Professional Documents
Culture Documents
HCIP Cloud Service Solutions Architect V2.0 Training Material Part1
HCIP Cloud Service Solutions Architect V2.0 Training Material Part1
HCIP Cloud Service Solutions Architect V2.0 Training Material Part1
• The five chips will work at the compute, management, AI, storage, and transmission
layers respectively, to form a collaborative "intelligent computing” troop in the AI field.
• Faced with AlphaGo's owner Google, who designed the tensor processing unit (TPU),
the chip veteran Intel, the new player in AI, NVIDIA, and the vendors coming from the
Internet industry, Facebook and Amazon, it is hard to predict whether Huawei can
outperform those competitors. Some people may be more pessimistic about Huawei’s
future.
• Compared with complex instructions, reduced instruction set computers (RISCs) are
25% simpler in instruction fetch and have unique advantages in speed and power
consumption.
• The ARM processor family are named after Cortex, including Cortex-A, Cortex-R, and
Cortex-M, which apply to different business scenarios. Cortex-A is designed for
consumer products such as smart phones and tablets; Cortex-R for solutions such as
the automobile braking system and power drive; Cortex-M for microcontrollers, which
are sensitive to costs and power consumption.
• Intel has always adhered to the business model of the entire industry chain, while ARM
has its open, cooperative business model.
• Solid state drives (SSDs) have a simple internal structure. An SSD has a PCB board
inside. The basic components on the PCB board are a controller chip, a cache chip
(absent in some low-end drives), and a flash memory chip.
• Not having mechanical parts such as magnetic heads, spindles, rotating motors, and
other moving parts that are integral to hard disk drives (HDDs), SSDs are free from
mechanical faults and can work properly in case of collisions, shocks, and vibrations.
Compared to HDDs, SSDs have absolute advantages in performance, reliability, power
consumption, and portability. These advantages have enabled SSDs to be widely
adopted in a wide range of industries.
• Advantages of SSDs:
▫ High-speed reads and writes: SSDs use flash memory chips as the storage media
and deliver higher read and write speeds than HDDs. SSDs do not have magnetic
heads, and the seek time is almost 0. SSDs have an amazing continuous write
speed. Most SSD vendors claim that their read and write speeds exceed 500 MB/s.
Apart from that, SSDs behave even better in random reads and writes, which are
more frequent in common data scenarios. SSDs are also superior to HDDs in the
access time. Their seek time is 0.1 ms or less, far shorter than 7200 rpm HDDs’,
12 ms to 14 ms.
▫ Robust against shocks and vibrations: HDDs are disk-based, and data is stored in
disk sectors. SSDs are made of flash memory chips, which are also applied in
MP3 players and USB flash drives. SSDs do not have any mechanical components
inside. SSDs can work properly even when they are moving at a high speed or are
even rolled over. Data loss is minimized in case of collisions, shocks, and
vibrations.
▫ No noise: SSDs do not have mechanical motors or fans. The operating noise is 0
dB. Benefiting from flash memory chips, SSDs bring about little power
consumption and heat emission when they are operating. They are free from
mechanical failures due to no mechanical moving parts inside, and are insensitive
to collisions, shocks and vibrations.
▫ Wide operating temperature range: HDDs can operate properly in 5°C to 55°C.
Most SSDs can work at –10°C to +70°C. SSDs are smaller and lighter than
HDDs in the same capacity. SSDs are the same as HDDs in interface definitions,
interface specifications, basic functions, and usage, and are similar to HDDs in
sizes and shapes. Flash memory chips inside SSDs can operate properly at –40°C
to +85°C.
▫ Storage capacity: The maximum capacity of an SSD is only 4 TB. (Optimus MAX
released by SanDisk)
▫ Service life: Flash memory chips have a limited number of erasure times, causing
SSDs to have a shorter service life than HDDs. A P/E indicates one erasure of a
flash memory chip. The service life of a flash memory chip is measured by P/Es.
The service life of a 34 nm flash memory chip is about 5,000 P/Es, and that of a
25 nm one is about 3,000 P/Es. AS the SSD firmware algorithm improves, latest-
generation SSDs can suffer from fewer unnecessary data writes. A P/E is counted
only after a 120 GB file is written to a 120 GB SSD. If 50 GB is written to an SSD
every day and a P/E occurs every two days, a service life of 3,000 P/Es means that
the SSD can work for 20 years. The duration of 20 years is long enough because
by that time more advanced storage medium will already have appeared. (In
practice, users perform mainly random writes instead of continuous writes, and
bad sectors are more likely to occur within the service life.) Though theoretically
each sector of a single level cell (SLC) SSD can be erased for 100,000 times, some
applications, such as logging in an operating system, may repeatedly read and
write a sector. In this case, the actual service life of an SSD may be shorter than
the theoretical value. However, the life expectancy of storage units can be
prolonged using the balancing algorithm. As for the service life of writes, an SLC
SSD can be written 100,000 times, a cheaper multiple level cell (MLC) SSD 10,000
writes, and an even cheaper triple level cell (TLC) SSD 500 to 1,000 times.
▫ High prices:
▫ SSDs: $0.XX-$0.XX/GB
▫ 1.8 TB $0.XX/GB
▫ HDDs: $0.025-$0.26/GB
• A key obstacle to the performance of a data center is HDDs. The speed at which data
is transmitted at the opto-electronic method is 100 times slower than in flash memory.
• Non-Volatile Memory Express (NVMe) is a standard protocol for flash memory access.
It is efficient to alleviate the bottleneck that occurs when a flash memory chip
connects to a host through SAS or SATA, enabling faster communication between the
SSD and a host.
• Huawei OceanStor Dorado V3 supports both NVMe and SAS SSDs in a storage system,
which ensures the service quality of high-priority applications and maximizes the ROI
of customers. With SAN and NAS supported in a storage system and complete
enterprise-class features, Huawei OceanStor Dorado V3 provides high-quality services
for database and file sharing applications. In addition, the data reduction rate reaches
5:1, enabling both good performance and high efficiency.
• To maximize hardware performance and resource usage, enterprises' compute, storage,
network, and database resource pools are gradually shifting to distributed architecture.
• Windows: the most popular personal desktop operating system.
• Linux: Linux is a free and open UNIX-like operating system. There are many different
versions of Linux, and they all use the Linux kernel. Linux can run on various computer
hardware devices, such as mobile phones, tablets, routers, video game consoles,
desktop computers, mainframes, and supercomputers. Strictly speaking, the word
“Linux” refers only to the Linux kernel. In practice, people have been accustomed to
understanding “Linux” as an operating system that is built based on the Linux kernel
and uses tools and databases of GNU projects.
• Release versions: They are secondary development of the kernel version. There are a
number of Linux release versions, among which Ubuntu and CentOS are mostly widely
used. CentOS is recommended for beginners.
• HarmonyOS: An operating system designed for a variety of devices covering mobile
phones, computers, tablets, TVs, automobiles, and smart wearables. It is compatible
with all Android and web applications. HarmonyOS is a future-oriented microkernel. If
Android applications are recompiled on HarmonyOS, their performance will increase by
more than 60%. The development trend of operating systems will be the convergence
among personal computers, mobile phones, and intelligent hardware devices. Full-
scene applications will bring powerful synergy effect and call for an ideal operating
system. As IoT and 5G develop further, there will be more and more intelligent
terminal devices emerging. An operating system that is collaborative, secure, and
reliable will be the final choice.
• Fuchsia is better suited to different sizes of screens than Android. For the next three
years, Google plans to let Fuchsia first run on smart speakers and smart home devices,
then move to larger devices such as laptops, and eventually replace Android to be the
world's largest mobile operating system.
• Alibaba's AliOS, originally called Yun OS, was launched in 2011. It is developed based
on Linux and uses Alibaba Cloud VMs. In the early time AliOS was applied on smart
phones and was integrated with multiple Alibaba internally-developed applications,
including maps, input methods, browsers, and instant messaging tools. Mobile phones
with AliOS inside are privileged to use 100 GB cloud space and various cloud services
(such as maps and emails) provided by Alibaba Cloud. In addition, they can access
massive web services on the Internet through Alibaba Cloud’s cloud computing data
center, in a smooth way similar to using local applications. AliOS has brought smart
phones to the cloud era.
• In 2014, Yun OS debuted at the 2014 China Mobile Partner Conference. It caught
visitors’ eyes by the Powered by Yun OS ecosystem, which covered mobile phones, box
TVs, smart home devices, monitoring devices, access control devices, light control
devices, and curtains. In July 2014, Yun OS was included in the government’s
procurement list. Yun OS was the only one listed in the central government’s mobile
operating system procurement. In 2015, Alibaba showcased smart phones, smart
tablets, smart TVs, Tmall TV box, smart car machines, and smart home devices.
• However, Yun OS underperformed in the mobile phone market. In 2012, the planned
launch conference of Acer and Alibaba jointly developed A800 mobile phone was
canceled. The reason was that Google said that Acer, as a member of the Open
Handset Alliance, should not sell mobile phones running an incomplete Android
system. Therefore, Google did not allow Acer to develop and sell Yun OS mobile
phones. Google claimed that Yun OS was a branch of Android as it directly used the
Android runtime library, software framework, and development tools. However, Yun
OS was not completely compatible with Android and refused open source. Alibaba
expostulated that Google did not provide any evidence of cribbing, and that Yun OS
was not a branch of Android because Yun OS used Alibaba Cloud VMs. This VM
technology came from a company acquired by Alibaba.
• Alibaba did not succeed in the mobile phone operating system market. Currently, AliOS
is used in a few mid-range and low-end mobile phones. It can hardly compete with
Android and iOS.
• In 2014, Yun OS entered the embedded device market, and in 2017, changed its name
to AliOS. The new focus of AliOS has shifted to smart vehicles and IoT.
• Alibaba has established a complete set of systems for smart connected vehicles,
including PaaS and IaaS services and interconnection applications. Alibaba's
competitive advantage lies in the architecture and ecosystem of the scenario map
desktop + seamless and coherent service experience. It improves user experience
through voice interaction and online perception of vehicle maps.
• In 2017, the IoT embedded operating system AliOS Things officially started its open
source. AliOS Things allows devices to connect to the Alibaba Cloud. The ultra-low
power consumption and ultra-low memory requirements make AliOS Things applicable
to various small IoT devices, as well as to smart home, smart city, and new travel.
• Currently, there are three types of TaiShan 200 servers, which can cover mainstream
specifications and application scenarios.
▫ 2280 balanced server: The 2U 2-socket rack server configured with two Kunpeng
920 CPUs, supporting up to16 NVMe SSDs and 32 DDR4 DIMMs. It is applicable
to big data analytics scenarios.
▫ 5280 storage server: The 4U 2-socket rack server is configured with two Kunpeng
920 CPUs. Each server supports up to 40 drives. A single cabinet provides up to
5.6 PB mass storage capacity. The server is ideal for distributed storage scenarios.
• Software vendors are shifting from the traditional license sales mode to the software
service mode, and hardware vendors are shifting from the traditional hardware sales
mode to the resource service sales mode.
• Infrastructure cloudification: Migrate enterprises' IT infrastructure, including compute,
storage, network, security defense, and office desktop resources, to the cloud.
• Data collaboration and innovation: Migrate data to the cloud and share the data
within and between each enterprise. Use big data mining and AI technologies to
optimize enterprises’ operations and management, promote collaborative innovation
between enterprises, and incubate new business models.
• Cloudification is an inevitable trend. It drives enterprises to adapt to the digital
economy, accelerate their digital, network-based, and intelligentization transformation,
and improve their innovation capabilities.
• Along the evolution path of application architecture, application functions become
more and more specific.
• Feature: Monolithic architecture is free of complicated code invoking and unclear code
responsibilities in applications. However, service logics are still running in the same
process.
• Disadvantages: Increasing code functions bring complicated code logics, and cause
longer delivery periods, difficult maintenance, and poor scalability.
• Feature: The enterprise service bus (ESB) decouples applications, and modularizes
applications into each independent unit.
• The Internet industry is developing rapidly. There are a massive number of users,
whose requirements are changing all the time. The system architecture must be
flexible, easy to expand, and must maintain a high scalability and availability. The
microservice architecture is ideal for the Internet industry.
• Microservices are not silver bullets, while monolithic and SOA architectures are still in
use. Choose the most appropriate one from the three based on your own application
scenarios.
• Advantages:
▫ Various technology stacks are available to build services. Internet and open-
source technologies generate many efficient tools.
▫ The most appropriate tool can be chosen from multiple candidates to meet a
specific application scenario.
• Disadvantages:
▫ O&M expertise required because services are developed using diverse technology
stacks.
▫ Example: Netflix
• User device layer: browsers, smart TVs, handy tablets, game consoles, and media
players.
• Access layer: User traffic is processed using the AWS ELB service. The IaaS layer of
Netflix is totally deployed on the AWS platform.
• Gateway layer: External requests are reversely routed to internal microservices. Netflix
uses their internally-developed Zuul gateway. This gateway performs only cross-plane
functions (reverse routing, security defense, rate limiting, circuit breaker, and logging),
but does not implement service logics. Gateways are deployed in stateless mode and
depend on front-end ELBs for load balancing.
• Background basic service layer: This layer is also called the middle tier service.
• Data access layer: enables access to Cassandra NoSQL data storage (main data
persistence method adopted by Netflix), background services (Memcached, ZooKeeper,
S3, and SQS), and big data, and provides needed access tools.
• Cloud Native is an initiative that leverages the unique advantage of cloud computing
in deliveries to build and run applications.
• DevOps, continuous delivery, containers, and microservices are born suitable for cloud
scenarios. They are called cloud-native applications.
• The 12 factors of cloud-native applications:
▫ Codebase
▫ Dependencies
▫ Configurations
▫ Backend services
▫ Processes
• Cloud Container Instance (CCI) provides serverless container engines, which eliminate
the need to create or manage server clusters when running containers.
• Cloud Phone is a simulated mobile phone that runs apps on the cloud. The Cloud
Phone service provides cloud phones of various specifications for different scenarios.
Those cloud phones are able to run stably around the clock. Compatible with Android
native apps, they are powerful enough to run various large mobile games smoothly
and support mobile office. Cloud Phone offers a simulated app operating environment
with high performance, security, reliability, and compatibility.
• A VM is a complete operating environment composed of hardware infrastructure,
intermediate software layer, guest OS image, and application layer. The intermediate
software layer, hypervisor, is a hardware virtualization platform. It runs in the kernel
mode of the host OS to monitor and manage the VM. The Guest OS is the operating
system running on the VM.
• Applications in a container run directly on the host machine. The container does not
have virtual hardware or its own kernel. It is a lightweight virtualization technology.
• Physical server: One household lives in one building with an independent foundation
and an independent garden.
• VM: One building contains multiple suites, and each suite holds one household. The
households share the foundation and garden, and have their own independent
bathrooms, kitchens, and broadbands.
• Object storage: Each piece of data has a unique ID. Data and metadata are packaged
as an object and are stored in an ultra-large pool. You can access the object
immediately by reporting its ID but the object is accessed as a whole. As shown in the
preceding figure, corn kernels are stored in a can, and each can of corn has a unique
factory number.
• HUAWEI CLOUD provides various network cloud services to help enterprises build on-
cloud networks, on-cloud interconnection, and hybrid cloud networks.
• Identity and Access Management (IAM) provides identity authentication and
permissions management. With IAM, you can create users for employees, applications,
or systems in your organization, and control the users' access to specified resources in
your account.
• Cloud Eye is a multi-dimensional resource monitoring platform. You can use Cloud Eye
to monitor the utilization of service resources, track the running status of cloud
services, configure alarm rules and notifications, and quickly respond to resource
changes.
• Cloud Trace Service (CTS) records operations on cloud resources in your account. You
can use the records to perform security analysis, track resource changes, audit
compliance, and locate faults. You can view the last 7 days of records via the console
and transfer them to Object Storage Service (OBS) for long-term storage.
• Log Tank Service (LTS) collects and stores logs, allowing you to query them in real
time. It simplifies decision making, helps you perform routine O&M, and improves log
processing efficiency.
• In addition to compute, storage, network, and management cloud services, HUAWEI
CLOUD also provides other common cloud services.
• How can the high concurrency be maintained for the database even when the number
of connected users increases?
• How can a relatively high resource utilization rate be ensured for the web servers?
▫ A
• This section analyzes the major problems and challenges in the off-cloud IT O&M,
disaster recovery (DR), and security scenarios.
• Off-cloud IT O&M includes the following aspects:
▫ Equipment rooms, such as diesel generators, UPS, air conditioners, cabinets, and
cabling
▫ Platform software, such as private clouds, virtualized platforms, and O&M and
management platforms
▫ Service systems
• IT O&M off the cloud involves many layers. Each layer requires professional personnel
and specific monitoring tools and software.
▫ The maintenance and upgrade are complex, which may cause service faults due
to misoperations.
▫ The O&M team and R&D team may not make clear definition on their
responsibilities, affecting services.
▫ Network layer: uses external F5 load balancer and global DNS intelligent
resolution to implement network DR, for example, network communication
between data centers.
▫ Storage device layer: replicates data in batches across regions at the storage
layer.
• Challenges come from high costs on multiple sets of commercial devices and software,
especially the costs on bare optical fibers between data centers, and from the long
construction period.
• The disaster recovery data center solution (geo-redundant mode) involves many
factors, such as how to select remote equipment rooms and how to establish private
lines or VPNs. A complete DR solution requires the support of related tools and regular
DR practice.
• Challenges:
▫ The initial investment cost of the DR center is as high as the construction cost of
the production center, and return on investment (ROI) cannot be seen in a short
period.
• Regular evaluation requires the support of devices, software, and security regulations
in terms of network security, host security, and audit logs.
• Internal threats include unauthorized operations, data leakage, and internal ARP
attacks.
• External threats include DDoS attacks, SQL injection, web page tampering attacks, and
Hypervisor vulnerability attacks.
• Challenges facing off-cloud scenarios:
▫ Complex O&M: high O&M costs, complex O&M process, slow service rollout,
difficult O&M engineer recruit, and difficult O&M fault locating
▫ Difficult disaster recovery: The construction period of the DR data center is long,
requiring high investment in professional devices, software, and networks.
▫ Security risks: A large number of software and hardware devices are required to
resolve internal and external threats, leading to high costs. Furthermore,
professional and certificated engineers are needed to maintain the security
system.
• The HUAWEI CLOUD architecture consists of the following six modules:
▫ Tenants can log in to the official website through the portal and manage orders,
accounts, and services in the user center. They can also create, use, and delete
cloud service resources on the console. Third-party applications can also use
cloud service APIs to schedule and reprogram resources.
• Cloud services
▫ Services include basic cloud services and management cloud services. These
services correspond to the products on the console.
• Cloud platform
▫ The cloud platform carries many system resources, including compute, storage,
and network resources. The virtualization layer converts resources into virtual
pools, enabling easy and dynamic resource scheduling.
▫ BSS can be provided by the customer and integrated with components in the
Huawei public cloud solution.
• OSS (operations support system)
▫ This system monitors the cloud services, and manages alarms generated for
physical and virtual resources and running software. OSS is mainly used to
manage assets and to manage infrastructure incidents, faults, and changes.
▫ OSS can be integrated with the customer's work order and event management
systems to implement automatic, standard, and process-based O&M.
• Cloud security
▫ The public cloud is a security model with shared responsibilities. Cloud service
providers and tenants need to assume their own security responsibilities, which
are clearly defined in contracts. Huawei provides technical support for carriers.
• From the perspective of tenant delivery, the public cloud is divided into four layers in
the top-down model. Globally unique services are deployed on the global layer. Region
resource management services are deployed on the region layer. Pod resource
management services are deployed on the pod layer. On the cluster layer, the smallest
layer, there are many computing and storage clusters made up by computing and
storage nodes respectively.
▫ Region: allows customers to select the nearest cloud data center with low latency
to tackle the problem of long latency in long-distance data transmission.
▫ AZ: physically isolated resource zones. Each AZ has independent cooling, fire
extinguishing, moisture-proof, and electricity facilities. In AZs, faults are isolated
physically.
▫ Virtual private cloud (VPC): used to isolate a customer network from other
networks.
▫ DC: a concept related to physical location. A DC can bear one or more sites. A DC
can contain one or more layer-2 networks.
▫ Pod: a resource pool made up by virtualized software. For the administrator, it is
a cloud platform software instance.
▫ Cluster: a pool of resources that have the same characteristics such as the same
CPU overcommitment rate.
▫ DC has no "room" concept. If two physical rooms are directly connected through
a high-speed intranet, they are considered as one DC. Otherwise, multiple DCs
exist.
• KVM is short for Kernel-based virtual machine. It was originally an open-source project
developed by Qumranet. In 2008, Qumranet was acquired by Red Hat. However, KVM
is still an open-source project supported by Red Hat and IBM.
• Server virtualization or VMs have the following four characteristics:
• Resource zone
▫ The virtual machine monitor (VMM) allocates server resources to multiple VMs.
Each VM runs its own OS (same as or different from the OSs running on other
VMs on the same server) and behaves like an independent computer so that
multiple applications can coexist on one server. Each OS gains access only to its
own virtual hardware such as the virtual NICs, virtual CPUs, and virtual memories
provided by the VMM.
• Isolation: VMs that run on the same server are isolated from each other.
▫ If one VM is infected with worms or viruses, the worms and viruses are isolated
from other VMs as if each VM runs on an independent physical machine.
▫ Multiple loads, applications, or OSs can run concurrently on one physical server,
preventing issues such as application conflicts or DLL conflicts that may occur on
x86 servers.
• Encapsulation
• Hardware independence
▫ VMs run on the virtualization layer and use only virtual hardware provided by the
virtualization layer without being aware of the physical server. In this way, VMs
can run on any x86 server (IBM, Dell, HP and more) without modification. This
breaks the constraints between OSs and hardware and between applications and
OSs/hardware.
• HUAWEI CLOUD storage resource pool contains distributed storage FusionStorage and
enterprise-level storage OceanStor.
▫ FusionStorage provides block storage, file storage, and object storage. By default,
tenants use the distributed storage resource pool provided by FusionStorage.
▫ Technology and continuous R&D, global resource deployment and nearby service,
security, customer-suited deployment, on-premises resources, local services,
cloud-and-network synergy, openness & no customer lock-in, and rich ecosystem.
• Cloud architecture design principles include the design of migrating enterprise
applications in the cloud, security design principles, availability design principles,
performance design principles, scalability design principles, and cost design principles.
• Enterprise IT architecture design not only focuses on a certain system capability, but
also requires an evolutionary, sustainable, and innovative platform for enterprises.
Continuous service changes will become a new normal. Both traditional IT
requirements (stability, compliance, and reliability) and innovative IT requirements
(agility, trial-and-error, and fast iteration) need to be met.
• Security: Evaluates system security to protect information, systems, and assets while
providing service values, such as network security, data security, host security, and
application security.
• Scalability: The system can be expanded based on the number of users or service
volume, for example, horizontal scalability and vertical scalability.
• The utilization of public clouds is increasing rapidly. Therefore, more sensitive content
will inevitably be put into potential risks. To help enterprises understand cloud security
issues and make wise decisions on cloud policies, the Cloud Security Alliance (CSA)
released 12 top cloud security threats.
• On one hand, the existing security capabilities of the public cloud are used. The public
cloud platform has an end-to-end security technology system, including host security,
data security, firewall, advanced anti-DDoS (AAD), and situational awareness, as well
as complete security management processes and specifications. Also, a large security
expert team is available to ensure the security of the cloud platform at any time.
Therefore, the public cloud can better protect information security than the internal IT
teams of most enterprises.
• On the other hand, enterprises need to ensure service continuity, manage and control
the entire O&M process, and ensure data confidentiality without expanding key
security requirements.
• The security system design principles should focus on data protection and adopt the
policy of access control, permission control, and security control. In protection
solutions, network security, host security, application security, and data security should
be considered. Specifically,
▫ Network security: For example, the advanced anti-DDoS (AAD) service is used to
defend against heavy-traffic DDoS attacks for users such as gaming, finance, and
e-commerce users. It provides protection against mass attacks, and supports
accurate attack defense, and fast and reliable access.
▫ Host security: Host security service (HSS) associates plug-ins installed on hosts
with the cloud protection center to defend against attacks from the network
layer, system layer, and application layer, ensuring security for customers. HSS
provides comprehensive protection at the network, system, and application
layers, and has the advantage of precise defense.
▫ The key management service can prevent key data leakage and manage keys
throughout the lifecycle, reducing costs.
• This slide is a schematic diagram. It provides eight basic protection solutions that need
to be considered for the security architecture design. Numbers 1 to 8 in the figure
represent basic protection solutions. For details about each basic protection solution,
see the description in the following slides.
• Eight Basic Protection Solutions for HUAWEI CLOUD Security Architecture Design
▪ Minimize the use of public IP addresses: 1) Use ELB as the service ingress.
2) Use NAT gateway for proactive Internet access. 3) Bind the elastic IP
address (EIP) only to cloud bastion hosts (CBHs).
▪ Use the three core protections (anti-DDoS, WAF, and HSS): 1) Use the
cloud-based anti-DDoS and WAF solutions to protect core services. 2)
Deploy HSS for VMs.
▪ With the industrialization of DDoS attacks, the attack cost and threshold
are lowered. Due to competition, DDoS attacks have become the most
common attacks. Huawei's new AAD can defend against common reflection
attacks and SYN large packet attacks (about 80% of the attacks) for free,
and can be deployed at the Internet egresses and ingresses.
▫ WAF
▫ A host is the main target of an attacker. If attackers break through the host, they
can do whatever they want. Attackers usually make use of system vulnerabilities,
brute force cracking, and insecure configurations to attack hosts and install
malicious programs to perform malicious operations, such as mining and Trojan
horses. HSS provides asset management, vulnerability management, intrusion
detection, baseline inspection, and web tamper protection (WTP) functions.
• DBSS
• Direct Connect/VPN
▫ Direct Connect or VPN ensures channel security. The specific service is determined
based on the actual service scenario.
• CBH
▫ O&M personnel have excessive permissions, which may cause risky operations.
Multiple users use the same account to perform operations on the host, which
makes it difficult to audit, backtrack, and locate security events. CBH has four
main service values: asset management, data protection, O&M audit, and security
compliance. CBH centrally manages and controls all O&M operations, and
performs security audit, source tracing, and events evidence collection.
• HA concept
▫ An HA system is the effective way to prevent the core computer system from
shutdown due to failures.
▫ HA technologies can automatically detect the errors and failures of server nodes
and service processes, and then automatically reconfigure the system to allow
other nodes in the cluster to take over services in case of system errors and
failures, without interrupting services.
• Disaster
• DR
▫ Intra-city HA/DR solution: used for the HA design in the intra-city DR center and
dual-AZ scenarios, including the active-active DC solution and active-passive DR
solution.
• System availability
▫ HA services
▪ Auto scaling: The Auto Scaling (AS) service can be leveraged to adjust
computing resources to deal with service pressure changes.
▫ CSHA (network access layer)
▪ ELB: Multiple ECS instances run at the ELB backend to ensure system
availability and scalability. Health check is enabled. ELB is a potential fault
point in the system and needs to be monitored in Cloud Eye.
▪ NAT gateway: If a large number of ECSs need to access the Internet, you
are advised to use the SNAT function to prevent too many ECSs from being
exposed to the Internet.
▪ CSHA (ECS)
− Data backup: (1) Data disk backup. You can perform consistent data
backup (Cloud Server Backup Service, CSBS) for multiple Elastic
Volume Service (EVS) disks of an ECS, or create snapshots or backups
(Volume Back Service, VBS) for a single EVS disk. 2) System disk
backup: Use IMS to create a private image for the ECS or use VBS to
back up the system disk.
• O&M availability
▫ Periodically verify the data backup and recovery reliability and emergency
practice scheme.
▫ Service nodes are deployed in clusters. A single ECS node fault does not affect
services. You can configure anti-affinity groups to achieve host-or cabinet-level
reliability.
▫ Databases are deployed in clusters. A single instance fault does not affect
services.
▫ OBS has multiple copies at the bottom layer. A single node fault does not affect
services.
▫ If customer servers carry the following types of services, you are advised to
enable the value-added services of ECS (CSBS, Cloud Eye, and HSS):
▪ Cloud servers that carry key services: These servers directly affect enterprise
operations and production and have low tolerance for service interruption.
▪ Cloud servers that store key enterprise data: Hard disk data contains key
operations data of enterprises and has high security requirements.
▫ Load balancing and mutual backup between two AZs in cross-AZ active-active
system.
• Service module
▫ For services that can be deployed in a cluster, resources are deployed in two AZs,
and load balancing is implemented between the two AZs through ELB.
• ECS HA
▫ The client switches traffic across regions through DNS. The client is unaware of
the switchover between AZs.
