Concepts and Value of Cloud Services

Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.

 Foreword
⚫ This chapter introduces the concepts and value of cloud services and the
HUAWEI CLOUD development strategy.

Page 2 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Objectives
⚫ In this course, you will learn about:
 Evolution of cloud computing

 Concepts, evolution, categories, and value of cloud services

 Application of cloud services

 HUAWEI CLOUD development strategy

Page 3 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Cloud Computing Evolution

2. Cloud Computing Concepts

3. Cloud Services Evolution

4. Cloud Services Categories

5. Cloud Services Value

6. Cloud Services Application

7. HUAWEI CLOUD Development Strategy

Page 4 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Evolution of the Enterprise IT Architecture

Integrated Fragmented Converged

Service O&M EDS, Anderson, … Accenture, Infosys, HP, 
Application MS Office, SAP, Salesforce
MS Office, SAP, …
software
Oracle, IBM, … Oracle, IBM, 
Middleware
IBM
System DEC SUN Linux, UNIX, Windows, … Linux, UNIX, Windows,

software … IBM, HP, DELL, …



Server IBM, Huawei, Cisco,

EMC, NetApp, …
Storage Oracle, EMC, 
Cisco, Huawei, …
Network

1955 － 1980 1980 － 2010 After 2010

Mainframe and PCs and servers Cloud
midrange computers

Page 5 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Pain Points of Current Enterprise IT
Infrastructure
Slow Business Launch and Key Application Performance
Complicated Lifecycle Management High TCO Constrained by I/O Bottleneck

I/O bottleneck
Hardware purchase Software installation Resource utilization

Weeks
< 30%
Service commissioning Time consumption I/O
bottleneck
Hardware and software are procured Low server utilization, expensive
separately, and service deployment is external storage, and low power
slow. efficiency Disk

Hours or days

Page 6 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Convergence and Restructuring,
Transforming Enterprise IT Infrastructure

Service applications Cloud computers using

solely occupying the hardware of multiple
host vendors Deep convergence of computing,
storage, and network resources to
Server + SAN/NAS form homogenous cloud
computers
App 1 App 2 … App n
App 1 App 2 App n

OS OS OS Server cluster
Cloud OS
…
… …

Eth/FC
…
Storage
array
Midrange/server Cloud infrastructure Eth/IB
resource pool

Page 7 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Cloud Computing Technology Development

Hybrid
VMware server Rackspace cloud

virtualization (2003) OpenStack (2010)

Public Private
cloud cloud

Amazon public Hybrid cloud 2020 …

cloud (2006) (2014)

HUAWEI CLOUD
(2015)

Page 8 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Cloud Computing Evolution

2. Cloud Computing Concepts

3. Cloud Services Evolution

4. Cloud Services Categories

5. Cloud Services Value

6. Cloud Services Application

7. HUAWEI CLOUD Development Strategy

Page 9 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Cloud Computing Definition

Definition from National Institute of Standards and Technology

(NIST)

Cloud computing is a model for enabling ubiquitous, convenient, on-demand

network access to a shared pool of configurable resources (networks, servers,
storage, applications, and services) that can be rapidly provisioned and released
with minimal management or service provider interaction.

Page 10 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Cloud Computing Characteristics
⚫ On-demand self-service

⚫ Broad network access

⚫ Resource pooling

⚫ Rapid scalability

⚫ Measurable service

Page 11 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Cloud Computing Evolution

2. Cloud Computing Concepts

3. Cloud Services Evolution

4. Cloud Services Categories

5. Cloud Services Value

6. Cloud Services Application

7. HUAWEI CLOUD Development Strategy

Page 12 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Cloud Computing Development

Hybrid Cloud

Private Public

1 2 3 4

Virtualization Private Cloud Public Cloud Hybrid Cloud

• Automated
• Computing • Multi-DC • Double engines
management
virtualization consolidation
• Elastic resource • Consistent user
• Storage virtualization • Multi-level backup and
scheduling experience
• Network and security DR
• HA and DRS based on • Software-defined DC
virtualization • SDN virtualization
big clusters

Page 13 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Cloud Computing Deployment Models

Private Private cloud

cloud
Cloud developed by an enterprise using their own or leased infrastructure
resources
Community
cloud
Community/Industry cloud
Infrastructure-sharing cloud developed for a specific community or industry
Public
cloud Public cloud
Large infrastructure cloud leased to the public

