Shulou(Shulou.com)11/24 Report--

I. Preface

In the current technological environment, almost every company depends on the Internet, and the Internet has penetrated into all aspects of our lives. Whether it is e-commerce, stock trading, live broadcast platform, or the ticket purchase APP used to take the subway and bus, can not do without the support of the Internet. It can be said that we are in a completely digital era.

However, have you ever thought about such a question: if the App or stock market trading system we use to buy public transport tickets crashes for only 5 minutes during busy working hours, how much impact and loss will it cause?

Therefore, in such a highly dependent on the Internet today, the stability and high availability of Internet applications is very important! Even if the downtime is only one minute, it may bring huge losses and customer loss. Ensuring high availability is not an easy task. It requires a lot of manpower, material resources, as well as software and hardware investment. Therefore, considering various costs and technical difficulties, many enterprises choose to migrate applications to the cloud, hoping that cloud service providers can solve these complex and difficult problems.

With the gradual increase in the number of our customers, our company has also decided to go to the cloud to ensure the stability and high availability of the website. Recently, cloud service providers are carrying out the biggest annual promotion. Our company took advantage of Huawei's Yunshuang 11 marketing season to buy a highly available solution for the website, and I have the opportunity to experience this process myself. Now I would like to share this experience with you as a reference.

2. Experience sharing of highly available solutions on Huawei Cloud website

In this product test, I use a combination of load balancing, RDS cloud database, OBS object storage, CRB cloud backup, elastic public network IP, Anti-DDos traffic cleaning and other technical services to ensure the high availability of our enterprise business.

I will take you to understand the application process step by step in the following contents:

1) load balancing

Load balancing is a crucial measure to ensure the stable operation of the business. To put it simply, load balancing provides the same application services through a group of servers rather than a single server, allocating the requests for the application services to these servers, so that these servers can be used separately without relying on other servers. This technology can effectively deal with unconventional high concurrency scenarios such as double 11. You only need to add a new server to load balancer monitoring, so as to reduce the pressure on a single server, reduce the probability of crash, and solve the problem of large concurrent access. This is also an important means to ensure the high availability of the website.

Huawei Cloud provides load balancing technology. I used two ECS with the same configuration and set the same weight for testing. Through this load balancing technology, we can effectively share the pressure of website access and improve the performance and stability of the website. When a server fails or the load is too high, the load balancer can automatically transfer the request to other healthy servers to ensure the continuity and availability of the service.

Load balancing is one of the important measures to ensure the stable operation of enterprise business. Through the reasonable configuration of load balancing, we can improve the usability and performance of the website, reduce the pressure and crash probability of a single server, and solve the problem of large concurrent access. The load balancing technology provided by Huawei Cloud can effectively meet the needs of enterprises and help enterprises easily cope with unconventional high concurrency scenarios such as double 11.

After the application deployment of the two servers is completed, the requested CVM address is changed to the elastic public network IP of the load balancer, and the result is obtained successfully:

Then do a simple stress test: use jmeter to simulate 100 users accessing the system together:

Log in to these two servers during access to view the resource usage:

First server

Second server

You can see that there is basically no difference in resource occupancy, it is distributed according to the weight we set, and both machines are used effectively.

The load balancer also provides a monitoring function for resource utilization, and there are a lot of metrics to view:

In addition, it provides a variety of allocation strategies to respond to a variety of scenario requirements:

There are also many types of billing methods: postpaid, monthly, prepaid, etc.:

When the status of the backend server is abnormal, it will be reminded as soon as possible:

2) Cloud Database RDS for MySQL

Last year, due to the surge in usage of Singles Day, our database service was seriously tight and under great pressure. There are also serious failures such as missing orders and dirty data. Even when we have a dedicated DBA, it takes a lot of time to fix the data and track the cause of the leak. Especially when troubleshooting the cause of the leak, because there is no accurate database operation log, or can not find the specific cause of the leak, so we have to do more consistency processing and prognosis plan at the code level to make up for this problem.

Because of this experience, we deeply realize how important it is to have a rapid and automatic expansion, complete information monitoring capability and stable and reliable database service. So we started to focus on the choice of cloud database products. After some comparison and consideration, I chose Huawei Cloud's RDS database.

What is RDS for MySQL?

RDS for MySQL is a relational database management system in which relational databases store data in different tables instead of all data in a large warehouse, which speeds up speed and increases flexibility.

RDS for MySQL is one of the most popular open source databases in the world. With excellent performance and LAMP, it has become an efficient solution for WEB development. Cloud database RDS for MySQL has the characteristics of ready-to-use, stable and reliable, safe operation, auto scaling, easy management, economy and practicality. Starting from June 2022, Huawei Cloud's RDS has also added the following features:

Multiple security groups, multiple Proxy features and multiple Proxy dynamic loads are supported. Here are some feature points that you find more efficient and useful in your use:

1. Intelligent DBA assistant

Huawei Cloud RDS's "intelligent DBA assistant" can help us track SQL execution information and warnings and prompts such as slow SQL, lock waiting, high stress, etc.