• For details about the key points of HA design in the production environment, see the
key points of single-AZ + dual-AZ design.
• The core of disaster recovery is to provide disaster recovery solutions for the access
layer, application layer, and data layer.
▫ Access layer
▫ Application layer
▫ Service data DR
▪ RDS data can be backed up across regions using DRS or using OBS remote
replication.
• Network resources: The public cloud infrastructure is located outside the enterprise
data center. Therefore, the public cloud must use the WAN, which causes bandwidth
and latency problems. Multiple peer-to-peer networks, encrypted offloading, and
compression are factors that must be considered during the design.
• Storage resources: read and write performance of storage products with different
performance characteristics; disk I/O of unmeasurable elastic block storage.
• The cloud infrastructure may have unpredictable performance. Load changes may
affect available CPU, network, and disk I/O resources. As a result, the performance of
applications that work at the same time is unpredictable.
▫ In this way, the performance problem is not solved. Therefore, the performance
problem needs to be considered globally.
• Solution selection
▫ Methods are continuously iterative and optimized and the data-driven method is
also used to optimize the selection of resource types and configuration options.
• Performance measurement
• Solution balancing
▫ Ensure that the best approach is adopted. Balance consistency, durability, and
space with time or latency, depending on your needs, to provide higher
performance.
• Compute
▫ Instances
▫ Virtual server instances have different series and sizes. They provide a variety of
functions, including solid-state drives (SSDs) and graphics processing units
(GPUs). When an ECS instance starts, the specified instance type determines the
hardware of the host used for the instance.
▫ Containers
▫ By using auto scaling, you can define metric-based auto scaling for services so
that the number of containers that support services increases as service
requirements increase.
▫ Function
▫ The required memory size is selected. Then, the CPU power and other resources
are allocated proportionally.
▫ Block
▫ Data is accessed by only one instance; therefore, block storage should be used.
SSD backup storage (the performance depends on IOPS) and HDD backup
storage for throughput-intensive workloads (such as MapReduce and log
processing)
▫ Files
▫ Objects
• Network
▫ Enhanced network
▫ Higher I/O performance and lower CPU usage than those of traditional virtual
network interfaces are provided. Enhanced networks provide higher bandwidth,
higher packet per second (PPS), and continuously reduced inter-instance latency.
▫ Network functions
• Horizontal scaling refers to the feature of connecting multiple software and hardware.
In this way, multiple servers can be logically considered as an entity. When the system
is expanded by adding new nodes with the same functions, the system can be
horizontally expanded to redistribute loads among all nodes. The system and servers
are scaled out by adding more servers to the load balancing network so that incoming
requests can be distributed among all of these networks.
• Latency and throughput are a pair of metrics to measure scalability. We hope to obtain
a system architecture with low latency and high throughput. Low latency is the system
response time that users can perceive. For example, a web page can be opened within
several seconds, the shorter the open time, the lower the latency. The throughput
indicates the number of concurrent users who can enjoy the low latency. If there are a
large number of concurrent users, users feel that the web page is opened slowly, this
means that the throughput of the system architecture needs to be improved.
• Cost Optimization Design:
▪ For example, for ECS resources, you need to consider the instance type,
purchase mode, and instance specifications.
▪ For EVS resources, consider the instance type, purchase mode, and instance
specifications.
▫ EVS type optimization: HUAWEI CLOUD provides three types of EVS disks. Ultra-
high I/O EVS disks are used for high-performance computing and data
warehouse scenarios, high I/O EVS disks are used for enterprise applications and
large- and medium-sized development and test scenarios, and general I/O EVS
disks are used for office applications. If you are operating on an e-commerce
website or enterprise website, you are advised to select the high I/O type instead
of the ultra-high I/O type. In this way, the cost of EVS disks with the same
capacity can be reduced by 65%.
▫ EVS capacity optimization: Based on EVS auto scaling, you need to purchase the
capacity based on the predicted capacity of the current month. When the usage
reaches 80% or higher, you can expand the capacity in real time to ensure that
the usage remains about 80%. Compared with the expenditure on the predicted
maximum capacity of the whole year (the usage is less than 50%), your
expenditure on EVS will be reduced by 20% to 30%. In addition, you need to
periodically check your account and delete independent and useless EVS disks
(created when the ECS is created and not deleted when the ECS is deleted) to
further reduce costs.
▫ Change the purchase mode: If your service has been running on HUAWEI CLOUD
for a period of time and you have subscribed to EVS disks for a long time, you
are advised to change the purchase mode from pay-per-use or monthly to yearly.
In this way, the cost of EVS disks with the same capacity will be reduced by at
least 17%. In addition, migrating rarely used non-key data or archived data to
OBS greatly reduces your costs.
▪ For OBS resources, you need to consider different object storage classes
and instance types.
▫ Infrequent access storage is applicable to scenarios where files are not frequently
accessed, such as file synchronization and enterprise backup.
▫ Archive is applicable to archiving data and backing up data for a long time.
▫ You can select a proper object storage class based on your service requirements,
which greatly reduces your costs. You are advised to use OBS infrequent access to
back up enterprise data and OBS archive to migrate long-term backup data.
Compared with OBS standard, OBS infrequent access saves 45% of costs, and
OBS archive saves 78%. Change the purchase mode: For standard storage,
Huawei provides storage capacity packages with various capacity specifications
and different periods. For data that has been uploaded to standard storage and
will be used for a long time, you can purchase a yearly capacity package based
on the existing data capacity. Compared with the pay-per-use mode, the yearly
capacity package will save you 25% of the cost.
▪ For bandwidth costs, you need to consider the object storage class and
instance type.
▫ Select static BGP bandwidth and dynamic BGP bandwidth properly to reduce
bandwidth costs. The bandwidth cost may account for 30% of the public cloud
cost. Therefore, pay special attention to the bandwidth cost when configuring
cloud services. HUAWEI CLOUD provides static BGP bandwidth and dynamic BGP
bandwidth. In most cases, static BGP bandwidth is selected. If financial or game
customers have ultimate bandwidth requirements, dynamic BGP bandwidth can
be selected. The price of static BGP bandwidth is 20% lower than that of dynamic
BGP bandwidth.
▫ Properly use CDN to reduce public network bandwidth usage and TCO. If you are
providing static content, such as images, videos, and file downloads, for Internet
users through ECS or OBS, you can use CDN to reduce traffic costs.
▫ Continuous cost optimization: Optimize the cost based on the system utilization
rate over time.
• Answer: 1. ABCD
• HUAWEI CLOUD compute products are classified as 7 categories and 34 sub-
categories. Each category contains the traditional x86 architecture series and Huawei-
proprietary Kunpeng architecture series. This slide describes the seven categories.
▫ The first category is general computing ECSs, which are most widely used. They
provide general vCPU and memory resources and can be used for official
enterprise websites, office environments, lightweight databases, and cache
servers. This type of ECSs are classified as general computing and general
computing-plus ECSs. The core difference between the two types of ECSs is
whether vCPUs are exclusively used. The vCPUs of general computing ECSs are
shared. Therefore, they are cheap but the performance and stability may be not
so good. The vCPUs of general computing-plus ECSs are dedicated. Therefore,
their prices are relatively higher.
▫ The second category is memory-optimized. The ECSs of this type feature large
memory. The vCPU/memory ratio of memory-optimized ECSs is at least 1:8,
allowing such ECSs to be used for applications requiring large memory, such as
high-performance databases, in-memory databases, and big data analysis and
mining.
▫ The third category is disk-intensive. The ECSs of this type use local storage
featuring high storage performance because local I/O does not require network
protocols and low storage cost because local storage does not require three
copies of data. However, disk-intensive ECSs do not support migration between
physical servers or specifications modification. Disk-intensive ECSs are suitable for
the applications with strict requirements on storage and with reliability assured,
such as MapReduce and Hadoop distributed computing and intensive data
processing.
▫ The sixth is BMS, a whole physical server for you. BMSs are suitable for core
databases, high-performance computing, big data, AI, and container.
▫ The last category is Cloud Phone, offering in-cloud phones for you. You can use
Cloud Phone to run Arm-native applications.
• In this section, we will introduce ECS, DeH, BMS, and heterogeneous computing.
• ECS provides secure, scalable, on-demand computing resources, enabling you to
flexibly deploy applications and workloads.
▫ Easy-to-use: Unified management console, APIs, and SDKs for simplified O&M
▫ Abundant ECS types: Various ECS types, including general computing, high-
performance computing, memory-optimized, disk-intensive, and computing-
accelerated
▫ Differentiated EVS disks: Common I/O, high I/O, ultra-high I/O disks, local SAS
disks, and NVMe SSDs
• This figure shows the application scenario of ECSs. For more details, see the HUAWEI
CLOUD compute product panorama.
• Features
▫ Easy-to-use: Unified management console, APIs, and SDKs for simplified O&M
▫ Abundant ECS types: Various ECS types, including general computing, high-
performance computing, memory-optimized, disk-intensive, and computing-
accelerated
▫ Differentiated EVS disks: Common I/O, high I/O, and ultra-high I/O disks, local
SAS disks, and NVMe SSDs
• Typical general computing ECSs are C6 ECSs.
• Featuring the optimal performance, they are the best choice for heavy-workload
applications.
• C6 ECSs use latest-generation Intel® Xeon® Cascade Lake CPUs and Huawei-proprietary
high-performance intelligent NICs to offer industry-leading performance for
enterprise-level applications with high requirements on service stability and compute
performance. Compared with the previous-generation C3 ECSs, C6 ECSs reduce the
price by up to 5% on the basis of higher performance.
▫ Industry-leading performance
▫ Compute: The 3.0 GHz of base frequency and 2,933 MHz of memory rank first in
the industry, enabling better stability and compute performance for heavy
workload.
▫ Network: The 10 million PPS performance is 70% higher than the instances with
the same specification in the industry. The 40 Gbit/s intranet bandwidth is 60%
higher than the instances with the same specification in the industry.
▫ Storage: Ultra-high I/O EVS disks with up to 33,000 IOPS and 350 MB/s
throughput meet service requirements on faster I/O and larger storage
bandwidth.
▫ Cost-effective
▫ Compared with C3 ECSs, C6 ECSs provide higher performance but with prices
reduced by up to 5%.
• ECS Overview
• KC1 ECSs have the advantages of powerful performance of C series ECSs and high
cost-effectiveness of S series ECSs. The KC1 ECSs deliver the same performance as
other similar instances but at a cost that is 20% less. They are suitable for industries
such as the Internet. Additionally, KC1 ECSs support full-stack Huawei proprietary
applications that comply with the strict information security demands of government,
enterprise, and finance applications.
▫ Compatible with 20+ mainstream OSs, such as CentOS 7.4/7.5/7.6, Ubuntu server
18.04, SLES12SP4/15, EulerOS 2.8, and NeoKylin neokylin-server 7, as well as
100+ applications for continuous ecosystem development.
• General computing S6 ECSs provide sharable resources.
• Featuring cost-effectiveness, S6 ECSs are the best choice for SMEs to migrate their
services to the cloud.
• S6 ECSs use latest-generation Intel® Xeon® Cascade Lake CPUs and Huawei-proprietary
high-performance intelligent NICs to deliver powerful computing and network
performance as well as high network bandwidth and PPS performance. Compared with
the previous-generation S3 ECSs, S6 ECSs offer better performance but having the
price remain unchanged. S6 ECSs are suitable for enterprise-level applications that
require moderate computing and stability performance.
▫ Upgraded performance
• ECS Overview
• These ECSs with local SAS disks provide high storage IOPS and I/O bandwidth.
• These ECSs are suitable for massively parallel processing (MPP) data warehouse,
MapReduce and Hadoop distributed computing, distributed file systems, network file
systems, log or data processing applications.
• High-performance computing H3 ECSs
• These ECSs use latest-generation Intel® Xeon Skylake high base-frequency CPUs
(3.0/3.4 GHz) and Huawei-proprietary NICs to offer high-performance, stable
computing.
• H3 ECSs are suitable for high-performance frontend clusters, web servers, high-
performance science and engineering applications, advertisements, MMO games, video
coding, and distributed analysis.
• In this section, we will introduce ECS, DeH, BMS, and heterogeneous computing.
• A DeH provides host resources for your exclusive use. ECSs of other users cannot be
deployed on your DeH or occupy any of your host resources. Visible resource usage on
DeHs facilitates the flexible deployment and independent management of your ECSs.
Moreover, Bring-Your-Own-License is supported, greatly reducing the costs.
• A single user can exclusively use the computing resources on a DeH while multiple
users share the computing resources on a common host.
• DeH has the following advantages:
▫ A DeH provides host resources for your exclusive use. ECSs of other users cannot
be deployed on your DeH or occupy any of your host resources.
▫ You can flexibly and reliably deploy ECSs on DeHs, quickly adapting to diverse
service scenarios.
• Security compliance:
▫ Computing resources are physically isolated by host, bringing higher security and
meeting special compliance requirements of enterprises.
• Lower cost:
▫ DeHs allow you to use your existing socket, CPU, and VM software license,
thereby lowering cost.
• DeH core application scenarios are as follows:
• Resource isolation: In some scenarios, such as web applications and government and
enterprise platforms, customers have strict requirements for the resource isolation and
the stability of compute performance. They do not want to share physical hosts with
others. DeH is an optimal choice to meet customers' requirements.
• The high-performance and reliable DeHs where resources are physically isolated and
independently managed meet customers' special compliance requirements. Together
with the reliable storage backup and network capabilities, DeHs promise the stable
and reliable migration of customers' services to the cloud.
• Highlights
▫ Reduced costs: DeH allows users to use the existing socket, CPU, and VM
software license, thereby lowering cost.
▫ Robust performance: shared ultra-high I/O disk with IOPS of single disk reaching
over 30,000
▫ High reliability: Ultra-high-performance disks provide three data copies with data
durability up to 99.9999999%. OBS supports cross-AZ storage and achieves up to
99.999999999% (11 nines) in data durability.
• In this section, we will introduce ECS, DeH, BMS, and heterogeneous computing.
• What Is a Bare Metal Server?
• What Is the Core Difference Between Bare Metal Servers and Physical Servers?
▫ BMSs can be quickly provisioned, and are supported by public cloud storage,
network, security, and backup services. You are only charged for what you use on
a yearly or monthly basis.
• What Is the Core Difference Between Bare Metal Servers and Servers Hosted in IDC?
• BMSs are derived from hosted servers. They look similar because both BMSs and
hosted servers are physical servers. Well, what is the difference between these two
kinds of servers and what are the advantages of BMSs?
• In short, BMS provides servers, server management, server O&M, public cloud service
integration, global presence, and hardware customization.
• BMSs can be applied to the scenarios such as databases, big data, containers,
virtualization, HPC, AI, and cloud phone.
• The reasons why these scenarios are taken as the key application scenarios for BMSs
are as follows:
• HUAWEI CLOUD is trying to dig out more advantages of BMS in more specific
scenarios, for example, the accumulated experience and advantages in the industry,
consistent cloud platform and service capabilities, and continuous scenario-oriented
solution innovation.
• By leveraging the hardware advantages of Huawei and its deep understanding and
insights of services, BMSs provide full-stack instances for various scenarios, such as
traditional and Internet enterprises, heavy-load core services and cost-sensitive
innovation services, as well as compute-intensive, storage-intensive, and network-
intensive services.
• BMSs and InfiniBand (IB) are adopted for the high-performance computing scenario.
▫ For heavy-load services, such as CAE and fluid dynamics, enterprises require high-
performance computing infrastructure based on raw bare metal servers to avoid
loss brought by virtualization and improve single-node performance.
▫ First, BMS deployment mode and supported hybrid networking with ECSs can
satisfy different scenarios.
▫ Third, 100 Gbit/s InfiniBand network is used with a latency less than 2 μs.
▫ Forth, Lustre parallel file system is supported and the bandwidth reaches 100
GB/s.
• Product advantages: high performance, security, and low latency
▫ 100 Gbit/s InfiniBand network, exclusively used by Huawei, with a latency less
than 2 μs
▫ Lustre parallel file system supported, the bandwidth reaching 100 GB/s
• In this section, we will introduce ECS, DeH, BMS, and heterogeneous computing.
• This slide describes the instance family of heterogeneous computing. As shown in the
figures, heterogeneous computing instances are classified into three types: GPU-
accelerated ECSs, AI-accelerated ECSs, and FPGA ECSs.
• An extensive suite of IP cores will be released for Kunpeng Ascend 310, Kunpeng
Ascend 910, and Xilinx VU9P x 8 early 2020.
• A Tesla T4 GPU has 2560 CUDA cores and integrates 320 Tensor cores. Its hybrid-
precision INT8 compute is 130 TOPS.
• High-performance network
▫ P2v ECSs are not billed after being stopped, more cost-effective
• High-performance network
• During the open beta test (OBT), the cost-effectiveness is improved more than twice
for PoC customers in multiple scenarios.
• GPUs provide extensive matrix multiplication resources, and also can increase AI
algorithms by 300 times, as shown in the right figure. In other words, CPUs take two
weeks to train a model while GPUs only take one hour to complete it.
• Big data requires AI training to provide predictive analysis capabilities.
• Public cloud advantages: The public cloud efficiently combines big data services and AI
training. This greatly reduces operation costs and improving efficiency.
• As the basis of big data, cloud computing greatly reduces IT hardware costs of
enterprises. Therefore, more than 50% of IT budgets is input into big data and IA
applications. AI originally could help enterprises to make decisions, but now can make
decisions automatically. Big data vendors break the tool software ceiling and expand
the development space by 10 times.
• The rendering industry is a traditional GPU service. There are a large number of
rendering requirements for 3D animations and series. In 2017, 40 Chinese animated
movies were produced, and the total length of animation series reached 83,500
minutes.
• For special effects of movies and advertisements, the market potential revenue is up to
¥5 billion CNY.
• In addition, there is also great demand for displaying buildings and households.
• GPUs dominate the industry due to their powerful graphics processing capabilities and
rich computing units.
▫ A single offline rendering task takes dozens of hours. An overloaded cluster leads
to great delay fluctuations for tasks.
• Application scenarios:
• GPU Rendering
▫ The technical maturity and market maturity of renderers that support GPU
acceleration differ greatly.
▫ Rendering process and design are coupled, that is why renderers are determined
at the beginning of animation design.
• 1. Answer:
▫ A
• 2. Answer:
▫ AB
• In the fields of virtual block storage and cross-AZ DR, HUAWEI CLOUD provides the
following services: Elastic Volume Service (EVS), Dedicated Distributed Storage Service
(DSS), Cloud Backup and Recovery (CBR), and Storage Disaster Recovery Service
(SDRS).
• For object storage, HUAWEI CLOUD provides Object Storage Service (OBS) to store
unstructured data, including documents, images, audios, videos, and others.
• In addition, HUAWEI CLOUD provides Scalable File Service (SFS) and SFS Turbo for file
storage and sharing.
• Elastic Volume Service (EVS) is a virtual block storage service based on the distributed
architecture and can scale flexibly.
• Dedicated Distributed Storage Service (DSS) is built based on distributed block storage
and provides exclusive physical storage resources.
• Cloud Backup and Recovery (CBR) backs up ECSs and EVS disks and ensures data
security.
• Storage Disaster Recovery Service (SDRS) provides cross-AZ DR services with zero RPO
based on synchronous data replication.
• Data Express Service (DES) uses physical storage media (for example, external hard
disks) to transmit data to the cloud.
• Object Storage Service (OBS) is a cloud storage service that stores unstructured data
such as documents, images, and videos.
• Scalable File Service (SFS) provides a fully hosted, shared file storage for Elastic Cloud
Servers (ECSs). It also provides an enhanced edition, SFS Turbo.
• HUAWEI CLOUD provides three types of storage services. The first is block storage,
with EVS as the representative service. EVS supports SCSI protocol for hard drive read
and write, suitable for high-performance applications.
• The second is file storage represented by SFS (including SFS Turbo), which provide
NFS, CIFS, and POSIX interfaces. SFS provides file system functions that allow users to
open, change, save, delete, and share files within LANs.
• The other is object storage represented by OBS, which supports REST APIs over HTTP
and HTTPS. It enables users to manage objects by uploading, downloading, query, and
deletion, suitable for internet storage.
• Rich specifications: EVS provides disks of different I/O types to meet users'
requirements in different service scenarios.
• Elastic scalability: Disks support online capacity expansion. One disk can be expanded
up to 32 TB with a minimum increment of 1 GB at a time.
• Security and reliability: Both system disks and data disks support data encryption. EVS
also provides backup, snapshot, and multi-copy data redundancy to ensure HA of data.
• Real-time monitoring: EVS supports real-time monitoring of the disk health and
running statuses through Cloud Eye.
• Data sharing: Shared disks support concurrent read/write from multiple servers,
suitable for mission-critical clusters or business scenarios that require HA capabilities.
• Distributed storage, especially all-flash distributed storage, will be the future public
cloud storage architecture that can handle massive and real-time data deluge.
• Ultra-high I/O SSDs are often used for large OLTP databases, NoSQL databases,
stream processing, and log processing, requiring ultra-high performance, ultra-low
latency within 100 μs, and high availability.
• Host cluster applications: Support host cluster applications such as WSFC, RHCS, VCS,
and HACS, meeting requirements for high availability, load balancing, scalability, and
cost effectiveness.
• Cluster file systems: Support distributed file sharing, such as Lustre and GPFS cluster
file systems, meeting HPC requirements.
• Support by manually adding distributed file systems. Problem: poor performance and
unguaranteed SLA.
• Key technologies
▫ Multiple SCSI locks: Support persistent and non-persistent SCSI reserved locks.
• EVS disk encryption: EVS disks are attached to cloud hosts as system disks or data
disks. Users can create keys on KMS to encrypt data on EVS disks, thereby ensuring
data security of VMs.
• VBS disk backup encryption: If you create a backup for an encrypted disk, the backup is
encrypted by default, which ensures data security of the disk backup in OBS.
• IMS image encryption: If you create an image for an ECS with an encrypted disk as its
system disk, the image is encrypted by default, which ensures data security of the
image files in OBS.
• Product highlights
▫ Self-service encryption: Tenants fully control keys through KMS. KMS uses the
third-party hardware security module (HSM) that has passed the national
encryption office and FIPS 140-2 level 3 SafeNet certification to generate and
protect keys.
▫ Ease of use: Encrypted disks can be created with only a few clicks, and users do
not need to build or maintain the key management infrastructure.
• Online service expansion: You can expand the capacity of an EVS disk at any time
without shutting down the VM, ensuring service continuity. For example, in the finance
and e-commerce industries, services can be upgraded and expanded without service
interruption, meeting the requirements for high service continuity.
• Scale-up process:
▫ You can submit a request for scale-up on EVS Console. The request will be passed
to KV Pool through Driver and the block client. Then underlying disk capacity will
be expanded.
▫ You only need to complete partitioning and creating file systems in the operating
system.
• Specifications:
• Periodic data backup with a short period: Many services, such as e-commerce and
games, require periodic (hour-level) data backup. Conventional backup requires service
interruption and a long period of time. In addition, backup data occupies a large
amount of space and is costly. The snapshot function can solve these problems.
• Wide application of service data: Disks created by snapshots can serve multiple services
at the same time, for example, data mining, report query, development, and testing. In
this way, source data is protected, and backup data is used for new purposes, meeting
enterprises' requirements for multi-purpose use of service data.
• Key technologies
▫ Snapshot and recovery within seconds: The snapshot implementation uses the
index-based redirect-on-write (ROW) mechanism. Data replication is not involved
in the snapshot creation and snapshot recovery.
• Specifications:
▫ A maximum of 128 snapshots can be created for a volume (under open beta test,
7 are openly available).
▫ Reliability: Provides multiple data copies to ensure data security and reliability.
The data durability reaches 99.99999%.
▫ Flexibility: The system can be connected to ECS and BMS services in a non-
dedicated cloud, or connected to the DeC service. Users can flexibly configure
DeC storage resources.
▫ Ease of use: You can manage resources on the dedicated cloud easily, without
building a large professional O&M team.
▫ CBR incorporates the functions of CSBS and VBS. More new features will be
launched on CBR instead of on CSBS or VBS.
▫ After CBR goes online, CSBS and VBS in the service catalog on the HUAWEI
CLOUD are switched to CBR.
▫ Current CSBS and VBS users can use CBR, CSBS, and VBS at the same time.
Alternatively, users can migrate the existing backup policies and data from CSBS
and VBS to CBR with a few clicks. The migrated backup data is billed based on
CBR's billing mode.
▫ The unit price of CBR's disk backup vaults is ¥0.1/GB-month, which is lower than
that of the VBS backup storage (¥0.12/GB-month). The unit price of CBR's server
backup vaults is ¥0.2/GB-month, which is lower than the total price (¥0.268/GB-
month) of CSBS's backup function fee and backup storage fee.
▫ CSBS and VBS will be unavailable after the first half of 2020.
• Application Scenarios
▫ Hybrid cloud backup: CBR supports synchronizing backups of VMware VMs to the
cloud and restoring such backups in cloud or on premises.
▫ Service migration and batch deployment: Full-ECS backups can be used to create
images, and these images can be used to create ECSs with the same
configuration within minutes. With cross-region replication, ECSs can be
provisioned in different regions, meeting service migration requirements.
• In-cloud backup:
▫ Selling points: Automatic backup that can be configured for ECSs and BMSs, so
data is automatically backed up. Instant recovery: Backups can be used to restore
the original EVS disk or ECS, shortening the recovery time objective (RTO) to
minutes.
▫ Sales scenarios: With HUAWEI CLOUD as the remote DR site, users can
synchronize the backup data in offline VMware VMs to the cloud. In this way, the
backup data can be used for restoration on-premises if there is a misoperation,
software upgrade failure, or virus infection, and also can be used for restoration
in cloud if a regional network fault or natural disaster occurs.
▫ Selling points: The public cloud is used as the DR site, which provides scalable
resources and you can pay as you go, reducing initial investment. VMware VM
backups can be used to Instantly restore ECSs on the cloud, and the recovery
time objective (RTO) to is reduced to minutes.
• Service migration and batch deployment:
▫ Selling points: Users can create a full-ECS image using a backup and use the
image to provision new ECSs. A full-ECS backup can be replicated across regions,
so new ECSs can be provisioned in the target region. Based on the lazyloading
technology, ECSs can be provisioned in batches within minutes using full-ECS
images, shortening the time required for service provisioning.
• Advantages
• SDRS provides DR services for many public cloud services, such as ECS, DSS, and EVS. It
leverages various technologies, including storage replication, data redundancy, and
cache acceleration, to provide users with high data reliability and service continuity.
• SDRS provides a centralized console, through which users can configure and manage
server replication, and perform switchover and failover on the console.
• You can establish a replication relationship between the production site and the DR
site.
• You can replicate servers from an AZ to another AZ, thereby reducing the costs and
complexity of maintaining another data center.
• Applications running on servers can be replicated, and the replication will not have any
impact on the applications.
• For SDRS, recovery time objective (RTO) refers to the period from the time when users
perform a planned failover or failover at the production site to the time when the
servers at the DR site start to run. This period does not include any time for DNS
configuration, security group configuration, or customer script execution, and is within
30 minutes.
• SDRS provides continuous and synchronous replication for servers to ensure zero
recovery point objective (RPO).
• Real-time data synchronization based on storage ensures that data synchronized
across two AZs maintains crash consistency. Specifically, the application data across
AZs may not be consistent but the disk data across the two AZs remains consistent.
• DR drills can be performed without interrupting services and do not affect ongoing
replication.
• You can perform a planned failover for an expected service interruption to prevent
data loss, or perform a failover for unexpected failures to restore services quickly.
• When services are running properly, servers at the DR site are stopped and thereby will
not be billed. This greatly reduces the DR TCO.
• Servers do not need the DR agent plug-in. The service deployment is simple and quick.
• Product highlights
▫ 100+ billion objects, 10+ million concurrent tasks, and unlimited capacity
▪ OBS provides you with the best possible data access experience. It stores
hundreds of billions of objects, processes tens of millions of concurrent
tasks, delivers ultra-high bandwidth, and assures low latency.
▪ OBS has been awarded the Trusted Cloud Services (TRUCS) Certification.
OBS has multiple protection mechanisms to ensure data security, including
versioning, server-side encryption, URL validation, VPC-based network
isolation, access log audit, and fine-grained permission control.
• Enterprise OA scenario (using SFS turbo): sharing documents conveniently
• Software development (using SFS Turbo): online coding, software release, and code
library storage
• DSS provides dedicated block storage resources and features similar to those of EVS.
• SFS Turbo provides dedicated file storage resources and features similar to those of
SFS.
• OBS provides dedicated object storage resources. The underlying storage servers where
a tenant's data is stored are exclusively used by the tenant. In addition, it provides
features similar to those of OBS.
