Professional Documents
Culture Documents
Huawei e-Learning
https://ilearningx.huawei.com/portal/#/portal/ebg/51
Huawei Certification
http://support.huawei.com/learning/NavigationAction!createNavi?navId=_31
&lang=en
Find Training
http://support.huawei.com/learning/NavigationAction!createNavi?navId=_trai
ningsearch&lang=en
More Information
Huawei learning APP
With the cloud OS, computing, storage, and network resources of multiple
vendors for a data center are horizontally integrated. Open and standardized
IT service interfaces are provided to the external systems, implementing
convergence by using legacy IT infrastructure.
Lower TCO
OpenStack began as a joint project of NASA and Rackspace, and was released
under the free and open-source Apache License.
Broad network access: Various capabilities can be obtained over the Internet, and
are accessible using standard methods from various clients, such as mobile phones,
laptops, and tablets.
Third, both public and private services need to provide unified service experience
and assurance, meeting enterprise requirements for performance, reliability,
elasticity, and innovation in the Cloud 2.0 era.
Private cloud
Public cloud
The public cloud is built for the public, and all registered users are called
tenants. When a tenant leaves the public cloud, the resources they had been
leasing are immediately released to a new tenant. The public cloud enables
the most thorough social division of labor and optimizes resource utilization
at the broadest scale.
Hybrid cloud
Community cloud
The PaaS layer provides application operating and development environments, and application
development components. The database service is a typical PaaS service.
The SaaS layer provides software functions through a web interface. Office 365 is a typical
SaaS service.
This is the common pursuit of public clouds.
Huawei ensures strict privacy and security for data and applications, and increases efforts in the
cloud-native PaaS layer.
Cloud computing emerged in 2006, and Huawei proposed the concept of Cloud 2.0 in 2016.
In its first decade, cloud computing was dominated by Internet companies providing
standardized Internet cloud services. Internet applications had to be adapted to those services.
In its second decade, cloud computing technology and markets matured. An increasing
number of enterprises and industries began to use the cloud to carry their traditional services
and core services. They adopted cloud services providing Big Data, AI, and IoT capabilities,
which promoted business innovation. In the Cloud 2.0 era, cloud services are standardized but
also customizable to meet specific industry needs. Enterprises now lead cloudification.
Huawei provides carriers with public cloud solutions, and carriers retail the services, for
example, Tianyi Cloud 3.0.
A government and enterprise cloud is designed with those customers’ unique requirements in
mind.
HUAWEI CLOUD uses superior software and hardware. Its chips, servers, storage
devices, and network devices, as well as the virtualization, cloud management, big
data, and AI platform software offer extraordinary performance.
1. Commercial utilities
Installation/Upgrade/Log/Stack trace/...
Multi-site, multi-vendor
DRaaS
3. Huawei KVM
Interrupt aggregation
4. Security hardening
5. Converged storage
6. Converged network
High performance
7. Nova
Port binding
An availability zone (AZ) contains one or multiple physical data centers. Each AZ
has independent cooling, fire extinguishing, moisture-proofing, and electricity
facilities. Within an AZ, computing, network, storage, and other resources are
logically divided into multiple clusters. All AZs in a region are interconnected using
high-speed optical fibers, meeting the requirements for deploying cross-AZ HA
systems, such as cross-AZ object storage, VPC network interconnection, and EIP.
The network latency between AZs in a region is less than 1 to 2 ms, and that within
an AZ is less than 0.2 to 0.3 ms.
A region can have multiple AZs, and each AZ is a physical fault domain.
HUAWEI CLOUD constantly improves its existing services and provides new services. It leverages state-of-the-art
technologies to enable enterprises to use the latest commercial services without investing in IT R&D themselves.
As of December 2018, there were about 150 cloud services under 18 categories.
Wide selection of ECS types: General-purpose, computing-optimized, high-
performance computing, memory-optimized, disk-intensive, and GPU-accelerated
Diverse EVS disks: common I/O, high I/O, and ultra-high I/O (SATA, SAS, and SSD)
High reliability: Automatic migration, multiple data copies, data backup and
restoration
Only applications that are stateless and can be horizontally scaled can run on ECS instances in an AS group. AS
automatically releases ECS instances. Therefore, the ECS instances in AS groups cannot save application status
information (such as sessions) and related data (such as database data and logs).
High reliability
High performance
Large capacity
Rich specifications
EVS provides common I/O, high I/O, and ultra-high I/O disks to meet
different service requirements.
Quick scaling
File storage
File system: has partitions, directories and sub-directories.
OBS
Bucket: provides storage space, working similarly to a folder but
without the directory structure.
Compared with hardware load balancing devices, ELB works out-of-the-box, and is
cost-effective and easy-to-manage. However, high-end hardware load balancing
devices provide comprehensive functions and high performance.
Anti-DDoS enables you to customize and monitor your own traffic cleaning
parameters. It provides a management console, on which you can centrally and
flexibly configure this service and monitor resources. Anti-DDoS also features robust
reliability based on the active/standby deployment mode. To be specific, Huawei
Anti-DDoS:
Allows you to configure and modify Anti-DDoS parameters (such as total requests
per second, HTTP requests per second, and connections per source IP address) for
public IP addresses.
Monitors and visualizes monitoring information about each public IP address, such
as the current defense status, defense parameters, traffic over the past 24 hours,
and anomalies (cleaning events and black holes) over the past 24 hours.
Provides weekly security reports. You can query DDoS defense information,
including the cleaning traffic, number of intercepted DDoS attacks, and top 10
frequently attacked ECSs in a week, generated over the past four weeks. Receives
and analyzes logs reported by anti-DDoS devices and displays the results on the
management console.
A zero-day vulnerability is an undisclosed software vulnerability that hackers can
exploit to adversely affect computer programs, data, additional computers, or a
network.
Instance monitoring enables you to view all monitored ECSs, instances, and
metrics.
You can also configure alarm rules to define how alarms will be generated.
The first in the industry to enable HA for all components and to support
remote DR at a distance of over 1000 km.
Huawei big data platform is the first in China to meet data protection
standards of the financial industry.
Huawei's big data solution enables HA for all components from management
nodes to data nodes, ensuring zero service interruption in the event of a
single point of failure.
High performance:
VMs can directly access local hard disks, reducing virtualization overheads
and improving processing performance.
Ease of use
A web-based SQL CLI is also provided to enable quick script debugging and
checking, freeing you from installing clients on PCs.
These services can handle all scenarios, serving senior data scientists, data engineers, IT engineers, service
development personnel, and much more. In addition, with in-depth implementation of industry-tailored AI, such
capabilities are increasing rapidly.
58
Answer: ABC
69
74
81
82
83
88
89
90
91
92
1. Visit https://intl.huaweicloud.com/.
3. Enter the user information and password, and click Log In.
You can view, purchase, use, and operate various HUAWEI CLOUD service products
after you have logged in to the management console.
The management console manages various services such as computing, storage,
network, security, management and deployment, application services, databases,
data analysis, enterprise applications, and DevCloud.
With IAM, you can manage user accounts and control their access to your
resources. When multiple users in your enterprise perform collaborative operations
on resources, IAM allows you to grant only necessary permissions to those users.
IAM ensures user account security and reduces security risks for your enterprise
information by allowing you to set login verification policies, password policies,
and access control lists (ACLs).
On the management console homepage, choose Computing > Elastic Cloud
Server.
On the ECS management console, buy an ECS, view or modify ECS information, or
perform other operations.
On the EVS management console, attach or detach an EVS disk, expand disk
capacity, create EVS backups, delete an EVS disk, or perform other operations.
Security: Security group rules protect the network from viruses and Trojans.
Security services such as Anti-DDoS, WAF, and VSS are included to further enhance
ECS security.
Auto Scaling: ECS specifications and bandwidths can be adjusted to meet service
and cost requirements at any time. Excellent computing performance is ensured
through ECS+BMS networking.
vmall.com:
https://www.huaweicloud.com/cases/1510998940064.html?from=https%3A%2F%2
Fwww.huaweicloud.com%2Fcases.html
Yonyou Telecom:
https://www.huaweicloud.com/cases/1437036888_114.html?from=https%3A%2F%
2Fwww.huaweicloud.com%2Fcases.html
Compared with general computing ECSs, the general computing-plus ECSs provide
the combinations of vCPUs and memory with larger specifications, offering more
options for you to select. In addition, the ECSs use latest-generation network
acceleration engines and DPDK rapid packet processing mechanism to provide
higher network performance, meeting requirements in different scenarios.