In "Intelligent DBA Assistant-Real-time Diagnostics", we can view the real-time status of various performance metrics:

You can also view the session information established with the database:

In "Intelligent DBA Assistant-Historical diagnosis", we can enable the real-time recording feature of SQL. When enabled, we will record every operation involving SQL. We can see the information such as the number of times and time consumed by SQL execution in the list, and filter the records to be queried according to the operation type:

two。 Senior operation and maintenance

The senior OPS provided by Huawei Cloud RDS provides very detailed metrics monitoring features, including cpu, memory, disk utilization, SQL addition, deletion, modification and query statements, and other 70 metrics to view:

If the number of CPU is not less than 8, you can also turn on the second monitoring service!

3. Parameter modification

Huawei Cloud RDS also provides a very convenient parameter modification feature, which eliminates the need for us to modify the configuration in the configuration file of the server as before:

In addition, the backup and expansion of RDS is also very convenient, you can experience it on your own.

3) Elastic public network IP EIP

Elastic public network IP (Elastic IP) provides independent public network IP resources, including public network IP address and public network egress bandwidth service. It can be flexibly bound and unbound with elastic CVM, bare metal server, virtual IP, elastic load balancer, NAT gateway and other resources to provide access to public network and be accessed by public network:

The load balancers, ECS and RDS of our above experience all need to be bound to a public network IP if they want to be accessed through the public network.

As you can see, the elastic public network IP service provided by Huawei Cloud is very flexible, and there are a variety of billing methods: it supports a variety of billing strategies, such as on-demand, bandwidth-by-bandwidth, pay-by-traffic and other billing strategies, and the prepaid price is more favorable. You can also add shared bandwidth to reduce bandwidth usage costs:

4) Elastic CVM ECS

ECS is a cloud computer service that is readily available and flexibly expanded by Huawei Cloud. There is also a very authoritative recognition in the industry: first-class certificate of compliance with cloud computing service standards, first place in the track of OCP and USCP operations optimization algorithms, 51 international list records, trusted cloud technology best practice award, next generation cloud computing technology innovation award, annual leading game cloud server, etc.

Huawei Cloud has the highest computer room security rating (Tier4) in the country and has invested billions in security equipment. In addition, there are more than 40 kinds of security services available, and special research and development on security accounts for 5% of the total R & D investment. In my previous sharing, I also mentioned that Huawei Cloud has the security standard of "no application, no data", which is why the government, institutions, three major operators, universities and other related institutions choose Huawei Cloud the most. Huawei Cloud is also the only one that can provide end-to-end cloud computing platform, from the underlying hardware and physical equipment to the construction of virtual software, all from Huawei's own research and development, and the technology has been widely recognized in the industry.

The two servers used by the above load balancer are also Huawei Cloud's ECS:

5) OBS object storage

Our company's cross-border e-commerce service needs to ensure efficient and fast access 24 hours a day, so the server is billed by bandwidth. The bandwidth speed is 10m, which is easy for daily API call access. However, 10m access to static resources (front-end websites, pictures, videos) is very small, and the concurrency bottleneck is very low. So for this part of the resources, we chose OBS to solve:

OBS is an object-based storage service that provides customers with massive, secure, highly reliable and low-cost data storage capacity without considering capacity restrictions, and provides a variety of storage types to meet the needs of customers in various business scenarios. Huawei Cloud OBS supports parallel file systems, lifecycle management, and cross-domain resource sharing, as well as data origin-pull and online decompression in some areas. When our usage scenarios require massive data storage capacity, such as big data analysis, static website hosting, online video-on-demand, gene sequencing, intelligent video surveillance, etc., using OBS can provide higher performance, lower latency and lower cost. Very cost-effective:

Huawei Cloud's OBS data persistence is up to 99.99999999% (12 9s), and business continuity is up to 99.995%. It also supports encryption, hotlink protection, fine-grained permission control and other data security features to ensure data security and credibility.

But also exclusive support for POSIX file semantics, with excellent big data performance, single-stream bandwidth of up to 300 Mbps, stronger performance!

6) CRB cloud backup

CRB is a cloud backup service, which can provide easy-to-use backup services for cloud servers, cloud disk, SFS Turbo, cloud and local file directories, and VMware virtualized environment. It can restore data to any backup point for scenarios such as virus invasion, erroneous deletion, software and hardware failures:

Huawei Cloud's cloud backup strategy is configured in a variety of dimensions, with cycle support by week, by day, and so on. Retention rules support saving by quantity, time, permanent, etc.:

Huawei Cloud's Cloud backup CBR also has the following features:

Periodic full backup: cloud backup supports regular full backup when the resource is not the first backup, which further improves the case nature of backup data and meets the needs of users for regular full backup.

Backup support to modify name: support to modify backup data name

File backup: hybrid cloud backup repository now supports cloud and local file directory backup to achieve low-cost backup on the cloud

Industry authority recognition: information security service qualification certification certificate CCRC

For data-based systems, CBR is a very appropriate choice for scenarios such as trading platforms, banks, securities and core businesses that need to be deployed on the cloud.

