Professional Documents
Culture Documents
Private Cloud Overall architecture Hybrid cloud model The platform has hybrid cloud capabilities, which can build hybrid cloud
Platform environments with one or more public cloud vendors, and can directly connect
Management the VPC intranets of public and private clouds through platform products.
Software
Platform reliability The cloud technology solution used has been verified by tens of thousands of
experience in both public and private cloud operation and maintenance. Using a
platform itself can still run without affecting user services, and on-site
This document is strictly private, confidential and personal to its recipients and should not be copied, distributed or reproduced in whole or in part, nor passed to any
third party.
Product completeness At least compute virtualization, networking, distributed storage, load balancer,
internal and external security groups, EIP management, NAT gateway, IPSecVPN,
auto scaling, timers, multi-tenancy, object storage, and file storage are provided.
Upgrade online The platform itself should have online upgrade capabilities, and online
API openness All products and functions in the platform (such as virtual machines, EVS, VMs,
networks, load balancing, security groups, elastic IP, monitoring, etc.) provide API-
level support, complete and easy-to-use API interface documents and SDKs, and
SDKs must support at least three development languages for easy integration
Log auditing To provide log audit capabilities, the system needs to record and save all user
operation logs, and can interface and provide multiple dimensions of screening
This document is strictly private, confidential and personal to its recipients and should not be copied, distributed or reproduced in whole or in part, nor passed to any
third party.
and search.
Account security Provide the function of forcibly changing the login password within a certain
Account login is anti-brute force attack (accounts are automatically frozen after a
disabled.
System interface sessions remain automatically expired and can be configured for
a long time.
Cluster Cluster management Supports cluster management capabilities, manages multiple computing and
storage clusters at the same time, and counts cluster usage separately.
Intelligent scheduling You can monitor the CPU or memory allocation of physical machines on a
This document is strictly private, confidential and personal to its recipients and should not be copied, distributed or reproduced in whole or in part, nor passed to any
third party.
cluster-by-cluster basis, and distribute virtual machines to host hosts in a
machine is shut down and then restarted, the scheduling mechanism selects
Cluster permission Cluster permission control is supported, which can be controlled by controlling
Network management You can add different CIDR blocks as network resources for the platform.
External storage management Supports docking with commercial storage devices, using commercial storage
and logical volume allocation, and can be directly used as the system disk and
Resource overscore setting You can set different CPU overscore ratios for different computing clusters as
This document is strictly private, confidential and personal to its recipients and should not be copied, distributed or reproduced in whole or in part, nor passed to any
third party.
needed
Real-time monitoring Real-time monitoring Collect CPU, memory, disk IO, disk capacity, and network
Lock & Enable Supports locking and enabling a physical machine, after which the virtual machine
Physical machine maintenance After the physical machine is locked, it enters maintenance mode to meet the
mode daily operation and maintenance scenarios of data centers. In maintenance mode,
GPU transparent transmission Support transparent transmission of physical GPU devices to virtual machines
This document is strictly private, confidential and personal to its recipients and should not be copied, distributed or reproduced in whole or in part, nor passed to any
third party.
vGPU Supports cutting and restoring GPU devices, and makes full use of GPU computing
Online migration You can migrate virtual machines online to other hosts to meet O&M scenarios
Physical resources Physical machine management It supports unified management of existing physical machines, and can perform
power management and access remote consoles on the consoleand view basic
Compute Management interface Provides a unified virtual machine management interface, including configuration
Import/export images Tenants can import custom images to the platform for deployment or migration,
This document is strictly private, confidential and personal to its recipients and should not be copied, distributed or reproduced in whole or in part, nor passed to any
third party.
and users can download virtual machine images to on-premises at any time.
Expand the system disk Create a system disk that supports expanding the capacity of the system disk and
Hot upgrade With x86 architecture and images above CentOS 7.4 and Ubuntu 1404 or above,
you can upgrade the CPU and memory of a virtual machine in the running state,
and the configuration takes effect immediately, without affecting the services
GPU support Users can select the GPU model and number to create a GPU virtual machine,
which is consistent with the management function and life cycle of the virtual
machine.