Hybrid Hybrid cloud

cloud
Cloud involving two or more deployment models

Page 14 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Hybrid Cloud - Smooth Cloud Transition

IT application systems
CRM ERP CloudIMS BI
… Unified Flexible Reliable
Database/Big Data

Unified APIs, Flexible application Secure inter-cloud

HANA services, and deployment and connections and
management quick rollout efficient backup
FusionBridge

• Consistent cloud service

experience

HUAWEI CLOUD
Private cloud • Consistent architecture
data center FusionCloud Stack
Customer's firewall and APIs
Amazon

Page 15 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Cloud Computing Evolution

2. Cloud Computing Concepts

3. Cloud Services Evolution

4. Cloud Services Categories

5. Cloud Services Value

6. Cloud Services Application

7. HUAWEI CLOUD Development Strategy

Page 16 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Typical Categorization of Cloud Computing -
Based on the Service Layer
IaaS PaaS SaaS
Infrastructure as a Service Platform as a Service Software as a Service

Software Software Software

(Application) (Application) (Application)

Platform Platform
(Application server, application
(Application server, application framework, and programing languages)
framework, and programing languages)

Infrastructure
(Network, computing, storage, equipment room, environment, power supply, heat dissipation, and cooling)

Category Content Business Opportunity

⚫ Internet Web 2.0 application (MM) ⚫ "Walmart" of applications and
SaaS ⚫ Enterprise application (ERP, CRM, etc.) software

⚫ Application operation and development environment ⚫ Unearth network resource potential

PaaS ⚫ Application development components ⚫ Control the network platform
(email/message/billing/payment)

⚫ Cost-effective and elastic IT

⚫ Leases computing, storage, network, DNS, and other
IaaS resources
basic IT services. ⚫ Application and web hosting

Page 17 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Cloud Computing Evolution

2. Cloud Computing Concepts

3. Cloud Services Evolution

4. Cloud Services Categories

5. Cloud Services Value

6. Cloud Services Application

7. HUAWEI CLOUD Development Strategy

Page 18 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Value of Cloud Computing in the New
Economy
"As a CEO, my responsibility is
to create sustainable value for
the company within a
consistently changing market,
employee turnover, and
complicated business
environment.
Cloud computing optimizes
the business model, allowing
us to fully seize business
opportunities and stay ahead
Mgmt
of competitors!"
"As a CTO, I study the development
trends and maturity of
Business technologies, and predict their
impact on business operations and
profitability.
In future, IT will be a key
competitive edge, and cloud
computing is disrupting traditional
Value of
IT architecture. The advantages of
cloud traditional architecture are
computing vanishing, and cloud computing
will enable IT transformation. Let's
Tech
rebuild our core competitiveness!"

"As a CIO, I help achieve company objectives by

guiding the utilization of information technologies.
With cloud computing, we are able to meet
business requirements anytime by providing IT
services to our customers using the resource pool
with controllable costs. This would be an
impossible goal without the cloud."

Page 19 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Huawei's Understanding and Pursuit of a
Cloud Platform

Simplified Platform-based Service-based

• QoS-based resource
• Resource sharing • Service-based SLA
management
• Single hardware • Unified management • Measurable services

• Unified backup and Complete • Access anytime, anywhere

disaster recovery
• Unified maintenance
• Elastic resource scaling
Efficient
• Unified platform
• Stable business experience
• Open architecture
• Support for multiple
• Flexible business services
adjustment
• Standardized resource
Stable
management

Page 20 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Cloud Computing Evolution

2. Cloud Computing Concepts

3. Cloud Services Evolution

4. Cloud Services Categories

5. Cloud Services Value

6. Cloud Services Application

7. HUAWEI CLOUD Development Strategy

Page 21 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Rapid Cloud Computing Development and
Bursting Market Demand
High growth rate
Bursting
soon

Asia-Pacific: Indonesia and India

2017 • Average growth rate of 30% Cloud market
China development
• About to enter the third waves
Ongoing wave
• Average growth rate of
Europe
25%
• Embracing the second wave of
2015 growth Latin America: Argentina,
Mostly• Average growth rate of 21% Mexico, and Brazil
finished • Average growth rate of
US, Japan, and South Korea 20%
Comprising 59% of the global cloud market; growth rate of 16%
2011 Third wave: Low penetration
First wave: High penetration Second wave: High penetration
rate and small growth rate and high growth rate and high growth

