HCIA-Cloud Service V2.0 Training Material

Recommendations
 Huawei Learning Website

 http://learning.huawei.com/en
 Huawei e-Learning
 https://ilearningx.huawei.com/portal/#/portal/ebg/51
 Huawei Certification
 http://support.huawei.com/learning/NavigationAction!createNavi?navId=_31
&lang=en
 Find Training
 http://support.huawei.com/learning/NavigationAction!createNavi?navId=_trai
ningsearch&lang=en
More Information
 Huawei learning APP
版权所有© 2018 华为技术有限公司

 Hardware and software development are decoupled, but their deployment and
operation are not.
 With ecosystem chain development, hardware becomes heterogeneous, making it

increasingly difficult to manage multiple vendors.
 Enterprise informatization gravitates towards software, but the scalability and

coordination of computing, storage, and network hardware constrain software
value improvement.
 Scattered maintenance and long service failure recovery time
 Siloed development, difficult capacity expansion, and lack of scalability
 Disk-centered computing bottleneck
 I/O bottleneck causes latency and inefficient CPU utilization
 Traditional SAN engine bottleneck, including bottleneck in transmission bandwidth,

CPU processing capability, cache, and network latency
 Convergence and separation are major trends worldwide. Over the next
decade, the IT infrastructure of cloud computing will evolve from separation to
convergence.
 With the cloud OS, computing, storage, and network resources of multiple
vendors for a data center are horizontally integrated. Open and standardized
IT service interfaces are provided to the external systems, implementing
convergence by using legacy IT infrastructure.
 A new delivery model emerges providing all-in-one machines in convergent

architecture and vertical convergence of single-vendor computing, storage,
and network resources. This modularized, one-stop, high-performance, and
cost-effective model is oriented towards new infrastructure delivery.
 Customer value will manifest in the following ways regardless of IT

architecture evolution path:
 Lower TCO
 More efficient business deployment and lifecycle management
 Better business performance and user experience

 In 2013, VMware launched their server virtualization solution, vSphere.
 Amazon Web Services (AWS), a professional cloud computing service, was

launched by Amazon in 2006. It provides enterprises with IT infrastructure in the
form of web services.
 OpenStack began as a joint project of NASA and Rackspace, and was released
under the free and open-source Apache License.
 A hybrid cloud is a composition of two or more clouds (private, community, or

public) that remain unique entities but are bound together, offering the benefits of
multiple deployment models. Due to data security and control considerations,
enterprises avoid placing business-critical data on the public cloud, and prefer
hybrid clouds. Many enterprises choose to use both a public cloud and a private
cloud, and some also establish a community cloud.
Source: http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf
 On-demand self-service: Customers can deploy processing capabilities as needed,
for example, server time and networked storage. They do not need to
communicate with each service provider.
 Broad network access: Various capabilities can be obtained over the Internet, and
are accessible using standard methods from various clients, such as mobile phones,
laptops, and tablets.
 Resource pooling: The service provider's computing resources are centralized,

allowing customers to lease services. In addition, different physical and virtual
resources can be dynamically allocated or reallocated based on customer
requirements. Customers generally do not know and cannot control locations of
resources, including storage, processors, memory, network bandwidth, and virtual
machines.
 Rapid scalability: Resources can be provisioned rapidly, and be expanded or shrunk

when needed. For customers, resources that can be leased appear infinite, and can
be purchased in any amount and at any time.
 Measurable service: Services are billed based on a pay-per-use or advertisement

basis to fully use them. For example, storage, bandwidth, and computing resources
are billed by actual use each month. Fees for an organization can be broken down
to each of its departments.
 First, enterprises must consider how to innovate while optimizing their traditional
business. Cloud deployment must resolve both these issues.
 Second, cloudification is a gradual process. The cloud platform must protect

traditional business assets during transition. It is a better to adopt private cloud
and public cloud simultaneously than either of them alone.
 Third, both public and private services need to provide unified service experience
and assurance, meeting enterprise requirements for performance, reliability,
elasticity, and innovation in the Cloud 2.0 era.
 Private cloud
 A private cloud is established by an individual user or organization for

internal use. It improves resource efficiency somewhat, but does not accord
with the essence of cloud, which is social division of labor. Managed private
clouds can implement social division of labor to some extent, but cannot
ensure efficient utilization of physical resources broadly.
 Public cloud
 The public cloud is built for the public, and all registered users are called
tenants. When a tenant leaves the public cloud, the resources they had been
leasing are immediately released to a new tenant. The public cloud enables
the most thorough social division of labor and optimizes resource utilization
at the broadest scale.
 Hybrid cloud
 A hybrid cloud is any combination of public cloud, private cloud, and

community cloud, for computing, storage, or both. The public cloud has not
developed well, and private clouds are difficult to operate, deploy, and
dynamically expand. A hybrid cloud is an ideal alternative, and its market is
expected to boom in the near future.
 Community cloud
 Community clouds are another form. Because of policy and management

restrictions or risks, enterprises in sensitive industries jointly set up a shared
cloud platform.
 Centrally manage enterprise resources in public and private clouds.
 Enable service resources to flow between public and private clouds.
 Implement optimal resource configuration using the hybrid cloud.
 Implement disaster recovery management in the hybrid cloud.

 The IaaS layer provides basic computing, storage, and network services, for example, Elastic
Cloud Server (ECS).
 The PaaS layer provides application operating and development environments, and application
development components. The database service is a typical PaaS service.
 The SaaS layer provides software functions through a web interface. Office 365 is a typical
SaaS service.
 This is the common pursuit of public clouds.
 Huawei ensures strict privacy and security for data and applications, and increases efforts in the
cloud-native PaaS layer.
 Cloud computing emerged in 2006, and Huawei proposed the concept of Cloud 2.0 in 2016.
 In its first decade, cloud computing was dominated by Internet companies providing
standardized Internet cloud services. Internet applications had to be adapted to those services.
 In its second decade, cloud computing technology and markets matured. An increasing
number of enterprises and industries began to use the cloud to carry their traditional services
and core services. They adopted cloud services providing Big Data, AI, and IoT capabilities,
which promoted business innovation. In the Cloud 2.0 era, cloud services are standardized but
also customizable to meet specific industry needs. Enterprises now lead cloudification.
 Huawei provides carriers with public cloud solutions, and carriers retail the services, for
example, Tianyi Cloud 3.0.
 A government and enterprise cloud is designed with those customers’ unique requirements in
mind.
 For consumers, Huawei provides HUAWEI CLOUD services.

 A full portfolio of cloud products and solutions, with public cloud as the core, is designed to
set up an open hybrid architecture, fostering an industry cloud ecosystem.
 ABCD
Let's look at this stack from the bottom up.
 HUAWEI CLOUD uses superior software and hardware. Its chips, servers, storage
devices, and network devices, as well as the virtualization, cloud management, big
data, and AI platform software offer extraordinary performance.
 HUAWEI CLOUD provides high-quality services covering computing, storage,

network, security management, database, data analysis, AI, and IoT.
 HUAWEI CLOUD is trustworthy. Huawei collaborates with many partners to jointly

innovate industry solutions and provide consulting, delivery, and O&M services.
OpenStack enhancements
1. Commercial utilities
 Management node HA/DR
 Scalability and reliability (DB/MQ clusters)
 Installation/Upgrade/Log/Stack trace/...
2. Cascading FusionSphere OpenStack
 Multi-site, multi-vendor
 Unified FusionSphere OpenStack APIs
 DRaaS
 FusionSphere OpenStack APIs to application management
3. Huawei KVM
 Interrupt aggregation
 Real-time hardware failure notification
4. Security hardening
5. Converged storage
 Fault detection mode
 1/10 to 1/5 network I/O latency
 Synchronous data replication
6. Converged network
 High performance EVS
 High performance
 Support for both IPv4 and IPv6
7. Nova
 Security group enhancement
 Port binding
 Enhanced Nova scheduling

 A region is a distinct geographic area. Regions are divided by geographic location
and network latency. (Within a region, public services, such as shared storage,
images, and software repositories, are globally shared.)
 An availability zone (AZ) contains one or multiple physical data centers. Each AZ
has independent cooling, fire extinguishing, moisture-proofing, and electricity
facilities. Within an AZ, computing, network, storage, and other resources are
logically divided into multiple clusters. All AZs in a region are interconnected using
high-speed optical fibers, meeting the requirements for deploying cross-AZ HA
systems, such as cross-AZ object storage, VPC network interconnection, and EIP.
The network latency between AZs in a region is less than 1 to 2 ms, and that within
an AZ is less than 0.2 to 0.3 ms.
 A region can have multiple AZs, and each AZ is a physical fault domain.
 HUAWEI CLOUD constantly improves its existing services and provides new services. It leverages state-of-the-art
technologies to enable enterprises to use the latest commercial services without investing in IT R&D themselves.
 As of December 2018, there were about 150 cloud services under 18 categories.
 Wide selection of ECS types: General-purpose, computing-optimized, high-
performance computing, memory-optimized, disk-intensive, and GPU-accelerated
 Support for large CPU specifications
 Full image types: Windows and various Linux images
 Diverse EVS disks: common I/O, high I/O, and ultra-high I/O (SATA, SAS, and SSD)
 High security: VPC, WAF, VSS, and Anti-DDoS
 High reliability: Automatic migration, multiple data copies, data backup and
restoration
 Elastic scaling: scale in/out and up/down, flexible AS policies

Huawei provides a wide range of NVIDIA GPU-based ECSs with high performance,
leading the industry.
Auto Scaling (AS) uses preset policies to automatically scale service resources up or down based on service
requirements. You can configure scheduled, periodic, and monitoring policies to enable AS to automatically scale
the number of ECS instances, ensuring stable and healthy service running.
Only applications that are stateless and can be horizontally scaled can run on ECS instances in an AS group. AS
automatically releases ECS instances. Therefore, the ECS instances in AS groups cannot save application status
information (such as sessions) and related data (such as database data and logs).
 High reliability
 The multi-data-copy mechanism provides ultra-high (99.99995%) data

durability, ensuring high security and reliability.
 High performance
 Provides ultra-high I/O EVS disk (SSD storage).
 Large capacity
 Offers ultra-large capacity block storage.
 Rich specifications
 EVS provides common I/O, high I/O, and ultra-high I/O disks to meet
different service requirements.
 Quick scaling
 EVS disks can be created and attached to ECSs anytime, anywhere,

supporting minute-level capacity expansion.
 This figure shows the FusionStorage product architecture.

The backup source is the EVS disks and the destination is the object storage.
Both full backup and incremental backup are used in most storage solutions.
Block storage
 LUN/Volume
 Must be attached to servers.
File storage
 File system: has partitions, directories and sub-directories.
 File: Files can be opened and modified.
 Applies to file sharing on a LAN.
OBS
 Bucket: provides storage space, working similarly to a folder but
without the directory structure.
 Applies to Internet mass data storage services with smooth and

seamless capacity expansion requirements. Files are encapsulated
and cannot be directly opened or modified in buckets. You can
only upload files to or download files from buckets. OBS can
store videos, music, images, data, and emails on the Internet.
 OBS application scenarios
 Enterprise backup and archive
 Static website hosting
 Cloud native applications
 Big data analysis
 Enterprise cloud box

 VPCs enable network isolation of a tenant or between tenants. By default, ECSs in a
VPC cannot communicate with the Internet. To enable ECSs to provide Internet-
accessible services, you need to buy network resources enabling Internet access,
such as EIPs.
 ELB provides both layer 4 (TCP) and layer 7 (HTTP) access traffic distribution and
load balancing.
 Compared with hardware load balancing devices, ELB works out-of-the-box, and is
cost-effective and easy-to-manage. However, high-end hardware load balancing
devices provide comprehensive functions and high performance.
Anti-DDoS enables you to customize and monitor your own traffic cleaning
parameters. It provides a management console, on which you can centrally and
flexibly configure this service and monitor resources. Anti-DDoS also features robust
reliability based on the active/standby deployment mode. To be specific, Huawei
Anti-DDoS:
 Allows you to configure and modify Anti-DDoS parameters (such as total requests
per second, HTTP requests per second, and connections per source IP address) for
public IP addresses.
 Protects public IP addresses of ECSs and load balancers.
 Monitors and visualizes monitoring information about each public IP address, such
as the current defense status, defense parameters, traffic over the past 24 hours,
and anomalies (cleaning events and black holes) over the past 24 hours.
 Provides weekly security reports. You can query DDoS defense information,
including the cleaning traffic, number of intercepted DDoS attacks, and top 10
frequently attacked ECSs in a week, generated over the past four weeks. Receives
and analyzes logs reported by anti-DDoS devices and displays the results on the
management console.
 A zero-day vulnerability is an undisclosed software vulnerability that hackers can
exploit to adversely affect computer programs, data, additional computers, or a
network.
 It is known as a "zero-day" because it is not publicly reported or announced before

becoming active and being discovered, leaving the target's with zero days in which
to create patches or devise workarounds to mitigate it.
Web shell: A web shell is a script that can be uploaded to a web server to enable
remote administration of the server. Infected web servers can be either Internet-
facing or internal, where the web shell is used to pivot further to internal hosts.
 The dashboard visualizes metrics directly and enables you to switch to other
functions.
 Instance monitoring enables you to view all monitored ECSs, instances, and
metrics.
 You can also configure alarm rules to define how alarms will be generated.
 You can add metrics to or remove them from a dashboard.

 HUAWEI CLOUD launches DevCloud, a cloud-based development platform, for
software enterprises and traditional enterprise software development
departments.
 Huawei has a large R&D system. By integrating Huawei's R&D experience,

advanced development tools, and cutting-edge R&D ideas, Huawei DevCloud
provides enterprise developers with a complete R&D suite to make software
development easier and more efficient.
 Huawei DevCloud provides enterprises with a one-stop platform for application
design, development, testing, deployment, release, and operations. You can
manage the whole application lifecycle on DevCloud. DevCloud also provides
dedicated solutions for mobile, web, microservice, and IT application scenarios.
Moreover, DevCloud supports cross-region collaborative R&D of multiple
enterprises or individuals, improving overall R&D efficiency. In the education
industry, Huawei DevCloud helps universities improve teaching methods and
improve students' practical engineering capabilities. Huawei has accumulated a
large number of industry application development practices on DevCloud for
enterprises and developers to use.
 High security and reliability:
 The first in the industry to enable HA for all components and to support
remote DR at a distance of over 1000 km.
 Huawei big data platform is the first in China to meet data protection
standards of the financial industry.
 Huawei's big data solution enables HA for all components from management
nodes to data nodes, ensuring zero service interruption in the event of a
single point of failure.
 High performance:
 VMs can directly access local hard disks, reducing virtualization overheads
and improving processing performance.
 The Huawei-developed CarbonData file storage format is the only top-level

open-source project accepted by the Apache community in China.
CarbonData improves multi-dimensional cross-table query threefold.
 Ease of use
 To match the multi-layered tree structure of enterprise organizations, Huawei

big data provides tree-shaped multi-tenant structure to help enterprise
improve O&M efficiency, facilitate permission management, and simplify
resource control.
 A web-based SQL CLI is also provided to enable quick script debugging and
checking, freeing you from installing clients on PCs.
 Services are not interrupted during resource scaling, which can be

performed within minutes.
 High-quality services: Huawei leverages its local delivery teams worldwide as

well as more than 1000 R&D experts in eight R&D centers distributed in
different areas worldwide to provides 24/7 support.
 Based on its basic computing capabilities, HUAWEI CLOUD EI will provide 45 services and 142 functions,
including essential platform services, general APIs, advanced APIs, and pre-integrated solutions.
 These services can handle all scenarios, serving senior data scientists, data engineers, IT engineers, service
development personnel, and much more. In addition, with in-depth implementation of industry-tailored AI, such
capabilities are increasing rapidly.
58
 Answer: ABC
69
74
81
82
83
88
89
90
91
92
1. Visit https://intl.huaweicloud.com/.
2. Click Register in the upper right corner of the page.
3. Enter basic user information as prompted and click Register.

