of cost-effective resources and appropriate services. Resources

and allocations are keys to cost saving.
▪ For example, for ECS resources, you need to consider the instance type,
purchase mode, and instance specifications.
▫ Instance type optimization
▫ HUAWEI CLOUD provides various types of instances for different application

scenarios. For example, general-purpose/memory-optimized instances are
suitable for websites, web applications, and medium- and light-load enterprise
applications, and high-performance computing/storage-intensive/GPU instances
are suitable for high-performance computing, video encoding, and 3D rendering,
you can select proper instances to reduce costs based on application scenarios.
▫ Instance specifications optimization:
▫ HUAWEI CLOUD provides dozens of instance specifications for different

workloads. You can select appropriate specifications to reduce costs based on
service workloads. If the number of visits to your e-commerce website is less than
500,000 PVs and the number of transactions per day is less than 3000, you are
advised to use the 4 vCPUs | 8 GB flavor instead of the 8 vCPUs | 16 GB flavor.
This adjustment can save 40% to 50% costs.
▫ Purchase method optimization:

▫ Multiple purchase modes are provided. Based on the application scenario and
duration, you are advised to purchase the application in the following mode: If
the application duration is shorter than 20 days, for example, short-term test and
e-commerce holiday promotion, you are advised to purchase the application in
pay-per-use mode. If the application duration is longer than 20 days but shorter
than 10 months, for example, in the game launch test and operations scenarios,
you are advised to purchase monthly packages.
▫ If the application duration is longer than 10 months, for example, in scenarios

such as enterprise official website operations and government and people's
livelihood information query, you are advised to purchase yearly packages.
▪ For EVS resources, consider the instance type, purchase mode, and instance
specifications.
▫ EVS type optimization: HUAWEI CLOUD provides three types of EVS disks. Ultra-
high I/O EVS disks are used for high-performance computing and data
warehouse scenarios, high I/O EVS disks are used for enterprise applications and
large- and medium-sized development and test scenarios, and general I/O EVS
disks are used for office applications. If you are operating on an e-commerce
website or enterprise website, you are advised to select the high I/O type instead
of the ultra-high I/O type. In this way, the cost of EVS disks with the same
capacity can be reduced by 65%.
▫ EVS capacity optimization: Based on EVS auto scaling, you need to purchase the
capacity based on the predicted capacity of the current month. When the usage
reaches 80% or higher, you can expand the capacity in real time to ensure that
the usage remains about 80%. Compared with the expenditure on the predicted
maximum capacity of the whole year (the usage is less than 50%), your
expenditure on EVS will be reduced by 20% to 30%. In addition, you need to
periodically check your account and delete independent and useless EVS disks
(created when the ECS is created and not deleted when the ECS is deleted) to
further reduce costs.
▫ Change the purchase mode: If your service has been running on HUAWEI CLOUD
for a period of time and you have subscribed to EVS disks for a long time, you
are advised to change the purchase mode from pay-per-use or monthly to yearly.
In this way, the cost of EVS disks with the same capacity will be reduced by at
least 17%. In addition, migrating rarely used non-key data or archived data to
OBS greatly reduces your costs.
▪ For OBS resources, you need to consider different object storage classes
and instance types.
▫ OBS type optimization: HUAWEI CLOUD provides three types of availability:

▫ OBS provides persistent storage. Standard storage is applicable to scenarios that
require frequent data access, such as big data and hot videos.
▫ Infrequent access storage is applicable to scenarios where files are not frequently
accessed, such as file synchronization and enterprise backup.
▫ Archive is applicable to archiving data and backing up data for a long time.
▫ You can select a proper object storage class based on your service requirements,
which greatly reduces your costs. You are advised to use OBS infrequent access to
back up enterprise data and OBS archive to migrate long-term backup data.
Compared with OBS standard, OBS infrequent access saves 45% of costs, and
OBS archive saves 78%. Change the purchase mode: For standard storage,
Huawei provides storage capacity packages with various capacity specifications
and different periods. For data that has been uploaded to standard storage and
will be used for a long time, you can purchase a yearly capacity package based
on the existing data capacity. Compared with the pay-per-use mode, the yearly
capacity package will save you 25% of the cost.
▪ For bandwidth costs, you need to consider the object storage class and
instance type.
▫ Select static BGP bandwidth and dynamic BGP bandwidth properly to reduce
bandwidth costs. The bandwidth cost may account for 30% of the public cloud
cost. Therefore, pay special attention to the bandwidth cost when configuring
cloud services. HUAWEI CLOUD provides static BGP bandwidth and dynamic BGP
bandwidth. In most cases, static BGP bandwidth is selected. If financial or game
customers have ultimate bandwidth requirements, dynamic BGP bandwidth can
be selected. The price of static BGP bandwidth is 20% lower than that of dynamic
BGP bandwidth.
▫ Estimate the bandwidth usage and select the bandwidth-based or traffic-based

billing mode to reduce the bandwidth usage cost.
▫ Properly use CDN to reduce public network bandwidth usage and TCO. If you are
providing static content, such as images, videos, and file downloads, for Internet
users through ECS or OBS, you can use CDN to reduce traffic costs.
▫ Eliminate costly and wasteful over-configurations.
▫ Enhance spending awareness, accurately allocate costs, understand the

profitability of business departments and products, and make more informed
decisions on how to allocate resources in the business.
▫ Continuous cost optimization: Optimize the cost based on the system utilization
rate over time.
• Answer: 1. ABCD
• HUAWEI CLOUD compute products are classified as 7 categories and 34 sub-
categories. Each category contains the traditional x86 architecture series and Huawei-
proprietary Kunpeng architecture series. This slide describes the seven categories.
▫ The first category is general computing ECSs, which are most widely used. They
provide general vCPU and memory resources and can be used for official
enterprise websites, office environments, lightweight databases, and cache
servers. This type of ECSs are classified as general computing and general
computing-plus ECSs. The core difference between the two types of ECSs is
whether vCPUs are exclusively used. The vCPUs of general computing ECSs are
shared. Therefore, they are cheap but the performance and stability may be not
so good. The vCPUs of general computing-plus ECSs are dedicated. Therefore,
their prices are relatively higher.
▫ The second category is memory-optimized. The ECSs of this type feature large
memory. The vCPU/memory ratio of memory-optimized ECSs is at least 1:8,
allowing such ECSs to be used for applications requiring large memory, such as
high-performance databases, in-memory databases, and big data analysis and
mining.
▫ The third category is disk-intensive. The ECSs of this type use local storage
featuring high storage performance because local I/O does not require network
protocols and low storage cost because local storage does not require three
copies of data. However, disk-intensive ECSs do not support migration between
physical servers or specifications modification. Disk-intensive ECSs are suitable for
the applications with strict requirements on storage and with reliability assured,
such as MapReduce and Hadoop distributed computing and intensive data
processing.
▫ The fourth category is high-performance computing. The ECSs of this type

feature high base frequency and strong capability of a single vCPU. They are
suitable for applications requiring high CPU performance, such as machine
learning, gene engineering, finance data analysis, graphics workstation, and big
data search.
▫ The fifth category is computing-accelerated. The ECSs of this type provide

heterogeneous computing resources (excluding CPUs), such as GPUs, FPGAs, and
Huawei-proprietary Ascend processors. These ECSs can be used for the
applications requiring special compute power, such as biopharmaceuticals,
animations, video encoding, high-performance scientific and engineering
applications.
▫ The sixth is BMS, a whole physical server for you. BMSs are suitable for core
databases, high-performance computing, big data, AI, and container.
▫ The last category is Cloud Phone, offering in-cloud phones for you. You can use
Cloud Phone to run Arm-native applications.
• In this section, we will introduce ECS, DeH, BMS, and heterogeneous computing.
• ECS provides secure, scalable, on-demand computing resources, enabling you to
flexibly deploy applications and workloads.
• ECS features are as follows:
▫ Reliable: Automatic fault recovery, multi-copy backup, data backup and

restoration
▫ Secure: VPC, WAF, VSS, and anti-DDoS
▫ Scalable: Scale-in/out, scale-up/down, and flexible AS policies
▫ Easy-to-use: Unified management console, APIs, and SDKs for simplified O&M
▫ Abundant ECS types: Various ECS types, including general computing, high-
performance computing, memory-optimized, disk-intensive, and computing-
accelerated
▫ High specifications: Up to 64 vCPUs and 4 TB of memory (higher specifications

coming soon)
▫ Comprehensive images: Windows and Linux
▫ Differentiated EVS disks: Common I/O, high I/O, ultra-high I/O disks, local SAS
disks, and NVMe SSDs
• This figure shows the application scenario of ECSs. For more details, see the HUAWEI
CLOUD compute product panorama.
• Features
▫ Reliable: Automatic fault recovery, multi-copy backup, data backup and

restoration
▫ Secure: VPC, WAF, VSS, and anti-DDoS
▫ Scalable: Scale-in/out, scale-up/down, and flexible AS policies
▫ Easy-to-use: Unified management console, APIs, and SDKs for simplified O&M
▫ Abundant ECS types: Various ECS types, including general computing, high-
performance computing, memory-optimized, disk-intensive, and computing-
accelerated
▫ High specifications: Up to 64 vCPUs and 4 TB of memory (higher specifications

coming soon)
▫ Comprehensive images: Windows and Linux
▫ Differentiated EVS disks: Common I/O, high I/O, and ultra-high I/O disks, local
SAS disks, and NVMe SSDs
• Typical general computing ECSs are C6 ECSs.
• Featuring the optimal performance, they are the best choice for heavy-workload
applications.
• C6 ECSs use latest-generation Intel® Xeon® Cascade Lake CPUs and Huawei-proprietary
high-performance intelligent NICs to offer industry-leading performance for
enterprise-level applications with high requirements on service stability and compute
performance. Compared with the previous-generation C3 ECSs, C6 ECSs reduce the
price by up to 5% on the basis of higher performance.
• C6 ECS highlights are as follows:
▫ Industry-leading performance
▫ Latest-generation general computing-plus C6 ECSs with compute capability

continuously updated
▫ Compute: The 3.0 GHz of base frequency and 2,933 MHz of memory rank first in
the industry, enabling better stability and compute performance for heavy
workload.
▫ Network: The 10 million PPS performance is 70% higher than the instances with
the same specification in the industry. The 40 Gbit/s intranet bandwidth is 60%
higher than the instances with the same specification in the industry.
▫ Storage: Ultra-high I/O EVS disks with up to 33,000 IOPS and 350 MB/s
throughput meet service requirements on faster I/O and larger storage
bandwidth.
▫ Cost-effective
▫ Compared with C3 ECSs, C6 ECSs provide higher performance but with prices
reduced by up to 5%.
• ECS Overview
▫ High performance, ideal for heavy workload
▪ C6 ECSs use latest-generation Intel® Xeon® Cascade Lake CPUs and

Huawei-proprietary high-performance intelligent NICs to offer industry-
leading performance for enterprise-level applications with high
requirements on service stability and compute performance. Compared with
the previous-generation C3 ECSs, C6 ECSs reduce the price by up to 5% on
the basis of higher performance.
• Kunpeng general computing-plus KC1 ECSs are developed based on Huawei-
proprietary Kunpeng chips.
• KC1 ECSs have the advantages of powerful performance of C series ECSs and high
cost-effectiveness of S series ECSs. The KC1 ECSs deliver the same performance as
other similar instances but at a cost that is 20% less. They are suitable for industries
such as the Internet. Additionally, KC1 ECSs support full-stack Huawei proprietary
applications that comply with the strict information security demands of government,
enterprise, and finance applications.
• KC1 ECS highlights are as follows:
▫ Cost-effective, secure Huawei chips
▫ Huawei-proprietary Kunpeng chips deliver higher performance for heavy

workload than other similar chips but at a cost that is 20% less.
▫ Huawei-proprietary high-performance intelligent NICs work with the eVS 3.0

network acceleration engine enable up to 4 million PPS performance and 30
Gbit/s intranet bandwidth on each ECS.
▫ Largest-specifications Arm ECSs in the industry offer up to 48 vCPUs and 192 GB

of memory.
▫ Based on intelligent scheduling on the cloud platform and more than 40
virtualization-layer technologies optimized (such as Arm V8.1-based advanced
features and PLE/VHE/GICv4 instruction adaptation), the overall ECS
performance is basically the same as that of the mainstream computing platform
and complies with the 99.99% SLA requirement.
▫ Compatible with 20+ mainstream OSs, such as CentOS 7.4/7.5/7.6, Ubuntu server
18.04, SLES12SP4/15, EulerOS 2.8, and NeoKylin neokylin-server 7, as well as
100+ applications for continuous ecosystem development.
• General computing S6 ECSs provide sharable resources.
• Featuring cost-effectiveness, S6 ECSs are the best choice for SMEs to migrate their
services to the cloud.
• S6 ECSs use latest-generation Intel® Xeon® Cascade Lake CPUs and Huawei-proprietary
high-performance intelligent NICs to deliver powerful computing and network
performance as well as high network bandwidth and PPS performance. Compared with
the previous-generation S3 ECSs, S6 ECSs offer better performance but having the
price remain unchanged. S6 ECSs are suitable for enterprise-level applications that
require moderate computing and stability performance.
• S6 ECS highlights are as follows:
▫ Upgraded performance
▫ Latest-generation general computing S6 ECSs with consistent cost-effectiveness
▫ Compute: Compared with the previous-generation S3 ECSs, S6 ECSs have the

base frequency increased from 2.2 GHz to 2.6 GHz, featuring a 15% increase in
compute performance. The memory frequency has been upgraded to 2,933 MHz,
further improving the service processing performance.
▫ Thanks to Huawei-proprietary iNICs, S6 ECSs have up to 150% higher PPS

performance and 80% higher intranet bandwidth than S3 ECSs.
▫ High performance at low cost

▫ S6 ECSs offer the highest performance than other instances with the same
specifications but having the price remain unchanged. They are ideal for light-
and medium-workload enterprise applications that require moderate compute
and stability performance with an excellent price/performance ratio.
• ECS Overview
▫ Cost-effectiveness, enabling business success for SMEs
▪ S6 ECSs use latest-generation Intel® Xeon® Cascade Lake CPUs and

Huawei-proprietary high-performance intelligent NICs to deliver powerful
computing and network performance as well as high network bandwidth
and PPS performance. Compared with the previous-generation S3 ECSs, S6
ECSs offer better performance but having the price remain unchanged.
• Disk-intensive D2 and D3 ECSs
• These ECSs with local SAS disks provide high storage IOPS and I/O bandwidth.
• These ECSs are suitable for massively parallel processing (MPP) data warehouse,
MapReduce and Hadoop distributed computing, distributed file systems, network file
systems, log or data processing applications.
• High-performance computing H3 ECSs
• These ECSs use latest-generation Intel® Xeon Skylake high base-frequency CPUs
(3.0/3.4 GHz) and Huawei-proprietary NICs to offer high-performance, stable
computing.
• H3 ECSs are suitable for high-performance frontend clusters, web servers, high-
performance science and engineering applications, advertisements, MMO games, video
coding, and distributed analysis.
• A DeH provides host resources for your exclusive use. ECSs of other users cannot be
deployed on your DeH or occupy any of your host resources. Visible resource usage on
DeHs facilitates the flexible deployment and independent management of your ECSs.
Moreover, Bring-Your-Own-License is supported, greatly reducing the costs.
• A single user can exclusively use the computing resources on a DeH while multiple
users share the computing resources on a common host.
• DeH has the following advantages:
• Exclusive physical resources:
▫ A DeH provides host resources for your exclusive use. ECSs of other users cannot
be deployed on your DeH or occupy any of your host resources.
• Flexible resource allocation:
▫ You can flexibly and reliably deploy ECSs on DeHs, quickly adapting to diverse
service scenarios.
• Security compliance:
▫ Computing resources are physically isolated by host, bringing higher security and
meeting special compliance requirements of enterprises.
• Lower cost:
▫ DeHs allow you to use your existing socket, CPU, and VM software license,
thereby lowering cost.
• DeH core application scenarios are as follows:
• Commercial licenses: Some commercial software and systems, such as Microsoft

Windows Server and Microsoft SQL Server, are charged based on the number of cores.
If customers require BYOL, only DeHs can be used to migrate services to the cloud,
reducing costs for customers.
• Resource isolation: In some scenarios, such as web applications and government and
enterprise platforms, customers have strict requirements for the resource isolation and
the stability of compute performance. They do not want to share physical hosts with
others. DeH is an optimal choice to meet customers' requirements.
• Independent resource planning: In some scenarios, such as finance and securities,

government and enterprises, and insurance, customers have specific plans for service
deployment and high reliability requirements. Different modules in the system must be
deployed separately or in different AZs. DeH is recommended.
• DeH facilitates the cross-AZ disaster recovery for databases deployed in different AZs,
as shown in the above figure.
• The high-performance and reliable DeHs where resources are physically isolated and
independently managed meet customers' special compliance requirements. Together
with the reliable storage backup and network capabilities, DeHs promise the stable
and reliable migration of customers' services to the cloud.
• Highlights
▫ Flexible deployment and high cost-effectiveness
▫ Exclusive resources: dedicated hosts, exclusive VM resources, and visible resource

usage
▫ Reduced costs: DeH allows users to use the existing socket, CPU, and VM
software license, thereby lowering cost.
▫ Security compliance: physically-isolated computing resources, meeting customers'

special compliance requirements
▫ Robust performance: shared ultra-high I/O disk with IOPS of single disk reaching
over 30,000
▫ High reliability: Ultra-high-performance disks provide three data copies with data
durability up to 99.9999999%. OBS supports cross-AZ storage and achieves up to
99.999999999% (11 nines) in data durability.
• What Is a Bare Metal Server?
▫ BMSs can be used to form a resource pool. By leveraging the extensive

experience of HUAWEI CLOUD in server hardware and cloud platform, BMSs can
help enterprises to migrate their heavy-load services, IDC services, and cloud-
native services to the cloud.
• What Is the Core Difference Between Bare Metal Servers and Physical Servers?
▫ BMSs can be quickly provisioned, and are supported by public cloud storage,
network, security, and backup services. You are only charged for what you use on
a yearly or monthly basis.
• What Is the Core Difference Between Bare Metal Servers and Servers Hosted in IDC?
• BMSs are derived from hosted servers. They look similar because both BMSs and
hosted servers are physical servers. Well, what is the difference between these two
kinds of servers and what are the advantages of BMSs?
• BMSs inherit the advantages of traditional physical servers in performance and

isolation. In addition, BMSs are interconnected with public cloud services to provide
flexible and scalable services. BMSs significantly outperform the traditional physical
servers in terms of stability, online O&M efficiency, and costs.
• In short, BMS provides servers, server management, server O&M, public cloud service
integration, global presence, and hardware customization.
• BMSs can be applied to the scenarios such as databases, big data, containers,
virtualization, HPC, AI, and cloud phone.
• The reasons why these scenarios are taken as the key application scenarios for BMSs
are as follows:
▫ First, BMSs provide excellent performance and are securely isolated.
▫ Second, according to customers' requirements, their services cannot be

reconstructed and seamless service migration to the cloud must be supported.
• HUAWEI CLOUD is trying to dig out more advantages of BMS in more specific
scenarios, for example, the accumulated experience and advantages in the industry,
consistent cloud platform and service capabilities, and continuous scenario-oriented
solution innovation.
• By leveraging the hardware advantages of Huawei and its deep understanding and
insights of services, BMSs provide full-stack instances for various scenarios, such as
traditional and Internet enterprises, heavy-load core services and cost-sensitive
innovation services, as well as compute-intensive, storage-intensive, and network-
intensive services.
• BMSs and InfiniBand (IB) are adopted for the high-performance computing scenario.
• Let's look at the customers' requirements first.
▫ For heavy-load services, such as CAE and fluid dynamics, enterprises require high-
performance computing infrastructure based on raw bare metal servers to avoid
loss brought by virtualization and improve single-node performance.
▫ Heavy-load services require high-performance computing, large network

bandwidth, and low latency.
• To meet customers' requirements, the combination of BMS and InfiniBand is

recommended because it has the following advantages:
▫ First, BMS deployment mode and supported hybrid networking with ECSs can
satisfy different scenarios.
▫ Second, GPUs (8 x V100) for high-performance heterogeneous computing are

provided.
▫ Third, 100 Gbit/s InfiniBand network is used with a latency less than 2 μs.
▫ Forth, Lustre parallel file system is supported and the bandwidth reaches 100
GB/s.
• Product advantages: high performance, security, and low latency
▫ BMS deployment mode, hybrid networking with ECSs to satisfy different

scenarios
▫ GPUs (8 x V100) for high-performance heterogeneous computing
▫ 100 Gbit/s InfiniBand network, exclusively used by Huawei, with a latency less
than 2 μs
▫ Lustre parallel file system supported, the bandwidth reaching 100 GB/s
• This slide describes the instance family of heterogeneous computing. As shown in the
figures, heterogeneous computing instances are classified into three types: GPU-
accelerated ECSs, AI-accelerated ECSs, and FPGA ECSs.
• Among GPU-accelerated ECSs, PI2 and G5 are recommended.
• Among AI-accelerated ECSs, AI1 is recommended.
• An extensive suite of IP cores will be released for Kunpeng Ascend 310, Kunpeng
Ascend 910, and Xilinx VU9P x 8 early 2020.
• A Tesla T4 GPU has 2560 CUDA cores and integrates 320 Tensor cores. Its hybrid-
precision INT8 compute is 130 TOPS.
• Tesla T4 GPUs work with NVIDIA GRID to support graphics acceleration.
• Best Tesla V100 graphics card
▫ Single- and double-precision compute performance improved by 50%
▫ Deep learning compute: 125 TFLOPS
▫ TensorFlow inference performance improved by 18 times
• High-performance network
▫ Huawei-developed intelligent NIC Hi1822 for up to 30 Gbit/s bandwidth
▫ Extremely low network latency
• Flexible billing models
▫ P2v ECSs are not billed after being stopped, more cost-effective
▫ Multiple billing models, including yearly, monthly, and pay-per-use
• Up to 8 GPUs per server
▫ Flexible configuration of 1, 2, 4, or 8 GPUs
▫ GPUs interconnected through NVLink for up to 300 Gbit/s bandwidth

• Huawei-developed high-performance server
▫ Server: Atlas G560 V5
▫ CPU: Intel® Skylake 6151 customized CPU
• Compatible with the deep learning ecosystem
▫ NVIDIA parallel computing framework CUDA 9.0 or later
▫ Mainstream deep learning frameworks such as TensorFlow, PyTorch, CNTK,

MXNet, and Caffe
• G5 ECSs are suitable for services provided by large graphics workstations, such as
image rendering and heavy-load graphics design. One G5 ECS with a single V100 GPU
is equipped with 32 vCPUs, which also has good performance for inference services
that have high CPU requirements.
• Best Tesla V100 GPU
▫ Single- and double-precision compute performance improved by 50%
▫ Deep learning compute: 125 TFLOPS
▫ TensorFlow inference performance improved by 18 times
• High-performance network
▫ Huawei-developed intelligent NIC Hi1822 for up to 30 Gbit/s bandwidth
▫ Extremely low network latency
• Flexible billing models
▫ G5 ECSs are not billed after being stopped, more cost-effective
▫ Multiple billing models, including yearly, monthly, and pay-per-use
• Huawei-developed high-performance server
▫ Server: Atlas G560 V5
▫ CPU: Intel® Skylake 6151 customized

• Graphics acceleration in mainstream scenarios
▫ Mainstream scenarios: desktop cloud, 3D visualization, graphics or image

rendering, and heavy-load graphics design
▫ Supported tools: OpenGL

• Huawei-developed inference-accelerated AI1 ECSs are cost-effective for Internet videos,
smart campus, smart retail, pan-financial certification, and smart healthcare.
• During the open beta test (OBT), the cost-effectiveness is improved more than twice
for PoC customers in multiple scenarios.
• The main model of Ascend AI-accelerated ECSs is Ai1.2xlarge.4.

• Since 2012, the GPU industry has been dominant in the AI field and has been
accelerating AI services.
• GPUs provide extensive matrix multiplication resources, and also can increase AI
algorithms by 300 times, as shown in the right figure. In other words, CPUs take two
weeks to train a model while GPUs only take one hour to complete it.
• Big data requires AI training to provide predictive analysis capabilities.
• Pain points: It is expensive to build large-scale training/inference systems for small-

and medium-sized enterprises.
• Public cloud advantages: The public cloud efficiently combines big data services and AI
training. This greatly reduces operation costs and improving efficiency.
• As the basis of big data, cloud computing greatly reduces IT hardware costs of
enterprises. Therefore, more than 50% of IT budgets is input into big data and IA
applications. AI originally could help enterprises to make decisions, but now can make
decisions automatically. Big data vendors break the tool software ceiling and expand
the development space by 10 times.
• The rendering industry is a traditional GPU service. There are a large number of
rendering requirements for 3D animations and series. In 2017, 40 Chinese animated
movies were produced, and the total length of animation series reached 83,500
minutes.
• For special effects of movies and advertisements, the market potential revenue is up to
¥5 billion CNY.
• In addition, there is also great demand for displaying buildings and households.
• GPUs dominate the industry due to their powerful graphics processing capabilities and
rich computing units.
• Difficult resource prediction and high self-construction costs
▫ Render demands fluctuate greatly. A large number of IT resources are required to

build a private render farm, incurring high costs.
• Low rendering efficiency
▫ A single offline rendering task takes dozens of hours. An overloaded cluster leads
to great delay fluctuations for tasks.
• Various storage requirements
▫ The concurrent access of rendering clusters to shared storage requires a high

bandwidth. Storing massive data is costly.
• Low delivery efficiency and complex O&M
▫ The customer-built cluster is complex in deployment, O&M, capacity expansion,

monitoring, and alarm management, consuming a lot of manpower and time.
• Industrial manufacturing customers, such as automotive enterprises, require high
computing capabilities to perform crash simulation and fluid simulation.
• GPUs are also widely used in scientific computing.
• Application scenarios:
▫ Chemical experiment: scientific experiment (scientific computing)
▫ Fluid analysis: automotive simulation (industrial manufacturing)
▫ Bioscience: pharmaceutical simulation (industrial manufacturing)
▫ Building simulation: urban streets (big data)
▫ Meteorological calculation: forecasting calculation (climate and meteorology)
▫ Visualized simulation: CAD design (industrial manufacturing)

• Rendering
▫ Process of converting a model into an image using a renderer or rendering

algorithm.
▫ The model contains information such as geometry, viewpoint, texture, lighting,

and shading.
▫ Rendering algorithms are complex, and rendering is computing-intensive.
• GPU Rendering
▫ GPU rendering acceleration requires dedicated renderers for GPUs.
▫ The technical maturity and market maturity of renderers that support GPU
acceleration differ greatly.
▫ Rendering process and design are coupled, that is why renderers are determined
at the beginning of animation design.
• 1. Answer:
▫ A
• 2. Answer:
▫ AB
• In the fields of virtual block storage and cross-AZ DR, HUAWEI CLOUD provides the
following services: Elastic Volume Service (EVS), Dedicated Distributed Storage Service
(DSS), Cloud Backup and Recovery (CBR), and Storage Disaster Recovery Service
(SDRS).
• For object storage, HUAWEI CLOUD provides Object Storage Service (OBS) to store
unstructured data, including documents, images, audios, videos, and others.
• In addition, HUAWEI CLOUD provides Scalable File Service (SFS) and SFS Turbo for file
storage and sharing.
• Elastic Volume Service (EVS) is a virtual block storage service based on the distributed
architecture and can scale flexibly.
• Dedicated Distributed Storage Service (DSS) is built based on distributed block storage
and provides exclusive physical storage resources.
• Cloud Backup and Recovery (CBR) backs up ECSs and EVS disks and ensures data
security.
• Storage Disaster Recovery Service (SDRS) provides cross-AZ DR services with zero RPO
based on synchronous data replication.
• Data Express Service (DES) uses physical storage media (for example, external hard
disks) to transmit data to the cloud.
• Object Storage Service (OBS) is a cloud storage service that stores unstructured data
such as documents, images, and videos.
• Scalable File Service (SFS) provides a fully hosted, shared file storage for Elastic Cloud
Servers (ECSs). It also provides an enhanced edition, SFS Turbo.
• HUAWEI CLOUD provides three types of storage services. The first is block storage,
with EVS as the representative service. EVS supports SCSI protocol for hard drive read
and write, suitable for high-performance applications.
• The second is file storage represented by SFS (including SFS Turbo), which provide
NFS, CIFS, and POSIX interfaces. SFS provides file system functions that allow users to
open, change, save, delete, and share files within LANs.
• The other is object storage represented by OBS, which supports REST APIs over HTTP
and HTTPS. It enables users to manage objects by uploading, downloading, query, and
deletion, suitable for internet storage.
• Rich specifications: EVS provides disks of different I/O types to meet users'
requirements in different service scenarios.
• Elastic scalability: Disks support online capacity expansion. One disk can be expanded
up to 32 TB with a minimum increment of 1 GB at a time.
• Security and reliability: Both system disks and data disks support data encryption. EVS
also provides backup, snapshot, and multi-copy data redundancy to ensure HA of data.
• Real-time monitoring: EVS supports real-time monitoring of the disk health and
running statuses through Cloud Eye.
• Data sharing: Shared disks support concurrent read/write from multiple servers,
suitable for mission-critical clusters or business scenarios that require HA capabilities.
• Distributed storage, especially all-flash distributed storage, will be the future public
cloud storage architecture that can handle massive and real-time data deluge.
• Built on Huawei-developed chips, ultra-high I/O SSDs integrate engine, architecture,

chip, and algorithm technologies. A single SSD can deliver 1 million IOPS and keep the
latency below 100 µs.
• The innovative all-flash, intelligent data foundation based on Kunpeng computing

capabilities features "two innovations and three enhancements". "Two innovations"
refer to the flash-native storage engine and full-stack architecture, while the "three
enhancements" refer to Huawei-developed chips, hardcore algorithms, and AI
technologies.
• Ultra-high I/O SSDs are often used for large OLTP databases, NoSQL databases,
stream processing, and log processing, requiring ultra-high performance, ultra-low
latency within 100 μs, and high availability.
• Host cluster applications: Support host cluster applications such as WSFC, RHCS, VCS,
and HACS, meeting requirements for high availability, load balancing, scalability, and
cost effectiveness.
• Database cluster applications: Support enterprise database applications such as Oracle

RAC, SQL Server, and DB2. Working with Bare Metal Server (BMS), EVS can further
meet the high performance requirements of mission-critical database applications.
• Cluster file systems: Support distributed file sharing, such as Lustre and GPFS cluster
file systems, meeting HPC requirements.
• Other methods and problems:
• Support by manually adding distributed file systems. Problem: poor performance and
unguaranteed SLA.
• Support through SMB/NFS. Problem: Performance cannot meet application

requirements.
• Key technologies
▫ No centralized target: Shared EVS disks are fully distributed, providing

performance that can grow linearly.
▫ Concurrent read and write operations on multiple nodes: Support multiple

concurrent data reads and writes without locks and keep cache consistency.
▫ Multiple SCSI locks: Support persistent and non-persistent SCSI reserved locks.
• EVS disk encryption: EVS disks are attached to cloud hosts as system disks or data
disks. Users can create keys on KMS to encrypt data on EVS disks, thereby ensuring
data security of VMs.
• VBS disk backup encryption: If you create a backup for an encrypted disk, the backup is
encrypted by default, which ensures data security of the disk backup in OBS.
• IMS image encryption: If you create an image for an ECS with an encrypted disk as its
system disk, the image is encrypted by default, which ensures data security of the
image files in OBS.
• Product highlights
▫ Self-service encryption: Tenants fully control keys through KMS. KMS uses the
third-party hardware security module (HSM) that has passed the national
encryption office and FIPS 140-2 level 3 SafeNet certification to generate and
protect keys.
▫ Ease of use: Encrypted disks can be created with only a few clicks, and users do
not need to build or maintain the key management infrastructure.
▫ Application transparency: Upper-layer applications are unaware of the encryption,

and additional configurations are not required.
• Starting capacity: You can start with the minimum capacity of 10 GB, and then
purchase extra disks according to service growth. This frees you from worrying about
resource waste and storage resource insufficiency, making the configuration more
efficient and flexible.
• Online service expansion: You can expand the capacity of an EVS disk at any time
without shutting down the VM, ensuring service continuity. For example, in the finance
and e-commerce industries, services can be upgraded and expanded without service
interruption, meeting the requirements for high service continuity.
• Scale-up process:
▫ You can submit a request for scale-up on EVS Console. The request will be passed
to KV Pool through Driver and the block client. Then underlying disk capacity will
be expanded.
▫ Hypervisor instructs the VM to update the disk size.
▫ You only need to complete partitioning and creating file systems in the operating
system.
• Specifications:
• The maximum EVS disk capacity is 32 TB.

• Scenarios:
• Periodic data backup with a short period: Many services, such as e-commerce and
games, require periodic (hour-level) data backup. Conventional backup requires service
interruption and a long period of time. In addition, backup data occupies a large
amount of space and is costly. The snapshot function can solve these problems.
• Wide application of service data: Disks created by snapshots can serve multiple services
at the same time, for example, data mining, report query, development, and testing. In
this way, source data is protected, and backup data is used for new purposes, meeting
enterprises' requirements for multi-purpose use of service data.
• Key technologies
▫ Application cache data consistency: Use a proxy to instruct applications to

suspend I/Os, flush data in the cache to disks, and create snapshots. (This
function is not supported currently and requires a proxy from the storage system.)
▫ Consistency snapshot of multiple mount points: Suspend I/Os of multiple mount

points and create snapshots.
▫ Snapshot and recovery within seconds: The snapshot implementation uses the
index-based redirect-on-write (ROW) mechanism. Data replication is not involved
in the snapshot creation and snapshot recovery.
• Specifications:
▫ A maximum of 128 snapshots can be created for a volume (under open beta test,
7 are openly available).
▫ A snapshot can create a maximum of 128 volumes.

• DSS provides physical storage isolation, abundant features, and excellent performance.
▫ Security: Users exclusively use physical storage resources, preventing mutual

impact between user resources. Data encryption is supported to ensure user data
security.
▫ Reliability: Provides multiple data copies to ensure data security and reliability.
The data durability reaches 99.99999%.
▫ Flexibility: The system can be connected to ECS and BMS services in a non-
dedicated cloud, or connected to the DeC service. Users can flexibly configure
DeC storage resources.
▫ Ease of use: You can manage resources on the dedicated cloud easily, without
building a large professional O&M team.
▫ Diversified functions: DSS provides similar functions as those provided by EVS,

including encryption, backup, snapshot, and more.
• Cloud Backup and Recovery (CBR) allows you to back up ECSs, BMSs, EVS disks, and
on-premises VMware virtual environments with ease. If there is a virus intrusion,
accidental deletion, or software or hardware fault, data can be restored to any backup
point.
• Relationship Between CBR and CSBS/VBS
▫ CBR incorporates the functions of CSBS and VBS. More new features will be
launched on CBR instead of on CSBS or VBS.
▫ After CBR goes online, CSBS and VBS in the service catalog on the HUAWEI
CLOUD are switched to CBR.
▫ Current CSBS and VBS users can use CBR, CSBS, and VBS at the same time.
Alternatively, users can migrate the existing backup policies and data from CSBS
and VBS to CBR with a few clicks. The migrated backup data is billed based on
CBR's billing mode.
▫ The unit price of CBR's disk backup vaults is ¥0.1/GB-month, which is lower than
that of the VBS backup storage (¥0.12/GB-month). The unit price of CBR's server
backup vaults is ¥0.2/GB-month, which is lower than the total price (¥0.268/GB-
month) of CSBS's backup function fee and backup storage fee.
▫ CSBS and VBS will be unavailable after the first half of 2020.
• Application Scenarios
▫ In-cloud backup: Application-consistent backup is provided for key enterprise

applications deployed in the cloud, such as ERP, CRM, and document servers. CBR
supports cross-region replication of backup data, meeting the remote backup
requirements of large enterprises as well as the finance and healthcare industries.
▫ Hybrid cloud backup: CBR supports synchronizing backups of VMware VMs to the
cloud and restoring such backups in cloud or on premises.
▫ Service migration and batch deployment: Full-ECS backups can be used to create
images, and these images can be used to create ECSs with the same
configuration within minutes. With cross-region replication, ECSs can be
provisioned in different regions, meeting service migration requirements.
• In-cloud backup:
▫ Sales scenarios: Application-consistent backups for ECSs or BMSs deployed with

e-mail systems or databases can be used to restore data upon unintentional
deletions, software upgraded failures, and virus attacks, keeping your services
secure and reliable.
▫ Selling points: Automatic backup that can be configured for ECSs and BMSs, so
data is automatically backed up. Instant recovery: Backups can be used to restore
the original EVS disk or ECS, shortening the recovery time objective (RTO) to
minutes.
• Hybrid cloud backup:
▫ Sales scenarios: With HUAWEI CLOUD as the remote DR site, users can
synchronize the backup data in offline VMware VMs to the cloud. In this way, the
backup data can be used for restoration on-premises if there is a misoperation,
software upgrade failure, or virus infection, and also can be used for restoration
in cloud if a regional network fault or natural disaster occurs.
▫ Selling points: The public cloud is used as the DR site, which provides scalable
resources and you can pay as you go, reducing initial investment. VMware VM
backups can be used to Instantly restore ECSs on the cloud, and the recovery
time objective (RTO) to is reduced to minutes.
• Service migration and batch deployment:
▫ Sales scenario: During the initial installation, a backup can be converted to an

image to quickly provision cloud servers with the same configuration. In scenarios
when services surge in a short period of time, such as during shopping festivals,
AS and full-ECS images are used for elastic service scaling. Service systems are
deployed or migrated across regions, and existing cloud servers can be quickly
replicated.
▫ Selling points: Users can create a full-ECS image using a backup and use the
image to provision new ECSs. A full-ECS backup can be replicated across regions,
so new ECSs can be provisioned in the target region. Based on the lazyloading
technology, ECSs can be provisioned in batches within minutes using full-ECS
images, shortening the time required for service provisioning.
• Advantages
▫ Backups (based on multi-volume consistent snapshots) of ECSs and BMSs can be

used for data restoration and server creation, enabling minute-level RTO. (not
supported by Alibaba Cloud)
▫ Supports application-consistent backup to meet reliability requirements in

database backup scenarios. (not supported by AWS and Alibaba Cloud)
▫ Supports cross-region replication of backup data, meeting remote data backup

requirements. (not supported by Alibaba Cloud)
• SDRS: cross-AZ cloud DR with zero RPO
• SDRS provides DR services for many public cloud services, such as ECS, DSS, and EVS. It
leverages various technologies, including storage replication, data redundancy, and
cache acceleration, to provide users with high data reliability and service continuity.
• SDRS provides a centralized console, through which users can configure and manage
server replication, and perform switchover and failover on the console.
• You can establish a replication relationship between the production site and the DR
site.
• You can replicate servers from an AZ to another AZ, thereby reducing the costs and
complexity of maintaining another data center.
• Applications running on servers can be replicated, and the replication will not have any
impact on the applications.
• For SDRS, recovery time objective (RTO) refers to the period from the time when users
perform a planned failover or failover at the production site to the time when the
servers at the DR site start to run. This period does not include any time for DNS
configuration, security group configuration, or customer script execution, and is within
30 minutes.
• SDRS provides continuous and synchronous replication for servers to ensure zero
recovery point objective (RPO).
• Real-time data synchronization based on storage ensures that data synchronized
across two AZs maintains crash consistency. Specifically, the application data across
AZs may not be consistent but the disk data across the two AZs remains consistent.
• DR drills can be performed without interrupting services and do not affect ongoing
replication.
• You can perform a planned failover for an expected service interruption to prevent
data loss, or perform a failover for unexpected failures to restore services quickly.
• SDRS simplifies program resource management during failovers, including reserving IP

addresses and MAC addresses, facilitating efficient network switchovers.
• When services are running properly, servers at the DR site are stopped and thereby will
not be billed. This greatly reduces the DR TCO.
• Servers do not need the DR agent plug-in. The service deployment is simple and quick.
• Product highlights
▫ 100+ billion objects, 10+ million concurrent tasks, and unlimited capacity
▪ OBS provides you with the best possible data access experience. It stores
hundreds of billions of objects, processes tens of millions of concurrent
tasks, delivers ultra-high bandwidth, and assures low latency.
▪ It also provides unlimited storage space.
▫ Secure data and reliable services
▪ Based on the advanced data functions virtualization (DFV) architecture for

distributed storage, OBS is stable and reliable. With redundancy of device
and data within each AZ and data DR across AZs, OBS achieves a
99.9999999999% (12 nines) data durability and 99.995% service availability.
▫ Easy to use and manage
▪ OBS supports REST APIs, provides multi-language software development

kits (SDKs), and is compatible with all mainstream client tools. You do not
need to reserve storage space or worry about storage scaling, because OBS
allows unlimited expansion of storage resources.
▪ POSIX interface is supported, offering more options for accessing OBS.