High penetration rate 20% 10%

Penetration rate: Expenditure on cloud divided by the total Source: Gartner 2015-
2020 forecast
expenditure on IT

Page 22 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Enterprises Will Lead Next Decade

Internet-native Enterprise
applications applications

Initial development Data sovereignty

Native applications Smooth evolution

Data monetization Complete solution

IaaS IaaS+PaaS+Big Data+IoT+AI

Cloud 1.0 Cloud 2.0

Page 23 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Cloud Computing Evolution

2. Cloud Computing Concepts

3. Cloud Services Evolution

4. Cloud Services Categories

5. Cloud Services Value

6. Cloud Services Application

7. HUAWEI CLOUD Development Strategy

Page 24 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Construction of Global Capability Centers

170+ 16
Countries and regions R&D centers

36 14
Joint innovation centers Regional offices

45 176,000
Employees
Training centers

Page 25 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Cloud Computing Is Huawei's Core Focus
for Next Decade

•Optimized user experience and customer value

• Future-oriented development and strategic industry adjustment

Three customer groups

Carriers Governments and enterprises Consumers

Five industries

IT and cloud Enterprise

Basic telco network Telco software computing communication Devices

Shared platforms and chips

Page 26 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 HUAWEI CLOUD Positioning

Focus on IaaS, Enable PaaS,

and Converge SaaS

Stick to "being integrated"

Strict privacy and security for data and applications
Make enterprise ICT services convenient

Page 27 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Huawei Established Its Cloud BU in 2017

Cloud services have become a basic business model.

Since 2017, Huawei has been developing an open public cloud platform
based on cloud services.
Huawei focuses on major industries and collaborates with partners to
build a mutually beneficial cloud ecosystem.

Cloud BU established for the public cloud business

Page 28 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
1. Which of the following are deployment models of cloud computing?
A. Public cloud

B. Private cloud

C. Hybrid cloud

D. Community/Industry cloud

Page 29 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
1. Which of the following are deployment models of cloud computing?
A. Public cloud

B. Private cloud

C. Hybrid cloud

D. Community/Industry cloud

Page 30 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Summary
⚫ Describes the concept and evolution of cloud computing.

⚫ Introduces main categories, service domains, and value of cloud services.

⚫ Introduces applications and development of cloud services.

⚫ Introduces the HUAWEI CLOUD development strategy.

Page 31 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Recommendations
⚫ Huawei Learning website
 http://support.huawei.com/learning/Index!toTrainIndex

⚫ Huawei public cloud service website

 https://www.huaweicloud.com/en-us/

Page 32 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 More Information

Acronym/ Full Spelling

Abbreviation
ICT Information and Communications Technology
SAN Storage Area Network
NAS Network Attached Storage
QoS Quality of Service
SLA Service Level Agreement
TCO Total Cost of Ownership
SDN Software Defined Networking

Page 33 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
Thank You
www.huawei.com
 HUAWEI CLOUD Architecture

Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.

 Foreword
This chapter introduces the architecture and key services of HUAWEI CLOUD.

Page 2 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Objectives
⚫ After completing this course, you will:
 Understand the overall architecture of HUAWEI CLOUD.
 Know the key services of HUAWEI CLOUD, including Elastic Cloud Server (ECS),
Auto Scaling (AS), Elastic Volume Service (EVS), Volume Backup Service (VBS),
Object Storage Service (OBS), Virtual Private Cloud (VPC), Elastic Load Balance
(ELB), Anti-DDoS, Vulnerability Scan Service (VSS), Web Application Firewall
(WAF), Identity and Access Management (IAM), Cloud Eye, DevCloud, Enterprise
Intelligence (EI), and APIs.