• The three storage services can provide data storage capabilities for HUAWEI CLOUD
computing services.
• Disaster recovery is implemented in an event of a severe natural disaster such as a fire
and an earthquake. Backup is performed in the data center where corrupted business
system data resides to recover the data after a misoperation, virus infection, or logical
error.
• A DR system protects data but more focuses on protecting service continuity. A data
backup system only ensures that data generated at different time points can be
restored. Generally, the system performs a full backup for the first time, which takes a
long period of time. The subsequent backup is incremental and can be completed
within a short period of time.
• The highest DR standard is to implement zero RPO. You can set a maximum of 24
automatic backup policies at different time points in one day to restore data to
different backup points.
• For cross-AZ DR solutions on the cloud, SDRS provides block storage for cross-AZ DR,
and CBR provides cross-AZ backup. Underlying data synchronization technologies are
used to synchronize files across AZs.
• You can create a backup policy to replicate backups to another region regularly.
• To implement cross-region restoration, CBR creates images in the DR region, and then
use the images to provision ECSs to restore services.
• CBR protects data in cloud service systems such as ECS, BMS, and EVS. Users can
customize backup and replication policies to implement automatic backup within a
region and automatic replication across regions. Listed companies and large
enterprises must meet the level-3 graded cybersecurity protection requirements.
Specifically, data loss can be prevented by restoration in scenarios when regional
network faults or natural disasters occur.
▫ Solution advantages:
▪ CBR replicates backups across regions, with the backup interval ≥ 1 hour.
▪ For databases, RDS can implement cross-AZ active/standby DR, while DRS
can back up databases across regions
▫ DR strategy:
▪ If AZ1 in the production site is faulty at application layer, you can use SDRS
to switch services to AZ2 with only a few clicks. In this case, the RPO is 0,
and the RTO is within minutes.
• Solution
▫ The production site and DR site are deployed in two different regions of HUAWEI
CLOUD.
▫ The production center is deployed in dual AZs in the same city. SDRS can be used
to implement cross-AZ active/standby DR with zero RPO at the application layer.
The DR center is deployed in a single AZ.
▫ RDS database instances are deployed in both the production site and DR site. In
the intra-city cross-AZ scenario, RDS database instances are deployed in
active/standby mode. In the cross-region scenario, DRS is used to implement
database replication.
▫ When an AZ at the production site is faulty, services are switched to the other AZ
using SDRS. The active and standby databases are switched over.
▫ When region 1 is faulty, the active and standby databases are switched over, and
the DNS authorization is changed to 0% at the production site and to 100% at
the DR site.
▫ After region 1 is restored, the database service is switched back to the active
database, and DNS is switched back to the active site.
• Background: According to China's Basic Requirements for Graded CyberSecurity
Protection, listed companies, government departments, and financial institutions must
build remote DR systems.
• Huawei solutions:
▫ Download the CBR Proxy image from the CBR console and import the image to
the on-premises IDC VMware environment to deploy it on a VM.
• Data can be migrated to HUAWEI CLOUD through CDN, backup software, CSG, and
DES. For details, see https://support.huaweicloud.com/en-us/bestpractice-
obs/obs_05_0110.html.
▫ Backup software: Supports automatic backup for multiple applications and hosts,
with strong compatibility.
▫ Offline data migration: Supports mass data archiving and on-premises data
migration to the cloud.
• OBS provides three storage classes: Standard, Infrequent Access, and Archive. Users can
configure lifecycle policies to manage data transitions to reduce costs.
• BigData Pro: an innovative big data solution with decoupled compute-storage,
Kunpeng computing, and containers
▫ Scenarios:
▪ OBS supports x86, Kunpeng, GPU, Ascend, and other chips for
heterogeneous computing.
▫ Conventional solution:
▪ The storage resource utilization is less than 33%, because three copies are
written to local disks to ensure data reliability.
▫ BigData Pro:
▫ Computing:
▪ Big data clusters can be deployed on ECSs, BMSs, and containers to meet
various customer requirements for compute instances.
▫ Storage:
▪ Storage and compute are decoupled. OBS, the unified storage data lake,
provides on-demand resources that are scalable and require no O&M. In
addition, it provides ultra-large bandwidth to support on-demand capacity
expansion, meeting the requirements for concurrent access by large-scale
computing clusters of different types. The multi-AZ and cross-region
replication functions ensure 99.9999999999% data reliability.
• The big data container uses distributed cache and Volcano intelligent scheduling (tasks
are delivered based on the network topology and affinity to improve the inter-node
collaboration capability during big data computing), improving the performance by
40%.
• Big data containers use OBS and HDFS to separate computing from storage and can
be deployed with services, improving cluster utilization and reducing costs by 50%.
• The big data container automatically scales in or out based on task requirements and
unifies service scheduling platforms for enterprises, reducing O&M pressure.
• BigData Pro, with higher performance and lower costs, is mainly used for migrating
services from IDCs or other vendors to HUAWEI CLOUD.
▫ Main scenarios: log analysis, satellite image, search crawler, operation report, and
IoV
▫ Customer benefits:
▪ The storage and compute separation solution solves the problem of strong
binding between computing and storage resources. Computing resources
can be elastically scaled on demand, and OBS storage can be used on
demand. Customers are unaware of capacity expansion and reduction,
O&M is not required, and peak load balancing is implemented, greatly
improving resource utilization and reducing waste.
• Main requirements:
• Customer benefits:
▫ Only one copy of data needs to be saved, greatly reducing storage costs.
▫ Video files with UGC or PGC are uploaded to OBS for storage. OBS can be used
as the VOD origin server. You do not need to purchase an ECS to deploy
streaming media services.
▫ OBS and CDN are closely related services. CDN can be used to accelerate video
distribution.
▫ In addition, you can use functions such as media transcoding and the content
moderation service provided by HUAWEI CLOUD EI to process and analyze video
files stored in OBS.
▫ Application scenarios: Support mission-critical databases like Oracle RAC and SAP
HANA
▫ Hybrid networks: Support hybrid networking with ECSs, VPCs, and EIPs
▫ Self-servicing: easy operations to create, delete, start, stop, and restart BMSs
• EVS
▫ Diskless startup: BMS can use an EVS disk as the system disk, improving system
disk durability from 99.9% to 99.9999999%.
▫ Shared EVS disks: an EVS disk can be attached to a maximum of 16 hosts, and
supports cluster application deployment.
▫ A single directory can store only limited number of files, with slow I/O for small
file concurrency.
▫ Multiple tenants share one file system, posing risks to data reliability and
security.
▫ Provides APIs for querying the directory capacity and number of files in the
directory, facilitating management.
▫ Uses Cloud Eye to monitor the performance of metadata and data operations.
▫ Tenants can exclusively use file systems with capabilities supporting data backup
and DR.
• Benefits:
▫ SFS Turbo provides industry-leading storage I/O performance, which is twice that
of similar products, accelerating AI training performance and reducing GPU costs.
▫ ABD
• 2. Answer:
▫ ABCDEF
• This slide focus on the position of each service on the network. The network layers
consist of the cloud-based network access, cloud-based network, and hybrid cloud
network.
▫ You can create a VPC to obtain an isolated private virtual network on the HUAWEI
CLOUD. You have full control over your VPC by creating subnets, customizing IP
address ranges, and configuring route tables and gateways.
• Elastic IP (EIP)
▫ The EIP service provides independent public IP addresses and bandwidth for Internet
access. EIPs can be bound to or unbound from ECSs, BMSs, virtual IP addresses, load
balancers, and NAT gateways.
• NAT Gateway
▫ NAT Gateway provides both SNAT and DNAT for your resources in a VPC and
allows servers in your VPC to access or provide services accessible from the Internet.
▫ DNS provides highly available and scalable authoritative DNS resolution services
along with domain name management. It translates domain names or application
resources into IP addresses required for network connection to route visitors to
desired resources.
• VPC Endpoint (VPCEP)
▫ VPC endpoints provide secure and private channels to connect to VPC endpoint
services (cloud services or users' services), providing the flexibility in networking
without having to use EIPs.
▫ ELB distributes access traffic among multiple ECSs to balance their load, improving
fault tolerance and expanding service capabilities of applications.
• The hybrid cloud network mainly uses the VPN and Direct Connect services. Generally,
the public cloud communicates with the on-premises data center using either of the
two services.
• You can define security groups, virtual private networks (VPNs), IP address ranges, and
bandwidth for a VPC. This facilitates internal network configuration and management
as well as secure and convenient network modification.
• You can also customize the ECS access rules within a security group or between
security groups to improve ECS security.
• Private CIDR block: When creating a VPC, you need to specify the private CIDR block
used by the VPC. The VPC service supports the following CIDR blocks: 10.0.0.0 –
10.255.255.255, 172.16.0.0 – 172.31.255.255, and 192.168.0.0 – 192.168.255.255
• Subnet: Cloud resources, such as ECSs and databases, must be deployed in subnets.
After a VPC is created, you can divide the VPC into one or more subnets. The subnet
CIDR blocks must be within the private CIDR block of the VPC. Route table: When you
create a VPC, the system automatically generates a default route table. The route table
ensures that all subnets in the same VPC can communicate with each other. If the
routes in the default route table cannot meet application requirements (for example,
an ECS without an EIP bound needs to access the Internet), you can create a custom
route table.
• Although the configuration of VPCs is more flexible than the physical network, they
still need network protocols such as TCP/IP. Two servers with the same IP address
cannot communication with each other and modifying the network topology affects
service continuity. Therefore, network planning is required for VPCs.
▫ It is recommended that each VPC has no more than 5000 IP addresses. If the
number of IP addresses exceeds the upper limit, multiple VPCs are required to carry
services.
▫ A VPC is the minimum unit that an account can control network resources.
Resources in a VPC must belong to the same account.
▫ VPCs are isolated from each other by default but can be connected using VPC
peering connections.
▫ Subnets in a VPC can communicate with each other by default, but can be isolated
by access control rules.
• For example, a user wants to set up a website without interworking with other
networks.
▫ All servers are deployed in one VPC for higher service connectivity.
▫ The service subnet is divided into the web, application, and database zones, which
are used to deploy servers.
▫ The subnet of the O&M and access zone is used to deploy bastion hosts or
management authentication devices, facilitating remote access, service deployment,
and O&M.
▫ Subnets facilitate isolation and bypass between functional zones by using the
network ACLs.
• For example, a large automobile enterprise has migrated all its businesses to the
cloud, requires the services to be isolated from each other, and has connected its on-
premises network to the cloud using a Direct Connect connection.
▫ The public VPC is connected to the rest VPCs through VPC peering connections.
▫ The public VPC is connected to the on-premises data center using a Direct Connect
connection, and the rest VPCs can also use this connection to connect to the data
center network.
• VPC Peering connections can connect multiple VPCs in the same region.
• In a VPC, data transmission is not limited, and the network performance depends on
that of the ECS.
• On the ECS purchase page, you can view the assured bandwidth, maximum bandwidth,
and PPS of different ECSs. You can select an ECS based on service performance
requirements.
• In actual service deployment, users usually provide services in cluster mode to ensure
service continuity. ELB can provide such functions on the cloud.
• Configuration process
▫ When creating a load balancer, you need to specify a VPC and subnet, select
whether to automatically assign or manually specify a private IP address. The load
balancer receives requests from clients using this private IP address. If you need to
access the Internet, bind an EIP to the load balancer.
▫ You can add one or multiple listeners to your load balancer. A listener uses the
protocol and port you specify to check for requests from clients and route the
requests to associated backend servers based on the rules you define. For an HTTP
or HTTPS listener, you can add forwarding policies to forward requests based on the
domain name or URL.
▫ Finally, add the servers responsible for request processing to the backend server
group. The traffic received by the load balancer is allocated to the backend servers
based on the specified algorithm.
• Websites with different domain names can use a same public IP address because
HTTP/HTTPS listeners can forward requests to different application servers based on
the domain name or URL.
• Summary:
▫ The round robin algorithm is suitable for short connections while the least
connections algorithm for persistent connections.
▫ Weighted round robin and weighted least connections are often used in scenarios
where the performance of servers in a backend server group varies.
• ELB provides the sticky session function. You can enable sticky sessions for your load
balancer.
▫ At Layer 4, the source IP address is used for maintaining sessions. The maximum
stickiness duration of Layer 4 sessions is 1 hour.
▫ At Layer 7, load balancer cookies and application cookies are used. The maximum
stickiness duration of Layer 7 sessions is 24 hours.
• With the advent of the 5G era, more and more devices need to be connected to the
Internet, but the number of IPv4 addresses that can be allocated is decreasing. The
development of IPv6 is promoted at the strategy level. The requirements for IPv6
reconstruction of enterprises are to support IPv6 access in a short time without
changing the IPv4 architecture.
• HUAWEI CLOUD supports the NAT64 function (IPv6 address translation), which maps
an IPv4 EIP to an IPv6 address to support IPv6 access. If your services have not been
migrated to the cloud, you can use Direct Connect and NAT Gateway to access on-
premises IPv4 services using IPv6 addresses.
• HUAWEI CLOUD ELB provides dedicated and high-performance load balancers, which
support elastic scaling and can establish hundreds of millions of concurrent
connections.
• Cloud Connect is available in the following regions by November 30, 2019.
▫ Europe: EU-Paris
• Constraints
▫ For a cloud connection, CIDR blocks of all network instances must not overlap, and
each subnet CIDR block must be unique. Otherwise, the communication may fail.
▫ In all VPCs that are loaded to a cloud connection, if a NAT gateway is created in a
VPC, a default route 0.0.0.0/0 can be set by adding a custom CIDR block in the
advanced settings.
▫ VPCs are loaded to a cloud connection so that they can communicate with each
other.
▫ VPCs under different accounts can communicate with each other if they are loaded
to the same connection.
• In the figure, VPCs in the East China, South China, and Hong Kong are connected
through a cloud connection. After inter-region bandwidths are configured, these VPCs
can communicate with each other.
▫ Virtual gateways are loaded to a cloud connection so that data centers can
communicate with VPCs.
▫ VPCs under different accounts can communicate with each other if they are loaded
to the same connection.
• In the figure, after the VPCs in Paris, East China, South China, and Hong Kong are
connected through a cloud connection, the VPCs in South China and Hong Kong are
connected to the local data center using Direct Connect.
• In this way, the VPC in East China can access the data center networks in South China
and Hong Kong, facilitating low-latency service management.
• Cloud Connect can work with ELB to implement nearby network acceleration in the
multiple-region scenario.
▫ Load balancers and frontend VMs should be deployed in the region with the
network to be accelerated.
• Note:
▫ You can replace the load balancers and web servers in the target region with the
network proxy VMs.
▫ The latency between the web server and application system should not be sensitive.
▫ Check whether the performance of the load balancers in the region where the
network to be accelerated meets the requirements.
• Create a cloud connection.
• Load the network instances (VPCs/virtual gateways) that need to communicate with
each other to the created cloud connection. Network instances in the same region can
communicate with each other by default after being loaded to a cloud connection. You
do not need to purchase bandwidth packages or configure inter-region bandwidths.
• The network quality is greatly improved. The packet loss rate is reduced from 2.53% to
nearly 0.
• The EIP service provides both public IP addresses and bandwidth.
• Resources, such as ECSs, BMSs, load balancers, and NAT gateways, can be bound to
EIPs to access the Internet.
• After the binding, the system delivers a route to the router in the VPC. In addition, the
EIP service maintains a mapping between the EIP and the private IP address of the VPC.
• Users can select an EIP type based on the requirements of the business.
• A NAT gateway implements source network address translation (SNAT) by binding an
EIP to a server, allowing other servers to share the EIP of this server to access the
Internet.
• This solution requires users to configure a route whose destination address is 0.0.0.0
and next hop is the private IP address of the NAT gateway in the VPC to divert traffic.
▫ Direct Connect can work with SNAT to allow servers in the data center to access the
Internet.
▫ Direct Connect can work with DNAT to allow the Internet to access servers in the
data center.
• A NAT gateway can work together with a Direct Connect connection to connect the
data center to the cloud, servers in the data center can use flexible public network
resources on the cloud to access the Internet. The public cloud supports not only multi-
line access, but also BGP and dynamic bandwidth adjustment. Generally, the access
performance is better than that of the customer's data center.
• The type of a NAT gateway indicates the number of concurrent connections (5-tuple
sessions) supported to access the Internet.
▫ Large or extra large: scenarios where there are a large number of destination
addresses or ports and connections, such as crawlers and client push
• If the requests exceed the maximum allowed connections of your NAT gateway, your
services will be adversely affected. To avoid this situation, it is recommended to create
alarm rules for the SNAT connection in Cloud Eye.
• Regardless of the type of a NAT gateway, a maximum of 200 DNAT rules can be
added to a NAT gateway.
• Public network bandwidth usage: Select a proper billing option based on the public
network bandwidth usage of your service.
▫ Billed by bandwidth: Billing is based on the purchased bandwidth size and usage
duration.
▫ Billed by traffic: Billing is based on the actual traffic usage. A shared data package is
recommended if billing by traffic is used, which is more cost-effective.
▫ Enhanced 95th percentile bandwidth billing: You only need to pay a small amount
of fee for the baseline bandwidth in advance. You are billed based on the required
duration and the bandwidth volume after eliminating some top sampled usage
from a billing period. For details, visit HUAWEI CLOUD official website.
• The public network lines of HUAWEI CLOUD are connected to high-quality lines of
backbone carriers. Access lines are selected for different addresses to achieve the
optimal access effect.
▫ Access reliability: Users can select an EIP type based on the requirements of the
business.
• An EIP can be of the dynamic BGP or static BGP type, which are used by HUAWEI
CLOUD to connect to the lines of carriers.
• Dual-connection mode: Users access different transit areas on the public cloud through
two lines of different carriers terminated at different locations, allowing the lines to
back each other up and ensuring high reliability. If only one carrier can be selected,
ensure that different physical routes are used.
• Single-connection: Users access the public cloud through a single connection. (Note
that the SLA may not be fulfilled if a single connection is used.)
• Configuration key points:
▫ A Direct Connect connection enables communication between the IDC and HUAWEI
CLOUD. Configure the OBS public network segment or the 100.125 network
segment for Direct Connect connection at the HUAWEI CLOUD side.
• Note:
▫ A local subnet is a VPC subnet that accesses a data center network through a VPN.
You can enter multiple local subnets that do not belong to the same VPC to allow
them to share a VPN connection.
▫ A remote subnet is a subnet in the customer data center that accesses a VPC
through a VPN.
• Parameters on this page required for VPN tunnel encryption vary by on-premises VPN
device vendors. It is recommended to refer to the configuration examples of several
typical devices in the Virtual Private Network User Guide on the official website.
• 1. Answer:
▫ A
• 2. Answer:
▫ B
• DDS has the following advantages over on-premises databases and self-built
databases on ECSs:
• On-premises databases
• DDS advantages:
• Next, I will introduce RDS for MySQL in details. After completing this course, you will
have a more comprehensive understanding of HUAWEI CLOUD RDS for MySQL.
• HUAWEI CLOUD RDS for MySQL achieves 99.95% SLA. It is highly available with
service downtime less than 5 minutes per month or 1 hour per year.
▫ Security: Automatically detects and identifies SQL injection attacks and supports
predefined or user-defined response measures, such as blocking and return error.
▫ Automatically scans the entire database table structure and data, detects
sensitive data, and customizes masking policies for SQL query results, preventing
unauthorized users from obtaining sensitive data.
▫ Fine-grained audit log: provides fine-grained audit logs, such as traffic logs,
intrusion logs, exception monitoring logs, sensitive data reading logs, and pre-
event and post-event logs.
▫ Monitoring: APIs provided by Cloud Eye are used to query the monitoring metrics
and alarms generated for HUAWEI CLOUD RDS for MySQL.
▫ Elastic scaling: Vertical scaling enables online scaling of CPU, memory, and
storage within several minutes based on service development requirements.
Horizontal scaling enables one-click read/write splitting of 1 write and 5 read
replicas as required. RDS for MySQL can also work with DDM to implement
sharding.
▫ Backup and restoration: RDS for MySQL supports automated and manual
backups. Automated backups are retained for 7 days by default and can be
retained for up to 732 days. Full backups are performed every day (the
automated backup start time can be set) and incremental backups are
performed every 5 minutes. Users can also perform manual backups, especially
after they perform important operations.
▫ Restoration: RDS for MySQL supports point-in-time restore (PITR) and table-level
object restoration. Data can be restored to any specified time point within five
minutes of the last automated backup. Restoring to new DB instances is
recommended and check whether the restored data is the required data.
• MySQL provides various product forms and versions. RDS for MySQL supports MySQL
5.6, 5.7, and 8.0. User data migrated from on-premises or other clouds is fully
compatible with RDS for MySQL without any modifications. RDS for MySQL provides
cost-effective single DB instances for developing and testing environment or for
learning about RDS, and provides highly available primary/standby DB instances for
large enterprises.
• Key Features
▫ SLA:
▫ Security:
▫ High availability:
▫ Monitoring:
▫ Elastic scaling:
▫ Log management:
▪ supports query and download of database error logs, slow query logs, and
binlogs.
▫ Parameter configuration:
• If data is abnormal or deleted by mistake, you can restore the database to any point in
time.
• RDS has released ultra-high performance DB instances, which provide higher
performance than general-enhanced DB instances. The ultra-high performance DB
instances combine Huawei Container with the local and cloud disk hybrid storage
technology. Data pages are stored on cloud disks, ensuring high data reliability and
scalability. Redo logs and binlogs are stored on local disks, greatly improving I/O
performance.
• If logs are generated too fast and the local disk space is insufficient, logs are switched
to the cloud disk online. This mode is suitable for customers who have requirements
on I/O latency.
• MySQL primary/standby (1/2) DB instances use the MySQL Group Replication (MGR)
technology, the Paxos protocol, and 1 primary+2 standby three-node architecture to
ensure data consistency in distributed databases and to provide financial-level data
reliability. The HUAWEI CLOUD database kernel team has optimized MGR. Under the
same conditions, MGR improves QPS by 30% and reduces latency by 50% compared
with traditional replication. MGR provides excellent performance and strong data
consistency assurance, and is the best choice for customers who have high
requirements on database availability, security, and consistency.
• 100% compatible with MySQL
• RPO=0
• RTO≈0
• A single database cluster needs only one reliable database replica set. All read replicas
share cloud storage, even across AZs. There is no logical replication at the database
layer. One primary instance processes requests and multiple read-only nodes process
read requests, with no additional standby instances. If the primary instance fails, the
read replicas quickly take over services from the primary instance.
• Logs are data. Append-only write models are used to minimize SSD wear (to avoid
write amplification).
• Only database logs are written from the database computer node to the DFV storage
layer through the network. There is no page checkpoints, refresh across networks, or
double writes. The data plane is rebuilt based on the database logs at the DFV storage
layer to avoid heavy network traffic.
• Databases are partitioned based on the slicing policy across DFV storage nodes to
support massive storage. A single DFV storage node manages multiple shards from
different database clusters, achieving unlimited expansion of storage capacity and
processing capability.
• As shown in the figure, GaussDB(for MySQL) is a distributed cluster with a separated
compute and storage architecture, meeting user requirements for elastic expansion in
the public cloud environment.
• Three-layer architecture: compute layer (SQL Nodes), Storage abstraction layer (SAL),
and storage layer (Storage Nodes)
• The compute layer processes all client connections, writes redo logs to the storage
layer through the SAL, and reads pages from the storage layer when the cache fails.
The compute and storage layers are connected through the RDMA high-speed
network. The storage layer stores data and data copies by shard.
• Storage itself is a shared, highly reliable, and highly scalable cloud service.
• Let's compare it with RDS for MySQL (HWSQL) on the cloud.
• RDS for MySQL needs to write pages, double write pages, redo logs, and binlogs to the
storage layer. Each standby node stores a copy of the data. However, the storage itself
has multiple copies, causing severe write amplification and fatal impact on cluster
scalability and performance.
▫ Uses shared storage to maximize resource utilization and reduces costs of cloud
vendors.
▫ Supports on-demand storage and network resource payment. Users only need to
pay for the resources they actually use, without upfront payment.
• SQL Nodes: 1 Master + n Replicas (n ≤ 15) form a cluster. One cluster belongs to one
cloud tenant only.
• SQL Nodes process customer requests, parse SQL statements, generate query plans,
execute queries, and process transaction isolation levels. SQL Nodes are fully
compatible with open-source MySQL. The primary node can process all read and write
requests, and the read-only nodes can only process read requests. The primary node
only needs to write redo logs to the storage layer, and does not flush pages in the
buffer pool to the storage layer.
▫ The primary node does not directly manage the tablespace of the file system.
Instead, it invokes the API of the SAL layer to interact with the storage layer.
▫ Only a small amount of data is transmitted between the primary and standby
databases for DDL failures, page failures, active transaction information updates,
and redo log reading.
▫ SQL Nodes store only MySQL configuration files and temporary tables. Therefore,
read-only nodes can be quickly switched to the active node through failover or
switchover.
▫ SQL Nodes are 100% compatible with the native MySQL syntax.
• Only redo logs are written to the storage layer. Redo logs are data. When the compute
layer requires pages, the storage layer replays the redo logs to generate pages.
• The SAL layer is a logical layer. It is used to isolate data storage from the SQL
frontend, transactions, and query operations, simplifying the interaction of redo logs
and pages between compute and storage layers.
• It maps data pages to shards of storage nodes based on specific rules. After the
mapping is established, the SQL layer can deliver the data page modification logs
(redo logs) to the target shards, and knows the shard from which to read data pages.
• In the future, the SAL layer can be reused to support other DB engines' distributed
databases with a separated compute and storage architecture.
• Storage as a service (SaaS), a fast, reliable, and shared cloud storage service, is the
basis of the GaussDB(for MySQL) design.
▫ The storage layer not only stores redo logs, but also performs I/O-intensive
computing tasks, including log caching, replay, and reclamation, page generation
and caching, checkpoint, crash recovery, and log copy.
▫ Different from traditional databases, the storage layer replays logs to generate
pages only during crash recovery. The storage node caches redo logs in memory.
After receiving a page read request, the storage node immediately replays the
logs to generate the version specified in the request and caches the generated
page in its buffer pool.
▫ Crash recovery at the storage layer is much faster than that of traditional
databases because crash recovery is concurrently completed by multiple slice
servers at the storage layer and can be recovered within seconds.
▫ The storage layer stores redo logs in multiple copies to ensure high reliability.
Different copies communicate asynchronously to synchronize data. Therefore, the
compute layer does not need to wait until all copies are written to ensure higher
performance.
▫ The current design of the system supports 128 TB storage for each database
cluster, achieving massive storage.
• Awards and rankings:
▫ Ranked fourth and fifth in the DB-Engines rankings for many consecutive years:
https://db-engines.com/en/ranking_trend
▫ Due to its excellent performance, PostgreSQL has won multiple awards in end
users and the industry, including the Best Database Award of Linux New Media
and the Best Database Award selected by Linux journal editors five times.
▫ The PG open source license is a BSD-like license. Users can use the PG without
any legal risks. PG can be distributed freely, closed source, or open source.
▫ Enterprise-level applications including Odoo, SAP, and Yonyou are using PG.
▫ Active community
• Both OLTP and OLAP require high performance. Among the mainstream OLTP
database products, PostgreSQL is undoubtedly highly competitive in terms of
performance, functions, stability, maturity, cases, and cross-industry applications.
Additionally, PG provides many acceleration methods, such as JIT, multi-core parallel,
column storage, and vector computing. Therefore, PG has great improvement potential
in the OLAP field.
• Multiple data models require not only relational data, but also spatiotemporal,
geography, Word Segmentation, time series, JSON, stream computing, and retrieval.
No need to introduce multiple heterogeneous databases and the SQL usage habits can
be retained.
• PG is the first choice for enterprises to replace Oracle. PG is compatible with most
Oracle application scenarios. In addition, PostgreSQL Enhanced Edition provides the
Oracle syntax version, which is compatible with more than 90% of the common Oracle
syntax.
• PG has earned reputation for its high reliability, stability, and data consistency and has
become many enterprises' first choice of open-source relational databases.
• Ping An Technology, Qunar, Instagram, Kingsoft, Baidu, and China Merchants Bank
• Diverse data types
• In addition to traditional data types, PG also supports other data types such as arrays,
spatial data, network data, JSON, and XML. PG also supports user-defined data types.
These features make PG an excellent commercial database.
• High security: PG supports field encryption and permission control based on databases,
schemas, tables, and columns.
• Currently, most customers who use PG use more than one plugin. For example, the
PostGIS plugin is the most frequently used open-source spatial data product. It
supports heterogeneous database access, machine learning, text retrieval, image, time
series, multi-dimension, word segmentation, blockchain, column storage, and similarity
algorithms.
