Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account


Huawei Cloud website highly available solution experience: one-click deployment, business security is more assured

2024-03-04 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > IT Information >


Shulou( Report--

Recently, a cloud service manufacturer experienced a series of outages, which not only greatly affected the normal access of users, but also pushed the reliability of cloud computing services into a whirlpool of public opinion.

In order to avoid business interruption due to similar problems, it is very important to choose a reliable cloud service provider, which can reduce the probability of problems at the source, and the overall escort business is continuous and stable. If a highly available solution is built on a more reliable cloud service provider, it is undoubtedly a "double insurance" for the safe and stable operation of the business.

For enterprises, a highly available business architecture can help enterprises quickly switch to a standby server through automatic or manual intervention in the event of host failure, network failure or even malicious attacks, so as to ensure the normal operation of the business and minimize the impact on the user experience.

Large enterprises and small and medium-sized enterprises may face the risk of business interruption, which may easily lead to losses of hundreds of millions of yuan for insurance, finance, banking, securities and other enterprises. For small and medium-sized enterprises, their website is small, the business structure is relatively simple, and once the business is unavailable caused by external factors, the loss will be difficult to make up for. Therefore, there is a greater need for a universal website high availability solution.

Huawei Cloud has launched a high availability solution for Huawei Cloud website aiming at business pain points in the areas of Internet, e-commerce, games, education, health care, government and enterprise, and energy, focusing on business continuity and system upgrades, high concurrent access and server availability. This solution can reach 99.9% SLA, effectively improve website performance, and provide disaster preparedness capabilities.

It mainly includes elastic load balancer ELB, elastic CVM ECS, cloud database RDS for MySQL, object storage OBS, cloud backup CBR, Web application firewall WAF, Anti-DDoS traffic cleaning, cloud monitoring CES and other products. Among them, ELB and ECS can automatically distribute access traffic to multiple CVMs to expand the external service capability of the application system; RDS can respond quickly and support a large number of connections; OBS and CBR, through massive storage and backup capabilities, ensure that business can restore any backup point in scenarios such as intrusion, erroneous deletion, software and hardware failure, and restore business in time and ensure business continuity. WAF and Anti-DDoS provide DDoS attack protection, malicious request interception and location defense at the network layer and application layer to protect websites from malicious attacks and intrusions, and effectively improve bandwidth utilization. CES provides real-time monitoring and early warning, allowing operators to learn about the use of various cloud resources in real time and deal with related problems in a timely manner. The above product combinations constitute a high availability solution for Huawei Cloud website, helping enterprises to achieve high business availability.

Multiple combinations to meet the business needs of different enterprises in the high availability solution of Huawei Cloud website, the core function of elastic load balancing ELB is to automatically distribute access traffic to multiple CVMs, so as to balance the performance of multiple ECS servers, improve the external service capability of the application system, and achieve a higher level of fault tolerance. ELB can well deal with the problem of high traffic, such as the tidal effect of related businesses in the e-commerce industry, high pressure in the promotion peak system, less consumption on weekdays, and the need to balance performance and cost. By evenly distributing access traffic to multiple backend CVMs, you can ensure the smooth operation of the business. In addition to cross-server traffic distribution, Huawei Cloud ELB also supports cross-availability zone distribution, which allows you to establish a real-time inter-city disaster recovery mechanism to meet the high availability needs of banking, trade and other large enterprise applications.

Huawei Cloud ELB provides two types of instances: exclusive and shared. A single instance supports tens of millions of concurrency, and supports private network IP change, slow startup mode, container address, tunck-port and other features. With ECS, you can quickly build and use business platform.

Here we choose to use Yunyao L instance to experience the related features of Huawei Cloud ELB. Yunyao L instance is Huawei's latest lightweight server product, which integrates cloud servers, network, storage and security, further simplifies parameters and options, and provides a variety of application images and system images to facilitate rapid business deployment. At the same time, under the premise of ensuring performance and security, the price of Yunyao L instance is also very affordable. For small and medium-sized enterprises or lightweight business applications, we can deploy, manage and use resources through visual pages without much knowledge of operation and maintenance.