Page 3 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. HUAWEI CLOUD Service Architecture

2. HUAWEI CLOUD Key Services

Page 4 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 HUAWEI CLOUD Full-Stack Solutions
Promote Digital Transformation
Digital Financial E-
Carrier Smart City ...
Integrated
Manufacturing Digitalization government
industry solutions

Web & Scenario-based

SAP HPC DW
Mobile
IoT IT Workspac Video Dev ...
Cloud Cloud Cloud
Cloud
Cloud Hosting e Cloud Cloud Cloud solutions

Database Mgmt App Development Enterprise Collaboration IoT Video

RDS DCS Tools App CloudUC
ConnectMgmt V-PaaS
Cloud Eye SMN ProjectMan TestMan CloudVC
Data Analysis IAM DMS CodeHub DeployMan
Workspace DeviceMgmt VCM Basic cloud
MRS MLS
CodeCI
Managed DR SIMMgmt MediaStream
services (IaaS and
CTS CAE CodePipeline
M-OLAP DPS Service SDR LiveStream
PaaS)
EdgeService
MaaS ECPC CodeCheck ReleaseMan
DIS COS SHA

Compute Storage Network Security

ECS IMS EVS OBS VPC ELB EIP Anti-DDoS WAF HVD
DeC BMS DES SFS Direct Connect VPN VFW SI HID SCS
AS CCE VBS DTA EAB DNS SG VSS KMS PTS
Open cloud OS
(operations and
FusionSphere O&M)

Chip Server Storage Network Security Enterprise-class

infrastructure

Page 5 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 HUAWEI CLOUD Architecture

Self-service console framework

Order
Marke consol O&M
Portal
tplace console
IaaS console PaaS console SaaS console e

SaaS
Third-
DevCloud Workspace
party

Basic
PaaS
Operations O&M security
platform platform
RDS CAE CCE

Keystone IaaS (Enhanced OpenStack) Heat

Glance Nova Cinder Neutron Ceilometer
Swift Nova-Compute Driver Cinder-Volume Driver Neutron Plug-in Ironic

Computing
Storage virtualization| Network virtualization
virtualization

Server Storage Network Firewall

Page 6 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 HA Resource Architecture Model
A global resource pool model is formulated based on regions or availability zones (AZs),
providing standard computing pools for customers to run applications with various
availability requirements.

Region 1 (CN North-Beijing, CN North-Langfang, CN East-Shanghai, and CN South-Guangzhou)

VPC/EIP
AZ 1 AZ n

...

Cluster Cluster ... Cluster

VM

... Cluster
VM n
1

Cluster 1 Cluster 1 Cluster 2

2 3 n n
...

Block storage Block storage

Image storage Object storage Block storage snapshot

Page 7 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. HUAWEI CLOUD Service Architecture

2. HUAWEI CLOUD Key Services

Page 8 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Standard HUAWEI CLOUD Product System

E- E-Commerce Dual-
HPC Cloud Web & Mobile Gaming SAP Cloud IoT Cloud Security Backup and Archive
Commerce Delivery

50+ Manufacturing Oracle to Cloud

Multiplex
Cloud Office Cloud Migration
Enterprise Medical Image
Biomedicine
Solutions Dedicated Cloud Cloud Box Archiving

Software Brute Force Attack Game Financial

Graded Protection Game Security Retail IoV
Training Prevention Development Services

Enterprise Cloud Management &

Application Application Deployment
Communications
Workspace IM Meeting CloudIPCC VoiceCall MSGSMS SMN ServiceStage FunctionStage DDM DMS CRS

DevCloud
Collaboration CloudIDE CloudRelease CloudBuild CodeCheck CloudPipeline MobileTest ProjectMan CodeHub CloudDeploy TestMan Cloud IAM
Eye
100+ EI
IoT Enterprise Database
services IoT Platform Intelligence
DCS RDS DDS ICMS
MRS DPS DIS MLS DWS CDM UQuery OCR Forms CCS

Security
Anti-DDoS AAD VSS KMS WAF ARS SSA HIDS SIS SAS HVD SCS HWAF WTP DBSS CTS LTS

ECS AS IMS BMS DeC DeH CCE EVS OBS VBS DES SFS DESS CDN CSBS VPC ELB DNS Direct Connect VPN
Compute Storage Network

Page 9 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Standard HUAWEI CLOUD Product System

An Elastic Cloud Server (ECS) is a cloud server that provides scalable, on-demand
computing resources. ECSs help you build reliable, secure, flexible, and efficient application
running environments, enabling stable and continuous services and improving O&M
efficiency.
Internet Location attributes:
Region: Geographical location ECS
AZ: Equipment room
CPU Memory Image System Data disk NIC
disk
North China
region

AZ 1 AZ 2

Page 10 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Compute Service - GPU-accelerated ECS

VM 1 VM 2 VM 3 ⚫ Technical Principles
 A physical GPU is virtualized into multiple
vGPUs. The VMs with associated vGPUs can
access physical GPU resources.
vGPU drive vGPU drive vGPU drive
⚫ Application Scenarios
 Graphics rendering, engineering drawing,
vCPU support cloud desktop
Huawei UVP
⚫ Customer Benefits
 Provide users with better experience in
vGPU vGPU GPU vGPU
virtual environments through high-
performance graphics and videos.

