1.0 - Cloud Basics
1.0 - Cloud Basics
Foreword
This chapter describes the cloud trend of enterprise IT facilities, overview and
features of cloud computing, background, definition, and technical features of public
cloud development, and basic architecture, basic concepts, delivery modes, and
ecosystem construction of HUAWEI CLOUD .
1 Huawei Confidential
Objectives
2 Huawei Confidential
Contents
3 Huawei Confidential
Network era transformation, information and data growth
With the prevalence of the mobile Internet and fully connected era, more terminal devices are being
used and data is exploding every day, posing unprecedented challenges on conventional ICT
infrastructure.
• The PC era is essentially in which computers are networked, and personal computers are
connected through servers. Now, in the mobile era, we can assess the Internet through mobile
phones. With the advent of 5G, all computers, mobile phones, and intelligent terminals can be
connected, and we can enter an era of Internet of Everything (IoE).
• In the IoE era, the entire industry will compete for ecosystem. From the PC era to the mobile era,
and to the IoE era, the ecosystem experiences fast changes at the beginning, then tends to
relatively stable, and rarely changed when it is stable. In the PC era, a large number of applications
run on Windows, Intel chips, and x86 architecture. Then, browsers come with the Internet. In the
mobile era, applications run on iOS and Android systems that use the ARM architecture.
• Compared with the previous generation, the number of devices and the market scale of each
generation increase greatly, presenting future opportunity. As the Intel and Microsoft in the PC era
and the ARM and Google in the mobile era, each Internet generation has its leading enterprises
who master the industry chain. In the future, those who have a good command of core chips and
operating systems will dominate the industry.
Enterprises Are Migrating To the Cloud Architecture
App 1 App 2
App 1 App 2
OS OS OS OS
App 1 App 2
OS OS Virtualization Cloud OS
5 Huawei Confidential
• The traditional IT architecture consists of hardware and software, including infrastructure, data
centers, servers, network hardware, desktop computers, and enterprise application software
solutions. This architecture requires more power, physical space, and capital, and is usually
installed locally for enterprises or private use.
• With the virtualization technology, computer components run on the virtualization environment,
not on the physical environment. Virtualization enables maximum utilization of the physical
hardware and simplifies software reconfiguration.
• With cloud transformation, enterprise data centers are transformed from resource silos to
resource pooling, from centralized architecture to distributed architecture, from dedicated
hardware to software-defined storage (SDS) mode, from manual handling to self-service and
automatic service, and from distributed statistics to unified metering.
Definition and Features of Cloud Computing
Definition
Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable
computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with
minimal management effort or service provider interaction.
Features
- On-demand self-service
- Broad network access
- Resource pooling
- Quick deployment and auto scaling
- Measured service
6 Huawei Confidential
• On-demand self-service: Customers can deploy processing services based on actual requirements
on the server running time, network, and storage, and do not need to communicate with each
service provider.
• Broad network access: Various capabilities can be obtained over the Internet, and the Internet can
be accessed in standard mode from various clients, such as mobile phones, laptops, and PADs.
• Resource pooling: Computing resources of the service provider are centralized so that customers
can rent services. In addition, different physical and virtual resources can be dynamically allocated
and reallocated based on the customer requirements. Customers generally cannot control or know
the exact location of the resources. The resources include the storage devices, processors, memory,
network bandwidth, and virtual machines.
• Quick deployment and auto scaling: Cloud computing can rapidly and elastically provide computing
capabilities. A customer can rent unlimited resources and purchase required resources at any time.
• Measured services: Cloud services are billed based on the actual resource usage, such as the CPU,
memory, storage capacity, and the bandwidth consumption of cloud servers. Cloud services
provide two billing modes: pay-per-use and yearly/monthly.
Deployment Models for Cloud Computing
Private cloud
Enterprise firewall
Hybrid cloud
Public cloud
Private cloud: The cloud infrastructure is provisioned for exclusive use by a single organization.
Public cloud: The cloud infrastructure is owned and managed by a third-party provider and shared with multiple organizations
using the public Internet.
Hybrid cloud: This is a combination of public and private clouds, viewed as a single cloud externally.