USB device Supports passthrough or network forwarding mode to enable virtual machines to
This document is strictly private, confidential and personal to its recipients and should not be copied, distributed or reproduced in whole or in part, nor passed to any
third party.
Heterogeneous support It supports both ARM and X86 CPU architectures, and can create ARM and X86
GuestOS The virtual machine operating system supports the main operating systems in the
Recycling function Provide the virtual machine recycle bin function, after the accidentally deleted
virtual machine enters the recycle bin, it will not be destroyed, and can be
ENIs At least six ENIs can be bound to a virtual machine, and each NIC has an
independent private IP address and can drift between different virtual machines
Direct transmission of Internet In the virtual machine, you can view the bound external IP addresses (IPv4 and
traffic IPv6), and the external network traffic can directly communicate with the external
This document is strictly private, confidential and personal to its recipients and should not be copied, distributed or reproduced in whole or in part, nor passed to any
third party.
network through the physical NIC without going through upper-layer NAT.
Downtime migration Provide a high-availability mechanism for virtual machines, and when the physical
machine where the virtual machine resides is down, the cloud platform should
Auto scaling Supports the auto scaling feature, allowing users to define auto scaling policies to
to save costs when business needs drop. Based on the load balancing and health
check mechanisms, it can be applied to both scenarios where the request volume
Mount a data disk You can attach multiple data disks to a single virtual machine, up to 25 data disks.
Image management Platform administrators can copy tenants' self-made images as base images, so
This document is strictly private, confidential and personal to its recipients and should not be copied, distributed or reproduced in whole or in part, nor passed to any
third party.
that all tenants of the platform can use the copied images to create and run virtual
machines.
Internet Security groups The cloud platform provides the security group function, that is, software-defined
firewall, users can flexibly bind security groups to virtual machines, ENIs, NAT
gateways, and load balancers, and perform east-west and north-south network
protection through the security group rules configured by security groups, support
IPV4/IPV6 dual-stack TCP, UDP and ICMP protocols, and provide interface
The cloud platform security group is at the NIC level, which can control the
security group of all NICs in a virtual machine, including internal NICs and external
NICs, and separately perform security control on the incoming and outgoing traffic
of each ENI to achieve a fine-grained firewall at the NIC level, provide screenshots
This document is strictly private, confidential and personal to its recipients and should not be copied, distributed or reproduced in whole or in part, nor passed to any
third party.
Security group rules support a variety of shortcut rules to quickly create security
group rules for related services, including but not limited to FTP, HTTP, HTTPS,
VPC support Users can create a VPC network environment on the graphical interface, customize
the IP address range, divide multiple subnets, and create various cloud resources
such as virtual machines, NAT gateways, VPNs, and load balancers in the VPC
load
Virtual VIP Support virtual IP addresses that can be drifted between multiple virtual
This document is strictly private, confidential and personal to its recipients and should not be copied, distributed or reproduced in whole or in part, nor passed to any
third party.
available services to transfer ingress when services fail.
NAT gateway You can create multiple NAT gateways in a VPC network to provide SNAT and DNAT
port forwarding capabilities for cloud resources such as VPCs, subnets, and virtual
machines.
Supports SNAT rules at the VPC level, subnet level, and virtual machine level, and
can directly provide SNAT communication capabilities for the entire VPC, subnet,
You can bind multiple public IP addresses so that resources in SNAT rules can
access the Internet through multiple public IP addresses, and virtual resources in
This document is strictly private, confidential and personal to its recipients and should not be copied, distributed or reproduced in whole or in part, nor passed to any
third party.
DNAT port forwarding rules can access VPC intranet services through specified
public IP addresses.