• On one hand, users can perform secondary development based on the original plugins.
On the other hand, users can customize plugins as required. These features are
supported at the database layer, which greatly improves the development efficiency
and running performance.
• PG supports a large number of indexes (B-tree, GiST, GIN, SP-GiST, Hash, Brin, rum,
bloom, and bitmap). Users can flexibly select the optimal index based on their data
types and service scenarios.
• Database selection is important.
• Many enterprises do not have database selection standards or do not know what
databases are required by their services.
• In China, the usage of MySQL is far greater than that of PG. The database section at
the Zhihu website (Chinese Quora) has discussed "PostgreSQL has more enterprise-
class database features, but why MySQL is widely used in China's open-source
database market?"
• Many small- and medium-sized Internet companies in China, including Baidu Alibaba,
and Tencent (BAT), cannot afford the Oracle database during service development.
MySQL is the default suite of LAMP. Therefore, many companies use MySQL.
• With the rapid growth of services, some MySQL companies have encountered some
problems, such as how to efficiently process billion-level OLAP application records
using complex multi-table associated query. Many companies do not have
comprehensive technical architecture as BAT do.
• Database selection depends on the database usage and design architecture. For
Internet and gaming companies, the database is only a data storage tool. They focus
more on the application than the database. In this case, PG and MySQL are both OK.
For applications whose functions rely on the database, PG is recommended.
• The balance between databases and applications varies in different industries and
development stages of companies. It depends on the reliability on databases or
applications. Database middleware is basic software and is stable and reliable. Open-
source databases are independent and controllable.
• For pure OLTP or OLAP scenarios, the original database is OK. For OLTP+OLAP hybrid
scenarios, PG is recommended. We have learned earlier that PG also provides excellent
performance in OLAP scenarios.
• For complex applications, PG is recommended. PG's array, spatial data types, network
data types, JSON, and XML are mature and support customization.
• The RDS console provides overview, instance management, basic information, data
migration, performance monitoring, backup and restoration, log management, and
parameter configuration.
• In the database cluster architecture, we can see that a PostgreSQL database cluster
contains one primary instance, zero or one standby instance, and a maximum of five
read replicas. The primary DB instance provides read and write capabilities, the read
replica provides read-only capabilities, and the standby DB instance does not provide
any capabilities. It is used for failover support.
• The list on the right describes the RDS for PostgreSQL key features. You can read it
yourself. Here let's see the one-click storage scaling-up function provided by the RDS
console.
• One-click storage scaling-up
▫ Online scaling: Storage space can be scaled up any time without service
interruption.
• HUAWEI CLOUD databases provide data backup and restoration capabilities. You can
set automatic backup policies to automatically back up data every day. The maximum
backup period is 732 days. In addition, an incremental backup is performed every 5
minutes to ensure data reliability.
• If data is abnormal or deleted by mistake, you can restore the database to any point in
time.
• Backup files are stored in OBS buckets. OBS has no capacity limitation and provides
data reliability of eleven nines.
• In recent years, the need to replace Oracle is growing. We believe that the time has
arrived.
• Firstly, the impact of the 2019 US Entity List incident has awakened many enterprises.
In the future, the database that they are using today may be unavailable. The
regulatory department also requires that key software be "independent and
controllable". Actually, as early as 2010, the regulatory department had realized this
problem, but it cannot be resolved due to the immature technology and lack of talent
at that time.
• Thirdly, the participants have expanded from traditional database service providers to
Chinese database vendors, cloud vendors, and NewSQL vendors.
• Finally, let's look at the changes in customer requirements. In the past few years,
Internet companies were the majority who intended to replace Oracle. In recent years,
traditional enterprises also start taking actions. For example, ICBC uses database
middleware as the breakthrough point, and China CITIC Bank and China Merchants
Bank cooperate with major Chinese vendors to jointly develop databases. Although
they are trying on non-core businesses, their future development is very promising.
• To meet the requirements of Oracle replacement, we launched PG Enhanced Edition.
• On one hand, the PG protocol is friendly, and has power functions and many open
interfaces. Therefore, more than 50 types of databases are derived from PG. If you are
interested, you can view https://wiki.postgresql.org/wiki/PostgreSQL_derived_databases
for more details.
• PG is compatible with major Oracle syntax, including but not limited to:
▫ System views
▫ MERGE INTO
▫ Sequences
▫ ROWNUM
▫ Built-in functions
▫ FORALL
▫ Triggers
▫ Data types
▫ DDL
▫ Outer joins
▫ One-dimensional array
▫ Implicit conversion
▫ Pseudo tables
▫ Primary partition
▫ Grouping_id/group_id
▫ Predefined parameters
▫ Stored procedures
▫ Secondary partition
▫ Macro
▫ Scheduled tasks
▫ Connect By
▫ Dynamic SQL
▫ Operators
▫ Anonymous blocks
▫ Virtual columns
• Oracle replacement is a project, not just replacing the Oracle database.
• The development and test personnel actively participate in the test. If the product is
provided by an ISV, the ISV also needs to actively cooperate with the development and
test personnel. The company's executives should also pay attention to this project.
• Select products with good compatibility. Currently, there is no product that is 100%
compatible with Oracle in the market. Products provided by vendors are compatible
with common Oracle functions.
• Two solutions are available: PostgreSQL Community Edition + Oracle and PostgreSQL
Enhanced Edition
• HUAWEI has helped Yonyou, Wisedu, Kingdee, and Saiyun successfully replace Oracle
databases.
• Project evaluation
• Service reconstruction
• Migration drill
▫ Migrate the objects and data of the original Oracle database to the target
database. The migration involves tool-based migration and manual migration.
• Service verification
• Migration implementation
▫ After the preceding four steps are performed to ensure service availability during
migration, start the formal migration during off-peak hours.
• Service switchover
▫ After the migration is complete, switch services to the target database to replace
the Oracle database.
• Example 1: WAL and data disk partitioning are supported to improve the PG write
performance.
• Example 3: The native PG database needs to be restarted after the port is changed. PG
Enhanced Edition does not require a restart after a port modification.
• As shown in the left figure, we can see that PG has supported hundreds of plugins in
various fields. These plugins can be used to derive PG functions to meet custom
requirements.
• More than 30 common plugins have been pre-installed on HUAWEI CLOUD RDS for
PG. If the pre-installed plugins cannot meet customer requirements, they can submit
service tickets. After an evaluation and a successful test, the plugins will be pre-
installed in later versions.
• The left part of the figure shows the customer's equipment room, and the right part
shows HUAWEI CLOUD. After the network between the customer and HUAWEI CLOUD
is connected, we can use DRS to migrate the customer's database to the cloud. For
operation details, visit the website page.
• There are two key actions:
• Based on the automated function test cases of each module at the service layer,
identify the incompatible feature list between HUAWEI CLOUD RDS for PostgreSQL
and Oracle. PostgreSQL Enhanced Edition adapts to reasonable requirements to reduce
customer's code adjustment.
• Based on the performance test cases for key business scenarios, identify the
performance deterioration of HUAWEI CLOUD RDS for PostgreSQL compared to
Oracle and then optimize the features accordingly.
• Customer benefits
▫ The migration from Oracle to HUAWEI CLOUD RDS for PostgreSQL resolves the
license issue of the original commercial database, reduces the cost of using the
ERP system, and helps enterprises smoothly transform to the SaaS model on
HUAWEI CLOUD.
• SAIYUN Data is committed to providing system solutions and operation management
services for intelligent connection of mobile devices in the IoT field. It provides one-
stop operation enablement for virtual carriers and IoT service providers, including
traffic distribution, connection management and operation platform, and product-
based services.
• Reconstruction workload
▫ Over 20 service SQL statements are reconstructed. Huawei team is available for
help at any time and provides technical support twice. The aggregation function
supports ORDER BY and MERGE INTO. Reconstruction workload on the service
layer is greatly reduced.
• Customer benefits
• Basic functions of RDS for SQL Server are almost the same as those of MySQL and
PostgreSQL, and abundant database ecosystem services (including DRS and DAS) are
provided.
• The most complete online SQL Server database editions, including Enterprise Edition,
Standard Edition, Web Edition of 2008 R2 to 2017, are provided. Based on customers'
real needs, different commercial editions can be deployed on the cloud, reducing the
cost by 3 to 10 times.
• RDS for SQL Server provides the most commercial features online. To implement
automatic O&M, competitors disabled most enterprise-level features of Microsoft SQL
Server. To maximize the commercial database values for enterprises, RDS for SQL
Server provides enterprise-class features of SQL Server database services as much as
possible to ensure the consistency of offline and on-premises development and O&M
scenarios.
• RDS for SQL Server provides flexible database migration capabilities. It is the first
database service to implement database-based backup, restoration, and download
functions, enabling users to efficiently and conveniently compare data on online and
on-premises databases. In addition, users can quickly migrate databases between
instances.
• Analyze the capabilities of each commercial edition from the business perspective and
describe how to recommend proper editions to users.
• The biggest difference between the enterprise edition, standard edition, and web
edition lies in their high availability (RTO) and high reliability (RPO) capabilities.
Currently, SQL Server 2017 Enterprise Edition uses the latest Microsoft Always On
cluster architecture and supports 1 primary node, 1 standby node, and 5 read replicas.
In addition, its RTO is close to 0, providing the strongest online service support in the
industry, and it applies to core service scenarios of large-sized enterprises.
• The standard edition uses the Microsoft image HA architecture and supports only 1
primary and 1 standby cross-AZ deployment. During a primary/standby switchover,
services need to be suspended for about 30 to 60 seconds. This edition applies to
external service systems of large- and medium-sized enterprises and ensures basic SLA
service capabilities.
• The web edition is a dedicated version provided by Microsoft for online services. This
edition features low price and is sold only on the cloud. Users cannot purchase it
through offline agents. Due to Microsoft's product capability constraints, the service
can only be provided in single node mode and does not support the SLA protocol.
However, HUAWEI CLOUD provides the single-node failover capability based on the
online service feature. When a user host is faulty, the instance can be automatically
started within 30 to 60 minutes through the failover service. In addition, ensure zero
data loss and service downtime within 5 minutes. This service is cost-sensitive and is a
good option for non-core services. It can avoid Microsoft business risks at low costs
and obtain all online service capabilities provided by HUAWEI CLOUD.
• High performance and reliability
▫ SQL Server 2017 Enterprise Edition uses the Always On cluster architecture and
supports 1 primary node, 1 standby node, and 5 read replicas.
▫ The image users the HA architecture and supports only 1 primary and 1 standby
mode.
• Cost-effective
▫ This edition is provided only online. Offline users cannot purchase this edition.
This edition is the most cost-effective option for users to avoid commercial risks.
• Describe the particularity of each released version and specification.
• Currently, the 2017 Enterprise Edition supports only 1 primary node, 1 standby node,
and 5 read replicas. Other editions support only 1 primary node and 1 standby node.
The reason is only 2017 Enterprise Edition uses the Always On cluster architecture, and
others use the image architecture. In addition, the service supports a maximum of 60
vCPUs and 512 GB memory.
• All standard editions use the image architecture (The Always On architecture is
supported only by enterprise editions.). In 2016 and 2017 Standard Edition, the
maximum specifications are 24 vCPUs and 128 GB memory because Microsoft lifted
the constraints on the 2016 version. Considering the cost of the commercial edition, to
maximize the benefits for users, the 24 vCPUs and 192 GB specifications are provided.
Editions earlier than the 2016 Standard Edition support only 16 vCPUs and 128 GB
memory.
• The web edition does not provide high availability due to Microsoft version capability
constraints. The maximum resource specifications are 16 vCPUs and 64 GB.
• The differences between the high availability capabilities of RDS for SQL Server are as
follows:
• Currently, RDS for SQL Server mainly uses the Always On cluster architecture and
image HA architecture. The Always On cluster architecture is supported only in 2017
Enterprise Edition. This architecture supports 1 primary node, 1 standby node, and 7
read replicas. However, two basic nodes are reserved for future capacity expansion in
many scenarios. Currently, 1 primary node, 1 standby node, and 5 read replicas can be
added to reduce the read and write workload on the primary node. In addition, this
architecture supports second-level primary/standby switchover and provides the
highest level of online service capabilities in the industry. Based on this architecture,
users can implement DR in multiple financial scenarios, such as cross-region read-only
DR and offline read-only DR.
• The standard edition uses the mirroring architecture. The primary/standby switchover
takes about 30 seconds. During the switchover, the service database is unavailable,
• HUAWEI CLOUD provides 24/7 online monitoring and automatic failover capabilities
for both the Always On cluster architecture and the image HA architecture to ensure
that the SLA of customers' core services meets requirements. Local and self-built
services cannot meet this requirement.
• Based on the best practices of Windows and SQL Server provided by Microsoft, RDS for
SQL Server optimizes parameter settings and parameter ratios for different versions
and specifications. In this way, the average comprehensive performance of online
instances is 30% higher than that of competitors' products, which is far higher than
the self-built database of the same specifications on VMs.
• The performance load test result is obtained by using the third-party load test tool
(HammerDB) and TPC-C international load test standards. The customer can perform
100% self-test based on the test procedure on the official website. We promise not to
optimize the load test model.
• RDS for SQL Server is the most widely used database in the Microsoft ecosystem.
Microsoft SQL Server is one of top three relational databases in the world. Almost all
industries and large- and medium-sized companies in the industry deploy services
based on the SQL Server database.
• ISVs: Since 2017, HUAWEI CLOUD has been reconstructing its RDS for SQL Server-
based SaaS services with three major ISVs in China, for example, Yonyou U8, Kingdee,
and Grasp. For software vendors, deploying service databases on RDS is a trend.
• HUAWEI CLOUD RDS for SQL Server is one of the most popular relational databases. It
is widely used in all scenarios involving Microsoft applications, including but not
limited to finance, insurance, automobile enterprises, medicine, government, e-
commerce, retail, logistics, schools, and hotels. In the cloud 2.0 era, self-built services
cannot provide quick and simple deployment, 24/7 online O&M, and highly reliable
data assurance. Migrating databases to RDS is an inevitable trend.
• Cluster: A DDS cluster consists of three types of nodes: mongos, shard, and config. You
can configure the number of mongos and shard nodes as required. mongos uses a
single-node architecture, and shard and config use a three-node replica set
architecture.
• Replica set: In a replica set instance, there are three types of nodes: primary, secondary,
and hidden. You can operate the primary and secondary nodes directly. A replica set
instance supports DR switchover and high availability. It is transparent to your
applications.
• Single node: The single node instance is designed for development, testing, and storing
non-core data of enterprises. It brings you visualized O&M and elastic scaling at a
lower price.
• Region and Availability Zone (AZ) describe the location of DDS DB instances. Once the
DB instance is successfully created, the region cannot be changed. You can select
regions and AZs based on the geographical locations of users, product prices, DR
capabilities, and network latency. For more information, see Regions and AZs.
• Network planning: You are advised to create the DDS DB instances in the Virtual
Private Network (VPC) and subnet where the Elastic Cloud Servers (ECSs) are
deployed.
• Data security: DDS provides comprehensive security assurance for the data security
that you may concern. You can deploy DB instances in multiple AZs and use audit logs,
isolated networks, security groups, and data encryption to ensure data security.
• Single node instance is designed for development, testing, and storing non-core data
of enterprises. It brings you visualized O&M and elastic scaling at a lower price.
• Replica set: In a replica set instance, there are three types of nodes: primary, secondary,
and hidden. You can operate the primary and secondary nodes directly. A replica set
instance supports DR switchover and high availability. It is transparent to your
applications.
• A DDS cluster consists of three types of nodes: mongos, shard, and config. You can
configure the number of mongos and shard nodes as required. mongos uses a single-
node architecture, and shard and config use a three-node replica set architecture.
• DDS Enhanced Edition uses the storage and compute separated architecture, which
provides higher read/write performance than the Community Edition that has the
same configurations.
▫ All primary shard nodes act as standbys for each other. If a primary shard
becomes faulty, other available primary shard nodes will take over its services.
DDS Enhanced Edition can tolerate the failure of N-1 nodes. (N ranges from 2 to
12.)
▫ Data storage is changed from the replication set to the distributed shared
storage, providing reliable data storage services for clusters and ensuring high
data reliability.
• Immediate use: You can create a DB instance on the management console and access
the database through an ECS over private networks to reduce the application response
time and save fees generated for using public network traffic. If you need to access a
DB instance from your local devices, you can bind an elastic IP address (EIP) to the
instance.
• Visualized O&M: You can easily perform restart, backup, and data recovery operations
on instances using a graphical user interface (GUI)
• Data security: A security protection system consists of VPCs, subnets, security groups,
storage encryption, DDoS protection, and SSL, which is capable of defending against
various malicious attacks and ensuring data security.
• DDS provides audit logs and stores logs for a maximum of two years. It also supports
fine-grained permission control.
• HA: The cluster and replica set support high availability. If the primary node is faulty,
the secondary node takes over services in a short time. The switchover process is
invisible to applications.
• Data migration: Data Replication Service (DRS) supports online migration from on-
premises databases to the cloud platform or cross-cloud migration.
• Monitoring metrics: DDS monitors key performance metrics of DB instances and DB
engines in real time, including the CPU usage, memory usage, storage space usage,
command execution frequency, delete statement execution frequency, insert statement
execution frequency, and number of active connections.
• Backup and restoration: DDS supports automated backup and manual backup. The
maximum retention period of an automated backup is 732 days. The manual backup
can be retained for a long time. DB instances can be restored using backup data.
Replica set instances support point-in-time restore at the instance level, database level
and table level.
• Log management: DDS allows you to query and download database error logs and
slow SQL logs.
• Parameter settings: DDS allows you to manage parameter groups and modify
configuration parameters on the console.
• The permission check logic is as follows:
• The system evaluates all the permissions policies assigned to the user.
• In these policies, the system looks for explicit deny permissions. If the system finds an
explicit deny that applies, it returns a decision of Deny, and the authentication ends.
• If no explicit deny is found, the system looks for allow permissions that would apply to
the request. If the system finds an explicit allow permission that applies, it returns a
decision of Allow, and the authentication ends.
• If no explicit allow permission is found, IAM returns a decision of Deny, and the
authentication ends.
• GeminiDB is a multi-mode NoSQL service launched by HUAWEI CLOUD.
• GeminiDB has higher data consistency, stronger performance, better scalability, more
reliable data, and higher cost-effectiveness than peer products.
• GeminiDB can be widely used in the market and meet the requirements of using
products or APIs such as Redis, Cassandra, Dynamo, MongoDB, and TSDB.
• Cost-effective, several times higher performance than that of the community edition
with same resource consumption
• High reliability, minute-level backup and restoration, and strong data consistency
• Compute and storage resources are decoupled, and compute and storage nodes can be
scaled in or out separately.
• Compute node work in full load to prevent data skew and load imbalance.
• The storage layer has multiple built-in copies to ensure data security and reliability.
▫ Database migration involves database knowledge. Most customers may not have
professional database personnel. Only enterprises of a certain scale may have
professional personnel. In most projects, customers need to seek help from cloud
database migration.
• Database migration is the most complex among all types of migrations. Once a
database migration issue occurs, it may cause huge losses for services.
• Database migration involves database knowledge. Most customers may not have
professional database personnel. Only enterprises of a certain scale may have
professional personnel.
• In most projects, customers need to seek help from cloud database migration.
• Database migration involves database knowledge. Most customers may not have
professional database personnel. Only enterprises of a certain scale may have
professional personnel. In most projects, customers need to seek help from cloud
database migration.
• Benchmarking products are Alibaba Cloud DTS and AWS DMS.
• Alibaba Cloud DTS has a long-term technical planning that can be traced back to 7
years ago. It is independently developed by Alibaba Cloud.
• AWS acquired the source code of the industry synchronization tool Attunity in 2015,
and developed DMS based on the Attunity source code.
• HUAWEI CLOUD DRS is a self-developed product and has been developed for about 2
years.
• Among all the products, AWS DMS supports the most database types. However, DMS
is more like a synchronization tool, which does not distinguish scenarios like migration,
synchronization, disaster recovery, and subscription. It lacks scenario-based features
and has high usage threshold for users.
• Azure also started working with Attunity and bought some of its capabilities in 2018.
• In 2018 and 2019, HUAWEI CLOUD DRS focused on online migration. In 2020, DRS will
focus on synchronization and disaster recovery. In addition, DRS will implement some
differentiated features in online migration, aiming to achieve the best-in-class user
experience in online migration.
• Content on this slide is abundant. Talk about the flow chart and then the database
sources, types, network types, and cloud types.
• Help trainees understand each key feature of DRS based on the content in the lower
part of the page. For detailed information, see the DRS promotional slides.
• Understanding scenarios is the core competitiveness. The presenter can summarize
these scenarios in the first place and has the trainees understand the differences.
• Supplements:
▫ The integrity of online migration means that any item in the source database
should be migrated to the destination database. Lots of tools in the industry only
migrate data, which is incomplete. If only data is migrated, there must be errors
reported. Items like triggers, views, users, permissions, and even parameters form
the whole database. If any of them is missing, an error will be reported.
▫ Remote disaster recovery. Users may encounter a disaster or need DR drills. This
scenario focuses on the latency, switchover capability, and data difference.
• In some projects, severe outcome occurred after the service rollout because the
migration process was not strictly followed and migration preparations were not
complete, especially when the test and drill were ignored.
• No matter whether the migration is led by Huawei or the customer itself, the
preceding runbook can always be followed.
• For large-scale migration projects, seek help from experts at headquarters. Currently,
there are two service teams, Database Product Dept. and Professional Service Project
Team, that can help customers to complete the migration.
• The presenter can open the service portal and play the videos to introduce DRS.
Remember that there are two tutorial videos that can help trainees to have an intuitive
understanding of DRS.
• After watching the videos, the presenter can open the capability matrix and effectively
help trainees to answer customer questions: Can I perform the xx migration? Can I
migrate the xx version databases?
• This slide is crucial for learning how to guide users to carry out database migrations.
• Use examples to let trainees understand that a successful migration must be well
coordinated and prepared. Unprepared migration just depends on luck.
• Open the link on this slide to explain what are the environment requirements for
migration? What kinds of operations need to be avoided? And how to guarantee a
successful migration? These are the questions that customers and Huawei experts
concerned most.
• This slide is the most frequently queried page because information on this slide is
critical. Whether the migration is fully prepared determines whether the migration is
successful or not. Customers have to coordinate a large amount of manpower and
materials to complete a migration. A successful migration can greatly improve
Huawei's brand influence, whereas a failure lowers customer satisfaction.
• This slide is also crucial for learning how to guide users to carry out database
migrations.
• Before deployment, trainees or customers need to implement the migration. This slide
contains the principles, preparations, detailed procedures, and migration suggestions.
Open the link on this slide to explain. This slide can be used to guide customers,
migration partners, and Huawei experts to perform migration.
• Invite the trainees with migration experience (some of the BU's SAs have already done
database migrations) to share their understandings and ideas to enhance interaction.
• Explain the features based on scenarios. These features are unique in the industry and
strongly demanded by customers. They can be used as bidding-decisive items or as an
alternative material for communication and publicity.
• Explain the features based on scenarios. These features are unique in the industry and
strongly demanded by customers. They can be used as bidding-decisive items or as an
alternative material for communication and publicity.
• Explain the features based on scenarios. These features are unique in the industry and
strongly demanded by customers. They can be used as bidding-decisive items or as an
alternative material for communication and publicity.
• Explain the features based on scenarios. These features are unique in the industry and
strongly demanded by customers. They can be used as bidding-decisive items or as an
alternative material for communication and publicity.
• DAS console: A professional database O&M platform that allows DBAs to perform
routine inspections and detect faults in advance during O&M. In addition, it helps DBAs
to quickly locate and rectify faults in the event of failures, and supports fault reviews
to find out root causes and prevents the faults from occurring with the diagnosis
reports, analysis, and suggestions automatically provided based on the running data.
• DAS enterprise edition: provides a database DevOps platform that supports data
protection, change review, operation audit, and R&D self-service. It helps enterprises
implement standardized, efficient, and secure management with large-scale databases.
• Data operations, such as automatic test data generation, help R&D engineers quickly
and automatically insert a large amount of test data into the databases and ensure
that the generated test data complies with specific rules.
• Structure operations, such as table structure editing, facilitate adding and modifying
table fields and indexes.
• Intelligent SQL optimization helps customer identify and optimize SQL statements. For
example, the customer's SQL statement contains a hidden conversion. As a result, the
index is not used and the customer's efficiency is low.
• Lock wait analysis facilitates the viewing of event lock details. Users can obtain the
held lock and waited lock information, such as event status and event ID, by querying
the lock status.
• SQL explorer: helps DBAs quickly locate faults by querying the execution duration,
number of updates, number of rows scanned, and lock wait time of the SQL
statements.
• Slow query logs: helps users quickly find out slow SQL statements and offers
optimization suggestions.
• Daily inspection: helps users quickly locate faults, carries out comprehensively analysis
and exception detection, and provides risks and optimization suggestions.
• Exception diagnosis: allows users to intuitively learn the real-time running status of
database instances, locate performance exceptions in real time, and optimize the
system based on optimization suggestions.
• Real-time analysis: shows the real-time performance data, such as the CPU and
memory usages to help users quickly locate faults.
• DBAs are recommended to use automatic diagnosis and analysis functions in daily
works. The more attention DBAs pay, the more problems detected in advance, thus the
more stable the system will be.
• This slide describes many types of data, such as configuration data, location data, fault
data, and alarm data and why you need different HUAWEI CLOUD database services
to handle these types of data in the IoV scenario.
• Internet games use different databases to process different data. In scenarios where
game services change frequently, the verified DDS service is provided to process game
data.
• Based on the Internet live broadcast services and service scales of customers, Huawei
provides different scalable database solutions, such as the combination of Proxy and
RDS and the combination of DDM and RDS. In addition, the combination of DCS, RDS,
and DDS is provided based on the customer's service peak hours.
• This slide describes how to use DRS to migrate data from Oracle to PostgreSQL
Enhanced Edition. This solution also supports SSL encryption for secure migration.
• Answers: 1.
▫ A
• Answers: 2.
▫ ABCD
• Shared security responsibilities - Infrastructure security - Security services
• Many companies, including Amazon, Google, and Microsoft, have been investing huge
in building their cloud data centers to provide a range of services for users. However,
responding to and protecting users from cloud security incidents are great challenges
for these IT giants.
• On March 17, 2009, Microsoft Azure stopped running for about 22 hours.
• In 2010, Microsoft BPOS suffered an outage. This is Microsoft's first major data breach
event in cloud computing.
• On April 22, 2011, a large number of servers in Amazon's cloud data centers broke
down. This event was considered the most serious cloud security event in Amazon's
history.
• According to reports released by the Cloud Security Alliance (CSA), cloud computing is
faced with the same security threats as traditional data centers, such as data breach,
data loss, DDoS attacks, account hijacking, and malicious internal personnel.
• Customers who migrate services to the cloud care most about service continuity,
controllable O&M, and data security.
• The release of the Cybersecurity Law and the Information Security Graded Protection
System indicates that laws are paying more attention to cybersecurity, and that the
security compliance of cloud computing becomes increasingly important.
• The way to use and manage compute resources in the cloud computing system has
changed, bringing new risks and threats for both administrators and end users.
▫ Open interfaces make the cloud computing system vulnerable to external attacks.
▪ Users use open interfaces to access the cloud computing system through
networks, which makes the system vulnerable to attacks from external
networks.
• Risks and threats for end users include:
▪ Resource sharing among multiple tenants poses the following security risks:
User data may leak because of inappropriate isolation methods. Users may
be attacked by other users within the same physical environment.
• Security compliance is the basis. HUAWEI CLOUD complies with local laws and
regulations in customers' countries and regions, earns cross-industry and cross-region
cloud security certification by regulatory authorities, and obtains security certifications
required for key industries and regions, winning and consolidating customer trust in
HUAWEI CLOUD services.
• Under the principle of shared responsibilities, HUAWEI CLOUD properly plans the
organizational structure and service processes for operations security and O&M
security, and provides continuous operations and security assurance measures to help
protect tenants throughout their lifecycles.
• This model is called the shared responsibility model. The following are typical
examples:
▫ Software as a Service (SaaS): Cloud service providers (CSPs) are responsible for
nearly all security because tenants only can access, manage, and use applications
provided by them, but cannot perform destructive operations on the applications.
SaaS companies are responsible for security, logging, O&M, auditing, and
application security detection. Tenants manage tenant accounts and permissions.
▫ Platform as a Service (PaaS): CSPs are responsible for platform security, and
tenants are responsible for protecting the applications deployed on the platform,
including security configurations of all applications. CSPs and tenants share the
responsibilities. Take RDS as an example. CSPs are responsible for protecting RDS
instances, RDS restoration, and core configurations. Tenants are responsible for
database accounts and access security.