Page 11 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Compute Service - Auto Scaling
Auto Scaling (AS) automatically adjusts computing resources based on service requirements and
configured AS policies. This allows the number of ECSs to change with service traffic, ensuring stable
service running.

Sends configurations Sends configurations

Sends configurations
300 requests 1000 requests 300 requests

Cloud Add ECS Reduce

Eye
ECS
ECS
ECS
ECS
ECS
ECS
ECS
ECS
ECS
ECS
ECS Time
r
Scaling
Generates an alarm: instructions Specified time point
CPU and memory usage Specified interval
AS

Page 12 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Storage Service - Elastic Volume Service

Distributed storage architecture

Server N
Server 1 Server 2
Elastic Volume Service (EVS)
Provides scalable virtual block
App App App App VM VM
storage based on a distributed
VBS VBS VBS architecture. EVS disks feature high
data reliability and I/O throughput.
EVS disks are similar to physical
servers' hard disks. You can attach
OSD OSD ... OSD OSD OSD ... OSD OSD OSD ... OSD
EVS disks to ECSs, format them,
Cache Cache Cache
... ... ... create file systems on them, and

Server Server
store data on them.
Server

Page 13 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Storage Service - Volume Backup Service

Volume Backup Service (VBS) backs up EVS disks and uses the backups to
restore original EVS disks, ensuring user data accuracy and security.

Day 4 (Restore data using backup 3 in the

Day 1 Day 2 Day 3 event of unintended data deletion.)

Source disk

Back up Restore
Create an EVS disk from
backup 2.
Backup media

OBS
Backup 1 Backup 2 Backup 3
(Full backup) (Incremental (Incremental
backup) backup)

Page 14 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Storage Service - Object Storage Service
Object Storage Service (OBS) is an object-based storage service providing massive, cost-effective, highly
reliable, and secure data storage. OBS is easy to use and applies to various scenarios, such as massive
storage resource pools, static website hosting, big data analytics, backup and archiving, and cloud storage.

iSCSI/FC NFS/CIFS/POSIX HTTP/REST

Protocol layer Hard disk read/write File opening/modification/ Object upload/download/check/deletion
saving/deletion

Object
Storage layer File Object Object Object
system File
Bucket Key

Metadata
User-defined
... ... ... metadata

⚫ High availability: Eleven nines data durability and four nines availability

⚫ Low cost: Massive storage provided at low cost and support for elastic scaling

⚫ Easy to use: Flexible service access using the native S3 APIs, web-based management console, OBS client, and
SDK

Page 15 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Network Service - Virtual Private Cloud
A Virtual Private Cloud (VPC) is an isolated virtual network environment created on HUAWEI
CLOUD. You have complete control over your VPC, including creating subnets and security groups,
assigning elastic IP addresses (EIPs), allocating bandwidth, and configuring DHCP. You can also use
Direct Connect or a VPN to connect your VPC to a physical data center for flexible resource
consolidation.

Internet
NAT VPN
On-premises IT infrastructure
192.168.0.0/16
VPC

10.1.1.0/24 10.1.2.0/24

Page 16 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Network Service - Elastic Load Balance
Elastic Load Balance (ELB) automatically distributes incoming traffic across servers to
balance their workload, increasing the service capabilities and fault tolerance of your
applications.

VIP: VIP: 202.103.106.110

Internet 202.103.106.110 Internet

ELB ELB
172.18.11.10
172.18.11.10

Server 1 Server 2 Server 3 Server 1 Server 2 Server 3

Traffic distribution Health check

Page 17 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Security Service - Anti-DDoS

Anti-DDoS uses professional anti-DDoS devices to protect your online applications from DDoS attacks,
such as CC, SYN flood, and UDP flood. You can configure parameters to specify the DDoS threshold
based on the bandwidth and service model. If the system detects a DDoS attack, it immediately notifies
users of attack defense.