1. Visit HUAWEI CLOUD at https://intl.huaweicloud.com/.
2. In the right corner of the homepage, click Log In.
3. Enter the user information and password, and click Log In.
 You can view, purchase, use, and operate various HUAWEI CLOUD service products
after you have logged in to the management console.
 The management console manages various services such as computing, storage,
network, security, management and deployment, application services, databases,
data analysis, enterprise applications, and DevCloud.
 It allows you to add a maximum of seven commonly used services to your

favorites. You can quickly access these favorite services via the shortcut.
 You can switch the region to which HUAWEI CLOUD belongs by selecting a region
from the region drop-down list.
 Move the pointer over the username in the upper right corner. On the pop-up
menu, choose a user management option as needed.
 Identity and Access Management (IAM) provides identity authentication and
permission management. It is a self-service cloud resource management system
for enterprises.
 With IAM, you can manage user accounts and control their access to your
resources. When multiple users in your enterprise perform collaborative operations
on resources, IAM allows you to grant only necessary permissions to those users.
IAM ensures user account security and reduces security risks for your enterprise
information by allowing you to set login verification policies, password policies,
and access control lists (ACLs).
 On the management console homepage, choose Computing > Elastic Cloud
Server.
 On the ECS management console, buy an ECS, view or modify ECS information, or
perform other operations.
 For more information, visit https://support-intl.huaweicloud.com/.

 On the management console homepage, choose Storage > Elastic Volume
Service.
 On the EVS management console, attach or detach an EVS disk, expand disk
capacity, create EVS backups, delete an EVS disk, or perform other operations.
 For more information, visit https://support-intl.huaweicloud.com/.

 Answer: B
An Elastic Cloud Server (ECS) is a computing server consisting of vCPUs, memory,
image, and Elastic Volume Service (EVS) disks that allow on-demand allocation and
elastic scaling. ECSs integrate Virtual Private Cloud (VPC), virtual firewalls, and multi-
data-copy capabilities to create an efficient, reliable, and secure computing
environment. This ensures stable and uninterrupted operation of services. After
creating an ECS, you can use it like using your local computer or physical server.
 Stability and Reliability: ECSs are automatically migrated to functional hosts after
a fault, ensuring 99.95% service availability. Multiple copies of your data are kept,
ensuring 99.9999999% data persistence.
 Security: Security group rules protect the network from viruses and Trojans.
Security services such as Anti-DDoS, WAF, and VSS are included to further enhance
ECS security.
 Competitive Advantage: Huawei leverages years of hardware development and

customization experience to ensure an optimal user experience based on Huawei's
proprietary virtualization technology.
 Auto Scaling: ECS specifications and bandwidths can be adjusted to meet service
and cost requirements at any time. Excellent computing performance is ensured
through ECS+BMS networking.
 vmall.com:
https://www.huaweicloud.com/cases/1510998940064.html?from=https%3A%2F%2
Fwww.huaweicloud.com%2Fcases.html
 Yonyou Telecom:
https://www.huaweicloud.com/cases/1437036888_114.html?from=https%3A%2F%
2Fwww.huaweicloud.com%2Fcases.html
 China Pacific Property Insurance Co., Ltd.:

https://www.huaweicloud.com/cases/1444907376_145.html?from=https%3A%2F%
2Fwww.huaweicloud.com%2Fcases.2.html
 Shanghai International Port Group:

https://www.huaweicloud.com/cases/1514020689641.html?from=https%3A%2F%2
Fwww.huaweicloud.com%2Fcases.html
 General computing ECSs provide basic vCPU performance and a balance of
computing, memory, and network resources. These ECSs are suitable for many
applications, such as web servers, enterprise R&D, and small-scale databases.
 Compared with general computing ECSs, the general computing-plus ECSs provide
the combinations of vCPUs and memory with larger specifications, offering more
options for you to select. In addition, the ECSs use latest-generation network
acceleration engines and DPDK rapid packet processing mechanism to provide
higher network performance, meeting requirements in different scenarios.
 General-entry ECSs provide a balance of computing, memory, and network

resources and use the vCPU credit mechanism to ensure the baseline level of
computing performance. They are suitable for applications requiring burstable
high performance while keeping costs low.
 Memory-optimized ECSs have a large memory size and provide high memory
performance. They are designed for memory-intensive applications that process a
large amount of data, such as precision advertising, e-commerce big data analysis,
and IoV big data analysis.
 Large-memory ECSs provide an even larger amount of memory than memory-

optimized ECSs. They are used for applications that require a large amount of
memory, rapid data switching, low latency, and process large volumes of data.
Large-memory ECSs provide large memory and high computing, storage, and
network performance.
 Disk-intensive ECSs are designed for applications requiring sequential read/write on
ultra-large datasets in local storage (such as distributed Hadoop computing) as well as
large-scale parallel data processing and log processing.
 Ultra-high I/O ECSs use high-performance local NVMe SSD disks to provide high storage
IOPS and low read/write latency. The ratio of vCPU to memory is 1:8. You can create such
ECSs with high-performance NVMe SSD disks attached on the management console.
Ultra-high I/O ECSs can be used for high-performance relational databases, NoSQL
databases (such as Cassandra and MongoDB), and ElasticSearch.
 High-performance computing ECSs provide a large number of CPU cores, large memory
size, and high throughput. These ECSs are suitable for high-performance processor
applications restricted by computing performance.
 Ultra-high performance computing ECSs are designed to meet high-end computational

needs, such as industrial simulation, molecular modeling, and computational fluid
dynamics. In addition to the substantial CPU power, the ultra-high performance
computing ECSs offer diverse options for low-latency RDMA networking using EDR
InfiniBand NICs to support memory-intensive computational requirements.
 GPU-accelerated cloud servers (GACSs) provide outstanding floating-point computing

capabilities. They are suitable for scenarios that require real-time, highly concurrent
massive computing.
 An FPGA-accelerated cloud server (FACS) provides a tool and environment for

developing and using FPGA. With it, you can easily develop FPGA accelerators, deploy
FPGA-based services, and provide easy-to-use, cost-effective, agile, and secure FPGA
cloud services.
Purchase an ECS in five steps. The following slides will illustrate each step in detail.
 Yearly/Monthly: After you specify the ECS configuration, HUAWEI CLOUD deducts the fees
incurred at one time from your account based on the service price.
Note: Yearly/Monthly ECSs cannot be deleted. They support only resource unsubscription. If an ECS is
no longer used, switch to the Elastic Cloud Server page, click More in the Operation column of this
ECS, and select Unsubscribe to unsubscribe it.
 Pay-per-use: After you specify the ECS configuration, HUAWEI CLOUD deducts the fees incurred
from your account based on the service duration.
 Click Image.
 Public image: A public image is a standard, widely used image. It contains an OS and
preinstalled public applications and is available to all users. You can configure the
applications or software in the public image as needed.
 Private image: A private image is an image available only to the user who creates it. It
contains an OS, preinstalled public applications, and the user's private applications. Using a
private image to create ECSs removes the need to configure multiple ECSs repeatedly.
 Shared image: A shared image is a private image shared by another user.
 Marketplace image: The Marketplace is a store where you can purchase third-party images
that have the OS, application environment, and software pre-installed. You can use the
images to deploy websites and application development environments with a few clicks,
and no additional configuration operation is required.
 Set Disk.
A disk can be a system disk or a data disk. When creating an ECS, you can add up to 24 disks with
customized sizes to it. After the ECS is created, you can add up to 60 disks to such a newly created ECS. The
system disk size of a P1 or P2 ECS must be greater than or equal to 15 GB. It is recommended that the
system disk size be greater than 40 GB.
 System disk: If the image based on which an ECS is created is not encrypted, the system disk of the
ECS is not encrypted. In addition, Unencrypted is displayed for the system disk on the page. If the
image based on which an ECS is created is encrypted, the system disk of the ECS is automatically
encrypted. For details, see section (Optional) Encryption-related parameters.
 Data disk: You can create multiple data disks for an ECS and configure sharing and encryption for
each data disk.
 SCSI: indicates that the device type of the data disk is SCSI.
 Share: indicates that the EVS disk is shared. Such an EVS disk can be attached to multiple
ECSs.
 Encryption: indicates that the data disk is encrypted. For details, see section (Optional)
Encryption-related parameters.
 (Optional) Encryption-related parameters: To enable encryption, click Create Xrole to grant KMS
access rights to EVS. If you have rights granting permission, grant the KMS access rights to EVS. If
you do not have the permission, contact the user having the security administrator rights to grant
the KMS access rights.
 Encrypted: indicates that the EVS disk has been encrypted.
 Create Xrole: grants KMS access rights to EVS to obtain KMS keys. After the rights
are granted, follow-up operations do not require granting rights again.
 KMS Key Name: specifies the name of the key used by the encrypted EVS disk. By
default, the name is evs/default.
 Xrole Name: EVSAccessKMS: specifies that rights have been granted to EVS to
obtain KMS keys for encrypting or decrypting EVS disks.
 KMS Key ID: specifies the ID of the key used by the encrypted data disk.
 VPC: provides a network, including subnet and security group, for an ECS. You can select an
existing VPC, or click VPC and create a desired one.
Note: Ensure that DHCP is enabled in the VPC to which the ECS belongs.
 Security Group: controls ECS access within or between security groups by defining access rules.
This enhances ECS security.
 NIC: includes primary and extension NICs. You can add multiple expansion NICs to an ECS and
specify IP addresses for them (including primary NICs).
 EIP: A static public IP address bound to an ECS in a VPC. Using the EIP, the ECS provides services
externally.
The following options are provided:
 Not required: Without an EIP, the ECS cannot access the Internet and is used only in the
private network or cluster.
 Automatically assign: The system automatically assigns an EIP for the ECS. The EIP provides
exclusive bandwidth that is configurable.
 Use existing: An existing EIP is assigned for the ECS. When using an existing EIP, you cannot
create ECSs in batches.
 Type: When changes occur on a network using static BGP, network configurations cannot be promptly
adjusted to ensure optimal user experience. When changes occur on a network using dynamic BGP,
network configurations can be promptly adjusted using the specified routing protocol, ensuring network
stability and optimal user experience.
 Bandwidth Type: This parameter is mandatory if EIP is set to Automatically assign.
 Exclusive bandwidth: The bandwidth can be used by only one EIP.
 Shared bandwidth: The bandwidth can be used by multiple EIPs.
 Billed By: This parameter is mandatory if EIP is set to Automatically assign. It indicates the bandwidth
billing mode of the purchased EIP, which includes the following options:
 Bandwidth: You are charged by the purchased bandwidth.
 Traffic: You are charged based on the actual traffic you have used.
All OSs support key-authenticated ECS logins.
 Windows:
Login using VNC: If no EIP is bound to an ECS, you can remotely log in to the ECS on the
management console.
Login using MSTSC: This option applies only to ECSs running Windows. You can run the mstsc
command on a local computer to log in to an ECS. Ensure that the ECS has an EIP bound.
 Linux:
Login using VNC: If no EIP is bound to an ECS, you can remotely log in to the ECS on the
management console.
Login using SSH: This method applies only to Linux ECSs. You can use a remote login tool, such as
PuTTY, to log in to the ECS. Ensure that the ECS has an EIP bound.
Note: Both an SSH key and an SSH password can be used for logins.
 Method 1: A single ECS or multiple ECSs can be processed in a batch.
 Method 2: Only a specified ECS can be processed.