• To ensure tenant services do not affect management operations and devices are not
out of management, we divide the network communications plane of the public cloud
into the tenant service plane, service control plane, O&M plane, and BMC management
plane. The BMC plane is physically isolated from other network planes. The other
planes are logically isolated by VLANs. A security zone is further divided into network
planes based on service isolation requirements. For example, the POD zone has the
customer data plane, platform O&M plane, service control plane, and BMC
management plane. The O&M zone has only the platform O&M plane and BMC
management plane.
• Cooperate with upstream Internet service providers (ISPs) and third parties to block or
scrub traffic at the source or upstream nodes to defend against heavy-traffic DDoS
attacks. A local anti-DDoS system is deployed on the Internet border to implement
automatic anti-DDoS.
• Security services, such as Layer-7 firewall, intrusion prevention systems (IPS), Web
Application Firewall (WAF), Virtual Private Network (VPN), are deployed on the
network border to defend against security threats from the Internet border and the
internal network of public cloud. Channel encryption ensures data transmission security.
• The security management center centrally manages security events and risks, and
displays security threat statistics in a visualized manner. It also detects suspicious
traffic at the border, works with network and security services to implement intelligent
correlation analysis, and generates positive feedback, implementing in-depth detection
and analysis of security threats and immediate, automatic threat handling and
elimination.
• The virtualization network security of the cloud platform uses VLANs, security groups,
and layer-2 security policies to implement virtual network isolation and access control
between tenants and firmly prevent layer-2 network attacks.
▫ Virtual I/O devices exchange data through a virtual switch based on virtual NIC
entries, such as MAC addresses. This method and network isolation ensure that
VMs cannot access each other's I/O devices, thereby implementing I/O isolation.
• Attack prevention
▫ Identify viruses by file and traffic checks and isolate them, preventing viruses
from spreading.
▫ Brute-force attack detection, lock mechanism, and alarm mechanism are used to
prevent host cracking and intrusion.
• System hardening
▫ Install patches for OSs and third-party software to prevent security risks caused
by known vulnerabilities.
• Security monitoring
▫ Monitor system process behavior, and identify and isolate malicious processes.
▫ Monitor system status. Identify abnormal ports and monitor accounts with weak
passwords and critical system files.
▫ Monitors key metrics, such as the CPU, memory, bandwidth, and I/O, to detect
system exceptions in a timely manner.
• The cloud platform ensures the security of user data throughout its lifecycle by means
of data isolation, access control, transmission channel encryption, storage encryption,
and secure data destruction.
▫ Access isolation
▪ All data access requests are authenticated and authorized by IAM to ensure
data isolation between tenants.
▫ Encrypted transmission
▫ Storage encryption
▪ Encryption keys and root keys are protected. Root keys are stored in
dedicated hardware security modules (Dedicated HSMs), ensuring secure
and reliable key management.
▫ Secure data destruction
▪ When VM resources are released, the system securely erases data in the
physical memory and disks corresponding to the VM. Old tenant data will
not remain in the physical storage, and will not be breached when the
storage is allocated to a new user.
▪ Disks are degaussed and physically destroyed before they are disposed of.
All the operations on the disk are recorded and traced.
• Regarding security O&M, security services and modules are deployed to detect and
identify attack traffic and behavior on the cloud, and detect and manage
vulnerabilities.
• Flow probes and intrusion detection systems (IDS) are deployed to collect the ingress
and egress traffic of HUAWEI CLOUD. Logs of security services, such as DDoS, WAF,
and HSS are collected and sent to the security threat analysis system for modeling and
correlation analysis. Behavior profile baselines are established through self-learning to
implement differentiated, dynamic security analysis and detection capabilities. SA
displays the overall security risks and trend of the system.
• Evaluate the impact of security risks identified through detection and analysis and
formulate response policies. Handle and clear detected and analyzed security threats
based on security orchestration. Manage and handle security risks in a unified manner.
• AAD changes the external service address to a high-defense IP address by modifying
DNS resolution, diverting malicious attack traffic to the high-defense IP address for
scrubbing. In this way, the origin server IP address and important services are protected
from DDoS attacks. AAD can be deployed on hosts used in the HUAWEI CLOUD, other
clouds, and IDCs.
▫ High bandwidth
▫ Accurate defense
▪ Elastic protection
▪ Users can buy both the basic bandwidth protection and elastic bandwidth
protection of AAD for a higher protection capability. The protection
bandwidth can be adjusted as needed.
• Elastic protection is charged by day. If the peak attack traffic exceeds the basic
protection bandwidth, tiered pricing applies. Users will be charged within the limit of
the elastic protection bandwidth they purchased. The default service bandwidth is 100
Mbit/s. If the actual service bandwidth exceeds 100 Mbit/s, the user needs to purchase
extra bandwidth.
• Users can purchase one of both of the basic protection bandwidth and elastic
protection bandwidth as needed.
• HSS is designed to improve the overall security for hosts.
• HSS agents offer comprehensive protection for hosts with the support of the cloud
protection center. On the HSS console, you can view and manage hosts statuses and
risks in the same region.
• HSS provides three editions: Basic, Enterprise, and WTP.
• The Basic edition provides basic host security protection capabilities, such as basic
password complexity check and brute-force attack prevention, implementing simple
security protection measures for low-priority hosts.
• The WTP edition provides anti-tamper capabilities for dynamic, static, and web disk
files in addition to Enterprise edition functions. It is applicable to hosts where
important web application sites are deployed.
• WAF uses domain names to divert public network traffic to WAF, detects HTTP/HTTPS
request traffic, identifies and blocks malicious attack traffic, and returns normal traffic
to the origin server IP address, ensuring the security, stability, and availability of the
origin server.
▫ Comprehensive protection
▪ The built-in attack signature database can detect and block dozens of types
of web attacks, such as SQL injection, XSS, web shell upload,
command/code injection, and sensitive file access.
▫ Leading technologies
▫ Flexible configuration
• The three editions differ in key factors, such as the peak number of service requests
and service bandwidth, and the number of domain names.
▫ The Professional edition can be used for small- and medium-sized websites that
do not have special security requirements.
▫ The Enterprise edition can be used for medium-sized enterprise websites that
require high data security.
▫ The Flagship edition can be used for large- and medium-sized enterprise
websites with special customization requirements, large business scale, or special
security requirements.
• VSS is designed to protect your servers and websites by scanning vulnerabilities. It
provides services such as web vulnerability detection, vulnerability lifecycle
management, and scan customization. VSS has two major capabilities: website scan
and host scan.
▫ Website scan
▪ Scan rules can be automatically updated on the cloud and take effect
across the entire network against the latest vulnerabilities.
▫ Host scanning
▪ The service can scan mainstream middleware and supports weak password
detection for standard web services, web containers, and databases.
▫ Key management
▪ Key Management Service (KMS) uses HSMs to protect keys, helping users
easily create and manage keys.
▪ KMS is integrated with multiple cloud services, including OBS, EVS, and IMS.
Services can also call KMS APIs to easily encrypt and decrypt service data.
▫ Dedicated HSM
▫ The Basic edition does not support API calling, and can be used for scenarios that
do not have special encryption requirements on services.
▫ The Professional edition can be used for scenarios where APIs need to be called
to encrypt service and application data.
• DBSS provides the database audit service in bypass mode. It records user access to the
database in real time, generates fine-grained audit reports, sends real-time alarms for
risky operations and attack behaviors.
• Easy deployment
• Efficient analysis
▫ The service can respond to user requests that involve the processing of hundreds
of millions of data records within seconds, and can perform audit in real time.
▫ The service can quick analyze and display multi-dimensional clues and factors.
• Separation of duties
▫ Database audit complies with laws in and outside China, such as the
cybersecurity law and SOX.
• Database audit provides three editions: Basic, Professional, and Advanced. They have
the same functions and are ranked in ascending order by the number of supported
database instances and performance specifications. Users can select a proper edition
based on their actual business scale.
• Security is a systematic project that follows the bucket theory. Any security weakness
will reduce the overall security. Therefore, in the security design and planning phase,
security risks in the network, hosts, applications, data, and O&M must be
systematically evaluated and prevented.
• We can start with security threats in various aspects and then find the protection
technologies to be implemented.
• This slide uses a typical service system as an example to describe the security planning
and design of the system.
▫ Network: ELB provides service access for public networks. Service: ECS or
containers provides service system application logic and performs computing.
Data: RDS or self-built databases provide persistent storage of important
application data. Storage: Storage services such as EVS and OBS provide storage
for service resource data.
▫ ELB provides services for the public network, ensuring service scalability and
preventing service nodes from being directly accessible to the public network,
thus reducing the attack surface.
▫ Divide service nodes into security groups based on node types. Meanwhile,
control traffic access based on security policies to prevent lateral movement
attacks and impact spreading.
▫ Modify the DNS configuration to divert traffic, and perform advanced simulation
and WAF detection and scrubbing to ensure the security and reliability of ingress
service traffic.
▫ WAF protects web applications against common web attacks, such as XSS,
command injection, and Trojan horses.
▫ CGS ensures the security of container images, critical processes, and files.
• The data layer prevents data breach, data tampering, and data loss.
• The application layer is mainly used for application vulnerability management and
application data security.
▫ The security check function of SES helps users perform in-depth detection to
identify system security risks and optimize system security configurations.
▫ SA displays the overall security risk status of a system in a visualized manner and
provides the security orchestration function to effectively handle and eliminate
security risks.
▫ A
• 2. Answer:
▫ C
• For more information, visit https://www.huaweicloud.com/intl/en-us/ and
https://support.huawei.com/carrierindex/en/hwe/index.html.
• After services are migrated to the cloud, O&M in the cloud is relatively simple, and
O&M of the underlying platform does not need to be concerned. Cloud-based
monitoring supports metrics monitoring for IaaS and the application layer, and works
with application performance management and service analytics to implement end-to-
end service O&M.
• After services are migrated to the cloud, DR in the cloud is very convenient.
• The service DR architecture in the cloud can be built out of the box, including the
network layer, database layer, and host layer.
• You do not need to pay attention to the construction or expansion of DR data center
equipment rooms.
• After services are migrated to the cloud, cloud security can be comprehensively
protected.
• Security groups and ACLs are used to ensure network-layer security in the data center.
• Vulnerability scanning and enterprise host security can be used to detect and prevent
host security issues for host-layer protection.
• Sensitive data masking, audit, and attack defense can be performed for databases.
• The cloud provides security audit and log storage capabilities to meet compliance
requirements.
• This project aims to migrate SRM and CRM services of enterprise XX to the cloud. SRM
is a newly planned service system. CRM was deployed in the conventional data center,
but will be migrated to the cloud because it needs to be integrated with SRM.
▪ Users are internal employees of the enterprise and need to access the
intranet and Internet through HTTP and HTTPS.
• Cost saving: There is no need to invest a large amount of money at a time, preventing
a waste of idle resources.
• Elastic, flexible, and reliable: Load balancing is used online to easily expand
applications, but not expensive hardware load balancing and complex configuration.
• Customers pay much attention to costs. We have analyzed the investment in self-built
mode, carrier IDC lease mode, XX public cloud, and HUAWEI CLOUD for one year. The
cloud deployment is an economical way.
• Next, let's see how to migrate services to the cloud.
▫ HUAWEI CLOUD interconnects with the VPN gateway on the XX cloud through
the local VPN gateway to implement interconnection and integration between
SRM/CRM and SAP systems.
▫ Enterprise XX connects to the HUAWEI CLOUD VPN gateway through the VPN
gateway to integrate the local Nantong MES/PLM system with the SRM/CRM on
HUAWEI CLOUD.
▫ The local MES/PLM system of enterprise XX is connected to the enterprise XX HQ
through a private line, and then to the Direct Connect gateway of XX cloud
through the private line of enterprise XX HQ, implementing integration and
interconnection between the local Nantong MES/PLM system and the SAP system
of XX cloud.
▫ End users access the SRM/CRM system using public IP addresses or domain
names.
• Solution design:
▫ HUAWEI CLOUD interconnects with the VPN gateway on the XX cloud through
the local VPN gateway to implement interconnection and integration between
SRM/CRM and SAP systems.
▫ Enterprise XX connects to the HUAWEI CLOUD VPN gateway through the local
VPN gateway to integrate the local Nantong MES/PLM system with the
SRM/CRM on HUAWEI CLOUD.
▫ End users access the SRM/CRM system using public IP addresses or domain
names.
▫ Network solution design: One Class-C subnet is respectively created for SRM and
CRM through the VPC network.
▫ User access: The SRM system provides services for external systems through ELB.
The CRM system provides services for external systems through the public elastic
IP addresses. The level-2 domain name is configured to point to the public IP
addresses of the SRM and CRM systems through the domain name resolution
service of enterprise XX. All users access the SRM and CRM systems using domain
names.
▫ System integration: SRM integrates with peripheral systems through the interface
server. CRM provides the webservice and DB link integration modes to integrate
with the VPN service to enable the network channel.
• Key points:
▫ Network solution design: One Class-C subnet is respectively created for SRM and
CRM through the VPC network.
▫ User access: The SRM system provides services for external systems through ELB.
The CRM system provides services for external systems through the public elastic
IP addresses. The level-2 domain name is configured to point to the public IP
addresses of the SRM and CRM systems through the domain name resolution
service of enterprise XX. All users access the SRM and CRM systems using domain
names.
▫ System integration: SRM integrates with peripheral systems through the interface
server. CRM provides the webservice and DB link integration modes to integrate
with the VPN service to enable the network channel.
▫ Application stability assurance: Anti-DDoS and WAF are used to build security
protection for user access. HSS, SG, and network ACL are used to build security
protection for cloud hosts. Services are deployed across AZs to implement cross-
region DR for service systems. EVS disk backup and service system data backup
are used to enhance system data protection.
• Finally, let's summarize the advantages of deploying SRM/CRM on HUAWEI CLOUD.
▫ Efficient deployment and O&M: All cloud services can be obtained in one-stop
mode. Instances can be provisioned in minutes. Complete and convenient cloud-
based automatic O&M, enabling efficient O&M.
• Container technologies are commonly defined as the container engine technology
(Docker) and the container orchestration technology (Kubernetes).
• Docker leads OCI to set up container engine technology standards followed by many
companies. Many container technologies are compatible with the OCI standards, for
example, Kata security containers.
• Two key concepts in Docker are images and image repositories. An image is a
container application release file. Docker builds images based on Dockerfiles. An image
repository is where images are stored. Containers and the running environment of
containerized applications are isolated by using key technologies of containers.
• Those key technologies are not invented by Docker, but by Linux. Docker integrates
these technologies to achieve revolutionary effects. Namespaces are used to isolate the
running environment, that is, each container is an independent process and is isolated
by namespaces. Containers are invisible to each other, including process isolation,
network isolation, and file isolation. Cgroups isolate running resources or make them
exclusive for each container. You can specify the number of resources for each
container. Union filesystem is a unified standard for application running. Container
images provide the basis for container running, but container images are not
containers. A container image is a series of hierarchical read-only files managed by the
storage driver. When a container image runs as a container, a writable layer, that is, a
container layer, is added to the top of the image. All modifications to a running
container are actually modifications to the container read/write layer. Such
modifications, such as writing a new file, modifying an existing file, and deleting a file,
are only applied to the container layer.
• The word Kubernetes comes from Greek, which means a pilot or navigator. K8s is short
for Kubernetes because there are eight letters between k and s.
• A master node in the cluster manages the entire container cluster. In HA scenarios
with etcd used, there are at least three master nodes in a cluster.
• There are many worker nodes in a cluster, which are used to run containerized
applications. The master node installs kubelet on each worker node as the agent for
managing the node.
• When using Kubernetes, users call the API server on the master node to use required
resource objects such as applications and Services in the declarative APIs. The master
node controller and scheduler create resources on the node based on the user
definition and monitor the status at any time, ensuring that the resources meet
requirements.
• Kubernetes is the most important open-source project of the CNCF community, and
has become the industry standards of the container technologies.
• The minimum unit of Kubernetes orchestration is not a container, but pod.
• The idea comes from pea pod. A pod can contain many containers, just as a pea pod
can contain many peas.
• What is the relationship between these containers? Answer: Containers in the same
pod share the data storage volumes and IP address.
• What is this for? First, containers are often used to bear microservices. Microservices
are small and single services.
• To comply with the microservice design principles, Google designed pods. Generally, a
pod contains multiple containers, including one application container (used to provide
services) and multiple sidecar containers (used to monitor the application container or
manage data).
• For example, a pod contains three containers: web container, monitoring container,
and log reading container.
• The web container is only used to run web software, and port 80 is exposed externally.
• The monitoring software of the web container, running in the monitoring container,
monitors the web service through 127.0.0.1:80, because containers in the pod share the
IP address.
• The log reading container only needs to read files in the corresponding path and
report the files to the log management platform, because containers in the pod share
the data storage volumes.
• If a stateless application is restarted, the data (if any) generated by the application will
not be saved because stateless applications do not connect to persistent storage. In this
case, the old container will be killed and a new container will be started.
• Except for data, each instance of a stateful application is independent from all aspects.
For example, there are master and slave instances for the MySQL application.
Therefore, instances are restarted in sequence.
• Typical uses of DaemonSets:
• CCI is a serverless container engine that allows you to run containers without creating
or managing server clusters.
• CCE is suitable for long-term and large-scale service scenarios. Users have complete
container and resource management capabilities. CCI applies to computing-intensive
industries.
• Huawei builds three container solutions from this full service stack: Multi & Hybrid
Cloud Container Solution, Kubernetes-Native Batch Computing Solution, and Intelligent
Edge Computing Solution.
• These high-performance services are easy to use and maintain. Solutions are tailored
precisely to customer needs to promote containerization. A full range of service tools
simplify container use and O&M.
• Huawei is amongst the first developers of the Kubernetes community in China. Huawei
is a major contributor to the open source community and a leader in the container
ecosystem. HUAWEI CLOUD CCE is the earliest commercial Kubernetes product in
China, and also one of the first products that passed the CNCF consistency certification
in the world. Since its commercial use in 2014, Huawei has provided containerized
services for more than 5,000 users.
• When using the serverless CCI, customers can stay focused on their own services,
instead of underlying hardware and resource utilization. In addition, CCI provides the
pay-per-use (by second) billing mode, making it convenient for customers to use
resources as needed at any time.
• From top to bottom, CCI consists of Volcano (batch computing scheduling platform),
Kubernetes container orchestration and scheduling, and security container.
• Volcano: Native Kubernetes has weak support for batch computing services. Volcano
provides two enhanced batch computing capabilities. One is advanced job
management, such as task queuing, priority setting, eviction, backfilling, and starvation
prevention. The other is intelligent scheduling, such as topology-aware affinity-based
scheduling and dynamic driver-executor ratio adjustment. In addition, scheduling and
distributed frameworks such as Gang scheduling, PS-Worker, and Ring AllReduce are
supported.
• For Kubernetes and security containers, CCI can start 1,000 pods in one minute
provisioned with network and storage resources. CCI also provides VM-level security to
ensure customers' programs and data.
▫ Per-second billing
▫ Unified task management for gene sequencing, big data, and AI computing, and
functions such as task queuing, priority setting, task eviction, and backfilling.
▫ VM-level security
• High-performance hardware
▫ Kunpeng/GPU/Ascend chip
• SWR provides easy, secure, and reliable management over Docker container images
throughout their lifecycle, facilitating the deployment of containerized applications.
You can push, pull, and manage Docker images by using the SWR console, SWR APIs,
or Docker Command Line Interface (CLI).
• SWR can either work with CCE/CCI or be used as an independent container image
repository.
• ASM: Istio-based high-performance, high-reliability, and non-intrusive enterprise-class
service mesh
• ContainerOps is a DevOps orchestration platform for you to clearly define the entire
DevOps workflow from source code obtaining to application rollout, covering key tasks
like code compiling, image build, gray deployment, and containerized deployment.
ContainerOps tackles problems in the process of code compiling, image build, and
image deployment in containerized scenarios, further improving R&D, deployment, and
O&M efficiency.
▫ Open architecture with CI and CD tools as plug-ins for easy integration with
existing systems
▫ Seamless interconnection with Huawei DevCloud to fully cover the entire DevOps
process
• AOS: In-Cloud Automation Platform for Containerized Applications
• You only need to create a template describing the applications and the required cloud
resources, including their dependencies and references. AOS will then set up these
applications and provision the resources as specified in the template. For example,
when creating an ECS, together with a Virtual Private Cloud (VPC) and a subnet on
which the ECS runs, you only need to create a template defining an ECS, VPC, subnet,
and their dependencies. AOS will then create a stack, namely, a collection of resources
you specified in the template. After the stack has been successfully created, the ECS,
VPC, and subnet are available to use.
• AOS templates are text files that are easy to read and write. You can either directly
edit template files in YAML or JSON format, or use AOS graphical designer to write
and edit templates with more visualization. In addition, AOS Template Market provides
a large number of free templates, covering common application scenarios, for direct
use or as references.
• AOS manages cloud resources and applications in a unified manner through stacks.
During stack creation, AOS automatically configures the cloud resources and
applications specified in the template. You can view the status and alarms of cloud
resources or applications in a stack. You can create, delete, and copy cloud resources
and applications by stack.
• What You See Is What You Get: The graphical console enables you to easily complete
cloud-based application and service orchestration through drag-and-drop operations.
• Powerful ecosystem: AOS is deeply integrated with more than 70 types of HUAWEI
CLOUD service resources and containerized applications, satisfying customers'
orchestration requirements in various service scenarios.
• AOM: Native Monitoring of Cloud Containers for Overall Management of Resources
and Applications
• With the popularization of container technologies, more and more enterprises develop
applications using microservice frameworks. As the number of cloud services increases,
enterprises gradually turn to cloud-based O&M. However, they face the following
O&M challenges:
• Cloud-based O&M has high requirements on personnel skills, O&M tools are hard to
configure, and multiple systems need to be maintained at the same time. Distributed
tracing systems are complicated and not as stable as expected.
• This rapid development has been powered by three advantages of the cloud native
technologies: shorter development cycle, more flexible scaling policies, and better
portability.
• According to Gartner and 451 Research, more than 80% enterprises worldwide have
started to use container technologies.
• Using MCP as a core, the HUAWEI CLOUD multi & hybrid cloud container solution
manages Kubernetes clusters in each cloud in a centralized manner to form a unified
container management platform.
• This solution can manage not only HUAWEI CLOUD container clusters, but also K8S
clusters created by competitors and users themselves.
• CCE HCS Online is based on HUAWEI CLOUD CCE and provides users with the same
service experience as CCE in the on-premises IDC.
• Customers can choose to use CCE, CCE HCS Online, ASM, or MCP based on their
business phases.
• Generally, a multi & hybrid cloud container solution in the industry is divided into three
phases:
▫ With Huawei's multi & hybrid cloud container solution, users can deploy their
services on container services in multiple clouds. If a cloud becomes faulty, the
service traffic is automatically switched to another cloud according to the unified
traffic distribution mechanism. In addition, applications and resources can be
quickly scaled in other clouds based on the auto scaling capability of Kubernetes.
In this way, a live network incident can be automatically resolved within several
minutes, eliminating the need to worry about frequent system breakdown.
▫ Huawei's multi & hybrid cloud container solution allows services to be deployed
in cloud data centers in different regions. Access latency is reduced by directing
user requests to the regional cloud provider who is closer to where the users are.
In addition, services in on-premises IDCs can be scheduled to the cloud. When the
traffic increases sharply, users can quickly expand the capacity on the cloud to
divert most traffic to pods on the cloud. After the traffic falls back, pods on the
cloud are automatically scaled in, and all traffic is returned to the on-premises
IDCs. Users do not need to maintain a large number of resources all the time,
thereby reducing costs.
• Decoupling of data and service running
▫ For users in industries such as finance and security protection, service data
sensitivity requires that related services run in the users' IDCs. With Huawei's
multi & hybrid cloud container solution, users can store data services in their on-
premises IDCs whereas deploy common services on the cloud, and manage them
in a unified manner.
▫ For industries such as AI, genomic sequencing, and video processing, computing
tasks are computing-intensive and usually run on GPUs, bare metal servers, and
other hardware that provides high computing power. With Huawei's multi &
hybrid cloud container solution, users can run computing services on the public
cloud where a sea of computing resources is available. Meanwhile, to avoid the
cost in using computing facilities at scale, general services are run in private
cloud or other clouds.
• With the unified scheduling capability of MCP, applications can be migrated between
different clouds in seconds, and service access traffic can be switched synchronously,
preventing vendor lock-in.
• With the cross-cloud auto scaling capability, MCP can automatically detect and
migrate instances and perform traffic switchover when a cloud environment is faulty,
without affecting user experience.
• With the traffic governance capability, ASM can automatically identify the source
regions of user access and automatically distribute traffic to service instances nearby,
reducing the service access latency in multi-cloud service deployment scenarios.
• HUAWEI CLOUD MCP is an open platform that provides various advanced capabilities,
such as service mesh, cross-cloud DevOps, and performance monitoring.
• At HUAWEI CONNECT, HUAWEI CLOUD released the multi & hybrid cloud container
solution 2.0 to continuously build leading multi &hybrid cloud container capabilities
based on the next-generation infrastructure platform Vessel.
• The number of Kubernetes clusters managed by HUAWEI CLOUD CCE is increased. Due
to technical limitations of open-source Kubernetes in scheduling, network, storage, and
monitoring, container products in the industry support only a limited number of
Kubernetes clusters. With a series of technical breakthroughs, HUAWEI CLOUD has
increased the management scale of a single cluster to 10,000 nodes and 1 million
containers, and provides the capability of quickly scaling out 100 nodes within 30
seconds.
▫ AKS uses intelligent scheduling to improve the linear acceleration ratio in large-
scale GPU scenarios, helping HUAWEI CLOUD rank top in the DAWNBench
performance tests.
• GCS supports 100,000 concurrent containers, improving the 30x WGS speed by 10
times.
• GCS uses CCI to provide flexible CPU/memory ratio and per-second billing, reducing
costs of gene sequencing analysis.
• GCS provides process engine, auto scaling, and automatic execution to reduce O&M
costs.
• In addition to Cromwell, SGE, PBS, and Slurm, GCS also support big data scheduling
engines, enabling users to provide high-value-added services through gene data
mining.
• Leading companies in the third-generation gene sequencing field have chosen GCS and
optimized the entire process. With the automated sequencing analysis provided by
GSC, companies can reduce costs and manual O&M workload.
• BKS can schedule 1,000 containers per second, which is 10 times higher than the
community solution. In addition, vertical scaling is provided to enable customers to
quickly obtain the big data computing power.
• BKS uses distributed cache and Volcano intelligent scheduling to improve performance
by 40%.
• BKS uses OBS and HDFS to decouple compute from storage and can be deployed with
services, improving cluster utilization and reducing costs by 50%.
• BKS supports auto scaling based on task requirements and unifies different service
scheduling platforms, reducing the O&M workload.
• AKS provides computing power in serverless mode, greatly facilitating algorithm
training and inference.
• AKS supports mainstream training frameworks such as TF, Caffe, MXNet, PyTorch, and
MindSpore.
• AKS uses topology affinity-based scheduling (GPU network and storage status taken
into account) to ensure high-speed communication between GPUs and improve the
linear acceleration ratio. Currently, the linear acceleration ratio of 32 GPUs is 0.97+,
which is 50% higher than that of competitors.
• With AKS, HUAWEI CLOUD won two championships in the DAWNBench performance
test. The linear acceleration ratio of 128 GPUs reaches 0.8.
• Traditional cloud computing resources are usually billed in yearly/monthly mode, and
the resource pool size is fixed. In CCI, customers can purchase vCPU-hour packages to,
for example, shorten the computing time or cope with service access spikes by
provisioning concurrent containers at a large scale.
• CCI provides flexible container instance specifications. The CPU/memory ratio can be
1:2 to 1:8. Customers can select proper container specifications to greatly reduce costs.
• Currently, customers can use containers in three ways: purchase resources to build a
container platform, use HUAWEI CLOUD CCE, and use CCI.
• When capacity expansion is required, CCI provisions 1,000 pods that can be started
within minutes, and cluster scaling can be automatically performed. The cluster
utilization can be 100% . In the other two scenarios, customers need to manually
improve the cluster utilization.
• In this way, when using high-performance batch computing, customers only need to
specify images and container specifications. HUAWEI CLOUD will take good care of the
rest.
• Although CCI provides the serverless mode, customers can still choose to use
computing resources in shared mode.
• In shared mode, tenants' tasks are scheduled in the same cluster, which may cause
resource preemption. Customers can purchase resources in post-paid or pre-paid mode
based on resource usage.
▫ B
▫ B
• Evolution of enterprise core services is divided into: application architecture
development and integration architecture development.