▫ Multiple protection mechanisms and controlled authorization
▪ OBS has been awarded the Trusted Cloud Services (TRUCS) Certification.
OBS has multiple protection mechanisms to ensure data security, including
versioning, server-side encryption, URL validation, VPC-based network
isolation, access log audit, and fine-grained permission control.
• Enterprise OA scenario (using SFS turbo): sharing documents conveniently
• Software development (using SFS Turbo): online coding, software release, and code
library storage
• DSS provides dedicated block storage resources and features similar to those of EVS.
• SFS Turbo provides dedicated file storage resources and features similar to those of
SFS.
• OBS provides dedicated object storage resources. The underlying storage servers where
a tenant's data is stored are exclusively used by the tenant. In addition, it provides
features similar to those of OBS.
• The three storage services can provide data storage capabilities for HUAWEI CLOUD
computing services.
• Disaster recovery is implemented in an event of a severe natural disaster such as a fire
and an earthquake. Backup is performed in the data center where corrupted business
system data resides to recover the data after a misoperation, virus infection, or logical
error.
• A DR system protects data but more focuses on protecting service continuity. A data
backup system only ensures that data generated at different time points can be
restored. Generally, the system performs a full backup for the first time, which takes a
long period of time. The subsequent backup is incremental and can be completed
within a short period of time.
• The highest DR standard is to implement zero RPO. You can set a maximum of 24
automatic backup policies at different time points in one day to restore data to
different backup points.
• If a disaster occurs, such as earthquakes or fires, a DR system takes only dozens of

minutes to perform a failover, but a backup system takes several hours or even dozens
of hours to restore the data.
• For cross-AZ DR solutions on the cloud, SDRS provides block storage for cross-AZ DR,
and CBR provides cross-AZ backup. Underlying data synchronization technologies are
used to synchronize files across AZs.
• SDRS cross-AZ DR: RPO = 0; CBR: RPO ≥ 1 hour
• Cross-AZ file synchronization provides the file DR capability with RPO = 0.

• OBS supports 3-AZ HA Similar to storage in a single AZ, 3-AZ storage delivers the
99.9999999999% durability and 99.995% service availability.
• CBR provides cross-AZ DR within a region and remote backup across regions.
• You can create a backup policy to replicate backups to another region regularly.
• To implement cross-region restoration, CBR creates images in the DR region, and then
use the images to provision ECSs to restore services.
• OBS supports region-level HA. Therefore, cross-region replication provides the

capability for data disaster recovery across regions, catering to your needs for off-site
data backup. Assures data security in extreme scenarios such as earthquakes, floods,
and wars.
• Meets the compliance requirements of data remote backup in specific industries.
• Efficient performance: replication of small objects in seconds, and replication of large

objects in minutes.
• Geo-redundancy (three centers at two sites) is a common data center DR architecture.
With HUAWEI CLOUD SDRS and CBR, this architecture provides intra-region cross-AZ
DR and inter-region remote backup DR solutions.
• CBR protects data in cloud service systems such as ECS, BMS, and EVS. Users can
customize backup and replication policies to implement automatic backup within a
region and automatic replication across regions. Listed companies and large
enterprises must meet the level-3 graded cybersecurity protection requirements.
Specifically, data loss can be prevented by restoration in scenarios when regional
network faults or natural disasters occur.
• This cloud geo-redundant DR solution is suitable for mission-critical application

scenarios and scenarios that must meet graded cybersecurity protection requirements.
▫ Solution advantages:
▪ Upper-layer applications use ELB to ensure HA services are provided

externally.
▪ For stateful applications, such as local applications that store important

configuration files and data, SDRS is used to implement DR (with zero RPO)
and local backup.
▪ CBR replicates backups across regions, with the backup interval ≥ 1 hour.
▪ For databases, RDS can implement cross-AZ active/standby DR, while DRS
can back up databases across regions
▫ DR strategy:
▪ If AZ1 in the production site is faulty at application layer, you can use SDRS
to switch services to AZ2 with only a few clicks. In this case, the RPO is 0,
and the RTO is within minutes.
▪ If AZ1 in the production site is faulty at the database layer, an auto

switchover will be executed between the active and standby databases
because databases are deployed in the active/standby mode. In this case,
the RPO is approximately 0, and the RTO is within seconds or minutes.
▪ If Region 1 is faulty, services are provisioned using the backup data in

Region 2 (the DR site). The database will be synchronized from the backup
database in Region 2, and the DNS is switched to Region 2. In this case, the
RPO is in hours, and the RTO is in minutes.
• Solution
▫ The production site and DR site are deployed in two different regions of HUAWEI
CLOUD.
▫ The production center is deployed in dual AZs in the same city. SDRS can be used
to implement cross-AZ active/standby DR with zero RPO at the application layer.
The DR center is deployed in a single AZ.
▫ RDS database instances are deployed in both the production site and DR site. In
the intra-city cross-AZ scenario, RDS database instances are deployed in
active/standby mode. In the cross-region scenario, DRS is used to implement
database replication.
▫ Application configurations, logs, and backups generated by the production and

DR sites are replicated across regions using the CBR service.
▫ When an AZ at the production site is faulty, services are switched to the other AZ
using SDRS. The active and standby databases are switched over.
▫ When region 1 is faulty, the active and standby databases are switched over, and
the DNS authorization is changed to 0% at the production site and to 100% at
the DR site.
▫ After region 1 is restored, the database service is switched back to the active
database, and DNS is switched back to the active site.
• Background: According to China's Basic Requirements for Graded CyberSecurity
Protection, listed companies, government departments, and financial institutions must
build remote DR systems.
• Customer requirements: VMware is the largest virtualization platform in the global

virtualization market. Many governments, listed companies, and financial institutions
have deployed the VMware platform. To meet the level-3 graded cybersecurity
protection requirements, or higher data security requirements, data needs to be
backed up remotely. Generally, an on-premises DR center requires self-built or leased
equipment rooms/cabinets, involving software and hardware procurement, installation,
and commissioning. The overall construction period is 3 to 6 months, with large initial
investment.
• Huawei solutions:
▫ Architecture: 1. Deploy CBR Proxy in the on-premises IDC equipment room on

one or more VMware VMs. Better backup performance can be delivered by
deploying CBR Proxy on more VMs. 2. CBR Proxy is used to interconnect with
VMware vCenter. Users can customize backup policies to automatically back up
data. 3. Data can be restored to the on-premises VMware environment or to
ECSs on the cloud.
▫ Competitiveness: Compared with conventional solutions, this solution uses elastic
resources on the cloud and customers only pay for what they use, with 70%
lower initial investment and 50% shorter construction period. Compared with
conventional backup software, CBR supports data restoration on the cloud and
can quickly start up services (with RTO in minutes). For backing up massive
amounts of data, customers can use Data Express Service (DES) to migrate full
backup data to the cloud offline, with 80% to 90% lower bandwidth.
• This solution provides two billing modes, pay-per-use and yearly/monthly. The billing
factors include backup vaults and data transfer over public networks. The initial
capacity of a vault must be the total VMware VM size to be backed up. The unit price
is ¥0.35/GB/month. Restoring data to the on-premises IDC VMware environment
requires data transfer over public networks, which is about 10% of the total VMware
VM size backed up. The unit price varies depending on the restoration time (peak and
off-peak hours). The price is ¥0.25/GB during off-peak hours and ¥0.5/GB during peak
hours. Free by end of 2019.
• The solution configuration process consists of five steps:
▫ Download the CBR Proxy image from the CBR console and import the image to
the on-premises IDC VMware environment to deploy it on a VM.
▫ Log in to CBR Proxy and configure the VMware vCenter interconnection

information, including the vCenter IP address or domain name, login user name,
and password.
▫ Log in to CBR Proxy and configure an automatic backup policy, specifying

information about the backup object, backup time, backup interval, and number
of retained copies.
▫ After the configuration is complete, CBR Proxy automatically backs up data
based on the backup policy.
▫ In scenarios such as accidental deletion, software upgrade failure, and virus

intrusion, VMware VM data in the on-premises IDC can be restored using backup
data. You can also use the backup to register an image and provision cloud
servers on the cloud to restore services.
• Based on the VMware vSphere Storage APIs for Data Protection (VADP) interface and
Changed Block Tracking (CBT) technology, the solution can implement block-level
permanent incremental backup for VMware VMs. Only changed data blocks are
backed up, shortening the backup time window by 80% to 90% (comparing
incremental backup with full backup). Only changed data blocks are restored,
shortening the restoration time by 80% to 90% (comparing incremental restoration
with full restoration).
• Hybrid cloud backup solution is suitable for enterprise data backup, and archiving, with
all-ecosystem integration and ultra-high reliability for data security
• Data can be migrated to HUAWEI CLOUD through CDN, backup software, CSG, and
DES. For details, see https://support.huaweicloud.com/en-us/bestpractice-
obs/obs_05_0110.html.
• Pros and cons
▫ Client synchronization: Supports manual backup for single database or program,

with the lowest cost.
▫ Backup software: Supports automatic backup for multiple applications and hosts,
with strong compatibility.
▫ Cloud Storage Gateway (CSG): Integrates seamlessly with existing on-premises

backup systems.
▫ Offline data migration: Supports mass data archiving and on-premises data
migration to the cloud.
• OBS provides three storage classes: Standard, Infrequent Access, and Archive. Users can
configure lifecycle policies to manage data transitions to reduce costs.
• BigData Pro: an innovative big data solution with decoupled compute-storage,
Kunpeng computing, and containers
▫ Scenarios:
▪ BigData Pro is applicable to a wide range of scenarios, including Internet

big data batch processing and analysis (log analysis, user profiling,
recommendation, and report), resource satellite data analysis (remote
sensing, agricultural prediction, and land survey), autonomous driving
development platform (road condition analysis and driving mode analysis),
and IoV (point check).
▪ For the infrastructure layer, BigData Pro uses Kunpeng multi-core

computing, and leverages OBS to provide data lake storage. OBS supports
protocols such as HDFS, POSIX, and S3, so BigData Pro can connect to
different types of big data computing engines, therefore, building an
innovative big data solution with decoupled computing and storage.
▪ For big data platforms, OBS, as the storage base of BigData Pro, is deeply
integrated with HUAWEI CLOUD EI services to provide an optimized big
data solution that can rival mainstream big data platforms in the industry.
In addition, BigData Pro is compatible with third-party commercial big data
platforms and open-source platforms such as Hadoop and Spark. BigData
Pro also provides container-based big data services. It can provision
containers within a few seconds, and optimize computing scheduling.
BigData Pro delivers 30% higher efficiency with the Kunpeng's high
concurrency capabilities.
▪ OBS supports x86, Kunpeng, GPU, Ascend, and other chips for
heterogeneous computing.
▫ Conventional solution:
▪ Average resource utilization of a computing cluster is less than 50%,

because it is constructed based on the peak scale.
▪ The storage resource utilization is less than 33%, because three copies are
written to local disks to ensure data reliability.
▫ BigData Pro:
▪ The container-based cluster scale is adjustable according to service needs.

Customers can set a watermark, so resources are intelligently scheduled
based on the watermark. Resources can be provisioned in seconds,
improving computing resource utilization by 75%.
▪ OBS can efficiently implement the EC algorithm. The storage resource

utilization can reach up to 80%. Kunpeng, featuring multi-core computing,
improves performance by 20% compared with x86 servers under the same
cost.
• BigData Pro: innovative IaaS architecture, higher performance, lower TCO
• Innovative IaaS architecture
▫ Computing:
▪ Supports Kunpeng and x86 computing capabilities and has a complete

ecosystem. Optimized server configuration for big data scenarios and
replaced SATA disks with SSDs for Spark and MapReduce shuffle, greatly
improving computing efficiency.
▪ Big data clusters can be deployed on ECSs, BMSs, and containers to meet
various customer requirements for compute instances.
▫ Storage:
▪ Storage and compute are decoupled. OBS, the unified storage data lake,
provides on-demand resources that are scalable and require no O&M. In
addition, it provides ultra-large bandwidth to support on-demand capacity
expansion, meeting the requirements for concurrent access by large-scale
computing clusters of different types. The multi-AZ and cross-region
replication functions ensure 99.9999999999% data reliability.
▪ OBS uses the efficient EC algorithm to effectively improve storage resource

utilization. In addition, it supports multi-protocol access and
interoperability, allowing data to be accessed by different computing
engines, and thereby improving computing efficiency.
• The big data container provides 1,000 schedules per second, which is 10 times higher
than the community solution. In addition, vertical scaling is provided to enable
customers to quickly obtain the big data computing power.
• The big data container uses distributed cache and Volcano intelligent scheduling (tasks
are delivered based on the network topology and affinity to improve the inter-node
collaboration capability during big data computing), improving the performance by
40%.
• Big data containers use OBS and HDFS to separate computing from storage and can
be deployed with services, improving cluster utilization and reducing costs by 50%.
• The big data container automatically scales in or out based on task requirements and
unifies service scheduling platforms for enterprises, reducing O&M pressure.
• BigData Pro, with higher performance and lower costs, is mainly used for migrating
services from IDCs or other vendors to HUAWEI CLOUD.
▫ Main scenarios: log analysis, satellite image, search crawler, operation report, and
IoV
▫ Customer’s pain points:
▪ To meet the requirements of peak service access, the customer's IDC is

constructed based on the peak scale. The average resource utilization is low
and a large number of resources are wasted.
▪ IDC rigid capacity expansion or one-time construction costs are high.
▪ As the service volume increases, the analysis duration is required. In

addition, the data volume increases rapidly, and the cold data storage cost
is high.
▫ Customer benefits:
▪ The storage and compute separation solution solves the problem of strong
binding between computing and storage resources. Computing resources
can be elastically scaled on demand, and OBS storage can be used on
demand. Customers are unaware of capacity expansion and reduction,
O&M is not required, and peak load balancing is implemented, greatly
improving resource utilization and reducing waste.
▪ The innovative IaaS architecture based on HUAWEI CLOUD enables users to

enjoy better performance experience.
▪ Pay-per-use and yearly/monthly billing modes effectively reduce initial
construction costs.
▪ OBS supports policy-based data lifecycle configuration that automatically

transfers cold data to OBS Archive, reducing the cost by 50%.
• Main scenarios: autonomous driving, recommendation system, and user profile
• Main requirements:
▫ Data is not copied among multiple computing clusters, avoiding unnecessary

data copy waiting.
▫ One copy of data supports multiple computing engines.
▫ Multiple data entries and high flexibility
• Customer benefits:
▫ OBS provides multi-protocol access and interworking, supports the access of

multiple computing engines, and implements zero data copy.
▫ Only one copy of data needs to be saved, greatly reducing storage costs.
▫ Flexible and efficient data migration to the cloud

• VOD scenarios:
▫ Video files with UGC or PGC are uploaded to OBS for storage. OBS can be used
as the VOD origin server. You do not need to purchase an ECS to deploy
streaming media services.
▫ OBS and CDN are closely related services. CDN can be used to accelerate video
distribution.
▫ In addition, you can use functions such as media transcoding and the content
moderation service provided by HUAWEI CLOUD EI to process and analyze video
files stored in OBS.
• Live streaming scenarios:
▫ Due to China’s regulatory requirements, video ingesting is required in live

streaming scenarios. Customers can upload the recorded video, audio, and
screenshot files to OBS for storage. Users can directly download the files from
OBS or use CDN for accelerated distribution when necessary.
• BMS
▫ Quick provisioning: SDI-based automated deployment completes provisioning

within 5 minutes.
▫ Application scenarios: Support mission-critical databases like Oracle RAC and SAP
HANA
▫ Hybrid networks: Support hybrid networking with ECSs, VPCs, and EIPs
▫ Self-servicing: easy operations to create, delete, start, stop, and restart BMSs
• EVS
▫ Diskless startup: BMS can use an EVS disk as the system disk, improving system
disk durability from 99.9% to 99.9999999%.
▫ High specifications: A maximum of 60 volumes can be attached to a BMS.
▫ High performance: The performance of a BMS reaches 200,000 IOPS.
▫ Shared EVS disks: an EVS disk can be attached to a maximum of 16 hosts, and
supports cluster application deployment.
▫ Various functions: EVS supports advanced functions such as snapshot, backup,

QoS, ensuring high availability and security of data.
• Pain points: In the AI training scenario, there are a large number of files, over 100
million files. In this case, mainstream file systems in the industry have severe
performance bottlenecks, including:
▫ A single directory can store only limited number of files, with slow I/O for small
file concurrency.
▫ Unsmooth directory operations, including du, find, ls, and cp.
▫ The file system cannot be well managed.
▫ Multiple tenants share one file system, posing risks to data reliability and
security.
• Solution: SFS Turbo
▫ Optimized for storing massive files, supporting unlimited number of files in a

single directory
▫ Provides APIs for querying the directory capacity and number of files in the
directory, facilitating management.
▫ Uses Cloud Eye to monitor the performance of metadata and data operations.
▫ Provides high-performance SSD resource pools that support high-performance

access to massive files.
▫ Tenants can exclusively use file systems with capabilities supporting data backup
and DR.
• Benefits:
▫ SFS Turbo is a must component for distributed AI training.
▫ SFS Turbo supports massive high-performance AI training tasks through high-

concurrency data sharing. An AI training project for consumer businesses with
1,000 nodes are undergoing.
▫ SFS Turbo provides industry-leading storage I/O performance, which is twice that
of similar products, accelerating AI training performance and reducing GPU costs.
▫ Visualized display of performance indicators, facilitating file system data analysis

• 1. Answer:
▫ ABD
• 2. Answer:
▫ ABCDEF
• This slide focus on the position of each service on the network. The network layers
consist of the cloud-based network access, cloud-based network, and hybrid cloud
network.
• Virtual Private Cloud (VPC)
▫ You can create a VPC to obtain an isolated private virtual network on the HUAWEI
CLOUD. You have full control over your VPC by creating subnets, customizing IP
address ranges, and configuring route tables and gateways.
• Elastic IP (EIP)
▫ The EIP service provides independent public IP addresses and bandwidth for Internet
access. EIPs can be bound to or unbound from ECSs, BMSs, virtual IP addresses, load
balancers, and NAT gateways.
• NAT Gateway
▫ NAT Gateway provides both SNAT and DNAT for your resources in a VPC and
allows servers in your VPC to access or provide services accessible from the Internet.
• Domain Name Service (DNS)
▫ DNS provides highly available and scalable authoritative DNS resolution services
along with domain name management. It translates domain names or application
resources into IP addresses required for network connection to route visitors to
desired resources.
• VPC Endpoint (VPCEP)
▫ VPC endpoints provide secure and private channels to connect to VPC endpoint
services (cloud services or users' services), providing the flexibility in networking
without having to use EIPs.
• Elastic Load Balance (ELB)
▫ ELB distributes access traffic among multiple ECSs to balance their load, improving
fault tolerance and expanding service capabilities of applications.
• The hybrid cloud network mainly uses the VPN and Direct Connect services. Generally,
the public cloud communicates with the on-premises data center using either of the
two services.
• You can define security groups, virtual private networks (VPNs), IP address ranges, and
bandwidth for a VPC. This facilitates internal network configuration and management
as well as secure and convenient network modification.
• You can also customize the ECS access rules within a security group or between
security groups to improve ECS security.
• Private CIDR block: When creating a VPC, you need to specify the private CIDR block
used by the VPC. The VPC service supports the following CIDR blocks: 10.0.0.0 –
10.255.255.255, 172.16.0.0 – 172.31.255.255, and 192.168.0.0 – 192.168.255.255
• Subnet: Cloud resources, such as ECSs and databases, must be deployed in subnets.
After a VPC is created, you can divide the VPC into one or more subnets. The subnet
CIDR blocks must be within the private CIDR block of the VPC. Route table: When you
create a VPC, the system automatically generates a default route table. The route table
ensures that all subnets in the same VPC can communicate with each other. If the
routes in the default route table cannot meet application requirements (for example,
an ECS without an EIP bound needs to access the Internet), you can create a custom
route table.
• Although the configuration of VPCs is more flexible than the physical network, they
still need network protocols such as TCP/IP. Two servers with the same IP address
cannot communication with each other and modifying the network topology affects
service continuity. Therefore, network planning is required for VPCs.
▫ It is recommended that each VPC has no more than 5000 IP addresses. If the
number of IP addresses exceeds the upper limit, multiple VPCs are required to carry
services.
▫ A VPC is the minimum unit that an account can control network resources.
Resources in a VPC must belong to the same account.
▫ VPCs are isolated from each other by default but can be connected using VPC
peering connections.
▫ Subnets in a VPC can communicate with each other by default, but can be isolated
by access control rules.
• For example, a user wants to set up a website without interworking with other
networks.
▫ All servers are deployed in one VPC for higher service connectivity.
▫ The service subnet is divided into the web, application, and database zones, which
are used to deploy servers.
▫ The subnet of the O&M and access zone is used to deploy bastion hosts or
management authentication devices, facilitating remote access, service deployment,
and O&M.
▫ Subnets facilitate isolation and bypass between functional zones by using the
network ACLs.
• For example, a large automobile enterprise has migrated all its businesses to the
cloud, requires the services to be isolated from each other, and has connected its on-
premises network to the cloud using a Direct Connect connection.
▫ Different services or departments are carried on different VPCs.
▫ The public VPC is connected to the rest VPCs through VPC peering connections.
▫ The public VPC is connected to the on-premises data center using a Direct Connect
connection, and the rest VPCs can also use this connection to connect to the data
center network.
• VPC Peering connections can connect multiple VPCs in the same region.
• In a VPC, data transmission is not limited, and the network performance depends on
that of the ECS.
• On the ECS purchase page, you can view the assured bandwidth, maximum bandwidth,
and PPS of different ECSs. You can select an ECS based on service performance
requirements.
▫ Assured bandwidth: guaranteed bandwidth allocated to the ECS
▫ Maximum bandwidth: maximum bandwidth that can be allocated to the ECS

• The VPC service provides two types of access control policies: security group and
network ACL.
• An IP packet header contains information including destination IP address, destination
port, protocol, source port, and source IP address.
• Both allow or deny rules are supported.
• Stateful. Only rules in the inbound direction are required.

• Three-layer architecture for service deployment: Web–App–Database
• Security group rules deny all inbound traffic by default. To meet access requirements,
add inbound rules to allow inbound traffic.
• The default ACL rule allows all outbound traffic and verifies the source address in the
inbound direction.
• Users want to deploy services on HUAWEI CLOUD to cope with traffic peaks. ELB is
recommended if users want to automatically distribute incoming traffic across multiple
servers on HUAWEI CLOUD so that server resources can be elastically scaled to meet
the requirements during peak hours.
• In actual service deployment, users usually provide services in cluster mode to ensure
service continuity. ELB can provide such functions on the cloud.
• Configuration process
▫ When creating a load balancer, you need to specify a VPC and subnet, select
whether to automatically assign or manually specify a private IP address. The load
balancer receives requests from clients using this private IP address. If you need to
access the Internet, bind an EIP to the load balancer.
▫ You can add one or multiple listeners to your load balancer. A listener uses the
protocol and port you specify to check for requests from clients and route the
requests to associated backend servers based on the rules you define. For an HTTP
or HTTPS listener, you can add forwarding policies to forward requests based on the
domain name or URL.
▫ Finally, add the servers responsible for request processing to the backend server
group. The traffic received by the load balancer is allocated to the backend servers
based on the specified algorithm.
• A load balancer is a logical instance rather than a VM using an IP address in the

VPC/subnet. ECSs or BMSs added to backend server groups provide services. A whitelist
or blacklist can be added to control access to a listener.
• Protocols TCP and UDP at Layer 4 and protocols HTTP and HTTPS at Layer 7 are
supported. During actual service deployment, you need to select a proper protocol for
your load balancer.
▫ Protocols at Layer 4 forward packets to backend servers based on the packet

characteristics, such as the IP address.
▫ Protocols at Layer 7 forward packets to different backend server groups based on

HTTP packets, for example, the URL.
• Websites with different domain names can use a same public IP address because
HTTP/HTTPS listeners can forward requests to different application servers based on
the domain name or URL.
• Summary:
▫ The round robin algorithm is suitable for short connections while the least
connections algorithm for persistent connections.
▫ Weighted round robin and weighted least connections are often used in scenarios
where the performance of servers in a backend server group varies.
• ELB provides the sticky session function. You can enable sticky sessions for your load
balancer.
▫ At Layer 4, the source IP address is used for maintaining sessions. The maximum
stickiness duration of Layer 4 sessions is 1 hour.
▫ At Layer 7, load balancer cookies and application cookies are used. The maximum
stickiness duration of Layer 7 sessions is 24 hours.
• With the advent of the 5G era, more and more devices need to be connected to the
Internet, but the number of IPv4 addresses that can be allocated is decreasing. The
development of IPv6 is promoted at the strategy level. The requirements for IPv6
reconstruction of enterprises are to support IPv6 access in a short time without
changing the IPv4 architecture.
• HUAWEI CLOUD supports the NAT64 function (IPv6 address translation), which maps
an IPv4 EIP to an IPv6 address to support IPv6 access. If your services have not been
migrated to the cloud, you can use Direct Connect and NAT Gateway to access on-
premises IPv4 services using IPv6 addresses.
• HUAWEI CLOUD ELB provides dedicated and high-performance load balancers, which
support elastic scaling and can establish hundreds of millions of concurrent
connections.
• Cloud Connect is available in the following regions by November 30, 2019.
▫ Chinese mainland: CN North-Beijing1, CN North-Beijing4, CN East-Shanghai1, CN

East-Shanghai2, CN South-Guangzhou, CN South-Shenzhen, and CN Southwest-
Guiyang1
▫ Asia Pacific: AP-Hong Kong, AP-Singapore, and AP-Bangkok
▫ South Africa: AF-Johannesburg
▫ Europe: EU-Paris
• Constraints
▫ For a cloud connection, CIDR blocks of all network instances must not overlap, and
each subnet CIDR block must be unique. Otherwise, the communication may fail.
▫ If a VPC is loaded to a cloud connection and a custom CIDR block is entered,

loopback addresses, multicast addresses, or broadcast addresses are not allowed.
▫ In all VPCs that are loaded to a cloud connection, if a NAT gateway is created in a
VPC, a default route 0.0.0.0/0 can be set by adding a custom CIDR block in the
advanced settings.
• A VPC peering connection is a point-to-point connection, and a cloud connection is a

multipoint-to-multipoint connection.
• Cloud Connect enables multiple VPCs in different regions to communicate with each
other.
▫ VPCs are loaded to a cloud connection so that they can communicate with each
other.
▫ VPCs under different accounts can communicate with each other if they are loaded
to the same connection.
▫ VPC subnets cannot overlap.
• In the figure, VPCs in the East China, South China, and Hong Kong are connected
through a cloud connection. After inter-region bandwidths are configured, these VPCs
can communicate with each other.
• Similar to a VPC peering connection, a cloud connection can also enable

communication between VPCs of different accounts. However, the subnets of
interconnected VPCs cannot overlap.
• Cloud Connect enables communication between VPCs and data centers in different
regions.
▫ Virtual gateways are loaded to a cloud connection so that data centers can
communicate with VPCs.
▫ VPCs under different accounts can communicate with each other if they are loaded
to the same connection.
▫ VPC subnets cannot overlap.
• In the figure, after the VPCs in Paris, East China, South China, and Hong Kong are
connected through a cloud connection, the VPCs in South China and Hong Kong are
connected to the local data center using Direct Connect.
• In this way, the VPC in East China can access the data center networks in South China
and Hong Kong, facilitating low-latency service management.
• Cloud Connect can work with ELB to implement nearby network acceleration in the
multiple-region scenario.
• Configuration key points:
▫ Load balancers and frontend VMs should be deployed in the region with the
network to be accelerated.
▫ Private IP addresses are used to allow cross-region communication between

frontend VMs and load balancers in Hong Kong (China).
• Note:
▫ You can replace the load balancers and web servers in the target region with the
network proxy VMs.
▫ The latency between the web server and application system should not be sensitive.
▫ Check whether the performance of the load balancers in the region where the
network to be accelerated meets the requirements.
• Create a cloud connection.
• Load the network instances (VPCs/virtual gateways) that need to communicate with
each other to the created cloud connection. Network instances in the same region can
communicate with each other by default after being loaded to a cloud connection. You
do not need to purchase bandwidth packages or configure inter-region bandwidths.
• Buy a bandwidth package to enable communication between network instances across

regions.
• Configure inter-region bandwidth to implement cross-region communication. By

default, the cross-region communication bandwidth of a cloud connection is 1 kbit/s,
which is used only for connectivity tests.
• Cloud Connect brings great changes to network performance. According to the test
result, the network latency for a customer outside China to access services in China can
be reduced by over 50%, from 396 ms to 158 ms.
• The network quality is greatly improved. The packet loss rate is reduced from 2.53% to
nearly 0.
• The EIP service provides both public IP addresses and bandwidth.
• Resources, such as ECSs, BMSs, load balancers, and NAT gateways, can be bound to
EIPs to access the Internet.
• After the binding, the system delivers a route to the router in the VPC. In addition, the
EIP service maintains a mapping between the EIP and the private IP address of the VPC.
• Users can select an EIP type based on the requirements of the business.
• A NAT gateway implements source network address translation (SNAT) by binding an
EIP to a server, allowing other servers to share the EIP of this server to access the
Internet.
• This solution requires users to configure a route whose destination address is 0.0.0.0
and next hop is the private IP address of the NAT gateway in the VPC to divert traffic.
• A NAT gateway is a logic object rather than an entity like a server.

• DNAT rules allow not only the mapping of all ports (similar to EIP) of public and
private IP addresses, but also the mapping of a single port. For example, you can
configure mapping between the port 22 of the public IP address and the port 22 of the
private IP address. When the port 22 of the public IP address is accessed, traffic will be
forwarded to port 22 of the private IP address. In this way, you can log in to the server
from the Internet and download files.
• Note: DNAT cannot be used by private IP addresses of the ELB service.

• After a Direct Connect connection is used to connect the data center to the cloud,
servers in the data center can use flexible public network resources on the cloud to
access the Internet.
▫ Direct Connect can work with SNAT to allow servers in the data center to access the
Internet.
▫ Direct Connect can work with DNAT to allow the Internet to access servers in the
data center.
• A NAT gateway can work together with a Direct Connect connection to connect the
data center to the cloud, servers in the data center can use flexible public network
resources on the cloud to access the Internet. The public cloud supports not only multi-
line access, but also BGP and dynamic bandwidth adjustment. Generally, the access
performance is better than that of the customer's data center.
• The type of a NAT gateway indicates the number of concurrent connections (5-tuple
sessions) supported to access the Internet.
• Common scenarios and recommended NAT gateway type:
▫ Small or medium: scenarios where there are a small number of destination

addresses and connections, such as upload, download, and Internet access
▫ Large or extra large: scenarios where there are a large number of destination
addresses or ports and connections, such as crawlers and client push
• If the requests exceed the maximum allowed connections of your NAT gateway, your
services will be adversely affected. To avoid this situation, it is recommended to create
alarm rules for the SNAT connection in Cloud Eye.
• Regardless of the type of a NAT gateway, a maximum of 200 DNAT rules can be
added to a NAT gateway.
• Public network bandwidth usage: Select a proper billing option based on the public
network bandwidth usage of your service.
• The following billing options are supported:
▫ Billed by bandwidth: Billing is based on the purchased bandwidth size and usage
duration.
▫ Billed by traffic: Billing is based on the actual traffic usage. A shared data package is
recommended if billing by traffic is used, which is more cost-effective.
▫ Enhanced 95th percentile bandwidth billing: You only need to pay a small amount
of fee for the baseline bandwidth in advance. You are billed based on the required
duration and the bandwidth volume after eliminating some top sampled usage
from a billing period. For details, visit HUAWEI CLOUD official website.
• The public network lines of HUAWEI CLOUD are connected to high-quality lines of
backbone carriers. Access lines are selected for different addresses to achieve the
optimal access effect.
▫ Access reliability: Users can select an EIP type based on the requirements of the
business.
• An EIP can be of the dynamic BGP or static BGP type, which are used by HUAWEI
CLOUD to connect to the lines of carriers.
▫ Dedicated bandwidth: Select a bandwidth type based on your service requirements.
▫ Prepaid: bandwidth-based billing, shared bandwidth, shared data package, and

bandwidth add-on package
▫ Postpaid: bandwidth-based billing, 95th percentile, traffic-based billing, and shared

bandwidth
• Select a proper access mode based on the network access quality and cost.
• Direct Connect supports both the single-connection and dual-connection deployment
mode.
• Dual-connection mode: Users access different transit areas on the public cloud through
two lines of different carriers terminated at different locations, allowing the lines to
back each other up and ensuring high reliability. If only one carrier can be selected,
ensure that different physical routes are used.
• Single-connection: Users access the public cloud through a single connection. (Note
that the SLA may not be fulfilled if a single connection is used.)
• Configuration key points:
▫ A Direct Connect connection enables communication between the IDC and HUAWEI
CLOUD. Configure the OBS public network segment or the 100.125 network
segment for Direct Connect connection at the HUAWEI CLOUD side.
▫ Apply for a VPC endpoint.
• Note:
▫ The accessed service needs to be interconnected with the VPC endpoint.
▫ Users need to pay for the VPC endpoint service.

• The VPN service is based on the standard IPsec VPN protocol. Theoretically, all devices
that support IPsec VPN can be connected.
• Here we briefly describe the parameters involved in creating a IPsec VPN.
• Note: If we need to use an EIP, we need buy it.

• Pay attention to the following parameters in the VPN connection:
▫ A local subnet is a VPC subnet that accesses a data center network through a VPN.
You can enter multiple local subnets that do not belong to the same VPC to allow
them to share a VPN connection.
▫ A remote subnet is a subnet in the customer data center that accesses a VPC
through a VPN.
• Parameters on this page required for VPN tunnel encryption vary by on-premises VPN
device vendors. It is recommended to refer to the configuration examples of several
typical devices in the Virtual Private Network User Guide on the official website.
• 1. Answer:
▫ A
• 2. Answer:
▫ B
• DDS has the following advantages over on-premises databases and self-built
databases on ECSs:
• On-premises databases
▫ Server procurement, hardware and operating systems deployment
▫ High hosting fee
▫ High DBA costs
• Self-built databases on ECSs
▫ Database hardware procurement and installation
▫ Costs of renting cloud servers
▫ High DBA costs
• DDS advantages:
▫ No hardware or software investment
▫ Only pay to rent cloud database
▫ Reduces DBA costs.

• First, let's look at the MySQL database. MySQL is one of the world's most popular
open-source databases. From the DB-Engines ranking, we can see that MySQL ranks
second in all databases, second only to Oracle, and the total score of MySQL is
increasing every year. MySQL is open-source and free, making it has a large user base
around the world. For example, the most common LAMP stack has become the most
commonly used solution for web development. MySQL is an important part of LAMP.
In addition, MySQL is widely used in global major technology companies, such as
Facebook, Twitter, Alibaba, and Tencent. The MySQL ecosystem becomes more and
more powerful due to its open-source, free, easy-to-use, and stable changes. HUAWEI
CLOUD made lots of improvements and optimizations for MySQL based on the open-
source version and provided powerful management capabilities. Compared with self-
built databases, RDS for MySQL makes lots of complex work simple, enabling
enterprises and DBAs to focus on service optimization and improvement.
• Next, I will introduce RDS for MySQL in details. After completing this course, you will
have a more comprehensive understanding of HUAWEI CLOUD RDS for MySQL.
• HUAWEI CLOUD RDS for MySQL achieves 99.95% SLA. It is highly available with
service downtime less than 5 minutes per month or 1 hour per year.
▫ Security: Automatically detects and identifies SQL injection attacks and supports
predefined or user-defined response measures, such as blocking and return error.
▫ Automatically scans the entire database table structure and data, detects
sensitive data, and customizes masking policies for SQL query results, preventing
unauthorized users from obtaining sensitive data.
▫ Performs control based on tables, rows, columns, events, and time.
▫ Fine-grained audit log: provides fine-grained audit logs, such as traffic logs,
intrusion logs, exception monitoring logs, sensitive data reading logs, and pre-
event and post-event logs.
▫ Real-time monitoring of fine-grained activities: Monitors all database access

activities in real time. The granularity can be refined to columns and pre-access
and post-access events.
▫ Security groups can restrict incoming/outgoing traffic and IP address segments to

prevent unauthorized connections.
▫ RDS uses SSL-encrypted connections and storage encryption to prevent data

leakage.
▫ High availability (HA): With the primary/standby HA architecture, if the primary
DB instance cannot be connected due to natural disasters or other exceptions,
the standby DB instance takes over services from the primary DB instance to
quickly restore service access.
▫ Monitoring: APIs provided by Cloud Eye are used to query the monitoring metrics
and alarms generated for HUAWEI CLOUD RDS for MySQL.
▫ Elastic scaling: Vertical scaling enables online scaling of CPU, memory, and
storage within several minutes based on service development requirements.
Horizontal scaling enables one-click read/write splitting of 1 write and 5 read
replicas as required. RDS for MySQL can also work with DDM to implement
sharding.
▫ Backup and restoration: RDS for MySQL supports automated and manual
backups. Automated backups are retained for 7 days by default and can be
retained for up to 732 days. Full backups are performed every day (the
automated backup start time can be set) and incremental backups are
performed every 5 minutes. Users can also perform manual backups, especially
after they perform important operations.
▫ Restoration: RDS for MySQL supports point-in-time restore (PITR) and table-level
object restoration. Data can be restored to any specified time point within five
minutes of the last automated backup. Restoring to new DB instances is
recommended and check whether the restored data is the required data.
• MySQL provides various product forms and versions. RDS for MySQL supports MySQL
5.6, 5.7, and 8.0. User data migrated from on-premises or other clouds is fully
compatible with RDS for MySQL without any modifications. RDS for MySQL provides
cost-effective single DB instances for developing and testing environment or for
learning about RDS, and provides highly available primary/standby DB instances for
large enterprises.
• In addition, RDS for MySQL improves the primary/standby replication to improve

reliability and availability. Primary/standby (1/2) DB instances are the latest financial-
level database solution launched by HUAWEI CLOUD. We will explain this solution in
details later.
• Key Features
▫ SLA:
▪ offers a 99.95% uptime guarantee for their SLA. Service interruption

duration is guaranteed to be no more than 5 minutes per month or 1 hour
per year.
▫ Security:
▪ provides multiple security policies, such as VPCs, subnets, security groups,

and SSL, to ensure data security and user privacy; works with Database
Security Service (DBSS) to provide security protection, data masking, and
data audit.
▫ Data migration:
▪ supports online and offline migration of self-built or cloud databases.
▫ High availability:
▪ enables a standby DB instance to take over services quickly if the primary

DB instance fails.
▫ Monitoring:
▪ monitors key performance metrics of DB instances and engines, including

CPU usage, memory usage, storage usage, I/O, database connections,
QPS/TPS, buffer pool, and read/write activities.
▫ Elastic scaling:
▪ Horizontal scaling: supports addition or deletion of read replicas; supports

Proxy read/write splitting address.
▫ Backup & Restoration:
▪ Backup: supports automated backups (retained up to 732 days) and

manual backups.
▪ Restoration: supports both PITR and table-level object restoration.
▫ Log management:
▪ supports query and download of database error logs, slow query logs, and
binlogs.
▫ Parameter configuration:
▪ modifies parameters in parameter templates and enables the modifications

to take effect.
• RDS for MySQL supports cross-AZ HA. If the primary DB instance fails, fault detection
is started for three times. If the primary DB instance cannot be started, a failover is
automatically performed. The original standby is promoted to the new primary and the
original primary is demoted to the new standby. Read replicas are automatically
mounted to the new primary DB instance.
• HUAWEI CLOUD databases have comprehensive security capabilities. Security
protection is implemented throughout the entire process. Before an event, data
leakage protection is provided, including sensitive data discovery and dynamic data
masking. During an event, database firewall protection is provided to prevent SQL
injection and data drag. In addition, compliance check and vulnerability detection are
performed. After an event, the access audit function is provided and logs are analyzed.
For the instance-level security, multiple functions, such as VPCs, security groups,
permission settings, and SSL are provided to ensure the security of tenant databases.
• HUAWEI CLOUD databases have passed multiple security compliance certifications,

meeting security compliance requirements of different standards.
• HUAWEI CLOUD databases use HUAWEI CLOUD EVS disks with three data copies at
the bottom layer to ensure data reliability. Online capacity expansion will not cause
service interruption. The disk I/O capability linearly increases with the disk capacity
expansion.
• In addition, static encryption is provided for storage to prevent data leakage.

• HUAWEI CLOUD databases provide data backup and restoration capabilities. You can
set automatic backup policies to automatically back up data every day. The maximum
backup period is 732 days. In addition, an incremental backup is performed every 5
minutes to ensure data reliability.
• If data is abnormal or deleted by mistake, you can restore the database to any point in
time.
• RDS has released ultra-high performance DB instances, which provide higher
performance than general-enhanced DB instances. The ultra-high performance DB
instances combine Huawei Container with the local and cloud disk hybrid storage
technology. Data pages are stored on cloud disks, ensuring high data reliability and
scalability. Redo logs and binlogs are stored on local disks, greatly improving I/O
performance.
• If logs are generated too fast and the local disk space is insufficient, logs are switched
to the cloud disk online. This mode is suitable for customers who have requirements
on I/O latency.
• MySQL primary/standby (1/2) DB instances use the MySQL Group Replication (MGR)
technology, the Paxos protocol, and 1 primary+2 standby three-node architecture to
ensure data consistency in distributed databases and to provide financial-level data
reliability. The HUAWEI CLOUD database kernel team has optimized MGR. Under the
same conditions, MGR improves QPS by 30% and reduces latency by 50% compared
with traditional replication. MGR provides excellent performance and strong data
consistency assurance, and is the best choice for customers who have high
requirements on database availability, security, and consistency.
• 100% compatible with MySQL
• GaussDB(for MySQL) is fully compatible with MySQL. Applications can be smoothly

migrated to the cloud without reconstruction.
• RPO=0
• GaussDB(for MySQL) uses a next-generation separated compute and storage

architecture and distributed shared storage to ensure data consistency and prevent
data loss.
• RTO≈0
• GaussDB(for MySQL) supports real-time failover, which completes within seconds.