Perform the following operations to modify ECS specifications:
1. Log in to the management console.
2. Under Compute, click Elastic Cloud Server.
3. On the Elastic Cloud Server page, view the status of the target ECS. If the ECS is
not in Stopped state, click More in the Operation column and select Stop.
4. Click More in the Operation column and select Modify Specifications. The
Modify ECS Specifications page is displayed.
5. Select the new ECS type, vCPUs, and memory as prompted.
(Optional) Set DeH. If the ECS is created on a DeH, the system allows you to change
the DeH. To do so, select the target DeH from the drop-down list. If no DeH is
available in the drop-down list, remaining DeH resources are insufficient and cannot
be used to create the ECS with specifications modified.
6. Click OK.
7. Confirm the modified configuration. Read and select the service agreement, and
then click Submit.
 The one-click password reset plug-ins are CloudResetPwdAgent and
CloudResetPwdUpdateAgent.
 Do not delete the CloudResetPwdAgent or CloudResetPwdUpdateAgent process

after the plug-ins are installed. Otherwise, one-click password reset will not be
available.
 Auto Scaling (AS): automatically adjusts ECS service resources based on the
configured AS policies. This improves resource usage and reduces resource costs.
 Elastic Load Balancing (ELB): automatically distributes traffic to multiple ECSs.
This enhances system service and fault tolerance capabilities.
 Elastic Volume Service (EVS): enables you to attach EVS disks to an ECS and
expand their capacity.
 Virtual Private Cloud (VPC): enables you to configure internal networks and
change network configurations by customizing security groups, VPNs, IP address
segments, and bandwidth. This simplifies network management. You can also
customize the ECS access rules within a security group and between security
groups to strengthen ECS security protection.
 Image Management Service (IMS): enables you to create ECSs using images. This
improves the efficiency of ECS creation.
 Dedicated Computing Cluster (DCC): To physically isolate your ECS, apply for a
DCC before creating the ECS. After you obtain the DCC and set a region for it, your
ECS is automatically allocated to the DCC.
 Cloud Eye: allows you to check the status of monitored service objects after you
have obtained an ECS. This can be done without requiring additional plug-ins be
installed.
 Data Encryption Workshop (DEW): The encryption feature relies on DEW. You
can use an encrypted image or EVS disks when creating an ECS. In such a case, you
are required to use the key provided by DEW to improve data security.
 Cloud Trace Service (CTS): allows you to record ECS-related operations for later
query, audit, and backtrack.
 Cloud Server Backup Service (CSBS): protects ECS backups. CSBS backs up all EVS
disks of an ECS, including the system disk and data disks, and uses the backup
to restore the ECS.
 Answer:
 B
 B
 For example, a company may offer a web application for buying train tickets which
runs on the public cloud. This application is rarely used during Q2 and Q3 because
there aren't many travelers, but it is frequently used during Q1 and Q4 because
many people travel over the holidays. In most cases, servers are added to increase
the processing capability, or applications are added to process the requests
together, thereby meeting service requirements. However, these two solutions may
waste resources or struggle to meet demand spikes. After you enable AS for an
application, AS automatically adjusts the number of servers based on requirements
to reduce cost and meet demand spikes.
 AS dynamically scales two types of resources: ECSs and EIP bandwidths.
 You can configure alarm, scheduled, and periodic policies to enable AS to automatically scale
your ECS and bandwidth resources.
 AS adjusts resources with either of the following methods: triggering an alarm

policy based on the data from Cloud Eye and periodically scheduling. These two
methods correspond to the alarm policy and periodic/scheduled policy,
respectively.
 The alarm policy adjusts the number of ECSs based on Cloud Eye metrics (such as
CPU usage) or adjusts the EIP bandwidth size based on inbound traffic. Periodic
and scheduled policies are applicable to scenarios where demand changes are
fixed. The number of resources can be adjusted at a specified time point or
periodically as required.
 AS scales ECSs or adjusts the EIP bandwidth size when trigger conditions are met.
 Low Cost: You are charged only for ECSs or bandwidths you use.
 High Availability: AS automatically detects the status of instances in AS groups and

replaces unhealthy instances with new instances to ensure high service availability.
 Auto Adjustment: AS automatically increases or decreases the number of instances

based on scheduled, periodic, or alarm-triggered policies. The instances newly
added to an AS group can be automatically bound to a listener, which
automatically distributes access traffic across all instances in an AS group.
 Visual Management: Visual management intuitively displays monitoring graphs

and scaling actions for each AS group for easier O&M management and service
change prediction.
 Region: specifies the geographic area where the AS group is located.
 Max. Instances and Min. Instances: specify the maximum and minimum number
of ECSs in the AS group.
 Expected Instances: specifies the expected number of ECSs in the AS group.

 VPC: provides a network for your instances. All instances in an AS group belong to
the same VPC.
 Subnet: specifies a network segment that manages ECS network planes. By

default, only the instances in the same VPC subnet can communicate with each
other.
 Load Balancing: specifies a service that distributes traffic to multiple backend ECSs
based on forwarding policies. AS works with this service to improve the fault
tolerance of applications in the AS group.
 Instance Removal Policy: defines the rules for removing ECSs from the AS group.
Preferentially removing instances ensures that the remaining instances are evenly
distributed in AZs.
 EIP: specifies is a static, public IP address. After you bind an EIP to an ECS in your
subnet, the EIP will enable the ECS to communicate with Internet through a fixed
public IP address.
 Health Check Method: specifies the method for checking the status of instances in
an AS group. ECS health check and ELB health check are supported. If the AS
group uses ELB listeners, the health check method can be ELB health check.
 Health Check Interval: indicates the health check period for an AS group.
 Health Check Grace Period: After a new instance is added to an AS group, the
health check checks the running status of the instance only after the grace period
expires.
 Advanced Settings: supports notifications and tags. This is an optional
configuration.
 AS Configuration: specifies the specifications of ECS instances to be added to an
AS group. You can select an existing AS configuration or create an AS
configuration.
 Configuration Template: specifies the template of the AS configuration. You can

choose to create a specifications template or use specifications of an existing ECS.
 Specifications: specifies the specifications, including the number of vCPUs and

memory size, of the ECS instances to be added to the AS group.
 Image: An image is an Elastic Cloud Server (ECS) or a Bare Metal Server (BMS)
template that contains an operating system (OS) or service data, required
applications such as database software, and private software. Public, private, and
shared images are supported.
 Disk: provides storage functions for ECSs. You must specify system disk
parameters, including the disk I/O type and size.
 Security Group: A security group is a logical group that controls access within and
between security groups. The default security group rules allow all outbound
traffic and deny all inbound traffic.
 EIP: If a load balancer has been added to the AS group, you do not need to set this
parameter. The system automatically associates ECSs in the AS group with the load
balancer listener. These ECSs will provide services through the EIP bound to the
load balancer.
 Login Mode: specifies the login mode of ECSs. Two login modes are supported:
key pair and password.
 Advanced Settings: This parameter allows you to configure File Injection, User
Data Injection, and ECS Group.
An AS policy specifies the conditions for triggering a scaling action. AS supports the following
policies:
 Alarm: monitors the CPU usage, memory usage, inband incoming rate, and disk read/write
rate of ECSs to dynamically increase or decrease the number of ECSs.
 Scheduled or Periodic: adjusts the number of ECSs in an AS group as scheduled or

periodically.
In addition, multiple types of scaling policies can be configured in complex application scenarios.
A maximum of 10 scaling policies can be added to an AS group.
No limit is provided for scaling actions triggered by other scaling policies such as scheduled and
periodic policies.
The AS service adjusts the EIP bandwidth size based on bandwidth scaling policies.
 Three policy types are supported: alarm, scheduled, and periodic.
 Select an alarm policy when service peaks are unpredictable. The AS service will adjust the
number of instances in the AS group or adjust the EIP bandwidth size based on the dynamically
changed policies. The following trigger condition parameters are supported: Inbound
Bandwidth, Inbound Traffic, Outbound Bandwidth, Outbound Traffic, and Upstream
Bandwidth Usage.
 Select a scheduled or periodic policy for fixed demands.
 Cooldown Period: specifies a period of time after each scaling action is complete. After a
scaling action is triggered, the system starts to count the cooling time. During the cooldown
period, scaling actions triggered by alarms will be denied. Scheduled and periodic scaling
actions are not affected.
 AS management includes management of AS groups and AS bandwidth scaling
policies.
 AS group management includes management of AS groups, AS configurations, AS

policies, and scaling actions. The following slides will describe the operations that
can be performed.
 Bandwidth scaling policy management includes the creation, viewing, enabling,

disabling, modification, and deletion of bandwidth scaling policies.
 This slide describes the basic operations required for managing AS groups,
including creation, enabling, disabling, modification, and deletion.
 If the service scenario changes, you need to change the specifications of the ECS
instances. This can be done by changing the AS configuration of the AS group.
 To improve the fault tolerance of an AS group, you can add an ELB listener to the
group. Then, this listener will evenly distribute access traffic to all ECSs in the
group.
 For details, see the Auto Scaling User Guide.

 You can create an AS configuration either by using specifications of an existing ECS or by
creating a new specifications template.
 The AS configuration can only be copied and deleted. To modify the AS

configuration of an AS group, you can copy this configuration, modify parameters
on the copied configuration, save the copied configuration as a new one, and then
replace the AS group’s configuration with the new configuration.
 There are three major methods for resource expansion:
Dynamically expanding resources: You can configure an alarm policy to adjust

the number of instances in the AS group or the EIP bandwidth size based on the
CPU usage or inband incoming rate.
Expanding resources as planned: For predictable traffic needs, you can

configure a scheduled or periodic policy to adjust the instances in the AS group
or the bandwidth size.
Manually expanding resources: You can manually modify the expected

number of instances in the AS group to expand resources. This method cannot
be used for bandwidth scaling.
 When service demands decrease, you can also reduce resources to control costs.
AS supports the following instance removal policies:
 Oldest instances created from oldest AS configuration: The oldest instance

created based on the oldest configuration is removed from the AS group first. Use
this policy if you want to update an AS group and delete the instances created
based on early AS configurations gradually.
 Newest instances created from oldest AS configuration: The latest instance

created based on the oldest configuration is removed from the AS group first.
 Oldest instances: The earliest instance is removed from the AS group first.
 Newest instances: The latest instance is removed from the AS group first.
Manually-added instances are removed in the lowest priority, and AS does not delete
manually-added instances when removing them. If multiple ECS instances are
manually added to an AS group, AS removes the instances following the First in, First
Out rule. Specifically, the earliest-added ECS instance is removed first.
Removing instances preferentially ensures that the rest instances are evenly
distributed in AZs.
 Due to limited space, this figure only shows some metrics. The metrics not displayed include
the disks read rates, disks write rates, disks write requests, and number of instances.
 You can also view records of scaling actions in a table. All scaling actions of the AS group are
recorded in the table.
 Lifecycle hooks provide more flexible management of scaling actions. They allow
you to perform as many customized operations as you can when an instance is
added to or removed from an AS group.
 AS policy management enables you to handle diversified demands and cope with
complex scenarios.
 When a policy needs to be executed immediately but trigger conditions are not met, you
can manually execute the AS policy.
 For details about how to manage AS policies, see the Auto Scaling User Guide.
 Health checks remove abnormal instances to ensure the availability of each
instance in your AS group.
 ECS health check checks the status of each ECS and removes unavailable ones.
 ELB health check can be performed only when the AS group uses load balancing.
The ELB health check is implemented by sending heartbeat messages from the ELB
service to the backend ECS, which is more fine-grained than the ECS health check.
To ensure high system reliability, the ELB health check is recommended.
 Elastic Cloud Server (ECS): provides the servers that are scaled in or out by the AS service.
 Virtual Private Cloud (VPC): provides bandwidth data for configuring a bandwidth scaling
policy.
 Elastic Load Balance (ELB): works with AS to evenly distribute traffic to each instance in
an AS group, improving system availability.
 Simple Message Notification (SMN): promptly pushes AS group information to users so

that they cloud learn about the latest status of the AS group.
 Cloud Trace Service (CTS): records operations related to auto scaling for later query,
auditing, and backtracking.
 Cloud Eye: provides alarm conditions for triggering scaling actions when an alarm policy
is configured.
 Answers:
 Q1: ABCD
Explanation:
Dynamically expanding resources: You can configure an alarm policy to adjust

the number of instances in the AS group or the EIP bandwidth size based on the
CPU usage or inband incoming rate.
Expanding resources as planned: For predictable traffic needs, you can

configure a scheduled or periodic policy to adjust the number of instances or
the bandwidth size.
Manually expanding resources: You can manually modify the expected

number of instances in an AS group to expand resources. Bandwidth scaling
does not support this mode.
Automatically expanding resources: You can adjust the number of instances

and the bandwidth size by configuring AS policies, without the need to perform
manual operations.
 Q2: ABC
Explanation:
AS does not support monitoring policies. The alarm policy of an AS group uses
Cloud Eye metrics, such as CPU usage.
 Public image: This type of image contains a standard OS and pre-installed
applications, and is visible to all users. You can configure personal applications as
needed.
 Private image: This type of image is visible only to image owners, and can contains
various information depending on the type.
 Shared image: This type of image is shared by other users and can be used as your
own private image.
 Convenient: You can create a private image from an ECS, BMS, or external image
file, or use an image to batch-create ECSs or BMSs.
 Secure: Multiple redundant copies of private images ensure high data durability.
 Flexible: Images can be easily managed through the management console or APIs.
 Uniform: Images can be used to uniformly deploy or upgrade applications,

ensuring consistency in your application environments.
 Common OSs
 Common OSs include Windows, Ubuntu, CentOS, Debian, and openSUSE. For
details, see the IMS console.
 Image creation
 IMS allows you to create a private image from a server or external image file.
 Image management
 Modify private image information.
 Delete private images.
 Share private images with others.
 Server creation
 You can create one or more servers from an image.

 Public images are standard images provided by the cloud platform and can be
used to create ECSs without further configurations.
 Private images are only visible to their owners. Creating ECSs from a private image
saves you from configuring ECSs one by one. You can create a private image from
an ECS or an external image file.
 The following methods are available for you to create a private image.
 Create a system disk image from a Windows ECS.
 Create a system disk image from a Linux ECS.
 Create a system disk image from an external image file containing a Windows
OS.
 Create a system disk image from an external image file containing a Linux OS.
 Create a data disk image using an ECS data disk.
 Create a data disk image from an external image file.
 Create a full-ECS image from an ECS.
 Create a full-ECS image from an CSBS backup.

To ensure that new ECSs created from the system disk image support customization, for example,
password resetting, it is recommended that you install Cloudbase-Init on the ECS before using
it to create the system disk image.
Detailed operations are as follows:
1. Log in to the Windows ECS, choose Start > Control Panel > Network and
Internet Connections > Local Area Connection > Properties > General.
2. Select Obtain an IP address automatically and Obtain DNS server address

automatically, and click OK.
To ensure that new ECSs created from the system disk image support customization, for example,
password resetting, it is recommended that you install Cloudbase-Init on the ECS before using
it to create the system disk image.
The normal running of ECSs depends on the Guest OS driver. For Xen-based ECSs, the
Guest OS driver is a PV driver. For KVM-based ECSs, the Guest OS driver is called UVP
VMTools. To ensure that the image created from an ECS supports both Xen and KVM,
install the PV driver and UVP VMTools on the ECS.
1. On the Image Management Service page, click Create Image.
2. In the Image Type and Source area, select System disk image for Type.
3. Select ECS for Source, and then select the target ECS.
 If the ECS uses a static IP address, set the IP address obtaining mode to DHCP.
 The configuration method varies by OS. The differences are as follows:
 For Red Hat Linux, CentOS, Oracle Enterprise Linux, and EulerOS, use the vi
editor to add PERSISTENT_DHCLIENT="y" to /etc/sysconfig/network-
scripts/ifcfg-ethX.
 For SUSE Linux Enterprise, use the vi editor to set

DHCLIENT_USE_LAST_LEASE to no in /etc/sysconfig/network/dhcp.
 For Ubuntu 12.04, upgrade dhclient to 4.2.4 so that the NICs can consistently
obtain IP addresses from the DHCP server. For upgrade instructions, see the
Image Management Service User Guide.
The operations to delete network rule files are as follows:
1. Run the following command to list the files in the network rule directory:
ls -l /etc/udev/rules.d
Network rules must be deleted if the following information is displayed and the file
name contains both persistent and net:
70-persistent-net.rules
2. Run the following commands to delete the files whose names contain persistent
and net from the network rule directory:
rm /etc/udev/rules.d/30-net_persistent-names.rules
rm /etc/udev/rules.d/70-persistent-net.rules
Replace the italic part with actual values.