Page 18 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Security Service - Vulnerability Scan Service
Vulnerability Scan Service (VSS) is a security diagnosis service that uses weakness detection and
intelligent correlation analysis to identify security risks in your websites or servers. VSS also provides
vulnerability details and professional suggestions for fixing them.

Key Features:
⚫ New users using VSS for the first time can scan their websites before domain name
authentication to estimate website risks.
⚫ Supports scan for multiple server vulnerabilities.
⚫ Can detect the OWASP* top 10 security risks.
⚫ Supports vulnerability scan of third-party open-source software and scan for zero-day
vulnerabilities.
⚫ Covers multiple web fingerprints and host fingerprints.
⚫ Provides professional suggestions for fixing each type of detected vulnerability.

* Open Web Application Security Project (OWASP)

Page 19 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Security Service - Web Application Firewall
Web Application Firewall (WAF) is expertly designed to secure your website. It checks HTTP requests for anomalies
and prevents intrusions, such as web page tampering, information leakage, and Trojan horses.

Authorized
user
Web

Unauthorized WAF ECS

user
Key Features:
⚫ Supports a wide range of Windows and Linux OSs, more than any other anti-virus product in the industry.
⚫ Provides in-depth comprehensive security protection, including:
 Detecting and blocking attacks, including SQL injection, XSS, server vulnerabilities, information leakage, privilege
escalation, unauthorized command execution, web shells, and third-party vulnerability exploits
 Hiding the elastic IP addresses of ECSs to protect them from attacks
 Caching static resources of websites so that required resources can be obtained from the WAF without redirecting
the access requests to the sources, accelerating website access

Page 20 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Management and Deployment: Identity
and Access Management
Identity and Access Management (IAM) is a web service that you can use to manage users and user
permissions on HUAWEI CLOUD. It enables you to centrally manage users and security credentials (such as
access keys), and control user permissions for accessing HUAWEI CLOUD resources.

Key Features:
⚫ User and security credential management: On HUAWEI CLOUD, you can create, change, and delete
security credentials (such as access keys) of each user under your account.
⚫ User access control: You can control access permissions and access modes of users under your
account.
⚫ User group management: Under your account, you can create user groups and assign users (such as
administrators and developers) to different groups to control user permissions. After a user is added
to a group, the user has all the permissions of the group. To control user permissions, you can change
the user group of a user.
⚫ Support for Huawei managed service: You can use the entrusted registration function to have HUAWEI
CLOUD customer service personnel register HUAWEI CLOUD accounts for your enterprise and perform
maintenance operations on your behalf using the registered accounts.

Page 21 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Management and Deployment: Cloud Eye
Cloud Eye is a multi-dimensional resource monitoring platform. It provides real-time
monitoring, alarm reporting, notification, and personalized monitoring visualizations,
simplifying your product and resource status monitoring.

Page 22 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 DevCloud - One-Stop DevOps Platform on
the Cloud
DevCloud is a cloud-based development platform that integrates Huawei's R&D
experience, cutting-edge R&D ideas, and advanced R&D tools. It provides
developers with a full R&D suite, making software development easier and more
efficient.

Huawei's
Web development
R&D
experience
Microservice development
Cutting-
Advanced
edge R&D
R&D tools Mobile app development
ideas

Cloud IDE

API

ProjectMan CodeHub CodeCheck CloudBuild TestMan CloudDeploy CloudRelease CloudPipeline

Mobile

Page 23 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Big Data on the Cloud - Intelligence for
Agile Business
Government

Customer Benefits
Market Customer Finance O&M E- and Education OTT Retail
service commerce enterprise

Internal Service Experience accumulation and

operations innovation
continuous optimization
⚫ Secure and reliable: HA for all
Professional components
⚫ Excellent performance: HDFS and
MapReduce performance improved
Management fivefold
Open API
console ⚫ Community contribution: First in
Asia and fourth globally

MapReduce Yarn HDFS ...

Quick provisioning and
Big Data platform: Hadoop lightweight O&M
Ease of
Intuitive self-service console
use
⚫
⚫ One-stop purchase of software
Compute Storage Network Secure Management ... and hardware
⚫ Multi-dimensional monitoring
IaaS services and convenient O&M.