Memory-optimized ECSs have a large memory size and provide high memory
performance. They are designed for memory-intensive applications that process a
large amount of data, such as precision advertising, e-commerce big data analysis,
and IoV big data analysis.
Ultra-high I/O ECSs use high-performance local NVMe SSD disks to provide high storage
IOPS and low read/write latency. The ratio of vCPU to memory is 1:8. You can create such
ECSs with high-performance NVMe SSD disks attached on the management console.
Ultra-high I/O ECSs can be used for high-performance relational databases, NoSQL
databases (such as Cassandra and MongoDB), and ElasticSearch.
High-performance computing ECSs provide a large number of CPU cores, large memory
size, and high throughput. These ECSs are suitable for high-performance processor
applications restricted by computing performance.
Note: Yearly/Monthly ECSs cannot be deleted. They support only resource unsubscription. If an ECS is
no longer used, switch to the Elastic Cloud Server page, click More in the Operation column of this
ECS, and select Unsubscribe to unsubscribe it.
Pay-per-use: After you specify the ECS configuration, HUAWEI CLOUD deducts the fees incurred
from your account based on the service duration.
Click Image.
Public image: A public image is a standard, widely used image. It contains an OS and
preinstalled public applications and is available to all users. You can configure the
applications or software in the public image as needed.
Private image: A private image is an image available only to the user who creates it. It
contains an OS, preinstalled public applications, and the user's private applications. Using a
private image to create ECSs removes the need to configure multiple ECSs repeatedly.
Marketplace image: The Marketplace is a store where you can purchase third-party images
that have the OS, application environment, and software pre-installed. You can use the
images to deploy websites and application development environments with a few clicks,
and no additional configuration operation is required.
Set Disk.
A disk can be a system disk or a data disk. When creating an ECS, you can add up to 24 disks with
customized sizes to it. After the ECS is created, you can add up to 60 disks to such a newly created ECS. The
system disk size of a P1 or P2 ECS must be greater than or equal to 15 GB. It is recommended that the
system disk size be greater than 40 GB.
System disk: If the image based on which an ECS is created is not encrypted, the system disk of the
ECS is not encrypted. In addition, Unencrypted is displayed for the system disk on the page. If the
image based on which an ECS is created is encrypted, the system disk of the ECS is automatically
encrypted. For details, see section (Optional) Encryption-related parameters.
Data disk: You can create multiple data disks for an ECS and configure sharing and encryption for
each data disk.
SCSI: indicates that the device type of the data disk is SCSI.
Share: indicates that the EVS disk is shared. Such an EVS disk can be attached to multiple
ECSs.
Encryption: indicates that the data disk is encrypted. For details, see section (Optional)
Encryption-related parameters.
(Optional) Encryption-related parameters: To enable encryption, click Create Xrole to grant KMS
access rights to EVS. If you have rights granting permission, grant the KMS access rights to EVS. If
you do not have the permission, contact the user having the security administrator rights to grant
the KMS access rights.
Encrypted: indicates that the EVS disk has been encrypted.
Create Xrole: grants KMS access rights to EVS to obtain KMS keys. After the rights
are granted, follow-up operations do not require granting rights again.
KMS Key Name: specifies the name of the key used by the encrypted EVS disk. By
default, the name is evs/default.
Xrole Name: EVSAccessKMS: specifies that rights have been granted to EVS to
obtain KMS keys for encrypting or decrypting EVS disks.
KMS Key ID: specifies the ID of the key used by the encrypted data disk.
VPC: provides a network, including subnet and security group, for an ECS. You can select an
existing VPC, or click VPC and create a desired one.
Note: Ensure that DHCP is enabled in the VPC to which the ECS belongs.
Security Group: controls ECS access within or between security groups by defining access rules.
This enhances ECS security.
NIC: includes primary and extension NICs. You can add multiple expansion NICs to an ECS and
specify IP addresses for them (including primary NICs).
EIP: A static public IP address bound to an ECS in a VPC. Using the EIP, the ECS provides services
externally.
Not required: Without an EIP, the ECS cannot access the Internet and is used only in the
private network or cluster.
Automatically assign: The system automatically assigns an EIP for the ECS. The EIP provides
exclusive bandwidth that is configurable.
Use existing: An existing EIP is assigned for the ECS. When using an existing EIP, you cannot
create ECSs in batches.
Type: When changes occur on a network using static BGP, network configurations cannot be promptly
adjusted to ensure optimal user experience. When changes occur on a network using dynamic BGP,
network configurations can be promptly adjusted using the specified routing protocol, ensuring network
stability and optimal user experience.
Billed By: This parameter is mandatory if EIP is set to Automatically assign. It indicates the bandwidth
billing mode of the purchased EIP, which includes the following options:
Traffic: You are charged based on the actual traffic you have used.
All OSs support key-authenticated ECS logins.
Windows:
Login using VNC: If no EIP is bound to an ECS, you can remotely log in to the ECS on the
management console.
Login using MSTSC: This option applies only to ECSs running Windows. You can run the mstsc
command on a local computer to log in to an ECS. Ensure that the ECS has an EIP bound.
Linux:
Login using VNC: If no EIP is bound to an ECS, you can remotely log in to the ECS on the
management console.
Login using SSH: This method applies only to Linux ECSs. You can use a remote login tool, such as
PuTTY, to log in to the ECS. Ensure that the ECS has an EIP bound.
Note: Both an SSH key and an SSH password can be used for logins.
Method 1: A single ECS or multiple ECSs can be processed in a batch.
3. On the Elastic Cloud Server page, view the status of the target ECS. If the ECS is
not in Stopped state, click More in the Operation column and select Stop.
4. Click More in the Operation column and select Modify Specifications. The
Modify ECS Specifications page is displayed.
(Optional) Set DeH. If the ECS is created on a DeH, the system allows you to change
the DeH. To do so, select the target DeH from the drop-down list. If no DeH is
available in the drop-down list, remaining DeH resources are insufficient and cannot
be used to create the ECS with specifications modified.
6. Click OK.
7. Confirm the modified configuration. Read and select the service agreement, and
then click Submit.
The one-click password reset plug-ins are CloudResetPwdAgent and
CloudResetPwdUpdateAgent.
B
B
For example, a company may offer a web application for buying train tickets which
runs on the public cloud. This application is rarely used during Q2 and Q3 because
there aren't many travelers, but it is frequently used during Q1 and Q4 because
many people travel over the holidays. In most cases, servers are added to increase
the processing capability, or applications are added to process the requests
together, thereby meeting service requirements. However, these two solutions may
waste resources or struggle to meet demand spikes. After you enable AS for an
application, AS automatically adjusts the number of servers based on requirements
to reduce cost and meet demand spikes.
AS dynamically scales two types of resources: ECSs and EIP bandwidths.
You can configure alarm, scheduled, and periodic policies to enable AS to automatically scale
your ECS and bandwidth resources.
The alarm policy adjusts the number of ECSs based on Cloud Eye metrics (such as
CPU usage) or adjusts the EIP bandwidth size based on inbound traffic. Periodic
and scheduled policies are applicable to scenarios where demand changes are
fixed. The number of resources can be adjusted at a specified time point or
periodically as required.
AS scales ECSs or adjusts the EIP bandwidth size when trigger conditions are met.
Low Cost: You are charged only for ECSs or bandwidths you use.
Max. Instances and Min. Instances: specify the maximum and minimum number
of ECSs in the AS group.
Load Balancing: specifies a service that distributes traffic to multiple backend ECSs
based on forwarding policies. AS works with this service to improve the fault
tolerance of applications in the AS group.
Instance Removal Policy: defines the rules for removing ECSs from the AS group.
Preferentially removing instances ensures that the remaining instances are evenly
distributed in AZs.
EIP: specifies is a static, public IP address. After you bind an EIP to an ECS in your
subnet, the EIP will enable the ECS to communicate with Internet through a fixed
public IP address.
Health Check Method: specifies the method for checking the status of instances in
an AS group. ECS health check and ELB health check are supported. If the AS
group uses ELB listeners, the health check method can be ELB health check.
Health Check Interval: indicates the health check period for an AS group.
Health Check Grace Period: After a new instance is added to an AS group, the
health check checks the running status of the instance only after the grace period
expires.