7 Huawei Confidential
• Private cloud is a cloud infrastructure operated solely for a single organization. All data of the
private cloud is kept within the organization's data center. Attempts to access such data will be
controlled by ingress firewalls deployed for the data center, offering maximum data protection.
• Public cloud service provider owns and operates the cloud infrastructure and provides cloud
services open to the public or enterprise customers. This model gives users access to convenient,
on-demand IT services, comparable to how they would access utilities like water and electricity.
• A hybrid cloud is a combination of a public cloud and a private cloud or on-premises resources, that
remain distinct entities but are bound together, offering the benefits of multiple deployment
models. Users can migrate workloads across these cloud environments as needed.
Contents
8 Huawei Confidential
Three Service Modes of the Public Cloud
The public cloud service mode is being developed and improved. In the industry, the public
cloud service mode is classified into the following three types:
IaaS: Infrastructure as a service
PaaS: Platform as a service • Target : enterprise users/individual users
9 Huawei Confidential
• The IaaS layer abstracts computing, storage, and network resources for users to use and provides
corresponding services based on actual application requirements.
• The PaaS layer provides container services and microservice development services for users based
on the IaaS layer. That is, an open platform is provided for users.
• The SaaS layer mainly provides scenario-based applications, that is, provides applications as
services for users.
Features of the Three Service Modes
IaaS is infrastructure as a service. IT infrastructure is provided as a service through the network.
Users do not need to build data centers. Instead, they rent infrastructure services, including servers, storage devices, and
networks.
In terms of usage, IaaS is similar to traditional host hosting, but IaaS has strong advantages in service flexibility, scalability, and
cost.
PaaS is Platform as a Service. A software platform has been built on the cloud, and the customer rents the
required software platform.
When users use the cloud, the operating system, database, middleware, and runtime library have been set up.
Compared with IaaS, PaaS has low freedom and flexibility and is not suitable for highly professional IT technical professionals.
SaaS is software as a service. The operating system, middleware, database, runtime library, and software
applications required by the customer have been deployed on the cloud. Most SaaS applications can run directly
through the browser without the need for client installation.
Summary: For users, the relationship between the three service models is independent because the user groups are
different. Technically, the three are not simply inherited. SaaS is based on PaaS, and PaaS is based on IaaS.
10 Huawei Confidential
• A simple example, convenient more intuitive understanding of the three modes, if Users want to
develop a small program mall system.
• The first solution is: buy servers, buy databases, buy domain names, develop small program mall,
that this model is IaaS model.
• The second solution is that applets provide cloud development services, eliminating the need for
servers, storage, and domain names. I can only develop programs. This mode is the PaaS mode.
• The third solution is: Huawei provides the mall applet. Users only need to enable it. This mode is
the SaaS mode.
Advantages of the Public Cloud over Traditional IT Systems
Item Traditional IT Public cloud
Low resource utilization High resource utilization
• The resource usage of traditional servers is • Select cloud services of different specifications and models as required to make full
Resource utilization unbalanced, ranging from 30% to 40% in some cases use of resources.
to 10% in most cases. The IT resources put into
production are not effectively used.
Expensive Savings
• It is expensive to prepare network, computing, and • With the elastic computing capabilities of the public cloud, resources can be added or
Cost storage resources. As the business grows, the cost released at any time when services increase.
increases. • Various computing modes, including yearly/monthly and pay-per-use.
11 Huawei Confidential
Contents
12 Huawei Confidential
HUAWEI CLOUD Everything is a Service
Infrastructure as a Service
Build a single network for global storage and computing,
enabling services to be accessible globally.
13 Huawei Confidential
• In 2017, Huawei officially launched the HUAWEI CLOUD brand, which opens Huawei's 30-year-old
technology accumulation and product solutions in the ICT field to customers. Through
infrastructure as a service, technology as a service, and experience as a service, we realize
"everything is a service". Provides stable, reliable, secure, reliable, and sustainable cloud services
for customers, partners, and developers.
• According to Gartner's Market Share: IT Services, Worldwide 2021 research report released in April
2022, HUAWEI CLOUD ranks top 5 in the global IaaS market, second in China, third in Thailand, and
fourth in emerging Asia Pacific.