• Huawei next-generation cloud storage (DFV) provides fast, scalable, reliable, and
shared database storage. It does not replicate existing functions at the storage layer,
such as data replication, cross-AZ reliability, and data cleanup.
• A single database cluster needs only one reliable database replica set. All read replicas
share cloud storage, even across AZs. There is no logical replication at the database
layer. One primary instance processes requests and multiple read-only nodes process
read requests, with no additional standby instances. If the primary instance fails, the
read replicas quickly take over services from the primary instance.
• Logs are data. Append-only write models are used to minimize SSD wear (to avoid
write amplification).
• Only database logs are written from the database computer node to the DFV storage
layer through the network. There is no page checkpoints, refresh across networks, or
double writes. The data plane is rebuilt based on the database logs at the DFV storage
layer to avoid heavy network traffic.
• Databases are partitioned based on the slicing policy across DFV storage nodes to
support massive storage. A single DFV storage node manages multiple shards from
different database clusters, achieving unlimited expansion of storage capacity and
processing capability.
• As shown in the figure, GaussDB(for MySQL) is a distributed cluster with a separated
compute and storage architecture, meeting user requirements for elastic expansion in
the public cloud environment.
• Three-layer architecture: compute layer (SQL Nodes), Storage abstraction layer (SAL),
and storage layer (Storage Nodes)
• The compute layer processes all client connections, writes redo logs to the storage
layer through the SAL, and reads pages from the storage layer when the cache fails.
The compute and storage layers are connected through the RDMA high-speed
network. The storage layer stores data and data copies by shard.
• Storage itself is a shared, highly reliable, and highly scalable cloud service.
• Let's compare it with RDS for MySQL (HWSQL) on the cloud.
• RDS for MySQL needs to write pages, double write pages, redo logs, and binlogs to the
storage layer. Each standby node stores a copy of the data. However, the storage itself
has multiple copies, causing severe write amplification and fatal impact on cluster
scalability and performance.
• GaussDB(for MySQL) architecture:
▫ Greatly reduces the waste of computing, storage, and network resources.
▫ Quickly performs primary/standby failover or switchover.
▫ Reduces the latency on standby nodes.
▫ Quickly creates a standby node.
▫ Automatically expands storage capacity up to 128 TB as needed.
▫ Uses shared storage to maximize resource utilization and reduces costs of cloud
vendors.
▫ Supports on-demand storage and network resource payment. Users only need to
pay for the resources they actually use, without upfront payment.
• SQL Nodes: 1 Master + n Replicas (n ≤ 15) form a cluster. One cluster belongs to one
cloud tenant only.
• SQL Nodes process customer requests, parse SQL statements, generate query plans,
execute queries, and process transaction isolation levels. SQL Nodes are fully
compatible with open-source MySQL. The primary node can process all read and write
requests, and the read-only nodes can only process read requests. The primary node
only needs to write redo logs to the storage layer, and does not flush pages in the
buffer pool to the storage layer.
▫ The primary node does not directly manage the tablespace of the file system.
Instead, it invokes the API of the SAL layer to interact with the storage layer.
▫ Only a small amount of data is transmitted between the primary and standby
databases for DDL failures, page failures, active transaction information updates,
and redo log reading.
▫ SQL Nodes store only MySQL configuration files and temporary tables. Therefore,
read-only nodes can be quickly switched to the active node through failover or
switchover.
▫ SQL Nodes are 100% compatible with the native MySQL syntax.
• Only redo logs are written to the storage layer. Redo logs are data. When the compute
layer requires pages, the storage layer replays the redo logs to generate pages.
• The SAL layer is a logical layer. It is used to isolate data storage from the SQL
frontend, transactions, and query operations, simplifying the interaction of redo logs
and pages between compute and storage layers.
• It maps data pages to shards of storage nodes based on specific rules. After the
mapping is established, the SQL layer can deliver the data page modification logs
(redo logs) to the target shards, and knows the shard from which to read data pages.
• In the future, the SAL layer can be reused to support other DB engines' distributed
databases with a separated compute and storage architecture.
• Storage as a service (SaaS), a fast, reliable, and shared cloud storage service, is the
basis of the GaussDB(for MySQL) design.
▫ The storage layer not only stores redo logs, but also performs I/O-intensive
computing tasks, including log caching, replay, and reclamation, page generation
and caching, checkpoint, crash recovery, and log copy.
▫ Different from traditional databases, the storage layer replays logs to generate
pages only during crash recovery. The storage node caches redo logs in memory.
After receiving a page read request, the storage node immediately replays the
logs to generate the version specified in the request and caches the generated
page in its buffer pool.
▫ The storage layer background thread performs checkpoint at a certain frequency,

stores append-only full pages at the storage layer, and then reclaims logs and
performs crash recovery based on the checkpoint.
▫ Crash recovery at the storage layer is much faster than that of traditional
databases because crash recovery is concurrently completed by multiple slice
servers at the storage layer and can be recovered within seconds.
▫ The storage layer stores redo logs in multiple copies to ensure high reliability.
Different copies communicate asynchronously to synchronize data. Therefore, the
compute layer does not need to wait until all copies are written to ensure higher
performance.
▫ The current design of the system supports 128 TB storage for each database
cluster, achieving massive storage.
• Awards and rankings:
▫ Ranked fourth and fifth in the DB-Engines rankings for many consecutive years:
https://db-engines.com/en/ranking_trend
▫ Due to its excellent performance, PostgreSQL has won multiple awards in end
users and the industry, including the Best Database Award of Linux New Media
and the Best Database Award selected by Linux journal editors five times.
▫ Won the 2019 O'Reilly Lifetime Achievement Award
▫ 2017 and 2018 DBMS
▫ Top 10 cloud vendors in the world support PG.
▫ The PG open source license is a BSD-like license. Users can use the PG without
any legal risks. PG can be distributed freely, closed source, or open source.
▫ Products derived from PG include EnterpriseDB, Amazon Redshift, Greenplum,

Netezza, BDR, PipelineDB, TimeScalDB, Citus, EdgeDB, and many other
commercial database products.
▫ Companies including Ping An Technology, Qunar, Instagram, Kingsoft, Baidu, and

China Merchants Group are using PG.
▫ Enterprise-level applications including Odoo, SAP, and Yonyou are using PG.
▫ Active community
• In a word, PG is an excellent and typical open-source relational database.

• We will explain why PG is recommended in these four scenarios based on the
characteristics of PG.
• Both OLTP and OLAP require high performance. Among the mainstream OLTP
database products, PostgreSQL is undoubtedly highly competitive in terms of
performance, functions, stability, maturity, cases, and cross-industry applications.
Additionally, PG provides many acceleration methods, such as JIT, multi-core parallel,
column storage, and vector computing. Therefore, PG has great improvement potential
in the OLAP field.
• Multiple data models require not only relational data, but also spatiotemporal,
geography, Word Segmentation, time series, JSON, stream computing, and retrieval.
No need to introduce multiple heterogeneous databases and the SQL usage habits can
be retained.
• PG is the first choice for enterprises to replace Oracle. PG is compatible with most
Oracle application scenarios. In addition, PostgreSQL Enhanced Edition provides the
Oracle syntax version, which is compatible with more than 90% of the common Oracle
syntax.
• PG has earned reputation for its high reliability, stability, and data consistency and has
become many enterprises' first choice of open-source relational databases.
• Ping An Technology, Qunar, Instagram, Kingsoft, Baidu, and China Merchants Bank
• Diverse data types
• In addition to traditional data types, PG also supports other data types such as arrays,
spatial data, network data, JSON, and XML. PG also supports user-defined data types.
These features make PG an excellent commercial database.
• PostgreSQL stored procedures can be developed using multiple programming

languages, including Java, Perl, Python, Ruby, Tcl, C/C++, and PL/pgSQL. PL/pgSQL is
similar to Oracle PL/SQL and has hundreds of built-in functions, providing features
from basic arithmetic calculations and string processing to cryptographic logic
calculations and are highly compatible with Oracle. Triggers and stored procedures can
be developed using the C language and can be loaded into databases as internal
library files. The great flexibility in development extends the database capability.
• High security: PG supports field encryption and permission control based on databases,
schemas, tables, and columns.
• Various third-party plugins and open APIs
• Currently, most customers who use PG use more than one plugin. For example, the
PostGIS plugin is the most frequently used open-source spatial data product. It
supports heterogeneous database access, machine learning, text retrieval, image, time
series, multi-dimension, word segmentation, blockchain, column storage, and similarity
algorithms.
• On one hand, users can perform secondary development based on the original plugins.
On the other hand, users can customize plugins as required. These features are
supported at the database layer, which greatly improves the development efficiency
and running performance.
• Powerful concurrency control
• PG supports four transaction isolation levels defined in ANSI SQL-92.
• Excellent performance and abundant indexes
• PG provides query optimizers that are comparable to commercial databases and

supports parallel computing, complex query optimization, hash aggregation, hash JOIN,
subquery, analysis query, and function processing. It is suitable for complex service
scenarios and provides excellent performance.
• PG supports a large number of indexes (B-tree, GiST, GIN, SP-GiST, Hash, Brin, rum,
bloom, and bitmap). Users can flexibly select the optimal index based on their data
types and service scenarios.
• Database selection is important.
• Many enterprises do not have database selection standards or do not know what
databases are required by their services.
• The following uses PG and MySQL as examples to describe how to select an

appropriate database. Let's make it clear that we are not denying MySQL's excellence
and popularity. MySQL is an excellent open-source relational database and is widely
used in China.
• In China, the usage of MySQL is far greater than that of PG. The database section at
the Zhihu website (Chinese Quora) has discussed "PostgreSQL has more enterprise-
class database features, but why MySQL is widely used in China's open-source
database market?"
• The representative discussions are summarized as follows:
• When the web service starts to grow explosively, LAMP (Linux+Apache+MySQL+PHP)

becomes a standard configuration, making MySQL a must learn database.
• Many small- and medium-sized Internet companies in China, including Baidu Alibaba,
and Tencent (BAT), cannot afford the Oracle database during service development.
MySQL is the default suite of LAMP. Therefore, many companies use MySQL.
• As the development personnel's capability grows and middleware such as Java

emerges, the B/S structure makes the database simple. MySQL meets the requirements
of simple query, easy-to-use, and rich Chinese documents.
• Although PG is open-source and power, MySQL has a large user base. Therefore, many
people choose MySQL in terms of ecosystem selection. This phenomenon also exists
outside China. In Japan, PG is promoted earlier than MySQL. Therefore, more
companies use PG than MySQL in Japan.
• With the rapid growth of services, some MySQL companies have encountered some
problems, such as how to efficiently process billion-level OLAP application records
using complex multi-table associated query. Many companies do not have
comprehensive technical architecture as BAT do.
• Note: Similar colors indicate higher compliance.
• Database selection depends on the database usage and design architecture. For
Internet and gaming companies, the database is only a data storage tool. They focus
more on the application than the database. In this case, PG and MySQL are both OK.
For applications whose functions rely on the database, PG is recommended.
• The balance between databases and applications varies in different industries and
development stages of companies. It depends on the reliability on databases or
applications. Database middleware is basic software and is stable and reliable. Open-
source databases are independent and controllable.
• For pure OLTP or OLAP scenarios, the original database is OK. For OLTP+OLAP hybrid
scenarios, PG is recommended. We have learned earlier that PG also provides excellent
performance in OLAP scenarios.
• If a large number of stored procedures are used, PG is recommended.
• If heterogeneous database access is required, PG is recommended. PG provides Foreign

Data Wrapper, allowing users to use SQL to access data stored outside PG.
• For complex applications, PG is recommended. PG's array, spatial data types, network
data types, JSON, and XML are mature and support customization.
• PG is recommended if customers have requirements for geographic information, space,

heterogeneous database access, machine learning, text retrieval, image, time series,
multi-dimension, and word segmentation, and do not want to introduce new dedicated
databases. MySQL's performance in this scenario is average or unavailable.
• End users, including DBAs, developers, and users, can use the RDS console, applications,
or clients to manage databases.
• The RDS console provides overview, instance management, basic information, data
migration, performance monitoring, backup and restoration, log management, and
parameter configuration.
• In the database cluster architecture, we can see that a PostgreSQL database cluster
contains one primary instance, zero or one standby instance, and a maximum of five
read replicas. The primary DB instance provides read and write capabilities, the read
replica provides read-only capabilities, and the standby DB instance does not provide
any capabilities. It is used for failover support.
• The list on the right describes the RDS for PostgreSQL key features. You can read it
yourself. Here let's see the one-click storage scaling-up function provided by the RDS
console.
• One-click storage scaling-up
▫ Pay-per-use: A minimum increment is 10 GB.
▫ Online scaling: Storage space can be scaled up any time without service
interruption.
▫ No need for optimization: Performance linearly increases after the scaling-up.
▫ Static encryption: Storage encryption prevents data leakage.
• On the RDS console, click Scale Up Storage Space.
▫ The command of scaling up storage space is delivered.
▫ RDS is notified of scaling up storage space.

• RDS for PostgreSQL supports cross-AZ HA. If the primary DB instance fails, fault
detection is started for three times. If the primary DB instance cannot be started, a
failover is automatically performed. The original standby is promoted to the new
primary and the original primary is demoted to the new standby. Read replicas are
automatically mounted to the new primary DB instance. The failover takes only a few
seconds.
• HUAWEI CLOUD databases provide data backup and restoration capabilities. You can
set automatic backup policies to automatically back up data every day. The maximum
backup period is 732 days. In addition, an incremental backup is performed every 5
minutes to ensure data reliability.
• If data is abnormal or deleted by mistake, you can restore the database to any point in
time.
• Backup files are stored in OBS buckets. OBS has no capacity limitation and provides
data reliability of eleven nines.
• In recent years, the need to replace Oracle is growing. We believe that the time has
arrived.
• Firstly, the impact of the 2019 US Entity List incident has awakened many enterprises.
In the future, the database that they are using today may be unavailable. The
regulatory department also requires that key software be "independent and
controllable". Actually, as early as 2010, the regulatory department had realized this
problem, but it cannot be resolved due to the immature technology and lack of talent
at that time.
• Secondly, open-source databases accelerate the accumulation of database

technologies, the development of database talent, and the increase of the number of
database technology organizations.
• Thirdly, the participants have expanded from traditional database service providers to
Chinese database vendors, cloud vendors, and NewSQL vendors.
• Finally, let's look at the changes in customer requirements. In the past few years,
Internet companies were the majority who intended to replace Oracle. In recent years,
traditional enterprises also start taking actions. For example, ICBC uses database
middleware as the breakthrough point, and China CITIC Bank and China Merchants
Bank cooperate with major Chinese vendors to jointly develop databases. Although
they are trying on non-core businesses, their future development is very promising.
• To meet the requirements of Oracle replacement, we launched PG Enhanced Edition.
• PostgreSQL Enhanced Edition is a PostgreSQL-based database service that provides

user experience close to the Oracle Database 12c and retains all PostgreSQL functions.
It is compatible with Oracle Database 12c syntax including: system views, PL/SQL, data
types, advanced functions, SQL syntax, and null value processing. PostgreSQL
Enhanced Edition helps customers reduce costs for migration to the cloud and provides
a comprehensive solution with high security, high availability, and high performance
based on HUAWEI CLOUD services.
• Let's think about a question. Why do we develop Oracle-compatible products based on

PG?
• On one hand, the PG protocol is friendly, and has power functions and many open
interfaces. Therefore, more than 50 types of databases are derived from PG. If you are
interested, you can view https://wiki.postgresql.org/wiki/PostgreSQL_derived_databases
for more details.
• On the other hand, PG is an open-source database that is extremely similar to Oracle.

It is highly compatible with Oracle and therefore reduces the reconstruction cost. If
customers do not use the special syntax and features of the Oracle database, they can
also use the MySQL database as an alternative. This is an ideal situation.
• The Oracle syntax is too complex. Most database vendors produce databases that are
compatible with common and major Oracle syntax and are not 100% compatible with
Oracle. For more information about PG Enhanced Edition, see
https://support.huaweicloud.com/en-us/usermanual-rds/rds_03_0018.html.
• PG is compatible with major Oracle syntax, including but not limited to:
▫ System views
▫ MERGE INTO
▫ Sequences
▫ ROWNUM
▫ Built-in functions
▫ FORALL
▫ Empty character strings, equivalent to NULL
▫ Triggers
▫ Data types
▫ DDL
▫ Outer joins
▫ One-dimensional array
▫ Implicit conversion
▫ Pseudo tables
▫ Primary partition
▫ Grouping_id/group_id
▫ Predefined parameters
▫ Stored procedures
▫ Secondary partition
▫ Table partitioning optimization
▫ Macro
▫ Scheduled tasks
▫ Connect By
▫ Dynamic SQL
▫ Operators
▫ Anonymous blocks
▫ Virtual columns
• Oracle replacement is a project, not just replacing the Oracle database.
• Key factors for the success of the Oracle replace project:
• The development and test personnel actively participate in the test. If the product is
provided by an ISV, the ISV also needs to actively cooperate with the development and
test personnel. The company's executives should also pay attention to this project.
• Select products with good compatibility. Currently, there is no product that is 100%
compatible with Oracle in the market. Products provided by vendors are compatible
with common Oracle functions.
• Two solutions are available: PostgreSQL Community Edition + Oracle and PostgreSQL
Enhanced Edition
• Generally, PostgreSQL Community Edition is capable of replacing Oracle to some

extent, but the reconstruction workload is heavy, which is estimated to be three to five
times workload of PostgreSQL Enhanced Edition.
• Identify application reconstruction points in advance and accurately evaluate the

complexity of the project.
• HUAWEI has helped Yonyou, Wisedu, Kingdee, and Saiyun successfully replace Oracle
databases.
• Project evaluation
▫ Use Huawei-developed professional evaluation tools to evaluate Oracle

replacement, generate evaluation reports covering all-dimension reconstruction
difficulty evaluation, and provide reconstruction suggestions.
• Service reconstruction
▫ Database reconstruction: reconstruct database objects, such as tables, stored

procedures, and functions.
▫ Application reconstruction: rewrite SQL statements in applications.
• Migration drill
▫ Migrate the objects and data of the original Oracle database to the target
database. The migration involves tool-based migration and manual migration.
• Service verification
▫ Build reconstructed applications based on the target database and perform a

comprehensive test on the system. If any problem is found, perform continuous
integration and rectification to ensure that all services are running properly.
• Migration implementation
▫ After the preceding four steps are performed to ensure service availability during
migration, start the formal migration during off-peak hours.
• Service switchover
▫ After the migration is complete, switch services to the target database to replace
the Oracle database.
• Example 1: WAL and data disk partitioning are supported to improve the PG write
performance.
• Example 2: Adaptation has been made to the ARM environment.
• Example 3: The native PG database needs to be restarted after the port is changed. PG
Enhanced Edition does not require a restart after a port modification.
• As shown in the left figure, we can see that PG has supported hundreds of plugins in
various fields. These plugins can be used to derive PG functions to meet custom
requirements.
• More than 30 common plugins have been pre-installed on HUAWEI CLOUD RDS for
PG. If the pre-installed plugins cannot meet customer requirements, they can submit
service tickets. After an evaluation and a successful test, the plugins will be pre-
installed in later versions.
• The left part of the figure shows the customer's equipment room, and the right part
shows HUAWEI CLOUD. After the network between the customer and HUAWEI CLOUD
is connected, we can use DRS to migrate the customer's database to the cloud. For
operation details, visit the website page.
• There are two key actions:
• Based on the automated function test cases of each module at the service layer,
identify the incompatible feature list between HUAWEI CLOUD RDS for PostgreSQL
and Oracle. PostgreSQL Enhanced Edition adapts to reasonable requirements to reduce
customer's code adjustment.
• Based on the performance test cases for key business scenarios, identify the
performance deterioration of HUAWEI CLOUD RDS for PostgreSQL compared to
Oracle and then optimize the features accordingly.
• Customer benefits
▫ The migration from Oracle to HUAWEI CLOUD RDS for PostgreSQL resolves the
license issue of the original commercial database, reduces the cost of using the
ERP system, and helps enterprises smoothly transform to the SaaS model on
HUAWEI CLOUD.
• SAIYUN Data is committed to providing system solutions and operation management
services for intelligent connection of mobile devices in the IoT field. It provides one-
stop operation enablement for virtual carriers and IoT service providers, including
traffic distribution, connection management and operation platform, and product-
based services.
• Reconstruction workload
▫ Over 20 service SQL statements are reconstructed. Huawei team is available for
help at any time and provides technical support twice. The aggregation function
supports ORDER BY and MERGE INTO. Reconstruction workload on the service
layer is greatly reduced.
• Customer benefits
▫ Cloud deployment greatly simplifies system expansion and maintenance.

Distributed deployment facilitates access from global customers and reduces
costs by 20%. HUAWEI CLOUD PostgreSQL Enhanced Edition is highly
compatible with Oracle, which requires little reconstruction workload, and
features high reliability, security, performance, and scalability.
• RDS for SQL Server Unique Highlights
• Basic functions of RDS for SQL Server are almost the same as those of MySQL and
PostgreSQL, and abundant database ecosystem services (including DRS and DAS) are
provided.
• The most complete online SQL Server database editions, including Enterprise Edition,
Standard Edition, Web Edition of 2008 R2 to 2017, are provided. Based on customers'
real needs, different commercial editions can be deployed on the cloud, reducing the
cost by 3 to 10 times.
• RDS for SQL Server provides the most commercial features online. To implement
automatic O&M, competitors disabled most enterprise-level features of Microsoft SQL
Server. To maximize the commercial database values for enterprises, RDS for SQL
Server provides enterprise-class features of SQL Server database services as much as
possible to ensure the consistency of offline and on-premises development and O&M
scenarios.
• RDS for SQL Server provides flexible database migration capabilities. It is the first
database service to implement database-based backup, restoration, and download
functions, enabling users to efficiently and conveniently compare data on online and
on-premises databases. In addition, users can quickly migrate databases between
instances.
• Analyze the capabilities of each commercial edition from the business perspective and
describe how to recommend proper editions to users.
• The biggest difference between the enterprise edition, standard edition, and web
edition lies in their high availability (RTO) and high reliability (RPO) capabilities.
Currently, SQL Server 2017 Enterprise Edition uses the latest Microsoft Always On
cluster architecture and supports 1 primary node, 1 standby node, and 5 read replicas.
In addition, its RTO is close to 0, providing the strongest online service support in the
industry, and it applies to core service scenarios of large-sized enterprises.
• The standard edition uses the Microsoft image HA architecture and supports only 1
primary and 1 standby cross-AZ deployment. During a primary/standby switchover,
services need to be suspended for about 30 to 60 seconds. This edition applies to
external service systems of large- and medium-sized enterprises and ensures basic SLA
service capabilities.
• The web edition is a dedicated version provided by Microsoft for online services. This
edition features low price and is sold only on the cloud. Users cannot purchase it
through offline agents. Due to Microsoft's product capability constraints, the service
can only be provided in single node mode and does not support the SLA protocol.
However, HUAWEI CLOUD provides the single-node failover capability based on the
online service feature. When a user host is faulty, the instance can be automatically
started within 30 to 60 minutes through the failover service. In addition, ensure zero
data loss and service downtime within 5 minutes. This service is cost-sensitive and is a
good option for non-core services. It can avoid Microsoft business risks at low costs
and obtain all online service capabilities provided by HUAWEI CLOUD.
• High performance and reliability
▫ Up to 60 vCPUs, 512 GB memory, and 4 TB storage capacity
▫ Industry's highest level of HA, RTO ≈ 0, RPO =0
▫ SQL Server 2017 Enterprise Edition uses the Always On cluster architecture and
supports 1 primary node, 1 standby node, and 5 read replicas.
• Cheap and versatile
▫ Primary/standby switchover in mirroring mode, RTO ≈ 30s, RPO = 0
▫ The image users the HA architecture and supports only 1 primary and 1 standby
mode.
• Cost-effective
▫ Only the single-node mode is supported.
▫ Single-node failover is used. RTO ≈ 30 min, RTO ≤ 5 min
▫ This edition is provided only online. Offline users cannot purchase this edition.
This edition is the most cost-effective option for users to avoid commercial risks.
• Describe the particularity of each released version and specification.
• Currently, the 2017 Enterprise Edition supports only 1 primary node, 1 standby node,
and 5 read replicas. Other editions support only 1 primary node and 1 standby node.
The reason is only 2017 Enterprise Edition uses the Always On cluster architecture, and
others use the image architecture. In addition, the service supports a maximum of 60
vCPUs and 512 GB memory.
• All standard editions use the image architecture (The Always On architecture is
supported only by enterprise editions.). In 2016 and 2017 Standard Edition, the
maximum specifications are 24 vCPUs and 128 GB memory because Microsoft lifted
the constraints on the 2016 version. Considering the cost of the commercial edition, to
maximize the benefits for users, the 24 vCPUs and 192 GB specifications are provided.
Editions earlier than the 2016 Standard Edition support only 16 vCPUs and 128 GB
memory.
• The web edition does not provide high availability due to Microsoft version capability
constraints. The maximum resource specifications are 16 vCPUs and 64 GB.
• The differences between the high availability capabilities of RDS for SQL Server are as
follows:
• Currently, RDS for SQL Server mainly uses the Always On cluster architecture and
image HA architecture. The Always On cluster architecture is supported only in 2017
Enterprise Edition. This architecture supports 1 primary node, 1 standby node, and 7
read replicas. However, two basic nodes are reserved for future capacity expansion in
many scenarios. Currently, 1 primary node, 1 standby node, and 5 read replicas can be
added to reduce the read and write workload on the primary node. In addition, this
architecture supports second-level primary/standby switchover and provides the
highest level of online service capabilities in the industry. Based on this architecture,
users can implement DR in multiple financial scenarios, such as cross-region read-only
DR and offline read-only DR.
• The standard edition uses the mirroring architecture. The primary/standby switchover
takes about 30 seconds. During the switchover, the service database is unavailable,
• HUAWEI CLOUD provides 24/7 online monitoring and automatic failover capabilities
for both the Always On cluster architecture and the image HA architecture to ensure
that the SLA of customers' core services meets requirements. Local and self-built
services cannot meet this requirement.
• Based on the best practices of Windows and SQL Server provided by Microsoft, RDS for
SQL Server optimizes parameter settings and parameter ratios for different versions
and specifications. In this way, the average comprehensive performance of online
instances is 30% higher than that of competitors' products, which is far higher than
the self-built database of the same specifications on VMs.
• The performance load test result is obtained by using the third-party load test tool
(HammerDB) and TPC-C international load test standards. The customer can perform
100% self-test based on the test procedure on the official website. We promise not to
optimize the load test model.
• RDS for SQL Server is the most widely used database in the Microsoft ecosystem.
Microsoft SQL Server is one of top three relational databases in the world. Almost all
industries and large- and medium-sized companies in the industry deploy services
based on the SQL Server database.
• ISVs: Since 2017, HUAWEI CLOUD has been reconstructing its RDS for SQL Server-
based SaaS services with three major ISVs in China, for example, Yonyou U8, Kingdee,
and Grasp. For software vendors, deploying service databases on RDS is a trend.
• Automotive enterprises: In the traditional automotive industry, migrating the original

on-premises service systems to the cloud and migrating databases to RDS for SQL
Server are the best choice. The typical scenario is that VOLVO migrates all the
database services of 240 4S stores to RDS for SQL Server. Before that, each 4S store
had to purchase an independent hardware server. If a technical problem occurs,
engineers need to be dispatched to the local site for O&M and repair. After the cloud
migration, online instance deployment and O&M efficiency is improved by 100 times,
and the one-off investment cost is reduced by 10 times. In addition, the efficiency of
daily data synchronization from 4S stores to the VOLVO data center is improved by
more than 5 times.
• Hotel: Currently, HUAWEI CLOUD has successfully migrated all core hotel services of
Jinjiang Group to HUAWEI CLOUD RDS for SQL Server. Jinjiang Group is the largest
comprehensive hotel group in China. It has more than 10 core hotel brands, involving
more than 50,000 stores in China and accommodating up to 1,000,000 guests every
day. HUAWEI CLOUD SQL Server provides the online database migration capability to
migrate core services of all hotel brands to HUAWEI CLOUD RDS for SQL Server 2017
Enterprise Edition without interrupting services. In addition, HUAWEI CLOUD ensures
that all on-premises development functions and O&M scripts of Jinjiang Group can run
on the cloud, ensuring the consistency of online and on-premises services.
• HUAWEI CLOUD RDS for SQL Server is one of the most popular relational databases. It
is widely used in all scenarios involving Microsoft applications, including but not
limited to finance, insurance, automobile enterprises, medicine, government, e-
commerce, retail, logistics, schools, and hotels. In the cloud 2.0 era, self-built services
cannot provide quick and simple deployment, 24/7 online O&M, and highly reliable
data assurance. Migrating databases to RDS is an inevitable trend.
• Cluster: A DDS cluster consists of three types of nodes: mongos, shard, and config. You
can configure the number of mongos and shard nodes as required. mongos uses a
single-node architecture, and shard and config use a three-node replica set
architecture.
• Replica set: In a replica set instance, there are three types of nodes: primary, secondary,
and hidden. You can operate the primary and secondary nodes directly. A replica set
instance supports DR switchover and high availability. It is transparent to your
applications.
• Single node: The single node instance is designed for development, testing, and storing
non-core data of enterprises. It brings you visualized O&M and elastic scaling at a
lower price.
• It is recommended that you deploy DDS by considering the following factors:
• Region and Availability Zone (AZ) describe the location of DDS DB instances. Once the
DB instance is successfully created, the region cannot be changed. You can select
regions and AZs based on the geographical locations of users, product prices, DR
capabilities, and network latency. For more information, see Regions and AZs.
• Network planning: You are advised to create the DDS DB instances in the Virtual
Private Network (VPC) and subnet where the Elastic Cloud Servers (ECSs) are
deployed.
• Data security: DDS provides comprehensive security assurance for the data security
that you may concern. You can deploy DB instances in multiple AZs and use audit logs,
isolated networks, security groups, and data encryption to ensure data security.
• Single node instance is designed for development, testing, and storing non-core data
of enterprises. It brings you visualized O&M and elastic scaling at a lower price.
• Replica set: In a replica set instance, there are three types of nodes: primary, secondary,
and hidden. You can operate the primary and secondary nodes directly. A replica set
instance supports DR switchover and high availability. It is transparent to your
applications.
• A DDS cluster consists of three types of nodes: mongos, shard, and config. You can
configure the number of mongos and shard nodes as required. mongos uses a single-
node architecture, and shard and config use a three-node replica set architecture.
• DDS Enhanced Edition uses the storage and compute separated architecture, which
provides higher read/write performance than the Community Edition that has the
same configurations.
▫ All primary shard nodes act as standbys for each other. If a primary shard
becomes faulty, other available primary shard nodes will take over its services.
DDS Enhanced Edition can tolerate the failure of N-1 nodes. (N ranges from 2 to
12.)
▫ Data storage is changed from the replication set to the distributed shared
storage, providing reliable data storage services for clusters and ensuring high
data reliability.
▫ Nodes can be scaled in minutes, minimizing the impact on services.

• SLA: 99.95%
• Immediate use: You can create a DB instance on the management console and access
the database through an ECS over private networks to reduce the application response
time and save fees generated for using public network traffic. If you need to access a
DB instance from your local devices, you can bind an elastic IP address (EIP) to the
instance.
• Full compatibility: DDS is a document-oriented NoSQL database and is fully

compatible with MongoDB.
• Visualized O&M: You can easily perform restart, backup, and data recovery operations
on instances using a graphical user interface (GUI)
• Data security: A security protection system consists of VPCs, subnets, security groups,
storage encryption, DDoS protection, and SSL, which is capable of defending against
various malicious attacks and ensuring data security.
• DDS provides audit logs and stores logs for a maximum of two years. It also supports
fine-grained permission control.
• HA: The cluster and replica set support high availability. If the primary node is faulty,
the secondary node takes over services in a short time. The switchover process is
invisible to applications.
• Data migration: Data Replication Service (DRS) supports online migration from on-
premises databases to the cloud platform or cross-cloud migration.
• Monitoring metrics: DDS monitors key performance metrics of DB instances and DB
engines in real time, including the CPU usage, memory usage, storage space usage,
command execution frequency, delete statement execution frequency, insert statement
execution frequency, and number of active connections.
• Backup and restoration: DDS supports automated backup and manual backup. The
maximum retention period of an automated backup is 732 days. The manual backup
can be retained for a long time. DB instances can be restored using backup data.
Replica set instances support point-in-time restore at the instance level, database level
and table level.
• Log management: DDS allows you to query and download database error logs and
slow SQL logs.
• Parameter settings: DDS allows you to manage parameter groups and modify
configuration parameters on the console.
• The permission check logic is as follows:
• A user accesses the system and initiates an operation request.
• The system evaluates all the permissions policies assigned to the user.
• In these policies, the system looks for explicit deny permissions. If the system finds an
explicit deny that applies, it returns a decision of Deny, and the authentication ends.
• If no explicit deny is found, the system looks for allow permissions that would apply to
the request. If the system finds an explicit allow permission that applies, it returns a
decision of Allow, and the authentication ends.
• If no explicit allow permission is found, IAM returns a decision of Deny, and the
authentication ends.
• GeminiDB is a multi-mode NoSQL service launched by HUAWEI CLOUD.
• Different from the shared-nothing architecture of traditional NoSQL systems,

GeminiDB is built based on Huawei's unique data function virtualization (DFV)
technology.
• GeminiDB has higher data consistency, stronger performance, better scalability, more
reliable data, and higher cost-effectiveness than peer products.
• GeminiDB can be widely used in the market and meet the requirements of using
products or APIs such as Redis, Cassandra, Dynamo, MongoDB, and TSDB.
• GeminiDB can be widely used in e-commerce, games, advertisements, social

networking, short videos, live broadcast, and geographic information scenarios.
• Compatible with Cassandra, MongoDB, Redis, and influxDB APIs
• Compute and storage separation, minute-level computing capacity expansion, and

second-level storage capacity expansion
• Active-active architecture, tolerating N-1 node faults
• Cost-effective, several times higher performance than that of the community edition
with same resource consumption
• Massive data storage, capable of storing up to 100 TB data on each instance
• High reliability, minute-level backup and restoration, and strong data consistency
• Compute and storage resources are decoupled, and compute and storage nodes can be
scaled in or out separately.
• Compute node work in full load to prevent data skew and load imbalance.
• The storage layer has multiple built-in copies to ensure data security and reliability.
• No data is migrated during scaling with distributed shared storage.
• The storage layer provides ultra-low latency data access.