Advanced Settings: supports notifications and tags. This is an optional
configuration.
AS Configuration: specifies the specifications of ECS instances to be added to an
AS group. You can select an existing AS configuration or create an AS
configuration.
Disk: provides storage functions for ECSs. You must specify system disk
parameters, including the disk I/O type and size.
Security Group: A security group is a logical group that controls access within and
between security groups. The default security group rules allow all outbound
traffic and deny all inbound traffic.
EIP: If a load balancer has been added to the AS group, you do not need to set this
parameter. The system automatically associates ECSs in the AS group with the load
balancer listener. These ECSs will provide services through the EIP bound to the
load balancer.
Login Mode: specifies the login mode of ECSs. Two login modes are supported:
key pair and password.
Advanced Settings: This parameter allows you to configure File Injection, User
Data Injection, and ECS Group.
An AS policy specifies the conditions for triggering a scaling action. AS supports the following
policies:
Alarm: monitors the CPU usage, memory usage, inband incoming rate, and disk read/write
rate of ECSs to dynamically increase or decrease the number of ECSs.
In addition, multiple types of scaling policies can be configured in complex application scenarios.
A maximum of 10 scaling policies can be added to an AS group.
No limit is provided for scaling actions triggered by other scaling policies such as scheduled and
periodic policies.
The AS service adjusts the EIP bandwidth size based on bandwidth scaling policies.
Select an alarm policy when service peaks are unpredictable. The AS service will adjust the
number of instances in the AS group or adjust the EIP bandwidth size based on the dynamically
changed policies. The following trigger condition parameters are supported: Inbound
Bandwidth, Inbound Traffic, Outbound Bandwidth, Outbound Traffic, and Upstream
Bandwidth Usage.
Cooldown Period: specifies a period of time after each scaling action is complete. After a
scaling action is triggered, the system starts to count the cooling time. During the cooldown
period, scaling actions triggered by alarms will be denied. Scheduled and periodic scaling
actions are not affected.
AS management includes management of AS groups and AS bandwidth scaling
policies.
If the service scenario changes, you need to change the specifications of the ECS
instances. This can be done by changing the AS configuration of the AS group.
To improve the fault tolerance of an AS group, you can add an ELB listener to the
group. Then, this listener will evenly distribute access traffic to all ECSs in the
group.
When service demands decrease, you can also reduce resources to control costs.
AS supports the following instance removal policies:
Oldest instances: The earliest instance is removed from the AS group first.
Newest instances: The latest instance is removed from the AS group first.
Manually-added instances are removed in the lowest priority, and AS does not delete
manually-added instances when removing them. If multiple ECS instances are
manually added to an AS group, AS removes the instances following the First in, First
Out rule. Specifically, the earliest-added ECS instance is removed first.
Removing instances preferentially ensures that the rest instances are evenly
distributed in AZs.
Due to limited space, this figure only shows some metrics. The metrics not displayed include
the disks read rates, disks write rates, disks write requests, and number of instances.
You can also view records of scaling actions in a table. All scaling actions of the AS group are
recorded in the table.
Lifecycle hooks provide more flexible management of scaling actions. They allow
you to perform as many customized operations as you can when an instance is
added to or removed from an AS group.
AS policy management enables you to handle diversified demands and cope with
complex scenarios.
When a policy needs to be executed immediately but trigger conditions are not met, you
can manually execute the AS policy.
For details about how to manage AS policies, see the Auto Scaling User Guide.
Health checks remove abnormal instances to ensure the availability of each
instance in your AS group.
ECS health check checks the status of each ECS and removes unavailable ones.
ELB health check can be performed only when the AS group uses load balancing.
The ELB health check is implemented by sending heartbeat messages from the ELB
service to the backend ECS, which is more fine-grained than the ECS health check.
To ensure high system reliability, the ELB health check is recommended.
Elastic Cloud Server (ECS): provides the servers that are scaled in or out by the AS service.
Virtual Private Cloud (VPC): provides bandwidth data for configuring a bandwidth scaling
policy.
Elastic Load Balance (ELB): works with AS to evenly distribute traffic to each instance in
an AS group, improving system availability.
Cloud Trace Service (CTS): records operations related to auto scaling for later query,
auditing, and backtracking.
Cloud Eye: provides alarm conditions for triggering scaling actions when an alarm policy
is configured.
Answers:
Q1: ABCD
Explanation:
Q2: ABC
Explanation:
AS does not support monitoring policies. The alarm policy of an AS group uses
Cloud Eye metrics, such as CPU usage.
Public image: This type of image contains a standard OS and pre-installed
applications, and is visible to all users. You can configure personal applications as
needed.
Private image: This type of image is visible only to image owners, and can contains
various information depending on the type.
Shared image: This type of image is shared by other users and can be used as your
own private image.
Convenient: You can create a private image from an ECS, BMS, or external image
file, or use an image to batch-create ECSs or BMSs.
Secure: Multiple redundant copies of private images ensure high data durability.
Flexible: Images can be easily managed through the management console or APIs.
Common OSs include Windows, Ubuntu, CentOS, Debian, and openSUSE. For
details, see the IMS console.
Image creation
IMS allows you to create a private image from a server or external image file.
Image management
Server creation
Private images are only visible to their owners. Creating ECSs from a private image
saves you from configuring ECSs one by one. You can create a private image from
an ECS or an external image file.
The following methods are available for you to create a private image.
Create a system disk image from an external image file containing a Windows
OS.
Create a system disk image from an external image file containing a Linux OS.
1. Log in to the Windows ECS, choose Start > Control Panel > Network and
Internet Connections > Local Area Connection > Properties > General.
2. In the Image Type and Source area, select System disk image for Type.
3. Select ECS for Source, and then select the target ECS.
If the ECS uses a static IP address, set the IP address obtaining mode to DHCP.
For Red Hat Linux, CentOS, Oracle Enterprise Linux, and EulerOS, use the vi
editor to add PERSISTENT_DHCLIENT="y" to /etc/sysconfig/network-
scripts/ifcfg-ethX.
For Ubuntu 12.04, upgrade dhclient to 4.2.4 so that the NICs can consistently
obtain IP addresses from the DHCP server. For upgrade instructions, see the
Image Management Service User Guide.
The operations to delete network rule files are as follows:
1. Run the following command to list the files in the network rule directory:
ls -l /etc/udev/rules.d
Network rules must be deleted if the following information is displayed and the file
name contains both persistent and net:
70-persistent-net.rules
2. Run the following commands to delete the files whose names contain persistent
and net from the network rule directory:
rm /etc/udev/rules.d/30-net_persistent-names.rules
rm /etc/udev/rules.d/70-persistent-net.rules
2. In the Image Type and Source area, select System disk image for Type.
Data disk images can be used to create data disks for migrating your data to the cloud.
Data disk images contain only your service data. You can use data disk images to export data
on data disks on an ECS.
Data disk images can be used to create data disks for migrating your data to the cloud.
You can use an ECS with data disks to create a full-ECS image. This image contains both an OS
and your service data and can be used to quickly create ECSs with service data.
The ECS used to create a full-ECS image can be in the running state.
The associated CSBS backup is not deleted together with the full-ECS image. You can delete
the backup on the CSBS console.
If an ECS has been backed up through the CSBS service, its backup can be used to create an
image.
To create a full-ECS image, you require permission to access the CSBS backup.
The CSBS backup is not deleted with the full-ECS image. You can delete the backup on the
CSBS console.
You can shared your private images with others. If you are a DeC user, image sharing
allows you to use images in multiple projects of the same region.
If you are an image provider, you can specify which images to be shared,
cancel image sharing at any time, and add or delete tenants who use shared
images.
If you are the image recipient, you can choose to receive or decline shared
images, or remove images that have been accepted.
You can create an encrypted private image using an encrypted ECS or an external image file.
If the ECS system disk is encrypted, the created system disk image is encrypted.
If an ECS is created from an encrypted image, its system disk is encrypted and its key is
the same as the image key.
You can replicate images in the following scenarios:
From an encrypted image to an encrypted one: The keys of encrypted images cannot be
changed. If you want to change the key of an encrypted image, replicate the image and
select a new key for encrypting it.
From an unencrypted image to an encrypted one: If you have an unencrypted image and
want to encrypt it, you can use the image replication function and specify a key during
replication.