• HUAWEI CLOUD has launched 248 cloud services and more than 78,000 APIs, has joined more than
40 million partners around the world, and has developed more than 4 million developers. More
than 10,000 applications have been released to the market.
• In China, HUAWEI CLOUD has served more than 700 government cloud projects and has worked
with more than 150 cities to build "one city, one cloud". Serves six major banks, 12 joint-stock
commercial banks, top 5 insurance institutions and 7 top 10 traditional securities firms in China.
Serves more than 30 smart airports, more than 30 urban rail, and 29 provincial highways; It serves
14 provincial companies of State Grid Group, more than 30 automobile manufacturing enterprises,
more than 20 top building materials & mining enterprises, and more than 15 top household
appliance enterprises.
• In the Asia-Pacific region, HUAWEI CLOUD is the fastest growing mainstream public cloud provider.
It ranks top 3 in Thailand and top 4 in emerging markets. HUAWEI CLOUD has served more than 20
financial customers, more than 100 government customers, and more than 170 Internet and cloud-
native valued customers in the Asia-Pacific region. In 2021, the number of valued customers will
increase by more than 150%, and the revenue of partners will increase by more than 150%.
HUAWEI CLOUD has become one of the best partners in enterprise digital transformation.
HUAWEI CLOUD Basic Concepts – Account
The HUAWEI CLOUD account system consists of two types of accounts:
Accounts: registered or created on HUAWEI CLOUD. An account has the highest permissions on
HUAWEI CLOUD. It can access all of its resources and pays for the use of these resources.
Accounts include HUAWEI IDs and HUAWEI CLOUD accounts.
IAM users: created and managed using an account in IAM. The account administrator grants
permissions to IAM users and makes payment for the resources they use. IAM users use
resources as specified by the permissions.
Users can log in to HUAWEI CLOUD using a HUAWEI ID, Huawei website account,
Huawei enterprise partner account, or HUAWEI CLOUD account, and use their
resources and cloud services.
If Users are an IAM user created by an account or a user of a third-party system that
has established a trust relationship with HUAWEI CLOUD, log in to HUAWEI CLOUD
through the corresponding page and then use resources and cloud services as
specified by the permissions granted by the account.
14 Huawei Confidential
Huawei ID and HUAWEI CLOUD Account
You can register a HUAWEI ID to access all Huawei services, such as HUAWEI CLOUD and
Vmall.
Registration: Register a HUAWEI ID on any Huawei service website, such as the HUAWEI ID website.
HUAWEI CLOUD login: Log in to HUAWEI CLOUD by clicking HUAWEI ID. If this is the first time you log
in to HUAWEI CLOUD with a HUAWEI ID, enable HUAWEI CLOUD services or bind the HUAWEI ID to
your HUAWEI CLOUD account by following the on-screen prompts.
HUAWEI CLOUD login: Log in to HUAWEI CLOUD by clicking HUAWEI ID or HUAWEI CLOUD Account.
15 Huawei Confidential
IAM User
Huawei Cloud Identity and Access Management (IAM) provides permissions management to help you securely control access to
your cloud services and resources. If you want to share resources with others but do not want to share your own account and
password, you can create an IAM user.
You can use your account to create IAM users and assign permissions for specific resources. Each IAM user has their own identity credentials
(passwords or access keys) and uses cloud resources based on assigned permissions. IAM users cannot make payments themselves.
IAM users do not own resources and cannot make payments. Any activities performed by IAM users in your account are billed to your account.
16 Huawei Confidential
• Identity and Access Management (IAM) is a unified identity authentication service that helps users
more securely control access to cloud services and resources. The IAM user is used to prevent
multiple users from sharing the passwords of the accounts. This section describes IAM in detail in
the following sections.
• A typical enterprise has multiple IT administrators, each responsible for managing different
resources. It's more secure to not give every administrator super administrator permissions.
Thanks to HUAWEI CLOUD IAM, an enterprise administrator can create multiple users with
separate permissions.
• Credentials authenticate a user on the HUAWEI CLOUD console or APIs. Credentials include a
password and access keys. The enterprise administrator manages both their own credentials and
the credentials of IAM users they create.