Specify the IP address manually When you apply for a VPC or Internet IP address, you can manually specify an IP
IPSecVPN Provides IPSecVPN gateway service, which connects the private cloud with the
private cloud, IDC data center, and the internal network of a third-party cloud
provides a secure channel for the two private networks on the Internet, and
provide the ability to open up the VPC network of the platform itself.
Internet load balancing Provides software-based load balancing products and supports
This document is strictly private, confidential and personal to its recipients and should not be copied, distributed or reproduced in whole or in part, nor passed to any
third party.
TCP/UDP/HTTP/HTTPS protocols, load balancers can distribute access traffic from
multiple public network addresses to multiple hosts, and automatically detect and
services.
Intranet load balancing Provides software-based load balancing products and supports
availability.
Distributed storage Distributed block storage The cloud platform adopts distributed storage based on the built-in hard disk of
support X86 server, and supports storage media such as SATA, SAS, SSD, etc.
EVS disk QoS support You can configure the QoS of each EVS disk, and adjust the performance of the
This document is strictly private, confidential and personal to its recipients and should not be copied, distributed or reproduced in whole or in part, nor passed to any
third party.
the platform. At the same time, each cloud disk can be automatically assigned a
QoS value by default based on the disk media and disk capacity
Data rebalancing Supports data rebalancing of storage cluster/disk expansion capacity and failure
Thin provisioning Supports storage thin provisioning, when creating a block storage service, the
allocation of logical virtual capacity is presented to users, and when users write
data to the logical storage capacity, the actual capacity is allocated from physical
space according to the storage capacity allocation policy. With thin provisioning,
Storage capacity The size of a single EVS disk can reach 32 TB and can be expanded.
This document is strictly private, confidential and personal to its recipients and should not be copied, distributed or reproduced in whole or in part, nor passed to any
third party.
Data reliability The multi-replica mechanism is adopted to ensure data reliability and real-time
Hard disk cloning Supports the hard disk cloning function, and the data of the cloned hard disk is
Snapshot capability You can take online snapshots of system disks and data disks without affecting or
The number of snapshots per You can set the maximum number of snapshots for a single EVS disk
disk
File storage You can create and manage File Storage Service instances and provide related
Object storage You can create and manage Object Storage Service instances and provide related
This document is strictly private, confidential and personal to its recipients and should not be copied, distributed or reproduced in whole or in part, nor passed to any
third party.
monitoring and alerting functions
Operations and O&M Self-service interface Provide a self-service interface for platform administrators and tenants. Support
interface, and support tenants to apply, use, manage, and operate cloud resources
Large-screen display Support large-screen display to allow customers to visually view the usage of
platform resources and alarm status, including CPU usage of physical machines,
hard disk read throughput, and hard disk write throughput TOP5 statistics; Top 5
statistics of virtual machine CPU usage, hard disk read throughput, hard disk write
overview, virtual machine overview; Overview of CPU, GPU, memory, and storage
Quota management Enables administrators to assign resource quotas to tenants to limit their resource
This document is strictly private, confidential and personal to its recipients and should not be copied, distributed or reproduced in whole or in part, nor passed to any
third party.
usage. The types of resources that can be restricted include: compute, storage,
networking
Accounts and permissions Supports decentralized management of accounts in the tenant. You can create
manner, create custom roles and project groups, and authorize sub-accounts
based on project groups. You can change the account name, password, and set the
Specification configuration You can manage the specifications of cloud hosts, EVS disks, and public IP
addresses, and set the specification range of EVS disks and public IP addresses
Operational logs Uniformly collect and display all operation logs of the platform, and support
Timed tasks You can set a scheduled schedule to create snapshots of cloud disks on a regular
This document is strictly private, confidential and personal to its recipients and should not be copied, distributed or reproduced in whole or in part, nor passed to any
third party.
basis, and you can select the number of automatic snapshots to retain.
recycle bin The platform provides the Recycle Bin function to prevent data loss due to
disks, and supports setting the retention period of resources in the Recycle Bin,
Service Catalog Uniformly display all products and services supported by the platform, and display
the overall authorization and activation status of services in each region. It can
uniformly control the service provisioning of tenants in each region, and set the
disable a cloud service in a single region to meet the scenarios of service offline or
service upgrade.