If you have created a private image in a region, you can replicate it to another region. This enables
you duplicate ECSs and migrate services across regions.
To add predefined tags to an image or search for an image using predefined tags, you must have
permission to access Tag Management Service (IMS).
Answer: ABD
Metric values of different types of disks are different. This slide only introduces
two common metrics. For details about more metrics, visit
https://support.huaweicloud.com/en-us/productdesc-evs/en-
us_topic_0014580744.html.
EVS disks need to be used together with servers. The application scenarios cover
the detailed services are provided as reference for users.
For more information about the purchasing parameters, visit
https://support.huaweicloud.com/qs-evs/zh-cn_topic_0021738346.html.
For more information, visit https://support.huaweicloud.com/en-us/productdesc-evs/en-
us_topic_0014580744.html.
For more information, visit https://support.huaweicloud.com/en-us/productdesc-
evs/en-us_topic_0052554220.html.
For more information, visit https://support.huaweicloud.com/en-us/productdesc-
evs/en-us_topic_0014580744.html.
Process of capacity expansion of an Available disk: Available > Expanding > () Process
of capacity expansion of an In-use disk: In-use → Expanding → In-use (if the
expansion succeeded)
For more information, visit https://support.huaweicloud.com/en-us/productdesc-
evs/en-us_topic_0014580744.html.
Answers:
BD
D
VBS backups are stored on OBS and can be used to restore EVS disk data or create
EVS disks.
VBS provides snapshot-based data protection, supports online backup, and does
not require deploying agents in the service system.
VBS supports both full and incremental backup modes. You can use a data backup
generated in either backup mode to restore the source EVS disk to the state the
EVS disk was in when the backup was created.
An object is the basic unit of data storage in OBS. It consists of object data and
object metadata that describes object attributes. Data uploaded to OBS is stored
in buckets as objects.
A key specifies the name of an object. An object key is a string ranging from
1 to 1024 characters in UTF-8 format. Each object is uniquely identified by a k
ey within a bucket.
On OBS Console or OBS Browser, you can operate folders the same way as
operating them in a file system.
OBS provides two billing modes. You can prepay for yearly/monthly packages or
pay per use. You are charged per use by default. You are charged per use by
default.
The billing items include storage capacity, traffic, number of requests, and data
restoration. For details about billing modes, see the table.
You need to pay for the service duration, which is calculated by hour, and does not
include a minimum fee.
OBS provides two billing modes. You can prepay for yearly/monthly packages or
pay per use. You are charged per use by default. You are charged per use by
default.
OBS offers packages for multi-AZ storage, common storage, downstream traffic,
and pull traffic.
Resource packages are charged as the one-off fee and take effect immediately up
on payment. Currently, you cannot specify the date when the resource package tak
es effect.
When a purchased package is within its validity period, any resources used are initi
ally offset by the package quota. However, when used resources exceed the packa
ge quota, subsequent resources are charged on a pay-per-use basis.
• 120 TB data can be migrated to the cloud with the Teleport offline data
transfer capabilities.
• Source data and calculation results can be stored in the Archive storage,
costing as low as ¥0.033/GB per month.
By working with cloud service such as ECS, Elastic Load Balance (ELB), Relational
Database Service (RDS), CDN, and Domain Name Service (DNS), OBS provides the
mobile internet scenarios with solutions that have scalable resources, flexible
configurations, large capacity, reliable security, and high concurrency.
By working with cloud services such as ECS, ELB, RDS, and Volume Backup Service
(VBS), OBS provides web disk scenarios with a storage system that allows high
concurrency, high reliability, low latency, and low cost. The storage capacity
automatically scales with the volume of data stored increases.
An object is the basic unit of data storage in OBS. It consists of object data and
object metadata that describes object attributes. Data uploaded to OBS is stored
in buckets as objects.
A bucket is a virtual container used to store objects in OBS. OBS provides flat
storage in the form of buckets and objects. Unlike the conventional multi-layer
directory structure of file systems, all objects in a bucket are stored at the same
logical layer.
OBS provides the following storage classes: Standard, Infrequent Access, and
Archive. With diversified storage classes, OBS caters to customer
requirements on both storage performance and costs. When creating a
bucket, you can set a storage class for the bucket. The storage class of a
bucket can be changed as needed.
The account provided by OBS includes the access key ID (AK) and secret access key
(SK), which are used for identity authentication. If you use a client to send a
request to OBS, the request header must contain a signature. The signature is
generated based on the SK, request time, and request type.
An AK and an SK form a key pair used to access OBS. When OBS APIs are
used to access stored data, AKs and SKs are used to generate authentication
information.
After subscribing to OBS, you can log in the console, and create AKs and SKs
on the My Credential page. The system identifies users who access the
system by AKs, and SKs are used for key authentication.
An AK maps to only one user but a user can have multiple AKs.
One SK maps to one AK, forming a key pair for accessing OBS and thereby
ensuring access security.
To access and operate OBS resources, users must have corresponding permissions.
You can access or operate the OBS only when you have the permission to access
or operate OBS resources.
You can configure the operation permissions for OBS resources by configuring
IAM user groups. Then users in these groups inherit the configured permissions.
For details about how to configure IAM user group permissions, see the IAM User
Guide.
Bucket policy application scenarios
Bucket ACLs can only be used to control permissions to obtain object lists
and upload objects, but not to obtain object contents and metadata. To ob
tain the content of an object in a bucket, you must configure the bucket po
licy (set General Settings to Public Read or configure the Customized mode
in the Advanced Settings) to grant such fine-grained permissions to users.
Bucket ACLs are configured based on accounts and user groups and canno
t control the permissions of any specific IAM user. IAM user permission set
tings can only control cloud resource operation permissions of users under
their own accounts, but cannot manage permissions of users in other acco
unts. To grant an IAM user in an account with the access permission to res
ources under another account, you must configure a bucket policy with ad
vanced settings.
A bucket ACL supports only simple permission control. For example, a buc
ket ACL cannot authorize users the permission to delete a bucket policy, b
ut a bucket policy can. Therefore, you must configure bucket policies with
advanced settings to manage all operation permissions for buckets and o
bjects.
OBS can store multiple versions of an object. You can quickly search for and
restore different versions or restore data in the event of misoperations or
application faults.
By default, the versioning function is disabled for new buckets on OBS. Therefore,
if you upload an object to a bucket where an object with the same name as the
uploading one exists, the new object will overwrite the existing one.
Enabling Versioning
The latest objects in a bucket are returned by default after a GET Object
request.
You can select an object and click Delete on the right to delete the object.
After the object is deleted, OBS generates a Delete Marker with a unique
version ID for the deleted object, and the deleted object is displayed in the
Deleted Objects list.
You can recover a deleted object by deleting the object version that has
the Delete Marker.
After an object is deleted, you can specify the version number in Deleted
Objects to permanently delete the object of the specified version.
An object is displayed either in the object list or the list of deleted objects.
It will never be displayed in both the lists at the same time. For example,
after object A is uploaded and deleted, it will be displayed in the Deleted
Objects list. If you upload an object named A again, the object A will be
displayed in the Objects list, and the previously deleted object A will no
longer be displayed in the Deleted Objects list.
All object versions except those with Delete Marker stored in OBS are
charged.
OBS can store multiple versions of an object. You can quickly search for and
restore different versions or restore data in the event of misoperations or
application faults.
By default, the versioning function is disabled for new buckets on OBS. Therefore,
if you upload an object to a bucket where an object with the same name as the
uploading one exists, the new object will overwrite the existing one.
Enabling Versioning
The latest objects in a bucket are returned by default after a GET Object
request.
You can select an object and click Delete on the right to delete the object.
After the object is deleted, OBS generates a Delete Marker with a unique
version ID for the deleted object, and the deleted object is displayed in the
Deleted Objects list.
You can recover a deleted object by deleting the object version that has
the Delete Marker.
After an object is deleted, you can specify the version number in Deleted
Objects to permanently delete the object of the specified version.
OBS can store multiple versions of an object. You can quickly search for and
restore different versions or restore data in the event of misoperations or
application faults.
By default, the versioning function is disabled for new buckets on OBS. Therefore,
if you upload an object to a bucket where an object with the same name as the
uploading one exists, the new object will overwrite the existing one.
Enabling Versioning
The latest objects in a bucket are returned by default after a GET Object
request.
You can select an object and click Delete on the right to delete the object.