Relationship between accounts and IAM users
An account and its IAM users share a parent-child relationship. The account owns the resources and makes payments for the
resources used by IAM users. It has full permissions for these resources.
IAM users are created by the account administrator, and only have the permissions granted by the administrator. The administrator can modify
or revoke the IAM users' permissions at any time.
Fees generated by IAM users' use of resources are paid by the account.
17 Huawei Confidential
• IAM is a global service deployed for all regions. When you set the authorization scope to Global
services, users have permission to access IAM in all regions.
• You can grant permissions by using roles and policies.
▫ Roles: A coarse-grained authorization strategy provided by IAM to assign permissions based
on users' job responsibilities. Only a limited number of service-level roles are available for
authorization. Cloud services depend on each other. When you grant permissions using roles,
you also need to attach any existing role dependencies. Roles are not ideal for fine-grained
authorization and least privilege access.
▫ Policies: A fine-grained authorization strategy that defines permissions required to perform
operations on specific cloud resources under certain conditions. This type of authorization is
more flexible and is ideal for least privilege access. For example, you can grant users only
permission to manage ECSs of a certain type. A majority of fine-grained policies contain
permissions for specific APIs, and permissions are defined using API actions.
User Group
You can use user groups to assign permissions to IAM users.
After an IAM user is added to a user group, the user has the permissions of the group and can perform operations on cloud services as specified
by the permissions.
If a user is added to multiple user groups, the user inherits the permissions assigned to all these groups.
The default user group admin has all permissions required to use all of the cloud resources. Users in this group can perform operations on all the
resources, including but not limited to creating user groups and users, modifying permissions, and managing resources.
18 Huawei Confidential
Permission
You can grant permissions by using roles and policies.
Roles: A coarse-grained authorization strategy provided by IAM to assign permissions based on users' job responsibilities. Only a limited number
of service-level roles are available for authorization.
Policies: A fine-grained authorization strategy that defines permissions required to perform operations on specific cloud resources under certain
conditions. IAM supports both system-defined and custom policies.
system-defined policy defines the common actions of a cloud service. System-defined policies can be used to assign permissions to user groups, and cannot be
modified.
Custom policies function as a supplement to system-defined policies. You can create custom policies using the actions supported by cloud services for more refined
access control. You can create custom policies in the visual editor or in JSON view.
Authorized
Project strategy
User group
19 Huawei Confidential
• If you need to assign permissions for a specific service to a user group or agency on the IAM
console but cannot find corresponding policies, it indicates that the service does not support
permissions management through IAM. You can submit a service ticket to request that permissions
for the service be made available in IAM.
Agency
A trust relationship that you can establish between your account and another account or a cloud service to delegate resource
access.
Account delegation: You can delegate another account to implement O&M on your resources based on assigned permissions.
Cloud service delegation: Huawei Cloud services interwork with each other, and some cloud services are dependent on other services. You can
create an agency to delegate a cloud service to access other services.
20 Huawei Confidential
• The IAM. Agency element is used to create agencies on IAM, specify entrusted accounts, and grant
rights. After an administrator assigns agent operator permissions to an entrusted account user, the
user can manage corresponding resources.
Create, share, and win-win results to build a new industry
ecosystem
Build a Black Land for Ecosystem Development with HUAWEI CLOUD as the Foundation
21 Huawei Confidential
• HUAWEI CLOUD adheres to the concept of joint creation, sharing, and win-win ecosystem. With
HUAWEI CLOUD as the foundation, we build a black land for ecosystem development. Our
colleagues and partners work together to facilitate digital transformation and intelligent upgrade of
industries.
• Sharing: Industry applications are evolving towards cloud-edge-device synergy. HUAWEI CLOUD
uses the Optimus architecture to streamline the public cloud, hybrid cloud, and edge cloud to build
a unified application ecosystem and share innovation capabilities in multiple industries, application
scenarios, and deployment forms.
• Win-win: HUAWEI CLOUD works with partners to create value for customers, enable excellent
software to serve more enterprises, and achieve win-win results with customers and partners in
the digital era.