Page 24 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 HUAWEI CLOUD EI - Full-Stack Enablement
for All Scenarios

45 142
AI General APIs AI Advanced APIs AI Pre-integrated
services Solutions
functions

ASR TTS Image NLP CBS ImageSearch VCM VCT City Internet Home Vehicle

18 platform
platform-
services
OCR Face Moderation HAS IDS VGS VCC VCR
Logistics Healthcare Campus Manufacturing
36 related
functions

15 visual
services ML as a Service ModelArts 98 APIs
Deep Learning Machine Learning ExeML Inferencing GES Batch
AI Platform
language Services AI Frameworks
8
MindSpore
pre-integrated
services
Ascend
8 solutions
AI Accelerators GPU

decision-
4 making
Cloud Data Data CloudTable Cloud MapReduc Data Lake Data Lake
services Big Data Services
Data
Ingestion Migration Warehouse Service Stream e Service Insight (DLI) Factory (DLF)
Service (DIS) (CDM) Service (CloudTable) Service (CS) (MRS)
(DWS)

Page 25 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
1. Which of the Following Compute Services Does HUAWEI CLOUD Provide?
A. Elastic Cloud Server (ECS)

B. Auto Scaling (AS)

C. Image Management Service (IMS)

D. Elastic Volume Service (EVS)

Page 26 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
1. Which of the Following Compute Services Does HUAWEI CLOUD Provide?
A. Elastic Cloud Server (ECS)

B. Auto Scaling (AS)

C. Image Management Service (IMS)

D. Elastic Volume Service (EVS)

Page 27 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Summary
⚫ Describes the diversity of HUAWEI CLOUD services.
⚫ Introduces basic information about key HUAWEI CLOUD services.

Page 28 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Recommendations
⚫ Huawei learning website:
 http://support.huawei.com/learning/Index!toTrainIndex

⚫ HUAWEI CLOUD official website:

 https://intl.huaweicloud.com/?locale=en-us

Page 29 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
Thank You
www.huawei.com
 HUAWEI CLOUD Ecosystem

Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.

 Foreword
⚫ This chapter describes the HUAWEI CLOUD ecosystem and its marketing
strategies. The HUAWEI CLOUD ecosystem consists of HUAWEI CLOUD
Academy, Developers, HUAWEI CLOUD Marketplace, and Partners.

Page 2 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Objectives
⚫ Upon completion of this course, you will be able to:
 Know the components of the HUAWEI CLOUD ecosystem.

 Be familiar with the training courses and career certifications offered by

HUAWEI CLOUD Academy.

 Gain an overview of Developers and its services.

 Understand the HUAWEI CLOUD market and the marketing strategies.

 Learn partner benefits, success stories, and the approach to be a HUAWEI

CLOUD ecosystem partner.

Page 3 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. HUAWEI CLOUD Academy

2. Developers

3. HUAWEI CLOUD Marketplace

4. Partners

Page 4 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 HUAWEI CLOUD Academy: for Innovative
Cloud Developers
Studying and testing online, role guides, Online labs, micro certifications, career
and a foundation for developer innovation certifications, developer innovation career ladder

Over 100 high-quality basic courses covering diverse services and cutting-edge technologies Based on real environments
• Experience at your fingertips
Cloud lab Scenario-specific experiments • Smooth user experience

Smart Agile Quick resource scheduling • Hands-on manuals with no training

Cloud computing IoT Big data CaaS SDN Blockchain • required
home network

Fusion
AI
Voice Cloud
DBS IoV Unified network ...
analysis Stage EC management

Big data
• Convenient online studying and testing
Micro AI
• Official HUAWEI CLOUD certification
certifications
Software development • One-stop service for studying, carrying
out experiments, and getting certificates
Cutting-edge technologies...

Various role guides, specialized trainings, and systematic learning

Career certifications
• Cloud experiments targeted at training
courses

• Authoritative industry certification

system
Beginner Developer Architect Special training • Professional skills development covering
camp Impartial mainstream cloud products
Authoritative Professional

Page 5 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Online Courses - Covering All Related
Knowledge

Cloud
IoT Big data
Smart Agile Blockchain
Over 100 high-quality basic
CaaS SDN
computing home network
courses covering diverse
AI
Voice
analysis
Fusion
Stage
Cloud
EC
DBS
IoV
Unified network
management ... services and cutting-edge
technologies

Various role guides, specialized

trainings, and systematic learning
Beginner Developer Architect Special training
camp

Page 6 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Cloud Lab: Allowing Developers to Practice
Online
Experience at your fingertips with easy operations

Lab environments are built on physical environments, and users can

access anytime and anywhere simply as described in operation
manuals.