After the object is deleted, OBS generates a Delete Marker with a unique
version ID for the deleted object, and the deleted object is displayed in the
Deleted Objects list.
You can recover a deleted object by deleting the object version that has
the Delete Marker.
After an object is deleted, you can specify the version number in Deleted
Objects to permanently delete the object of the specified version.
Suspending Versioning
Historical versions will be retained in OBS. If you do not need these historical
versions, manually delete them.
All historical object versions except those with Delete Marker stored in OBS
are charged.
If you delete an object when versioning is suspended, a null version with the
Delete Marker is generated regardless of whether the object has historical
versions. But, if versioning has not been enabled, the same operation will not
generate a version with the Delete Marker.
Lifecycle rules have two key elements:
Policy: You can specify the prefix of object names so that objects whose nam
es have this prefix are restricted by the rules. You can configure lifecycle rules
for a bucket so that all objects in the bucket can be restricted by the lifecycle
rules.
Time: You can specify the number of days after which objects that have been
last updated and meet specified conditions are automatically transitioned to I
nfrequent Access, Archive, or expire and are then automatically deleted.
Transition to Archive: You can specify the number of days after which o
bjects that have been last updated and meet specified conditions are au
tomatically transitioned to Archive.
Expiration time: You can specify the number of days after which objects
are automatically deleted or the day after which an object that matches
with a rule is deleted.
OBS allows you to access static websites hosted by OBS.
Static websites contain static web pages and some scripts that can run on clients,
such as JavaScript and Flash. Different from static websites, dynamic websites rely
on servers to process scripts, including PHP, JSP, and ASP.NET. OBS does not
support scripts running on servers.
Create a bucket.
Configure DNS.
Finally, you can verify whether the static website hosting is configured
successfully by accessing the website domain name.
After server-side encryption is enabled, objects to be uploaded will be encrypted
and stored on the server. When downloading the encrypted objects, the encrypted
data will be decrypted on the server and displayed in plaintext to users.
KMS uses the hardware security module (HSM) to protect key security, helping you
easily create and control encryption keys. Keys are not displayed in plaintext
outside HSMs, which prevents key disclosure. All operations on keys are controlled
and logged, and usage records of all keys can be provided to meet regulatory
compliance requirements.
The objects to be uploaded can be encrypted using SSE-DEW. You need to create
a key using Key Management Service (KMS) or use the default key provided by
KMS. Then you can use the KMS key to perform server-side encryption when
uploading objects on OBS
In HTTP, a website can detect the web page that accesses a target web page using
the Referer field. As the Referer field can trace sources, specific techniques can be
used to block or return specific web pages if requests are not from trusted
sources. URL validation checks whether the Referer field in a request matches the
configured whitelist or blacklist. If the field matches the whitelist, the request is
allowed. Otherwise, the request is denied or specific pages are returned.
To prevent data in OBS from being stolen by other users, OBS supports URL
validation based on the Referer field in HTTP headers. OBS also supports both
whitelist and blacklist settings.
Storage space occupied by fragments in the OBS is charged, so you need to
manually clear fragments.
You can also manually clear fragments using the fragment management
function. If you resume an upload task after clearing the fragments, the
upload progress will be lost and the task needs to be re-executed.
OBS provides you with a variety of platforms, such as OBS Console and OBS
Browser, as well as REST APIs.
OBS Console is a web-based GUI. Through the console, you can perform
operations on OBS resources directly.
OBS Browser is an OBS client running on the Windows operating system. You can
use OBS Browser to manage the storage of objects on your PC.
Notes:
obscmd, APIs/SDKs will be available in Hong Kong region soon later, or you can
contact the technical support team if you have further questions.
obscmd is an OBS client running on the Linux operating system. It allows you to
upload local files to OBS or download files from OBS. obscmd features multipart
uploading and downloading, which can greatly speed up data transmission.
OBS SDK encapsulates APIs provided by OBS to simplify user development. Users
can directly use API functions provided by the OBS SDK to obtain the OBS service
capabilities.
OBS provides the REST API for users to easily access OBS from web applications.
By making API calls, you can upload and download data at any time, anywhere, or
through any internet device.
Files are uploaded in multiparts on OBS Browser. It supports the upload of a single
file with the maximum size of 48.8 TB.
OBS Browser supports resumable transfer. If the upload task is suspended or fails,
restart the task. According to the part information recorded in the task, the
successfully uploaded parts will not be uploaded again, and other parts will be
requested for uploading.
Answer: ABC
Scalable File Service (SFS) provides high-performance file storage that is scalable
on demand. It can be shared by multiple Elastic Cloud Servers (ECSs). Features of
SFS are as follows:
SFS offers an intuitive graphical user interface (GUI). On the GUI, customers
can create and configure file system with ease, and conveniently deploy,
expand, and optimize file systems.
SFS file systems feature high reliability and high availability. The performance
of a file system increases as its capacity increases. The file systems can be
widely used in media processing, high-performance computing, content
management, and home directory scenarios.
Question:Can a File System Be Accessed Across VPCs?
A file system of the SFS Turbo type in a VPC is accessible only to AZs in the
VPC.
File sharing: ECSs in multiple availability zones (AZs) of a region can access a file
system concurrently, achieving multi-ECS access to the same file and file sharing.
Easy operation and low costs: File systems are usable after easy creation. SFS is
charged by capacity use and is cost-effective.
Creating a file system
You can create a file system and mount it on multiple ECSs. Then data can be
shared using the file system access method.
After creating a file system, you need to mount the file system to ECSs so
that ECSs can share the file system.
Answer: ABCD
A VPC facilitates internal network management and configuration, and allows you
to implement secure and quick network changes. You can also customize the ECS
access rules within a security group and between security groups to improve ECS
security.
Have full control over your virtual networks, for example, creating your own
network and configuring the DHCP service.
Create network ACLs as well as add inbound and outbound rules to improve
subnet security.
Assign EIPs in a VPC and use NAT gateways connect ECSs in your VPC to the
Internet.
Connect a VPC to your corporate data center using a VPN or Direct Connect
connection for smooth application migration to the cloud.
Connect two VPCs in the same region using VPC peering connections.
Large Internet applications:
Stores user data in the corporate data center and uses a Direct Connect
connection or VPN to connect the corporate data center and HUAWEI
CLOUD.
Universal Web Applications:
Application scenarios: Blogs and simple websites
Characteristics: You can host web applications and websites in a VPC and use the
VPC as a common network. You can create a subnet and create ECSs in the subnet.
You can also use EIPs to connect ECSs to the Internet for running web applications
deployed on the ECSs.
Recommended services: VPC and ECS
Enterprise Hybrid Cloud
Application scenarios: E-commerce websites
Characteristics: You can connect a VPC to your private cloud using a VPN connection.
With a VPN connection between the VPC and your traditional data center, you can
easily use the ECSs and block storage resources. Applications can be migrated to the
cloud and additional web servers can be deployed to increase the computing
capacity on a network. In this way, a hybrid cloud is built.
Recommended services: Elastic Load balancer (ELB), VPC, and ECS
Security-Demanding Services
Application scenarios: Security-demanding service systems
Characteristics: You can create a VPC and security groups to host multi-tier web
applications in different security zones. You can associate web servers and database
servers with different security groups and configure different access control rules for
security groups. You can launch web servers in a publicly accessible subnet and
database servers in non-publically accessible subnets to ensure high security and
meet requirements of security-demanding scenarios.
Recommended services: VPC, Vulnerability Scan Service (VSS), Anti-DDoS, and ECS
Private network customization: You can customize private subnets in your VPC and
deploy applications and other services in the subnets accordingly.
Flexible security policy configuration: You can use security groups to divide ECSs in
a VPC into different security zones and then configure different access control
rules for each security zone. You can also create network ACLs to control traffic in
and out of associated subnets, improving subnet security.
EIP binding: You can assign an independent EIP in your VPC. The EIP can be bound
to or unbound from an ECS as required. The binding and unbinding operations
take effect immediately after the operations are performed.
Direct Connect/VPN access: You can use a Direct Connect connection or VPN to
connect your VPC with the corporate data center to form a hybrid network for
smooth application migration to the cloud.
Subnet: A subnet is a network that manages ECS network planes. It supports IP address
management as well as DHCP and DNS services. The IP addresses of all ECSs in a subnet
belong to this subnet. By default, ECSs in all subnets of the same VPC can communicate
with one another, while ECSs in different VPCs cannot communicate with one another.