Before using an ECS to create an image, you are advised to install Cloud-Init on the
ECS so that new ECSs created from the image support customization. You can
download Cloud-Init from the official website, and an elastic IP address must be
bound to the ECS.
All data disks must be detached from the ECS before it is used to create an image.
Otherwise, new ECSs created from the image may be unavailable. The operations are
as follows:
1. Run the following command to check the data disks attached to the ECS:
mount
 If no formation about data disk partition is displayed, no data disks need to be
detached.
 If information similar to the following is displayed, go to step 2:
/dev/xvde1 on /mnt/test type ext4 (rw)
Ensure that no data I/O operations are being performed on the disks to be
detached. Otherwise, the detaching operation will fail.
2. Run the following command to detach the data disks from the ECS:
umount /dev/xvde1
3. Run the following command to open the fstab file in the vi editor:
vi /etc/fstab
4. Delete the data disk configuration from the fstab file.
The /etc/fstab file contains information about the file systems and storage devices
automatically attached to the ECS when it starts. The information about data disks
automatically attached to the ECS must be deleted.
5. Run the following command to recheck the data partitions attached to the ECS:
Mount
If no information about data disks is displayed, they have been successfully
detached.
1. On the Image Management Service page, click Create Image.
2. In the Image Type and Source area, select System disk image for Type.
3. Select ECS for Source, and then the target ECS.

If you have a Windows image file that meet the format and OS requirements, you can use it to
create a Windows private image.
Download OBS Browser from http://static.huaweicloud.com/upload/files/tools/OBSBrowser.zip.
 Register an uninitialized image file as an uninitialized private image.
 Register an initialized image file as a normal private image.

If you have a Linux image file that meets the format and OS requirements, you can use it to create
a Linux private image.
 Data disk images contain only your service data. You can use data disk images to export data
on data disks on an ECS.
 Data disk images can be used to create data disks for migrating your data to the cloud.
 Data disk images contain only your service data. You can use data disk images to export data
on data disks on an ECS.
 Data disk images can be used to create data disks for migrating your data to the cloud.
 You can use an ECS with data disks to create a full-ECS image. This image contains both an OS
and your service data and can be used to quickly create ECSs with service data.
 The ECS used to create a full-ECS image can be in the running state.
 The associated CSBS backup is not deleted together with the full-ECS image. You can delete
the backup on the CSBS console.
 If an ECS has been backed up through the CSBS service, its backup can be used to create an
image.
 To create a full-ECS image, you require permission to access the CSBS backup.
 The CSBS backup is not deleted with the full-ECS image. You can delete the backup on the
CSBS console.
You can shared your private images with others. If you are a DeC user, image sharing
allows you to use images in multiple projects of the same region.
 If you are an image provider, you can specify which images to be shared,
cancel image sharing at any time, and add or delete tenants who use shared
images.
 If you are the image recipient, you can choose to receive or decline shared
images, or remove images that have been accepted.
 You can create an encrypted private image using an encrypted ECS or an external image file.
 There are some restrictions on image encryption:
 Key Management Service (KMS) must be enabled.
 The key used for encrypting images cannot be changed.
 If the key is disabled or deleted, you cannot use your images.
 Encrypted images cannot be shared or released to Marketplace.
 If the ECS system disk is encrypted, the created system disk image is encrypted.
 If an ECS is created from an encrypted image, its system disk is encrypted and its key is
the same as the image key.
You can replicate images in the following scenarios:
 From an encrypted image to an unencrypted one: Encrypted images cannot be shared or

released to Marketplace. With this function, you can replicate an encrypted image to an
unencrypted one, and share the unencrypted image or release it in Marketplace.
 From an encrypted image to an encrypted one: The keys of encrypted images cannot be
changed. If you want to change the key of an encrypted image, replicate the image and
select a new key for encrypting it.
 From an unencrypted image to an encrypted one: If you have an unencrypted image and
want to encrypt it, you can use the image replication function and specify a key during
replication.
If you have created a private image in a region, you can replicate it to another region. This enables
you duplicate ECSs and migrate services across regions.
To add predefined tags to an image or search for an image using predefined tags, you must have
permission to access Tag Management Service (IMS).
Answer: ABD
 Metric values of different types of disks are different. This slide only introduces
two common metrics. For details about more metrics, visit
https://support.huaweicloud.com/en-us/productdesc-evs/en-
us_topic_0014580744.html.
 EVS disks need to be used together with servers. The application scenarios cover
the detailed services are provided as reference for users.
 For more information about the purchasing parameters, visit
https://support.huaweicloud.com/qs-evs/zh-cn_topic_0021738346.html.
 For more information, visit https://support.huaweicloud.com/en-us/productdesc-evs/en-
us_topic_0014580744.html.
 For more information, visit https://support.huaweicloud.com/en-us/productdesc-
evs/en-us_topic_0052554220.html.
Disk creation process: Creating → Available
Disk attachment process: Available → Attaching → In-use (if the attachment

succeeded)
Process of capacity expansion of an Available disk: Available > Expanding > () Process
of capacity expansion of an In-use disk: In-use → Expanding → In-use (if the
expansion succeeded)
 Answers:
 BD
 D
 VBS backups are stored on OBS and can be used to restore EVS disk data or create
EVS disks.
 By collaborating with OBS, VBS provides enhanced security to customers' backup

data.
 VBS provides snapshot-based data protection, supports online backup, and does
not require deploying agents in the service system.
 VBS supports both full and incremental backup modes. You can use a data backup
generated in either backup mode to restore the source EVS disk to the state the
EVS disk was in when the backup was created.
 An object is the basic unit of data storage in OBS. It consists of object data and
object metadata that describes object attributes. Data uploaded to OBS is stored
in buckets as objects.
 An object consists of data, metadata, and a key.
 A key specifies the name of an object. An object key is a string ranging from
1 to 1024 characters in UTF-8 format. Each object is uniquely identified by a k
ey within a bucket.
 Metadata: specifies the object description. Metadata includes system metada

ta and custom metadata. Metadata is uploaded to OBS as key-value pairs.
 System metadata is automatically generated by OBS and is used for pro

cessing object data, such as Date, Content-Length, Last-Modify, and Co
ntent-MD5.
 Custom metadata is specified by users to describe objects when the obj

ects are uploaded to OBS.
 Data is the content contained by an object.
 Generally, objects are managed as files. However, OBS is an object-based storage

service and it does not involve the file and folder concepts. For easy data
management, OBS provides a method to simulate folders. By adding a slash (/) in
an object name, for example, test/123.jpg, you can simulate test as a folder and
123.jpg as the name of a file under the test folder. However, the object key
remains test/123.jpg.
 When uploading an object, you can select a storage class for the object. If no
storage class is specified, the object is stored in the same storage class as the
bucket where it resides. You can also change the object storage class after the
object is uploaded.
 On OBS Console or OBS Browser, you can operate folders the same way as
operating them in a file system.
 OBS provides two billing modes. You can prepay for yearly/monthly packages or
pay per use. You are charged per use by default. You are charged per use by
default.
 The billing items include storage capacity, traffic, number of requests, and data
restoration. For details about billing modes, see the table.
 You need to pay for the service duration, which is calculated by hour, and does not
include a minimum fee.
 OBS provides two billing modes. You can prepay for yearly/monthly packages or
pay per use. You are charged per use by default. You are charged per use by
default.
 OBS offers packages for multi-AZ storage, common storage, downstream traffic,
and pull traffic.
 Resource packages are charged as the one-off fee and take effect immediately up
on payment. Currently, you cannot specify the date when the resource package tak
es effect.
 Yearly/Monthly subscriptions apply only to the Standard storage class.
 When a purchased package is within its validity period, any resources used are initi
ally offset by the package quota. However, when used resources exceed the packa
ge quota, subsequent resources are charged on a pay-per-use basis.
 Yearly/Monthly subscriptions cannot be automatically renewed nor unsubscribed f

rom. When a package has expired, it does not impact your operations and data sec
urity on OBS. The system automatically charges you according to the pay-per-use r
ates.
 The monthly quota of a package is cleared up by end of a calendar month. If outb

ound traffic is generated, it is offset by the quota of the traffic package first. If the
consumed traffic exceeds the package quota, the subsequent traffic is charged acc
ording to the pay-per-use rates. For example, you purchased an outbound traffic p
ackage with a monthly quota of 2 TB for 6 months on April 15. Then you have 2 TB
outbound traffic available to use from April 15 to April 30. At 00:00:00 on May 1
, you will get another 2 TB outbound traffic for use in May. If there is any remain
ing quota from the last month, it will be cleared. At 00:00:00 on June 1, another
2 TB outbound traffic is assigned to you and so forth until your purchased pack
age expires.
 OBS provides huge storage space for the video surveillance solutions. It also
provides standard, infrequent access, and archive storage classes for differentiated
data storage.
 OBS can work with the Content Delivery Network (CDN) service to provide the fast
online video playback function, large storage space, single-stream bandwidth, and
concurrent access.
 OBS provides low-cost and highly-reliable access to storage. Different storage
classes can be selected based on your specific requirements.
 By working with cloud services such as Elastic Cloud Server (ESC), Auto Scaling
(AS), Elastic Volume Service (EVS), Image Management Service (IMS), Identity and
Access Management (IAM), and Cloud Eye (CE), OBS can provide high-
performance computing (HPC) with huge capacity, large single-stream bandwidth,
and secure and reliable solutions.
 Fast upload and download
• Up to 300 MB/s single-stream bandwidth, implementing quick online import

of data
• Temporary authorization: Secure and convenient secondary distribution of

data
 Large volume data import
• 120 TB data can be migrated to the cloud with the Teleport offline data
transfer capabilities.
 Archive storage price starts from ¥0.033/GB per month
• Source data and calculation results can be stored in the Archive storage,
costing as low as ¥0.033/GB per month.
 By working with cloud service such as ECS, Elastic Load Balance (ELB), Relational
Database Service (RDS), CDN, and Domain Name Service (DNS), OBS provides the
mobile internet scenarios with solutions that have scalable resources, flexible
configurations, large capacity, reliable security, and high concurrency.
 By working with cloud services such as ECS, ELB, RDS, and Volume Backup Service
(VBS), OBS provides web disk scenarios with a storage system that allows high
concurrency, high reliability, low latency, and low cost. The storage capacity
automatically scales with the volume of data stored increases.
 An object is the basic unit of data storage in OBS. It consists of object data and
object metadata that describes object attributes. Data uploaded to OBS is stored
in buckets as objects.
 A bucket is a virtual container used to store objects in OBS. OBS provides flat
storage in the form of buckets and objects. Unlike the conventional multi-layer
directory structure of file systems, all objects in a bucket are stored at the same
logical layer.
 OBS provides the following storage classes: Standard, Infrequent Access, and
Archive. With diversified storage classes, OBS caters to customer
requirements on both storage performance and costs. When creating a
bucket, you can set a storage class for the bucket. The storage class of a
bucket can be changed as needed.
 The account provided by OBS includes the access key ID (AK) and secret access key
(SK), which are used for identity authentication. If you use a client to send a
request to OBS, the request header must contain a signature. The signature is
generated based on the SK, request time, and request type.
 An AK and an SK form a key pair used to access OBS. When OBS APIs are
used to access stored data, AKs and SKs are used to generate authentication
information.
 After subscribing to OBS, you can log in the console, and create AKs and SKs
on the My Credential page. The system identifies users who access the
system by AKs, and SKs are used for key authentication.
 An AK maps to only one user but a user can have multiple AKs.
 One SK maps to one AK, forming a key pair for accessing OBS and thereby
ensuring access security.
 To access and operate OBS resources, users must have corresponding permissions.
You can access or operate the OBS only when you have the permission to access
or operate OBS resources.
 You can configure the operation permissions for OBS resources by configuring
IAM user groups. Then users in these groups inherit the configured permissions.
 For details about how to configure IAM user group permissions, see the IAM User
Guide.
 Bucket policy application scenarios
 Get object contents.
Bucket ACLs can only be used to control permissions to obtain object lists
and upload objects, but not to obtain object contents and metadata. To ob
tain the content of an object in a bucket, you must configure the bucket po
licy (set General Settings to Public Read or configure the Customized mode
in the Advanced Settings) to grant such fine-grained permissions to users.
 Manage OBS access permissions across accounts.
Bucket ACLs are configured based on accounts and user groups and canno
t control the permissions of any specific IAM user. IAM user permission set
tings can only control cloud resource operation permissions of users under
their own accounts, but cannot manage permissions of users in other acco
unts. To grant an IAM user in an account with the access permission to res
ources under another account, you must configure a bucket policy with ad
vanced settings.
 Manage all OBS operation permissions.
A bucket ACL supports only simple permission control. For example, a buc
ket ACL cannot authorize users the permission to delete a bucket policy, b
ut a bucket policy can. Therefore, you must configure bucket policies with
advanced settings to manage all operation permissions for buckets and o
bjects.
 OBS can store multiple versions of an object. You can quickly search for and
restore different versions or restore data in the event of misoperations or
application faults.
 By default, the versioning function is disabled for new buckets on OBS. Therefore,
if you upload an object to a bucket where an object with the same name as the
uploading one exists, the new object will overwrite the existing one.
 Enabling Versioning
 Enabling versioning does not change existing objects in a bucket in terms of

object versions and contents. The version ID of an object is null before
versioning is enabled. If you upload an object with the same name as an
existing object in the bucket, OBS saves the object with a new version ID
without overwriting the existing one.
 OBS automatically allocates a unique version ID to a newly uploaded object.

Objects with the same name are stored on OBS with different version IDs.
 The latest objects in a bucket are returned by default after a GET Object
request.
 Objects can be downloaded by version IDs. By default, the latest object is

downloaded if the version ID is not specified.
 You can select an object and click Delete on the right to delete the object.
After the object is deleted, OBS generates a Delete Marker with a unique
version ID for the deleted object, and the deleted object is displayed in the
Deleted Objects list.
 You can recover a deleted object by deleting the object version that has
the Delete Marker.
 After an object is deleted, you can specify the version number in Deleted
Objects to permanently delete the object of the specified version.
 An object is displayed either in the object list or the list of deleted objects.
It will never be displayed in both the lists at the same time. For example,
after object A is uploaded and deleted, it will be displayed in the Deleted
Objects list. If you upload an object named A again, the object A will be
displayed in the Objects list, and the previously deleted object A will no
longer be displayed in the Deleted Objects list.
 All object versions except those with Delete Marker stored in OBS are
charged.
application faults.


request.

the Delete Marker.
application faults.


request.

the Delete Marker.
 Suspending Versioning
 Once the versioning function is enabled, it can be suspended but cannot be

disabled. Once versioning is suspended, version IDs will no longer be
allocated to newly uploaded objects. If an object with the same name already
exists and does not have a version ID, the object will be overwritten.
 Historical versions will be retained in OBS. If you do not need these historical
versions, manually delete them.