• Database migration is the most complex among all types of migrations. Once a
database migration issue occurs, it may cause huge losses for services because core
data and service data are normally stored in databases.
▫ Database migration involves database knowledge. Most customers may not have
professional database personnel. Only enterprises of a certain scale may have
professional personnel. In most projects, customers need to seek help from cloud
database migration.
• Database migration is the most complex among all types of migrations. Once a
database migration issue occurs, it may cause huge losses for services.
• Core data and service data are normally stored in databases.
• Database migration involves database knowledge. Most customers may not have
professional personnel.
• In most projects, customers need to seek help from cloud database migration.
• Database migration involves database knowledge. Most customers may not have
professional personnel. In most projects, customers need to seek help from cloud
database migration.
• Benchmarking products are Alibaba Cloud DTS and AWS DMS.
• Alibaba Cloud DTS has a long-term technical planning that can be traced back to 7
years ago. It is independently developed by Alibaba Cloud.
• AWS acquired the source code of the industry synchronization tool Attunity in 2015,
and developed DMS based on the Attunity source code.
• HUAWEI CLOUD DRS is a self-developed product and has been developed for about 2
years.
• Among all the products, AWS DMS supports the most database types. However, DMS
is more like a synchronization tool, which does not distinguish scenarios like migration,
synchronization, disaster recovery, and subscription. It lacks scenario-based features
and has high usage threshold for users.
• Alibaba Cloud DTS is better in terms of scenarios and usage thresholds.
• Azure also started working with Attunity and bought some of its capabilities in 2018.
• In 2018 and 2019, HUAWEI CLOUD DRS focused on online migration. In 2020, DRS will
focus on synchronization and disaster recovery. In addition, DRS will implement some
differentiated features in online migration, aiming to achieve the best-in-class user
experience in online migration.
• Content on this slide is abundant. Talk about the flow chart and then the database
sources, types, network types, and cloud types.
• Help trainees understand each key feature of DRS based on the content in the lower
part of the page. For detailed information, see the DRS promotional slides.
• Understanding scenarios is the core competitiveness. The presenter can summarize
these scenarios in the first place and has the trainees understand the differences.
• Supplements:
▫ The integrity of online migration means that any item in the source database
should be migrated to the destination database. Lots of tools in the industry only
migrate data, which is incomplete. If only data is migrated, there must be errors
reported. Items like triggers, views, users, permissions, and even parameters form
the whole database. If any of them is missing, an error will be reported.
▫ A typical scenario of data synchronization is the synchronization of a customer's

order system. In such a case, only some data needs to be synchronized, and the
scenario demands long-term, real-time synchronization with high flexibility. DRS
focuses on flexibility in this scenario, for example, the many-to-one
synchronization, heterogeneous database synchronization, synchronization
between tables with different names, online addition of tables to the
synchronization task, and data conflict handling policies.
▫ Remote disaster recovery. Users may encounter a disaster or need DR drills. This
scenario focuses on the latency, switchover capability, and data difference.
• In some projects, severe outcome occurred after the service rollout because the
migration process was not strictly followed and migration preparations were not
complete, especially when the test and drill were ignored.
• No matter whether the migration is led by Huawei or the customer itself, the
preceding runbook can always be followed.
• For large-scale migration projects, seek help from experts at headquarters. Currently,
there are two service teams, Database Product Dept. and Professional Service Project
Team, that can help customers to complete the migration.
• Database migration must be performed by Database Product Dept. This is because

database migration requires professional database knowledge and experience, and
customers may consult database usage and optimization questions.
• To help customers better use the DRS service, the preceding information is very
important for both trainees and customers. This slide is closely related with the service
positioning and functions, and is crucial for making accurate recommendations for
customers.
• The presenter can open the service portal and play the videos to introduce DRS.
Remember that there are two tutorial videos that can help trainees to have an intuitive
understanding of DRS.
• After watching the videos, the presenter can open the capability matrix and effectively
help trainees to answer customer questions: Can I perform the xx migration? Can I
migrate the xx version databases?
• This slide is crucial for learning how to guide users to carry out database migrations.
• Use examples to let trainees understand that a successful migration must be well
coordinated and prepared. Unprepared migration just depends on luck.
• Open the link on this slide to explain what are the environment requirements for
migration? What kinds of operations need to be avoided? And how to guarantee a
successful migration? These are the questions that customers and Huawei experts
concerned most.
• This slide is the most frequently queried page because information on this slide is
critical. Whether the migration is fully prepared determines whether the migration is
successful or not. Customers have to coordinate a large amount of manpower and
materials to complete a migration. A successful migration can greatly improve
Huawei's brand influence, whereas a failure lowers customer satisfaction.
• This slide is also crucial for learning how to guide users to carry out database
migrations.
• Before deployment, trainees or customers need to implement the migration. This slide
contains the principles, preparations, detailed procedures, and migration suggestions.
Open the link on this slide to explain. This slide can be used to guide customers,
migration partners, and Huawei experts to perform migration.
• Invite the trainees with migration experience (some of the BU's SAs have already done
database migrations) to share their understandings and ideas to enhance interaction.
• Explain the features based on scenarios. These features are unique in the industry and
strongly demanded by customers. They can be used as bidding-decisive items or as an
alternative material for communication and publicity.
• DAS console: A professional database O&M platform that allows DBAs to perform
routine inspections and detect faults in advance during O&M. In addition, it helps DBAs
to quickly locate and rectify faults in the event of failures, and supports fault reviews
to find out root causes and prevents the faults from occurring with the diagnosis
reports, analysis, and suggestions automatically provided based on the running data.
• DAS standard edition: provides an easy-to-use visualized interface as well as various

functions for developers.
• DAS enterprise edition: provides a database DevOps platform that supports data
protection, change review, operation audit, and R&D self-service. It helps enterprises
implement standardized, efficient, and secure management with large-scale databases.
• Data operations, such as automatic test data generation, help R&D engineers quickly
and automatically insert a large amount of test data into the databases and ensure
that the generated test data complies with specific rules.
• Structure operations, such as table structure editing, facilitate adding and modifying
table fields and indexes.
• Intelligent SQL optimization helps customer identify and optimize SQL statements. For
example, the customer's SQL statement contains a hidden conversion. As a result, the
index is not used and the customer's efficiency is low.
• Lock wait analysis facilitates the viewing of event lock details. Users can obtain the
held lock and waited lock information, such as event status and event ID, by querying
the lock status.
• SQL explorer: helps DBAs quickly locate faults by querying the execution duration,
number of updates, number of rows scanned, and lock wait time of the SQL
statements.
• Slow query logs: helps users quickly find out slow SQL statements and offers
optimization suggestions.
• Daily inspection: helps users quickly locate faults, carries out comprehensively analysis
and exception detection, and provides risks and optimization suggestions.
• Exception diagnosis: allows users to intuitively learn the real-time running status of
database instances, locate performance exceptions in real time, and optimize the
system based on optimization suggestions.
• Real-time analysis: shows the real-time performance data, such as the CPU and
memory usages to help users quickly locate faults.
• DBAs are recommended to use automatic diagnosis and analysis functions in daily
works. The more attention DBAs pay, the more problems detected in advance, thus the
more stable the system will be.
• This slide describes many types of data, such as configuration data, location data, fault
data, and alarm data and why you need different HUAWEI CLOUD database services
to handle these types of data in the IoV scenario.
• Internet games use different databases to process different data. In scenarios where
game services change frequently, the verified DDS service is provided to process game
data.
• Based on the Internet live broadcast services and service scales of customers, Huawei
provides different scalable database solutions, such as the combination of Proxy and
RDS and the combination of DDM and RDS. In addition, the combination of DCS, RDS,
and DDS is provided based on the customer's service peak hours.
• This slide describes how to use DRS to migrate data from Oracle to PostgreSQL
Enhanced Edition. This solution also supports SSL encryption for secure migration.
• Answers: 1.
▫ A
• Answers: 2.
▫ ABCD
• Shared security responsibilities - Infrastructure security - Security services
• Many companies, including Amazon, Google, and Microsoft, have been investing huge
in building their cloud data centers to provide a range of services for users. However,
responding to and protecting users from cloud security incidents are great challenges
for these IT giants.
• On March 17, 2009, Microsoft Azure stopped running for about 22 hours.
• In 2010, Microsoft BPOS suffered an outage. This is Microsoft's first major data breach
event in cloud computing.
• On April 22, 2011, a large number of servers in Amazon's cloud data centers broke
down. This event was considered the most serious cloud security event in Amazon's
history.
• According to reports released by the Cloud Security Alliance (CSA), cloud computing is
faced with the same security threats as traditional data centers, such as data breach,
data loss, DDoS attacks, account hijacking, and malicious internal personnel.
• Customers who migrate services to the cloud care most about service continuity,
controllable O&M, and data security.
• The release of the Cybersecurity Law and the Information Security Graded Protection
System indicates that laws are paying more attention to cybersecurity, and that the
security compliance of cloud computing becomes increasingly important.
• The way to use and manage compute resources in the cloud computing system has
changed, bringing new risks and threats for both administrators and end users.
• Risks and threats for administrators include:
▫ The virtualization management layer becomes a new high-risk area.
▪ The cloud computing system provides computing resources for a large

number of users by using the virtualization technology. Therefore, the
virtualization management layer becomes a new high-risk area.
▫ It is difficult to track and isolate malicious users.
▪ The on-demand and self-service allocation of resources makes it much

easier for malicious users to launch attacks in the cloud computing system.
▫ Open interfaces make the cloud computing system vulnerable to external attacks.
▪ Users use open interfaces to access the cloud computing system through
networks, which makes the system vulnerable to attacks from external
networks.
• Risks and threats for end users include:
▫ Risks cannot be well controlled for data stored in the cloud.
▪ Computing resources and data are controlled and managed entirely by

cloud computing services providers, and the risks brought by this resource
management mode are as follows: Operator administrators may invade the
user system illegally. Data security after the computing resource or storage
space is released. No laws and regulations can be used for data processing.
▫ Multi-tenant resource sharing incurs risks of data breach and attacks.
▪ Resource sharing among multiple tenants poses the following security risks:
User data may leak because of inappropriate isolation methods. Users may
be attacked by other users within the same physical environment.
▫ Threats brought by privileged users
▪ Separation of application systems from resource ownership enables the

cloud platform administrator to access user data, but brings threats to the
data confidentiality, integrity, and availability.
• HUAWEI CLOUD security provides a comprehensive security architecture by taking the
following respects into consideration: organizational structures, service processes,
personnel management, technical capabilities, security compliance, and ecosystem
construction.
• Security compliance is the basis. HUAWEI CLOUD complies with local laws and
regulations in customers' countries and regions, earns cross-industry and cross-region
cloud security certification by regulatory authorities, and obtains security certifications
required for key industries and regions, winning and consolidating customer trust in
HUAWEI CLOUD services.
• Under the principle of shared responsibilities, HUAWEI CLOUD properly plans the
organizational structure and service processes for operations security and O&M
security, and provides continuous operations and security assurance measures to help
protect tenants throughout their lifecycles.
• Infrastructure security, as the technical foundation for cloud security, focuses on

protecting network borders and cloud platform virtualization. The infrastructure
develops and uses world-leading cloud security technologies to provide users with
highly reliable and intelligent cloud protection services and automatic O&M systems.
• In addition, to meet tenants' diversified security requirements on the cloud, Huawei

provides a wide range of self-developed security services and cooperates with world-
leading security companies to build a cloud security business and technology
ecosystem and provide security assurance and services for tenants.
• HUAWEI CLOUD always respects and protects privacy, strictly complies with laws and
regulations applicable to global privacy protection, takes privacy protection as one of
the top priorities, puts customer data protection in the first place, and integrates
privacy protection technologies into its cloud products, services, and ecosystem.
• HUAWEI CLOUD has incorporated Huawei's years of experience in global compliance

management and industry practices into its management, technologies, and processes.
Through regular external reviews, HUAWEI CLOUD provides users with a business
operating environment and services that comply with laws, regulations, and industry
standards.
• Although cloud security inherits all traditional security domains, its risks, roles and
responsibilities, and implementation methods greatly differ from the traditional ones.
Implementation, O&M, and management are performed by different organizations.
Therefore, each involved organization has its own responsibilities.
• This model is called the shared responsibility model. The following are typical
examples:
▫ Software as a Service (SaaS): Cloud service providers (CSPs) are responsible for
nearly all security because tenants only can access, manage, and use applications
provided by them, but cannot perform destructive operations on the applications.
SaaS companies are responsible for security, logging, O&M, auditing, and
application security detection. Tenants manage tenant accounts and permissions.
▫ Platform as a Service (PaaS): CSPs are responsible for platform security, and
tenants are responsible for protecting the applications deployed on the platform,
including security configurations of all applications. CSPs and tenants share the
responsibilities. Take RDS as an example. CSPs are responsible for protecting RDS
instances, RDS restoration, and core configurations. Tenants are responsible for
database accounts and access security.
▫ Infrastructure as a Service (IaaS): CSPs are responsible for protecting the

infrastructure, and tenants are responsible for protecting anything built on it.
IaaS tenants take more responsibilities than PaaS tenants.
• To contain network attacks and minimize their impacts cloud data centers, we need to
divide a network into security zones and isolate the zones. According to the
communication security zone division principles defined in ITU E.408, the public cloud
network is divided into five security zones: a demilitarized zone (DMZ), a public service
zone, an O&M zone, a point of delivery (POD) zone, and a Universal Distributed
Storage (UDS) zone. Nodes in the same security zones have the same security levels
and mutual trust relationships. Various physical networks, VLANs, and routing areas
are configured to isolate service flows that belong to different security domains on the
bearer network.
• To ensure tenant services do not affect management operations and devices are not
out of management, we divide the network communications plane of the public cloud
into the tenant service plane, service control plane, O&M plane, and BMC management
plane. The BMC plane is physically isolated from other network planes. The other
planes are logically isolated by VLANs. A security zone is further divided into network
planes based on service isolation requirements. For example, the POD zone has the
customer data plane, platform O&M plane, service control plane, and BMC
management plane. The O&M zone has only the platform O&M plane and BMC
management plane.
• Cooperate with upstream Internet service providers (ISPs) and third parties to block or
scrub traffic at the source or upstream nodes to defend against heavy-traffic DDoS
attacks. A local anti-DDoS system is deployed on the Internet border to implement
automatic anti-DDoS.
• Security services, such as Layer-7 firewall, intrusion prevention systems (IPS), Web
Application Firewall (WAF), Virtual Private Network (VPN), are deployed on the
network border to defend against security threats from the Internet border and the
internal network of public cloud. Channel encryption ensures data transmission security.
• Collaborative defense supported by security services and sandboxes, and behavior

simulation analysis efficiently identify unknown APT threats.
• The security management center centrally manages security events and risks, and
displays security threat statistics in a visualized manner. It also detects suspicious
traffic at the border, works with network and security services to implement intelligent
correlation analysis, and generates positive feedback, implementing in-depth detection
and analysis of security threats and immediate, automatic threat handling and
elimination.
• The virtualization network security of the cloud platform uses VLANs, security groups,
and layer-2 security policies to implement virtual network isolation and access control
between tenants and firmly prevent layer-2 network attacks.
▫ The virtual switching function is implemented by using virtual bridges to isolate

VLANs. This ensures that VMs in different VLANs cannot exchange data even if
they are on the same server.
▫ Security groups are created based on VM security requirements. A group of

access rules can be set for each security group. Access control is implemented by
configuring security group rules.
▫ Layer-2 network security policies prevent VM MAC address spoofing, Dynamic

Host Configuration Protocol (DHCP) server spoofing, and DoS/DDoS attacks.
• Hosts on the cloud platform are protected by means of virtual resource isolation,
attack and intrusion prevention, system hardening, and security monitoring.
• Virtual resource isolation
▫ To isolate the compute resources of each VM, the hardware-assisted

virtualization VT-x technology is used to isolate vCPUs.
▫ Regarding hardware, the mapping between VM memory and physical memory is

managed to ensure that each VM can access only the physical memory page
allocated to it. The memory of each VM is isolated.
▫ Virtual I/O devices exchange data through a virtual switch based on virtual NIC
entries, such as MAC addresses. This method and network isolation ensure that
VMs cannot access each other's I/O devices, thereby implementing I/O isolation.
• Attack prevention
▫ Identify viruses by file and traffic checks and isolate them, preventing viruses
from spreading.
▫ Identify APTs and defend against unknown threats by simulating suspicious

traffic and files and detecting behavior.
▫ Brute-force attack detection, lock mechanism, and alarm mechanism are used to
prevent host cracking and intrusion.
• System hardening
▫ Secure system configurations, for example, disable dangerous OS services, and

forbid password-free SSH login.
▫ Rectify and harden high-risk processes, services, and ports.
▫ Install patches for OSs and third-party software to prevent security risks caused
by known vulnerabilities.
• Security monitoring
▫ Monitor system process behavior, and identify and isolate malicious processes.
▫ Monitor system status. Identify abnormal ports and monitor accounts with weak
passwords and critical system files.
▫ Monitors key metrics, such as the CPU, memory, bandwidth, and I/O, to detect
system exceptions in a timely manner.
• The cloud platform ensures the security of user data throughout its lifecycle by means
of data isolation, access control, transmission channel encryption, storage encryption,
and secure data destruction.
▫ Access isolation
▪ All data access requests are authenticated and authorized by IAM to ensure
data isolation between tenants.
▪ A tenant's partitions in data storage volumes are evenly distributed for

storage. Data can be accessed only by the writer. A tenant cannot view
other tenants' data.
▫ Encrypted transmission
▪ End-to-end management and secure transmission protocols are used for

transmission channels, which transfer no plaintexts and ensure data
confidentiality and integrity.
▫ Storage encryption
▪ Storage services used for a wide range of scenarios inherit encryption

functions to provide easily available data security assurance.
▪ Encryption keys and root keys are protected. Root keys are stored in
dedicated hardware security modules (Dedicated HSMs), ensuring secure
and reliable key management.
▫ Secure data destruction
▪ When VM resources are released, the system securely erases data in the
physical memory and disks corresponding to the VM. Old tenant data will
not remain in the physical storage, and will not be breached when the
storage is allocated to a new user.
▪ When encrypted data is released in batches, key destruction can securely

and efficiently destroy data.
▪ Disks are degaussed and physically destroyed before they are disposed of.
All the operations on the disk are recorded and traced.
• Regarding security O&M, security services and modules are deployed to detect and
identify attack traffic and behavior on the cloud, and detect and manage
vulnerabilities.
• Flow probes and intrusion detection systems (IDS) are deployed to collect the ingress
and egress traffic of HUAWEI CLOUD. Logs of security services, such as DDoS, WAF,
and HSS are collected and sent to the security threat analysis system for modeling and
correlation analysis. Behavior profile baselines are established through self-learning to
implement differentiated, dynamic security analysis and detection capabilities. SA
displays the overall security risks and trend of the system.
• Evaluate the impact of security risks identified through detection and analysis and
formulate response policies. Handle and clear detected and analyzed security threats
based on security orchestration. Manage and handle security risks in a unified manner.
• AAD changes the external service address to a high-defense IP address by modifying
DNS resolution, diverting malicious attack traffic to the high-defense IP address for
scrubbing. In this way, the origin server IP address and important services are protected
from DDoS attacks. AAD can be deployed on hosts used in the HUAWEI CLOUD, other
clouds, and IDCs.
▫ High bandwidth
▪ Capable of scrubbing 5 TB+ DDoS traffic; 7 scrubbing nodes; defense

against terabytes of attack traffic for a single IP address
▪ Global cloud scrubbing resource scheduling, device-cloud synergy, near-

source scrubbing, global sharing of intelligence from Cloud Mitigation
Alliance, and collaborative attack defense
▫ Accurate defense
▪ Progressive challenge-response authentication; identity authentication;

accurate identification of forged sources and valid traffic
▪ Big data threat analysis, baseline traffic statistics, and exception

identification are used to prevent zero-day attacks.
▫ High availability
▪ Service traffic is distributed through a cluster. Remote and multi-line

scheduling is supported. The performance is high, the latency is low, and
services are stable and reliable.
▪ Elastic protection
▪ Users can buy both the basic bandwidth protection and elastic bandwidth
protection of AAD for a higher protection capability. The protection
bandwidth can be adjusted as needed.
▫ Professional team support
▪ Professional anti-DDoS experience, 24/7 monitoring and response by the

support team, safeguarding services
• AAD uses the Basic protection + Elastic protection mixed billing mode. Basic protection
is a prepaid service and provides yearly and monthly packages. Within the protection
period, attack traffic within the basic protection bandwidth is free of charge.
• Elastic protection is charged by day. If the peak attack traffic exceeds the basic
protection bandwidth, tiered pricing applies. Users will be charged within the limit of
the elastic protection bandwidth they purchased. The default service bandwidth is 100
Mbit/s. If the actual service bandwidth exceeds 100 Mbit/s, the user needs to purchase
extra bandwidth.
• Users can purchase one of both of the basic protection bandwidth and elastic
protection bandwidth as needed.
• HSS is designed to improve the overall security for hosts.
• It delivers functions such as asset management, vulnerability management, intrusion

detection, and baseline inspection. In this way, it detects and manages information
assets on hosts, monitors risks on hosts in real time, and prevents unauthorized access,
helping you manage overall security for hosts and meet requirements of Cybersecurity
Multi-Level Protection Scheme.
• HSS agents offer comprehensive protection for hosts with the support of the cloud
protection center. On the HSS console, you can view and manage hosts statuses and
risks in the same region.
• HSS provides three editions: Basic, Enterprise, and WTP.
• The Basic edition provides basic host security protection capabilities, such as basic
password complexity check and brute-force attack prevention, implementing simple
security protection measures for low-priority hosts.
• The Enterprise edition provides comprehensive asset management, vulnerability

management, intrusion detection, and settings check functions, which are applicable to
most host protection scenarios.
• The WTP edition provides anti-tamper capabilities for dynamic, static, and web disk
files in addition to Enterprise edition functions. It is applicable to hosts where
important web application sites are deployed.
• WAF uses domain names to divert public network traffic to WAF, detects HTTP/HTTPS
request traffic, identifies and blocks malicious attack traffic, and returns normal traffic
to the origin server IP address, ensuring the security, stability, and availability of the
origin server.
▫ Comprehensive protection
▪ The built-in attack signature database can detect and block dozens of types
of web attacks, such as SQL injection, XSS, web shell upload,
command/code injection, and sensitive file access.
▫ Leading technologies
▪ The industry-leading semantic, regex, and AI engines help accurately

identify threats and significantly improve the threat detection rate.
▫ Flexible configuration
▪ Custom precise protection rules meet diverse requirements of security

operations.
▫ Professional and reliable
▪ Services are deployed across regions. Remote disaster recovery ensures

service security and reliability. The background knowledge base is
dynamically updated and easy to maintain.
• WAF provides three editions: Professional, Enterprise, and Flagship, ranked in
ascending order by the performance specifications and supported functions. The table
in the slide lists their main differences. For details about the specifications, see the
provided link.
• The three editions differ in key factors, such as the peak number of service requests
and service bandwidth, and the number of domain names.
▫ The Professional edition can be used for small- and medium-sized websites that
do not have special security requirements.
▫ The Enterprise edition can be used for medium-sized enterprise websites that
require high data security.
▫ The Flagship edition can be used for large- and medium-sized enterprise
websites with special customization requirements, large business scale, or special
security requirements.
• VSS is designed to protect your servers and websites by scanning vulnerabilities. It
provides services such as web vulnerability detection, vulnerability lifecycle
management, and scan customization. VSS has two major capabilities: website scan
and host scan.
▫ Website scan
▪ Disguised as a common user, VSS uses web crawlers to crawl websites'

URLs to discover potential security threats to your website.
▪ VSS can detect over 22 types of vulnerabilities, including OWASP Top 10

vulnerabilities and WASC vulnerabilities.
▪ Scan rules can be automatically updated on the cloud and take effect
across the entire network against the latest vulnerabilities.
▫ Host scanning
▪ Host scanning accesses users' hosts after obtaining their authorization. It

automatically detects the vulnerabilities and insecure baseline
configurations of host OS and middleware using the comprehensive
vulnerability database.
▪ An in-depth scan performs multi-dimensional OS vulnerability detection

and configuration check.
▪ The service can scan mainstream middleware and supports weak password
detection for standard web services, web containers, and databases.
▪ The service supports vulnerability scanning of mainstream web containers,

foreground development frameworks, and background microservice stacks,
as well as configuration compliance scanning.
• DEW is a comprehensive data encryption service on the cloud. It provides functions
including dedicated encryption and key management to solve problems such as data
security and key security issues. The service provides easy-to-use and reliable
encryption functions to protect users' core sensitive data from being stolen.
▫ Key management
▪ Key Management Service (KMS) uses HSMs to protect keys, helping users
easily create and manage keys.
▪ KMS is integrated with multiple cloud services, including OBS, EVS, and IMS.
Services can also call KMS APIs to easily encrypt and decrypt service data.
▫ Dedicated HSM
▪ Dedicated HSM provides encryption hardware certified by the State

Cryptography Administration to meet regulatory compliance requirements.
▪ Dedicated HSM offers users a secure, reliable way to manage keys

generated by instances, and uses a range of algorithms for data encryption
and decryption.
• DEW provides two editions: Basic and Professional. The table in the slide lists their
main differences. For details about the specifications, see the provided link.
• Choose an edition mainly based on encryption scenarios.
▫ The Basic edition does not support API calling, and can be used for scenarios that
do not have special encryption requirements on services.
▫ The Professional edition can be used for scenarios where APIs need to be called
to encrypt service and application data.
• DBSS provides the database audit service in bypass mode. It records user access to the
database in real time, generates fine-grained audit reports, sends real-time alarms for
risky operations and attack behaviors.
• Easy deployment
▫ Bypass deployment enables the service to flexibly access databases without

affecting services.
▫ Users can perform 99%+ application association audit, comprehensive SQL

parsing, and accurate protocol analysis.
• Efficient analysis
▫ The service can respond to user requests that involve the processing of hundreds
of millions of data records within seconds, and can perform audit in real time.
▫ The service can quick analyze and display multi-dimensional clues and factors.
• Separation of duties
▫ The rights of the system administrators, security administrators, and audit

administrators are separated to meet audit requirements.
• Compliance with a range of standards
▫ Database audit complies with DJCP level 3.
▫ Database audit complies with laws in and outside China, such as the
cybersecurity law and SOX.
• Database audit provides three editions: Basic, Professional, and Advanced. They have
the same functions and are ranked in ascending order by the number of supported
database instances and performance specifications. Users can select a proper edition
based on their actual business scale.
• Security is a systematic project that follows the bucket theory. Any security weakness
will reduce the overall security. Therefore, in the security design and planning phase,
security risks in the network, hosts, applications, data, and O&M must be
systematically evaluated and prevented.
• We can start with security threats in various aspects and then find the protection
technologies to be implemented.
• This slide uses a typical service system as an example to describe the security planning
and design of the system.
• Generally, a business system can be roughly divided into four parts:
▫ Network: ELB provides service access for public networks. Service: ECS or
containers provides service system application logic and performs computing.
Data: RDS or self-built databases provide persistent storage of important
application data. Storage: Storage services such as EVS and OBS provide storage
for service resource data.
• A security protection plan should take networks, hosts/containers, applications, data,

and O&M into consideration.
• The network layer prevents network attacks.
▫ VPN provides secure access management channels.
▫ ELB provides services for the public network, ensuring service scalability and
preventing service nodes from being directly accessible to the public network,
thus reducing the attack surface.
▫ Divide service nodes into security groups based on node types. Meanwhile,
control traffic access based on security policies to prevent lateral movement
attacks and impact spreading.
▫ Modify the DNS configuration to divert traffic, and perform advanced simulation
and WAF detection and scrubbing to ensure the security and reliability of ingress
service traffic.
▫ The AAD service protects application systems against DDoS attacks.
▫ WAF protects web applications against common web attacks, such as XSS,
command injection, and Trojan horses.
• The host/container layer ensures the secure running of host nodes.
▫ HSS provides functions including weak password detection, brute-force attack

prevention, web page tamper prevention, and vulnerability management to
ensure service host security.
▫ CGS ensures the security of container images, critical processes, and files.
• The data layer prevents data breach, data tampering, and data loss.
▫ DBSS provides fine-grained permission control functions to enable precise access

control, provides dynamic sensitive data masking to prevent data breach, and
prevents SQL injection to protect user data against breach and tampering.
▫ DEW is integrated with the storage services to provide convenient data

encryption services and prevent data breach.
▫ Create backup policies to periodically back up important data, effectively

preventing data loss.
• The application layer is mainly used for application vulnerability management and
application data security.
▫ Create scheduled vulnerability scanning tasks to identify application

vulnerabilities in a timely manner, preventing security risks caused by
vulnerabilities.
▫ SCM provides required certificates for application authentication and encryption

channels, and manages and maintains the certificates to ensure application
security.
▫ The security check function of SES helps users perform in-depth detection to
identify system security risks and optimize system security configurations.
• O&M focuses on controllable O&M operations and effective management of security

risks.
▫ SA displays the overall security risk status of a system in a visualized manner and
provides the security orchestration function to effectively handle and eliminate
security risks.
▫ The emergency response and security monitoring services provide capabilities

such as security threat clearance and O&M monitoring, effectively helping users
with security O&M.
• 1. Answer:
▫ A
• 2. Answer:
▫ C
• For more information, visit https://www.huaweicloud.com/intl/en-us/ and
https://support.huawei.com/carrierindex/en/hwe/index.html.
• After services are migrated to the cloud, O&M in the cloud is relatively simple, and
O&M of the underlying platform does not need to be concerned. Cloud-based
monitoring supports metrics monitoring for IaaS and the application layer, and works
with application performance management and service analytics to implement end-to-
end service O&M.
• After services are migrated to the cloud, DR in the cloud is very convenient.
• The service DR architecture in the cloud can be built out of the box, including the
network layer, database layer, and host layer.
• HUAWEI CLOUD provides high-speed interconnection bandwidth and low-latency

networks across data centers, helping you easily build an intra-city active-active
architecture.
• You do not need to pay attention to the construction or expansion of DR data center
equipment rooms.
• After services are migrated to the cloud, cloud security can be comprehensively
protected.
• Boundary security can be protected by DDoS and WAF.
• Security groups and ACLs are used to ensure network-layer security in the data center.
• Vulnerability scanning and enterprise host security can be used to detect and prevent
host security issues for host-layer protection.
• Sensitive data masking, audit, and attack defense can be performed for databases.
• The cloud provides security audit and log storage capabilities to meet compliance
requirements.
• This project aims to migrate SRM and CRM services of enterprise XX to the cloud. SRM
is a newly planned service system. CRM was deployed in the conventional data center,
but will be migrated to the cloud because it needs to be integrated with SRM.
▫ The system requirements are as follows:
▪ Enterprise XX needs to build a new SRM system, including the development

and test environment and production environment.
▪ The SRM system of enterprise XX is a typical application having a three-

layer (web, application, and data) architecture.
▪ Users are internal employees of the enterprise and need to access the
intranet and Internet through HTTP and HTTPS.
▪ It needs to be integrated with the SAP system.
▫ The challenges are as follows:
▪ Rapid deployment and production system rollout.
▪ The system processing capability and data volume increase are

unpredictable.
▪ Manual intervention in system O&M and data backup costs should be

reduced.
▪ High availability is required.
▪ System monitoring and alarm automation.

• After the evaluation, requirements and related challenges can be easily handled in the
cloud. Customers are advised to migrate services to the cloud.
• We provide cloud hosts and self-purchased servers based on HUAWEI CLOUD. We
make a comprehensive comparison in terms of stability, usability, disaster recovery,
security and reliability, and cost to find out the advantages of service cloudification.
• Cost saving: There is no need to invest a large amount of money at a time, preventing
a waste of idle resources.
• Elastic, flexible, and reliable: Load balancing is used online to easily expand
applications, but not expensive hardware load balancing and complex configuration.
• Customers pay much attention to costs. We have analyzed the investment in self-built
mode, carrier IDC lease mode, XX public cloud, and HUAWEI CLOUD for one year. The
cloud deployment is an economical way.
• Next, let's see how to migrate services to the cloud.
▫ HUAWEI CLOUD interconnects with the VPN gateway on the XX cloud through
the local VPN gateway to implement interconnection and integration between
SRM/CRM and SAP systems.
▫ Enterprise XX connects to the HUAWEI CLOUD VPN gateway through the VPN
gateway to integrate the local Nantong MES/PLM system with the SRM/CRM on
HUAWEI CLOUD.
▫ The local MES/PLM system of enterprise XX is connected to the enterprise XX HQ
through a private line, and then to the Direct Connect gateway of XX cloud
through the private line of enterprise XX HQ, implementing integration and
interconnection between the local Nantong MES/PLM system and the SAP system
of XX cloud.
▫ End users access the SRM/CRM system using public IP addresses or domain
names.
• Solution design:
▫ HUAWEI CLOUD interconnects with the VPN gateway on the XX cloud through
the local VPN gateway to implement interconnection and integration between
SRM/CRM and SAP systems.
▫ Enterprise XX connects to the HUAWEI CLOUD VPN gateway through the local
VPN gateway to integrate the local Nantong MES/PLM system with the
SRM/CRM on HUAWEI CLOUD.
▫ The local MES/PLM system of enterprise XX is connected to the enterprise XX HQ

through a private line, and then to the Direct Connect gateway of XX cloud
through the private line of enterprise XX HQ, implementing integration and
interconnection between the local Nantong MES/PLM system and the SAP system
of XX cloud.
▫ End users access the SRM/CRM system using public IP addresses or domain
names.
• Advantages of this solution:
▫ Secure and reliable VPN, out-of-the-box, and low cost
▫ Short network path for system interconnection, and high communication

efficiency
• Next, let's look at the deployment architecture and solution design of SRM/CRM
cloudification.
▫ Deployment area: Deployed in the CN East-Shanghai to facilitate access of

Nantong users.
▫ Network solution design: One Class-C subnet is respectively created for SRM and
CRM through the VPC network.
▫ User access: The SRM system provides services for external systems through ELB.
The CRM system provides services for external systems through the public elastic
IP addresses. The level-2 domain name is configured to point to the public IP
addresses of the SRM and CRM systems through the domain name resolution
service of enterprise XX. All users access the SRM and CRM systems using domain
names.
▫ System integration: SRM integrates with peripheral systems through the interface
server. CRM provides the webservice and DB link integration modes to integrate
with the VPN service to enable the network channel.
▫ Service deployment: SRM is deployed in a two-layer architecture. All layers except

the database layer are deployed across AZs. CRM is deployed in a two-layer
architecture, and servers at the two layers are deployed across AZs.
▫ Application stability assurance: Anti-DDoS and WAF are used to build security
protection for user access. HSS, SG, and network ACL are used to build security
protection for cloud hosts. Services are deployed across AZs to implement cross-
region DR for service systems. EVS disk backup and service system data backup
are used to enhance system data protection.
• Key points:
▫ Deployment area: Deployed in the CN East-Shanghai to facilitate access of

Nantong users.
▫ Network solution design: One Class-C subnet is respectively created for SRM and
CRM through the VPC network.
▫ User access: The SRM system provides services for external systems through ELB.
The CRM system provides services for external systems through the public elastic
IP addresses. The level-2 domain name is configured to point to the public IP
addresses of the SRM and CRM systems through the domain name resolution
service of enterprise XX. All users access the SRM and CRM systems using domain
names.
▫ System integration: SRM integrates with peripheral systems through the interface
server. CRM provides the webservice and DB link integration modes to integrate
with the VPN service to enable the network channel.
▫ Service deployment: SRM is deployed in a two-layer architecture. All layers except

the database layer are deployed across AZs. CRM is deployed in a two-layer
architecture, and servers at the two layers are deployed across AZs.
▫ Application stability assurance: Anti-DDoS and WAF are used to build security
protection for user access. HSS, SG, and network ACL are used to build security
protection for cloud hosts. Services are deployed across AZs to implement cross-
region DR for service systems. EVS disk backup and service system data backup
are used to enhance system data protection.
• Finally, let's summarize the advantages of deploying SRM/CRM on HUAWEI CLOUD.
▫ Reliable: T3+ equipment rooms, cross-AZ and cross-DC application deployment,

implement easy service DR; three copies of underlying storage ensure zero data
loss; complete data backup mechanisms ensure data recovery.
▫ Security: Provides security services, such as anti-DDoS, WAF, vulnerability

scanning, enterprise host security, situation awareness, security group, and virtual
firewall, to provide comprehensive protection capabilities from the aspects of
border security, intranet security, and data security. Provides data encryption
services to prevent data theft. Provides security audit and log recording to
facilitate security authentication. HUAWEI CLOUD has obtained more than 40
security certifications worldwide, ensuring security.
▫ Efficient deployment and O&M: All cloud services can be obtained in one-stop
mode. Instances can be provisioned in minutes. Complete and convenient cloud-
based automatic O&M, enabling efficient O&M.
• Container technologies are commonly defined as the container engine technology
(Docker) and the container orchestration technology (Kubernetes).
• Docker leads OCI to set up container engine technology standards followed by many
companies. Many container technologies are compatible with the OCI standards, for
example, Kata security containers.
• Kubernetes is a recognized de facto standard in the container orchestration field.

Almost all container technologies of public cloud vendors are implemented based on
Kubernetes. Early products like Docker Swarm and Mesos have been marginalized in
the market.
• Docker is the most popular container runtime, that is, container engine. containerd is
another container runtime of container technology standardization. To be compatible
with the OCI standards and independently responsible for the container runtime and
lifecycle management (such as creation, startup, stop, termination, signal processing,
and deletion), containerd is separated from daemon and provides APIs for Docker
engines to run containers, and communicates with Docker engines using the gRPC
protocol. Each time a container is created, containerd creates a shim process that calls
runc (previously known as libcontainer) to manage the container runtime, for example,
creating namespaces.
• Two key concepts in Docker are images and image repositories. An image is a
container application release file. Docker builds images based on Dockerfiles. An image
repository is where images are stored. Containers and the running environment of
containerized applications are isolated by using key technologies of containers.
• Those key technologies are not invented by Docker, but by Linux. Docker integrates
these technologies to achieve revolutionary effects. Namespaces are used to isolate the
running environment, that is, each container is an independent process and is isolated
by namespaces. Containers are invisible to each other, including process isolation,
network isolation, and file isolation. Cgroups isolate running resources or make them
exclusive for each container. You can specify the number of resources for each
container. Union filesystem is a unified standard for application running. Container
images provide the basis for container running, but container images are not
containers. A container image is a series of hierarchical read-only files managed by the
storage driver. When a container image runs as a container, a writable layer, that is, a
container layer, is added to the top of the image. All modifications to a running
container are actually modifications to the container read/write layer. Such
modifications, such as writing a new file, modifying an existing file, and deleting a file,
are only applied to the container layer.
• The word Kubernetes comes from Greek, which means a pilot or navigator. K8s is short
for Kubernetes because there are eight letters between k and s.
• Kubernetes is an open-source product developed by Google from its internal cluster

management system Borg after Google's own service attributes are removed.
• In the standard architecture of Kubernetes, a cluster is a complete set of Kubernetes

products. Most enterprises encapsulate the management plane on clusters for cluster-
level management.
• A master node in the cluster manages the entire container cluster. In HA scenarios
with etcd used, there are at least three master nodes in a cluster.
• There are many worker nodes in a cluster, which are used to run containerized
applications. The master node installs kubelet on each worker node as the agent for
managing the node.
• When using Kubernetes, users call the API server on the master node to use required
resource objects such as applications and Services in the declarative APIs. The master
node controller and scheduler create resources on the node based on the user
definition and monitor the status at any time, ensuring that the resources meet
requirements.
• Unified access to containerized applications on nodes can be achieved through kube-

proxy.
• Kubernetes is an open-source container cluster management system developed by
Google. Based on the Docker technologies, Kubernetes provides a set of functions such
as resource scheduling, deployment, running, service discovery, and auto scaling for
containerized applications. Kubernetes is a containerized Micro-PaaS platform in
essence, which is inspired by the Borg system inside Google.
• Docker container host machines form a cluster to centrally schedule resources,

automatically manage the container lifecycle, and provide cross-node service discovery
and load balancing. For example, the introduction of the concepts of label and pod
better support the microservices and draw boundaries between services.
• Kubernetes is the most important open-source project of the CNCF community, and
has become the industry standards of the container technologies.
• The minimum unit of Kubernetes orchestration is not a container, but pod.
• The idea comes from pea pod. A pod can contain many containers, just as a pea pod
can contain many peas.
• What is the relationship between these containers? Answer: Containers in the same
pod share the data storage volumes and IP address.
• What is this for? First, containers are often used to bear microservices. Microservices
are small and single services.
• During microservice design, it is recommended that one process be borne by one

application. If the bearer is a container, one process is borne by one container.
• However, to manage microservices, you need to install service monitoring software or

data reading software. That is, multiple software, or processes, need to be installed in
a container. This undermines the principle of one container for one process.
• To comply with the microservice design principles, Google designed pods. Generally, a
pod contains multiple containers, including one application container (used to provide
services) and multiple sidecar containers (used to monitor the application container or
manage data).
• For example, a pod contains three containers: web container, monitoring container,
and log reading container.
• The web container is only used to run web software, and port 80 is exposed externally.
• The monitoring software of the web container, running in the monitoring container,
monitors the web service through 127.0.0.1:80, because containers in the pod share the
IP address.
• The log reading container only needs to read files in the corresponding path and
report the files to the log management platform, because containers in the pod share
the data storage volumes.
• With pods, services can be easily managed.

• Deployments are created for stateless containerized applications. Kubernetes manages
Deployments by using the deployment controller.
• A stateless applications is essentially that multiple instances of an application return

the same response for each request and Kubernetes performs operations randomly on
these instances, for example, scale-down.
• If a stateless application is restarted, the data (if any) generated by the application will
not be saved because stateless applications do not connect to persistent storage. In this
case, the old container will be killed and a new container will be started.
• Deployment is the most frequently used resource object in Kubernetes.

• For stateful applications, Kubernetes encapsulates StatefulSets for management, that
is, using the StatefulSet controller.
• A StatefulSet is a workload that stores data or statuses during running. Each

application instance is unique.
• Persistent storage volumes are mounted to ensure data persistence.
• Except for data, each instance of a stateful application is independent from all aspects.
For example, there are master and slave instances for the MySQL application.
Therefore, instances are restarted in sequence.
• Typical uses of DaemonSets:
▫ Run a cluster storage daemon, such as glusterd or Ceph, on each node.
▫ Run a log collection daemon, such as Fluentd or Logstash, on each node.
▫ Run a monitoring daemon, such as Prometheus Node Exporter, collectd, Datadog

agent, New Relic agent, or Ganglia gmond, on each node.
• To implement service discovery and load balancing, Kubernetes designs the concept of
Service, which provides access to containerized applications through Layer 4 protocols
and ports.
• There are three types of Services: ClusterIP (using the internal IP access), NodePort
(using the node IP address for external access; prone to reliability problems), and
LoadBalancer (using ELB for external access).
• A layered architecture is developed from internal to external.

• If Layer-7 access is required, use the HTTP URL to identify the access. Generally, the
ingress is used.
• Ingress provides northbound Layer-7 load balancing capabilities and connects to a

Service to implement Layer-7 routing and forwarding. Generally, such capabilities are
achieved through Nginx.
• A ConfigMap is used to configure configuration files and parameters for a
containerized application. Similar to container storage, ConfigMap transfers
configuration files to containers by mounting volumes.
• By default, a Kubernetes cluster has three namespaces. All Kubernetes objects created
earlier are in the default namespace.
• In addition, kube-system is used by Kubernetes system components.
• kube-public is used for public resources.
• Users can create namespaces based on project requirements.

• Huawei provides a bottom-layer container infrastructure through CCE, CCI, and
CCE@HCSO. CCE provides Kubernetes-native container platform experience, that is,
container clusters and container applications can be managed.
• CCI is a serverless container engine that allows you to run containers without creating
or managing server clusters.
• CCE is suitable for long-term and large-scale service scenarios. Users have complete
container and resource management capabilities. CCI applies to computing-intensive
industries.
• Based on the infrastructure, Huawei provides comprehensive container O&M and

management services, including SWR, AOS, ASM, ContainerOps, and AOM.
• Huawei builds three container solutions from this full service stack: Multi & Hybrid
Cloud Container Solution, Kubernetes-Native Batch Computing Solution, and Intelligent
Edge Computing Solution.
• These high-performance services are easy to use and maintain. Solutions are tailored
precisely to customer needs to promote containerization. A full range of service tools
simplify container use and O&M.
• Robust infrastructure ensures service reliability and performance.