Here, we choose to combine the high-availability package service on Yunyao Cloud Server, which includes 2 Yunyao L instances, Yunyao elastic load ELB and other services. The core architecture is shown below:

The service portfolio supports four operating systems: Windows Server, Ubuntu, Huawei Cloud EulerOS and CentOS. It also provides 2 cloud instances of 2C4G, cloud backup CBR of 100GB and cloud cloud load balancer ELB with a maximum number of connections of 2000.

Here we conduct stress tests through JMeter. On the server side of Yunyao L, nginx is used to simulate a large number of requests generated by traffic tides through a short period of super multi-link access. Through CES, we can see that ELB handles more than 10,000 links at its peak and distributes these requests evenly among the two Yunyao L hosts.

Through the experience and testing of related services in the high availability package of Yunyao L instance, we can see that in the case of large external traffic, ELB can well balance the business pressure of the two Yunyao L instances and ensure the availability of the overall business.

Data backup of business systems is also an important aspect to ensure business persistence. Huawei Cloud website high availability solution provides cloud backup CBR, providing simple and easy-to-use backup services for cloud servers, cloud disks, SFS Turbo, cloud and local file directories, and virtualized environments. Data can be restored to any backup point for scenarios such as virus intrusion, erroneous deletion, software and hardware failures. By configuring the corresponding backup strategy, the backup can be carried out automatically on a regular basis with no impact on the business, and cross-region replication is supported to achieve remote disaster recovery.

Next, let's take a look at the cloud database RDS for MySQL. RDS for MySQL provides high throughput and high concurrency, and can support a large number of connections through fast response. Combined with ELB and multiple ECS, a highly available business system can be established at a relatively low cost.

Through the database management DAS service provided by Huawei Cloud, data administrators can avoid client-side management of data, such as additions, deletions, queries and modifications of databases and data tables, as well as routine operational operations. DAS also supports SQL scripts to manage data. In addition to common relational database products, Huawei Cloud also provides GaussDB database and document database to meet the needs of different business scenarios and facilitate the data storage needs of different types of business.

In terms of network security, Huawei Cloud website High availability solution provides Web application firewall WAF and Anti-DDoS traffic cleaning. WAF mainly deals with data disclosure, 0day vulnerabilities, CC attacks and web page tampering. Among them, data leakage generally attacks business websites through SQL injection, web Trojans and other means, often resulting in database intrusion and core business data theft. There are also malicious attackers who exploit 0day vulnerabilities that break out in third-party frameworks or plug-ins. In addition, there are common CC attacks, which occupy core resources for a long time by issuing a large number of malicious CC requests, so that the computing power of the server can not be released, resulting in slow or interrupted business operation.

Web page tampering is that attackers leave a back door or tamper with web content on the website server through related technologies, resulting in business interruption or other negative effects.

WAF is an important security guarantee for the high availability of websites. WAF intelligently identifies the characteristics of malicious requests and protects against unknown threats through machine learning, which can effectively prevent websites from malicious attacks and intrusions. If the public network traffic of a website is filtered by WAF, malicious attack traffic will be blocked, and normal traffic will be returned to the origin server IP.

In order to solve the problem of data leakage, we use SQLMap simulation to carry out SQL injection attack on Yunyao L instance. We can see that in the WAF console, after the SQL injection attack occurs, WAF quickly detects the attack and locates the attacked site, the original IP and the attacked URL to accurately prevent the attack.

For 0day attacks, WAF supports repairing high-risk vulnerabilities within two hours at the earliest, and the cloud automatically updates the latest protection rules to ensure business security. For large-scale CC request attacks, WAF uses a speed limit strategy for malicious IP or Cookie to accurately identify CC attacks to ensure business security; WAF also has special detection for web page tampering to prevent website servers from being injected with malicious code and protect website visitors and page content security. The above security barriers against malicious attacks can be well intercepted by WAF.