 All historical object versions except those with Delete Marker stored in OBS
are charged.
 Differences Between Suspending Versioning and Disabling Versioning
 If you delete an object when versioning is suspended, a null version with the
Delete Marker is generated regardless of whether the object has historical
versions. But, if versioning has not been enabled, the same operation will not
generate a version with the Delete Marker.
 Lifecycle rules have two key elements:
 Policy: You can specify the prefix of object names so that objects whose nam
es have this prefix are restricted by the rules. You can configure lifecycle rules
for a bucket so that all objects in the bucket can be restricted by the lifecycle
rules.
 Time: You can specify the number of days after which objects that have been
last updated and meet specified conditions are automatically transitioned to I
nfrequent Access, Archive, or expire and are then automatically deleted.
 Transition to Infrequent Access: You can specify the number of days af

ter which objects that have been last updated and meet specified condit
ions are automatically transitioned to Infrequent Access.
 Transition to Archive: You can specify the number of days after which o
bjects that have been last updated and meet specified conditions are au
tomatically transitioned to Archive.
 Expiration time: You can specify the number of days after which objects
are automatically deleted or the day after which an object that matches
with a rule is deleted.
 OBS allows you to access static websites hosted by OBS.
 Static websites contain static web pages and some scripts that can run on clients,
such as JavaScript and Flash. Different from static websites, dynamic websites rely
on servers to process scripts, including PHP, JSP, and ASP.NET. OBS does not
support scripts running on servers.
 Configure static website hosting according to the following procedure.
 Register a domain name.
 Create a bucket.
 Upload static website files to the created bucket.
 Configure static website hosting for the created bucket.
 Configure DNS.
 Finally, you can verify whether the static website hosting is configured
successfully by accessing the website domain name.
 After server-side encryption is enabled, objects to be uploaded will be encrypted
and stored on the server. When downloading the encrypted objects, the encrypted
data will be decrypted on the server and displayed in plaintext to users.
 KMS uses the hardware security module (HSM) to protect key security, helping you
easily create and control encryption keys. Keys are not displayed in plaintext
outside HSMs, which prevents key disclosure. All operations on keys are controlled
and logged, and usage records of all keys can be provided to meet regulatory
compliance requirements.
 The objects to be uploaded can be encrypted using SSE-DEW. You need to create
a key using Key Management Service (KMS) or use the default key provided by
KMS. Then you can use the KMS key to perform server-side encryption when
uploading objects on OBS
 OBS supports both server-side encryption with KMS-managed keys (DEW-KMS)

and server-side encryption with customer-provided keys (SSE-C) by invoking APIs.
In SSE-C mode, OBS uses the keys and MD5 values provided by customers for
server-side encryption.
 To reduce costs, some websites steal links from other websites to enrich their own
contents. Stealing links not only damages interests of the original websites but
also increases workloads on the original website servers. To resolve this problem,
URL validation emerges.
 In HTTP, a website can detect the web page that accesses a target web page using
the Referer field. As the Referer field can trace sources, specific techniques can be
used to block or return specific web pages if requests are not from trusted
sources. URL validation checks whether the Referer field in a request matches the
configured whitelist or blacklist. If the field matches the whitelist, the request is
allowed. Otherwise, the request is denied or specific pages are returned.
 To prevent data in OBS from being stolen by other users, OBS supports URL
validation based on the Referer field in HTTP headers. OBS also supports both
whitelist and blacklist settings.
 Storage space occupied by fragments in the OBS is charged, so you need to
manually clear fragments.
 For OBS Browser:
 If a file fails to be uploaded or the upload task is suspended, fragments are

generated and stored in OBS. You can resume the upload through task
management. After the resumable upload completes, the fragments will be
cleared automatically.
 You can also manually clear fragments using the fragment management
function. If you resume an upload task after clearing the fragments, the
upload progress will be lost and the task needs to be re-executed.
 OBS provides you with a variety of platforms, such as OBS Console and OBS
Browser, as well as REST APIs.
 OBS Console is a web-based GUI. Through the console, you can perform
operations on OBS resources directly.
 OBS Browser is an OBS client running on the Windows operating system. You can
use OBS Browser to manage the storage of objects on your PC.
Notes:
obscmd, APIs/SDKs will be available in Hong Kong region soon later, or you can
contact the technical support team if you have further questions.
 obscmd is an OBS client running on the Linux operating system. It allows you to
upload local files to OBS or download files from OBS. obscmd features multipart
uploading and downloading, which can greatly speed up data transmission.
 OBS SDK encapsulates APIs provided by OBS to simplify user development. Users
can directly use API functions provided by the OBS SDK to obtain the OBS service
capabilities.
 OBS provides the REST API for users to easily access OBS from web applications.
By making API calls, you can upload and download data at any time, anywhere, or
through any internet device.
 Files are uploaded in multiparts on OBS Browser. It supports the upload of a single
file with the maximum size of 48.8 TB.
 OBS Browser supports resumable transfer. If the upload task is suspended or fails,
restart the task. According to the part information recorded in the task, the
successfully uploaded parts will not be uploaded again, and other parts will be
requested for uploading.
 Answer: ABC
 Scalable File Service (SFS) provides high-performance file storage that is scalable
on demand. It can be shared by multiple Elastic Cloud Servers (ECSs). Features of
SFS are as follows:
 SFS supports NFS and CIFS protocols.
 SFS offers an intuitive graphical user interface (GUI). On the GUI, customers
can create and configure file system with ease, and conveniently deploy,
expand, and optimize file systems.
 SFS file systems feature high reliability and high availability. The performance
of a file system increases as its capacity increases. The file systems can be
widely used in media processing, high-performance computing, content
management, and home directory scenarios.
 Question：Can a File System Be Accessed Across VPCs?
 Cross-VPC access is supported for a file system of the SFS Capacity-Oriented

type.
 A file system of the SFS Turbo type in a VPC is accessible only to AZs in the
VPC.
 File sharing: ECSs in multiple availability zones (AZs) of a region can access a file
system concurrently, achieving multi-ECS access to the same file and file sharing.
 Elastic scalability: SFS can be expanded non-disruptively to meet your growing

capacity requirements, providing a constantly sufficient capacity for your data.
 Superior performance and reliability: SFS performs better as capacity grows. It

ensures high data durability of 99.999999% and adapts to business growth.
 Seamless integration: SFS supports NFS. A broad range of mainstream application

programs can read and write data in file systems.
 Easy operation and low costs: File systems are usable after easy creation. SFS is
charged by capacity use and is cost-effective.
 Creating a file system
 You can create a file system and mount it on multiple ECSs. Then data can be
shared using the file system access method.
 Mounting a file system on ECSs
 After creating a file system, you need to mount the file system to ECSs so
that ECSs can share the file system.
 Answer: ABCD
 A VPC facilitates internal network management and configuration, and allows you
to implement secure and quick network changes. You can also customize the ECS
access rules within a security group and between security groups to improve ECS
security.
 Have full control over your virtual networks, for example, creating your own
network and configuring the DHCP service.
 Create security groups as well as add inbound and outbound rules to

improve your ECS security.
 Create network ACLs as well as add inbound and outbound rules to improve
subnet security.
 Assign EIPs in a VPC and use NAT gateways connect ECSs in your VPC to the
Internet.
 Connect a VPC to your corporate data center using a VPN or Direct Connect
connection for smooth application migration to the cloud.
 Connect two VPCs in the same region using VPC peering connections.
 Large Internet applications:
 Applies to large Internet applications that leverage massive computing

capabilities and networks with ultra-high bandwidth of HUAWEI CLOUD.
 Assigns EIPs for Internet access.
 Stores user data in the corporate data center and uses a Direct Connect
connection or VPN to connect the corporate data center and HUAWEI
CLOUD.
 Universal Web Applications:
 Application scenarios: Blogs and simple websites
 Characteristics: You can host web applications and websites in a VPC and use the
VPC as a common network. You can create a subnet and create ECSs in the subnet.
You can also use EIPs to connect ECSs to the Internet for running web applications
deployed on the ECSs.
 Recommended services: VPC and ECS
 Enterprise Hybrid Cloud
 Application scenarios: E-commerce websites
 Characteristics: You can connect a VPC to your private cloud using a VPN connection.
With a VPN connection between the VPC and your traditional data center, you can
easily use the ECSs and block storage resources. Applications can be migrated to the
cloud and additional web servers can be deployed to increase the computing
capacity on a network. In this way, a hybrid cloud is built.
 Recommended services: Elastic Load balancer (ELB), VPC, and ECS
 Security-Demanding Services
 Application scenarios: Security-demanding service systems
 Characteristics: You can create a VPC and security groups to host multi-tier web
applications in different security zones. You can associate web servers and database
servers with different security groups and configure different access control rules for
security groups. You can launch web servers in a publicly accessible subnet and
database servers in non-publically accessible subnets to ensure high security and
meet requirements of security-demanding scenarios.
 Recommended services: VPC, Vulnerability Scan Service (VSS), Anti-DDoS, and ECS
 Private network customization: You can customize private subnets in your VPC and
deploy applications and other services in the subnets accordingly.
 Flexible security policy configuration: You can use security groups to divide ECSs in
a VPC into different security zones and then configure different access control
rules for each security zone. You can also create network ACLs to control traffic in
and out of associated subnets, improving subnet security.
 EIP binding: You can assign an independent EIP in your VPC. The EIP can be bound
to or unbound from an ECS as required. The binding and unbinding operations
take effect immediately after the operations are performed.
 Direct Connect/VPN access: You can use a Direct Connect connection or VPN to
connect your VPC with the corporate data center to form a hybrid network for
smooth application migration to the cloud.
 Subnet: A subnet is a network that manages ECS network planes. It supports IP address
management as well as DHCP and DNS services. The IP addresses of all ECSs in a subnet
belong to this subnet. By default, ECSs in all subnets of the same VPC can communicate
with one another, while ECSs in different VPCs cannot communicate with one another.
 EIP: An EIP is a static, public IP address. You can bind an EIP to an ECS in your subnet or
unbind the EIP from the ECS. The EIP enables your VPC to communicate with the Internet
through a fixed public IP address.
 Bandwidth: You can allocate bandwidth when assigning an EIP so that the ECS bound with
the EIP can use the bandwidth to access the Internet.
 Security group: A security group is a collection of access control rules for ECSs that have
the same security protection requirements and are mutually trusted in a VPC. After creating
a security group, you can create different access rules for the security group to protect the
ECSs in the security group. The default security group rule allows all outgoing data packets.
ECSs in a security group can access each other without the need to add rules.
 VPN: A VPN establishes an encrypted communication tunnel between a user and a VPC,
enabling the user to use resources in the VPC. By default, ECSs in a VPC cannot
communicate with your corporate data center or private network. To enable
communication between them, you can create a VPN.
 Remote gateway: A remote gateway is the public IP address of the physical device on the
remote side in an IPsec VPN tunnel. The remote gateway of each IPsec VPN must be
unique.
 Remote subnet: A remote subnet is the destination network reachable through the tunnel.
All IP packets sent to the network are transmitted through the IPsec VPN tunnel. You can
configure more than one remote subnet. The remote subnet of a VPN cannot be a subnet
in the VPC where the VPN is created.
 A VPC provides an isolated virtual network for ECSs. You can configure and
manage the network as required.
 If your ECSs do not need to access the Internet, for example, the ECSs
functioning as the database or server nodes for deploying a website, you can
configure a VPC for the ECSs by following the instructions described in
Configuring a VPC for ECSs That Do Not Need to Access the Internet in
the Virtual Private Cloud User Guide.
 If your ECSs need to access the Internet, you can configure EIPs for them. For
example, the ECSs functioning as the service nodes for deploying a website
need to be accessed by users over the Internet. Then, you can configure the
VPC of these ECSs by following the instructions provided in Configuring a
VPC for ECSs That Access the Internet Using EIPs in the Virtual Private
Cloud User Guide.
 If you need to access ECSs in a VPC over the Internet to perform

maintenance operations, you can configure a VPN. For example, a website
administrator needs to use a VPN to access ECSs functioning as service nodes
in the VPC over the Internet. Then, you can configure the VPC of these ECSs
by following the instructions provided in Configuring a VPC for ECSs That
Access the Internet Through a VPN in the Virtual Private Cloud User Guide.
 Answer: ABCD
 To route traffic, the following primary parts must be included:
 A load balancer distributes incoming application traffic across multiple

servers. Software load balancing is often implemented using Linux Virtual
Server (LVS).
 A listener specifies protocols, ports, other configurations for load balancing.
 A member is the backend server.
 A pool is a group of backend servers with the same features
 Access requests are routed to backend servers by the load balancer according to
relevant policies and forwarding rules.
 High availability: ELB features a redundant design that automatically removes
abnormal servers and routes traffic only to healthy servers, ensuring service
availability.
 High flexibility: ELB automatically expands the request handling capability based
on the traffic to applications and seamlessly integrates with Auto Scaling to meet
requirements posed by traffic changes.
 High performance: ELB can process a maximum of 100,000 concurrent requests to

meet requirements for heavy traffic, and both load balancing at Layer 4 (TCP/UDP)
and Layer 7 (HTTP/HTTPS) are supported.
 For services with high volume of traffic, such as large portals and mobile
application stores, ELB evenly distributes the access traffic to multiple backend
servers. The sticky session feature ensures that requests from the same client are
forwarded to the same backend server, improving the access efficiency.
 ELB automatically scales its request handling capacity according to the incoming
traffic. Deep integration with AS enables ELB to automatically add or remove
backend servers, improving the service flexibility. This makes ELB ideal for services
that have significant traffic peaks, such as e-commerce websites, mobile games,
and live websites.
 ELB routinely performs health checks on backend servers to monitor their healthy
state. If a backend server becomes faulty, ELB automatically distributes incoming
requests to healthy backend servers, ensuring service continuity. This makes ELB
the right choice for services that require high reliability, such as official websites,
toll collection systems, and common web services.
 ELB can distribute traffic across AZs. If an AZ becomes faulty, ELB distributes the
traffic to backend servers in other AZs that are running properly. Banking, policing,
and large application systems can use ELB to ensure high service availability.
As shown in the figure, an HTTP load balancer is created and used to provide access
through 10.0.0.6. After an HTTP request is sent, it first arrives at the load balancer,
and is then forwarded to a VM according to the rules.
2. Under Network, click Elastic Load Balance.
3. On the displayed page, click Create Load Balancer.
4. On the Create Load Balancer page, set the parameters as desired and click Next.
5. Confirm the parameters and click Submit.