• CCE: high-performance, high-reliability enterprise-class Kubernetes service
• CCE provides highly scalable, high-performance, enterprise-class Kubernetes clusters

and supports Docker containers. With CCE, you can easily deploy, manage, and scale
containerized applications on HUAWEI CLOUD.
• CCE is deeply integrated with HUAWEI CLOUD services, including high-performance

compute (ECS/BMS), network (VPC/EIP/ELB), and storage (EVS/OBS/SFS) services. It
supports heterogeneous computing architectures such as GPU and Arm. By using
multi-AZ and multi-region disaster recovery, CCE ensures high availability of
Kubernetes clusters.
• Huawei is amongst the first developers of the Kubernetes community in China. Huawei
is a major contributor to the open source community and a leader in the container
ecosystem. HUAWEI CLOUD CCE is the earliest commercial Kubernetes product in
China, and also one of the first products that passed the CNCF consistency certification
in the world. Since its commercial use in 2014, Huawei has provided containerized
services for more than 5,000 users.
• CCE contributes to an inclusive and open-source ecosystem, enhanced commercial

features, and flexible and easy-to-purchase infrastructure.
• The base of the high-performance batch computing solution is CCI.
• CCI is the world's first Kubernetes-based serverless container service.
• When using the serverless CCI, customers can stay focused on their own services,
instead of underlying hardware and resource utilization. In addition, CCI provides the
pay-per-use (by second) billing mode, making it convenient for customers to use
resources as needed at any time.
• From top to bottom, CCI consists of Volcano (batch computing scheduling platform),
Kubernetes container orchestration and scheduling, and security container.
• Volcano: Native Kubernetes has weak support for batch computing services. Volcano
provides two enhanced batch computing capabilities. One is advanced job
management, such as task queuing, priority setting, eviction, backfilling, and starvation
prevention. The other is intelligent scheduling, such as topology-aware affinity-based
scheduling and dynamic driver-executor ratio adjustment. In addition, scheduling and
distributed frameworks such as Gang scheduling, PS-Worker, and Ring AllReduce are
supported.
• For Kubernetes and security containers, CCI can start 1,000 pods in one minute
provisioned with network and storage resources. CCI also provides VM-level security to
ensure customers' programs and data.
• In addition to these capabilities, CCI provides multiple underlying resources (Kunpeng-

/x86-/Ascend-/GPU-based architecture) and high-performance networks, such as 300
Gbit/s NVLink and 100 Gbit/s IB networks.
• Serverless service
▫ Auto underlying resource provisioning and cluster running
▫ Per-second billing
• Intelligent scheduling with Volcano
▫ Unified task management for gene sequencing, big data, and AI computing, and
functions such as task queuing, priority setting, task eviction, and backfilling.
▫ Topology-aware affinity-based scheduling, Gang scheduling, group scheduling,

and dynamic driver/executor ratio adjustment
▫ Distributed AI training models such as PS-Worker and AllReduce.
• Kubernetes and security container
▫ 1,000 pods provisioned every minute
▫ VM-level security
• High-performance hardware
▫ Inter-GPU communication through 300 Gbit/s NVLink
▫ 100 Gbit/s IB network, supporting direct connection between containers and IB

network adapters, multi-tenant IB network isolation, and large-scale IB
networking with 648+ nodes
▫ High-performance SFS/OBS access through 2 x 25 GE DPDK network
▫ Kunpeng/GPU/Ascend chip
• SWR provides easy, secure, and reliable management over Docker container images
throughout their lifecycle, facilitating the deployment of containerized applications.
You can push, pull, and manage Docker images by using the SWR console, SWR APIs,
or Docker Command Line Interface (CLI).
• SWR can either work with CCE/CCI or be used as an independent container image
repository.
• ASM: Istio-based high-performance, high-reliability, and non-intrusive enterprise-class
service mesh
▫ ASM is a service mesh platform developed by HUAWEI CLOUD based on the

open-source Istio. It seamlessly works with CCE, the enterprise-class Kubernetes
cluster service on HUAWEI CLOUD, to enhance the usability, reliability, and
visualization and features out-of-the-box readiness.
▫ Providing a non-intrusive microservice governance solution, ASM supports full-

lifecycle management and traffic management and is compatible with the
Kubernetes and Istio ecosystems. It provides functions such as load balancing,
circuit breaking, and rate limiting. The built-in support for canary release, blue-
green release, A/B testing, and other forms of grayscale release enables you to
automate release management all in one place. ASM collects real-time traffic
topology, tracing, and other data without intrusions to monitor and diagnose
service performance multidimensionally.
▫ Compared with traditional microservice frameworks, such as Spring Cloud and

Dubbo, ASM is a third-generation microservice technology commonly
recommended for cloud native technologies. It is language-independent and does
not require code modification.
• HUAWEI CLOUD ContainerOps: Easier Development, Lower Containerization Costs, and
Simpler Delivery Process
• ContainerOps is a DevOps orchestration platform for you to clearly define the entire
DevOps workflow from source code obtaining to application rollout, covering key tasks
like code compiling, image build, gray deployment, and containerized deployment.
ContainerOps tackles problems in the process of code compiling, image build, and
image deployment in containerized scenarios, further improving R&D, deployment, and
O&M efficiency.
• The service has the following advantages:
▫ Out-of-the-box, standardized workflow templates
▫ Global image acceleration for various service scenarios
▫ Open architecture with CI and CD tools as plug-ins for easy integration with
existing systems
▫ End-to-end agile delivery across alpha, beta, and gamma environments
▫ Seamless interconnection with Huawei DevCloud to fully cover the entire DevOps
process
• AOS: In-Cloud Automation Platform for Containerized Applications
• AOS enables enterprises to automate application cloudification. By orchestrating

HUAWEI CLOUD services, you can create, replicate, and migrate your containerized
applications and provision required cloud resources within a few clicks.
• You only need to create a template describing the applications and the required cloud
resources, including their dependencies and references. AOS will then set up these
applications and provision the resources as specified in the template. For example,
when creating an ECS, together with a Virtual Private Cloud (VPC) and a subnet on
which the ECS runs, you only need to create a template defining an ECS, VPC, subnet,
and their dependencies. AOS will then create a stack, namely, a collection of resources
you specified in the template. After the stack has been successfully created, the ECS,
VPC, and subnet are available to use.
• AOS templates are text files that are easy to read and write. You can either directly
edit template files in YAML or JSON format, or use AOS graphical designer to write
and edit templates with more visualization. In addition, AOS Template Market provides
a large number of free templates, covering common application scenarios, for direct
use or as references.
• AOS manages cloud resources and applications in a unified manner through stacks.
During stack creation, AOS automatically configures the cloud resources and
applications specified in the template. You can view the status and alarms of cloud
resources or applications in a stack. You can create, delete, and copy cloud resources
and applications by stack.
• What You See Is What You Get: The graphical console enables you to easily complete
cloud-based application and service orchestration through drag-and-drop operations.
• Out-of-the-box: With pre-packaged 50+ templates of different industries (e.g. e-

commerce, blockchain, AI, and game), you can directly use or repurpose these
templates to build your applications, greatly improving the efficiency of migrating
applications to the cloud.
• Powerful ecosystem: AOS is deeply integrated with more than 70 types of HUAWEI
CLOUD service resources and containerized applications, satisfying customers'
orchestration requirements in various service scenarios.
• AOM: Native Monitoring of Cloud Containers for Overall Management of Resources
and Applications
• With the popularization of container technologies, more and more enterprises develop
applications using microservice frameworks. As the number of cloud services increases,
enterprises gradually turn to cloud-based O&M. However, they face the following
O&M challenges:
• Cloud-based O&M has high requirements on personnel skills, O&M tools are hard to
configure, and multiple systems need to be maintained at the same time. Distributed
tracing systems are complicated and not as stable as expected.
• Microservice dependencies need to be visualized, application performance needs to be

improved, and logs need to be integrated for analysis and quick fault location.
• Huawei has been contributing to the cloud native community since 2014. Many key
features of Kubernetes, such as affinity and scheduling, IPVS, and cluster federation,
are driven by Huawei. These contributions have been applied to container products of
mainstream vendors in the industry.
• As is surveyed by CNCF, cloud native technologies have become the first choice for
more and more companies in the industry. The number of CNCF projects and that of
participants in CNCF conferences increase rapidly.
• This rapid development has been powered by three advantages of the cloud native
technologies: shorter development cycle, more flexible scaling policies, and better
portability.
• According to Gartner and 451 Research, more than 80% enterprises worldwide have
started to use container technologies.
• Using MCP as a core, the HUAWEI CLOUD multi & hybrid cloud container solution
manages Kubernetes clusters in each cloud in a centralized manner to form a unified
container management platform.
• This solution provides the cross-cloud service mesh through ASM.
• This solution can manage not only HUAWEI CLOUD container clusters, but also K8S
clusters created by competitors and users themselves.
• Based on multi-cluster and federation technologies, MCP performs K8S management

for different regions and clouds to implement unified application management.
• CCE is a high-performance, high-reliability enterprise-level Kubernetes service provided

by HUAWEI CLOUD.
• CCE HCS Online is based on HUAWEI CLOUD CCE and provides users with the same
service experience as CCE in the on-premises IDC.
• ASM globally manages applications deployed on Kubernetes clusters in different

regions and clouds.
• Customers can choose to use CCE, CCE HCS Online, ASM, or MCP based on their
business phases.
• Generally, a multi & hybrid cloud container solution in the industry is divided into three
phases:
▫ In phase 1, a console is used to integrate Kubernetes APIs. This method is simple

but each cluster is still independent after encapsulation. Multiple pods of an
application cannot use a unified entry and therefore does not support unified
scheduling and management.
▫ In phase 2, application scheduling and management is supported. Applications

can communicate with each other across clouds (container networks) and have a
unified entry. However, cross-cloud auto scaling and service governance are not
supported.
▫ In phase 3, cross-cloud auto scaling and service governance are implemented.

• Huawei's multi & hybrid cloud container solution applies to the following scenarios:
• Multi-active DR for services
▫ With Huawei's multi & hybrid cloud container solution, users can deploy their
services on container services in multiple clouds. If a cloud becomes faulty, the
service traffic is automatically switched to another cloud according to the unified
traffic distribution mechanism. In addition, applications and resources can be
quickly scaled in other clouds based on the auto scaling capability of Kubernetes.
In this way, a live network incident can be automatically resolved within several
minutes, eliminating the need to worry about frequent system breakdown.
• Service traffic sharing
▫ Huawei's multi & hybrid cloud container solution allows services to be deployed
in cloud data centers in different regions. Access latency is reduced by directing
user requests to the regional cloud provider who is closer to where the users are.
In addition, services in on-premises IDCs can be scheduled to the cloud. When the
traffic increases sharply, users can quickly expand the capacity on the cloud to
divert most traffic to pods on the cloud. After the traffic falls back, pods on the
cloud are automatically scaled in, and all traffic is returned to the on-premises
IDCs. Users do not need to maintain a large number of resources all the time,
thereby reducing costs.
• Decoupling of data and service running
▫ For users in industries such as finance and security protection, service data
sensitivity requires that related services run in the users' IDCs. With Huawei's
multi & hybrid cloud container solution, users can store data services in their on-
premises IDCs whereas deploy common services on the cloud, and manage them
in a unified manner.
• Separation of development and deployment
▫ For IP security in continuous integration (CI) or continuous delivery (CD)

scenarios, some users want to deploy the development environment in their on-
premises IDCs and deploy the production environment in the cloud. Huawei's
multi & hybrid cloud container solution can manage clusters in development and
production environments in a unified manner, implementing automatic pipeline
for online application release.
• Decoupling of computing and service running
▫ For industries such as AI, genomic sequencing, and video processing, computing
tasks are computing-intensive and usually run on GPUs, bare metal servers, and
other hardware that provides high computing power. With Huawei's multi &
hybrid cloud container solution, users can run computing services on the public
cloud where a sea of computing resources is available. Meanwhile, to avoid the
cost in using computing facilities at scale, general services are run in private
cloud or other clouds.
• With the unified scheduling capability of MCP, applications can be migrated between
different clouds in seconds, and service access traffic can be switched synchronously,
preventing vendor lock-in.
• With the cross-cloud auto scaling capability, MCP can automatically detect and
migrate instances and perform traffic switchover when a cloud environment is faulty,
without affecting user experience.
• With the traffic governance capability, ASM can automatically identify the source
regions of user access and automatically distribute traffic to service instances nearby,
reducing the service access latency in multi-cloud service deployment scenarios.
• HUAWEI CLOUD MCP is an open platform that provides various advanced capabilities,
such as service mesh, cross-cloud DevOps, and performance monitoring.
• At HUAWEI CONNECT, HUAWEI CLOUD released the multi & hybrid cloud container
solution 2.0 to continuously build leading multi &hybrid cloud container capabilities
based on the next-generation infrastructure platform Vessel.
• The number of Kubernetes clusters managed by HUAWEI CLOUD CCE is increased. Due
to technical limitations of open-source Kubernetes in scheduling, network, storage, and
monitoring, container products in the industry support only a limited number of
Kubernetes clusters. With a series of technical breakthroughs, HUAWEI CLOUD has
increased the management scale of a single cluster to 10,000 nodes and 1 million
containers, and provides the capability of quickly scaling out 100 nodes within 30
seconds.
• Everest is updated for container storage to unify the management of container

volumes. It uses Kubernetes Volume semantics to shield the differences between
multiple storage services and streamline operations such as creation, deletion, query,
migration, and backup. It also builds container storage with million-level IOPS, low
latency, and high cost-effectiveness. Everest has obvious advantages in scenarios such
as AI computing, gene data analysis, and big data processing. In the current open-
source container storage ecosystem, only the southbound standard container storage
interface (CSI) is defined, that is, the interface between the container orchestration
system and storage technology provider. Everest provides easy-to-use, large-scale, and
high-performance container storage, transforming the container storage from civil-
level to enterprise-level.
• Yangtse is unveiled for next-generation container network. In large-scale deployment
scenarios, the network provisioning and connection speed of HUAWEI CLOUD
containers increases rapidly. It takes only 1 minute to provision 10,000 container ports,
and takes less than 1 second for container network connection. Yangtse aims to build
a cloud-native container network that connects the hierarchical container network to
the underlying VPC network, eliminating communication loss and achieving the same
effect as the native cloud network.
• Glacier is upgraded for container monitoring, which supports panoramic monitoring of

cross-cloud applications and the native Prometheus ecosystem of the community. With
the cluster federation and policy engine, automatic scaling of cross-cloud applications
can be implemented within 30 seconds. Glacier aims to build container monitoring and
automatic scaling for the next-generation container infrastructure to achieve an
infinite large and stable capacity.
• Containerization of traditional services has been going on for four to five years.
HUAWEI CLOUD determines that computing tasks (jobs) are also being containerized.
Therefore, HUAWEI CLOUD launches container-based high-performance batch
computing solutions.
• High-performance batch computing provides multiple computing powers, such as

Kunpeng, x86, GPU, and Ascend in serverless mode. Volcano provides advanced job
management and intelligent scheduling capabilities. Currently, high-performance batch
computing is mainly used in gene, big data, and AI scenarios.
▫ Currently, 80% of the third-generation gene sequencing enterprises choose GCS,

which are 10 times more efficient than the traditional HPC mode.
▫ BKS improves the cost-effectiveness by 50% through storage-compute

decoupling and hybrid deployment of business services and big data capabilities.
▫ AKS uses intelligent scheduling to improve the linear acceleration ratio in large-
scale GPU scenarios, helping HUAWEI CLOUD rank top in the DAWNBench
performance tests.
• GCS supports 100,000 concurrent containers, improving the 30x WGS speed by 10
times.
• GCS uses CCI to provide flexible CPU/memory ratio and per-second billing, reducing
costs of gene sequencing analysis.
• GCS provides process engine, auto scaling, and automatic execution to reduce O&M
costs.
• In addition to Cromwell, SGE, PBS, and Slurm, GCS also support big data scheduling
engines, enabling users to provide high-value-added services through gene data
mining.
• Leading companies in the third-generation gene sequencing field have chosen GCS and
optimized the entire process. With the automated sequencing analysis provided by
GSC, companies can reduce costs and manual O&M workload.
• BKS can schedule 1,000 containers per second, which is 10 times higher than the
community solution. In addition, vertical scaling is provided to enable customers to
quickly obtain the big data computing power.
• BKS uses distributed cache and Volcano intelligent scheduling to improve performance
by 40%.
• BKS uses OBS and HDFS to decouple compute from storage and can be deployed with
services, improving cluster utilization and reducing costs by 50%.
• BKS supports auto scaling based on task requirements and unifies different service
scheduling platforms, reducing the O&M workload.
• AKS provides computing power in serverless mode, greatly facilitating algorithm
training and inference.
• AKS supports mainstream training frameworks such as TF, Caffe, MXNet, PyTorch, and
MindSpore.
• AKS uses topology affinity-based scheduling (GPU network and storage status taken
into account) to ensure high-speed communication between GPUs and improve the
linear acceleration ratio. Currently, the linear acceleration ratio of 32 GPUs is 0.97+,
which is 50% higher than that of competitors.
• AKS supports multiple computing architectures, including Ascend, improving the

computing capability by 30% compared with traditional GPUs.
• With AKS, HUAWEI CLOUD won two championships in the DAWNBench performance
test. The linear acceleration ratio of 128 GPUs reaches 0.8.
• Traditional cloud computing resources are usually billed in yearly/monthly mode, and
the resource pool size is fixed. In CCI, customers can purchase vCPU-hour packages to,
for example, shorten the computing time or cope with service access spikes by
provisioning concurrent containers at a large scale.
• CCI provides flexible container instance specifications. The CPU/memory ratio can be
1:2 to 1:8. Customers can select proper container specifications to greatly reduce costs.
• Currently, customers can use containers in three ways: purchase resources to build a
container platform, use HUAWEI CLOUD CCE, and use CCI.
• When capacity expansion is required, CCI provisions 1,000 pods that can be started
within minutes, and cluster scaling can be automatically performed. The cluster
utilization can be 100% . In the other two scenarios, customers need to manually
improve the cluster utilization.
• In this way, when using high-performance batch computing, customers only need to
specify images and container specifications. HUAWEI CLOUD will take good care of the
rest.
• Although CCI provides the serverless mode, customers can still choose to use
computing resources in shared mode.
• In shared mode, tenants' tasks are scheduled in the same cluster, which may cause
resource preemption. Customers can purchase resources in post-paid or pre-paid mode
based on resource usage.
• In dedicated mode, customers purchase underlying physical servers on a

yearly/monthly basis. Therefore, resources are secure and isolated. In addition,
customers do not need to manage these servers. They can be used in serverless mode.
Customers pay the yearly server fee and management fee.
• Answer for Q1:
▫ B
• Answer for Q2:
▫ B
• Evolution of enterprise core services is divided into: application architecture
development and integration architecture development.
▫ The application architecture evolves from the monolithic application architecture,

vertical architecture, service-oriented architecture (SOA), to the microservice
architecture.
▫ Conventional applications are developed from the monolithic architecture. To

achieve certain scalability and reliability, load balancing is introduced. Therefore,
a vertical architecture is brought in. Then, the SOA emerges, which solves the
integration and interconnection problems of application systems. The
microservice architecture is developed based on SOA. It further discusses how to
design an application system to make application development and management
more flexible and efficient.
▫ In microservice architecture, a single application is divided into a group of small

services that coordinate and cooperate with each other to provide services for
users. Each microservice runs in its own process, and a lightweight
communication mechanism is used between microservices. Usually, HTTP-based
RESTfull APIs are used. Each microservice is constructed based on specific services
and can be independently deployed in the production environment and
production-like environment.
• Integration
▫ Evolution of the enterprise integration architecture is similar to that of the

enterprise application architecture, which will go through the monolithic
architecture, mesh architecture, and enterprise service bus (ESB) in sequence, and
finally evolve to the hybrid integration architecture.
▫ In the monolithic integration architecture, the company builds service systems

based on business departments. Isolated organizations, functional teams, and
single-purpose applications result in severe information silos and difficult data
exchange.
▫ With the emergence of integration requirements, systems start to interconnect

with each other and a series of spaghetti integrations are generated. Although
the requirements for point-to-point communication between systems are met,
the interfaces are highly coupled, and the integration capabilities and experience
cannot be reused. As a result, repeated development may cause resource waste
and complex O&M.
▫ With decoupling of enterprise applications from SOA, the ESB and "integration
factory" mode are widely used. A unified organization and team are responsible
for integration implementation and O&M. However, the integration team does
not understand services and cannot provide better decision-making information
for the service team. The enterprise service boundary is fixed, so it is difficult to
interconnect the group and subsidiaries across regions. A large number of
systems in subsidiaries also need to be integrated.
▫ In the future, the enterprise integration architecture will break through the
enterprise integration boundary, integrate application APIs, messages, devices,
data, and multiple clouds, and build connections for all applications, big data,
cloud services, devices, and partners of enterprises. The traditional "integration
factory" mode controlled by the IT team will be transformed to the self-service
integration mode that is supported by the business lines, subsidiaries, application
development teams, and end users, that is, the "unified hybrid integration
platform".
• Traditional enterprises have a large number of monolithic applications. According to
the evolution roadmap of the enterprise application architecture, the application
migration analysis and design must be refined based on the classification and
characteristics of the cloudification path and target applications.
• For traditional localized applications, the policy of "retain" or "retire" can be adopted,
avoiding too much investment.
• For cloud-enable applications, the policy of "re-host" or "re-platform" can be adopted

to fully enjoy the flexibility and convenience of cloud resources and services.
• For cloud-native applications, you can redesign the architecture of monolithic

applications, reconstruct applications based on container and microservice
technologies, or purchase third-party cloud-native applications. Only data migration is
required.
• HUAWEI CLOUD provides a complete solution covering IaaS, PaaS, big data, and EI for
the application architecture of enterprise core services. The technical platform covers
the DevCloud service and provides enterprises with one-stop cloud platform and tool
services throughout the DevOps process, making software development simple and
efficient. The application running platform and application O&M platform are
enterprise-oriented application management and O&M platforms. They provide a one-
stop solution for application development, build, release, monitoring, and O&M. ROMA
is a new-generation hybrid integration platform that focuses on application and data
connection and provides message, data, API, and device integration capabilities. In
addition, HUAWEI CLOUD provides DCS, DMS, and BCS services to support high
efficient enterprise application development and convenient application migration to
the cloud.
• HUAWEI CLOUD intelligent application services are built on the cloud infrastructure.
Huawei provides a Cloud Native application base and three application innovation
platforms. Adhering to the idea of moving applications to the cloud, Huawei provides a
systematic solution for enterprises' digital transformation and intelligent upgrade. In
addition, application management capabilities are extended to multi-cloud and hybrid
clouds to build a more open ecosystem and to develop from a technical platform to an
industry enablement platform.
• Application base ServiceStage: Deepens the technical platform and simplifies the
migration of enterprise applications to the cloud.
• The three application innovation platforms are:
▫ Enterprise Business Integration Platform (ROMA): Connects all enterprise

applications and data, breaking information islands.
▫ Intelligent EdgeFabric (IEF): Enables industry intelligence by edge-cloud synergy .
▫ Blockchain Service (BCS): Focuses on people's livelihood and builds a trustworthy

society.
• HUAWEI CLOUD intelligent application services are committed to providing the best
infrastructure and innovative service solutions for enterprises' digital transformation.
With the one-stop application development platform ServiceStage, Enterprise Business
Integration Platform ROMA, Intelligent EdgeFabric IEF, and Blockchain services,
enterprise applications can be easily migrated to the cloud and digital transformation
is more intelligent.
• ServiceStage provides full-lifecycle management of applications to implement agile
DevOps. It also separates microservice governance from service code through unique
API definition, making enterprise developers focus on service logic. ServiceStage
focuses on industry enablement and works with partners to build end-to-end solutions
for industries such as digital government, smart finance, digital industry, and smart
retail.
• HUAWEI CLOUD provides a high-performance, open-source microservice solution in
the industry. It has the following advantages:
▫ Out-of-the-box microservice framework: Supports native Java and Go, and uses
Service Mesh to access applications using other languages, such as PHP.
▫ Non-intrusive microservice access: Enables microservice governance, requiring a

minimal amount of modifications.
▫ High compatibility: Compatible with microservice frameworks such as Spring

Cloud.
• As more and more enterprise applications are migrated to the cloud, the scale and
complexity of applications in the cloud are increasing, posing new challenges to O&M
of these applications. O&M services, such as AOM and APM, are applicable to large-
scale enterprise applications. They evolve in practice and build a complete set of multi-
dimensional O&M system for cloud applications.
• Multi-dimensional O&M is to monitor user applications and implement user

experience, application performance, and infrastructure monitoring. In addition to end-
to-end resources of applications, the system analyzes various O&M data and displays
the data on user-friendly GUIs using multiple visualization methods.
• Furthermore, HUAWEI CLOUD provides a one-stop application performance

optimization solution, which helps you detect, locate, and rectify application
performance problems, and monitor application performance in real time. The solution
makes you quickly roll out new services and ensure their stable running. Compared
with open-source software consumption, the test resource consumption is reduced by
more than 80%, the test environment preparation period is shortened by more than
90%, and the performance problem locating period is reduced from weeks to days.
This helps more HUAWEI CLOUD users easily cope with the peak traffic during digital
transformation.
• HUAWEI CLOUD provides the powerful full-stack container services, including bare
metal containers, Windows containers, GPU containers, VM containers, and serverless
container instances. Huawei is China's first CNCF founding member and platinum
member. Huawei is one of the world's top 3 contributors to the Kubernetes community
and has the premium container performance in the industry.
• HUAWEI CLOUD provides two types of Kubernetes services that have been officially
certified by CNCF: Cloud Container Engine (CCE) and Cloud Container Instance (CCI).
CCE is a user-dedicated Kubernetes service. Users can use CCE to control the entire
Kubernetes cluster and manage infrastructure resources and containerized services
running on Kubernetes. CCI is a serverless Kubernetes service. Users only need to
manage containerized services running on Kubernetes, and do not need to be aware of
Kubernetes clusters. Instead, HUAWEI CLOUD automatically manages them, further
lowering the threshold for Kubernetes implementation.
• SWR provides a high-performance, large-capacity, and high-security enterprise-class

private image repository and ContainerOps, a pipeline for image building and release,
to support automatic service delivery.
• In the past, enterprise informatization only addresses the issue of how to connect data
to IT systems. Nowadays, enterprise digital transformation has raised new
requirements on IT systems. The IT systems should be able to help enterprises
continuously reduce costs, improve operational efficiency, expand market scale, and
monetize data through digitalization.
• Legacy IT is mainly based on software packages. In the Cloud 2.0 era, Cloud Native
applications dominate the mainstream application systems of enterprises. One of
major challenges for enterprise digital transformation is how to bridge the time gap in
a short period of time. As government and enterprise applications are deployed in
multiple regions, bridging the space gap creates another challenge. While government
and enterprise capabilities converge, multi-enterprise collaboration becomes the norm.
How to break the openness gaps becomes the third challenge for enterprise digital
transformation.
• ROMA not only implements multi-cloud environment deployment and improves multi-
cloud and hybrid cloud integration capabilities by working with ROMA sites, but also
breaks the space gap through ROMA LINK to implement IT&OT convergence. ROMA
provides more than 50 mainstream adapters and 100 industry applications to
seamlessly interconnect with commercial software provided by SAP and Kingdee,
implementing 100% access to legacy systems. This helps implement smooth evolution
of enterprise IT systems. ROMA allows enterprises and their partners to access
applications and data that uses proprietary protocols. It also opens up all experience
assets to help enterprises and partners quickly build innovative services and
applications.
• Hardware faults: Hardware such as servers and network switches may become faulty
or partially fail. If enterprises develop or use open-source middleware, they need to
maintain the reliability of underlying hardware.
• A distributed system is a collection of independent computing nodes that provide users
with images of a single system. Networks feature high interconnection, clusters have
multiple nodes, and single systems feature transparency.
• The distributed system has the following features:
▫ Transparency: Transparency is reflected in the transparency of expansion, data

replication, concurrent processing, failure, and data access location.
▫ Scalability: Both hardware nodes and software can be scaled out.
▫ Concurrency: Coordination and concurrent processing of multiple nodes in a

cluster improve the system concurrency.
▫ Openness: The distributed system uses a hierarchical architecture, and each layer
has good openness. Users are provided with popular or standard protocols, such
as RESTful and TCP, in the industry, or open syntax, semantics, and data formats,
such as JASON and XML.
• The all in one architecture of conventional applications leads to low resource
utilization, poor scalability, and low reliability. For example, if an e-commerce system
uses the all in one architecture, the system capacity can be expanded only by multiples
of the entire system specifications before the promotion. But it cannot be expanded by
cache or database respectively, for example, five times of cache expansion (the
number of login times increases sharply) or two times of database expansion (the
actual user data increases by about two times).
• In such a closed architecture, it is difficult to modify services or add service modules

because all modules directly interact with the database in serial mode. Also, reliability
of the entire system is poor. If the database is faulty, all service processes are affected.
After the distributed message queue is added, application modules can be decoupled.
When a service module is faulty, other modules that are concurrently operated are not
affected. This greatly enhances the system reliability.
• Redis cloud service features
▫ High performance: 100,000+ QPS per instance.
▫ Zero application modification: Supports mainstream open-source Redis 3.0, 4.0,

and 5.0.
▫ Data security: Tenants are physically isolated and can be deployed across AZs
and regions to ensure data security and reliability.
▫ Flexible specifications: Provides single-node, master/standby, and cluster

instances, available from 128 MB to 1 TB.
▫ Auto scaling: Instance specification can be scaled up online to accommodate

service expansion.
• IMDG is shorted for in-memory data grids, which is a key-value memory database
providing high-performance and memory-distributed data organization and
management between applications and different data sources.
• Key features
▫ 100% open-source compatibility: Multiple specifications are provided and can be

used on demand. The Kafka and RabbitMQ engines are supported.
▫ Security assurance: VPC isolation, SSL channel encryption, and message

encryption storage are supported. In addition, DMS optimizes the message
engines to fix open-source security issues abiding by carrier-grade security
standards.
▫ Enhanced functions: one-click capacity expansion, message query, message dump,

and message encryption storage.
▫ Hundreds of millions of messages stacking: Storage and instance specifications

can be dynamically expanded to support tens of millions of concurrent requests
and enterprise-level high-performance applications.
▫ Reliable message storage: Node anti-affinity deployment, cross-AZ deployment,

data replication, synchronous flushing to disks, and clustered deployment ensure
high reliability of data and services.
• Microservice aims at improving the delivery efficiency and shortening the delivery
period. It works based on cloud native and optimizes the architecture.
• After the automatic test, continuous integration, continuous deployment, environment

management, and data management are partially optimized, architecture optimization
and decoupling should be achieved to shorten the delivery period.
• The evolution architecture (Neal Ford, 2015/Thoughtworks) aims to improve the

capability of responding to architecture changes and adapt to the ever-increasing
service competition and diversified IT changes in the future.
• The advantages of microservices are as follows:
▫ Each service is simple and you only need to focus on one service function.
▫ Each service can be independently developed by different teams.
▫ Microservices are highly cohesive and low coupling.
▫ Microservices can be developed using different programming languages and

tools.
• High O&M cost: The O&M process must be automated to ensure performance, and
ensure that dozens or even hundreds of processes are running properly, the disk space
is not used up, and no deadlock occurs.
• API dependency: Services communicate with each other depending on APIs. An API
change of a service affects other services.
• Complexity of the distributed system: As a distributed system, microservices introduce

complexity and other thorny problems, such as fault tolerance, network latency,
message serialization, and asynchronous communication.
• As we all know, many enterprise services are now migrated to the cloud. How to
monitor resources in real time and plan long-term resources for these cloud services?
How to monitor application services in real time to ensure their normal running? For
various complex application services with distributed architecture and microservices,
the service dependency and calling relationship increase exponentially. It is difficult to
perform association analysis on scattered logs on each server. How to quickly locate
the root cause when a problem occurs?
• For more complex and distributed service systems, O&M personnel need to
comprehensively manage the system running status, including resources and cloud
services. In addition, timely response to various problems is the O&M objective.
• However, how to manage resources, services to be migrated to the cloud, cloud

services, and even service user experience? Common monitoring tools, such as Zabbix,
Zipkin, and Logstash, have different focuses. After services are migrated to the cloud,
there are many tools, and the usage and maintenance costs are high. In addition,
distributed and complex applications have a large scale of resources and microservices.
After these applications are migrated to the cloud, system and resource problems are
difficult to trace, logs are scattered, root causes are difficult to locate, dependencies
between microservices are difficult to associate, and real user experience is difficult to
master.
• HUAWEI CLOUD O&M solution provides one-stop O&M at the infrastructure,
application, and application performance layers. The application here refers to the
cloud service. As shown in the figure, applications are deployed on ECS servers. The
collector is also installed on the cloud server, and the probe is installed in the
application. Collectors are used to collect O&M and running data such as metrics, logs,
and events. Probes are used to collect data such as tracing and user experience of
applications. Collectors and probes collect infrastructure, application, and user
experience data, analyze and process the data, and display the data through
monitoring metrics, logs, topologies, transactions, and call chains, implementing
comprehensive O&M of resources, cloud services, and user experience. IT managers,
O&M personnel, and developers can obtain the required information in one-stop mode
to complete cloud O&M.
• As shown in the figure, the infrastructure, application, and performance management

layers are different, and the collectors and probes are separated. This also meets the
O&M requirements for cloud services of different scales. If O&M of the infrastructure
and application layers is considered as basic O&M, O&M of the performance
management layer is considered as advanced O&M. After collectors are installed, basic
O&M capabilities can be obtained and basic O&M can be implemented through
metrics, monitoring, logs, and alarms. You can install probes in applications to obtain
advanced O&M and perform advanced monitoring, performance analysis, and user
experience of applications through topologies, transactions, and call chains.
• Application Operations Management (AOM) monitors hundreds of O&M metrics of
cloud services, middleware, and cloud resources in real time. It uses the O&M
knowledge base and AIOps engine to quickly detect and diagnose exceptions, ensuring
stable service running.
• Application Performance Management (APM) monitors and manages cloud
application performance and faults in real time. It provides professional distributed
application performance analysis capabilities to quickly locate application problems
and resolve performance bottlenecks in the distributed architecture, ensuring user
experience.
• The difference between AOM and APM is that AOM focuses on monitoring, logs, and
alarms, while APM focuses on applications and tracing. APM can directly locate root
causes of exceptions and assist in performance problem analysis.
• Next, let's look at the capabilities of the O&M solution.
• Unified O&M monitoring and management: resources, applications, and services are
monitored and analyzed in a one-stop manner.
▫ This is an overview diagram. You can view four pieces of information.
▪ The application performance monitoring card in the upper left corner

displays the application throughput, latency, and application performance.
This card helps you quickly learn about the application status.
▪ User experience monitoring card in the upper right corner displays the
device user information, number of service errors, throughput, latency, and
top regions.
▪ The infrastructure monitoring card in the lower left corner displays the
status and usage of hosts and disks.
▪ The statistical information card in the lower right corner displays the alarm,
notification, and resource usage trend.
▪ These cards help you quickly learn about resources and applications.
• Application and resource association analysis: automatic association at each layer to
directly locate exceptions.
▫ Automatic association at each layer refers to the association between

applications, services, instances, and resources. For example, the VMALL
application is filtered out. As shown in the figure on the left, the VMALL
application corresponds to four services, four instances, and one host. The score
is the ratio of the normal score to the total score. For example, the preceding
information indicates that two of the four services are abnormal.
▫ If the application is displayed red, the application is abnormal. Click the

application to open the dashboard and view the application metrics. There is an
error call here.
▫ The host is also abnormal. You can open the host topology and view information
about the instance, graphics card, and NIC. The alarm analysis result shows that
an exception occurs. You can view alarms to locate the fault.
▫ In this way, applications are automatically associated with resources.

• Log management: high-performance search and service analysis, exploring the
business value of logs.
▫ Log management provides real-time log storage and analysis for applications
running in HUAWEI CLOUD. The capabilities include log data collection, mass log
search, log storage and dump, log subscription, and keyword statistics report.
Logs are collected from ECS servers. You can collect logs in a specified directory
or in a specified file, such as container logs, system logs on servers, and service
logs on servers. After logs are collected, they are processed by log cleaning, real-
time analysis, SQL engine, and intelligent clustering. Then, you can view, search,
and dump logs in real time on the log management page.
▫ Real-time log viewing is to view the latest log content in real time, which is
usually used for real-time analysis.
▫ Sometimes, you need to find some key information about exceptions or errors
from logs. That is, you need to search for logs. AOM supports search by time,
keyword, SQL host, system, and service. You can also view the context after
retrieval.
▫ The collected AOM log data is stored in the log service cluster for a maximum of
seven days. If you need to dump logs to another location for a long time, you can
use the log dump function. AOM can dump logs to Object Storage Service (OBS)
in HUAWEI CLOUD. You can obtain logs from OBS.
▫ If you need to export logs to a local PC for analysis, you can use the export
function to export the logs in CSV or TXT format.
• Application topology: Application relationships and exceptions are clearly displayed,
and faults can be precisely located through drilldown. The topology displays the calling
and dependency relationships between applications in a visualized manner. It is
composed of circles, lines with arrows, and resources. Each circle represents an
application, and each segment in the circle represents an instance. The score in each
circle indicates the number of instances that are being called/the number of available
instances. The content under the score indicates the number of times that the
application is called, the response latency, and the number of errors in the selected
time period. Each line with an arrow represents a call relationship. Thicker lines
indicate more calls. The data on the line indicates the number of calling times and the
overall latency. The topology uses Apdex to quantify user satisfaction and uses
different colors to identify Apdex values in different ranges. Red indicates poor user
experience, yellow indicates average user experience, and green indicates satisfactory
user experience. For incorrect calls and calls with poor experience, you can view the
tracing to further locate the cause. You can also filter topologies by time, transaction,
or topsql.
• Service session monitoring: Monitors the KPI data of each transaction to improve user
experience. VMALL is an e-commerce application. The main transaction line is as
follows: Log in to the website, select an offering, place an order, and pay for the
offering. This is the service session. In this service, the latency and errors in each
process affect the user experience. Apdex is a user experience standard in the industry.
From the perspective of users, it converts the application response time into the user
satisfaction evaluation. The quantitative range is 0 to 1. A smaller value indicates
poorer user experience. An Apdex threshold is estimated based on the VMALL
performance test. If the response time is within one time of the threshold, the user is
satisfied. If the response time is within 1 time to 4 times of the threshold, the user is
tolerable. If the value is greater than four times, the user is annoyed. Service session
monitoring uses numbers to quantify the number of calling times, errors, latency, and
Apdex of the entire service. In this way, errors and slow responses are obvious. For an
error or slow response, you can also view the transaction topology, that is, view the
relationship between the transaction and other services and evaluate the impact scope.
Threshold alarms can be set to ensure quick response when exceptions occur. You can
view the call relationship to find the code that is related to the slow response or to the
error.
• In a word, service session monitoring enables you to understand the behavior of end
users for development decision-making. You can also quickly detect the service status
and diagnose abnormal applications.
• Answer:
▫ AB
• Answer:
▫ A
• Answer:
▫ A
• Answers:
▫ B
▫ B
▪ TP99 is calculated as follows: In the four requests, the number of 99%

requests is 4*99%, and the rounding value is 4. That is, the number of 99%
requests is 4. The minimum time required for the four requests is 500 ms.
That is, the TP99 latency is 500 ms.
• DevOps is a trending topic in recent years. DevOps has a profound meaning and
involves a wide range of technologies, which pose big challenges to enterprises.
Therefore, being a master hand at DevOps is not an easy task.
• First, let's have a brief introduction to the HUAWEI CLOUD capabilities involved in this
platform.
▫ To address the challenges in enterprise and industry digital transformation,

HUAWEI CLOUD launched the first full-lifecycle application platform that covers
the entire lifecycle of applications.
▫ The full-lifecycle application platform consists of four states from left to right as
shown in the diagram.
▫ Since 2016, HUAWEI CLOUD has launched services such as the application
development platform DevCloud, application running platform ServiceStage, and
application O&M platform AOM. These services used to be independent from
each other in the past.
▫ This time, we deeply integrate application models, service scenarios, operation

processes, and APIs to adapt the services to enterprise scenarios and enhance
scenario-specific support and experience.
▫ The full-lifecycle application platform is built through seamless integration of

DevCloud, ServiceStage, and ROMA, focusing on application development,
hosting, O&M, and integration.
▫ The core measure of enterprise digital transformation is reforming the

application development, running, O&M, integration, operation model, and
business model with cloud being the foundation.
• The platform can provide support for the digital transformation.
• The platform features:
▫ E2E DevOps platform
▫ Microservice capabilities in all-scenarios
▫ Smooth service migration to the cloud
▫ Intelligent analysis of a large amount of application lifecycle data including R&D

data, service data, O&M data, and integrated data
• It is hard to see the value of these data when they are scattered in isolated systems.
Once the data are aggregated from the perspective of applications, valuable operation
data can be generated through big data analytics and mining.
• For example, visualized dashboard, trend analysis, and intelligent prediction can help
enterprises optimize R&D efficiency, improve user experience, and even assist key
decision making.
• In 2015, three services were launched for the first time. During 2016 and 2017, eight
services have been rolled out. By now, more than 15 services have been rolled out.
• The entire application development process is covered.
• Industry standards: leading the development of DevOps standards in the industry;

covering all major DevOps standard capability domains.
• Market progress: adopted by 30+ city campuses, 24 universities in Project 985, 300,000
professional developers, and 400,000 projects.
• Domains covered:
▫ Requirements, development, test, release, O&M, and operations
▫ Leading the development of DevOps standards in the industry; covering all major
DevOps standard capability domains.
▫ Adopted by 30+ city campuses, 24 universities in Project 985, 300,000

professional developers, and 400,000 projects.
• Providing capabilities such as microservice design, Huawei microservice development
framework, registration and discovery, microservice test, governance, and O&M.
• Expert service:
▫ Introduce microservice services, design, ServiceComb, test, CSE, and O&M one by
one.
▫ Cloud Performance Test Service (CPTS) is a cloud service that provides API and
E2E performance tests of applications, which are built based on HTTP, HTTPS,
TCP, UDP, WebSocket, RTMP, or HLS. The rich capability of test model definition
can be used to restore scenarios of large-scale concurrent service access, helping
users identify application performance problems in advance.
▫ CloudTest is a one-stop test platform that allows developers to conduct API and
performance tests and manage these tests in the cloud. Developed on the basis
of the DevOps agile testing concept, CloudTest helps developers improve
management efficiency and deliver high-quality products.
• Cloud Service Engine (CSE)
▫ CSE is a high-performance microservice framework offering one-stop service

registration, governance, dynamic configuration, and a distributed transaction
management console. With CSE, user can develop their applications faster and
maintain them efficiently. ServiceComb, Spring Cloud, and service mesh are
supported.
▫ Application Operations Management (AOM) is a cloud-based O&M platform for

O&M, development, and operations engineers, and IT managers. It monitors
running and operations data in real time in the form of logs, metrics, and events,
enabling you to monitor resources and cloud services in a unified manner and
implement one-stop cloud O&M. Hundreds of O&M metrics such as cloud
resources, networks, middleware, cloudification services, mobile apps are
supported.
▫ Application Performance Management (APM) monitors and manages enterprise

application performance and cloud services in real time, helping enterprises
quickly resolve problems in distributed architectures and analyze performance
bottlenecks to improve user experience.
• Industry contribution:
▫ In 2017, we donated ServiceComb, Huawei's microservice framework, to Apache

and launched HUAWEI CLOUD CSE in 2018. This year, we further integrated
HUAWEI CLOUD API Gateway (APIG) and CPTS to build an E2E one-stop
microservice management platform covering microservice design, development,
test, governance, and O&M. In addition, expert service is provided throughout the
process to help enterprises efficiently implement microservice transformation of
application architectures.
• Enterprise digital transformation is a complex systematic project, involving changes in
the R&D process, R&D model, business model, organization, and culture.
• The transformation cannot be accomplished overnight. It should be smoothly

implemented step by step through continuous sprint and improvement.
• Mature and stable approaches are provided as follows:
▫ DevCloud: stories of R&D cloudification
▫ ServiceStage: stories of service cloudification
▫ ROMA: an integration platform

• The ultimate goal of enterprise digital transformation is business success.
• We hope to help enterprises continuously improve, gradually form a virtuous cycle, and
implement operation data-driven improvement, and value-driven investment.
• Continuous aggregation of full-lifecycle data: various types of data
• Analysis of a massive amount of data: based on Huawei DAYU
• Cultivating data monetization capabilities: 4 points

• HE2E is Huawei E2E DevOps implementation framework. Based on industry-leading
practices and 30 years of R&D experience, we have developed a practical Agile
development methodology, which is supported by the DevCloud tool chain.
• The diagram shows the HE2E DevOps implementation framework.
• This framework integrates the industry methodologies and practices with Huawei's
DevOps experience, which are then implemented in the tool chain of Huawei
DevCloud.
• Steps 1 and 2 in the diagram represent the process of product planning between
service personnel (even customers) and technicians to sort out the overall product
logic, implementing product planning and design, and controlling the requirement
granularity and splitting.
• The essence of software development is to solve problems and deliver user value, not
simply providing functions. Therefore, we need to identify what user requirements and
root causes are. This is where impact mapping comes in.
• User stories are carriers of objectives and requirements. We tell stories based on user
scenarios to facilitate information exchange between customers, service personnel, and
developers. In this process, it is easy to get lost when scattered requirement items pile
up. User story mapping can help you solve this problem. Major phases and their
detailed activities can be sorted and displayed in a tree structure according to user
scenarios. In this way, you can intuitively see both the objectives and their detailed
requirements items.
• HUAWEI CLOUD DevCloud supports product planning, design, and agile project
management.
• In the product design phase, you can design product framework using mind maps.
• Requirements are associated with product design. The hierarchical structure of epic,
feature, and backlog allows you to manage the details of a requirement.
• Use sprint and Kanban to track the project progress and work item completion status.
• ProjectMan is a cloud service that provides agile project management and
collaboration for software development teams. It integrates Huawei's more than 30
years of advanced software R&D concepts and practices.
• Cloud-based deployment is based on the powerful infrastructure of HUAWEI CLOUD. It

is out-of-the-box and allows team members to collaborate anywhere at anytime. In
addition, it seamlessly integrates with other HUAWEI CLOUD DevCloud services to
provide full-lifecycle management for applications and enable team collaboration for
software development.
• Agile project management helps you solve problems listed on the left.
• There are two types of preset project templates: Scrum project template and Kanban
project template.
▫ Scrum projects follow the strict Agile Scrum methodologies and practices, which
are suitable for agile software development teams.
▫ Kanban projects use cards for interaction. It is suitable for lightweight and simple
management of software development teams.
• Multiple basic features of software project management are provided. These features
include project management, requirement planning and management, defect
management, sprint plan management, customized workflow, progress tracking,
statistics reports, dashboard, Wiki online collaboration, and project document hosting.
ProjectMan enables E2E, efficient, transparent, and visible management.
• Requirement planning and splitting
• Customer requirements or initial requirements are usually abstract or macro. The

essence of customer requirements needs to be analyzed and understood. In this way,
these requirements can be planned and split into the smallest work items that can be
delivered in each sprint.
• The four-layer model epic-feature-story/bug-task, which is recommended in Agile

practices, has been preset in HUAWEI CLOUD Scrum projects.
• In the development and testing phase, DevCloud provides support for code
management and code quality control.
• CodeHub is a Git-based online code hosting service for software developers. It is a

cloud code repository with functions such as security management, member and
permission management, branch protection and merging, online editing, and statistics.
The service aims to address issues such as cross-distance collaboration, multi-branch
concurrent development, code version management, and security.
• CodeCheck is a cloud-based management service that checks code quality. Developers

can easily perform static code and security checks in multiple programming languages
and obtain comprehensive quality reports. CodeCheck also provides suggestions on
correcting encoding bugs and analytical breakdowns to identify potential problems
before the code is compiled to run, effectively controlling quality throughout the
process.
• CloudTest is a one-stop test platform that allows developers to conduct API and
performance tests and manage these tests in the cloud. Developed on the basis of the
DevOps Agile testing concept, CloudTest helps developers improve management
efficiency and deliver high-quality products.
• CodeHub features:
▫ You can read, modify, and commit code online. CodeHub enables you to develop
code anywhere at anytime.
▫ Online branch management, including branch creation, switchover, and merge.