▫ With decoupling of enterprise applications from SOA, the ESB and "integration
factory" mode are widely used. A unified organization and team are responsible
for integration implementation and O&M. However, the integration team does
not understand services and cannot provide better decision-making information
for the service team. The enterprise service boundary is fixed, so it is difficult to
interconnect the group and subsidiaries across regions. A large number of
systems in subsidiaries also need to be integrated.
▫ In the future, the enterprise integration architecture will break through the
enterprise integration boundary, integrate application APIs, messages, devices,
data, and multiple clouds, and build connections for all applications, big data,
cloud services, devices, and partners of enterprises. The traditional "integration
factory" mode controlled by the IT team will be transformed to the self-service
integration mode that is supported by the business lines, subsidiaries, application
development teams, and end users, that is, the "unified hybrid integration
platform".
• Traditional enterprises have a large number of monolithic applications. According to
the evolution roadmap of the enterprise application architecture, the application
migration analysis and design must be refined based on the classification and
characteristics of the cloudification path and target applications.
• For traditional localized applications, the policy of "retain" or "retire" can be adopted,
avoiding too much investment.
• Application base ServiceStage: Deepens the technical platform and simplifies the
migration of enterprise applications to the cloud.
• HUAWEI CLOUD intelligent application services are committed to providing the best
infrastructure and innovative service solutions for enterprises' digital transformation.
With the one-stop application development platform ServiceStage, Enterprise Business
Integration Platform ROMA, Intelligent EdgeFabric IEF, and Blockchain services,
enterprise applications can be easily migrated to the cloud and digital transformation
is more intelligent.
• ServiceStage provides full-lifecycle management of applications to implement agile
DevOps. It also separates microservice governance from service code through unique
API definition, making enterprise developers focus on service logic. ServiceStage
focuses on industry enablement and works with partners to build end-to-end solutions
for industries such as digital government, smart finance, digital industry, and smart
retail.
• HUAWEI CLOUD provides a high-performance, open-source microservice solution in
the industry. It has the following advantages:
▫ Out-of-the-box microservice framework: Supports native Java and Go, and uses
Service Mesh to access applications using other languages, such as PHP.
• HUAWEI CLOUD provides two types of Kubernetes services that have been officially
certified by CNCF: Cloud Container Engine (CCE) and Cloud Container Instance (CCI).
CCE is a user-dedicated Kubernetes service. Users can use CCE to control the entire
Kubernetes cluster and manage infrastructure resources and containerized services
running on Kubernetes. CCI is a serverless Kubernetes service. Users only need to
manage containerized services running on Kubernetes, and do not need to be aware of
Kubernetes clusters. Instead, HUAWEI CLOUD automatically manages them, further
lowering the threshold for Kubernetes implementation.
• Legacy IT is mainly based on software packages. In the Cloud 2.0 era, Cloud Native
applications dominate the mainstream application systems of enterprises. One of
major challenges for enterprise digital transformation is how to bridge the time gap in
a short period of time. As government and enterprise applications are deployed in
multiple regions, bridging the space gap creates another challenge. While government
and enterprise capabilities converge, multi-enterprise collaboration becomes the norm.
How to break the openness gaps becomes the third challenge for enterprise digital
transformation.
• ROMA not only implements multi-cloud environment deployment and improves multi-
cloud and hybrid cloud integration capabilities by working with ROMA sites, but also
breaks the space gap through ROMA LINK to implement IT&OT convergence. ROMA
provides more than 50 mainstream adapters and 100 industry applications to
seamlessly interconnect with commercial software provided by SAP and Kingdee,
implementing 100% access to legacy systems. This helps implement smooth evolution
of enterprise IT systems. ROMA allows enterprises and their partners to access
applications and data that uses proprietary protocols. It also opens up all experience
assets to help enterprises and partners quickly build innovative services and
applications.
• Hardware faults: Hardware such as servers and network switches may become faulty
or partially fail. If enterprises develop or use open-source middleware, they need to
maintain the reliability of underlying hardware.
• A distributed system is a collection of independent computing nodes that provide users
with images of a single system. Networks feature high interconnection, clusters have
multiple nodes, and single systems feature transparency.
▫ Openness: The distributed system uses a hierarchical architecture, and each layer
has good openness. Users are provided with popular or standard protocols, such
as RESTful and TCP, in the industry, or open syntax, semantics, and data formats,
such as JASON and XML.
• The all in one architecture of conventional applications leads to low resource
utilization, poor scalability, and low reliability. For example, if an e-commerce system
uses the all in one architecture, the system capacity can be expanded only by multiples
of the entire system specifications before the promotion. But it cannot be expanded by
cache or database respectively, for example, five times of cache expansion (the
number of login times increases sharply) or two times of database expansion (the
actual user data increases by about two times).
▫ Data security: Tenants are physically isolated and can be deployed across AZs
and regions to ensure data security and reliability.
• Key features
▫ Each service is simple and you only need to focus on one service function.
• API dependency: Services communicate with each other depending on APIs. An API
change of a service affects other services.
• Unified O&M monitoring and management: resources, applications, and services are
monitored and analyzed in a one-stop manner.
▪ User experience monitoring card in the upper right corner displays the
device user information, number of service errors, throughput, latency, and
top regions.
▪ The infrastructure monitoring card in the lower left corner displays the
status and usage of hosts and disks.
▪ The statistical information card in the lower right corner displays the alarm,
notification, and resource usage trend.
▪ These cards help you quickly learn about resources and applications.
• Application and resource association analysis: automatic association at each layer to
directly locate exceptions.
▫ The host is also abnormal. You can open the host topology and view information
about the instance, graphics card, and NIC. The alarm analysis result shows that
an exception occurs. You can view alarms to locate the fault.
▫ Log management provides real-time log storage and analysis for applications
running in HUAWEI CLOUD. The capabilities include log data collection, mass log
search, log storage and dump, log subscription, and keyword statistics report.
Logs are collected from ECS servers. You can collect logs in a specified directory
or in a specified file, such as container logs, system logs on servers, and service
logs on servers. After logs are collected, they are processed by log cleaning, real-
time analysis, SQL engine, and intelligent clustering. Then, you can view, search,
and dump logs in real time on the log management page.
▫ Real-time log viewing is to view the latest log content in real time, which is
usually used for real-time analysis.
▫ Sometimes, you need to find some key information about exceptions or errors
from logs. That is, you need to search for logs. AOM supports search by time,
keyword, SQL host, system, and service. You can also view the context after
retrieval.
▫ The collected AOM log data is stored in the log service cluster for a maximum of
seven days. If you need to dump logs to another location for a long time, you can
use the log dump function. AOM can dump logs to Object Storage Service (OBS)
in HUAWEI CLOUD. You can obtain logs from OBS.
▫ If you need to export logs to a local PC for analysis, you can use the export
function to export the logs in CSV or TXT format.
• Application topology: Application relationships and exceptions are clearly displayed,
and faults can be precisely located through drilldown. The topology displays the calling
and dependency relationships between applications in a visualized manner. It is
composed of circles, lines with arrows, and resources. Each circle represents an
application, and each segment in the circle represents an instance. The score in each
circle indicates the number of instances that are being called/the number of available
instances. The content under the score indicates the number of times that the
application is called, the response latency, and the number of errors in the selected
time period. Each line with an arrow represents a call relationship. Thicker lines
indicate more calls. The data on the line indicates the number of calling times and the
overall latency. The topology uses Apdex to quantify user satisfaction and uses
different colors to identify Apdex values in different ranges. Red indicates poor user
experience, yellow indicates average user experience, and green indicates satisfactory
user experience. For incorrect calls and calls with poor experience, you can view the
tracing to further locate the cause. You can also filter topologies by time, transaction,
or topsql.
• Service session monitoring: Monitors the KPI data of each transaction to improve user
experience. VMALL is an e-commerce application. The main transaction line is as
follows: Log in to the website, select an offering, place an order, and pay for the
offering. This is the service session. In this service, the latency and errors in each
process affect the user experience. Apdex is a user experience standard in the industry.
From the perspective of users, it converts the application response time into the user
satisfaction evaluation. The quantitative range is 0 to 1. A smaller value indicates
poorer user experience. An Apdex threshold is estimated based on the VMALL
performance test. If the response time is within one time of the threshold, the user is
satisfied. If the response time is within 1 time to 4 times of the threshold, the user is
tolerable. If the value is greater than four times, the user is annoyed. Service session
monitoring uses numbers to quantify the number of calling times, errors, latency, and
Apdex of the entire service. In this way, errors and slow responses are obvious. For an
error or slow response, you can also view the transaction topology, that is, view the
relationship between the transaction and other services and evaluate the impact scope.
Threshold alarms can be set to ensure quick response when exceptions occur. You can
view the call relationship to find the code that is related to the slow response or to the
error.
• In a word, service session monitoring enables you to understand the behavior of end
users for development decision-making. You can also quickly detect the service status
and diagnose abnormal applications.
• Answer:
▫ AB
• Answer:
▫ A
• Answer:
▫ A
• Answers:
▫ B
▫ B
▫ The full-lifecycle application platform consists of four states from left to right as
shown in the diagram.
▫ Since 2016, HUAWEI CLOUD has launched services such as the application
development platform DevCloud, application running platform ServiceStage, and
application O&M platform AOM. These services used to be independent from
each other in the past.
• It is hard to see the value of these data when they are scattered in isolated systems.
Once the data are aggregated from the perspective of applications, valuable operation
data can be generated through big data analytics and mining.
• For example, visualized dashboard, trend analysis, and intelligent prediction can help
enterprises optimize R&D efficiency, improve user experience, and even assist key
decision making.
• In 2015, three services were launched for the first time. During 2016 and 2017, eight
services have been rolled out. By now, more than 15 services have been rolled out.
• Market progress: adopted by 30+ city campuses, 24 universities in Project 985, 300,000
professional developers, and 400,000 projects.
• Domains covered:
▫ Leading the development of DevOps standards in the industry; covering all major
DevOps standard capability domains.
• Expert service:
▫ Introduce microservice services, design, ServiceComb, test, CSE, and O&M one by
one.
▫ Cloud Performance Test Service (CPTS) is a cloud service that provides API and
E2E performance tests of applications, which are built based on HTTP, HTTPS,
TCP, UDP, WebSocket, RTMP, or HLS. The rich capability of test model definition
can be used to restore scenarios of large-scale concurrent service access, helping
users identify application performance problems in advance.
▫ CloudTest is a one-stop test platform that allows developers to conduct API and
performance tests and manage these tests in the cloud. Developed on the basis
of the DevOps agile testing concept, CloudTest helps developers improve
management efficiency and deliver high-quality products.
• Cloud Service Engine (CSE)
• Industry contribution:
• We hope to help enterprises continuously improve, gradually form a virtuous cycle, and
implement operation data-driven improvement, and value-driven investment.
• This framework integrates the industry methodologies and practices with Huawei's
DevOps experience, which are then implemented in the tool chain of Huawei
DevCloud.
• Steps 1 and 2 in the diagram represent the process of product planning between
service personnel (even customers) and technicians to sort out the overall product
logic, implementing product planning and design, and controlling the requirement
granularity and splitting.
• The essence of software development is to solve problems and deliver user value, not
simply providing functions. Therefore, we need to identify what user requirements and
root causes are. This is where impact mapping comes in.
• User stories are carriers of objectives and requirements. We tell stories based on user
scenarios to facilitate information exchange between customers, service personnel, and
developers. In this process, it is easy to get lost when scattered requirement items pile
up. User story mapping can help you solve this problem. Major phases and their
detailed activities can be sorted and displayed in a tree structure according to user
scenarios. In this way, you can intuitively see both the objectives and their detailed
requirements items.
• HUAWEI CLOUD DevCloud supports product planning, design, and agile project
management.
• In the product design phase, you can design product framework using mind maps.
• Requirements are associated with product design. The hierarchical structure of epic,
feature, and backlog allows you to manage the details of a requirement.
• Use sprint and Kanban to track the project progress and work item completion status.
• ProjectMan is a cloud service that provides agile project management and
collaboration for software development teams. It integrates Huawei's more than 30
years of advanced software R&D concepts and practices.
• Agile project management helps you solve problems listed on the left.
• There are two types of preset project templates: Scrum project template and Kanban
project template.
▫ Scrum projects follow the strict Agile Scrum methodologies and practices, which
are suitable for agile software development teams.
▫ Kanban projects use cards for interaction. It is suitable for lightweight and simple
management of software development teams.
• Multiple basic features of software project management are provided. These features
include project management, requirement planning and management, defect
management, sprint plan management, customized workflow, progress tracking,
statistics reports, dashboard, Wiki online collaboration, and project document hosting.
ProjectMan enables E2E, efficient, transparent, and visible management.
• Requirement planning and splitting
• CloudTest is a one-stop test platform that allows developers to conduct API and
performance tests and manage these tests in the cloud. Developed on the basis of the
DevOps Agile testing concept, CloudTest helps developers improve management
efficiency and deliver high-quality products.
• CodeHub features:
▫ You can read, modify, and commit code online. CodeHub enables you to develop
code anywhere at anytime.
• Security:
▫ CloudTest is a one-stop test platform that allows developers to conduct API and
performance tests and manage these tests in the cloud. Developed on the basis
of the DevOps agile testing concept, CloudTest helps developers improve
management efficiency and deliver high-quality products.
• API test allows you to quickly orchestrate API test cases based on the API URL or
Swagger files. It integrates pipelines, and supports microservice testing and layered
automatic testing. No code compiling is required for test cases. The technical barrier is
low. Therefore, these test cases can be used by different roles such as API developers,
API consumers, test personnel, and service personnel. You can import the swagger API
definition in a few clicks to automatically generate a script template, based on which
you can orchestrate and manage automated test cases of APIs. HTTP and HTTPS
supported; a visualized case editing interface; various preset check points and built-in
variables; customized variables; parameter transfer; and continuous automated testing.
• Key features of CloudTest:
▫ Manual and automatic test cases are designed in a unified manner. Test case
classification, prerequisites, procedure, and expected results are provided to guide
test case design.
• Suite management assembles manual or interface test suites based on test cases. A
test suite is used to manage a group of test cases. Generally, a test suite can be used
to perform multiple rounds or sprints of regression tests. You can create a manual test
case suite or interface test case suite based on the test case type.
• Application scenarios: Internet, gaming, and finance
▫ Cloud Performance Test Service (CPTS) is a cloud service that provides API and
E2E performance tests of applications, which are built based on HTTP, HTTPS,
TCP, UDP, WebSocket, RTMP or HLS. The rich capability of test model definition
can be used to restore scenarios of large-scale concurrent service access, helping
users identify application performance problems in advance.
▫ CPTS provides distributed pressure tests and is widely used in various industries,
such as the Internet, digital marketing, Internet of Vehicles (IoV), and finance.
• Advantages
▫ Professional test report: CPTS provides statistics collected based on the response
latency range, reflecting user experiences.
▫ CPTS provides a one-stop performance test solution, helping you identify the
performance bottlenecks of applications in advance.
▫ CPTS provides private test clusters for you. In such a test cluster, a single
execution node can simulate virtual users in the tens of thousands, and the entire
test cluster can simulate virtual users in the millions.
▫ CPTS supports execution of multiple concurrent tasks. It enables you to test the
performance of multiple applications at the same time, greatly improving the
test efficiency.
▫ Flexible combination of multiple transaction elements and test task phases: CPTS
provides flexible definition of data packet and transaction, as well as simulates
scenarios where multiple users perform transaction operations during traffic
peaks and troughs of test tasks. All these features make CPTS suitable for
complex scenario tests. In addition, CPTS allows you to specify the number of
concurrent users for each transaction at each period and simulates instantaneous
service traffic.
▫ Defining the behavior of virtual users for different test scenarios. You can specify
the interval for sending requests of the same user by setting the think time, or
define multiple request packets in a transaction to set the number of requests
initiated by each user per second.
▫ Customizing the response result verification to provide more accurate standards
for determining successful requests. CPTS allows you to configure check points
based on your service requests. After obtaining response packets, CPTS verifies
their response code and header fields. Only response packets meeting the
specified conditions are regarded as normal responses.
▫ With multiple flexible combinations of transaction elements and test task phases,
CPTS helps you test application performance in scenarios with different user
operation types and concurrent user operations.
▫ A transaction can be used by multiple test tasks, and multiple test phases can be
defined for a transaction. In each test phase, you can define the test duration,
number of concurrent users and tests, as well as simulate complex scenarios with
different traffic peaks and troughs. Figure 2 Tests in complex scenarios
• A cloud-based development environment of DevCloud. It provides a workspace
(including the editor and runtime environment) that can be configured as required and
quickly obtained. It supports environment configuration, code reading, writing,
building, running, debugging, and preview. It can connect to multiple code repositories.
• Application scenarios:
• Requirements of CI: comprehensive automatic testing. This is the basis for continuous
integration and continuous deployment. In addition, it is important to select proper
automatic testing tools; flexible infrastructure. Containers and virtual machines free
developers and QA personnel from heavy burdens; version control tools, such as Git,
CVS, and SVN. Tools for automatic build and software release processes, such as
Jenkins and flow.ci; feedback mechanism. For example, if a build or test fails, the
owner can be quickly notified to solve the problem as soon as possible to ensure a
more stable version.
▫ Five task types are supported: build, code check, sub-pipeline, deployment, and
pipeline control.
• CodeCheck helps you quickly locate code defects and provides examples and
rectification suggestions.
• You can switch to the code repository to perform online debugging in one click.
• Huawei typical check rule sets are provided, or you can customize your check rule sets
to flexibly adapt to project requirements.
▫ Huawei's typical check rules are provided to support web security architecture
and code check.
▫ Code defects can be sorted by multiple dimensions to allow you prioritize your
work.
▫ Impact description, modification examples, and suggestions are provided for code
defects.
▫ Click code defects to go to specific code lines to quickly check the code.
▫ Problem statuses are shown to provide guidance for daily improvement and
closure of projects.
• What Is CloudBuild?
• Build is the process of converting source code into a target file and packaging the
configuration file and resource file.
• CloudBuild Features
▫ Container-based build
▫ System image: supports the build and packaging using popular languages and
tools.
▫ Custom images: HUAWEI CLOUD Software Repository for Container (SWR) and
Docker Hub are supported. You can customize application images for multi-
language compilation.
▫ Cache mechanism for faster build
▫ If the dependency package has to be downloaded from the repository each time
for a build with Maven or Gradle, the build process will be very slow. CloudBuild
uses HUAWEI CLOUD EFS to cache dependency packages. CloudBuild attempts to
obtain the package for a build from the cache first. Only if no package is found
in the cache will the package be downloaded from the repository.
• MobileAppTest is a mobile compatibility test service provided by Huawei and TestBird.
It provides top models and hundreds of test experts. Leveraging image recognition and
app control recognition, the service generates compatibility test reports for apps. The
test reports generated include system logs, screenshots, error causes, CPUs, and
memory.
▫ Automatic testing: No test script or manual case compilation is required. You only
need to submit the Android and iOS application installation files and select the
test package to generate a detailed test report.
▫ Deep and fast tests: In-depth tests cover compatibility issues such as UI
exceptions, crash, suspension, program exceptions, and black screen. You can
quickly obtain a professional and complete test report by submitting a task.
▫ Detailed online test reports can be downloaded by one click. Detailed test
analysis, problem context, screenshots, and logs are provided.
• What Is CloudDeploy?
▫ Tomcat, Spring Boot, PHP, CCE, and other templates are predefined for fast task
creation. More than 20 atomic actions are provided for flexible task
orchestration.
▫ A deployment task can be deployed on multiple hosts and host groups. Logs are
generated for each atomic action, enabling quick fault locating and rectification
in the case of deployment failure.
▫ To deploy on VMs, you can either manually upload a software package to the
software release repository or create a build task to save a software package to
the software release repository. The deployment task uploads the software
package and installs it on the cloud host.
• The management of software packages and their attributes is the basis of release
management. The common software development process is shown below:
• Easy to use
• High performance
• Enterprise-grade functionality
▫ High reliability through 3 masters on the cluster control plane; node and
application deployment across AZs. High security as clusters are private to users
and subject to role-based access control (RBAC).
• Answer for Q1:
▫ B
▫ A
• Key capabilities of HUAWEI CLOUD Intelligent Data Lake
▫ DAYU: Faster enterprise innovation with all-domain data management and one-
stop data governance
▫ Multi-architecture computing: Fully compatible with the open source big data
ecosystems, accelerated kernel data, and industry-leading performance
• The new execution engine Tez is used to replace the original MapReduce, greatly
improving performance. Tez can convert multiple dependent jobs into one job, so only
one HDFS write is required and fewer transit nodes are needed, greatly improving the
performance of DAG jobs.
• The big data platform has the following advantages in this scenario:
▫ Visualized data import and export tool: CDM or Loader exports data to DWS for
BI analysis.
• Storage and analysis of massive amounts of data: In the environmental protection
industry, weather data can be uploaded to HDFS or OBS through CDM. Hive is used
for batch analysis. MapReduce can be used to analyze 10 TB of weather data within
one hour and write the result to DWS for BI analysis and query.
• Low-latency stream computing: Flink, Storm, and Spark Streaming are provided as the
distributed real-time stream computing frameworks to analyze and compute massive
real-time data streams, such as clickstream data and IoT data. Result data can be
pushed or alarms are generated in real time. For example, in the IoE industry, data of
smart elevators or escalators is transmitted to the streaming cluster in real time for
real-time alarm reporting.
• MRS is an elastic big data service built on the IaaS infrastructure layer of HUAWEI
CLOUD. It belongs to the PaaS layer of cloud computing and is delivered in semi-
hosting mode.
• MRS slightly enhances the reliability, performance, and security of all integrated big
data components, and makes significant improvements on the functions and
performance of some components. In addition, some Huawei-developed functions are
integrated.
• Fully compatible with open source APIs: fully compatible with open source APIs,
requiring no change to customer service code
• Flexible resource combination: A wide range of computing and storage resources can
be combined to meet requirements from different clusters, helping users build their
clusters in the most cost-effectiveness way.
• Mature and simple migration solution: Migration tools are complete, and the
migration solution is completed in four steps without service interruption.
• Simplified O&M and reduced costs: The enterprise-class cluster management system
simplifies the management of the big data platform, greatly reducing O&M costs.
• The layered big data migration to the cloud can quickly migrate the offline Hadoop
big data platforms (CDH/HDP/...) to the cloud. It migrates customer services and data
to the big data service MRS on the cloud at a time, and quickly builds service systems
based on the cloud environment to meet customers' requirements for rapid service
growth in the future.
• Layered migration classifies data into cold data, hot data, and real-time data. Different
migration methods are provided for different types of data.
• Cold data refers to historical data that is not updated but needs to be accessed
occasionally, for example, historical CDR data in various scenarios. Generally, the data
volume is greater than 100 TB. For such data, you are advised to use DES to deliver the
data to HUAWEI CLOUD equipment rooms through encrypted data boxes.
• However, DES is not applicable to all cold data migrations, such as migrations from
third-party cloud services. In this case, only third-party private lines can be used for
migration, and the cost may be five times that using DES.
• Hot data refers to the data that is updated occasionally but accessed frequently. For
such data, you are advised to create a snapshot for the directories and use CDM to
migrate the snapshot through Direct Connect. Generally, after the first migration is
complete, multiple incremental data transfers are required to reduce the difference
between the migrated data and the new or updated data in real time.
• Real-time data refers to the data that is generated in real time and continuously
written to the big data cluster. Generally, the generation speed is within 100 MB/s.
During real-time data migration, you can configure KafkaMirror to synchronize Kafka
data from the source to the target in real time. If the Kafka service is not configured in
the service architecture, you can configure or reconstruct the service side to implement
dual-write of service data, achieving real-time data migration. If none of the preceding
conditions is met, you need to plan a downtime window and use incremental iterative
migration to shorten the incremental data migration duration to the downtime
window and stop services for migration.
• Cloud migration
▫ This solution quickly migrates the offline Hadoop big data platforms
(CDH/HDP/...) to the cloud. It migrates customer services and data to the big
data service MRS on the cloud at a time, and quickly builds on-premises systems
based on the cloud environment to support rapid service growth in the future.
• Migration solutions:
▫ All historical archived data, including HFile and backup files, is migrated using
DES.
▫ The HBase data of the latest month is migrated exclusively by using the snapshot
function and the CDM service.
▫ The summary data of the Kudu and standby HBase cluster is forwarded to the
online for migration through Kafka.
▫ The hot and cold data is migrated by phase, without service interruption.
▫ Historical archived data, including HFile and backup files, is migrated using DES.
▫ The HBase data of the latest month is migrated exclusively by using the snapshot
function and the CDM service.
• Customer Benefits
▫ The service code of the offline system has no modification, which ensures quick
service migration.
▫ Online migration of service data ensures no service interruption, and more than
100 TB data can be migrated to the cloud within 7 days.
• MRS leverages the advantages of the big data platform on DeC to meet the strict
requirements of the insurance industry with regards to compliance, security, and
reliability. It reconstructs the IT architecture of traditional insurance enterprises, quickly
builds, and deploys insurance service systems. This helps insurance enterprises realize
fast digital transformation, easy service innovation, and agile service evolution.
• In this scenario, order data in the business database is written to Kafka through tools
such as the OGG, Maxwell, and Canal. Spark Streaming writes the order data to HBase
in microbatch mode in real time. HBase provides real-time query capabilities for
service systems and risk control systems. Data in HBase is periodically extracted as
table data files through DLF scheduling and stored in HDFS. SparkSQL provides the
report statistics capability. Alternatively, DLF invokes Spark jobs to periodically analyze
data and update the risk control model, providing data support for risk control.
• Benefits
▫ Creates the big data platform with one click and provides an enterprise-class
platform management interface, simplifying O&M.
▫ Flexible and efficient: one-stop data storage, risk analysis, and report generation
▫ Flexible creation: A full-stack big data platform can be created with one click.
• The order data in the service database is written to Kafka through tools such as OGG,
Maxwell, and Canal. Spark Streaming writes the order data to HBase in microbatch
mode in real time. HBase provides real-time query capabilities for service systems and
risk control systems. Data in HBase is periodically extracted as table data files through
DLF scheduling and stored in HDFS. SparkSQL provides the report statistics capability.
Alternatively, DLF periodically analyzes data and generates the risk control model,
providing data support for risk control.
• Solution analysis:
• Related Services
▫ Data management platform: Activate and delicately manage data assets, and
effectively integrate multiple production, supply, and sales terminals and various
data sources to eliminate data silos.
▫ Computing is isolated from storage. Service data is stored on OBS and metadata
is externally placed on RDS. Computing and storage resources can be used on
demand, which is more cost-effective.
▫ HUAWEI CLOUD big data services are more stable and efficient, improving
service performance by 3 times.
• HBase table compression performance when data is loaded to a database improved by
more than 20 times
• After cleaning, converting, and denoising massive data of vehicle sensors and
geographical locations collected in real time, big data analysis and mining technologies
are used to analyze vehicle running status, fuel consumption, driving behavior tracks,
and engine running status to implement real-time vehicle monitoring and fault
prediction.
• Technical Implementation
▫ Machine Learning Service (MLS) mines the value of data, including predictive
maintenance of elevators.
• Benefits:
▫ Algorithms and models are built on the cloud to use big data technology to
analyze, sort, and mine physical and video data collected by sensors and smart
cameras installed in elevators to make the elevators "self-think", predict
potential faults, and implement security warnings. The cloud-based elevators can
effectively monitor the elevator running data, passengers' behavior, and elevator
operating environment in real time. This ensures that automatic alarms and
intelligent rescue can be triggered upon an emergency, and passengers'
uncivilized behavior can be supervised, thereby ensuring passenger's safety in
elevators.
• Implementation Principle
▫ MRS works MRS Kafka to temporarily store tens of thousands of pieces of real-
time elevator monitoring data in an uploading queue per second.
▫ MRS Storm processes Kafka data in real time and imports the data to Redis for
real-time monitoring.
▫ MRS Hadoop periodically extracts data from Kafka and imports massive amounts
of data to MRS HBase.
▫ With MRS HBase point query and batch scan capabilities, MRS works together
with Elasticsearch to offer ultra-fast query of elevator data at the business layer.
• DLI supports three functions: SQL jobs, compatibility with open source Spark APIs and
ability to execute all jobs supported by open source Spark, Flink real-time stream
processing
• DLI is a serverless big data compute and analysis service. It is fully compatible with
Apache Spark and Apache Flink ecosystems and supports batch streaming. With multi-
model engines, enterprises can use SQL statements or programs to easily complete
batch processing, stream processing, in-memory computing, and machine learning of
heterogeneous data sources.