3. On the displayed page, click the name of the target load balancer.
4. Under Listeners, click Add Listener.
5. In the Add Listener dialog box, set parameters as desired and click OK.
 TCP/UDP: load balancing at Layer 4
 HTTP/HTTPS: load balancing at Layer 7

 Load balancing algorithms
• Weighted round robin: Connection requests are forwarded to different servers

based on their weights, which indicate server processing performance. Backend
servers with higher weights receive proportionately more requests, whereas
equal-weighted servers receive the same number.
• Weighted least connections: In addition to the weight assigned to each backend

server, the number of connections processed by each server is also considered.
Connection requests are forwarded to the server with the lowest connections-to-
weight ratio.
• Source IP hash: The source IP address of the request is input into a hash
algorithm, and the resulting hash is used to identify a server in the static
fragment table.
 Sticky session types:
• Source IP address: The hash of the source IP address of the request is used to
identify a server in the static fragment table.
• HTTP cookie: The load balancer generates a cookie after it receives a request from
a client. All the subsequent requests with the same cookie are distributed to the
same backend server.
• App cookie: This type of sticky session relies on backend applications. All requests
with the cookie generated by backend applications are distributed to the same
backend server.
4. Under Backend Server Groups, click Add.
5. In the Add Backend Server Group dialog box, set parameters as desired and click
OK.
4. Under Backend Server Groups, click Add.
5. After selecting the backend servers, click OK.

3. Under Certificates, click Create Certificate.
4. In the Create Certificate dialog box, set the parameters and click OK.
 Click here to add a note
 Virtual Private Cloud (VPC): Creating load balancers requires elastic IP addresses
and bandwidth assigned in the VPC.
 Identity and Access Management (IAM): provides authentication for ELB.
 Cloud Trace Service (CTS): collects records of operations performed on cloud

service resources.
 Auto Scaling (AS): automatically adjusts the number of backend servers by working
with ELB according to the changes in incoming traffic.
 Cloud Eye: monitors the running of load balancers and listeners with no additional
plugins required.
 Advanced Anti-DDoS (AAD): protects load balancers against high-volume DDoS

attacks, keeping your businesses stable and reliable.
Answers: 1. ABC; 2. ABCD
 Enterprise data center hybrid cloud architecture: For banks and state-owned
enterprises, not all information can be stored on the public cloud for the sake of
security and control. However, they can store key data in the local data center and
store other data on the cloud by adopting the hybrid cloud architecture.
 Remote disaster recovery (DR): Backup systems are established in different places
and are connected through direct connections. When a disaster occurs, the system
can be restored to the normal state reliably and quickly.
 Multi-region service interconnection: Many companies deploy their IT systems in

different regions based on user distribution. Direct connections are used to
connect different regions and realize efficient and secure service synchronization.
 Viewing a direct connection: After creating a direct connection, you can view its
basic information.
 Modifying a direct connection: After creating a direct connection, you can modify
its name and remote subnet.
 This document focuses on security issues faced by tenants and security services
provided on HUAWEI CLOUD.
The main contents are as follows:
~Security issues and requirements

~Overview of HUAWEI CLOUD security services
~Benefits of HUAWEI CLOUD security services
Cloud Security Alliance<The Treacherous 12 - Top Threats to Cloud Computing
+ Industry Insights>
596
597
598
 A hardware security module (HSM) is a hardware device that securely produces,
stores, manages, and uses CMKs. In addition, it provides encryption processing
services.
 KMS is used for encrypting small-size data, large volumes of data, data in OBS, EVS,
IMS, and RDS. KPS is used for logging into a Linux ECS and obtaining the password
for logging into a Windows ECS. Dedicated HSM is used for encrypting your
service system.
 SQL injection is an attack in which malicious code is inserted into strings that are
later passed to an instance of SQL Server for parsing and execution.
 Malicious programs refer to programs with the intention to attack or perform
remote control, for example, backdoors, Trojan horses, worms, and viruses.
 Key files refer to the files that may affect system running, for example, system files.
 A security policy is a security rule that must be followed when a container is

running. If a container violates a security policy, the system reports a container
exception error. Security policies are defined by users, including processes allowed
to run by containers and read-only files in containers.
 CC attack is a type of DoS attack in which the attacker uses a proxy server to
generate and send seemingly-legitimate requests to a target server.
 Precise protection: Groups multiple common HTTP fields, such as the URL, IP,
Params, Cookie, Referer, User-Agent, and Header, together to customize a policy.
You can also block or allow the traffic based on logic conditions.
 E-mall promotion protection prevents CC attacks by blocking massive malicious

requests to ensure website availability.
 The TCP/IP architecture consists of the following layers: physical layer, data link
layer, network layer, transport layer, session layer, presentation layer, and
application layer. Anti-DDoS can withstand multi-layered (layers 4 to 7) attacks.
 Border Gateway Protocol (BGP) is standardized exterior gateway protocol

designed to exchange routing and reachability information among autonomous
systems (AS) on the Internet.
 Website security assessment detects potential vulnerabilities, such as SQL
injections, XSS, file upload, download, and inclusion, sensitive information leakage,
and weak passwords.
 Host security assessment identifies security threats to hosts based on vulnerability

scan results and log analysis, and performs baseline check on OSs and middleware.
 SA now only supports ECSs on HUAWEI CLOUD.
 A threat event usually refers to an event that causes damage to the information
system due to natural factors, human factors, or software and hardware faults, or
event that has negative impacts on the society. A threat event in SA refers to a
security event discovered based on big data analysis that will pose threats to user
assets.
 Customer master key (CMK): keys created by users in KMS. CMKs are used to
encrypt the encryption key for data protection.
 Data encryption key (DEK): keys used to encrypt data.
 KMS is integrated with cloud services including OBS, EVS, IMS, SFS, and RDS,
providing server-side encryption (envelope encryption) for these services. Envelope
encryption refers to the method that DEKs are encapsulated into an envelope for
storage, transmission, and use, and CMKs are not used to directly encrypt and
decrypt data.
 Server-side encryption for Object Storage Service (OBS): When uploading

files to OBS, you can select KMS encryption to encrypt the files from the
server side.
 Server-side encryption for Elastic Volume Service (EVS): When purchasing an

EVS disk, you can use the key provided by DEW to encrypt data on the disk.
 Server-side encryption for Image Management Service (IMS): When

uploading an image file, you can select KMS encryption to encrypt the
image.
 Server-side encryption for Scalable File Service (SFS): When creating a file
system using SFS, you can select KMS encryption.
606
 Server-side encryption for Relational Database Service (RDS): When

purchasing an RDS instance, you can select Disk encryption and use the key
provided by DEW to encrypt the disk of the database instance.
607
 An image is a special file system. It provides not only programs, libraries, resources,
configuration files but also some configuration parameters required for a running
container. An image does not contain any dynamic data, and its content is
unchangeable after creation.
 A container is the instance of an image and can be created, started, stopped,

deleted, and suspended.
 Regular engine: Defends against OWASP top 10 attacks.
 Semantic engine: Protects against XSS/SQL injection attacks.
 AI engine: Fends off APTs and zero-day vulnerabilities.
 XSS attacks are a type of injection, in which malicious scripts are injected into
otherwise benign and trusted websites. XSS attacks occur when an attacker uses a
web application to send malicious code, generally in the form of a browser side
script, to a different end user.
 Certificate Authority (CA) is the certificate authorization center. As a trusted third
party in e-commerce transactions, a CA is responsible for checking the validity of
the public key in the PKI.
 An origin server indicates the server where users' service are running on.
 An origin server IP address is the Internet IP address used by users to provide

services.
 A back-to-source IP address is an IP address provided by AAD for security

purposes. From origin servers' perspective, traffic returned to customers is all sent
from the back-to-source IP address.
614
615
 Defense and detection devices include VSS, DDoS, IDS, flow probe, WAF, HSS, and
DBSS. The ACL/security group is a defense device, and the defense device cannot
provide detection data to the SA. Therefore, the SA security detection source
excludes the ACL/security group.
 Answer: A, B, C, and D.
 A and B are mainly used to defend against web attacks and vulnerabilities. C is
used to ensure website reliability and D is used to prevent website services from
DDoS attacks. Misunderstanding: Only services that are classified into application
security can ensure website security.
Advantages

Editable Monitoring Panel
Provides a unified view of key system monitoring information.


Alarm-Triggered Scaling
The system automatically adjusts capacity based on the service traffic volume and
configured alarm rules.

ECS Advanced Monitoring
Enables monitoring of customized network traffic metrics to prevent bottlenecks.

Answer: All
 A database is a data warehouse where data is organized, stored, and managed
based on the data structure.
 Common database types are as follows: MySQL, PostgreSQL, SQL Server, Oracle,
and MongoDB.
 Applicable to all industries: Such as SaaS applications, e-commerce, community

websites, mobile applications, gaming applications, and government websites.
 MySQL is one of the world's most popular open-source databases. It is designed

with excellent read performance to be widely used in the Internet industry.
 PostgreSQL is a powerful open-source database. Compared with MySQL, it

provides more complete transaction support, comprehensive functions, and
excellent stability, making it the first choice for Oracle to switch to open-source
databases. Additionally, its location-based calculation function is very powerful.
 SQL Server is a globally popular commercial relational database. Compared with

other commercial databases (Oracle and DB2), SQL Server is more cost-effective
and provides the same level of transaction support functions at a lower price.
HUAWEI CLOUD database helps you reduce the total cost of ownership (TCO) and O&M
workload, letting you focus on developing your core services.
 Instant Availability – Short Rollout Period
RDS helps you easily complete the entire process from project concept to production deployment.
You can obtain a production-ready database within some minutes without the need to install
database software or deploy database servers. You only need to pay for the resources you actually
consume at a low rate. In addition, you do not need to invest a lot in the early stage. You can start
from DB instances with low specifications and flexibly scale them as required.
 High Reliability — Time- and Labor-Saving
RDS is running on a highly reliable infrastructure. When you deploy primary/standby DB instances in
a single AZ or different AZs, RDS will synchronize data from the primary DB instance to the standby
instance that you can immediately fail over to if the primary DB instance fails. RDS also provides
other functions to enhance database reliability, including automated backups, manual backups, and
disaster recovery (DR) backups.
 Easy Management — Visualized and Controllable
With RDS, you can easily set, operate, and scale databases. You can also easily connect applications
to databases, migrate data, back up and restore data, and monitor database resources and
performance. Moreover, you can view key performance metrics on the Cloud Eye console, including
CPU, memory, and storage space usage, I/O activities, and the number of database connections.
 Elastic Scaling — On-demand and Cost-effective
With RDS, you can easily scale the compute and storage resources of databases. MySQL and
PostgreSQL databases allow you to create a maximum of five read replicas for each primary DB
instance to offload read traffic from the primary DB instance. (Note: SQL server does not support
read replicas.)
 High Security
RDS enables you to easily control network access to databases. By default, RDS runs DB instances in
a Virtual Private Cloud (VPC) that isolates DB instances and enables existing IT infrastructure to
connect to your DB instances in the VPC through encrypted IPsec VPN tunnels that comply with
industry standards. In addition, RDS provides SSL encrypted connections to prevent data from being
intercepted during transmission.
 Automated backups: RDS creates automated backups for DB instances and
retains the backups within the backup retention period. You can restore data
to any point in time during your backup retention period.
 Manual backups: You can also create manual backups. RDS saves manual
backups of the DB instance based on the backup retention period you
specified. You can restore data to any point in time with the backup
retention period.
 Before logging in to the HUAWEI CLOUD management console, you need to
register a HUAWEI CLOUD account.
 Before buying an RDS DB instance, ensure that your account balance is greater
than ¥0.
 After a DB instance is created, you cannot change the DB engine. Therefore,

exercise caution when selecting a DB engine.
 MySQL is one of the world's most popular open-source relational databases. It

works with the Linux, Apache, and PHP (LAMP) stack to provide efficient web
solutions. RDS for MySQL significantly improves performance in read/write,
scaling, backup and restoration, and fault tolerance capabilities.
 PostgreSQL is a typical open-source relational database with high reliability and

data integrity. It is commonly used to power e-commerce, location-based
applications, financial insurance systems, and complex data object processing.
 Microsoft SQL Server is a globally popular commercial relational database that

integrates various Microsoft management development tools. RDS for SQL Server
is officially authorized by Microsoft and supports Windows-based applications. It is
reliable, scalable, secure, east to manage, and immediately ready for use, letting
you focus on developing your services.
Procedure
1. Log in to the HUAWEI CLOUD management console.
2. Under Database, click Relational Database Service to go to the RDS console.
3. On the Instance Management page, click Buy DB Instance.
4. On the displayed page, select a billing mode, configure parameters about DB

instance specifications, and click Next.
5. Confirm the specifications. For pay-per-use DB instances, confirm the

specifications. For yearly/monthly DB instances, confirm and pay for the
order.
6. To view and manage the DB instance, go to the Instance Management page.
After the DB instance is created, you cannot change the DB engine. Therefore,
exercise caution when selecting a DB engine.
The automated backup policy is enabled by default. After the DB instance is

created, you can modify the automated backup policy. An automated full backup
is immediately triggered after the DB instance is created.
The default database port is 3306. After the DB instance is created, you can
change its port.
You can bind an elastic IP address (EIP) to a DB instance to make it publicly
accessible.
2. Selecting a region and project
4. On the Instance Management page, locate the target DB instance and click Log
In in the Operation column.
5. In the displayed login window, enter the correct username and password and
click Log In.
4. On the Instance Management page, locate the target DB instance and click
Create Read Replica or choose More > Create Read Replica in the Operation
column.
5. On the displayed page, select a billing mode (pay-per-use or yearly/monthly),

configure specifications about the read replica, and click Next.
6. Confirm specifications.
7. After a read replica has been created, you can view and manage it on the
Instance Management page.
4. On the Instance Management page, select the target DB instance and click
Change Billing Mode in the Operation column.
5. Select the renewal duration in the unit of month. The minimum duration is one
month.
6. Select a payment method and click OK.
7. After changing the billing mode of a pay-per-use DB instance to yearly/monthly,

you can view and manage the DB instance on the Instance Management page.
4. On the Instance Management page, select the target DB instance and choose
More > Change to Primary/Standby Instances in the Operation column.
5. View the primary and standby DB instance information. By default, the primary
DB instance information is the same as that of the original single DB instance.
For the standby DB instance, you can select the AZ only. The other
configurations cannot be modified and are the same as those of the primary DB
instance.
6. After a single DB instance is changed to primary/standby instances, you can

view and manage it on the Instance Management page.
The DB instance is in the Changing to Primary/Standby status. You can view the
progress on the Task Center page.
4. On the Instance Management page, click the target DB instance.
5. On the Basic Information page, click Switch in the DB Instance Type field in
the Instance Information area.
6. If you have enabled operation security, click Start verification in the Switch
Primary/Standby DB Instance dialog box. On the displayed page, click Send
Code, enter the obtained verification code, and click Verify. The page is closed
automatically.
7. In the Switch Primary/Standby DB Instance dialog box, click OK to switch

between the primary and standby DB instances.
Currently, you can only select a different CPU/memory for the same instance class.
For example, if the current instance class is general-purpose, you can only select
another CPU/memory option for this instance class.
Changing the DB instance class will cause the DB instance to reboot. To prevent
service interruptions, change the DB instance class during off-peak hours. The DB
active/standby switchover is performed when the active and standby instances are
expanded. The interruption duration depends on the switchover duration, which is
irrelevant to the restart duration.
Scale in the Operation column. You can also click the target DB instance to go
to the Basic Information page. In the Configuration area, click Modify in the
Instance Specifications field.
5. On the displayed page, click CPU/Memory, specify the desired CPU and
memory, and click Next.
6. Confirm the specifications.
7. View the modification result.