EIP: An EIP is a static, public IP address. You can bind an EIP to an ECS in your subnet or
unbind the EIP from the ECS. The EIP enables your VPC to communicate with the Internet
through a fixed public IP address.
Bandwidth: You can allocate bandwidth when assigning an EIP so that the ECS bound with
the EIP can use the bandwidth to access the Internet.
Security group: A security group is a collection of access control rules for ECSs that have
the same security protection requirements and are mutually trusted in a VPC. After creating
a security group, you can create different access rules for the security group to protect the
ECSs in the security group. The default security group rule allows all outgoing data packets.
ECSs in a security group can access each other without the need to add rules.
VPN: A VPN establishes an encrypted communication tunnel between a user and a VPC,
enabling the user to use resources in the VPC. By default, ECSs in a VPC cannot
communicate with your corporate data center or private network. To enable
communication between them, you can create a VPN.
Remote gateway: A remote gateway is the public IP address of the physical device on the
remote side in an IPsec VPN tunnel. The remote gateway of each IPsec VPN must be
unique.
Remote subnet: A remote subnet is the destination network reachable through the tunnel.
All IP packets sent to the network are transmitted through the IPsec VPN tunnel. You can
configure more than one remote subnet. The remote subnet of a VPN cannot be a subnet
in the VPC where the VPN is created.
A VPC provides an isolated virtual network for ECSs. You can configure and
manage the network as required.
If your ECSs do not need to access the Internet, for example, the ECSs
functioning as the database or server nodes for deploying a website, you can
configure a VPC for the ECSs by following the instructions described in
Configuring a VPC for ECSs That Do Not Need to Access the Internet in
the Virtual Private Cloud User Guide.
If your ECSs need to access the Internet, you can configure EIPs for them. For
example, the ECSs functioning as the service nodes for deploying a website
need to be accessed by users over the Internet. Then, you can configure the
VPC of these ECSs by following the instructions provided in Configuring a
VPC for ECSs That Access the Internet Using EIPs in the Virtual Private
Cloud User Guide.
Access requests are routed to backend servers by the load balancer according to
relevant policies and forwarding rules.
High availability: ELB features a redundant design that automatically removes
abnormal servers and routes traffic only to healthy servers, ensuring service
availability.
High flexibility: ELB automatically expands the request handling capability based
on the traffic to applications and seamlessly integrates with Auto Scaling to meet
requirements posed by traffic changes.
ELB automatically scales its request handling capacity according to the incoming
traffic. Deep integration with AS enables ELB to automatically add or remove
backend servers, improving the service flexibility. This makes ELB ideal for services
that have significant traffic peaks, such as e-commerce websites, mobile games,
and live websites.
ELB routinely performs health checks on backend servers to monitor their healthy
state. If a backend server becomes faulty, ELB automatically distributes incoming
requests to healthy backend servers, ensuring service continuity. This makes ELB
the right choice for services that require high reliability, such as official websites,
toll collection systems, and common web services.
ELB can distribute traffic across AZs. If an AZ becomes faulty, ELB distributes the
traffic to backend servers in other AZs that are running properly. Banking, policing,
and large application systems can use ELB to ensure high service availability.
As shown in the figure, an HTTP load balancer is created and used to provide access
through 10.0.0.6. After an HTTP request is sent, it first arrives at the load balancer,
and is then forwarded to a VM according to the rules.
1. Log in to the management console.
4. On the Create Load Balancer page, set the parameters as desired and click Next.
3. On the displayed page, click the name of the target load balancer.
5. In the Add Listener dialog box, set parameters as desired and click OK.
TCP/UDP: load balancing at Layer 4
• Source IP hash: The source IP address of the request is input into a hash
algorithm, and the resulting hash is used to identify a server in the static
fragment table.
• Source IP address: The hash of the source IP address of the request is used to
identify a server in the static fragment table.
• HTTP cookie: The load balancer generates a cookie after it receives a request from
a client. All the subsequent requests with the same cookie are distributed to the
same backend server.
• App cookie: This type of sticky session relies on backend applications. All requests
with the cookie generated by backend applications are distributed to the same
backend server.
1. Log in to the management console.
3. On the displayed page, click the name of the target load balancer.
5. In the Add Backend Server Group dialog box, set parameters as desired and click
OK.
1. Log in to the management console.
3. On the displayed page, click the name of the target load balancer.
4. In the Create Certificate dialog box, set the parameters and click OK.
Click here to add a note
Virtual Private Cloud (VPC): Creating load balancers requires elastic IP addresses
and bandwidth assigned in the VPC.
Auto Scaling (AS): automatically adjusts the number of backend servers by working
with ELB according to the changes in incoming traffic.
Cloud Eye: monitors the running of load balancers and listeners with no additional
plugins required.
Remote disaster recovery (DR): Backup systems are established in different places
and are connected through direct connections. When a disaster occurs, the system
can be restored to the normal state reliably and quickly.
Modifying a direct connection: After creating a direct connection, you can modify
its name and remote subnet.
This document focuses on security issues faced by tenants and security services
provided on HUAWEI CLOUD.
596
597
598
A hardware security module (HSM) is a hardware device that securely produces,
stores, manages, and uses CMKs. In addition, it provides encryption processing
services.
KMS is used for encrypting small-size data, large volumes of data, data in OBS, EVS,
IMS, and RDS. KPS is used for logging into a Linux ECS and obtaining the password
for logging into a Windows ECS. Dedicated HSM is used for encrypting your
service system.
SQL injection is an attack in which malicious code is inserted into strings that are
later passed to an instance of SQL Server for parsing and execution.
Malicious programs refer to programs with the intention to attack or perform
remote control, for example, backdoors, Trojan horses, worms, and viruses.
Key files refer to the files that may affect system running, for example, system files.
Precise protection: Groups multiple common HTTP fields, such as the URL, IP,
Params, Cookie, Referer, User-Agent, and Header, together to customize a policy.
You can also block or allow the traffic based on logic conditions.
A threat event usually refers to an event that causes damage to the information
system due to natural factors, human factors, or software and hardware faults, or
event that has negative impacts on the society. A threat event in SA refers to a
security event discovered based on big data analysis that will pose threats to user
assets.
Customer master key (CMK): keys created by users in KMS. CMKs are used to
encrypt the encryption key for data protection.
KMS is integrated with cloud services including OBS, EVS, IMS, SFS, and RDS,
providing server-side encryption (envelope encryption) for these services. Envelope
encryption refers to the method that DEKs are encapsulated into an envelope for
storage, transmission, and use, and CMKs are not used to directly encrypt and
decrypt data.
Server-side encryption for Scalable File Service (SFS): When creating a file
system using SFS, you can select KMS encryption.
606
XSS attacks are a type of injection, in which malicious scripts are injected into
otherwise benign and trusted websites. XSS attacks occur when an attacker uses a
web application to send malicious code, generally in the form of a browser side
script, to a different end user.
Certificate Authority (CA) is the certificate authorization center. As a trusted third
party in e-commerce transactions, a CA is responsible for checking the validity of
the public key in the PKI.
An origin server indicates the server where users' service are running on.
614
615
Defense and detection devices include VSS, DDoS, IDS, flow probe, WAF, HSS, and
DBSS. The ACL/security group is a defense device, and the defense device cannot
provide detection data to the SA. Therefore, the SA security detection source
excludes the ACL/security group.
Answer: A, B, C, and D.
A and B are mainly used to defend against web attacks and vulnerabilities. C is
used to ensure website reliability and D is used to prevent website services from
DDoS attacks. Misunderstanding: Only services that are classified into application
security can ensure website security.
Advantages
Editable Monitoring Panel
The system automatically adjusts capacity based on the service traffic volume and
configured alarm rules.
ECS Advanced Monitoring
Common database types are as follows: MySQL, PostgreSQL, SQL Server, Oracle,
and MongoDB.
High Security
RDS enables you to easily control network access to databases. By default, RDS runs DB instances in
a Virtual Private Cloud (VPC) that isolates DB instances and enables existing IT infrastructure to
connect to your DB instances in the VPC through encrypted IPsec VPN tunnels that comply with
industry standards. In addition, RDS provides SSL encrypted connections to prevent data from being
intercepted during transmission.
Automated backups: RDS creates automated backups for DB instances and
retains the backups within the backup retention period. You can restore data
to any point in time during your backup retention period.