Monitor alarms Supports custom monitoring and alarm templates to set monitoring alarm rules
for virtual machines, public IP addresses, NAT gateways, load balancers, and
This document is strictly private, confidential and personal to its recipients and should not be copied, distributed or reproduced in whole or in part, nor passed to any
third party.
IPSecVPN
Big data platform Cluster management Cluster creation The creation of a big data cluster is completed in a one-stop manner, including the
management software environment inspection of cluster nodes and the deployment of big data
components.
Multi-cluster support You can create multiple logically independent big data clusters for maintenance
and management.
Cluster expansion You can add nodes to the cluster to expand the computing and storage capacity of
Node management Node environment check repair Check and repair the software and hardware environment of the node to ensure
that the platform management side and big data components can be successfully
This document is strictly private, confidential and personal to its recipients and should not be copied, distributed or reproduced in whole or in part, nor passed to any
third party.
Node operation monitoring Monitor and display the hardware configuration, heartbeat, CPU/memory, and
Node start and stop Supports restart or shutdown of one or more nodes.
Service component Service components run Monitor and display the health status of various big data service components
New service components You can add one or more big data service components to an existing cluster, or
incrementally deploy existing big data service components on nodes that are
Configuration file modification You can modify one or more configuration files of a big data component to adjust
the operation mode of the big data service component, and specify a single node
This document is strictly private, confidential and personal to its recipients and should not be copied, distributed or reproduced in whole or in part, nor passed to any
third party.
Service components start and Supports starting, stopping, and restarting one or more service components, and
stop the restart operation supports batch simultaneous restart and rolling restart.
Service components pull up Supports automatic pull-up operations for abnormally stopped big data
automatically components.
Data development Data integration Supports synchronizing data from multiple heterogeneous data sources to the
data platform.
Integrated development Supports data analysis, script compilation and testing through a graphical
environment interface.
Monitor alarms Monitor panel Provide a preset monitoring panel for all nodes and big data components in the
This document is strictly private, confidential and personal to its recipients and should not be copied, distributed or reproduced in whole or in part, nor passed to any
third party.
Exception alerts It supports sending abnormal alarm information to specified notification objects
User rights User management Provides a unified management interface that supports adding/deleting user
Role permission management You can assign different roles to user accounts and set different operation
permissions.
Big data components HDFS A distributed file system that serves as the underlying storage for structured data.
Zookeeper Distributed application coordination service for unified naming services, state
This document is strictly private, confidential and personal to its recipients and should not be copied, distributed or reproduced in whole or in part, nor passed to any
third party.
synchronization services, cluster management, and management of distributed
Hive Hadoop-based data warehouse tools support Hive SQL query to analyze data
Also An application framework built on top of YARN that allows the use of complex
Spark A big data parallel computing framework based on in-memory computing that can
This document is strictly private, confidential and personal to its recipients and should not be copied, distributed or reproduced in whole or in part, nor passed to any
third party.
ElasticSearch Elastic search service provides distributed, highly scalable, and high-real-time full-
Flume A distributed system for collecting, aggregating, and transmitting massive logs.
Phoenix HBase's open source SQL layer can use standard JDBC APIs instead of regular
HBase client APIs to create tables, insert data, and query HBase data.
Kylin A distributed analytical data warehouse that provides SQL query interfaces and
This document is strictly private, confidential and personal to its recipients and should not be copied, distributed or reproduced in whole or in part, nor passed to any
third party.
ultra-large-scale data
Hue Graphical user interface for operating and developing Hadoop applications
Sqoop Tools for moving data between Hadoop and relational databases.
This document is strictly private, confidential and personal to its recipients and should not be copied, distributed or reproduced in whole or in part, nor passed to any
third party.