You can develop multiple branches concurrently and efficiently.
▫ Branch protection prevents branches from being committed or deleted by others.
▫ IP address whitelists allow you to perform region control. HTTPS is supported. In

this way, unauthorized code pull is blocked to ensure data transmission security.
▫ Password reset frees you from worrying about forgetting passwords.
• Security:
▫ Security advantages of DevCloud and CodeHub

• What Is CloudTest?
▫ CloudTest is a one-stop test platform that allows developers to conduct API and
performance tests and manage these tests in the cloud. Developed on the basis
of the DevOps agile testing concept, CloudTest helps developers improve
management efficiency and deliver high-quality products.
▫ Test management incorporates concepts such as full-lifecycle tracing, multi-role

collaboration, agile test, and requirement-driven test, covering test requirement
management, task assignment and execution, progress management, coverage
management, result management, defect management, test reports and
dashboard, and one-stop manual and automatic test management. Test
management can be tailored for different teams and processes, supporting
product quality evaluation from multiple perspectives, efficient test activity
management, and quality product delivery.
• API test allows you to quickly orchestrate API test cases based on the API URL or
Swagger files. It integrates pipelines, and supports microservice testing and layered
automatic testing. No code compiling is required for test cases. The technical barrier is
low. Therefore, these test cases can be used by different roles such as API developers,
API consumers, test personnel, and service personnel. You can import the swagger API
definition in a few clicks to automatically generate a script template, based on which
you can orchestrate and manage automated test cases of APIs. HTTP and HTTPS
supported; a visualized case editing interface; various preset check points and built-in
variables; customized variables; parameter transfer; and continuous automated testing.
• Key features of CloudTest:
▫ Manual and automatic test cases are designed in a unified manner. Test case
classification, prerequisites, procedure, and expected results are provided to guide
test case design.
• Suite management assembles manual or interface test suites based on test cases. A
test suite is used to manage a group of test cases. Generally, a test suite can be used
to perform multiple rounds or sprints of regression tests. You can create a manual test
case suite or interface test case suite based on the test case type.
• Application scenarios: Internet, gaming, and finance
▫ Cloud Performance Test Service (CPTS) is a cloud service that provides API and
E2E performance tests of applications, which are built based on HTTP, HTTPS,
TCP, UDP, WebSocket, RTMP or HLS. The rich capability of test model definition
can be used to restore scenarios of large-scale concurrent service access, helping
users identify application performance problems in advance.
▫ CPTS provides distributed pressure tests and is widely used in various industries,
such as the Internet, digital marketing, Internet of Vehicles (IoV), and finance.
• E-Commerce Flash Sale Tests
▫ E-commerce flash sale is characterized by large-scale user concurrency, multiple

burst requests, and repeated access attempts. Guaranteeing the availability of
websites under heavy load is key.
• Advantages
▫ Scenario simulation: CPTS simulates millions of instantaneous concurrent

requests in seconds, and simulates a heavy-load website in a test model.
▫ Professional test report: CPTS provides statistics collected based on the response
latency range, reflecting user experiences.
▫ Retry for failed users: User-defined comparison of results calculated by using

expressions enables login retry.
▫ Figure 1 E-commerce flash sale tests

• Advantages:
▫ CPTS provides a one-stop performance test solution, helping you identify the
performance bottlenecks of applications in advance.
▫ Cost-efficient simulation of ultra-high concurrency
▫ CPTS provides private test clusters for you. In such a test cluster, a single
execution node can simulate virtual users in the tens of thousands, and the entire
test cluster can simulate virtual users in the millions.
▫ CPTS simulates millions of instantaneous concurrent requests. In this way,

enterprises can identify application performance bottlenecks in high concurrency
scenarios and prevent system breakdown caused by a large number of access
requests. CPTS is easy to operate and greatly shortens the test time.
▫ CPTS supports execution of multiple concurrent tasks. It enables you to test the
performance of multiple applications at the same time, greatly improving the
test efficiency.
▫ Flexible and fast performance test, achieving quick application rollout

▫ Flexible protocol customization: HTTP/HTTPS tests are used to test the
performance of various applications and microservice interfaces developed based
on the HTTP/HTTPS protocol. TCP/UDP/WebSocket tests support the string and
hexadecimal code stream modes, which meet the data construction requirements
of various non-HTTP protocols. HLS/RTMP streaming tests are supported.
▫ Flexible combination of multiple transaction elements and test task phases: CPTS
provides flexible definition of data packet and transaction, as well as simulates
scenarios where multiple users perform transaction operations during traffic
peaks and troughs of test tasks. All these features make CPTS suitable for
complex scenario tests. In addition, CPTS allows you to specify the number of
concurrent users for each transaction at each period and simulates instantaneous
service traffic.
▫ On-demand use of resources in performance tests

• Features
▫ CPTS provides tests for HTTP/HTTPS/TCP/UDP/WEBSOCKET/RTMP/HLS-based

applications with high user concurrency. It allows you to flexibly define multi-
protocol packet contents, transactions, and test task models. CPTS also allows
you to view performance statistics, such as concurrency, transactions per second
(TPS), and response latency in real time or in offline mode. Additionally, CPTS
performs management of test resource groups based on the changes in required
performance test scales. This management includes creating and scaling of
private test resource groups.
• Multi-protocol and high-concurrency performance tests
▫ Quickly define standard HTTP/HTTPS/TCP/UDP/WEBSOCKET/RTMP/HLS packet

contents. You can send pressure test traffic to different tested applications
through simple adjustment. Based on the service requirements of tested
applications, CPTS allows you to define any fields in
HTTP/HTTPS/TCP/UDP/WEBSOCKET/RTMP/HLS protocol packets, for example,
configuring and editing the GET and POST methods of HTTP, as well as the
uniform resource locator (URL), header, and body fields.
▫ Defining the behavior of virtual users for different test scenarios. You can specify
the interval for sending requests of the same user by setting the think time, or
define multiple request packets in a transaction to set the number of requests
initiated by each user per second.
▫ Customizing the response result verification to provide more accurate standards
for determining successful requests. CPTS allows you to configure check points
based on your service requests. After obtaining response packets, CPTS verifies
their response code and header fields. Only response packets meeting the
specified conditions are regarded as normal responses.
▫ Test task models can be customized to support complex scenario tests.
▫ With multiple flexible combinations of transaction elements and test task phases,
CPTS helps you test application performance in scenarios with different user
operation types and concurrent user operations.
▫ A transaction can be used by multiple test tasks, and multiple test phases can be
defined for a transaction. In each test phase, you can define the test duration,
number of concurrent users and tests, as well as simulate complex scenarios with
different traffic peaks and troughs. Figure 2 Tests in complex scenarios
• A cloud-based development environment of DevCloud. It provides a workspace
(including the editor and runtime environment) that can be configured as required and
quickly obtained. It supports environment configuration, code reading, writing,
building, running, debugging, and preview. It can connect to multiple code repositories.
• Application scenarios:
▫ Application: service-oriented web application
▫ Scenario characteristics: Developers cannot perform development due to the lack

of local environment. Now developers can access CloudIDE on web page to
develop anywhere at anytime.
▫ Application: CloudIDE is suitable for container-based service-oriented web

application development. It enables quick setup of a consistent development
environment and online code developing at anytime.
• Continuous integration (CI) refers to the delivery of an individual's work to the entire
software development. It uses frequent integration to quickly detect errors. Continuous
integration originates from Extreme Programming (XP) and is one of the first 12
practices of XP.
• Requirements of CI: comprehensive automatic testing. This is the basis for continuous
integration and continuous deployment. In addition, it is important to select proper
automatic testing tools; flexible infrastructure. Containers and virtual machines free
developers and QA personnel from heavy burdens; version control tools, such as Git,
CVS, and SVN. Tools for automatic build and software release processes, such as
Jenkins and flow.ci; feedback mechanism. For example, if a build or test fails, the
owner can be quickly notified to solve the problem as soon as possible to ensure a
more stable version.
• HUAWEI CLOUD DevCloud enables enterprises to build CI/CD capabilities through

automatic compilation, build, deployment, release, and pipelines.
• CloudPipeline provides visualized and customizable automatic delivery pipelines to
shorten the delivery period and improve delivery efficiency.
• CloudPipeline has the following features:
▫ Five task types are supported: build, code check, sub-pipeline, deployment, and
pipeline control.
▫ Tasks in each pipeline stage can be executed in serial or parallel mode.
▫ Execution status and execution logs can be reported.
▫ Software packages can be downloaded.
▫ Tasks can be executed independently.
▫ Progress statistics is supported.
▫ Parameter-based pipeline execution is supported.
▫ Pipeline execution history is provided.
▫ Subtasks can be queried.
▫ Pipeline statistics is supported.
▫ Pipelines can be executed periodically.

• CodeCheck is a cloud-based code quality management service for software developers.
It supports mainstream development languages, such as Java, C/C++, Android (Gradle),
PHP, Python, JavaScript, Web, and CSS. Code static check, architecture check, security
check, issue check, quality scoring, and code defect rectification trend analysis can be
performed online in multiple languages to facilitate code quality control.
• CodeCheck helps you quickly locate code defects and provides examples and
rectification suggestions.
• You can switch to the code repository to perform online debugging in one click.
• Huawei typical check rule sets are provided, or you can customize your check rule sets
to flexibly adapt to project requirements.
• Check the code in one click and fix defects in batches.
• CodeCheck has the following features:
▫ Code check in multiple languages is supported.
▫ Huawei's typical check rules are provided to support web security architecture
and code check.
▫ Check rule set customization
▫ Code defects can be sorted by multiple dimensions to allow you prioritize your
work.
▫ Impact description, modification examples, and suggestions are provided for code
defects.
▫ Click code defects to go to specific code lines to quickly check the code.
▫ Go to code repository in one click to edit code online.
▫ Code defects can be quickly and efficiently handled in batches.
▫ Code check can be performed in a regular basis.
▫ Code check results are sent by emails.
▫ Professional code quality scoring.
▫ Problem statuses are shown to provide guidance for daily improvement and
closure of projects.
▫ Quality trend analysis demonstrates the root causes of historical issues,

facilitating continuous improvement.
• CloudBuild provides an easy-to-use code compile and build platform that supports
multiple programming languages in the cloud. It helps enterprises improve build
efficiency.
• What Is CloudBuild?
• Build is the process of converting source code into a target file and packaging the
configuration file and resource file.
• HUAWEI CLOUD DevCloud CloudBuild is an easy-to-use code compile and build

platform in the cloud that supports multiple programming languages. It helps
enterprises with more efficient and faster continuous delivery. CloudBuild enables you
to easily create, configure, run, and monitor build jobs, and automates code obtaining,
building, and packaging.
• CloudBuild Features
▫ Container-based build
▫ DevCloud supports two types of container images:
▫ System image: supports the build and packaging using popular languages and
tools.
▫ Custom images: HUAWEI CLOUD Software Repository for Container (SWR) and
Docker Hub are supported. You can customize application images for multi-
language compilation.
▫ Cache mechanism for faster build
▫ If the dependency package has to be downloaded from the repository each time
for a build with Maven or Gradle, the build process will be very slow. CloudBuild
uses HUAWEI CLOUD EFS to cache dependency packages. CloudBuild attempts to
obtain the package for a build from the cache first. Only if no package is found
in the cache will the package be downloaded from the repository.
• MobileAppTest is a mobile compatibility test service provided by Huawei and TestBird.
It provides top models and hundreds of test experts. Leveraging image recognition and
app control recognition, the service generates compatibility test reports for apps. The
test reports generated include system logs, screenshots, error causes, CPUs, and
memory.
• The MobileAppTest has the following features:
▫ Comprehensive models: Top models are provided, covering 98% of mainstream

models; Quickly launching new mainstream models.
▫ Automatic testing: No test script or manual case compilation is required. You only
need to submit the Android and iOS application installation files and select the
test package to generate a detailed test report.
▫ Deep and fast tests: In-depth tests cover compatibility issues such as UI
exceptions, crash, suspension, program exceptions, and black screen. You can
quickly obtain a professional and complete test report by submitting a task.
▫ Detailed online test reports can be downloaded by one click. Detailed test
analysis, problem context, screenshots, and logs are provided.
▫ It enables you to quickly locate and resolve problems. Detailed problem

description is provided. It supports operation screenshots and log correlation
analysis, impact ranking, and multi-dimensional problem filtering, such as
terminal, to help accurately locate problems.
• CloudDeploy provides visualized, one-click deployment services. It supports deployment
on VMs or containers by using Tomcat, Spring Boot, and other templates or flexibly
orchestrated atomic actions. It also supports parallel deployment and seamless
integration with CloudPipeline, providing standard deployment environments and
implementing automatic deployment.
• What Is CloudDeploy?
• CloudDeploy provides visualized, one-click deployment services. It supports deployment

on VMs or containers by using Tomcat, Spring Boot, and other templates or flexibly
orchestrated atomic actions. It also supports parallel deployment and seamless
integration with CloudPipeline, providing standard deployment environments and
implementing automatic deployment.
• CloudDeploy has the following features:
▫ Tomcat, Spring Boot, PHP, CCE, and other templates are predefined for fast task
creation. More than 20 atomic actions are provided for flexible task
orchestration.
▫ A deployment task can be deployed on multiple hosts and host groups. Logs are
generated for each atomic action, enabling quick fault locating and rectification
in the case of deployment failure.
▫ You can define and save your own templates.
▫ Parameters can be set and dynamically executed.

▫ Seamless integration with CloudPipeline is supported, and the pipelines can
execute parameters.
• How Does CloudDeploy Work?
• CloudDeploy provides two deployment types:
▫ To deploy on VMs, you can either manually upload a software package to the
software release repository or create a build task to save a software package to
the software release repository. The deployment task uploads the software
package and installs it on the cloud host.
▫ To deploy in containers, you can either manually upload an image to the

container image repository or create a build task to save an image to the
container image repository. The deployment task uploads the image to the
container image cluster.
• A cloud service for software release and management. Secure software repositories
allow you to manage software packages and their metadata, download release
packages, and release software, achieving continuous delivery.
• CloudRelease helps software development enterprises manage the software release

process in a standardized, visualized, and traceable way.
• CloudRelease focuses on and manages the to-be-deployed software packages (usually

built by or packed from the source code) and their lifecycle metadata. The metadata
includes basic attributes such as name and size, source code, build time, tests
conducted, and deployment environment.
• The management of software packages and their attributes is the basis of release
management. The common software development process is shown below:
• CloudRelease provides two types of repositories:
▫ Software release repository: It is used to manage all software packages

generated by building or packing and their lifecycle attributes.
▫ Private dependency repository: Unlike open-source central repositories such as

Maven Central Repository, the private dependency repository is used to manage
an enterprise's public components. It supports multiple languages and
dependency package management tools such as Maven and npm.
• Mirrors is provided by DevCloud for quickly downloading a wide variety of trustworthy
open-source components, operating systems (OSs), and DevOps tools.
• Mirrors is developed and maintained by the HUAWEI CLOUD DevCloud team.

DevCloud is dedicated to building a cloud-based one-stop DevOps tool service that
simplifies software development. Mirrors provides multiple types of software
installation sources and ISO download services, covering seven languages including
Maven, NPM, and PyPI, 20+ OS images including Ubuntu, CentOS, and Debian, and
common tool images such as MySQL and Nginx. It is dedicated to providing users with
comprehensive, high-speed, and trustworthy component download service.
• Cloud Container Engine (CCE) is a high-performance, high-reliability service through
which enterprises can manage containerized applications. CCE supports native
Kubernetes applications and tools, allowing you to easily set up a container runtime
environment on the cloud.
• Easy to use
▫ One-click creation of container clusters; one-stop deployment and O&M of

containerized applications; Kubernetes and Docker out of the box; Deep
integration of Istio
• High performance
▫ Multiple types of heterogeneous infrastructures are supported, such as high-

performance HUAWEI CLOUD VMs, BMSs, and GPUs. The bare-metal NUMA
architecture and high-speed InfiniBand network cards yield three- to five-fold
improvement in computing performance.
• Enterprise-grade functionality
▫ High reliability through 3 masters on the cluster control plane; node and
application deployment across AZs. High security as clusters are private to users
and subject to role-based access control (RBAC).
• Answer for Q1:
▫ B
• Answer for Q2:
▫ A
• Key capabilities of HUAWEI CLOUD Intelligent Data Lake
▫ DAYU: Faster enterprise innovation with all-domain data management and one-
stop data governance
▫ Multi-architecture computing: Fully compatible with the open source big data
ecosystems, accelerated kernel data, and industry-leading performance
▫ Enterprise-class data warehouse: Cutting-edge performance with GaussDB

kernel-based cloud data warehouse and HTAP technique
▫ AI assistance: Data and AI collaboration for all-domain data processing
▫ Kunpeng + Decoupled storage and computing: Multi-dimensional computing and

elastic scaling nodes provided for minimum storage use
• Hive is a data warehouse infrastructure built on top of Hadoop. It provides a series of
tools that can be used to extract, transform, and load (ETL) data. Hive is a mechanism
that can store, query, and analyze massive amounts of data stored on Hadoop. Hive
defines simple SQL-like query language, which is known as HiveQL. It allows a user
familiar with SQL to query data.
• The new execution engine Tez is used to replace the original MapReduce, greatly
improving performance. Tez can convert multiple dependent jobs into one job, so only
one HDFS write is required and fewer transit nodes are needed, greatly improving the
performance of DAG jobs.
• The big data platform has the following advantages in this scenario:
▫ Massive storage: Weather data is uploaded to HDFS or OBS through CDM or

Loader. Both HDFS and OBS are cost-effective massive storage systems and can
be used as Hive table data storage systems.
▫ Massive data analysis: The parallel processing capability of MapReduce is used to

implement TB/PB-level data analysis. If no MapReduce programming capability is
available, Hive can be used to implement parallel processing of large-scale data
using SQL statements.
▫ Visualized data import and export tool: CDM or Loader exports data to DWS for
BI analysis.
• Storage and analysis of massive amounts of data: In the environmental protection
industry, weather data can be uploaded to HDFS or OBS through CDM. Hive is used
for batch analysis. MapReduce can be used to analyze 10 TB of weather data within
one hour and write the result to DWS for BI analysis and query.
• Massive data storage and real-time query: HBase is a column-based distributed

storage system with high reliability, performance, and scalability. It is dedicated to
massive data storage and high-concurrency query. For example, in the IoV industry, an
automobile company stores TBox data on HBase, which supports PB-level storage and
charging data record (CDR) queries in milliseconds.
• Low-latency stream computing: Flink, Storm, and Spark Streaming are provided as the
distributed real-time stream computing frameworks to analyze and compute massive
real-time data streams, such as clickstream data and IoT data. Result data can be
pushed or alarms are generated in real time. For example, in the IoE industry, data of
smart elevators or escalators is transmitted to the streaming cluster in real time for
real-time alarm reporting.
• MRS is an elastic big data service built on the IaaS infrastructure layer of HUAWEI
CLOUD. It belongs to the PaaS layer of cloud computing and is delivered in semi-
hosting mode.
• MRS slightly enhances the reliability, performance, and security of all integrated big
data components, and makes significant improvements on the functions and
performance of some components. In addition, some Huawei-developed functions are
integrated.
• Huawei-developed CarbonData: advanced column-based storage, index, compression,

and encoding technologies are used to improve computing efficiency, accelerate PB-
level data query, and facilitate faster interactive query. CarbonData is a high-
performance analysis engine that integrates data sources with Spark. It can be used as
the storage format for the data lake base.
• Huawei-developed Superior scheduler: To assist in computing resource management

and scheduling of ultra-large clusters and overcome the challenges and difficulties
encountered by the Yarn community in scheduling, Huawei develops the Superior
scheduler. It integrates the advantages of the Capacity scheduler and Fair scheduler. In
addition, the following optimization functions are provided: enhanced resource sharing
policy, tenant-based resource reservation policy, fair sharing between tenants and
resource pools, scheduling performance optimization in a large cluster environment,
and priority policy.
• MRS advantages: supporting full-form resources and flexible ratio configuration for
ultimate elasticity
• One-click creation of full-stack clusters: Full-stack big data clusters can be deployed in
one click. In addition, streaming, analysis, and hybrid clusters can be flexibly configured.
• Fully compatible with open source APIs: fully compatible with open source APIs,
requiring no change to customer service code
• Flexible resource combination: A wide range of computing and storage resources can
be combined to meet requirements from different clusters, helping users build their
clusters in the most cost-effectiveness way.
• Mature and simple migration solution: Migration tools are complete, and the
migration solution is completed in four steps without service interruption.
• Simplified O&M and reduced costs: The enterprise-class cluster management system
simplifies the management of the big data platform, greatly reducing O&M costs.
• The layered big data migration to the cloud can quickly migrate the offline Hadoop
big data platforms (CDH/HDP/...) to the cloud. It migrates customer services and data
to the big data service MRS on the cloud at a time, and quickly builds service systems
based on the cloud environment to meet customers' requirements for rapid service
growth in the future.
• Layered migration classifies data into cold data, hot data, and real-time data. Different
migration methods are provided for different types of data.
• Cold data refers to historical data that is not updated but needs to be accessed
occasionally, for example, historical CDR data in various scenarios. Generally, the data
volume is greater than 100 TB. For such data, you are advised to use DES to deliver the
data to HUAWEI CLOUD equipment rooms through encrypted data boxes.
• However, DES is not applicable to all cold data migrations, such as migrations from
third-party cloud services. In this case, only third-party private lines can be used for
migration, and the cost may be five times that using DES.
• Hot data refers to the data that is updated occasionally but accessed frequently. For
such data, you are advised to create a snapshot for the directories and use CDM to
migrate the snapshot through Direct Connect. Generally, after the first migration is
complete, multiple incremental data transfers are required to reduce the difference
between the migrated data and the new or updated data in real time.
• Real-time data refers to the data that is generated in real time and continuously
written to the big data cluster. Generally, the generation speed is within 100 MB/s.
During real-time data migration, you can configure KafkaMirror to synchronize Kafka
data from the source to the target in real time. If the Kafka service is not configured in
the service architecture, you can configure or reconstruct the service side to implement
dual-write of service data, achieving real-time data migration. If none of the preceding
conditions is met, you need to plan a downtime window and use incremental iterative
migration to shorten the incremental data migration duration to the downtime
window and stop services for migration.
• Cloud migration
▫ This solution quickly migrates the offline Hadoop big data platforms
(CDH/HDP/...) to the cloud. It migrates customer services and data to the big
data service MRS on the cloud at a time, and quickly builds on-premises systems
based on the cloud environment to support rapid service growth in the future.
• Migration data description:
▫ HBase: 330 TB/3 = 110 TB (1,000+ tables)
▫ Backup file in HDFS (40 TB)
• Migration solutions:
▫ All historical archived data, including HFile and backup files, is migrated using
DES.
▫ The HBase data of the latest month is migrated exclusively by using the snapshot
function and the CDM service.
▫ The summary data of the Kudu and standby HBase cluster is forwarded to the
online for migration through Kafka.
▫ The hot and cold data is migrated by phase, without service interruption.
▫ Direct Connect is set up to control migration bandwidth effectively, without

affecting service performance.
• Huawei Solution
▫ Historical archived data, including HFile and backup files, is migrated using DES.
▫ The HBase data of the latest month is migrated exclusively by using the snapshot
function and the CDM service.
▫ Kafka data is forwarded to the online for migration.
• Customer Benefits
▫ The service code of the offline system has no modification, which ensures quick
service migration.
▫ Online migration of service data ensures no service interruption, and more than
100 TB data can be migrated to the cloud within 7 days.
▫ The performance of cloud services is equivalent to that of physical servers, with

reliability and stability significantly improved.
• Financial scenarios
• MRS leverages the advantages of the big data platform on DeC to meet the strict
requirements of the insurance industry with regards to compliance, security, and
reliability. It reconstructs the IT architecture of traditional insurance enterprises, quickly
builds, and deploys insurance service systems. This helps insurance enterprises realize
fast digital transformation, easy service innovation, and agile service evolution.
• In this scenario, order data in the business database is written to Kafka through tools
such as the OGG, Maxwell, and Canal. Spark Streaming writes the order data to HBase
in microbatch mode in real time. HBase provides real-time query capabilities for
service systems and risk control systems. Data in HBase is periodically extracted as
table data files through DLF scheduling and stored in HDFS. SparkSQL provides the
report statistics capability. Alternatively, DLF invokes Spark jobs to periodically analyze
data and update the risk control model, providing data support for risk control.
• Benefits
▫ Meets industry regulatory requirements and protects customers' sensitive data.
▫ Provides dedicated MRS clusters and exclusive resources and decouples

computing resources from storage resources.
▫ Flexible creation and easy O&M
▫ Creates the big data platform with one click and provides an enterprise-class
platform management interface, simplifying O&M.
▫ Secure and reliable: Dedicated resources are deployed to meet industry

regulatory requirements and protect customers' sensitive data.
▫ Flexible and efficient: one-stop data storage, risk analysis, and report generation
▫ Flexible creation: A full-stack big data platform can be created with one click.
▫ Simple O&M: An enterprise-level platform management interface is provided for

unified O&M with the cloud.
• The order data in the service database is written to Kafka through tools such as OGG,
Maxwell, and Canal. Spark Streaming writes the order data to HBase in microbatch
mode in real time. HBase provides real-time query capabilities for service systems and
risk control systems. Data in HBase is periodically extracted as table data files through
DLF scheduling and stored in HDFS. SparkSQL provides the report statistics capability.
Alternatively, DLF periodically analyzes data and generates the risk control model,
providing data support for risk control.
• Solution analysis:
• Related Services
▫ MRS, DLF, DCS, OBS, Elasticsearch

• Business Challenges
▫ Ad effect monitoring: Monitor ad marketing in all domains, evaluate the ad

visibility effect, trigger online warnings of abnormal traffic, and display ad
reachability effect on the GUI.
▫ Conversion evaluation: Quantitatively and accurately evaluate the conversion

effect of channels based on ad monitoring. For example, self-media visitors visit
the official website.
▫ Data management platform: Activate and delicately manage data assets, and
effectively integrate multiple production, supply, and sales terminals and various
data sources to eliminate data silos.
• Advantages of the Technical Solution:
▫ Computing is isolated from storage. Service data is stored on OBS and metadata
is externally placed on RDS. Computing and storage resources can be used on
demand, which is more cost-effective.
▫ Rolling patch upgrade can be performed without interrupting services.
▫ Professional service support and performance optimization help shorten service

rollout time by 30%.
▫ HUAWEI CLOUD big data services are more stable and efficient, improving
service performance by 3 times.
• HBase table compression performance when data is loaded to a database improved by
more than 20 times
• Performance of real-time vehicle data processing improved by more than 50%
• Average performance of vehicle aggregation table calculation increased by about 3

times
• Vehicle data is accumulated for 24 hours and is consumed quickly, improving

performance by more than 6 times.
• After cleaning, converting, and denoising massive data of vehicle sensors and
geographical locations collected in real time, big data analysis and mining technologies
are used to analyze vehicle running status, fuel consumption, driving behavior tracks,
and engine running status to implement real-time vehicle monitoring and fault
prediction.
• Technical Implementation
▫ MRS Spark is used to easily build batch computing applications, periodically

obtain data from HBase for multi-dimensional data analysis, and generate
elevator running reports for upper-layer business departments. In addition,
scheduled cold data backup is implemented, and full data is backed up to the
cost-effective OBS.
▫ Machine Learning Service (MLS) mines the value of data, including predictive
maintenance of elevators.
• Benefits:
▫ Algorithms and models are built on the cloud to use big data technology to
analyze, sort, and mine physical and video data collected by sensors and smart
cameras installed in elevators to make the elevators "self-think", predict
potential faults, and implement security warnings. The cloud-based elevators can
effectively monitor the elevator running data, passengers' behavior, and elevator
operating environment in real time. This ensures that automatic alarms and
intelligent rescue can be triggered upon an emergency, and passengers'
uncivilized behavior can be supervised, thereby ensuring passenger's safety in
elevators.
• Implementation Principle
▫ MRS works MRS Kafka to temporarily store tens of thousands of pieces of real-
time elevator monitoring data in an uploading queue per second.
▫ MRS Storm processes Kafka data in real time and imports the data to Redis for
real-time monitoring.
▫ MRS Hadoop periodically extracts data from Kafka and imports massive amounts
of data to MRS HBase.
▫ With MRS HBase point query and batch scan capabilities, MRS works together
with Elasticsearch to offer ultra-fast query of elevator data at the business layer.
• DLI supports three functions: SQL jobs, compatibility with open source Spark APIs and
ability to execute all jobs supported by open source Spark, Flink real-time stream
processing
• DLI is a serverless big data compute and analysis service. It is fully compatible with
Apache Spark and Apache Flink ecosystems and supports batch streaming. With multi-
model engines, enterprises can use SQL statements or programs to easily complete
batch processing, stream processing, in-memory computing, and machine learning of
heterogeneous data sources.
• DLI architecture. The data layer is compatible with data from various data sources. The
engine in the middle is the Spark core engine. Multiple interfaces can be called
externally. Analysis and computing are supported in various industries.
• For these features, we will introduce the applicable customer scenarios.
• Highlights:
▫ Decoupled storage and computing, zero data migration: cross-source federated

analysis, no additional data migration
▫ Enterprise multi-tenancy, secure data sharing: Data permission control and

authorization are implemented for tables, columns, and views for data sharing
and monetization among enterprise departments or subsidiaries.
▫ +AI: Built-in AI engine, collaboration between data and AI models, and

structured/unstructured data processing in all domains
▫ Easy to use: The fully-managed serverless service frees users from the need to
pay for physical servers.
• Supported data sources: MRS/DWS/CloudTable/RDS/MySQL/MongoDB
• The following are key features of DLI: storage and computing decoupling, cross-source
analysis, and batch and stream processing. There are some cases and scenarios for
these features.
• Application scenarios of the storage and compute separation feature
• Huawei Solution
▫ Flexible resource allocation and on-demand billing
▪ Storage and computing resources can be expanded separately and

allocated on demand. Cost-effective object storage is used as storage
resources. Computing resources can be released when they are idle,
reducing costs.
▫ Easy to use
▪ You can use standard SQL statements to compile metric analysis logic
without paying attention to the complex distributed computing platform.
• Huawei Solution
▫ No need for migration in multi-source data analysis
▪ With the cross-source analysis capability of DLI, federated analysis can be

performed on multiple data sources without data migration.
▫ Tiered storage
▪ Automotive enterprises need to retain all historical data to support auditing

and other services that requiring infrequent data access. Warm and cold
data is stored in OBS and hot data is stored in CloudTable and DWS,
reducing the overall storage cost.
• DWS is a cloud service product based on Huawei-developed enterprise-class GaussDB
database.
• DWS uses the shared-nothing distributed architecture and supports hybrid

row/column-based storage, providing ultimate massive data analysis and query for
cloud customers.
• DWS is based on the MPP DB distributed architecture.
• DWS supports 40GE high-speed internal networks and has strong scalability.
• DWS supports JDBC, ODBC, and DataStudio client connections.
• DWS is compatible with SQL 2003 and SQL 92, enabling developers to quickly start
development.
• DWS interconnects with reports and BI tools to implement agile development of

visualized data display.
• This solution consists of two parts:
• Data migration: Use CDM to migrate data to DWS in full or incremental mode.
• Application migration: Customers can migrate stored procedures developed on Oracle

or Teradata to DWS.
• The self-built data warehouse solution focuses on customers' service scenarios. It builds
a complete set of logical models of the data warehouse based on data modeling, such
as the star model or snowflake model, to facilitate service processing and report
display.
• In a data warehouse, the logical layers can be divided into three layers:
• ODS layer: The ODS layer is the source layer and has the same data features as the
source service database.
• DW layer: data warehouse layer, which extracts historical analytical data from the ODS
layer and complies with the data model.
• DM layer: data mart layer, which is used for metrics analysis and can be calculated
based on data at the DW layer.
• Finally, the application layer of DWS can seamlessly interconnect with various BI tools
to implement agile report development.
• Advantages: significantly reduced costs and improved work efficiency
• A bank builds a next-generation converged data warehouse with DWS.