Manual backups: You can also create manual backups. RDS saves manual
backups of the DB instance based on the backup retention period you
specified. You can restore data to any point in time with the backup
retention period.
Before logging in to the HUAWEI CLOUD management console, you need to
register a HUAWEI CLOUD account.
Before buying an RDS DB instance, ensure that your account balance is greater
than ¥0.
Procedure
1. Log in to the HUAWEI CLOUD management console.
After the DB instance is created, you cannot change the DB engine. Therefore,
exercise caution when selecting a DB engine.
The default database port is 3306. After the DB instance is created, you can
change its port.
You can bind an elastic IP address (EIP) to a DB instance to make it publicly
accessible.
4. On the Instance Management page, locate the target DB instance and click Log
In in the Operation column.
5. In the displayed login window, enter the correct username and password and
click Log In.
1. Log in to the HUAWEI CLOUD management console.
4. On the Instance Management page, locate the target DB instance and click
Create Read Replica or choose More > Create Read Replica in the Operation
column.
6. Confirm specifications.
7. After a read replica has been created, you can view and manage it on the
Instance Management page.
1. Log in to the HUAWEI CLOUD management console.
4. On the Instance Management page, select the target DB instance and click
Change Billing Mode in the Operation column.
5. Select the renewal duration in the unit of month. The minimum duration is one
month.
4. On the Instance Management page, select the target DB instance and choose
More > Change to Primary/Standby Instances in the Operation column.
5. View the primary and standby DB instance information. By default, the primary
DB instance information is the same as that of the original single DB instance.
For the standby DB instance, you can select the AZ only. The other
configurations cannot be modified and are the same as those of the primary DB
instance.
The DB instance is in the Changing to Primary/Standby status. You can view the
progress on the Task Center page.
1. Log in to the HUAWEI CLOUD management console.
5. On the Basic Information page, click Switch in the DB Instance Type field in
the Instance Information area.
6. If you have enabled operation security, click Start verification in the Switch
Primary/Standby DB Instance dialog box. On the displayed page, click Send
Code, enter the obtained verification code, and click Verify. The page is closed
automatically.
Changing the DB instance class will cause the DB instance to reboot. To prevent
service interruptions, change the DB instance class during off-peak hours. The DB
active/standby switchover is performed when the active and standby instances are
expanded. The interruption duration depends on the switchover duration, which is
irrelevant to the restart duration.
4. On the Instance Management page, locate the target DB instance and click
Scale in the Operation column. You can also click the target DB instance to go
to the Basic Information page. In the Configuration area, click Modify in the
Instance Specifications field.
5. On the displayed page, click CPU/Memory, specify the desired CPU and
memory, and click Next.
You can reboot a DB instance only when its status is Available. Your database may
be unavailable in some cases such as data is being backed up or some
modifications are being made.
The time required for rebooting a DB instance depends on the recovery process of
the DB engine. To shorten the reboot time, you are advised to reduce database
activities during the reboot to reduce rollback activities of transit transactions.
5. If you have enabled operation security, click Start verification in the Reboot DB
Instance dialog box. On the displayed page, click Send Code, enter the
obtained verification code, and click Verify. The page is closed automatically.
Refresh the DB instance list and view the status of the DB instance. If its status is
Available, it has rebooted successfully.
1. Log in to the HUAWEI CLOUD management console.
4. On the Instance Management page, click the target DB instance or read replica.
If you delete a DB instance, its automated backups are also deleted and you are no
longer charged for them. Manual backups are still retained and will incur
additional costs.
5. If you have enabled operation security, click Start verification in the Delete DB
Instance dialog box. On the displayed page, click Send Code, enter the
obtained verification code, and click Verify. The page is closed automatically.
6. In the displayed Delete DB Instance dialog box, click OK. Refresh the Instance
Management page later to verify that the DB instance or read replica has been
deleted.
Restrictions:
If you delete a DB instance, its automated backups are also deleted and you are no
longer charged for them. Manual backups are still retained and will incur
additional costs.
You can delete yearly/monthly DB instances only on the Billing Center page.
The default automated backup policy is as follows:
4. On the Instance Management page, locate the target DB instance and choose
More > Create Backup in the Operation column.
5. In the displayed dialog box, enter a backup name and description. For Microsoft
SQL Server, select a target database for which you want to create a backup.
Then, click OK.
6. After the manual backup is created, you can view and manage it on the Instance
Management page.
You can use backup files to create a new DB instance only when your account
balance is greater than or equal to ¥0.
You can restore data to new DB instances, original DB instances, and existing DB
instances.
4. On the Instance Management page, locate the target DB instance and click its
name.
5. Select a time range, select or enter a point in time within the acceptable range,
and select one of the following restoration methods and click OK. If you select
restoring to the original DB instance and you have enabled operation security,
click Start verification in the Restore to Point in Time dialog box. On the
displayed page, click Send Code, enter the obtained verification code, and click
Verify. The page is closed automatically.
4. On the Backup Management page, locate the target backup and click Restore
in the Operation column.
Restore to Original
Restore to Existing
RDS allows you to scale up storage space of DB instances but you cannot change the
storage type. Services are not interrupted during scaling.
4. On the Instance Management page, locate the target DB instance and click
Scale in the Operation column. You can also click the target DB instance to go
to the Basic Information page. In the Storage Information area, click Scale in
the Storage Space Usage field.
5. On the displayed page, click Storage Space, specify the desired storage space,
and click Next.
After the parameter values are modified, you can click View Change History to view
the modification details.
1. Log in to the HUAWEI CLOUD management console.
6. On the Error Logs page, click Download. Locate a log whose status is
Preparation completed and click Download in the Operation column to
download a log.
Cloud Trace Service (CTS) helps you record operations related to RDS for further
querying, auditing, and backtracking.
For details about how to configure alarm parameters, see the Cloud Eye User Guide
on Help Center.
In terms of service application development, AI is divided into four phases:
(Click1)In the first phase, traditional data ETL operations are performed to
implement automatic processing in data analysis, service report generation, data
visualization, and more.
(Click2)In the second phase, multi-source data is integrated and traditional big
data and machine learning technologies are leveraged to implement intelligent
enterprise services, such as offering recommendations, trend predictions, device
detection, smart logistics, and more.
(Click3)In the third phase, with the rapid development of mobile Internet and
IoT, the data volume grows at unprecedented rates. In addition, multiple engines
for real-time big data processing emerge in the Hadoop ecosystem, and data
becomes more diversified. Furthermore, in terms of the computing power and
algorithms, computers are capable of processing massive sets of data and learning
the neural network of heterogeneous data sources. Through deep learning, various
services can be fulfilled, such as voice recognition, visual services (OCR, image
recognition, image processing, and facial recognition), and natural language
processing.
(Click4)In the fourth phase, the computing power and algorithms are highly
mature. AI-based products have been developed in various industries to deliver
advanced functions, such as intelligent assistant, intelligent Q&A, and multi-turn
dialogs.
(Click5)For enterprises, the required AI functions are mainly developed at the
second to fourth phases.
According to the latest Gartner Quadrant:
• Currently, voice recognition is first used for large-scale commercial use. For
example, common social software and input methods have the voice recognition
function.
• The hype around platform services, such as machine learning, deep learning, graph
computing, edge computing, and IoT, will come to an end. Achievements have
been made in applying machine learning to the industry field, from deep learning
to visual analysis.
Next, let us take a look at HUAWEI CLOUD EI development milestones and
achievements.
(Click3)In 2011, big data technology was applied to the big data solution of
China Telecom for network diagnosis and analysis, network planning, and network
optimization.
(Click4)In 2013, big enterprises, such as China Merchants Bank and the
Industrial and Commercial Bank of China, began to communicate with Huawei
about big data requirements and started technical cooperation. In September 2013,
Huawei launched the enterprise-oriented big data analysis platform FusionInsight
in HCC, and the platform has been widely used in various industries.
In 2017, Huawei started to provide cloud services, working with more partners
to offer a wider variety of AI products.
Based on the AI platform, HUAWEI CLOUD EI also builds many general AI services,
including diversified API services, such as Optical Character Recognition (OCR),
Image Recognition, Content Moderation, ImageSearch, Face Recognition,
Automatic Speech Recognition (ASR), Natural Language Processing Fundamentals,
and Conversational Bot Service (CBS).