On the Instance Management page, the DB instance status is Changing instance
class. Click the DB instance. On the Basic Information page, check whether the
modification is successful.
This process takes 5 to 15 minutes.

 For primary/standby DB instances, rebooting the primary DB instance will
automatically cause the standby DB instance to also be rebooted.
 You can reboot a DB instance only when its status is Available. Your database may
be unavailable in some cases such as data is being backed up or some
modifications are being made.
 The time required for rebooting a DB instance depends on the recovery process of
the DB engine. To shorten the reboot time, you are advised to reduce database
activities during the reboot to reduce rollback activities of transit transactions.
 For primary/standby DB instances, if you reboot the primary DB instance, the

standby DB instance is also rebooted automatically.
4. On the Instance Management page, locate the target DB instance or read

replica and choose More > Reboot in the Operation column.
5. If you have enabled operation security, click Start verification in the Reboot DB
Instance dialog box. On the displayed page, click Send Code, enter the
obtained verification code, and click Verify. The page is closed automatically.
6. In the displayed Reboot DB Instance dialog box, click OK.
Refresh the DB instance list and view the status of the DB instance. If its status is
Available, it has rebooted successfully.
4. On the Instance Management page, click the target DB instance or read replica.
5. On the displayed Basic Information page, rename the DB instance.
6. View the change result on the Basic Information page.

Restrictions:
 DB instances in the Creating status cannot be deleted.
 If you delete a DB instance, its automated backups are also deleted and you are no
longer charged for them. Manual backups are still retained and will incur
additional costs.
4. On the Instance Management page, locate the target DB instance or read

replica, and choose More > Delete in the Operation column.
5. If you have enabled operation security, click Start verification in the Delete DB
Instance dialog box. On the displayed page, click Send Code, enter the
obtained verification code, and click Verify. The page is closed automatically.
6. In the displayed Delete DB Instance dialog box, click OK. Refresh the Instance
Management page later to verify that the DB instance or read replica has been
deleted.
Restrictions:
 DB instances in the Creating status cannot be deleted.
 If you delete a DB instance, its automated backups are also deleted and you are no
longer charged for them. Manual backups are still retained and will incur
additional costs.
You can delete yearly/monthly DB instances only on the Billing Center page.
The default automated backup policy is as follows:
 Retention period: 7 days
 Time window: An hour within 24 hours, such as 01:00-02:00 or 12:00-13:00
 Backup cycle: Each day of the week

4. On the Instance Management page, locate the target DB instance and choose
More > Create Backup in the Operation column.
5. In the displayed dialog box, enter a backup name and description. For Microsoft
SQL Server, select a target database for which you want to create a backup.
Then, click OK.
6. After the manual backup is created, you can view and manage it on the Instance
Management page.
 You can use backup files to create a new DB instance only when your account
balance is greater than or equal to ¥0.
 You can restore data to new DB instances, original DB instances, and existing DB
instances.
4. On the Instance Management page, locate the target DB instance and click its
name.
5. Select a time range, select or enter a point in time within the acceptable range,
and select one of the following restoration methods and click OK. If you select
restoring to the original DB instance and you have enabled operation security,
click Start verification in the Restore to Point in Time dialog box. On the
displayed page, click Send Code, enter the obtained verification code, and click
Verify. The page is closed automatically.
6. View the restoration result.

4. On the Backup Management page, locate the target backup and click Restore
in the Operation column.
5. Select one of the following restoration methods and click OK:
Create New Instance
Restore to Original
Restore to Existing
RDS allows you to scale up storage space of DB instances but you cannot change the
storage type. Services are not interrupted during scaling.
Scale in the Operation column. You can also click the target DB instance to go
to the Basic Information page. In the Storage Information area, click Scale in
the Storage Space Usage field.
5. On the displayed page, click Storage Space, specify the desired storage space,
and click Next.
6. Confirm the order.
7. View the scale-up result.

By default, each user can create a maximum of 100 parameter groups for RDS DB
instances. All RDS DB engines share the parameter group quota.
5. On the Parameters page, modify the parameters as required.
After the parameter values are modified, you can click View Change History to view
the modification details.
5. On the Error Logs page, click Log Details to view details.
6. On the Error Logs page, click Download. Locate a log whose status is
Preparation completed and click Download in the Operation column to
download a log.
Cloud Trace Service (CTS) helps you record operations related to RDS for further
querying, auditing, and backtracking.
For details about how to configure alarm parameters, see the Cloud Eye User Guide
on Help Center.
 In terms of service application development, AI is divided into four phases:
 （Click1）In the first phase, traditional data ETL operations are performed to
implement automatic processing in data analysis, service report generation, data
visualization, and more.
 （Click2）In the second phase, multi-source data is integrated and traditional big
data and machine learning technologies are leveraged to implement intelligent
enterprise services, such as offering recommendations, trend predictions, device
detection, smart logistics, and more.
 （Click3）In the third phase, with the rapid development of mobile Internet and
IoT, the data volume grows at unprecedented rates. In addition, multiple engines
for real-time big data processing emerge in the Hadoop ecosystem, and data
becomes more diversified. Furthermore, in terms of the computing power and
algorithms, computers are capable of processing massive sets of data and learning
the neural network of heterogeneous data sources. Through deep learning, various
services can be fulfilled, such as voice recognition, visual services (OCR, image
recognition, image processing, and facial recognition), and natural language
processing.
 （Click4）In the fourth phase, the computing power and algorithms are highly
mature. AI-based products have been developed in various industries to deliver
advanced functions, such as intelligent assistant, intelligent Q&A, and multi-turn
dialogs.
（Click5）For enterprises, the required AI functions are mainly developed at the
second to fourth phases.
 According to the latest Gartner Quadrant:
• Currently, voice recognition is first used for large-scale commercial use. For
example, common social software and input methods have the voice recognition
function.
• The computer vision technologies gradually become mature, and a great

breakthrough has been made in image recognition, OCR (high maturity), and facial
recognition.
• The hype around platform services, such as machine learning, deep learning, graph
computing, edge computing, and IoT, will come to an end. Achievements have
been made in applying machine learning to the industry field, from deep learning
to visual analysis.
 Next, let us take a look at HUAWEI CLOUD EI development milestones and
achievements.
 （Click1）In 2002, data governance and analysis products were developed

specifically for traditional BI services in the telecom field.
 （Click2）In 2007, Huawei started Hadoop technology research, developed big

data-related technologies, and reserved a large number of talents and technology
patents.
 （Click3）In 2011, big data technology was applied to the big data solution of
China Telecom for network diagnosis and analysis, network planning, and network
optimization.
 （Click4）In 2013, big enterprises, such as China Merchants Bank and the
Industrial and Commercial Bank of China, began to communicate with Huawei
about big data requirements and started technical cooperation. In September 2013,
Huawei launched the enterprise-oriented big data analysis platform FusionInsight
in HCC, and the platform has been widely used in various industries.
 （Click5）Huawei started scaled investment in AI in 2012, developed AI products

since 2014, and offered products in various departments such as financial, supply
chain, engineering acceptance, and e-commerce, for internal practice at the end of
2015.
 Customs Form OCR: Improves the import efficiency tenfold.

 Pickup path planning: Reduces extra expenses by 30%.
Content Moderation: Improves efficiency by 6 times.
 Intelligent recommendation for e-commerce users: Improves the application
conversion rate by 71%.
 In 2017, Huawei started to provide cloud services, working with more partners
to offer a wider variety of AI products.
 Huawei has invested thousands of R&D personnel in technical research and

development (involving R&D of product technologies as well as cutting-edge
technologies, such as analysis algorithms, machine learning algorithms, and
natural language processing), and actively contributes research results to the
community.
 （Click1）HUAWEI CLOUD EI provides full-stack big data services. Based on the
intelligent data lake base, the essential AI platform is constructed to offer platform
services, such as Machine Learning Service (MLS), Deep Learning Service (DLS),
Graph Engine Service (GES), Cloud Search Service (CSS), and more.
 Based on the AI platform, HUAWEI CLOUD EI also builds many general AI services,
including diversified API services, such as Optical Character Recognition (OCR),
Image Recognition, Content Moderation, ImageSearch, Face Recognition,
Automatic Speech Recognition (ASR), Natural Language Processing Fundamentals,
and Conversational Bot Service (CBS).
 Furthermore, business-level solutions are also developed, including Traffic

Intelligent Twins (TrafficGo), Campus Intelligent Twins, Industrial Intelligent Twins,
Vehicle Intelligent Twins (iVehicle), and more, to help enterprises implement
intelligent services in intelligent inference, multi-domain collaboration, and
optimization decision support.///////
 （Click2）If the AI platforms, AI services, and solutions are subject to the service
process and running environment of users, Intelligent Edge Fabric (IEF) can be
used to implement AI on desired devices. In this way, HUAWEI CLOUD EI can easily
handle any complex service scenarios.
 Based on the basic computing capabilities, HUAWEI CLOUD EI will provide 45
services （Click1）and 142 functions（Click2）, covering essential platform
services, general APIs, advanced APIs, and pre-integration solutions.
 These services can handle all scenarios for AI senior data scientists, data engineers,
common IT engineers, service development personnel, and much more. In addition,
with in-depth implementation of AI in industries, such capabilities are increasing
rapidly.
 On the basis of AI computing power, we will provide services of various types,
including ECS, BMS, and container-related services.
 One Ascend 310 chip is integrated into each of the H series high-configuration
VMs, improving the computing performance by 16 times.
 Users can also configure the service of the highest inference performance 512
TOPS with heterogeneous ECS and CCI services.
 In the training scenario, we provide ECS and BMS to offer the computing capability
of up to 2 PFLOP.
 HUAWEI CLOUD helps our customers enter the AI era.

 ModelArts is a one-stop development platform for AI developers. With data
preprocessing, semi-automated data labeling, distributed training, automated
model building, and model deployment on the device, edge, and cloud, ModelArts
helps AI developers build models quickly and manage the lifecycle of AI
development.
 By integrating the full-stack capabilities of chips, software, and hardware, HUAWEI

CLOUD EI provides an excellent user experience. Under the configuration of same-
quantity compute nodes, HUAWEI CLOUD EI is 50% faster than
similar products of other manufacturers in training ResNet50 using ImageNet with
the data of millions of images .
 Innovative ExeML technology enables AI engineers to complete training without

coding and generate a model matching the target environment.
 Use various cloud-edge-device synergy technologies to deliver AI applications as
expected.
 The development can be applied in various scenarios. In this way, the performance
is greatly improved, and the bandwidth can be greatly reduced.
 Device-cloud synergy has been applied in actual scenarios, such as image

definition detection and facial recognition on a smart campus. For example, traffic
policemen use the edge cloud of the ARM architecture to perform signal control
and traffic detection, and optimize the control of municipal facilities such as traffic
lights and street lamps. Adjustment of the lighting brightness leads to a 40%
decrease in energy consumption.
Graph Engine Service (GES) facilitates querying and the analysis of graph-structure
data based on various relationships. It is specifically suited for scenarios requiring
analysis of rich relationship data, including social relationship analysis,
recommendations, precision marketing, public opinions and social listening,
information communication, and anti-fraud measures.
 HUAWEI CLOUD EI service GES supports complex attribute management based on
the attribute graph model, provides more than 20 built-in topology measurement
and basic graph analysis algorithms, and opens the capability of the graph engine
through service-oriented APIs to provide all-round relationship network insights.
 （Click1）Route Planning
GES expresses network elements (NEs), such as switches, routers, and terminal
devices, as physical communication networks and logical networks that are
abstracted from these NEs, and performs complex and efficient network planning
algorithms. This reduces the time used for planning hundreds of thousands of routes
from 6.8 hours to 2 minutes. Specifically, the efficiency improves by 200 times. In
addition, GES supports hundreds of billions of routes and over 1000 concurrencies,
which meets the requirements for network evolution and capacity expansion. GES
also supports complex constraint route planning by using graph-based algorithms to
deliver diversified services.
In addition, the integrated visualization capabilities improve service diagnosis

efficiency by more than 30%.
（Click2）Social relationship mining
 Social networking is a typical application scenario for GES. GES helps find the
opinion leader, common neighbors, following friends of a friend, and
recommended friends from the complex social network. In addition, GES
delivers the high concurrency and low delay.
 （Click3）Recommendation
 With graph-based recommendation algorithms, HUAWEI CLOUD cooperates

with American professors to improve the recommendation effect by 30% on the
American social software Pinterest that accommodates billions of offerings for
over 100 million users.
 （Click4）Knowledge graph
 Great importance is attached to the knowledge map in all industries and fields.
GES serves as the storage and query engine for the knowledge graph. It
supports storing and querying massive sets of knowledge. Compared with
traditional RDF, GES combines more knowledge to offer more powerful
associated query capabilities while delivering stronger performance. GES
increases the accuracy of knowledge queries by more than 50%.
Cloud Search Service (CSS) is a fully hosted distributed search service powered on
Elasticsearch. It is fully compatible with Elasticsearch APIs and provides users with
structured and unstructured data search, statistics, and report capabilities.
CSS mainly applies to the following scenarios:
Log Analysis
 O&M analysis and fault location for IT devices, operation analysis based on service
metrics
 Statistical analysis: 20 more statistical analysis methods and nearly ten analytical
dimensions
 Real-time and efficient: You can get the insights within seconds once new data is
stored in indices.
 Visualized data: CSS provides multiple report display modes, such as table, line
chart, heat map, and cloud map.
 Site Search
 Website content search by keyword, search for commodities on e-commerce sites

with the recommendations obtained.
 Real-time search
 You can get the content or commodities you want within seconds or minutes.
 Categorized statistics
 You can get categorized statistics on the searched commodities that meet the
conditions.
 Custom highlight style
 You can customize the highlight style as you like.