• The data silo problem of Glodon is resolved. Data in each service database is stored in
DWS in a unified manner. Based on data modeling, data is analyzed and processed in
a unified manner to obtain more valuable information.
• During BI construction, Glodon addresses pain points and challenges of massive, multi-
source, and real-time data processing with Huawei DWS.
• To address the challenges of data value monetization brought by diversified services,
systems, and data, HUAWEI CLOUD builds an intelligent data lake solution based on
cloud infrastructure.
• This solution provides key capabilities such as unified data storage, converged data
analysis, and data operation enablement, helping customers build a unified data
platform with real-time data service for quicker industry digitalization.
• DAYU provides end-to-end data operation capabilities throughout the enterprise

management processes, including integration of multiple heterogeneous data sources,
job script orchestration, development, and scheduling, data quality monitoring, data
model development, and data services, helping enterprises achieve digital
transformation.

transformation.
• Enterprises often have to face the following challenges when managing data:
• Data governance
▫ There is no methodology available for defining enterprise data system standards

and data specifications, and data languages are not unified.
▫ There are no efficient and accurate data search tools available to ordinary
business personnel, so data is hard to find.
▫ There are no associations formed between technical metadata and business

metadata, so data cannot be read.
▫ There is no quality control or evaluation methods available, so data cannot be

trusted.
• Data operation
▫ There is no efficient data operation platform is available to address the growing

report analysis requirements and the decision-makers' operational demands.
▫ Data is not service-oriented, so new copies are constantly being created and the
data definitions are inconsistent. The same data is developed repeatedly, wasting
resources and driving up costs.
• Data innovation
▫ There are too many data silos. Data is not easily shared and circulated
throughout the enterprise. As a result, cross-domain data analysis and data
innovation are lacking.
▫ Data is still mainly used in report analysis. There are almost no solutions for
promoting business innovation based on data feedback.
• DAYU is a one-stop operation platform that provides data lifecycle management and
intelligent data management for enterprises' digital operations. It provides functions
such as data integration, data design, data development, data quality control, data
asset management, and other data services. DAYU supports intelligent construction of
industrial knowledge libraries as well as data foundations such as big data storage and
big data computing and analysis engines. DAYU helps you quickly construct intelligent
end-to-end data systems from data ingestion to data analysis. It helps eliminate data
silos, unify standards, accelerate monetization, and generally assist with digital
transformation.

transformation.

transformation.

transformation.
• The big data platform of the energy group transforms data operation to:
• Upward: interconnect with the information management platform for national

renewable energy power generation projects
• Downward: collect the production data of hundreds of energy enterprises and millions
of renewable energy power generation devices in the province in real time
• The renewable energy data platform of a province lights the renewable energy
industry.
• Achievements
▫ Upward: interconnecting with the information management platform for

national renewable energy power generation projects
▫ Downward: collecting the production data of hundreds of energy enterprises and

millions of renewable energy power generation devices in the province in real
time
▫ Orderly, open, and shared data flows with energy to activate data value

• Upward: interconnecting with the information management platform for national

• Downward: collecting the production data of hundreds of energy enterprises and

millions of renewable energy power generation devices in the province in real time

• In addition to basic computing capabilities, HUAWEI CLOUD EI provides 59 cloud
services (21 platform services, 22 visual cognition services, 12 language services, and 4
decision-making services) and 159 functions (52 platform functions, 99 API functions,
and 8 pre-integrated functions), including essential platform services, common APIs,
advanced APIs, and pre-integrated solutions.
• These services can be used by senior AI scientists, data engineers, common IT

engineers, and service developers. As AI is further used in more industry fields, the
capabilities of these services are growing robust.
• At the Huawei Global Analyst Summit in April, 2018, we announced Huawei's full-
stack and all-scenario AI solution.
• "All-scenario" indicates that the HUAWEI CLOUD AI solution can be applied to

diversified scenarios, such as the public cloud, private cloud, edge computing, IoT
industry devices, and consumer devices.
• "Full-stack" refers to a full-stack solution that includes chips, chip enablement, training
and inference frameworks, and application enablement.
• Huawei's full-stack solution includes:
▫ Ascend: a series of unified and scalable AI IPs and chips, including Max, Mini, Lite,
Tiny, and Nano.
▫ CANN: a chip operator library and highly automated operator development tool
▫ MindSpore: a unified training and inference framework for device, edge, and
cloud (both standalone and cooperative)
▫ Application enablement: all-flow service (ModelArts), layered APIs, and pre-

integration solutions
• This figure describes ModelArts functions. ModelArts provides all-round capabilities for
AI development, including data processing, model training, model management, and
model deployment.
• ExeML can be used to recognize flatbed and dump trucks.
• The human figure detection model trained on ModelArts can be deployed on smart
surveillance cameras to detect pedestrians.
• ModelArts Sound Classification can be used to identify various sounds in rainforests,
facilitating rainforest protection.
• Pain points: Manual inspection is labor-consuming, and manual observation and

analysis of nature require expertise.
• What Is Huawei HiLens?
• Huawei HiLens consists of two parts. In terms of software, HiLens provides an online AI
application development platform. In terms of hardware, HiLens provides a powerful
development suite for developers.
• This slide shows the Huawei HiLens cloud side and device side. You can also log in to
the HUAWEI CLOUD official website and find the service in the service catalog of EI.
• Add the description of HiLens devices and application scenarios. For example, the
HiLens Kit devices can be used in outdoor scenarios.
• Integrating model development, Huawei HiLens is a flexible device-cloud application
development platform.
• Background: He Chang Future Technologies is committed to providing industry-leading
integrated smart urban road management services for roadside parking management,
static traffic management, intelligent security, and smart home, ensuring safe travels.
• Challenges: Urban transportation problems such as a lack of parking space, illegal

parking, or inappropriate charging for parking, are increasingly serious. Currently, to
install a digital roadside parking management system, you need approval from the
local authorities, but the approval is difficult to obtain. What's worse, construction and
operation are very expensive; license plates cannot be identified automatically when
conditions are poor; and reverse license plate search is not supported.
• Benefits: With the help of Huawei HiLens devices, data collection is easier than before.
HiLens devices can be deployed in large scales. You do not need to spend to much
money, and the deployment consumes a shorter time. The device-cloud synergy is used
to automatically recognize license plates. Therefore, the success rate for license plate
recognition is increased by 75%, and the manual O&M cost is reduced greatly. The
manual review rate and the complaint rate are decreased by 50% and 30%,
respectively.
• Market shares, customers' requirements, and customer experience improvement are
important factors that need to be carefully considered for the purpose of sales
increase.
• Huawei and NTT Data jointly developed a smart 4S store solution. This solution fully
releases the power of data and helps reconstruct the offline store sales mode.
• Huawei HiLens-based multimodal AI development suite helps build a smart store

system, to analyze customer mood changes. The system uses the historical data to
analyze customer profiles and predict their requirements, so as to better serve
customers and improve their experience.
• Selected solution: Developers, large enterprises, and industry ISVs can use Huawei
HiLens to improve development efficiency, or integrate HiLens Kit, Atlas 200 DK, and
Atlas 200 SOC into their own solutions at low costs, to update their algorithms
speedily, manage devices with efficiency, and roll out solutions within two to three
weeks.
• Background: Conventional camera-video mode can only be used for real-time
surveillance. Alcidae hopes that automatic video analysis can be performed by cameras
to deliver value-added AI services for end users.
• Challenges: In the conventional video analysis architecture, an intelligent IPC is

deployed on the device side. It sends videos to the cloud for analysis and processing.
The main limitation is that the computing power on the device side is insufficient and
expensive. In addition, the cloud-based analysis requires high network bandwidth and
responds slowly. The offline SDKs cannot keep up with the increasing requirements of
customers.
• Benefits: Huawei HiLens is a one-stop AI application development, distribution,

deployment, and management platform with cameras. It supports efficient cloud-
based training and can push AI skills down to devices to yield in-the-moment
optimizations required in the diversity of monitoring scenarios and enable quick
turnarounds in algorithm change requirements. With device-cloud synergy, Huawei
HiLens automatically determines whether cloud-enabled recognition is required,
greatly reducing network transmission bandwidth and video analysis costs. The
powerful device-side computing power of Huawei HiLens enables devices to process
more skills locally, lowering the requirements on network bandwidth and improving
the devices' inference efficiency.
• Product link: https://www.vmall.com/product/10086322059741.html
• Benefits
▫ Service enablement: Based on home videos, the solution conducts human figure
and baby cry detection as well as intelligent video retrieval to deliver various
value-added services for end users, including family member retrieval, elder care,
babysitting, and stranger surveillance.
▫ Device-cloud synergy: This solution performs both device-based and cloud-based

recognition (secondary), significantly reducing network transmission bandwidth
and video analysis costs.
▫ Cloud-based training: This solution offers automatic and effective cloud-based

training and pushes the training results down to devices to quickly respond to the
algorithm change requirements.
• Background: Longtian Digital Technology is dedicated to safe production in the electric
power, construction, petrochemical, and coal industries. It helps avoid casualties caused
by personnel violations and economic losses to construction enterprises.
• Challenges: Conventional video analysis services are costly, complex to build, and
difficult to deploy. In addition, they are difficult to adapt to complex environments at
construction sites.
• Benefits: A HiLens Kit device can connect to 16-channel cameras for video analysis and
device-side inference. Skill models can be quickly deployed with a few steps to
implement online platform management and automated secure production
management. Developers, large enterprises, and industry ISVs can use the HiLens Kit
devices to quickly integrate and verify solutions, greatly improving the development
efficiency. The integrated solutions can be rolled out within two weeks.
• Next, let's look at Graph Engine Service, that is, GES. I believe that you have learned
about graph data and GES in the previous HCIA course. Here, we will talk about its
application scenarios.
• The massive and complex associated data, such as social relationships, transaction
records, and transportation networks, is graph data. GES stores, queries, and analyzes
the relationship-based graph-structure data. It has various application scenarios, such
as Internet recommendation, intelligent Q&A of knowledge graphs, knowledge graph
inference, financial risk control, and smart city.
• GES provides an ultra-large integrated platform for graph storage, query, and analysis.
It powers high-performance query and analysis on large-scale graphs with billions of
vertices and hundreds of billions of edges. Based on its high-performance distributed
graph computing engine, GES can implement real-time queries in seconds. In addition
to the high-performance computing kernel and distributed storage framework, GES
has a library with extensive algorithms, including traditional graph analysis algorithms
that support real-time query and analysis, graph deep learning algorithms (graph
convolution and embedding algorithms), and knowledge graph embedding algorithms.
• Next, let's look at the analysis functions of GES.
• GES is an ultra-large integrated platform for graph query and analysis. It has a library
with extensive algorithms, a high-performance computing kernel, and a distributed
storage framework.
• Algorithms in the GES library can meet diversified application requirements.
• The PageRank algorithm can be used to mine individual value on social networks. Both
quantity and quality are taken into considerations. For example, the more "follows"
received, the more influence an individual KOL has. In addition, if the followers are of
high quality, the KOL's value increases too. PageRank can be used to effectively avoid
problems like unreasonable scoring and frequent cheating.
• Centrality and TrustRank algorithms can be used to discover more KOLs on social
networks.
• The GES graph analysis algorithms can also be used in friend recommendation
scenarios.
• When you update your contacts on a social platform, new friends will be
recommended. This kind of recommendation is based on the graph triadic closure
theory. For example, if two people in a social circle have a common friend, they may
become friends in the future. The more common friends they have, the more likely
they become friends. Therefore, friend recommendation can be implemented based on
the number of common friends. In addition, before two people become friends, a
triangle is established between the them and their common friends. A larger number
of triangles in a social circle indicates that their connection is closer and more stable.
• We can analyze the social network closeness and recommend friends based on the
triadic closure theory and algorithms such as Triangle Count, Clustering Coefficient,
and Shortest Path.
• When GES is used for node classification and link prediction:
▫ Generally, there is a high probability that two similar nodes belong to the same
type or are associated. We can use the deep neural network to express the nodes
and routes in a graph structure in embedded mode, and learn the overall
structure of the graph network at the same time.
▫ Then, we can obtain the low-dimensional expressions of nodes and edges in the
graph network and accurately predict whether two nodes belong to the same
type, are connected, or a specific relationship exists between them based on
specific distance calculation formulas. It is even possible to infer the real
knowledge that exists, but is not presented in the training data through existing
data.
▫ GES provides various graph deep learning algorithms, including the graph
embedding algorithms Node2vec and SDNE, graph convolution algorithms GCN
and GraphSAGE, and knowledge graph embedding algorithms TransE and
ComplEx.
• Graph embedding and graph convolution: The deep learning algorithms are used to
extract the graph structure and node features in a graph. In this way, the graph and
nodes are classified and expressed in embedded mode.
• Anti-fraud: GNN is used to perform in-depth data mining and identify malicious user
patterns to control risks.
• Marketing recommendation: GNN provides a deep-level interactive associated

information mining solution to mine the interaction between users and commodities at
more layers for E2E learning and marketing recommendation.
• Academic scenario: GNN can also be used for bioprotein activity detection, RNA
classification, gene prediction and so on.
• Next, let's talk about applications of GES in the knowledge graph, relationship, and risk
control domains.
▫ In recent years, knowledge representation and inference are widely used. GES
provides a graph database that can store a large amount of knowledge graph
data as the underlying storage support.
▫ At the upper layer of the storage, GES also has abundant knowledge graph
embedding algorithms (TransE, TransD, ComplEx, Analogy, and the like) to
perform embedded expression on entities and relationships in knowledge graphs,
for the purposes of clear expression and correct understanding.
▫ Good knowledge graph embedding is the guarantee of subsequent knowledge

graph inference. Based on the result of knowledge graph embedding, GES also
provides knowledge graph query and inference algorithms. GES is an important
tool for knowledge graph data storage, embedding, and inference.
▫ In the relationship network and financial risk control domains, GES also provides
extensive algorithms for friend relationship query, commodity/consultation query,
community classification, and link analysis, as well as machine learning-based
graph convolution and embedding algorithms. It has the capabilities of analysis,
classification, recommendation, and link prediction based on graph node features,
graph network features, or embedded graph node expressions.
• Image text recognition, also known as optical character recognition, is referred to as
OCR. In a broad sense, it refers to the process of analyzing and identifying text data
from image files to obtain text and layout information. OCR is widely used to
recognize general characters, receipts, and certificates, replacing manual input and
improving service efficiency. It is also a hot trend in AI field.
• This figure shows the panorama of HUAWEI CLOUD OCR. OCR includes five categories:
general, receipt, certificate, industry, and template customization. The five scenarios
cover a wide range of common application scenarios and common industry
identification requirements. More customization requirements will be developed
through intelligent online customization capability. In addition, HUAWEI CLOUD has
taken the lead in providing OCR service capabilities outside China, such as Myanmar ID
card, Thai ID card, and international passport. More services are being incubated.
Based on the massive underlying training and inference resources of HUAWEI CLOUD
and the support of the underlying basic AI platform, HUAWEI CLOUD OCR accelerates
the development and rollout of services, and shortens the time for testing new services
to days.
• Intelligent classification, one image with multiple tickets, automatic segmentation and
identification
• HUAWEI CLOUD OCR can also be used in financial reimbursement scenarios. OCR can
automatically extract key information of invoices to help employees automatically fill
in reimbursement forms. In addition, the RPA automatic robot can greatly improve the
efficiency of financial reimbursement. Ticket OCR can recognize VAT invoices, taxi
invoices, train tickets, itineraries, and shopping invoices. It can correct distorted images
and effectively eliminate the impact of seals on text recognition, to improve the
recognition accuracy.
• In financial reimbursement, one image usually contains multiple invoices. Generally,
common OCR services can identify only one type of invoices. For example, the value-
added tax invoice service can identify only one value-added tax invoice. HUAWEI
CLOUD OCR provides intelligent classification and identification services, including one
image with multiple invoices, one image with multiple cards, mixed use of cards and
invoices, and total billing. The system also supports the separation of multiple types of
bills and cards, including but not limited to air tickets, train tickets, medical invoices,
driving licenses, bank cards, ID cards, passports, and business licenses. Then, OCR can
be used to identify various types of figures.
• After receiving a batch of financial invoices, financial personnel need to manually enter
the invoice information into the system. Even if you use OCR technology, you need to
take photos of each financial invoice and upload them to your computer or server.
HUAWEI CLOUD provides the batch OCR solution. You only need to use a scanner and
a PC to scan invoices in batches to generate color images. In addition, HUAWEI CLOUD
OCR is automatically invoked in batches to quickly extract invoice information and
visualize and compare the recognition results. You can also export the recognition
results to an Excel file or financial system in batches, greatly simplifying the data
recording process.
• The six functions of Image Recognition deliver omnimedia tagging and image
optimization.
• Based on deep learning technologies, Image Recognition can accurately identify visual
content in images and provide multiple objects, scenarios, and concept tags. It has
capabilities such as object detection and attribute recognition, helping customers
accurately identify and understand image content.
• Image Recognition provides the following functions: image tagging, recapture

detection, celebrity recognition, and video tagging.
• Image tagging: recognizes objects, scenes, and concepts, facilitating your search,
filtering, and management of large galleries.
• Recapture detection: identifies whether the commodity image is the original image or
a recaptured image.
• Celebrity recognition: accurately recognizes movie stars and internet celebrities in

images.
• Video tagging: performs multi-dimensional analysis on videos, such as scenario

classification, person recognition, speech recognition, and text recognition, to form
hierarchical classification tags.
• Content Moderation adopts cutting-edge image, text, and video detection technologies
that precisely detect advertisements, pornographic or terrorism-related material, and
sensitive political information, reducing any non-compliance risks in your business.
• Pornographic Content Detection: Identifies pornographic content in images and

delivers confidence scores, such as porn, sexy, and normal.
• Terrorism-related Information Detection: Quickly detects whether an image contains

fires, guns, knives, violent content, and terrorist organization banners.
• Political Information Detection: Detects sensitive political content and figures.
• Text Moderation: Checks whether the text contains pornography, sensitive political
content, advertisements, offensive content, spamming, and contraband.
• Video Content Moderation: Determines whether the video has violation risks and
provides violation information from multiple dimensions such as image, sound, and
subtitle.
• Content Moderation adopts cutting-edge image, text, and video technologies that
precisely detect pornographic or terrorism-related material, and sensitive political
information, reducing any non-compliance risks in your business.
• Content Moderation implements intelligent content moderation of short videos,

improving the review efficiency by 90%.
• Moderation (Video) provides functions such as PiP, short video, image, and text
moderation to assist customers in content review to reduce non-compliance risks.
• Face Recognition provides four functions: image-based Face Detection, Face
Verification, Face Retrieval, and Face LiveDetect.
• Face Detection accurately locates faces in an image, identifies the size of each face,
and outputs basic facial attributes, such as the gender and age.
• Face Verification compares the similarity of human faces in two images. The
application system determines whether they are the same person based on the
similarity.
• Face Retrieval extracts facial features from the target facial image and imports the
features to the facial image library for future comparison and retrieval. Generally, this
function is used together with facial image library management.
• Face LiveDetect determines whether a user is a real person by actions to defend

against fraud attacks with photos and videos.
• Access control gates are usually deployed in public places such as campuses, office
buildings, schools, and construction sites. Conventional gates recognize identities when
passengers swipe cards. During peak hours, people may forget to bring cards or stop to
search for cards, which causes congestion and slow passage. Access control by card
recognition is risky because cards can be easily stolen.
• The face recognition-based access control gate solution uses the face recognition
technology to accurately recognize passenger identities and quickly return the
recognition results. When a passenger approaches to the gate, the face image is
captured and the gate opens once the face is recognized. The gate can be used
together with the attendance system to effectively prevent attendance frauds and
cheats, thereby implementing automatic management.
• The facial image library management and face retrieval functions are used in the face
recognition-based access control scenario.
• Campus security is now a major concern of the education industry. Management of

students and teachers is important. Parents worry about the safety and health of
students, teachers are concerned about management, and schools hope to improve
service and efficiency.
• Based on Face Recognition, the campus management system can implement multiple
intelligent management scenarios, such as identity recognition, activity track
identification, dormitory management, meeting sign-in, and school heat maps.
• In the teacher and student management scenario, the face detection, face retrieval,
and facial image library management functions are recommended. The functions can
also be used with face capture cameras or video-based face detection
algorithms.
• In the Internet finance industry, how to quickly verify customer identities and
authorize relevant operations is critical, because it has impact on the business
security and competitiveness of enterprises.
• The face recognition technology can accurately recognize identities to ensure

operation security, allowing authorized users to perform operations on mobile
phones and improving user experience. The technology can also be used in an
online car hailing app to verify the driver identity in real time, thereby ensuring
passenger safety.
• In this scenario, face retrieval and facial image library management can be
used, and Face LiveDetect can also be configured to prevent cheating.
• The VCR provides capabilities of analyzing people, vehicles, objects, and events.
• People analysis capabilities include video-based face detection, crowd counting, and
heat map. Video-based face detection can quickly identify faces in videos and provide
facial images for subsequent face recognition. Crowd counting collects statistics on the
number of persons in a covered area, and heat map collects statistics on the
probability of people appearing in a covered area. Crowd counting and heat map are
used to identify the crowd popularity in an area.
• Vehicle analysis capabilities include license plate recognition and vehicle attribute
recognition. License plate recognition is used to recognize license plates of vehicles,
including blue license plates and license plates for new-energy vehicles. Vehicle
attributes include the vehicle types and colors, which are used by upper-layer service
systems for detailed vehicle information analysis.
• The object analysis capability mainly indicates object leftover detection. Object leftover
detection detects leftover objects, such as luggage, in an area. This function can be
used in scenarios such as lost and found in residential cells.
• Event analysis capabilities include smoke and fire identification and intrusion detection.
Smoke and fire identification is used to identify open flames and smoke in screens.
Intrusion detection can identify illegal intrusion behavior (passing lines or areas) and
generate alarms. In addition, people and vehicles can be filtered. That is, only
intrusions of people or vehicles can be identified and alarms can be generated, greatly
reducing the false reporting rate.
• Tian An Cloud Park is located to the north of Huawei Industrial Base, Bantian,
Shenzhen. It occupies an area of 760,000 square meters and covers a building area of
2.89 million square meters. It focuses on leading industries such as cloud computing,
mobile Internet, robot, and intelligent device, and also develops modern and
productive services based on these industries. Tian An Cloud Park provides open and
shared space and smart environment construction to meet the requirements of leading
industries, and builds a smart city ecosystem that fully associates enterprises and
talent.
• In this project, we use the video analysis solution with edge-cloud synergy. Video
analysis models such as face detection, vehicle recognition, and intrusion detection are
delivered to the local GPU inference server of the park. After analyzing real-time video
streams locally, the server can upload the analysis results to the cloud or save the
analysis results to the local host for interconnection with upper-layer application
systems.
• The video analysis solution with edge-cloud synergy implements intelligent analysis on
surveillance videos and detects abnormal events such as intrusions and heavy crowds
in real time, reducing labor costs. In addition, existing IPCs on the park can be reused
and changed to intelligent cameras through edge-cloud synergy, greatly protecting
users' existing assets.
• The crowd counting and heat map solution is used to identify crowd information,
including the number of people and popularity density in an area. It supports setting of
the time and result sending interval. This solution is mainly used in scenarios such as
customer flow statistics, visitor quantity statistics, and business area popularity
identification.
• With the crowd counting and heat map solution, you can obtain the following benefits:
• Strong detection capabilities: able to count the number of people that only have parts
of body captured by camera
• High scalability: able to send statistics about head counting, areas, and heat maps at
the same time
• High usability: A common surveillance camera of 1080p resolution would suffice.

• Intrusion detection is used to identify unauthorized intrusion behavior in images shot
by cameras. The system can extract moving objects from the camera's field of view.
When an object crosses a specified area, an alarm is triggered. In addition, users can
set the minimum number of people in an alarm area, alarm triggering time, and
algorithm detection period. This solution is mainly used to identify unauthorized access
to key areas and dangerous areas, and detect climbing behavior.
• With the intrusion detection function, you can obtain the following benefits:
• High flexibility: The size and type of alarm objects can be set.
• Low false alarm rate: Intrusion alarms based on people or vehicles filter out
interference from other objects.

• Leftover object detection is used to detect appearance and disappearance of leftover
objects in images shot by cameras. The system can monitor specified areas. When a
leftover object is detected, an alarm is triggered. The system can also continuously
monitor specified objects in specified areas. When an object is lost, an alarm is
triggered. In addition, users can set the alarm triggering time and algorithm detection
period. We can use it to detect illegal leftover objects and monitor key objects.
• With the leftover object detection function, you can obtain the following benefits:
• High scalability: Accurate identification based on face recognition and intrusion

detection
• Low false positive rate: Specified objects in specified areas can be identified to
eliminate interference.

• Smoke and fire identification is usually used to identify open flames and smoke in
images shot by cameras. First, a camera automatically identifies the smoke before a
fire, locates the area where the smoke occurs, and determines the flame status in the
area in real time. Then, the camera can generate an alarm in a timely manner to
eliminate fire risks. The following capabilities are involved:
• Smoke detection: Determine the smoke density and diffusion based on the smoke
color (light smoke is translucent and thick smoke is gray and black).
• Flame detection: Identify whether a flame exists based on the flame color and shape.
• With the smoke and fire identification function, you can obtain the following benefits:
• Video analysis is performed on suspected smoke and fire areas to effectively improve
the detection precision based on the visual features of the smoke and fire.
• No infrared thermal camera is required. You can deploy only common cameras to
detect smoke and fire indoors, outdoors, in the daytime, and at night.
• The cloud-based optimization capability is provided. Algorithm experts can evaluate

and optimize algorithms based on onsite environment requirements to adapt to
different environments and achieve the optimal effect.
• Speech Interaction Service (SIS) provides services externally through APIs.
• Automatic Speech Recognition (ASR) solves the problem of listening, and Text To
Speech (TTS) solves the problem of speaking
• Sentence Transcription: You can upload data at a time. After receiving the complete
data, the server converts it. 8 kHz and 16 kHz are supported. It is mainly used for
human-machine interaction (typically WeChat voice input) and content review.
• RASR: RASR converts continuous audio streams into text in real time, enabling faster
speech recognition. Compared with Sentence Transcription, RASR is faster. The major
application scenarios include intelligent outbound calling, real-time conference
recording, and instant text generation.
• Long Audio Transcription: It provides one task submission API and one task query API.
You can submit tasks through the task submission API and query the recognition
results through the task query API. Key information about the emotion, role, and
speech is displayed in the recognition result. Long Audio Transcription can be used in
scenarios such as the customer service quality inspection and the content review.
• Hot word self-service optimization: In the speech recognition field, if there are some
special words with poor recognition effect, you can use hot words to optimize the
recognition effect, such as names of people, places, and various proper nouns. You can
use the hot word creation API to create a hot word and obtain a hot word ID. When
the speech recognition API is called, the hot word ID is transferred to optimize the
recognition result.
• The formal male voice, formal female voice, and child's voice can be selected.
• HUAWEI CLOUD NLP provides four subservices, NLP Fundamentals, Language
Understanding, Language Generation, and Machine Translation. Each subservice
provides the corresponding atomic capability API.
• NLP can be used in scenarios such as intelligent Q&A, public opinion analysis, and
advertisement monitoring.
• Now, let's look at Conversational Bot Service (CBS).
• CBS provides subservices such as QABot, TaskBot, SA, and voice assistant. QABot helps
enterprises quickly build, release, and manage intelligent question-answering bots.
• TaskBot can accurately understand the intent and key information of a conversation
and be integrated with intelligent phonebots and hardware, offering new voice
interaction modes.
• The voice assistant combines ASR, TTS, and TaskBot to parse and execute speech
commands and is applied in scenarios like smart home.
• SA uses natural language algorithms and user-defined rules to analyze conversations

between customer service agents and customers in call center scenarios, helping
enterprises improve agent service quality and customer satisfaction.
• CBSC helps build AI bots that have various capabilities, such as knowledge base and
knowledge graph Q&A, task-oriented conversion, reading comprehension, automatic
text generation, and multi-modality, based on customer requirements.
• Generally, a bot with a single function cannot solve all problems in customer service
scenarios. A conversational bot solution is developed by integrating multiple bots with
different functions. The solution is presented as a single service API. Customers can
solve different service problems by calling the single API. The following describes the
application scenarios of each bot:
• Application scenarios of QABot:
• Have common consulting and help issues in IT, e-commerce, finance, and government
domains.
• Have accumulation of knowledge, QA knowledge base, FAQ or FAQ-like documents,

service tickets, and customer service Q&A data.
• Application scenarios of TaskBot:

• Have clear conversational tasks and support flexible configuration of the dialog
process (multiple rounds of interaction) based on the real-world scenario. After a
dialog template is loaded, the bot can perform multiple rounds of dialogs with a
customer in specific scenarios while understanding and recording the customer's
intentions. Specific scenarios include:
• Outbound Robot: service satisfaction survey, user information verification, recruitment

appointment, express delivery notification, promotion, and high-quality customer
selection
• Customer service: hotels, air ticket booking, credit card activation, and more
• Smart hardware: voice assistant, smart home, and more
• Application scenarios of KGBot:
▫ The knowledge system is complex.
▫ Answers can be obtained only through logical inference.
▫ Answers can be obtained through multiple rounds of interaction.
▫ For factual issues involving entity attribute values or relationships between

entities, QA pairs cannot be all enumerated
• The KG-powered vehicle QABot can complete precise Q&A, for example, query the
price and configuration of a specific vehicle model and recommend vehicles based on
the price and class type. It can also complete Q&A about vehicle comparison. The
answer can contain text, tables, and images.
• This solution is jointly developed by HUAWEI CLOUD EI and partners. Currently, the
Featured Solution has been launched. Huawei provides ASR, TTS, and Conversational
Bot Engine, and partners are responsible for integration and development of the entire
system.
• Difficult to recruit people (work is boring and repetitive, and a lot of negative emotions
are involved, resulting in a high turnover rate), difficult to manage (low loyalty, big
difference of ability, and difficult to monitor the behavior), high costs (in labor,
training, and venue), and low efficiency (hard to follow up issues and low customer
conversion rate)
• How can we analyze the customer service quality to ensure continuous improvement in
customer service capabilities and customer satisfaction?
• Traditional quality inspection:
▫ Professional inspectors perform sampling inspection and manual recording

analysis. Generally, the sampling inspection rate is about 5%. The inspection rate
is low, and the workload is heavy.
▫ Inspectors need to be trained. The professional degree, loyalty, and training cost
are the pain points of enterprises.
• Speech Analytics (SA):
▫ End-to-end HUAWEI CLOUD featured solutions
▫ Complete automation: offline automatic analysis of a large number of files,

which is fast and efficient and allows manual review
▫ Intelligent analysis: ASR and NLP used to intelligently analyze customer service
conversations and generate reports
▫ Custom rules: flexible configurations of voice and semantics rules and deduction
items, and intuitive display of the real-world customer service performance
▫ Flexible access to multi-source data: seamless interconnection with text, voice,

and OBS data
• Dual-modal identification: strong anti-noise capability. The video and audio are
captured without being interfered by the environment. The identification accuracy is
high, and the scoring deviation in the noisy environment is reduced.
• Dual-modal evaluation: pronunciation + mouth shape. The non-standard pronunciation

can be accurately identified based on the mouth shape, and users are differentiated
through their spoken languages.
• Dual-modal feedback: audio-visual playback of problematic pronunciation. The

pronunciation process is played back.
• Dual-modal error correction: audio-visual pronunciation demonstration. Standard

English and American pronunciations are demonstrated, strengthening learning and
memory, and helping improve pronunciation.
• Based on multi-modal audio and video data, carry out evaluation from multiple
dimensions, such as the pronunciation and mouth shape.
▫ More accurate effect
▫ Better robustness
▫ More intuitive teaching by zooming in the moving month
▫ More specific error correction

• Compared with the traditional single-modal spoken language evaluation, multi-modal
spoken language evaluation has the following advantages:
▫ Spoken language evaluation is performed based on audio and video multi-modal

data, which is more accurate.
▫ The mouth shape can be zoomed in, which is more intuitive to instruct learners
on how to make the correct pronunciation.
▫ Signals of multiple modals are combined, leading to better evaluation robustness

and convenient learning environments.
▫ The traditional single-modal evaluation has high requirements on the

environment, which must be quiet. Comparatively, the multi-modal evaluation
has strong anti-noise capability and does not have strict requirements on the
quietness.
▫ Spoken languages can be learned anytime and anywhere as long as your tablet,
mobile phone, or computer can collect audio and video data.
• Knowledge Graph (KG) is essentially a form of knowledge representation and a
structured semantic knowledge base that describes entities and their relationships in
the physical world. Because most of human knowledge is stored in natural language
text, graph construction involves many NLP-related technologies.
• An ontology is a set of abstract concepts in a domain. It can describe the common

features of all things in a certain scope and the relationship between things, for
example, the concept of "people" and a set of all attribute concepts related to people.
An ontology consists of concepts and relationships between concepts. A concept can be
understood as an entity type. A concept defines the attributes of an entity of this type.
• An entity refers to a distinct and independent thing, such as a person, place, or

company. An entity is an instantiated representation of a concept. It may have an
attribute, for example, a person has an attribute of age.
• A relationship refers to the semantic relationship between entities. For example, the
provincial capital of Zhejiang is Hangzhou, and the relationship between Zhejiang and
Hangzhou is that Hangzhou is the provincial capital of Zhejiang.
• The basic knowledge unit of KG is a triplet consisting of entity, relationship, and

entity/attribute, for example, Zhejiang - provincial capital - Hangzhou, or Hangzhou –
population – about 10 million.
• Knowledge-based Question Answering (KBQA) understands questions raised by users
by using machines to analyze and process natural languages. It uses structured
knowledge in the knowledge base to query and infer the questions and find precise
answers to the questions, and feeds back them to users, helping users solve different
types of problems.
• KG-based precise search and intelligent search
▫ KG provides the entity linking API to parse user queries and return precise
answers.
▫ KG stores entity relationships and attributes, integrates multimedia information,

and supports multi-modal queries.
• KG can be applied to multiple scenarios.
• For example, in an information recommendation system, information recommendation

may be completed based on graph association information in KG. Different from the
traditional recommendation system, the KG-based recommendation system performs
recommendation based on semantic association in the knowledge information.
Therefore, its result is explainable, and no cold start or sparsity issues exist.
• In a semantic search process, a search, especially a multi-hop search, can be performed

based on KG. A traditional search is based on keyword matching and probability
statistics. The search engine provides web pages similar to the content entered by
users, but it cannot understand the meaning of the entered content. Therefore, users
still need to filter the results. Based on the search statements of users, the knowledge
graph-powered search function uses natural language processing to understand users'
search intentions, converts user input into knowledge graph queries, and returns the
knowledge that matches the intentions in the knowledge graph. Users do not need to
perform filtering.
• Machines are used to analyze and process natural languages to understand users'
questions. Structured knowledge in the knowledge base is used for query and inference
to find precise answers to the questions and provide the answers to the users.
• In addition, based on the structured data obtained through graph query, a readable
natural language text may be generated by using the text generation technology, for
example, generating some reports or answers to questions.
• Created in 2009, the Bitcoin system is a decentralized, peer-to-peer electronic cash
system.
• In the past, there used to be only one accountant who was the center of accounting.
Now, everyone participates in accounting. This is decentralization.
• In the past, ledgers were kept only by the accountant. Now, everyone is an accountant
and keeps their own ledgers. This is distribution.
• In the past, an account corresponded a person's identity. Now, an account does not
reflect an identity. It is a string of numbers and can be used only by digital keys, which
are also strings of numbers. This is encryption.
• In the past, people could only resort to the accountant to view ledgers and cannot view
accounts of other people. Now, everyone can view all transactions in all accounts at
any time. This is public ledger.
• In the past, accounting was controlled solely by the accountant. Now, everyone must
reach an agreement on who to have the accounting power, how to reward, and how
to confirm whether the account is valid. This is the consensus mechanism.
• In the past, only the accountant had control over ledgers. No one can do anything
when the accountant rewrites the transactions. Now, all accountants can only write in
but cannot modify ledgers. Even if you modify your own ledger, others will not
recognize the change. This is called tamper-proof.
• This simplified accounting system is a Bitcoin system.

• You can think of blockchain as a chat group consisting of all of your friends.
• A blockchain is a tamper-proof, non-repudiation data storage system which is jointly
maintained by multiple parties. It uses cryptography to ensure the security of
transmission and access, and data storage consistency. A typical blockchain stores data
in the unit of blocks.
• A hash value of a digital content segment can be used to verify data integrity. Any
minor change to the digital content leads to a significant change in the hash value. A
qualified hash algorithm can be used to easily calculate a hash value from the digital
content, but it is almost impossible to reverse calculate the original digital content
from a hash value.
• Public and private keys are the fundamentals of encrypted communication. A random
public-private key pair is generated by using an encryption algorithm. The private key
must be securely kept and accessible only to its owner. The public key can be made
public. A reliable encryption algorithm ensures that no one can use a public key to
calculate the mapping private key.
• The Merkle tree helps quickly verify the integrity of transaction data, that is, whether
the data has been tampered with. If the data has been tampered with, the calculated
hash value will be completely different. For example, even if only a decimal point has
been moved among 4,000 transactions, the Merkle root hash value will reflect the
change.
• Proof of Work (PoW) is a proof that you have done some amount of work. It is usually
inefficient to monitor the whole process of work. However, it is efficient to prove that
you have done some amount of work by verifying the result of your work. For example,
a graduate certificate and a driver's license are proofs obtained by verifying the results
(passing exams). A PoW system (or protocol, or function), is an economical way of
deterring denial-of-service attacks and other service abuses by requiring some amount
of computation from the service requester, usually indicating some amount of
processing time by a computer. This concept was first introduced by Cynthia Dwork
and Moni Naor in a 1993 journal article. The term "proof of work" (POW) was first
coined in a 1999 article by Markus Jakobsson and Ari Juels.
• Byzantine Fault Tolerance (BFT) is a type of fault tolerance technology in distributed

computing. A Byzantine fault is a model of a real-life hypothesis. In a computer system,
computers and the network may present unexpected behaviors due to faulty hardware,
network congestion or interruption, and malicious attacks. Byzantine fault-tolerant
techniques are designed to handle these exceptions and meet the specification
requirements for the problem to be solved.
• A smart contract is a public code logic that runs on a blockchain, and its execution
result is reliable, forgery-proof, and tamper-proof.
• 1.0: Bitcoin: a dedicated system 2009
• 2.0: Ethereum: extending to digital assets 2013
• 3.0: Hyperledger: applicable to enterprises excluding currency 2015

• 1.0: Bitcoin: a dedicated system 2009
• 2.0: Ethereum: extending to digital assets 2013
• 3.0: Hyperledger: applicable to enterprises excluding currency 2015

• Huawei Blockchain is based on the open-source Hyperledger Fabric project.
• Huawei has long been present in the blockchain industry and has been a solid
contributor to the industry.
• P: peer node
• Endorser role: Executes and endorses transactions.
• Committer role: Checks and finalizes transactions.
• O: orderer node
• Ordering role: Orders all transactions into blocks according to the agreed ordering
implementation.
• Peer: A fundamental element of a blockchain network. (Orderers are not shown in the
figure.)
• Ledger: Shared ledger. Each peer contains a copy of the same ledger data.
• Channel: Peers in a channel share the same ledger. Channels isolate data.
• Organization: An organization corresponds to a participant in a blockchain and can

have multiple peers.
• Application: A blockchain application. Organizations in a blockchain network may use

different applications to implement different functions.
• DApp
• A decentralized application (DApp) communicates with the blockchain network

through peers and orderers to send transaction proposals.
• Fabric SDK
• The DApp uses the Fabric SDK to communicate with the blockchain network.
• Enterprises can quickly build secure blockchain systems through easy deployment,
management, O&M, and development.
• Professional technical services and industry solutions help enterprises quickly deploy
services on the blockchain.
• Deployment completed in minutes, support for Fabric JDBC, as easy to operate as a
database
• Leverages the auto scaling, fast fault recovery, and disaster recovery capabilities of
HUAWEI CLOUD's high-performance compute (including cloud container engine),
network, and storage services to ensure high reliability and availability.
• Uses Chinese cryptographic algorithms SM2/SM3/SM4, and homomorphic encryption

with proofs for equality and range proofs
• First Fabric-based platform to support Fast Byzantine consensus algorithm (FBFT)

consensus (5,000+ TPS) and Kafka consensus (10,000+ TPS).
• Supports hybrid cloud deployment and multi-cloud interconnection. Huawei and SAP
have jointly completed the first cross-cloud blockchain interconnection.
• Built based on Docker and Kubernetes, highly reliable and scalable, fully collaborative
with other clouds, no data expansion or performance issues
• Dynamic join-in: Allows consortium members to be invited dynamically and quickly.
• Auto node scaling and quick fault rectification can be achieved with Kubernetes.
• Flexible deployment: Supports private and consortium blockchains.
• Interconnectivity: Fully utilizes existing IT infrastructure to connect to related

ecosystems and partners.
• Homomorphic encryption solves the problem.
• Range proofs and proofs for equality are used for homomorphic encryption with a
verifiable range.
• SM2: ECC-based asymmetric encryption algorithm This algorithm is public. It provides
faster signature and key generation than RSA.
• Uses ECC-based 256-bit algorithm, providing higher security than RSA 2048-bit, and
operates faster than RSA.
• SM3: message digest algorithm, which is comparable to MD5. This algorithm is public.
It provides 256-bit verification results.
• SM4: packet data algorithm based on the WLAN standard. Symmetric encryption with
both key and packet lengths of 128 bits.
• Centralized deployment: All services are deployed in HUAWEI CLOUD.
• Hybrid deployment: Some services are deployed in HUAWEI CLOUD, and the other
services are deployed in the customer's private data center.
• Decentralized deployment: All services are deployed in the customer's private data
center.
• Financing information cannot be verified due to information silos in supply chains.
• The credit of core enterprises cannot be effectively transferred. In accordance with the
Contract Law, core enterprises only sign contracts with tier-1 suppliers and are not
involved when tier-1 and tier 2 suppliers sign contracts. As a result, the credit of core
enterprises cannot be transferred to different tiers of suppliers.
• Banks do not have trusted data of SMEs. In the existing banking risk control system,
SMEs cannot prove trade relations or get funding from banks, and banks cannot
acquire customers from or lend money to supply chains.
• Financing is difficult and costly. The widespread credit sales means that upstream
suppliers are often short of cash, and yet it is difficult for them to be granted high-
quality loans from banks without the endorsement of core enterprises.
• Agreed settlements cannot be automatically completed. Uncertainties accumulate if

multiple tiers of suppliers are involved.
• Trusted supply chain finance: an efficient, reliable, and traceable trading platform
• Answer: 1
▫ ABC
• Answer: 2
▫ ABCD
• Definition: Traditional campuses refer to industrial campuses. Campuses here refer to
areas with boundaries and a single operation entity.
• However, the current campus construction cannot keep up with the technology
development. The service system is not planned in a unified manner. The construction
and operation costs are high. In addition, after the construction, the homogenization is
serious, and the service experience is not significantly improved.
• By building a secure, open, and sustainable smart campus digital platform, Huawei
integrates new ICT technologies such as cloud computing, Big Data, IoT, mobile
Internet, and AI to redefine smart campuses.
• Streamline the campus subsystems and connect device, edge, network, and cloud to
manage objects comprehensively, support rapid development of campus services, and
help customers implement digital transformation.
• Next, let's look at some new ideas of Huawei's smart campus construction.
• Redefine the mode to achieve smart campus:
• In the past, the campus system was electronic. Now, it is digital. However, the campus
has two problems. One is that subsystems are constructed separately without linkage.
The second is data silos. Data is not unified, and data value is not mined. Huawei's
smart campus digital platform connects systems, converges data, and uses AI to
implement service convergence and support rapid service development and innovation.
• Redefine the innovation mode. Improve the service development and innovation
efficiency based on the unified data foundation and platform architecture.
• This platform connects all campus subsystems. Data of all subsystems is aggregated to
this platform to form a data lake with a unified data foundation. Then, it provides
services through APIs, making application development more agile and supporting
quick rollout of new services.
• In addition, this platform can support multi-campus management and replication.
• It provides lower-level connection standards to enable quick access of each subsystem,

builds an ecosystem for applications on the efficient platform, and supports
personalized requirements. With this platform, the campus can be flourished, and
unified operation and O&M can be implemented to reduce repeated investment and
reduce costs.
• Huawei's overall goal of building a smart campus is to achieve full connectivity, full
convergence, and full intelligence based on a unified digital platform to support
campus service innovation.
• On the one hand, we should manage operations in a standardized manner internally

to improve operational efficiency and reduce operational costs, including:
• Break service silos, enhance inter-system linkage management capabilities, and

improve operation efficiency; accumulate campus management big data, support real-
time decision-making on campus operations, and reduce operation costs. In addition,
we can provide high-quality services to improve technology, security, and comfortable
experience, including:
• Provide secure, comfortable, and free space for enterprise employees and visitors, and
provide high-tech, valuable, and warm services.
• The smart campus solution applies to the following scenarios: operation center,
comprehensive security protection, convenient access, facility management,
environment space, asset management, energy efficiency management, enterprise
service, and digital office. Industry-specific application scenarios can be added to the
smart campus solution.
• The Intelligent Operation Center (IOC) is a platform for campus operation
management. It integrates new digital technologies such as IoT, big data, cloud
computing, AI, and GIS to support and build various innovative applications, build a
unified portal, and connect and manage subsystems in the campus. Through IOC,
unified and intelligent operation scheduling and management can be implemented.
• The smart IOC can visualize the campus status, control events, and manage services.
The details are as follows:
• Real-time monitoring and visualization of campus running status, enabling users to

comprehensively and intuitively learn about the overall campus situation;
• Manage daily equipment and facilities, and centrally dispatches and directs security
incidents;
• Analyze massive information based on the big data platform, implementing

monitoring, warning, decision-making, and response;
• Traditional perimeter protection uses infrared radiation. Even if leaves fall and block,
an alarm will be generated. The false positive rate reaches 99%.
• The video-based perimeter protection of the integrated security system uses the
camera and video analysis AI algorithm to implement precise perimeter intrusion
detection. The algorithm can identify whether an object in the video stream is a person.
An alarm is generated only when the object is a person and the object is crossing the
fence, greatly reducing the false positive rate. In addition, the system automatically
saves the video of the 15 seconds before and after the alarm for analysis and evidence
collection.
• Traditional patrol requires security personnel to patrol on site. Video-based patrol of
the integrated security system implements online security patrol through surveillance
videos on patrol routes, greatly improving patrol efficiency and reducing the workload
of security personnel.
• One person can monitor multiple patrol sites by automatically switching patrol videos.
During video playback, a window is displayed randomly to determine the security
guard status. After the patrol is complete, the system automatically generates a patrol
report.
• The facial recognition technology is used to implement face alert deployment on
criminals or other suspicious objects, realizing intelligent alarm reporting.
• The management personnel upload the face images of the persons to be monitored to
the system and create a face blacklist library. Then he can select a camera, deployment
list, and time for alert deployment, and enter the alert reason to create an alert task.
When a camera captures and recognizes a face of a person to be monitored, an alarm
is automatically generated. Administrators can view and confirm alert deployment
alarms and handle the alarms based on the alarm event process.
• When a fire emergency occurs, the system links the fire extinguishing system, video
surveillance system, access control system, parking barrier system, and broadcast
notification system to review and handle alarms in a timely manner, accurately notify
personnel in the fire area, reduce the response time, and greatly improve the security
management level and work efficiency.
• 24/7 facial recognition turnstiles and facial access control can replace security guards,
reducing labor costs. Employees, residents, and visitors can walk through the campus
without manual checking. This avoids the troubles caused by forgetting to bring cards,
manual registration on paper, and no permission for remote office access, thus to
improve the campus access experience.
• Visitors need to register for entering the campus. Complex management process and
single identity registration are important factors that affect user experience.
• Self-service guest reception: Guests can remotely fill in access applications through the
WeChat public account or campus app. After the applications are approved, guests
arrive at the site and pass through the site after license plate recognition and facial
recognition.
• Smart parking implements real-time parking space statistics collection through the app,
automatic license plate recognition and vehicle release, indoor parking guidance, and
payment through QR code, making parking more convenient and management more
efficient.
• Faults of campus devices are detected through phone calls, front-end warranty, and
property inspection. These faults are not detected in a timely and planned manner. In
addition, devices are managed by multiple vendors in a system, and data of each
system is isolated. Systems are not interconnected or intelligently associated.
• The smart facility management system is constructed based on the integrated facility
management platform. It uses an open system architecture and is compatible with
devices from various vendors. It streamlines service subsystems to implement unified
device monitoring and fault management.
• In addition, you can configure running parameters for multiple devices based on the
template, and remotely start and adjust device running in one-click mode, simplifying
management and improving efficiency.
• Smart conference room management allows operation personnel to view the real-time
room status of all conference rooms and reserve conference rooms in one-click mode
through the operation app. The system turns on the air conditioner and lights 10
minutes in advance. Remote adjustment of the conference environment (temperature,
wind speed, and light) can be made during the conference, reducing human
intervention and ensuring comfortable user experience; Resources are released in a
timely manner after the conference to reduce power consumption.
• Smart asset management uses RFID tags to manage the inbound, outbound, and
inventory of assets and detect and manage the real-time status of assets in specified
areas. We can achieve:
• Material location management and second-level stocktaking of materials in the

warehouse.
• Records of important goods moving into or out of the warehouse.
• Records of goods which are transferred or illegally moved with authorization.
• Unauthorized transfer or illegal movement of materials.