(Click2)If the AI platforms, AI services, and solutions are subject to the service
process and running environment of users, Intelligent Edge Fabric (IEF) can be
used to implement AI on desired devices. In this way, HUAWEI CLOUD EI can easily
handle any complex service scenarios.
Based on the basic computing capabilities, HUAWEI CLOUD EI will provide 45
services (Click1)and 142 functions(Click2), covering essential platform
services, general APIs, advanced APIs, and pre-integration solutions.
These services can handle all scenarios for AI senior data scientists, data engineers,
common IT engineers, service development personnel, and much more. In addition,
with in-depth implementation of AI in industries, such capabilities are increasing
rapidly.
On the basis of AI computing power, we will provide services of various types,
including ECS, BMS, and container-related services.
One Ascend 310 chip is integrated into each of the H series high-configuration
VMs, improving the computing performance by 16 times.
Users can also configure the service of the highest inference performance 512
TOPS with heterogeneous ECS and CCI services.
In the training scenario, we provide ECS and BMS to offer the computing capability
of up to 2 PFLOP.
The development can be applied in various scenarios. In this way, the performance
is greatly improved, and the bandwidth can be greatly reduced.
the attribute graph model, provides more than 20 built-in topology measurement
and basic graph analysis algorithms, and opens the capability of the graph engine
through service-oriented APIs to provide all-round relationship network insights.
(Click1)Route Planning
GES expresses network elements (NEs), such as switches, routers, and terminal
devices, as physical communication networks and logical networks that are
abstracted from these NEs, and performs complex and efficient network planning
algorithms. This reduces the time used for planning hundreds of thousands of routes
from 6.8 hours to 2 minutes. Specifically, the efficiency improves by 200 times. In
addition, GES supports hundreds of billions of routes and over 1000 concurrencies,
which meets the requirements for network evolution and capacity expansion. GES
also supports complex constraint route planning by using graph-based algorithms to
deliver diversified services.
Social networking is a typical application scenario for GES. GES helps find the
opinion leader, common neighbors, following friends of a friend, and
recommended friends from the complex social network. In addition, GES
delivers the high concurrency and low delay.
(Click3)Recommendation
(Click4)Knowledge graph
Great importance is attached to the knowledge map in all industries and fields.
GES serves as the storage and query engine for the knowledge graph. It
supports storing and querying massive sets of knowledge. Compared with
traditional RDF, GES combines more knowledge to offer more powerful
associated query capabilities while delivering stronger performance. GES
increases the accuracy of knowledge queries by more than 50%.
Cloud Search Service (CSS) is a fully hosted distributed search service powered on
Elasticsearch. It is fully compatible with Elasticsearch APIs and provides users with
structured and unstructured data search, statistics, and report capabilities.
Log Analysis
O&M analysis and fault location for IT devices, operation analysis based on service
metrics
Statistical analysis: 20 more statistical analysis methods and nearly ten analytical
dimensions
Real-time and efficient: You can get the insights within seconds once new data is
stored in indices.
Visualized data: CSS provides multiple report display modes, such as table, line
chart, heat map, and cloud map.
Site Search
Real-time search
You can get the content or commodities you want within seconds or minutes.
Categorized statistics
You can get categorized statistics on the searched commodities that meet the
conditions.
Vision-related API services include Face Recognition, Human Analysis Service (HAS),
Image Recognition, Image Tagging, ImageSearch, Video analysis services, and
Content Moderation.
API services related to speech and semantics include ASR, TTS, Question-
Answering Bot, Task-oriented Conversational Bot, and more.
Optical Character Recognition (OCR) allows you to detect and recognize printed
characters in images and convert such characters into editable text. OCR provides
services through open Application Programming Interfaces (APIs). You can obtain
the inference results by accessing and invoking APIs in real time. It helps you
collect key data automatically and build an intelligent service system, thereby
improving service efficiency.
(Click1)Face Recognition is an intelligent service that uses computers to process,
analyze, and understand facial images based on human facial features. It provides
services through open Application Programming Interfaces (APIs). You can obtain
the face recognition results by accessing and calling APIs in real time. It recognizes
and compares faces automatically and provides you with the similarity degrees,
thereby improving service efficiency. The service involves facial recognition based
on the gates in campuses, frequent customer identification in supermarkets, facial
recognition and identity verification in public places like railway stations and
airports.
• Among the UGC websites, the short video websites and apps can be the major
markets for Content Moderation.
By using the full-stack top-level Hadoop components, MRS helps users easily
handle various service scenarios, such as real-time monitoring, fast querying, and
multi-dimensional analysis.
DWS on the cloud is built based on the Huawei distributed MPP database
FusionInsight LibrA.
DWS provides standard SQL querying and supports the use and migration of
traditional database applications. It is easy to use for users with different technical
backgrounds. DWS supports a complete transaction model, so users can add,
delete, and modify data. It is applicable to the interactive query scenario and user
scenarios that have demanding requirements on data processing delays. The data
volume is basically 10 PB-level.
CloudTable is a NoSQL database with single-digit millisecond latency on HUAWEI
CLOUD. It is built based on HBase, OpenTSDB, and GeoMesa, and is fully
compatible with the APIs of the community version.
OpenTSDB is a scalable time series database based on HBase. It stores data that is
closely coupled with time series.
GeoMesa stores geographic location information for OD analysis, that is, analysis
of traffic volume between the origin and destination, real-time retrieval of three-
dimensional tracks, real-time calculation of movement patterns, and prediction of
movement statuses.
CS is the core cloud service in the IoT field. HUAWEI CLOUD service CS is powered on
Flink and Spark Streaming and is fully compatible with open-source APIs. It has the
following features:
• Flink is a unified computing platform that integrates batch processing and stream
processing. In the open-source community, Huawei has made the largest
contribution to Flink. Flink is the most important real-time stream computing
engine for the future. In addition, Flink provides various SQL functions, common
mathematical geometric operators, and geographical location operators to help
users easily cope with various requirements in the IoT field.
• Huawei has also made a great contribution to the Spark community. Spark
Streaming fulfills micro-batch processing. It divides data streams into small
segments (equivalent to streaming data from the perspective of calculus) based on
the minimum data interval. Compared with STORM, Spark Streaming delivers
higher throughput but lower real-time processing performance.
• Rule parsing and determination are required for collected real-time data in various
scenarios, such as real-time status monitoring, alarm monitoring, and event
awareness for many devices on the IoT big data platform as well as geo-fencing
monitoring on the IoV. CS helps implement these functions using minimum coding
so that users can easily handle real-time data processing scenarios.
DLI is a fully managed Big Data query service. Users are unaware of the cluster and
do not need to manage any servers. It can be used instantly after provisioning. The
service provides standard full SQL compatibility with Spark interfaces, supports
automatic elastic expansion, and provides multi-tenant capability for fine-grained
resource and data control. It allows you to easily explore and analyze data on the
cloud.
• Serverless architecture. It is easy to use and costs only a few cents to scan and
analyze 1 GB of data. Compared to the common server cluster, the cost remains
below 10%.
• It is the first public cloud serverless massive data query service in China.
With DLS and ImageSearch, hundreds of thousands of new copyright images and
tens of millions of network pictures can be automatically imported to the database
every day, and the cross-check is supported.
Artists can easily check utilization of their works by using mobile phones.
In multiple industries, it is difficult to handle the increasing business requirements
due to insufficient expert resources.
AI technologies bring new ideas and methods for solving such issues.
Flexible: Rich quality feature database covering the features of 100+ dimensions.
Fast: The model training period is shortened from months to hours, fulfilling quick
closed-loop solutions to problems.
HUAWEI CLOUD EI City Intelligent Twins, powered by AI, leverages edge
computing and technologies related to the cloud, big data, and IoT to drive
innovations for the smart city.
• New services are introduced and existing services are continuously evolving,
requiring API lifecycle management.
• With API management on API Gateway, API consumers are kept informed of API
changes, ensuring application stability and helping API consumers obtain API
updates.
Key features: high-performance routing
Huawei e-Learning
https://ilearningx.huawei.com/portal/#/portal/ebg/51
Huawei Certification
http://support.huawei.com/learning/NavigationAction!createNavi?navId=_31
&lang=en
Find Training
http://support.huawei.com/learning/NavigationAction!createNavi?navId=_trai
ningsearch&lang=en
More Information
Huawei learning APP