DDoS attacks are also common network security attacks. The controlled "meat machine" maliciously launches large-scale requests to the business host, resulting in the business unable to respond to these requests, resulting in the exhaustion of the computing power of the business system, network congestion, and affecting the access and use of normal users. After we deployed the relevant business, the server was quickly subjected to a wave of DDoS attacks. Anti-DDoS quickly monitored and cleaned the malicious attack traffic to effectively deal with all kinds of DDoS attacks and ensure business continuity.

Currently, Huawei Cloud Anti-DDoS provides 4-7 layers of attack defense, and provides more than 5T DDoS high-imitation overall defense capability, the highest 600GB defense capability of a single IP, and the use method is also very simple. Users only need to bind EIP to achieve defense support for DDoS after purchase. For large sites with larger business scenarios, you can purchase other products of native protection or DDoS high defense.

For more intuitive overall control of cloud resources, Huawei Cloud also provides cloud monitoring CES to achieve real-time monitoring, timely alarm, resource grouping, site monitoring and other capabilities of Huawei cloud resources, making it convenient for operation and maintenance personnel to respond to various emergencies in a timely manner, so as to ensure high availability of websites and businesses.

CES uses policy configuration. Once the alarm triggers the relevant rules, it triggers the auto scaling of the server and automatically expands or reduces the capacity. For malicious login behavior, you can also trigger warnings and deny access to the corresponding IP, through fine-grained monitoring to achieve global control of network traffic indicators.

CES can be easily deployed to customize and monitor key business indicators. At present, more than 80 cloud services and thousands of resource indicators on Huawei Cloud can be effectively managed and monitored, including elastic cloud servers, bandwidth, databases and other services. The above many service combinations constitute a highly available solution for Huawei's cloud website, which brings a strong guarantee for the business persistence of all kinds of enterprises.

The high availability solution of Huawei Cloud website integrates the computing, network, storage, security, monitoring and other capabilities of Huawei's cloud service core, and the general solution is universal. For small and medium-sized enterprises, deploying business on the cloud is also more simple and efficient.

Using ELB+2 ECS to deploy OA system, and using RDS master / slave instances and CBR cloud backup, you can quickly build a business core platform to achieve minute-level deployment, while greatly reducing the workload of customers' operation and maintenance side. For small and medium-sized enterprises, a stable and robust business environment is conducive to the rapid deployment and iteration of their business.

The high availability solution for Huawei Cloud website well solves the problems such as the risk of business interruption caused by a single point of failure of the server, the complexity of operation and maintenance management of self-built clusters, and the difficulty in responding to large-scale requests. Because Huawei Cloud technology architecture is adopted in the whole stack, the overall cost is lower, and the functional products are more abundant. Products can be selected according to business needs at any time.

The high availability of websites is very important for business continuity, and we see that Huawei Cloud's complete solution provides reliable high availability and stability for enterprises. With the continuous development and popularization of cloud computing technology, it is believed that Huawei cloud high availability solutions will be applied in more industries to provide better services for enterprises.

Coincides with Huawei Yunshuang 11 marketing season, Yunyao L instance starts special second kill, 2-core 2G 3M specification 29 yuan / March, 88 yuan / year, 2-core 4G 5m specification only 1000 yuan / 3 years, the new 4-core 8G 6m specification 498 yuan / year can start, affordable more practical, and then in Huawei cloud procurement, 618 marketing season, 828 B2B enterprise festival and other activities to bring a lot of concessions. In addition, HuaWeiYun also provides 10,000 yuan Shangyun gift packages for individual developers and enterprises, as well as combined packages, raffles and full gifts for different business scenarios to accelerate enterprise innovation and development.

Activity address: click here to enter

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

IT Information


© 2024 SLNews company. All rights reserved.