• IoT APs are installed at the gate of the campus to automatically read the RFID tag
data of assets at the gate and detect people going in or out.
• If an asset is carried out illegally, the system automatically generates an alarm, which
turns into a security event. Then the system notifies the security guard and asset owner,
and automatically records and saves the video.
• The asset management application can also be associated with the GIS system to
query the movement track of assets in the campus online.
• Smart energy efficiency management displays the energy (water, electricity, gas, and
heat) overview data of campuses, regions, and buildings on a campus map. It monitors
the status and dynamic energy information of campus devices by floor, department,
device system, and power distribution system, and predicts power consumption based
on energy efficiency big data analysis. The energy efficiency diagnosis professional rule
library collects expert knowledge about energy management and device running
control, diagnoses the energy efficiency level, fault status, and control logic of each
device in each system in real time, and provides energy saving optimization measures
using simple engineering languages. This feature helps customers analyze the energy
saving of various facilities.
• The enterprise service can provide online and offline integrated property services for
registered enterprises in the industrial park, including property repair, decoration
application, visitor management, entry and exit management, bill query, information
release, and property leasing.
• The investment promotion management system provides one-stop full-process
investment promotion services for industrial park operators, including investment
promotion process management, project contract management, cost management,
performance management, and investment relationship management. It supports big
data analysis of the investment promotion industry, including industry chain panorama
analysis, enterprise profile, and industry development monitoring system.
• The digital office platform based on the Internet public cloud enables cross-regional
enterprises to collaborate with each other, improving the operating efficiency of
remote teams.
• The digital office platform provides messaging, unified authentication, address book,
audio and video call, cloud disk, intelligent inbox, multimedia conference, and small
program services. It connects to various terminals, including soft clients, conference
terminals, cash registers, printers, and recharge terminals, and supports multiple office
application scenarios, including mobile email, precise contact search in the address
book, HD conference team collaboration, to-do countersigning, and knowledge sharing.
• The digital office platform builds a fully-connected intelligent work platform to enable
borderless collaboration for enterprises.
• Team-centered mobile office and remote conferencing services; Connect online

applications to offline devices, facilitating the use of conference rooms, access control
systems, printers, and digital whiteboards. Unified service application entry, integrating
existing services and more new services through open platform interfaces; Provide
knowledge sharing to meet employee search, subscription, and precise
recommendation scenarios.
• Campus informatization is evolving from single-point intelligence to overall
intelligence. In terms of technology, multiple new ICT technologies, such as AI, IoT, big
data, 5G, video cloud, and GIS, are used together. Huawei's business transformation
and digitalization practices spawn the development of the Intelligent Campus Solution.
The digital platform that supports Huawei's core businesses is used to realize the
intelligentization of campuses. Gradually, an intelligent campus platform is set up and
used to incubate intelligent campuses for industry customers.
• Based on Huawei product portfolios and digital platforms, Huawei cooperates with
ecosystem partners to resolve customer problems. The digital platform is the core. The
ROMA, big data, video cloud, IoT, and GIS capabilities have been encapsulated, and a
large number of campus assets have been accumulated on the platform. For example,
video analysis, material models, integrated assets, theme libraries, and edge markets
can accelerate secondary development and integrated delivery of campus applications,
support 1+7 scenario baseline applications, and provide industry-specific scenario
solutions for different industries.
• The campus edge-cloud synergy architecture is derived from Huawei's more than 10
years of digital transformation practices and has been verified in Huawei's campus.
The platform has the capability of IT-OT (operation technology) integration, which is a
special advantage of HUAWEI CLOUD. It also has a mature edge-cloud synergy
architecture, Huawei's own device-side chips, and local service capabilities for toB
enterprises. (Click to switch slide)
• Currently, the smart campus solution is widely used in more than 10 industries, such as
residential parks, construction sites, buildings, exhibition halls, industries, logistics,
education, enterprises, blocks, chemicals, mines, and scenic spots.
• A large number of smart campus services are similar in various industries. Based on the
HUAWEI CLOUD digital platform, the solution has built baseline applications that
support 1+7 scenarios (including intelligent operation center, comprehensive security
protection, convenient access, asset management, facility management, energy
efficiency management, environment space, and smart office). Huawei provides
differentiated scenario-based solutions for different industries and ecosystem partners,
helping customers achieve overall intelligence of the campus, enable service innovation,
improve operation efficiency, and lead the simplified experience.
• The smart campus uses the edge-cloud synergy architecture. The devices are various
subsystems and devices of the campus. The edge side provides nearby edge video
analysis based on IEF. The edge ROMA Site is used for application integration on the
campus side, and various gateway products and devices are interconnected and
collaborate with the cloud. The cloud provides overall capabilities of the digital
platform, including integration of five types of core platform applications (ROMA, IoT,
video cloud and video analysis, data operation platform DAYU, and IEF). Based on the
platform, HUAWEI CLOUD accumulates five types of campus assets (video analysis
scenario, integrated asset, object model, theme library, and edge market) to accelerate
the construction of campus applications. (Click to switch slide.)
• The campus informatization construction has undergone the transformation from
electronic and information-based to digital and intelligent. After years of development,
the campus has accumulated a large number of service subsystems, such as security
protection, transportation, energy, asset, OA, and attendance subsystems. This vertical
intelligent subsystem is constructed in a pain-free manner, as a result, data silos exist
between campus application systems, and data cannot be effectively exchanged
between applications and devices, causing slow development and difficult innovation.
In addition, campus services are diversified. Large enterprises' campuses are distributed
in different areas and are restricted by geographical and network conditions. Data is
isolated between campuses, and unified operation and management cannot be
implemented. Campus applications, devices, clouds, and multi-campus integration are
facing challenges.
• The ROMA integration platform originates from Huawei's business transformation and
digital transformation practices and is applied to Huawei's campus services. It is the
core platform for campus digital transformation. Now Huawei opens its capabilities
and provides campus solutions and ROMA integration platform.
• ROMA provides integration capabilities oriented to four aspects: A-application
integration, B-multi-campus, partner integration, C-multi-cloud integration, and D-
device integration. Unlike traditional enterprise service bus (ESB) that is deployed in
centralized mode, ROMA integrates intranet applications. ROMA uses a distributed
deployment architecture to support cross-network hybrid cloud and multi-cloud
integration. In addition, it can integrate IT and OT technologies, leading the
development direction of digital transformation integration.
• Advantages of the ROMA integration platform:
• Support integration scenarios such as campus application data, devices, multiple

campuses, and multiple clouds, provide 50+ protocol access; Pre-integrate 100+
campus integration assets, shield technical differences, and facilitate application
integration;
• Based on the edge-cloud deployment architecture, it can streamline the physical world
and digital world and support the digital and intelligent transformation of campuses.
• Access of 50+ protocols in the campus
▫ Industrial protocols: MQTT, OPC-UA, and Modubus
▫ IT protocols: API, JDBC, Web Socket, message, and FTP
▫ Massive data DIS, MRS Hive, MRS HDFS, and MRS Hbase
▫ Business connector: Salesforce, SAP, Kingdee...
• 100+ pre-integrated campus application assets

▫ Pre-integrate security protection, facilities, energy efficiency, vehicles,
office, and operation assets, avoiding complex interconnection and
improving integration efficiency.
• Multi-campus hybrid cloud integration
• Cross-campus and cross-region security integration between intranet systems

and cloud in public, private, and hybrid cloud scenarios
• Device-edge-cloud synergy
• Connect campus devices and applications with AI to build smarter campus

services.
• The IoT platform is mainly used to connect campus IoT. It complies with the "device-
edge-cloud" architecture. The device side is mainly campus devices and subsystems,
such as parking and lighting systems. The edge side is our intelligent edge node, the
main functions of the cloud are deployed at the edge side, such as device association,
device access, and data management. The IoT platform provides two major functions:
device access and device management. The device access function supports multiple
networks, multi-protocol secure access; In the device management service, we provide
the full lifecycle management function for devices, and support core functions such as
device status monitoring, batch device operations, and device linkage. In addition, we
can use the data forwarding function to interconnect with other HUAWEI CLOUD
services, such as DIS, OBS, and VAS. The application partners can customize and
develop applications such as integrated security protection, convenient industry, and
IOC based on open application interfaces. The following table lists the three
advantages of Huawei IoT platform.
• Hour-level device access and 100+ protocols in the campus industry to meet cross-
system linkage requirements of the campus.
• 20+ physical models based on project accumulation. Customers can perform secondary
modification based on the models.
• The edge-cloud synergy video AI solution helps the campus implement comprehensive
identification, automatic warning, and linkage response of people, vehicles, objects,
and behavior, implementing intelligent campus. In campus scenarios, we have built
capabilities for facial recognition, personnel statistics, vehicle detection, intrusion
detection, security detection, personal feature recognition, and abnormal behavior
analysis in 7 fields and 40+ intelligent video analysis scenarios. The capabilities are still
being improved, Huawei will work with industry campus partners to train and release
industry AI models based on HUAWEI CLOUD ModelArts to build AI capabilities for
specific campus scenarios and industries.
• Campus intelligent video AI identifies and analyzes people, vehicles, objects, and
behavior in the campus to improve campus security and service experience. Example:
perimeter protection (wall climbing and dangerous areas), convenient access (non-
sensitive attendance and facial recognition gate), security patrol (fire and gathering),
personnel identification (blacklist and VIP), and vehicle identification (license plate
recognition and vehicle congestion)
• Currently, campus video analysis provides seven categories and more than 40 scenarios,
providing out-of-the-box intelligent analysis capabilities for campuses. Huawei can
work with partners to provide intelligent analysis capabilities for industry videos. The
intelligent video analysis capability of the campus and the campus IOC can improve
the overall operation efficiency of the campus and reduce the operation cost. For
example, China Overseas Property improves the overall operation efficiency by 30%
through campus video AI enablement, achieving energy saving and efficiency
improvement for campus operations. (Click to switch slide.)
• From the service perspective, the number of access systems and the data volume
increase. How to manage the data and guide business decision-making becomes a
challenge. From the technical perspective, there is no one-stop and end-to-end data
solution. The entire process from data integration, data lake, data modeling, data
standard management, data development, data quality, data asset management, to
final data service is long. The construction cost is high and the efficiency is low.
• DAYU is a one-stop operation platform that provides data lifecycle management and
intelligent data management capabilities. Enterprises can visualize, develop, and
integrate their data with DAYU. DAYU helps enterprises grow industry knowledge
bases with intelligence. Cloud-based big data storage and compute engines make it
easier for enterprises to rapidly grow their big data operations. HUAWEI CLOUD data
operation platform DAYU plays an important role in the overall architecture of the
smart campus. During the construction of the campus project, each subsystem collects
a large amount of data, for example, DAYU can aggregate vehicle data, pedestrian
access control data, facial recognition data, and device (street lamp) running data to
eliminate data silos and improve data value. The platform features efficient
development and analysis of data tasks, intelligent data governance, agile construction
of data services, and panoramic visualization of user services. It helps campuses
accumulate data assets, accelerate campus data sharing and digital transformation,
and improve the value of campus data.
• A large number of devices and applications, such as security protection, weak current,
and office devices, are deployed in customer equipment rooms. The smart campus
solution introduces cloud application integration, IoT, AI, and big data capabilities,
bringing challenges to cross-cloud and cross-network secure access and latency.
• Currently, HUAWEI CLOUD Intelligent EdgeFabric (IEF) pushes HUAWEI CLOUD

capabilities to the edge through the edge container base to better adapt to the
customer's service deployment and running environment. It meets users' requirements
for edge AI video analysis, edge data storage and analysis, edge application integration,
device integration, and edge application deployment, and provides users with complete
integrated services of edge and cloud collaboration.
• IEF integrates multiple systems, such as the smart visitor system, intelligent security
protection system, campus smart Wi-Fi, and smart campus information release system,
to build a complete and industry-leading smart campus solution. This solution resolves
the following pain points: complex campus scenarios, passive response after security
events, poor user experience, high costs of property management personnel, and low
efficiency.
• Huawei's digital office has experienced four development phases: Notes office, web
office, mobile office, and digital office. Currently, WeLink serves 190,000 employees in
1023 offices in 170 countries, with an average of 12 million connections per day. Based
on Huawei's digital office practices, HUAWEI CLOUD WeLink builds a fully-connected
digital work platform that connects people, services, knowledge, and devices for
enterprises, and builds a secure, open, and intelligent workspace for enterprises to
facilitate their digital transformation.
• Connecting people: Integrates messaging, email, group, cloud space, and audio and
video collaboration modes to improve the collaboration efficiency between individuals
and teams.
• Connecting services: Quickly integrates existing enterprise services, enriches the

enterprise application ecosystem, shortens the enterprise development process, and
reduces IT costs.
• Connecting knowledge: Builds a new-generation enterprise knowledge community

based on knowledge graphs.
• Connecting devices: Interconnection between people and devices and between devices,
zero learning cost, and improved office equipment usage efficiency.
• Finally, let's summarize the advantages of the HUAWEI CLOUD smart campus digital
platform from the following six aspects:
• HUAWEI CLOUD Smart Campus Solution is developed based on its own campus
practices. Huawei puts its applications on HUAWEI CLOUD to test them. Therefore, the
solution is verified by practices.
• Huawei has a full-stack integrated solution that integrates devices, edges, and clouds.
It has unique advantages in terms of architecture rationality, cost-effectiveness,
performance, and latency. A large number of IT systems and OT devices are deployed
in the campus. HUAWEI CLOUD ROMA/IoT can effectively integrate IT systems and
devices, the solution solves various integration problems such as ABCD, eliminates
information silos, and implements full connection of people, vehicles, and things in the
campus.
• Provides full-stack video AI capabilities, covering capabilities such as device-side

cameras, edge video analysis, and cloud-based video access. It supports more than 40
intelligent video analysis algorithms and provides unified data access, data storage,
data governance, and data analysis capabilities. Based on HUAWEI CLOUD's practices
in the industry, a large number of campus assets have been accumulated, this reduces
the complex integration and development work in the early phase of the project,
simplifies the work, and shortens the project period.
• As a well-known real estate development service provider in China, China Overseas
Property has long planned the smart campus implementation plan. However, during
the practice of smart campus, it faces many problems. The typical problems are as
follows:
• At the early stage of technical implementation, the project is mainly implemented in a

single project or system. There is no unified platform to support large-scale and
standardized quick replication.
• The process is still operated by single project, and there is no organizational process
transformation, job reduction, or efficiency improvement.
• China Overseas Property realized that smart campus needs to be build based on a
digital platform, focusing on the "two insurances and one experience" application that
can quickly bring profits and building the core system of the smart campus.
• At the same time, a process team is set up to closely collaborate business departments
and technical departments. The technical solution and organization process
transformation drive the large-scale implementation of the smart campuses.
• Huawei has set up a special team for the China Overseas Property Smart Campus
Project. After several rounds of discussions, the team has worked with China Overseas
Property to develop the service plan and technical solution for the project.
• Platform construction: Based on HUAWEI CLOUD services, build a smart campus cloud
platform to provide service capabilities such as IoT access, AI intelligence, and data
operation center, supporting fast innovation of campus services.
• System access: ROMA and edge computing are used to build a decoupling architecture
for campus subsystems. Existing subsystems are connected by phase to build a
standard and output to the industry.
• In terms of application scenarios, the following four scenarios are preferentially

implemented: vehicle management, pedestrian management, security management,
and equipment room management.
• Benefits to customers:
• Precise perimeter intrusion detection and intelligent video patrol improve management
efficiency and reduce labor costs.
• Efficient vehicle access and self-service access improve customer experience.
• Integrated access and unified management with IOC support. Operations data analysis
to support business decision-making
• Answer: A
• The global digital economy is developing rapidly. More than 67% of the top 1,000
enterprises, including traditional enterprises, are undergoing digital transformation.
The overall digital economy is growing rapidly, bringing huge market potential.
• To better support digital transformation across industries, IT technology evolution

brings more challenges and innovations.
• Currently, the intelligent edge scenario mainly covers four sub-scenarios: OCR, visual
detection, facial recognition, and abnormal behavior detection. These sub-scenarios
have the following similarities:
▫ A large amount of duplicate data is stored and processed at the edge, which is
safer and faster than in the cloud while saving cloud bandwidth.
▫ Applications and computing power at the edge are controlled and scheduled by
the cloud, reducing customers' routine management and O&M workload.
▫ EI or big data capabilities in the cloud are used to improve service efficiency and
functionality.
• Background:
▫ Edge-cloud synergy is mainly used in the following three sectors. The specific
success stories will be introduced in the following slides.
▫ In the industrial sector, such as the PV scenario, the quality of PV cells has a
great impact on the performance and service life of PV plants. Therefore,
manufacturers pay high attention to the quality. Production line workers can
check a maximum of 10,000 to 20,000 cells in one day. The work intensity is
high, which may increase the false positive rate. Visual quality inspection in PV
cells delivers a detection rate of more than 99.9%, greatly improving the quality
of PV cells.
▫ In shopping malls and supermarkets, edge computing is used to deliver some AI

capabilities, such as head counting and customer flow heatmap, to edge nodes.
This makes up for the lack of AI capabilities of common cameras. In this way,
edge nodes can report data to DIS in the cloud. Face detection is used to
accurately identify VIP customers in real time and analyze and collect statistics
on the store customer flow and customer flow heatmap, improving the store
operation efficiency.
▫ In the logistics sector, competition between logistics companies is increasingly

fierce. For example, YunDa Express relies on the three-segment codes and
address information pushed by Cainiao. YunDa Express wants to use OCR to
replace the three-segment codes and address information. Five years ago, YunDa
Express started to build its own address library. The company aims to construct a
user information library based on OCR.
• If you have requirements on both device integration and application integration,
ROMA is your best choice. This is because ROMA provides not only device integration
capabilities but also powerful system integration capabilities. The device integration
capabilities are implemented by ROMA LINK, which supports access from devices using
different protocols, supports integration between devices and IT systems, and bridges
the digital divide between IT and OT to implement comprehensive integration of
devices, messages, data, and APIs.
• MCP is a multi & hybrid cloud container solution provided by HUAWEI CLOUD based
on years of experience in the cloud container field and advanced cluster federation
technology of the community. It provides unified management of multiple clusters
across clouds and unified deployment and traffic distribution of applications in
multiple clusters to resolve multi-cloud DR issues. MCP can also be used in scenarios
such as traffic sharing, decoupling of data and service running, separation of
development from production, and decoupling of computing and service running.
• The edge-cloud synergy solution consists of three sub-solutions:
▫ First, intelligent edge container, that is, IEF. Typical applications are edge OCR
and facial recognition.
▫ Second, edge-cloud application integration, that is, ROMA. It can integrate both
devices and applications.
▫ Third, collaborative scheduling of containers deployed on premises and in the

cloud. Usually, MCP is used in this scenario. The following slides describe these
scenarios one by one.
• Background:
▫ Intelligent EdgeFabric (IEF)
▫ MCP: a platform for scheduling hybrid cloud containers
▫ ROMA: an application & data integration platform

• Let's have a look at the features of the intelligent edge container.
▫ Consistent container and Kubernetes ecosystem between edge and cloud:

Applications only need to be built once to run anywhere. In addition, edge-cloud
applications can be provisioned and managed in a unified manner.
▫ Cloud-edge synergy: 40+ AI algorithms, IoT, time series DB, and stream
computing are extended to the edge, enabling interworking with 10+ cloud
services.
▫ Local governance: Services are managed locally when the edge network is
unstable or jitter occurs.
▫ Integration with Huawei's Kunpeng and Ascend infrastructure: Edge AI inference

improves the computing cost effectiveness by 30%.
▫ Ultimate lightweight runtime

• Benefits
▫ The integration channel between cloud and on-premises applications is

streamlined, which allows you to focus on service convergence and innovation
without paying attention to differences between cloud and on-premises networks.
▫ Data, API, message, and process integration is simplified.
▫ Visualized management is achieved for API assets, facilitating monitoring and

O&M.
• Industry trend: Under the guidance of top Internet companies, pan-Internet enterprises
have reached a consensus on implementing efficient O&M and fast scaling of services
based on the container technology that uses computing resources.
• Smart campus XX is a fully-perceptive campus that allows occupants to quickly enter
and leave the campus. Traditional manual management is inefficient and has poor
security assurance. The intelligent management provides visitors with unperceivable
user experience.
• Video surveillance and AI analysis transform campus security from labor-intensive

protection to technology-intensive protection, improving campus operations efficiency
and user experience.
• Face detection in smart stores: The development of Internet technologies drives
intelligent transformation of the physical stores, that is, transforming to smart stores.
With face detection, the customer categories (general or VIP), historical consumption,
and interests can be identified immediately when a customer enters the store. In this
way, on-site sales personnel can take appropriate marketing measures.
• In this solution, cameras are located at the device side, and various applications
delivered by the cloud are deployed and executed at the edge side, for example, facial
recognition, flow monitoring, and heatmap analysis. The cloud is responsible for
pushing and lifecycle management of these applications as well as training and
optimization iteration of facial recognition models.
• In this way, services are processed locally, reducing latency and providing real-time
guidance for onsite sales activities. In addition, edge nodes are managed by the cloud,
facilitating O&M, reducing costs, and improving efficiency.
• It is found that many industrial manufactures invest heavily in manpower on quality
inspection, that is, inspection by human eyes. This manual inspection is labor-intensive
and delivers low efficiency. Therefore, visual inspection is one of the core requirements
of many manufacturing enterprises.
• Visual inspection has higher requirements on edge devices because visual quality
inspection is performed at the edge side. The cloud is responsible for model training,
including training of the original models before deployment and training of models
continuously optimized after deployment. IEF delivers the trained models to edge
nodes for execution.
• What are the competitiveness of this solution? First, local execution of models reduces
the latency to less than 2 seconds. Second, the quality inspection effectiveness is
greatly improved. Last, the unified scheduling of computing power at the edge and
automatic model training reduce the O&M costs of the customer.
• Answer:
▫ AC
• DeC is a comprehensive solution for enterprise, Government, finance and other
customers, providing compute, storage resource pools, and multi-level network and
control isolation model. Tenants have exclusive access to their own resources pools
and are physically isolated from other public tenants to meet the different
requirements of specific performance, service applications, and security compliance.
• Optional cloud service management node
▫ Basic Edition：1+
▫ Security-Enhanced Edition :1+
▫ Large-Scale Editon:1+
• Advantages
▫ Simple and fast: VPC Endpoint can be directly connected without the need of
accessing Internet.
▫ Low cost: This solution does not use public network resources, reducing user costs.
• HSC Online supports the following scenarios:
• e-Government cloud: In the e-Government cloud scenario, HCS Online is the

foundation of cloud computing. It provides service capabilities at the basic support
layer and collection and aggregation layer, such as basic compute, storage, and
network services, and big data-related service capabilities. In addition, HCS Online
provides application support services such as data analysis and mining at the data
service layer. For the intermediate data resource layer, ISVs are generally
introduced to provide capabilities such as the data sharing and exchange platform,
data governance platform, data resource pools, and data resource catalogs.
• Industry cloud: The leader departments (country/ministries) of vertical industries
(such as government, tax, oil & gas, and electric power) plan the cloud platform
in a unified manner and build the cloud platform in the "center+N
provinces/companies" mode. The center performs global O&M and management
for the cloud platforms of each province or company.
• Industry clouds must meet the following conditions:
• The industry department takes the lead in unified planning and builds the cloud
platform in "center+N branches" mode.
• The center centrally performs global O&M and management on cloud platforms
of all branches.
• The network architecture uses "center+branch" interconnection.
• The model can be implemented in the following formats: such as country+N

provinces, group company+N subsidiaries, province+N cities (restricted scenario) (N
≥ 3).
• Answer for question 1
▫ B
• Answer for question 2
▫ C
• Introduce the panorama of HUAWEI CLOUD industry-specific solutions, focus on the e-
commerce solutions, discuss how to adapt e-commerce services to deploy on HUAWEI
CLOUD and what problems need to be resolved, and use the Huawei VMALL as a case
to discuss how to perform in-depth reconstruction of e-commerce services based on
HUAWEI CLOUD.
• First, let's look at the panorama of HUAWEI CLOUD industry-specific solutions,
including 12 industries such as finance, e-commerce and retail, manufacturing, and
government. There are sub-solutions and best practices for each industry. You can
select an industry-specific solution.
• E-commerce has the following characteristics:
▫ Short-term surge in service access, such as Double 11, discount seasons, and
promotion seasons.
▫ Fast service rollout and iteration are required to meet ever-changing customer
requirements.
▫ The e-commerce website must be available 24/7. All upgrade and maintenance
operations must not affect service running.
▫ E-commerce involves user data and secure transactions and has high security
requirements.
• Based on the characteristics of the e-commerce business, let's look at the e-commerce
requirements.
▫ Elasticity: The system must be able to cope with exponential service peaks, have
elastic service capabilities and bandwidth.
▫ Performance: The computing, network forwarding, and storage performance can

handle massive concurrent accesses.
▫ Stability: Service interruption will cause a large amount of financial and customer
losses. Therefore, stability is the cornerstone of e-commerce.
▫ Independence: E-commerce has high security requirements and the security of e-

commerce tenants must be ensured on the cloud.
▫ Analysis: E-commerce companies need to make intelligent recommendations for

their customers to improve sales.
• In addition, the requirements of e-commerce vary in different development phases. In
the early stage of e-commerce development, it is important to select a proper service
provider to support the long-term development in the future.
• Now, let's look at the first typical e-commerce scenario — e-commerce website
construction.
▫ E-commerce systems based on the LAMP (Linux/Apache/MySQL/PHP)

architecture can be deployed on a single machine or two machines working in
the active/standby mode in the initial phase.
▫ As the service scale expands, the single-machine architecture cannot meet the
requirements of high concurrency. Service logic processing and data processing
modules need to be separated. Service logic processing needs to be stateless, and
load balancing is implemented through load balancers to cope with high
concurrency. The main method of data processing is to load hot data to the
distributed cache to improve the access efficiency of hot data and reduce the
database access bottleneck. In addition, distributed message queues can be used
to implement asynchronous decoupling between service logic modules, improving
user experience and service architecture reliability. As the storage capacity of a
database increases, the database middleware can be used to implement
horizontal expansion of relational databases to cope with large-volume data
query and processing.
• This figure shows the service division and logic modules of e-commerce website
construction.
• Nowadays, more and more e-commerce companies use containers to carry the web
layer and service layer.
• The public cloud provides e-commerce customers with high-quality Internet access
capabilities and its elastic bandwidth and fast resource expansion capabilities can cope
with burst peak access. In addition, the public cloud provides a complete set of security
solutions. For example, the border layer is protected by Anti-DDoS and WAF, and the
database layer is protected by database firewalls and audit capabilities.
• Service scenario: enterprise's self-hosted e-commerce platforms and websites that are
in initial scales and used for small- and medium-sized e-commerce enterprises who
adopt B2C, B2B, B2B2C, O2O, and C2M models.
• Next, let's analyze the flash sales scenario, which features that massive concurrent
users need to be handled in a short period of time.
• Generally, the e-commerce platform separates the flash sales service entry from the
normal service entry. In this way, the normal e-commerce access is not affected during
the flash sales.
• In the flash sales scenario, a large number of instances are required to cope with
service peaks. With HUAWEI CLOUD AS, ELB, and CCE services, the elastic scaling
capability can be implemented in seconds.
• In addition, the Web layer and the service layer are integrated through the distributed
message queue of HUAWEI CLOUD. The main advantage is that a large number of
service requests are put into the message queue and then response to users. The
message queue prevents message blocking, which greatly improves user experience
and system processing efficiency.
• Loading the offering information to the HUAWEI CLOUD distributed cache in advance
can minimize the impact on the relational database.
• E-commerce website acceleration is also a common scenario.
▫ E-commerce involves many images and videos of goods. If these contents are
placed on the web nodes of e-commerce websites, the web nodes may encounter
bottlenecks. However, with CDN, the data will be delivered to the CDN node
nearest to the user, greatly improving the website loading speed.
▫ In addition, HUAWEI CLOUD OBS works well with CDN to store images, static
web page files, and videos of e-commerce websites. Each object has a unique
URL in the OBS bucket. OBS can be directly configured as the origin server of
CDN. CDN and OBS work seamlessly to accelerate websites.
• With the development of technologies, smart e-commerce has more scenario-based
applications, including facial recognition and login, OCR identification of license texts,
e-commerce content review, and instant translation.
• For e-commerce logistics management scenarios, E2E intelligence from packing to

delivery can be provided.
• The e-commerce intelligent customer service is also widely used, which can greatly
improve the problem solving efficiency.
• HUAWEI CLOUD provides the preceding intelligent applications and scenarios with
matching EI capabilities and best practices.
• With the development of technologies, smart e-commerce has more scenario-based
applications, including facial recognition and login, OCR identification of license texts,
e-commerce content review, and instant translation.
• For e-commerce logistics management scenarios, E2E intelligence from packing to

delivery can be provided.
• The e-commerce intelligent customer service is also widely used, which can greatly
improve the problem solving efficiency.
• HUAWEI CLOUD provides the preceding intelligent applications and scenarios with
matching EI capabilities and best practices.
• Next, let's look at a smart e-commerce solution.
▫ The following problems may occur during e-commerce operation:
▪ Vehicle dispatching path planning: When vehicles and delivery paths are
dispatched, orders and delivery points are selected based on experience.
This results in a disorder of vehicle tracks on the map and high overall
costs. This results in a disorder of vehicle tracks on the map and high
overall costs.
▪ Warehousing planning: The goods in the logistic warehouse are scattered

and changeable. The picking personnel have to search for goods, which
takes much time and energy.
▪ Invoice identification: Invoices are checked and logged based on details in

manual invoices, which is complex and time consuming.
▪ Sales prediction: The data of various retail platforms cannot be accurately

predicted to help guide production and logistics.
▪ Big data platform: As a centralized platform, the big data platform cannot
share data capabilities with other business departments.
▫ HUAWEI CLOUD provides the following services or platforms to solve the
problems:
▪ Intelligent logistic service: combines Huawei best practices and adopts

multiple optimized algorithms to provide vehicle dispatching path planning,
warehouse planning, and OCR invoice identification.
▪ Machine learning platform: standardizes sales prediction templates through

Notebook programmable ways.
▪ Big data cloud platform: The EI big data platform is used to migrate an
offline system to cloud to facilitate access nationwide.
• Precision marketing is a basic capability for e-commerce platforms. Precise user models
are built for individualized recommendations based on in-depth mining and analysis of
data such as massive user access and transactions.
• The big data base of HUAWEI CLOUD provides big data storage, analysis, and machine
learning capabilities to obtain user profiles and work for the recommendation engine.
• The main purpose of the e-commerce omni-channel middle-end solution is formed
based on the common basic functional modules of e-commerce, such as the
commodity center, member center, and inventory center. E-commerce companies only
need to develop front-end modules based on personalized requirements of their users.
• In the omni-channel middle-end solution, the back-end layer is mainly the database
related to the service module. Each module has its own database, which facilitates the
expansion and upgrade of each module.
• Let's look at a real e-commerce case.
• VMALL faces the following three problems before microservice reconstruction:
▫ The decoupling is not complete, and code reuse is difficult. The transaction and
promotion logic is integrated in the web, app, and WAP frontend GUI modules as
a shared library, and multiple versions are provided.
▫ The module granularity is large, the logic is complex, and the response speed is
slow.
▫ Multiple modules share the same database, resulting in complex maintenance.

• Huawei VMALL establishes domain models to identify process services and basic
services. Process services can flexibly respond to business process changes. Basic
services provide reusable basic domain capabilities. After splitting, microservices are
highly cohesive, loosely coupled, and not associated with databases, facilitating
independent development, deployment, and maintenance.
• Basic services have been transformed to use the container technology, better
implementing CI/CD in the e-commerce service module.
• Next, let's look at the elastic scaling and high availability architecture of VMALL.
▫ Clusters are created in the microservice modules. The fault of any node does not
affect the microservice. Microservices support dynamic scaling service registration
and discovery.
▫ Services are carried by the HUAWEI CLOUD CCE service, which supports
container load compatibility and automatic scaling policy configuration.
▫ Data is highly reliable based on the master/slave architecture, and read/write

isolation is implemented using read replicas.
• Let's look at the service value of the VMALL microservice after reconstruction.
▫ After the order transaction system was brought online, it effectively supported
large-scale promotion activities, involving tens of millions of order transactions
and tens of billions of order amount.
▫ It solves delivery bottlenecks and most requirements are delivered and brought
online in advance.
▫ Up to now, no major problems have occurred.
▫ The system proactively sorts out and optimizes businesses such as shopping carts,
orders, and marketing activities to improve user experience.
• Let's look at the service value of the VMALL microservice after reconstruction.
▫ After the order transaction system was brought online, it effectively supported
large-scale promotion activities, involving tens of millions of order transactions
and tens of billions of order amount.
▫ It solves delivery bottlenecks and most requirements are delivered and brought
online in advance.
▫ Up to now, no major problems have occurred.
▫ The system proactively sorts out and optimizes businesses such as shopping carts,
orders, and marketing activities to improve user experience.
• Answer 1:
▫ A

HCIP Cloud Service Solutions Architect V2.0 Training Material Part1

Uploaded by

Copyright:

Available Formats

You might also like

HCIP Cloud Service Solutions Architect V2.0 Training Material Part1

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

HCIP Cloud Service Solutions Architect V2.0 Training Material Part1

Uploaded by

Copyright:

Available Formats

• IT has evolved from Information Technology to Intelligence Technology.

• Technically speaking, IT covers chips, media, software, and services.

• However, from aspects of technical strength, Huawei has internally-developed chips in

• Based on the five series of chips in device-edge-cloud, Huawei is able to build up a

• RISC-V can separate reference instructions from extended instructions, so that

▫ Low power consumption: SSDs are more eco-friendly than HDDs.

▫ Lightweight: An SSD is 20 to 30 grams lighter than a 1.8-inch HDD.

▫ 900 GB: $0.XX/GB

▫ 3.6 TB: $0.XX/GB

▫ 15K SAS: $0.XX/GB

▫ 10K SAS: $0.XX/GB

▫ 7.2K NL-SAS: $0.XX/GB

• UNIX: The earliest multi-user and multi-task operating system. It is a time-sharing

• Kernel versions: Linux is not an operating system strictly. It is only a kernel in an

• AliOS: from mobile phones to IoT

• Yun OS pioneered in supporting cloud applications. Cloud applications provide a

▫ X6000 high-density server: It is a 2U high-density server with four nodes. Each

• Business application cloudification: Deploy office, management, and service

• Platform system cloudification: Accelerate enterprises’ data-driven processes and utilize

• Advantages: easy to develop, understand, and test and deploy.

• Advantages: Complicated enterprise services are classified based on reusable

• The ESB performs the following functions:

▫ Monitors and routes messages between services: replenishes the inventory;

▫ Clears communication faults between service components: handles exception

▫ Controls service versions and deployments: More flexible control of service

▫ Completes tasks to ensure service communication quality: event processing, data

▫ Flexible architecture expansion, faults isolated between each node.

▫ Difficult maintenance of a high number of servers in an architecture with more

▫ Even demanding requirements on network stability due to more frequent

• Aggregation service layer: aggregates, tailors, and processes background microservices

▪ One codebase, multiple deployments

▪ Explicit declaration of dependencies

▪ Configuration stored in the environment

▪ Back-end services used as additional resources

▫ Building, publishing, and running

▪ Strict separation of building and running

▪ One or more stateless processes to run applications

• Cloud Container Engine (CCE) provides highly scalable, high-performance enterprise-

• With a serverless architecture, enterprises do not need to create or manage servers.

• Container: A suite is divided into multiple cubicles (capsule-style apartments). Each

• Dedicated Enterprise Storage Service (DESS) provides dedicated HUAWEI CLOUD-

• File storage: Data is stored in directories and files such as C:\Users\Downloads\text.doc.

• How can the O&M workload be reduced?

▫ Deploy data nodes and service nodes on their different servers.

▫ Adapt the number of servers as workloads change.

▫ Make service traffic to be automatically distributed to multiple servers.

▫ Complete the ICP licensing for the website.

▫ IT network devices, such as servers, storage devices, switches, firewalls, and

• In summary, the following problems exist:

▫ Initial investment is high.

▫ Labor cost is high, for it is difficult to employ professional O&M personnel.

▫ Professional O&M tools and process construction require a large amount of

▫ Virtualization layer: implements cross-DC clusters or replication through

▫ Database layer: uses database replication tools, such as Oracle DataGuard, to

▫ To ensure the effectiveness of DR data, the cost of constructing networks

▫ The DR capacity cannot be accurately predicted. As a result, the DR capacity is

▫ DR construction is a professional process, bringing costs increase in processes,

▫ Physical locations, including boundary security, service partition isolation, unified