• Currently, we have aggregated 1800000 developers, more than 13,000 consulting partners, more
than 7,000 technical partners, and more than 100000 paid users. We have released more than
4000 applications on the cloud market. The annual transaction amount exceeds 1 billion RMB, and
the number of paid users exceeds 100,000. We sincerely invite more excellent enterprises to join
the HUAWEI CLOUD ecosystem.
Continuously deepen the new partner system
GoCloud: technology symbiosis
22 Huawei Confidential
• HUAWEI CLOUD will focus on building partner capabilities and carry out comprehensive partner
system transformation.
• In 2022, a new partner system was released, including GoCloud and GrowCloud cooperation
frameworks. GoCloud aims to cultivate and develop partners' capabilities, help partners build rich
solutions and services on HUAWEI CLOUD, and create more value for customers. The goal of
GrowCloud is to help partners expand customer coverage, accelerate sales growth, and achieve
business win-win results.
• HUAWEI CLOUD provides six growth paths for different types of partners, such as:
For service partners: Provide training for service professionals, subsidies for dedicated teams, and
migration incentives to enable partners to build delivery centers of competence and help
customers migrate services to HUAWEI CLOUD.
• For software partners: Huawei provides experts, tools, cloud resources, and cash incentives to help
partners build SaaS applications and solutions based on HUAWEI CLOUD. At the same time, the
cloud application store connects customers and partners to help partners monetize their business.
For digital transformation consulting and system integration partners: Through business
opportunity sharing and enablement training, help partners build HUAWEI CLOUD-based consulting
and service capabilities and enable partners to provide customers with one-stop digital
transformation services, such as digital transformation consulting, migration, and managed
services.
• After the development in 2022, more and more partners have recognized and joined our partner
system. Currently, more than 2000 partners have joined the GoCloud cooperation framework and
jointly built solutions with us. In addition, we provided a special fund of US$120 million to provide
enablement and incentives for software, service, and training partners. In the GrowCloud
cooperation framework, more than 41,000 partners have chosen to cooperate with HUAWEI
CLOUD and jointly serve more than 110,000 customers.
Quiz
1. (Single choice) In the cloud computing deployment mode, the infrastructure is owned by a single organization and
runs only for that organization. Which of the following deployment modes is the cloud computing deployment
mode?
A. Private cloud
B. Public cloud
C. Hybrid cloud
D. Dynamic cloud
2. (True or false) Huawei Cloud uses Identity and Access Management (IAM) projects to group and isolate resources in
different regions.
A. True
B. False
23 Huawei Confidential
• Answer:
• 1, A
• 2, False B. IAM can restrict the permissions of IAM users and user groups to use resources in
different regions, but cannot isolate resources and groups in different regions.
Summary
After reviewing this chapter, we have a preliminary understanding of cloud computing and
public cloud, and have a basic understanding of their development background, future
trends, and technical characteristics. This chapter described the basic architecture, basic
concepts, technical features, ecosystem construction, and future market trends of HUAWEI
CLOUD, and have a preliminary impression on HUAWEI CLOUD.
24 Huawei Confidential
Recommendations
Huawei Talent
https://e.huawei.com/en/talent/cert/#/careerCert
25 Huawei Confidential
Acronyms and Abbreviations
26 Huawei Confidential
Acronyms and Abbreviations
DNS: Domain Name Service EI: enterprise intelligence
27 Huawei Confidential
Acronyms and Abbreviations
MVP: Most Valuable Player RoCE: RDMA over Converged Ethernet, a network
MRS: MapReduce Service protocol that allows remote direct memory access
(RDMA) over Ethernet
NIC: Network Interface Controller
RDS: Relational Database Service
OBS: Object Storage Service
SDK: Software Development Kit
OCR: Optical Character Recognition
SFS: Scalable File Service
OMS: Object Storage Migration Service
SSD: Solid State Disk
OVS: Open Virtual Switch
28 Huawei Confidential
Acronyms and Abbreviations
SAP: System Applications and Products SWR: SoftWare Repository for Container
29 Huawei Confidential
Thank Users. 把数字世界带入每个人、每个家庭、
每个组织,构建万物互联的智能世界。
Bring digital to every person, home, and
organization for a fully connected,
intelligent world.