7) Anti-DDOS traffic cleaning and Web application firewall WAF

Anti-DDoS traffic cleaning is a service provided by Huawei Cloud against IP resources (elastic cloud servers and elastic load balancers) in Huawei cloud public network, providing protection against DDoS attacks at the network layer and application layer (such as flood flow attack protection and resource consumption attack protection). At the same time, it also provides real-time alarm for attack blocking, which can effectively improve the utilization of user bandwidth and ensure the stability and reliability of the business.

Anti-DDoS traffic cleaning detects abnormal DDoS attack traffic in time by real-time monitoring the business traffic of Internet access to the public network IP. On the premise that the normal business is not affected, the attack traffic is cleaned according to the protection policy configured by the user. At the same time, Anti-DDoS traffic cleaning generates monitoring reports for users to clearly show the security status of network traffic.

Anti-DDoS traffic cleaning can help users mitigate the following attacks:

Web server class attack

SYN Flood attacks, HTTP Flood attacks, CC (Challenge Collapsar) attacks, slow connection attacks, etc.

Game attack

UDP (User Datagram Protocol) Flood attacks, SYN Flood, TCP (Transmission Control Protocol) attacks, fragmentation attacks, etc.

Attacks on HTTPS servers

SSL DoS / DDoS attacks and so on.

Anti-DDoS also provides the following features:

Provide monitoring records for a single public network IP address, including current protection status, current protection configuration parameters, traffic within 24 hours, and abnormal events within 24 hours

Provide blocking reports for all protected public network IP addresses, and support querying attack statistics, including cleaning times, cleaning traffic, number of public network IP attacks Top10 and total blocking attacks, etc.

For security protection, Huawei Cloud also provides Web application firewall WAF:

Huawei Cloud's WAF adopts rule and AI twin-engine architecture, which integrates Huawei's latest protection rules and excellent practices by default; enterprise-level user policy customization, support for blocking page customization, multi-condition CC protection policy configuration, massive IP blacklist, etc., to help users protect more accurately and efficiently.

By detecting HTTP (S) requests, identifying and blocking SQL injection, cross-site scripting attacks, web Trojan uploads, command / code injection, file inclusion, sensitive file access, third-party application vulnerability attacks, CC attacks, malicious crawler scanning, cross-site request forgery and other attacks, protect Web applications from common Web attacks and ensure business security and stability. At the same time, it supports website anti-crawler, web page tamper-proof, sensitive information disclosure and other functions. After WAF is enabled, all public network traffic of the website passes through WAF first. Malicious attack traffic is detected and filtered on the WAF, and normal traffic is returned to the origin server IP, thus ensuring the security, stability and availability of the origin server IP:

III. Summary

The website high availability solution provided by Huawei Cloud comprehensively ensures the high availability and stability of customer business through a variety of technical means, such as load balancing, elastic scaling, high availability of database, storage backup and recovery, and network security protection.

The combination of elastic load balancer ELB and elastic CVM ECS can automatically distribute access traffic to multiple CVMs, expand the external service capability of the application system, and achieve a higher level of application fault tolerance. This combination can automatically balance the load, avoid overloading of a single server, and ensure the stability and availability of the application.

Using cloud database RDS can improve throughput and concurrency, and can support a large number of connections with fast response time. Database is the core component of many applications, so it is very important to ensure its high availability and stability. Huawei Cloud RDS Service provides high-performance and highly available database instances to meet a variety of business needs.

The combination of object storage service OBS and cloud backup CBR can bring mass storage systems with high performance, high reliability, low latency and low cost to meet the needs of individual / enterprise scenarios. This combination can ensure the security and reliability of data and avoid data loss and damage. At the same time, through the backup and recovery mechanism, the business can be restored in time to ensure business continuity.

The WAF+Anti-DDoS traffic cleaning combination of Web application firewall can provide DDoS attack protection of network layer and application layer, identify the characteristics of malicious requests and defend against unknown threats in time, and completely avoid malicious attacks and intrusions of websites by hackers. This combination can protect the security and availability of the website, improve the bandwidth utilization of users, and ensure the stability, reliability and high availability of the business.

The website built by Huawei Cloud has ultra-high availability, the unavailable time for the whole year is less than a few hours, and the access speed of the website performance has been significantly improved, reaching more than 80%. The performance is three times better than that of open source databases. In addition, Huawei Cloud also provides a variety of advantages, such as switching between master and backup seconds of the database, greatly reducing the backup time by 95%, minute-level RPO and small-time RPO, to fully ensure the high availability and stability of the database. Therefore, choosing Huawei Cloud is a wise move to ensure the high availability of the website.

It is understood that Huawei Yunshuang 11 marketing season is in progress. As of November 30, Huawei Cloud has offered a variety of preferential cloud activities for small and medium-sized enterprises, such as 10,000 yuan gift packages, roulette draw, time-limited second killing and service support programs, etc., to provide better choices and more opportunities for enterprises and individuals who need to use cloud services. If you are looking for suitable cloud products and solutions, follow Huawei's cloud official website for more details and choose the right cloud products and services according to your needs.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.