• DLI architecture. The data layer is compatible with data from various data sources. The
engine in the middle is the Spark core engine. Multiple interfaces can be called
externally. Analysis and computing are supported in various industries.
• Highlights:
▫ Easy to use: The fully-managed serverless service frees users from the need to
pay for physical servers.
• Supported data sources: MRS/DWS/CloudTable/RDS/MySQL/MongoDB
• The following are key features of DLI: storage and computing decoupling, cross-source
analysis, and batch and stream processing. There are some cases and scenarios for
these features.
• Application scenarios of the storage and compute separation feature
• Huawei Solution
▫ Easy to use
▪ You can use standard SQL statements to compile metric analysis logic
without paying attention to the complex distributed computing platform.
• Huawei Solution
▫ Tiered storage
• DWS supports 40GE high-speed internal networks and has strong scalability.
• DWS is compatible with SQL 2003 and SQL 92, enabling developers to quickly start
development.
• Data migration: Use CDM to migrate data to DWS in full or incremental mode.
• In a data warehouse, the logical layers can be divided into three layers:
• ODS layer: The ODS layer is the source layer and has the same data features as the
source service database.
• DW layer: data warehouse layer, which extracts historical analytical data from the ODS
layer and complies with the data model.
• DM layer: data mart layer, which is used for metrics analysis and can be calculated
based on data at the DW layer.
• Finally, the application layer of DWS can seamlessly interconnect with various BI tools
to implement agile report development.
• Advantages: significantly reduced costs and improved work efficiency
• During BI construction, Glodon addresses pain points and challenges of massive, multi-
source, and real-time data processing with Huawei DWS.
• To address the challenges of data value monetization brought by diversified services,
systems, and data, HUAWEI CLOUD builds an intelligent data lake solution based on
cloud infrastructure.
• This solution provides key capabilities such as unified data storage, converged data
analysis, and data operation enablement, helping customers build a unified data
platform with real-time data service for quicker industry digitalization.
• This solution provides key capabilities such as unified data storage, converged data
analysis, and data operation enablement, helping customers build a unified data
platform with real-time data service for quicker industry digitalization.
• Data governance
▫ There are no efficient and accurate data search tools available to ordinary
business personnel, so data is hard to find.
• Data operation
▫ Data is not service-oriented, so new copies are constantly being created and the
data definitions are inconsistent. The same data is developed repeatedly, wasting
resources and driving up costs.
• Data innovation
▫ There are too many data silos. Data is not easily shared and circulated
throughout the enterprise. As a result, cross-domain data analysis and data
innovation are lacking.
▫ Data is still mainly used in report analysis. There are almost no solutions for
promoting business innovation based on data feedback.
• DAYU is a one-stop operation platform that provides data lifecycle management and
intelligent data management for enterprises' digital operations. It provides functions
such as data integration, data design, data development, data quality control, data
asset management, and other data services. DAYU supports intelligent construction of
industrial knowledge libraries as well as data foundations such as big data storage and
big data computing and analysis engines. DAYU helps you quickly construct intelligent
end-to-end data systems from data ingestion to data analysis. It helps eliminate data
silos, unify standards, accelerate monetization, and generally assist with digital
transformation.
• To address the challenges of data value monetization brought by diversified services,
systems, and data, HUAWEI CLOUD builds an intelligent data lake solution based on
cloud infrastructure.
• This solution provides key capabilities such as unified data storage, converged data
analysis, and data operation enablement, helping customers build a unified data
platform with real-time data service for quicker industry digitalization.
• This solution provides key capabilities such as unified data storage, converged data
analysis, and data operation enablement, helping customers build a unified data
platform with real-time data service for quicker industry digitalization.
• This solution provides key capabilities such as unified data storage, converged data
analysis, and data operation enablement, helping customers build a unified data
platform with real-time data service for quicker industry digitalization.
• Downward: collect the production data of hundreds of energy enterprises and millions
of renewable energy power generation devices in the province in real time
• The renewable energy data platform of a province lights the renewable energy
industry.
• Achievements
▫ Orderly, open, and shared data flows with energy to activate data value
• The big data platform of the energy group transforms data operation to:
• Downward: collect the production data of hundreds of energy enterprises and millions
of renewable energy power generation devices in the province in real time
• The big data platform of the energy group transforms data operation to:
• Downward: collect the production data of hundreds of energy enterprises and millions
of renewable energy power generation devices in the province in real time
• In addition to basic computing capabilities, HUAWEI CLOUD EI provides 59 cloud
services (21 platform services, 22 visual cognition services, 12 language services, and 4
decision-making services) and 159 functions (52 platform functions, 99 API functions,
and 8 pre-integrated functions), including essential platform services, common APIs,
advanced APIs, and pre-integrated solutions.
• "Full-stack" refers to a full-stack solution that includes chips, chip enablement, training
and inference frameworks, and application enablement.
▫ Ascend: a series of unified and scalable AI IPs and chips, including Max, Mini, Lite,
Tiny, and Nano.
▫ CANN: a chip operator library and highly automated operator development tool
▫ MindSpore: a unified training and inference framework for device, edge, and
cloud (both standalone and cooperative)
• Huawei HiLens consists of two parts. In terms of software, HiLens provides an online AI
application development platform. In terms of hardware, HiLens provides a powerful
development suite for developers.
• This slide shows the Huawei HiLens cloud side and device side. You can also log in to
the HUAWEI CLOUD official website and find the service in the service catalog of EI.
• Add the description of HiLens devices and application scenarios. For example, the
HiLens Kit devices can be used in outdoor scenarios.
• Integrating model development, Huawei HiLens is a flexible device-cloud application
development platform.
• Background: He Chang Future Technologies is committed to providing industry-leading
integrated smart urban road management services for roadside parking management,
static traffic management, intelligent security, and smart home, ensuring safe travels.
• Benefits: With the help of Huawei HiLens devices, data collection is easier than before.
HiLens devices can be deployed in large scales. You do not need to spend to much
money, and the deployment consumes a shorter time. The device-cloud synergy is used
to automatically recognize license plates. Therefore, the success rate for license plate
recognition is increased by 75%, and the manual O&M cost is reduced greatly. The
manual review rate and the complaint rate are decreased by 50% and 30%,
respectively.
• Market shares, customers' requirements, and customer experience improvement are
important factors that need to be carefully considered for the purpose of sales
increase.
• Huawei and NTT Data jointly developed a smart 4S store solution. This solution fully
releases the power of data and helps reconstruct the offline store sales mode.
• Selected solution: Developers, large enterprises, and industry ISVs can use Huawei
HiLens to improve development efficiency, or integrate HiLens Kit, Atlas 200 DK, and
Atlas 200 SOC into their own solutions at low costs, to update their algorithms
speedily, manage devices with efficiency, and roll out solutions within two to three
weeks.
• Background: Conventional camera-video mode can only be used for real-time
surveillance. Alcidae hopes that automatic video analysis can be performed by cameras
to deliver value-added AI services for end users.
• Benefits
▫ Service enablement: Based on home videos, the solution conducts human figure
and baby cry detection as well as intelligent video retrieval to deliver various
value-added services for end users, including family member retrieval, elder care,
babysitting, and stranger surveillance.
• Challenges: Conventional video analysis services are costly, complex to build, and
difficult to deploy. In addition, they are difficult to adapt to complex environments at
construction sites.
• Benefits: A HiLens Kit device can connect to 16-channel cameras for video analysis and
device-side inference. Skill models can be quickly deployed with a few steps to
implement online platform management and automated secure production
management. Developers, large enterprises, and industry ISVs can use the HiLens Kit
devices to quickly integrate and verify solutions, greatly improving the development
efficiency. The integrated solutions can be rolled out within two weeks.
• Next, let's look at Graph Engine Service, that is, GES. I believe that you have learned
about graph data and GES in the previous HCIA course. Here, we will talk about its
application scenarios.
• The massive and complex associated data, such as social relationships, transaction
records, and transportation networks, is graph data. GES stores, queries, and analyzes
the relationship-based graph-structure data. It has various application scenarios, such
as Internet recommendation, intelligent Q&A of knowledge graphs, knowledge graph
inference, financial risk control, and smart city.
• GES provides an ultra-large integrated platform for graph storage, query, and analysis.
It powers high-performance query and analysis on large-scale graphs with billions of
vertices and hundreds of billions of edges. Based on its high-performance distributed
graph computing engine, GES can implement real-time queries in seconds. In addition
to the high-performance computing kernel and distributed storage framework, GES
has a library with extensive algorithms, including traditional graph analysis algorithms
that support real-time query and analysis, graph deep learning algorithms (graph
convolution and embedding algorithms), and knowledge graph embedding algorithms.
• Next, let's look at the analysis functions of GES.
• GES is an ultra-large integrated platform for graph query and analysis. It has a library
with extensive algorithms, a high-performance computing kernel, and a distributed
storage framework.
• The PageRank algorithm can be used to mine individual value on social networks. Both
quantity and quality are taken into considerations. For example, the more "follows"
received, the more influence an individual KOL has. In addition, if the followers are of
high quality, the KOL's value increases too. PageRank can be used to effectively avoid
problems like unreasonable scoring and frequent cheating.
• Centrality and TrustRank algorithms can be used to discover more KOLs on social
networks.
• The GES graph analysis algorithms can also be used in friend recommendation
scenarios.
• When you update your contacts on a social platform, new friends will be
recommended. This kind of recommendation is based on the graph triadic closure
theory. For example, if two people in a social circle have a common friend, they may
become friends in the future. The more common friends they have, the more likely
they become friends. Therefore, friend recommendation can be implemented based on
the number of common friends. In addition, before two people become friends, a
triangle is established between the them and their common friends. A larger number
of triangles in a social circle indicates that their connection is closer and more stable.
• We can analyze the social network closeness and recommend friends based on the
triadic closure theory and algorithms such as Triangle Count, Clustering Coefficient,
and Shortest Path.
▫ Generally, there is a high probability that two similar nodes belong to the same
type or are associated. We can use the deep neural network to express the nodes
and routes in a graph structure in embedded mode, and learn the overall
structure of the graph network at the same time.
▫ Then, we can obtain the low-dimensional expressions of nodes and edges in the
graph network and accurately predict whether two nodes belong to the same
type, are connected, or a specific relationship exists between them based on
specific distance calculation formulas. It is even possible to infer the real
knowledge that exists, but is not presented in the training data through existing
data.
▫ GES provides various graph deep learning algorithms, including the graph
embedding algorithms Node2vec and SDNE, graph convolution algorithms GCN
and GraphSAGE, and knowledge graph embedding algorithms TransE and
ComplEx.
• Graph embedding and graph convolution: The deep learning algorithms are used to
extract the graph structure and node features in a graph. In this way, the graph and
nodes are classified and expressed in embedded mode.
• Anti-fraud: GNN is used to perform in-depth data mining and identify malicious user
patterns to control risks.
• Next, let's talk about applications of GES in the knowledge graph, relationship, and risk
control domains.
▫ In recent years, knowledge representation and inference are widely used. GES
provides a graph database that can store a large amount of knowledge graph
data as the underlying storage support.
▫ At the upper layer of the storage, GES also has abundant knowledge graph
embedding algorithms (TransE, TransD, ComplEx, Analogy, and the like) to
perform embedded expression on entities and relationships in knowledge graphs,
for the purposes of clear expression and correct understanding.
▫ In the relationship network and financial risk control domains, GES also provides
extensive algorithms for friend relationship query, commodity/consultation query,
community classification, and link analysis, as well as machine learning-based
graph convolution and embedding algorithms. It has the capabilities of analysis,
classification, recommendation, and link prediction based on graph node features,
graph network features, or embedded graph node expressions.
• Image text recognition, also known as optical character recognition, is referred to as
OCR. In a broad sense, it refers to the process of analyzing and identifying text data
from image files to obtain text and layout information. OCR is widely used to
recognize general characters, receipts, and certificates, replacing manual input and
improving service efficiency. It is also a hot trend in AI field.
• This figure shows the panorama of HUAWEI CLOUD OCR. OCR includes five categories:
general, receipt, certificate, industry, and template customization. The five scenarios
cover a wide range of common application scenarios and common industry
identification requirements. More customization requirements will be developed
through intelligent online customization capability. In addition, HUAWEI CLOUD has
taken the lead in providing OCR service capabilities outside China, such as Myanmar ID
card, Thai ID card, and international passport. More services are being incubated.
Based on the massive underlying training and inference resources of HUAWEI CLOUD
and the support of the underlying basic AI platform, HUAWEI CLOUD OCR accelerates
the development and rollout of services, and shortens the time for testing new services
to days.
• Intelligent classification, one image with multiple tickets, automatic segmentation and
identification
• HUAWEI CLOUD OCR can also be used in financial reimbursement scenarios. OCR can
automatically extract key information of invoices to help employees automatically fill
in reimbursement forms. In addition, the RPA automatic robot can greatly improve the
efficiency of financial reimbursement. Ticket OCR can recognize VAT invoices, taxi
invoices, train tickets, itineraries, and shopping invoices. It can correct distorted images
and effectively eliminate the impact of seals on text recognition, to improve the
recognition accuracy.
• In financial reimbursement, one image usually contains multiple invoices. Generally,
common OCR services can identify only one type of invoices. For example, the value-
added tax invoice service can identify only one value-added tax invoice. HUAWEI
CLOUD OCR provides intelligent classification and identification services, including one
image with multiple invoices, one image with multiple cards, mixed use of cards and
invoices, and total billing. The system also supports the separation of multiple types of
bills and cards, including but not limited to air tickets, train tickets, medical invoices,
driving licenses, bank cards, ID cards, passports, and business licenses. Then, OCR can
be used to identify various types of figures.
• After receiving a batch of financial invoices, financial personnel need to manually enter
the invoice information into the system. Even if you use OCR technology, you need to
take photos of each financial invoice and upload them to your computer or server.
HUAWEI CLOUD provides the batch OCR solution. You only need to use a scanner and
a PC to scan invoices in batches to generate color images. In addition, HUAWEI CLOUD
OCR is automatically invoked in batches to quickly extract invoice information and
visualize and compare the recognition results. You can also export the recognition
results to an Excel file or financial system in batches, greatly simplifying the data
recording process.
• The six functions of Image Recognition deliver omnimedia tagging and image
optimization.
• Based on deep learning technologies, Image Recognition can accurately identify visual
content in images and provide multiple objects, scenarios, and concept tags. It has
capabilities such as object detection and attribute recognition, helping customers
accurately identify and understand image content.
• Image tagging: recognizes objects, scenes, and concepts, facilitating your search,
filtering, and management of large galleries.
• Recapture detection: identifies whether the commodity image is the original image or
a recaptured image.
• Text Moderation: Checks whether the text contains pornography, sensitive political
content, advertisements, offensive content, spamming, and contraband.
• Video Content Moderation: Determines whether the video has violation risks and
provides violation information from multiple dimensions such as image, sound, and
subtitle.
• Content Moderation adopts cutting-edge image, text, and video technologies that
precisely detect pornographic or terrorism-related material, and sensitive political
information, reducing any non-compliance risks in your business.
• Moderation (Video) provides functions such as PiP, short video, image, and text
moderation to assist customers in content review to reduce non-compliance risks.
• Face Recognition provides four functions: image-based Face Detection, Face
Verification, Face Retrieval, and Face LiveDetect.
• Face Detection accurately locates faces in an image, identifies the size of each face,
and outputs basic facial attributes, such as the gender and age.
• Face Verification compares the similarity of human faces in two images. The
application system determines whether they are the same person based on the
similarity.
• Face Retrieval extracts facial features from the target facial image and imports the
features to the facial image library for future comparison and retrieval. Generally, this
function is used together with facial image library management.
• The face recognition-based access control gate solution uses the face recognition
technology to accurately recognize passenger identities and quickly return the
recognition results. When a passenger approaches to the gate, the face image is
captured and the gate opens once the face is recognized. The gate can be used
together with the attendance system to effectively prevent attendance frauds and
cheats, thereby implementing automatic management.
• The facial image library management and face retrieval functions are used in the face
recognition-based access control scenario.
• Based on Face Recognition, the campus management system can implement multiple
intelligent management scenarios, such as identity recognition, activity track
identification, dormitory management, meeting sign-in, and school heat maps.
• In the teacher and student management scenario, the face detection, face retrieval,
and facial image library management functions are recommended. The functions can
also be used with face capture cameras or video-based face detection
algorithms.
• In the Internet finance industry, how to quickly verify customer identities and
authorize relevant operations is critical, because it has impact on the business
security and competitiveness of enterprises.
• In this scenario, face retrieval and facial image library management can be
used, and Face LiveDetect can also be configured to prevent cheating.
• The VCR provides capabilities of analyzing people, vehicles, objects, and events.
• People analysis capabilities include video-based face detection, crowd counting, and
heat map. Video-based face detection can quickly identify faces in videos and provide
facial images for subsequent face recognition. Crowd counting collects statistics on the
number of persons in a covered area, and heat map collects statistics on the
probability of people appearing in a covered area. Crowd counting and heat map are
used to identify the crowd popularity in an area.
• Vehicle analysis capabilities include license plate recognition and vehicle attribute
recognition. License plate recognition is used to recognize license plates of vehicles,
including blue license plates and license plates for new-energy vehicles. Vehicle
attributes include the vehicle types and colors, which are used by upper-layer service
systems for detailed vehicle information analysis.
• The object analysis capability mainly indicates object leftover detection. Object leftover
detection detects leftover objects, such as luggage, in an area. This function can be
used in scenarios such as lost and found in residential cells.
• Event analysis capabilities include smoke and fire identification and intrusion detection.
Smoke and fire identification is used to identify open flames and smoke in screens.
Intrusion detection can identify illegal intrusion behavior (passing lines or areas) and
generate alarms. In addition, people and vehicles can be filtered. That is, only
intrusions of people or vehicles can be identified and alarms can be generated, greatly
reducing the false reporting rate.
• Tian An Cloud Park is located to the north of Huawei Industrial Base, Bantian,
Shenzhen. It occupies an area of 760,000 square meters and covers a building area of
2.89 million square meters. It focuses on leading industries such as cloud computing,
mobile Internet, robot, and intelligent device, and also develops modern and
productive services based on these industries. Tian An Cloud Park provides open and
shared space and smart environment construction to meet the requirements of leading
industries, and builds a smart city ecosystem that fully associates enterprises and
talent.
• In this project, we use the video analysis solution with edge-cloud synergy. Video
analysis models such as face detection, vehicle recognition, and intrusion detection are
delivered to the local GPU inference server of the park. After analyzing real-time video
streams locally, the server can upload the analysis results to the cloud or save the
analysis results to the local host for interconnection with upper-layer application
systems.
• The video analysis solution with edge-cloud synergy implements intelligent analysis on
surveillance videos and detects abnormal events such as intrusions and heavy crowds
in real time, reducing labor costs. In addition, existing IPCs on the park can be reused
and changed to intelligent cameras through edge-cloud synergy, greatly protecting
users' existing assets.
• The crowd counting and heat map solution is used to identify crowd information,
including the number of people and popularity density in an area. It supports setting of
the time and result sending interval. This solution is mainly used in scenarios such as
customer flow statistics, visitor quantity statistics, and business area popularity
identification.
• With the crowd counting and heat map solution, you can obtain the following benefits:
• Strong detection capabilities: able to count the number of people that only have parts
of body captured by camera
• High scalability: able to send statistics about head counting, areas, and heat maps at
the same time
• With the intrusion detection function, you can obtain the following benefits:
• High flexibility: The size and type of alarm objects can be set.
• Low false alarm rate: Intrusion alarms based on people or vehicles filter out
interference from other objects.
• With the leftover object detection function, you can obtain the following benefits:
• Low false positive rate: Specified objects in specified areas can be identified to
eliminate interference.
• Smoke detection: Determine the smoke density and diffusion based on the smoke
color (light smoke is translucent and thick smoke is gray and black).
• Flame detection: Identify whether a flame exists based on the flame color and shape.
• With the smoke and fire identification function, you can obtain the following benefits:
• Video analysis is performed on suspected smoke and fire areas to effectively improve
the detection precision based on the visual features of the smoke and fire.
• No infrared thermal camera is required. You can deploy only common cameras to
detect smoke and fire indoors, outdoors, in the daytime, and at night.
• Automatic Speech Recognition (ASR) solves the problem of listening, and Text To
Speech (TTS) solves the problem of speaking
• Sentence Transcription: You can upload data at a time. After receiving the complete
data, the server converts it. 8 kHz and 16 kHz are supported. It is mainly used for
human-machine interaction (typically WeChat voice input) and content review.
• RASR: RASR converts continuous audio streams into text in real time, enabling faster
speech recognition. Compared with Sentence Transcription, RASR is faster. The major
application scenarios include intelligent outbound calling, real-time conference
recording, and instant text generation.
• Long Audio Transcription: It provides one task submission API and one task query API.
You can submit tasks through the task submission API and query the recognition
results through the task query API. Key information about the emotion, role, and
speech is displayed in the recognition result. Long Audio Transcription can be used in
scenarios such as the customer service quality inspection and the content review.
• Hot word self-service optimization: In the speech recognition field, if there are some
special words with poor recognition effect, you can use hot words to optimize the
recognition effect, such as names of people, places, and various proper nouns. You can
use the hot word creation API to create a hot word and obtain a hot word ID. When
the speech recognition API is called, the hot word ID is transferred to optimize the
recognition result.
• The formal male voice, formal female voice, and child's voice can be selected.
• HUAWEI CLOUD NLP provides four subservices, NLP Fundamentals, Language
Understanding, Language Generation, and Machine Translation. Each subservice
provides the corresponding atomic capability API.
• NLP can be used in scenarios such as intelligent Q&A, public opinion analysis, and
advertisement monitoring.
• Now, let's look at Conversational Bot Service (CBS).
• CBS provides subservices such as QABot, TaskBot, SA, and voice assistant. QABot helps
enterprises quickly build, release, and manage intelligent question-answering bots.
• TaskBot can accurately understand the intent and key information of a conversation
and be integrated with intelligent phonebots and hardware, offering new voice
interaction modes.
• The voice assistant combines ASR, TTS, and TaskBot to parse and execute speech
commands and is applied in scenarios like smart home.
• CBSC helps build AI bots that have various capabilities, such as knowledge base and
knowledge graph Q&A, task-oriented conversion, reading comprehension, automatic
text generation, and multi-modality, based on customer requirements.
• Generally, a bot with a single function cannot solve all problems in customer service
scenarios. A conversational bot solution is developed by integrating multiple bots with
different functions. The solution is presented as a single service API. Customers can
solve different service problems by calling the single API. The following describes the
application scenarios of each bot:
• Have common consulting and help issues in IT, e-commerce, finance, and government
domains.
• Customer service: hotels, air ticket booking, credit card activation, and more
• The KG-powered vehicle QABot can complete precise Q&A, for example, query the
price and configuration of a specific vehicle model and recommend vehicles based on
the price and class type. It can also complete Q&A about vehicle comparison. The
answer can contain text, tables, and images.
• This solution is jointly developed by HUAWEI CLOUD EI and partners. Currently, the
Featured Solution has been launched. Huawei provides ASR, TTS, and Conversational
Bot Engine, and partners are responsible for integration and development of the entire
system.
• Difficult to recruit people (work is boring and repetitive, and a lot of negative emotions
are involved, resulting in a high turnover rate), difficult to manage (low loyalty, big
difference of ability, and difficult to monitor the behavior), high costs (in labor,
training, and venue), and low efficiency (hard to follow up issues and low customer
conversion rate)
• How can we analyze the customer service quality to ensure continuous improvement in
customer service capabilities and customer satisfaction?
▫ Inspectors need to be trained. The professional degree, loyalty, and training cost
are the pain points of enterprises.
▫ Intelligent analysis: ASR and NLP used to intelligently analyze customer service
conversations and generate reports
▫ Custom rules: flexible configurations of voice and semantics rules and deduction
items, and intuitive display of the real-world customer service performance
• Based on multi-modal audio and video data, carry out evaluation from multiple
dimensions, such as the pronunciation and mouth shape.
▫ Better robustness
▫ The mouth shape can be zoomed in, which is more intuitive to instruct learners
on how to make the correct pronunciation.
▫ Spoken languages can be learned anytime and anywhere as long as your tablet,
mobile phone, or computer can collect audio and video data.
• Knowledge Graph (KG) is essentially a form of knowledge representation and a
structured semantic knowledge base that describes entities and their relationships in
the physical world. Because most of human knowledge is stored in natural language
text, graph construction involves many NLP-related technologies.
• A relationship refers to the semantic relationship between entities. For example, the
provincial capital of Zhejiang is Hangzhou, and the relationship between Zhejiang and
Hangzhou is that Hangzhou is the provincial capital of Zhejiang.
▫ KG provides the entity linking API to parse user queries and return precise
answers.
• Machines are used to analyze and process natural languages to understand users'
questions. Structured knowledge in the knowledge base is used for query and inference
to find precise answers to the questions and provide the answers to the users.
• In addition, based on the structured data obtained through graph query, a readable
natural language text may be generated by using the text generation technology, for
example, generating some reports or answers to questions.
• Created in 2009, the Bitcoin system is a decentralized, peer-to-peer electronic cash
system.
• In the past, there used to be only one accountant who was the center of accounting.
Now, everyone participates in accounting. This is decentralization.
• In the past, ledgers were kept only by the accountant. Now, everyone is an accountant
and keeps their own ledgers. This is distribution.
• In the past, an account corresponded a person's identity. Now, an account does not
reflect an identity. It is a string of numbers and can be used only by digital keys, which
are also strings of numbers. This is encryption.
• In the past, people could only resort to the accountant to view ledgers and cannot view
accounts of other people. Now, everyone can view all transactions in all accounts at
any time. This is public ledger.
• In the past, accounting was controlled solely by the accountant. Now, everyone must
reach an agreement on who to have the accounting power, how to reward, and how
to confirm whether the account is valid. This is the consensus mechanism.
• In the past, only the accountant had control over ledgers. No one can do anything
when the accountant rewrites the transactions. Now, all accountants can only write in
but cannot modify ledgers. Even if you modify your own ledger, others will not
recognize the change. This is called tamper-proof.
• Public and private keys are the fundamentals of encrypted communication. A random
public-private key pair is generated by using an encryption algorithm. The private key
must be securely kept and accessible only to its owner. The public key can be made
public. A reliable encryption algorithm ensures that no one can use a public key to
calculate the mapping private key.
• The Merkle tree helps quickly verify the integrity of transaction data, that is, whether
the data has been tampered with. If the data has been tampered with, the calculated
hash value will be completely different. For example, even if only a decimal point has
been moved among 4,000 transactions, the Merkle root hash value will reflect the
change.
• Proof of Work (PoW) is a proof that you have done some amount of work. It is usually
inefficient to monitor the whole process of work. However, it is efficient to prove that
you have done some amount of work by verifying the result of your work. For example,
a graduate certificate and a driver's license are proofs obtained by verifying the results
(passing exams). A PoW system (or protocol, or function), is an economical way of
deterring denial-of-service attacks and other service abuses by requiring some amount
of computation from the service requester, usually indicating some amount of
processing time by a computer. This concept was first introduced by Cynthia Dwork
and Moni Naor in a 1993 journal article. The term "proof of work" (POW) was first
coined in a 1999 article by Markus Jakobsson and Ari Juels.
• O: orderer node
• Ordering role: Orders all transactions into blocks according to the agreed ordering
implementation.
• Peer: A fundamental element of a blockchain network. (Orderers are not shown in the
figure.)
• Ledger: Shared ledger. Each peer contains a copy of the same ledger data.
• Channel: Peers in a channel share the same ledger. Channels isolate data.
• Fabric SDK
• The DApp uses the Fabric SDK to communicate with the blockchain network.
• Enterprises can quickly build secure blockchain systems through easy deployment,
management, O&M, and development.
• Professional technical services and industry solutions help enterprises quickly deploy
services on the blockchain.
• Deployment completed in minutes, support for Fabric JDBC, as easy to operate as a
database
• Leverages the auto scaling, fast fault recovery, and disaster recovery capabilities of
HUAWEI CLOUD's high-performance compute (including cloud container engine),
network, and storage services to ensure high reliability and availability.
• Supports hybrid cloud deployment and multi-cloud interconnection. Huawei and SAP
have jointly completed the first cross-cloud blockchain interconnection.
• Built based on Docker and Kubernetes, highly reliable and scalable, fully collaborative
with other clouds, no data expansion or performance issues
• Auto node scaling and quick fault rectification can be achieved with Kubernetes.
• Range proofs and proofs for equality are used for homomorphic encryption with a
verifiable range.
• SM2: ECC-based asymmetric encryption algorithm This algorithm is public. It provides
faster signature and key generation than RSA.
• Uses ECC-based 256-bit algorithm, providing higher security than RSA 2048-bit, and
operates faster than RSA.
