Solution Design Replatform to Alibaba Cloud, the cloud computing division of Alibaba Group.
Cloud Solution Design - Alibaba Cloud
DISCOVERY
Why you are moving to the cloud
- Financial Reasons
o Reduce expenses
o Increase operations
o Enhance outcomes
Improve overall ROI
Meet competitive challenges
PRESENTING A SOLUTION
Current Architecture
Current Architect
2-tier solution:
- Web
- Database Access
- Web tier: customers on web ports
- Database tier: web tier on database ports
Nightly database backups to tape
Proposed Solutions
Alibaba Cloud - moving applications to the cloud without major changes, but taking advantage of benefits of the cloud environment on below services
To Be Cloud Architect
- Virtual Private Cloud (VPC) - Helps you construct a logically isolated networking environment where you can customize your own IP address range, subnets, route tables, and network gateways.
- Web tier (Web Proxy) - Web (web traffic) Internet
- App tier (App Server) - App (app traffic) Web
- DB tier (ApsaraDB for RDS) - Databases (db traffic) App
- Load balancing - Server Load Balancer (SLB)
- Auto Scaling Group – Auto Scale
- Database migration - Data Transmission Service (DTS)
- Alibaba Cloud Security - Bastion hosts (management traffic) – Small instance type
- Resource Access Management (RAM) – least privilege
- Security o Only the web hosts in public subnet o Security groups Web - only allow internet traffic on 80/443 App hosts - only allow web proxy on app port ApsaraDB Relational Database Service (ApsaraDB for RDS) - only allow app host on 3306 The management of Bastion Host with Alibaba Cloud - Elastic Compute Service
(ECS) Systems
o Alibaba Cloud Security Groups - NACL (Network Access Control Lists) - as an additional layer
o Object Storage Service (OSS) Storage spaces have security features enabled
o Resource Access Management (RAM) policies configured along the principles of least privilege
o Monitoring and logging
DELIVERING A PROOF OF CONCEPT (POC)
Evaluating the solution in the Alibaba Cloud’s environment
Let’s start Alibaba Cloud A Free Trial - https://www.alibabacloud.com/campaign/free-trial?spm=a3c0i.7911826.2886971040.1.244714b3hLUrv9
IMPLEMENTING SOLUTION
Production Solution Implementation post POC everything is OK
KEY TAKEAWAYS
• Moving applications to the cloud as-is
App/DB Servers -> Elastic Compute Service (ECS)
Storage Object Storage Service (OSS)
Tools: Alibaba Cloud VM Import/Export
• Moving applications to the Alibaba Cloud without major changes, but taking advantage of benefits of the Alibaba Cloud environment
Migrating databases to ApsaraDB for RDS
Migrating applications to Alibaba Cloud Web Hosting
• Improving the Design of Existing Code
- Using cloud native features (Cloud-Native Applications Management https://www.alibabacloud.com/solutions/container)
Alibaba Cloud Architecture Best Practices
- Design for failure and nothing fails
o Avoid single points of failure
o Multiple instances
o Multiple Zones
o Separate single server into multiple tired application
o For ApsaraDB for RDS, use Multi Zone feature
- Build security in every layer
o Encrypt Data at rest and in transit
o Enforce principle of least privilege in Resource Access Management
o Implement both Security Groups and Network Access Control Lists (NACL) (Alibaba Cloud Security Groups)
o Consider advanced security features and services
- Leverage different storage options
o Move static web assets to Object Storage Service (OSS)
o Use Alibaba Cloud CDN to serve globally
o Store session state in Table Store
o Use ApsaraDB for Redis between hosts and databases
- Implement elasticity
o Implement Auto Scaling policies
o Architect resiliency to reboot and relaunch
o Leverage managed services like Object Storage Service (OSS) and Alibaba Cloud Table Store
- Think parallel
o Scale horizontally, not vertically
o Decouple compute from session/state
o Use Server Load Balancer (SLB)
o Right-size your infrastructure
- Loose coupling sets you free
o Instead of a single, ordered workflow, use multiple queues
o Use
Alibaba Cloud Message Queue (MQ)
and
Alibaba Cloud - Message Service
o Leverage existing services
- Don’t fear constraints
o Better Input/output operations per second (IOPS) for databases
Source: Alibaba Cloud
Top comments (0)