 HUAWEI CLOUD provides diversified AI APIs. OCR-related APIs provide the
functions of recognizing information on cards, receipts, and electronic documents.
 Vision-related API services include Face Recognition, Human Analysis Service (HAS),
Image Recognition, Image Tagging, ImageSearch, Video analysis services, and
Content Moderation.
 API services related to speech and semantics include ASR, TTS, Question-
Answering Bot, Task-oriented Conversational Bot, and more.
 Optical Character Recognition (OCR) allows you to detect and recognize printed
characters in images and convert such characters into editable text. OCR provides
services through open Application Programming Interfaces (APIs). You can obtain
the inference results by accessing and invoking APIs in real time. It helps you
collect key data automatically and build an intelligent service system, thereby
improving service efficiency.
 （Click1）Face Recognition is an intelligent service that uses computers to process,
analyze, and understand facial images based on human facial features. It provides
services through open Application Programming Interfaces (APIs). You can obtain
the face recognition results by accessing and calling APIs in real time. It recognizes
and compares faces automatically and provides you with the similarity degrees,
thereby improving service efficiency. The service involves facial recognition based
on the gates in campuses, frequent customer identification in supermarkets, facial
recognition and identity verification in public places like railway stations and
airports.
（Click2）Image Recognition uses deep learning technologies to accurately identify

objects, scenes, and concepts in images using a pool of visual content tags. The
service is suitable for smart albums, content recommendation, and image library
management.
（Click3）Content Moderation is suitable for the following scenarios:

• User Generated Content (UGC) websites. UGC websites include knowledge sharing
networks, social networks, video sharing networks, image sharing networks, and
forums. The websites offer text, images, and videos.
• Among the UGC websites, the short video websites and apps can be the major
markets for Content Moderation.
• News media related enterprises.

（Click4）ImageSearch supports image search based on the text and content as
well as reverse image search. ImageSearch significantly improves the methods for
copyright image accountability. The service helps find over 80,000 infringed
images from the 42 million images on the Internet according to 5000 copyright
images.
 Conversational Bot Service (CBS) uses various technologies, such as text mining
and association rules, to learn domain knowledge from multiple sources (logs and
operation records) and enhances the question answering (Q&A) knowledge base,
thereby improving Q&A effects. Intelligent semantic matching engines are
integrated with multiple technologies, such as machine learning, information
retrieval, and deep learning, and help ensure high-precision hitting.
 Common application scenarios include post-sales intelligent Q&A, agent assistants,

and pre-sales consulting bots.
 Big data is a huge challenge facing the Internet era as the data volume and types
increase rapidly. Conventional data processing technologies, such as single-node
storage and relational databases, are unable to solve the emerging big data
problems. In this case, the Apache Software Foundation (ASF) has launched an
open source Hadoop big data processing solution. Hadoop is an open source
distributed computing platform that can fully utilize the computing and storage
capabilities of clusters to process massive amounts of data. If enterprises deploy
Hadoop systems by themselves, the disadvantages include high costs, long
deployment periods, difficult maintenance, and inflexible use.
 To solve the preceding problems, HUAWEI CLOUD provides MapReduce Service

(MRS) for managing the Hadoop system. With MRS, you can deploy a Hadoop
cluster in just one click. MRS provides enterprise-level big data clusters on the
cloud. Tenants can fully control the clusters and run big data components such as
Hadoop, Spark, HBase, Kafka, and Storm in the clusters.
 By using the full-stack top-level Hadoop components, MRS helps users easily
handle various service scenarios, such as real-time monitoring, fast querying, and
multi-dimensional analysis.
 DWS on the cloud is built based on the Huawei distributed MPP database
FusionInsight LibrA.
 DWS provides standard SQL querying and supports the use and migration of
traditional database applications. It is easy to use for users with different technical
backgrounds. DWS supports a complete transaction model, so users can add,
delete, and modify data. It is applicable to the interactive query scenario and user
scenarios that have demanding requirements on data processing delays. The data
volume is basically 10 PB-level.
 CloudTable is a NoSQL database with single-digit millisecond latency on HUAWEI
CLOUD. It is built based on HBase, OpenTSDB, and GeoMesa, and is fully
compatible with the APIs of the community version.
 OpenTSDB is a scalable time series database based on HBase. It stores data that is
closely coupled with time series.
 For example, data reported by vehicles on the Internet of Vehicles (IoV) is

particularly sensitive to time and space and OpenTSDB of CloudTable is most
suitable for storing this type of data.
 GeoMesa stores geographic location information for OD analysis, that is, analysis
of traffic volume between the origin and destination, real-time retrieval of three-
dimensional tracks, real-time calculation of movement patterns, and prediction of
movement statuses.
CS is the core cloud service in the IoT field. HUAWEI CLOUD service CS is powered on
Flink and Spark Streaming and is fully compatible with open-source APIs. It has the
following features:
• Flink is a unified computing platform that integrates batch processing and stream
processing. In the open-source community, Huawei has made the largest
contribution to Flink. Flink is the most important real-time stream computing
engine for the future. In addition, Flink provides various SQL functions, common
mathematical geometric operators, and geographical location operators to help
users easily cope with various requirements in the IoT field.
• Huawei has also made a great contribution to the Spark community. Spark
Streaming fulfills micro-batch processing. It divides data streams into small
segments (equivalent to streaming data from the perspective of calculus) based on
the minimum data interval. Compared with STORM, Spark Streaming delivers
higher throughput but lower real-time processing performance.
• Rule parsing and determination are required for collected real-time data in various
scenarios, such as real-time status monitoring, alarm monitoring, and event
awareness for many devices on the IoT big data platform as well as geo-fencing
monitoring on the IoV. CS helps implement these functions using minimum coding
so that users can easily handle real-time data processing scenarios.
 DLI is a fully managed Big Data query service. Users are unaware of the cluster and
do not need to manage any servers. It can be used instantly after provisioning. The
service provides standard full SQL compatibility with Spark interfaces, supports
automatic elastic expansion, and provides multi-tenant capability for fine-grained
resource and data control. It allows you to easily explore and analyze data on the
cloud.
 Three core competences of DLI are:
• Serverless architecture. It is easy to use and costs only a few cents to scan and
analyze 1 GB of data. Compared to the common server cluster, the cost remains
below 10%.
• It is the first public cloud serverless massive data query service in China.
• It is the first heterogeneous data analysis service to perform correlation analysis of

data without migration between multiple data sources.
 DLF is designed to provide you with a one-stop data platform that allows you to
complete data ingestion, integration, development, analysis, management,
scheduling, and monitoring at the same time. It supports data cleansing,
conversion, and processing throughput for the entire lifecycle from the data
production to consumption, dramatically streamlining the development and
maintenance of big data.
No matter where data comes from, terminal devices or self-built private cloud
platforms, you can migrate the data to DIS and then dump the data to your desired
HUAWEI CLOUD services, such as OBS, CloudTable, DWS, and more to meet your
specific storage, processing, analysis, and machine learning requirements. After the
data is migrated to DIS, you can perform some simple operations on it, for example,
ETL or other custom configurations.
 CDM supports batch data migration from over 20 data sources (including various
heterogeneous data sources, such as self-built big data platforms, relational
databases, offline data warehouses, NoSQL, and OBS) to HUAWEI CLOUD without
programming. CDM also supports data migration between Huawei cloud services.
 In the past year, HUAWEI CLOUD collaborated with customers and partners to
explore and apply over 200 AI projects（Click1） in eight industries.
 The projects include Traffic Intelligent Twins (TrafficGo), predictive equipment

maintenance in the industrial field, case analysis and gene analysis in the medical
field, security protection in campuses and homes, passenger flow analysis,
document identification and path optimization in the logistics industry, vehicle
management and intelligent operations for car companies, content moderation
and intelligent video recommendation in the Internet industry, and much more.
 Major application scenarios of AI are as follows:
 （Click1）1. Efficiency improvement (in scenarios requiring massive repetitive

manual operations, AI helps improve accuracy and saves labor costs).
 （Click2）2. Professional inheritance (expert experience is the most valuable asset

at any time. However, due to insufficient expert resources, the AI assistant is
needed to reach the expert level to solve more patients' problems).
 （Click3）3. Breakthrough achievement (multi-domain collaboration is fulfilled. For

example, there are multiple factors affecting our travel in cities. AI helps provide
better guidance for our travel through cross-region collaboration. In the
manufacturing industry, manufacturers provide finished or semi-finished products
for downstream customers. According to the audience market scope of the final
products, they can adopt personalized processing techniques based on the quality
dimensions of different materials involved in the production and manufacturing
process to meet the personalized requirements of customers).
 Image infringement may happen at any time. It is difficult to identify infringed
images from a large number of images on the Internet.
 With DLS and ImageSearch, hundreds of thousands of new copyright images and
tens of millions of network pictures can be automatically imported to the database
every day, and the cross-check is supported.
 Artists can easily check utilization of their works by using mobile phones.
 In multiple industries, it is difficult to handle the increasing business requirements
due to insufficient expert resources.
 Pathology is known as the "gold standard" of clinical diagnosis, and pathologists

play an important role in the medical industry. Pathologists need to carefully
observe thousands of cells under the microscope, and they must master hundreds
of cases to match what they observe.
 According to the statistics of professional organizations, at least 100,000 extra

pathologists are needed in China.
 （Click1）By leveraging AI technologies, the HUAWEI CLOUD EI visual team made

breakthroughs in the pathological detection of cervical cancer in less than a month,
with the sensitivity over 99% and specificity over 80%.
 There are some complicated industrial scenarios, such as industrial production and
city governance.
 According to data scientists, these scenarios involve a large number of parameters,

complex dependency relationships, and high dimensions. Therefore, formulas
cannot help solve related issues.
 AI technologies bring new ideas and methods for solving such issues.
 （Click1）Huawei works together with Triple Rainbow to build EI intelligent twins

to meet customers' personalized requirements.
 Flexible: Rich quality feature database covering the features of 100+ dimensions.
 Precise: An intelligent feature classifier with 3 million feature dimensions delivers a

model accuracy of over 90%.
 Fast: The model training period is shortened from months to hours, fulfilling quick
closed-loop solutions to problems.
 HUAWEI CLOUD EI City Intelligent Twins, powered by AI, leverages edge
computing and technologies related to the cloud, big data, and IoT to drive
innovations for the smart city.
 Huawei continuously explores the efficient resource scheduling and configuration

in various fields, such as transportation, environmental protection, and emergency
handling to improve efficiency, reduce energy consumption, and achieve
environmental friendliness. （Click1）
 Meanwhile, Huawei expects to work with partners to make a better city.

Global environment
Back to enterprises
The API Economy has been gradually forming as APIs are increasingly used.
Back to enterprises
 Key feature: API lifecycle management
• New services are introduced and existing services are continuously evolving,
requiring API lifecycle management.
• With API management on API Gateway, API consumers are kept informed of API
changes, ensuring application stability and helping API consumers obtain API
updates.
 Key features: high-performance routing
 While providing the standard configuration of three 8 vCPU | 16 GB hosts (campus

deployments), cluster deployments are implemented for high-performance
requirement conditions, and low configuration deployments (dual 4 vCPU | 16 GB
hosts or lower, depending on project requirements) are provided for low
performance requirement conditions.
Key feature: service management and control
Key feature: API marketplace
 Key feature: API analysis
 O&M personnel can perform system monitoring.
 System managers can provide service insights.

Key features: access security, threat prevention, and log auditing
Recommendations
 Huawei Learning Website
 http://learning.huawei.com/en
 Huawei e-Learning
 https://ilearningx.huawei.com/portal/#/portal/ebg/51
 Huawei Certification
 http://support.huawei.com/learning/NavigationAction!createNavi?navId=_31
&lang=en
 Find Training
 http://support.huawei.com/learning/NavigationAction!createNavi?navId=_trai
ningsearch&lang=en
More Information
 Huawei learning APP
版权所有© 2018 华为技术有限公司

HCIA-Cloud Service V2.0 Training Material

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

HCIA-Cloud Service V2.0 Training Material

Uploaded by

Copyright:

Available Formats

Recommendations

 Huawei Learning Website

版权所有© 2018 华为技术有限公司

 With ecosystem chain development, hardware becomes heterogeneous, making it

 Enterprise informatization gravitates towards software, but the scalability and

 Siloed development, difficult capacity expansion, and lack of scalability

 Disk-centered computing bottleneck

 I/O bottleneck causes latency and inefficient CPU utilization

 Traditional SAN engine bottleneck, including bottleneck in transmission bandwidth,

 A new delivery model emerges providing all-in-one machines in convergent

 Customer value will manifest in the following ways regardless of IT

 More efficient business deployment and lifecycle management

 Better business performance and user experience

 Amazon Web Services (AWS), a professional cloud computing service, was

 A hybrid cloud is a composition of two or more clouds (private, community, or

 Resource pooling: The service provider's computing resources are centralized,

 Rapid scalability: Resources can be provisioned rapidly, and be expanded or shrunk

 Measurable service: Services are billed based on a pay-per-use or advertisement

 Second, cloudification is a gradual process. The cloud platform must protect

 A private cloud is established by an individual user or organization for

 A hybrid cloud is any combination of public cloud, private cloud, and

 Community clouds are another form. Because of policy and management

 Enable service resources to flow between public and private clouds.

 Implement optimal resource configuration using the hybrid cloud.

 Implement disaster recovery management in the hybrid cloud.

 For consumers, Huawei provides HUAWEI CLOUD services.

 HUAWEI CLOUD provides high-quality services covering computing, storage,

 HUAWEI CLOUD is trustworthy. Huawei collaborates with many partners to jointly

 Management node HA/DR

 Scalability and reliability (DB/MQ clusters)

2. Cascading FusionSphere OpenStack

 Unified FusionSphere OpenStack APIs

 FusionSphere OpenStack APIs to application management

 Real-time hardware failure notification

 Fault detection mode

 1/10 to 1/5 network I/O latency

 Synchronous data replication

 High performance EVS

 Support for both IPv4 and IPv6

 Security group enhancement

 Enhanced Nova scheduling

 Support for large CPU specifications

 Full image types: Windows and various Linux images

 High security: VPC, WAF, VSS, and Anti-DDoS

 Elastic scaling: scale in/out and up/down, flexible AS policies

 The multi-data-copy mechanism provides ultra-high (99.99995%) data

 Provides ultra-high I/O EVS disk (SSD storage).

 Offers ultra-large capacity block storage.

 EVS disks can be created and attached to ECSs anytime, anywhere,

 This figure shows the FusionStorage product architecture.

 Must be attached to servers.

 File: Files can be opened and modified.

 Applies to file sharing on a LAN.

 Applies to Internet mass data storage services with smooth and

 OBS application scenarios

 Enterprise backup and archive

 Static website hosting

 Cloud native applications

 Big data analysis

 Enterprise cloud box

 Protects public IP addresses of ECSs and load balancers.

 It is known as a "zero-day" because it is not publicly reported or announced before

 You can add metrics to or remove them from a dashboard.

 Huawei has a large R&D system. By integrating Huawei's R&D experience,