• SM3: message digest algorithm, which is comparable to MD5. This algorithm is public.
It provides 256-bit verification results.
• SM4: packet data algorithm based on the WLAN standard. Symmetric encryption with
both key and packet lengths of 128 bits.
• Centralized deployment: All services are deployed in HUAWEI CLOUD.
• Hybrid deployment: Some services are deployed in HUAWEI CLOUD, and the other
services are deployed in the customer's private data center.
• Decentralized deployment: All services are deployed in the customer's private data
center.
• Financing information cannot be verified due to information silos in supply chains.
• The credit of core enterprises cannot be effectively transferred. In accordance with the
Contract Law, core enterprises only sign contracts with tier-1 suppliers and are not
involved when tier-1 and tier 2 suppliers sign contracts. As a result, the credit of core
enterprises cannot be transferred to different tiers of suppliers.
• Banks do not have trusted data of SMEs. In the existing banking risk control system,
SMEs cannot prove trade relations or get funding from banks, and banks cannot
acquire customers from or lend money to supply chains.
• Financing is difficult and costly. The widespread credit sales means that upstream
suppliers are often short of cash, and yet it is difficult for them to be granted high-
quality loans from banks without the endorsement of core enterprises.
▫ ABC
• Answer: 2
▫ ABCD
• Definition: Traditional campuses refer to industrial campuses. Campuses here refer to
areas with boundaries and a single operation entity.
• However, the current campus construction cannot keep up with the technology
development. The service system is not planned in a unified manner. The construction
and operation costs are high. In addition, after the construction, the homogenization is
serious, and the service experience is not significantly improved.
• By building a secure, open, and sustainable smart campus digital platform, Huawei
integrates new ICT technologies such as cloud computing, Big Data, IoT, mobile
Internet, and AI to redefine smart campuses.
• Streamline the campus subsystems and connect device, edge, network, and cloud to
manage objects comprehensively, support rapid development of campus services, and
help customers implement digital transformation.
• Next, let's look at some new ideas of Huawei's smart campus construction.
• Redefine the mode to achieve smart campus:
• In the past, the campus system was electronic. Now, it is digital. However, the campus
has two problems. One is that subsystems are constructed separately without linkage.
The second is data silos. Data is not unified, and data value is not mined. Huawei's
smart campus digital platform connects systems, converges data, and uses AI to
implement service convergence and support rapid service development and innovation.
• Redefine the innovation mode. Improve the service development and innovation
efficiency based on the unified data foundation and platform architecture.
• This platform connects all campus subsystems. Data of all subsystems is aggregated to
this platform to form a data lake with a unified data foundation. Then, it provides
services through APIs, making application development more agile and supporting
quick rollout of new services.
• In addition, this platform can support multi-campus management and replication.
• Provide secure, comfortable, and free space for enterprise employees and visitors, and
provide high-tech, valuable, and warm services.
• The smart campus solution applies to the following scenarios: operation center,
comprehensive security protection, convenient access, facility management,
environment space, asset management, energy efficiency management, enterprise
service, and digital office. Industry-specific application scenarios can be added to the
smart campus solution.
• The Intelligent Operation Center (IOC) is a platform for campus operation
management. It integrates new digital technologies such as IoT, big data, cloud
computing, AI, and GIS to support and build various innovative applications, build a
unified portal, and connect and manage subsystems in the campus. Through IOC,
unified and intelligent operation scheduling and management can be implemented.
• The smart IOC can visualize the campus status, control events, and manage services.
The details are as follows:
• Manage daily equipment and facilities, and centrally dispatches and directs security
incidents;
• The video-based perimeter protection of the integrated security system uses the
camera and video analysis AI algorithm to implement precise perimeter intrusion
detection. The algorithm can identify whether an object in the video stream is a person.
An alarm is generated only when the object is a person and the object is crossing the
fence, greatly reducing the false positive rate. In addition, the system automatically
saves the video of the 15 seconds before and after the alarm for analysis and evidence
collection.
• Traditional patrol requires security personnel to patrol on site. Video-based patrol of
the integrated security system implements online security patrol through surveillance
videos on patrol routes, greatly improving patrol efficiency and reducing the workload
of security personnel.
• One person can monitor multiple patrol sites by automatically switching patrol videos.
During video playback, a window is displayed randomly to determine the security
guard status. After the patrol is complete, the system automatically generates a patrol
report.
• The facial recognition technology is used to implement face alert deployment on
criminals or other suspicious objects, realizing intelligent alarm reporting.
• The management personnel upload the face images of the persons to be monitored to
the system and create a face blacklist library. Then he can select a camera, deployment
list, and time for alert deployment, and enter the alert reason to create an alert task.
When a camera captures and recognizes a face of a person to be monitored, an alarm
is automatically generated. Administrators can view and confirm alert deployment
alarms and handle the alarms based on the alarm event process.
• When a fire emergency occurs, the system links the fire extinguishing system, video
surveillance system, access control system, parking barrier system, and broadcast
notification system to review and handle alarms in a timely manner, accurately notify
personnel in the fire area, reduce the response time, and greatly improve the security
management level and work efficiency.
• 24/7 facial recognition turnstiles and facial access control can replace security guards,
reducing labor costs. Employees, residents, and visitors can walk through the campus
without manual checking. This avoids the troubles caused by forgetting to bring cards,
manual registration on paper, and no permission for remote office access, thus to
improve the campus access experience.
• Visitors need to register for entering the campus. Complex management process and
single identity registration are important factors that affect user experience.
• Self-service guest reception: Guests can remotely fill in access applications through the
WeChat public account or campus app. After the applications are approved, guests
arrive at the site and pass through the site after license plate recognition and facial
recognition.
• Smart parking implements real-time parking space statistics collection through the app,
automatic license plate recognition and vehicle release, indoor parking guidance, and
payment through QR code, making parking more convenient and management more
efficient.
• Faults of campus devices are detected through phone calls, front-end warranty, and
property inspection. These faults are not detected in a timely and planned manner. In
addition, devices are managed by multiple vendors in a system, and data of each
system is isolated. Systems are not interconnected or intelligently associated.
• The smart facility management system is constructed based on the integrated facility
management platform. It uses an open system architecture and is compatible with
devices from various vendors. It streamlines service subsystems to implement unified
device monitoring and fault management.
• In addition, you can configure running parameters for multiple devices based on the
template, and remotely start and adjust device running in one-click mode, simplifying
management and improving efficiency.
• Smart conference room management allows operation personnel to view the real-time
room status of all conference rooms and reserve conference rooms in one-click mode
through the operation app. The system turns on the air conditioner and lights 10
minutes in advance. Remote adjustment of the conference environment (temperature,
wind speed, and light) can be made during the conference, reducing human
intervention and ensuring comfortable user experience; Resources are released in a
timely manner after the conference to reduce power consumption.
• Smart asset management uses RFID tags to manage the inbound, outbound, and
inventory of assets and detect and manage the real-time status of assets in specified
areas. We can achieve:
• If an asset is carried out illegally, the system automatically generates an alarm, which
turns into a security event. Then the system notifies the security guard and asset owner,
and automatically records and saves the video.
• The asset management application can also be associated with the GIS system to
query the movement track of assets in the campus online.
• Smart energy efficiency management displays the energy (water, electricity, gas, and
heat) overview data of campuses, regions, and buildings on a campus map. It monitors
the status and dynamic energy information of campus devices by floor, department,
device system, and power distribution system, and predicts power consumption based
on energy efficiency big data analysis. The energy efficiency diagnosis professional rule
library collects expert knowledge about energy management and device running
control, diagnoses the energy efficiency level, fault status, and control logic of each
device in each system in real time, and provides energy saving optimization measures
using simple engineering languages. This feature helps customers analyze the energy
saving of various facilities.
• The enterprise service can provide online and offline integrated property services for
registered enterprises in the industrial park, including property repair, decoration
application, visitor management, entry and exit management, bill query, information
release, and property leasing.
• The investment promotion management system provides one-stop full-process
investment promotion services for industrial park operators, including investment
promotion process management, project contract management, cost management,
performance management, and investment relationship management. It supports big
data analysis of the investment promotion industry, including industry chain panorama
analysis, enterprise profile, and industry development monitoring system.
• The digital office platform based on the Internet public cloud enables cross-regional
enterprises to collaborate with each other, improving the operating efficiency of
remote teams.
• The digital office platform provides messaging, unified authentication, address book,
audio and video call, cloud disk, intelligent inbox, multimedia conference, and small
program services. It connects to various terminals, including soft clients, conference
terminals, cash registers, printers, and recharge terminals, and supports multiple office
application scenarios, including mobile email, precise contact search in the address
book, HD conference team collaboration, to-do countersigning, and knowledge sharing.
• The digital office platform builds a fully-connected intelligent work platform to enable
borderless collaboration for enterprises.
• Based on Huawei product portfolios and digital platforms, Huawei cooperates with
ecosystem partners to resolve customer problems. The digital platform is the core. The
ROMA, big data, video cloud, IoT, and GIS capabilities have been encapsulated, and a
large number of campus assets have been accumulated on the platform. For example,
video analysis, material models, integrated assets, theme libraries, and edge markets
can accelerate secondary development and integrated delivery of campus applications,
support 1+7 scenario baseline applications, and provide industry-specific scenario
solutions for different industries.
• The campus edge-cloud synergy architecture is derived from Huawei's more than 10
years of digital transformation practices and has been verified in Huawei's campus.
The platform has the capability of IT-OT (operation technology) integration, which is a
special advantage of HUAWEI CLOUD. It also has a mature edge-cloud synergy
architecture, Huawei's own device-side chips, and local service capabilities for toB
enterprises. (Click to switch slide)
• Currently, the smart campus solution is widely used in more than 10 industries, such as
residential parks, construction sites, buildings, exhibition halls, industries, logistics,
education, enterprises, blocks, chemicals, mines, and scenic spots.
• A large number of smart campus services are similar in various industries. Based on the
HUAWEI CLOUD digital platform, the solution has built baseline applications that
support 1+7 scenarios (including intelligent operation center, comprehensive security
protection, convenient access, asset management, facility management, energy
efficiency management, environment space, and smart office). Huawei provides
differentiated scenario-based solutions for different industries and ecosystem partners,
helping customers achieve overall intelligence of the campus, enable service innovation,
improve operation efficiency, and lead the simplified experience.
• The smart campus uses the edge-cloud synergy architecture. The devices are various
subsystems and devices of the campus. The edge side provides nearby edge video
analysis based on IEF. The edge ROMA Site is used for application integration on the
campus side, and various gateway products and devices are interconnected and
collaborate with the cloud. The cloud provides overall capabilities of the digital
platform, including integration of five types of core platform applications (ROMA, IoT,
video cloud and video analysis, data operation platform DAYU, and IEF). Based on the
platform, HUAWEI CLOUD accumulates five types of campus assets (video analysis
scenario, integrated asset, object model, theme library, and edge market) to accelerate
the construction of campus applications. (Click to switch slide.)
• The campus informatization construction has undergone the transformation from
electronic and information-based to digital and intelligent. After years of development,
the campus has accumulated a large number of service subsystems, such as security
protection, transportation, energy, asset, OA, and attendance subsystems. This vertical
intelligent subsystem is constructed in a pain-free manner, as a result, data silos exist
between campus application systems, and data cannot be effectively exchanged
between applications and devices, causing slow development and difficult innovation.
In addition, campus services are diversified. Large enterprises' campuses are distributed
in different areas and are restricted by geographical and network conditions. Data is
isolated between campuses, and unified operation and management cannot be
implemented. Campus applications, devices, clouds, and multi-campus integration are
facing challenges.
• The ROMA integration platform originates from Huawei's business transformation and
digital transformation practices and is applied to Huawei's campus services. It is the
core platform for campus digital transformation. Now Huawei opens its capabilities
and provides campus solutions and ROMA integration platform.
• ROMA provides integration capabilities oriented to four aspects: A-application
integration, B-multi-campus, partner integration, C-multi-cloud integration, and D-
device integration. Unlike traditional enterprise service bus (ESB) that is deployed in
centralized mode, ROMA integrates intranet applications. ROMA uses a distributed
deployment architecture to support cross-network hybrid cloud and multi-cloud
integration. In addition, it can integrate IT and OT technologies, leading the
development direction of digital transformation integration.
• Based on the edge-cloud deployment architecture, it can streamline the physical world
and digital world and support the digital and intelligent transformation of campuses.
▫ Massive data DIS, MRS Hive, MRS HDFS, and MRS Hbase
• Device-edge-cloud synergy
• Hour-level device access and 100+ protocols in the campus industry to meet cross-
system linkage requirements of the campus.
• 20+ physical models based on project accumulation. Customers can perform secondary
modification based on the models.
• The edge-cloud synergy video AI solution helps the campus implement comprehensive
identification, automatic warning, and linkage response of people, vehicles, objects,
and behavior, implementing intelligent campus. In campus scenarios, we have built
capabilities for facial recognition, personnel statistics, vehicle detection, intrusion
detection, security detection, personal feature recognition, and abnormal behavior
analysis in 7 fields and 40+ intelligent video analysis scenarios. The capabilities are still
being improved, Huawei will work with industry campus partners to train and release
industry AI models based on HUAWEI CLOUD ModelArts to build AI capabilities for
specific campus scenarios and industries.
• Campus intelligent video AI identifies and analyzes people, vehicles, objects, and
behavior in the campus to improve campus security and service experience. Example:
perimeter protection (wall climbing and dangerous areas), convenient access (non-
sensitive attendance and facial recognition gate), security patrol (fire and gathering),
personnel identification (blacklist and VIP), and vehicle identification (license plate
recognition and vehicle congestion)
• Currently, campus video analysis provides seven categories and more than 40 scenarios,
providing out-of-the-box intelligent analysis capabilities for campuses. Huawei can
work with partners to provide intelligent analysis capabilities for industry videos. The
intelligent video analysis capability of the campus and the campus IOC can improve
the overall operation efficiency of the campus and reduce the operation cost. For
example, China Overseas Property improves the overall operation efficiency by 30%
through campus video AI enablement, achieving energy saving and efficiency
improvement for campus operations. (Click to switch slide.)
• From the service perspective, the number of access systems and the data volume
increase. How to manage the data and guide business decision-making becomes a
challenge. From the technical perspective, there is no one-stop and end-to-end data
solution. The entire process from data integration, data lake, data modeling, data
standard management, data development, data quality, data asset management, to
final data service is long. The construction cost is high and the efficiency is low.
• DAYU is a one-stop operation platform that provides data lifecycle management and
intelligent data management capabilities. Enterprises can visualize, develop, and
integrate their data with DAYU. DAYU helps enterprises grow industry knowledge
bases with intelligence. Cloud-based big data storage and compute engines make it
easier for enterprises to rapidly grow their big data operations. HUAWEI CLOUD data
operation platform DAYU plays an important role in the overall architecture of the
smart campus. During the construction of the campus project, each subsystem collects
a large amount of data, for example, DAYU can aggregate vehicle data, pedestrian
access control data, facial recognition data, and device (street lamp) running data to
eliminate data silos and improve data value. The platform features efficient
development and analysis of data tasks, intelligent data governance, agile construction
of data services, and panoramic visualization of user services. It helps campuses
accumulate data assets, accelerate campus data sharing and digital transformation,
and improve the value of campus data.
• A large number of devices and applications, such as security protection, weak current,
and office devices, are deployed in customer equipment rooms. The smart campus
solution introduces cloud application integration, IoT, AI, and big data capabilities,
bringing challenges to cross-cloud and cross-network secure access and latency.
• IEF integrates multiple systems, such as the smart visitor system, intelligent security
protection system, campus smart Wi-Fi, and smart campus information release system,
to build a complete and industry-leading smart campus solution. This solution resolves
the following pain points: complex campus scenarios, passive response after security
events, poor user experience, high costs of property management personnel, and low
efficiency.
• Huawei's digital office has experienced four development phases: Notes office, web
office, mobile office, and digital office. Currently, WeLink serves 190,000 employees in
1023 offices in 170 countries, with an average of 12 million connections per day. Based
on Huawei's digital office practices, HUAWEI CLOUD WeLink builds a fully-connected
digital work platform that connects people, services, knowledge, and devices for
enterprises, and builds a secure, open, and intelligent workspace for enterprises to
facilitate their digital transformation.
• Connecting people: Integrates messaging, email, group, cloud space, and audio and
video collaboration modes to improve the collaboration efficiency between individuals
and teams.
• Connecting devices: Interconnection between people and devices and between devices,
zero learning cost, and improved office equipment usage efficiency.
• Finally, let's summarize the advantages of the HUAWEI CLOUD smart campus digital
platform from the following six aspects:
• HUAWEI CLOUD Smart Campus Solution is developed based on its own campus
practices. Huawei puts its applications on HUAWEI CLOUD to test them. Therefore, the
solution is verified by practices.
• Huawei has a full-stack integrated solution that integrates devices, edges, and clouds.
It has unique advantages in terms of architecture rationality, cost-effectiveness,
performance, and latency. A large number of IT systems and OT devices are deployed
in the campus. HUAWEI CLOUD ROMA/IoT can effectively integrate IT systems and
devices, the solution solves various integration problems such as ABCD, eliminates
information silos, and implements full connection of people, vehicles, and things in the
campus.
• The process is still operated by single project, and there is no organizational process
transformation, job reduction, or efficiency improvement.
• China Overseas Property realized that smart campus needs to be build based on a
digital platform, focusing on the "two insurances and one experience" application that
can quickly bring profits and building the core system of the smart campus.
• At the same time, a process team is set up to closely collaborate business departments
and technical departments. The technical solution and organization process
transformation drive the large-scale implementation of the smart campuses.
• Huawei has set up a special team for the China Overseas Property Smart Campus
Project. After several rounds of discussions, the team has worked with China Overseas
Property to develop the service plan and technical solution for the project.
• Platform construction: Based on HUAWEI CLOUD services, build a smart campus cloud
platform to provide service capabilities such as IoT access, AI intelligence, and data
operation center, supporting fast innovation of campus services.
• System access: ROMA and edge computing are used to build a decoupling architecture
for campus subsystems. Existing subsystems are connected by phase to build a
standard and output to the industry.
• Benefits to customers:
• Precise perimeter intrusion detection and intelligent video patrol improve management
efficiency and reduce labor costs.
• Integrated access and unified management with IOC support. Operations data analysis
to support business decision-making
• Answer: A
• The global digital economy is developing rapidly. More than 67% of the top 1,000
enterprises, including traditional enterprises, are undergoing digital transformation.
The overall digital economy is growing rapidly, bringing huge market potential.
▫ A large amount of duplicate data is stored and processed at the edge, which is
safer and faster than in the cloud while saving cloud bandwidth.
▫ Applications and computing power at the edge are controlled and scheduled by
the cloud, reducing customers' routine management and O&M workload.
▫ EI or big data capabilities in the cloud are used to improve service efficiency and
functionality.
• Background:
▫ Edge-cloud synergy is mainly used in the following three sectors. The specific
success stories will be introduced in the following slides.
▫ In the industrial sector, such as the PV scenario, the quality of PV cells has a
great impact on the performance and service life of PV plants. Therefore,
manufacturers pay high attention to the quality. Production line workers can
check a maximum of 10,000 to 20,000 cells in one day. The work intensity is
high, which may increase the false positive rate. Visual quality inspection in PV
cells delivers a detection rate of more than 99.9%, greatly improving the quality
of PV cells.
▫ First, intelligent edge container, that is, IEF. Typical applications are edge OCR
and facial recognition.
▫ Second, edge-cloud application integration, that is, ROMA. It can integrate both
devices and applications.
• Background:
▫ Cloud-edge synergy: 40+ AI algorithms, IoT, time series DB, and stream
computing are extended to the edge, enabling interworking with 10+ cloud
services.
▫ Local governance: Services are managed locally when the edge network is
unstable or jitter occurs.
• In this way, services are processed locally, reducing latency and providing real-time
guidance for onsite sales activities. In addition, edge nodes are managed by the cloud,
facilitating O&M, reducing costs, and improving efficiency.
• It is found that many industrial manufactures invest heavily in manpower on quality
inspection, that is, inspection by human eyes. This manual inspection is labor-intensive
and delivers low efficiency. Therefore, visual inspection is one of the core requirements
of many manufacturing enterprises.
• Visual inspection has higher requirements on edge devices because visual quality
inspection is performed at the edge side. The cloud is responsible for model training,
including training of the original models before deployment and training of models
continuously optimized after deployment. IEF delivers the trained models to edge
nodes for execution.
• What are the competitiveness of this solution? First, local execution of models reduces
the latency to less than 2 seconds. Second, the quality inspection effectiveness is
greatly improved. Last, the unified scheduling of computing power at the edge and
automatic model training reduce the O&M costs of the customer.
• Answer:
▫ AC
• DeC is a comprehensive solution for enterprise, Government, finance and other
customers, providing compute, storage resource pools, and multi-level network and
control isolation model. Tenants have exclusive access to their own resources pools
and are physically isolated from other public tenants to meet the different
requirements of specific performance, service applications, and security compliance.
• Optional cloud service management node
▫ Basic Edition:1+
▫ Large-Scale Editon:1+
• Advantages
▫ Simple and fast: VPC Endpoint can be directly connected without the need of
accessing Internet.
▫ Low cost: This solution does not use public network resources, reducing user costs.
• HSC Online supports the following scenarios:
• The industry department takes the lead in unified planning and builds the cloud
platform in "center+N branches" mode.
• The center centrally performs global O&M and management on cloud platforms
of all branches.
▫ B
▫ C
• Introduce the panorama of HUAWEI CLOUD industry-specific solutions, focus on the e-
commerce solutions, discuss how to adapt e-commerce services to deploy on HUAWEI
CLOUD and what problems need to be resolved, and use the Huawei VMALL as a case
to discuss how to perform in-depth reconstruction of e-commerce services based on
HUAWEI CLOUD.
• First, let's look at the panorama of HUAWEI CLOUD industry-specific solutions,
including 12 industries such as finance, e-commerce and retail, manufacturing, and
government. There are sub-solutions and best practices for each industry. You can
select an industry-specific solution.
• E-commerce has the following characteristics:
▫ Short-term surge in service access, such as Double 11, discount seasons, and
promotion seasons.
▫ Fast service rollout and iteration are required to meet ever-changing customer
requirements.
▫ The e-commerce website must be available 24/7. All upgrade and maintenance
operations must not affect service running.
▫ E-commerce involves user data and secure transactions and has high security
requirements.
• Based on the characteristics of the e-commerce business, let's look at the e-commerce
requirements.
▫ Elasticity: The system must be able to cope with exponential service peaks, have
elastic service capabilities and bandwidth.
▫ Stability: Service interruption will cause a large amount of financial and customer
losses. Therefore, stability is the cornerstone of e-commerce.
▫ As the service scale expands, the single-machine architecture cannot meet the
requirements of high concurrency. Service logic processing and data processing
modules need to be separated. Service logic processing needs to be stateless, and
load balancing is implemented through load balancers to cope with high
concurrency. The main method of data processing is to load hot data to the
distributed cache to improve the access efficiency of hot data and reduce the
database access bottleneck. In addition, distributed message queues can be used
to implement asynchronous decoupling between service logic modules, improving
user experience and service architecture reliability. As the storage capacity of a
database increases, the database middleware can be used to implement
horizontal expansion of relational databases to cope with large-volume data
query and processing.
• This figure shows the service division and logic modules of e-commerce website
construction.
• Nowadays, more and more e-commerce companies use containers to carry the web
layer and service layer.
• The public cloud provides e-commerce customers with high-quality Internet access
capabilities and its elastic bandwidth and fast resource expansion capabilities can cope
with burst peak access. In addition, the public cloud provides a complete set of security
solutions. For example, the border layer is protected by Anti-DDoS and WAF, and the
database layer is protected by database firewalls and audit capabilities.
• Service scenario: enterprise's self-hosted e-commerce platforms and websites that are
in initial scales and used for small- and medium-sized e-commerce enterprises who
adopt B2C, B2B, B2B2C, O2O, and C2M models.
• Next, let's analyze the flash sales scenario, which features that massive concurrent
users need to be handled in a short period of time.
• Generally, the e-commerce platform separates the flash sales service entry from the
normal service entry. In this way, the normal e-commerce access is not affected during
the flash sales.
• In the flash sales scenario, a large number of instances are required to cope with
service peaks. With HUAWEI CLOUD AS, ELB, and CCE services, the elastic scaling
capability can be implemented in seconds.
• In addition, the Web layer and the service layer are integrated through the distributed
message queue of HUAWEI CLOUD. The main advantage is that a large number of
service requests are put into the message queue and then response to users. The
message queue prevents message blocking, which greatly improves user experience
and system processing efficiency.
• Loading the offering information to the HUAWEI CLOUD distributed cache in advance
can minimize the impact on the relational database.
• E-commerce website acceleration is also a common scenario.
▫ E-commerce involves many images and videos of goods. If these contents are
placed on the web nodes of e-commerce websites, the web nodes may encounter
bottlenecks. However, with CDN, the data will be delivered to the CDN node
nearest to the user, greatly improving the website loading speed.
▫ In addition, HUAWEI CLOUD OBS works well with CDN to store images, static
web page files, and videos of e-commerce websites. Each object has a unique
URL in the OBS bucket. OBS can be directly configured as the origin server of
CDN. CDN and OBS work seamlessly to accelerate websites.
• With the development of technologies, smart e-commerce has more scenario-based
applications, including facial recognition and login, OCR identification of license texts,
e-commerce content review, and instant translation.
• The e-commerce intelligent customer service is also widely used, which can greatly
improve the problem solving efficiency.
• HUAWEI CLOUD provides the preceding intelligent applications and scenarios with
matching EI capabilities and best practices.
• With the development of technologies, smart e-commerce has more scenario-based
applications, including facial recognition and login, OCR identification of license texts,
e-commerce content review, and instant translation.
• The e-commerce intelligent customer service is also widely used, which can greatly
improve the problem solving efficiency.
• HUAWEI CLOUD provides the preceding intelligent applications and scenarios with
matching EI capabilities and best practices.
• Next, let's look at a smart e-commerce solution.
▪ Vehicle dispatching path planning: When vehicles and delivery paths are
dispatched, orders and delivery points are selected based on experience.
This results in a disorder of vehicle tracks on the map and high overall
costs. This results in a disorder of vehicle tracks on the map and high
overall costs.
▪ Big data platform: As a centralized platform, the big data platform cannot
share data capabilities with other business departments.
▫ HUAWEI CLOUD provides the following services or platforms to solve the
problems:
▪ Big data cloud platform: The EI big data platform is used to migrate an
offline system to cloud to facilitate access nationwide.
• Precision marketing is a basic capability for e-commerce platforms. Precise user models
are built for individualized recommendations based on in-depth mining and analysis of
data such as massive user access and transactions.
• The big data base of HUAWEI CLOUD provides big data storage, analysis, and machine
learning capabilities to obtain user profiles and work for the recommendation engine.
• The main purpose of the e-commerce omni-channel middle-end solution is formed
based on the common basic functional modules of e-commerce, such as the
commodity center, member center, and inventory center. E-commerce companies only
need to develop front-end modules based on personalized requirements of their users.
• In the omni-channel middle-end solution, the back-end layer is mainly the database
related to the service module. Each module has its own database, which facilitates the
expansion and upgrade of each module.
• Let's look at a real e-commerce case.
▫ The decoupling is not complete, and code reuse is difficult. The transaction and
promotion logic is integrated in the web, app, and WAP frontend GUI modules as
a shared library, and multiple versions are provided.
▫ The module granularity is large, the logic is complex, and the response speed is
slow.
• Basic services have been transformed to use the container technology, better
implementing CI/CD in the e-commerce service module.
• Next, let's look at the elastic scaling and high availability architecture of VMALL.
▫ Clusters are created in the microservice modules. The fault of any node does not
affect the microservice. Microservices support dynamic scaling service registration
and discovery.
▫ Services are carried by the HUAWEI CLOUD CCE service, which supports
container load compatibility and automatic scaling policy configuration.
▫ After the order transaction system was brought online, it effectively supported
large-scale promotion activities, involving tens of millions of order transactions
and tens of billions of order amount.
▫ It solves delivery bottlenecks and most requirements are delivered and brought
online in advance.
▫ The system proactively sorts out and optimizes businesses such as shopping carts,
orders, and marketing activities to improve user experience.
• Let's look at the service value of the VMALL microservice after reconstruction.
▫ After the order transaction system was brought online, it effectively supported
large-scale promotion activities, involving tens of millions of order transactions
and tens of billions of order amount.
▫ It solves delivery bottlenecks and most requirements are delivered and brought
online in advance.
▫ The system proactively sorts out and optimizes businesses such as shopping carts,
orders, and marketing activities to improve user experience.
• Answer 1:
▫ A