Quick resource scheduling and smooth user experience

Second-level response of computing, storage, and network resources

allows users to enjoy smooth experience.

Practical, applicable, and easy to use

Software functions and modules are designed from the perspective of users, and the software
management system is more professional, targeted, and mature.

Page 7 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Micro Certifications - for Scenario-Specific
Skills Certification
Convenient online study

Study, carry out experiments, and take tests online anytime, anywhere to grasp the cutting-edge

technologies.

Scenario-specific skills improvement

You can quickly improve your technical skills by studying scenario-specific videos and carrying out online
experiments
without any technical backgrounds.

Authoritative certification

HUAWEI CLOUD micro certifications make your resume more appealing to employers.

https://ilearningx.huawei.com/portal/#/portal/ebg/51
https://ilearningx.huawei.com/portal/#/courses?type=menu

Page 8 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Career Certifications - Professional and
Authoritative
Professional skills development, covering
nine mainstream cloud products

Customized professional trainings, providing users with

a multi-tier certification and training system

"Face-to-face training + online study + environment

practice" teaching mode

One-stop online training courses, with experiments carried out on the

cloud

Authoritative certification

HUAWEI CLOUD career certifications, making your resume more appealing to employers

https://support.huawei.com/learning/NavigationAction!createNavi?navId=_31&lang=en

Page 9 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. HUAWEI CLOUD Academy

2. Developers

3. HUAWEI CLOUD Marketplace

4. Partners

Page 10 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Building a Developer-Oriented Capability
Openness Platform

The capability openness platform of HUAWEI CLOUD allows developers to integrate

Huawei products with their upper-layer applications, which helps them develop
differentiated and innovative solutions.

Openness Cooperation Win-win

Page 11 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 HUAWEI CLOUD Developer Platform
Individual, enterprise, and student developers

HUAWEI CLOUD
www.huaweicloud.com

Cloud Cloud Developer Cloud

DevCloud
Academy Community Center Marketplace devcloud.huaweicloud.com
edu.huaweicloud.com bbs.huaweicloud.com developer.huaweicloud.com market.huaweicloud.com

Basic Specialized Developer API

Blog Forum API SDK marketplace ProjectMan CodeHub
course course Tool

Career Micro- Live Basic Enterprise

Q&A broadcasting Tool Sample code CloudBuild CodeCheck
certification certification software application

Online Practice Basic

… Theme … … … CloudIDE …
lab tutorial software

Developer Ecosystem
Student Innovation and Entrepreneurship Program, Yunzhi Club, MVP, and Cloud Expert

Page 12 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 HUAWEI CLOUD API: Once Development
and Used on Multiple Platforms
Management
Enterprise Application
Compute Network Storage Migration Database DevCloud and Security
Intelligence Services
Deployment
Identity and
Elastic Cloud Elastic Load Scalable File Cloud Migration Intelligent Cloud Service Web Application
MySQL CodeHub Access
Server Balance Service Center Logistics Engine Firewall
Management
Object Storage Application
Cloud Container Storage Disaster Content Cloud Trace Vulnerability
NAT Gateway Migration PostgreSQL CodeCheck Orchestration
Engine Recovery Service Moderation Service Scan Service
Service Service

Cloud Server Virtual Private Volume Backup Cloud Data Cloud Search DevCloud Database
SQL Server API Gateway Log Tank Service
Backup Service Network Service Migration Service Overview Security Service

Distributed Tag
Bare Metal Domain Name Object Storage Server Migration Data Lake Data Encryption
HWSQL ProjectMan Message Management
Server Service Service Service Factory Workshop
Service Service
Image Distributed Simple Resource
Virtual Private Data Express Image SSL Certificate
Management … Cache Service … Message Template
Cloud Service Recognition Manager
Service for Redis Notification Service
Distributed
Machine Host Security
Auto Scaling … … Cache Service … …
Learning Service Service
for Memcached
Data
Data Ingestion Security
FunctionGraph Replication
Service Orchestration
Service

Cloud Stream
… … …
Service

MapReduce
Service

Page 13 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 HUAWEI CLOUD Developer Center Product
Catalog
Management
and
collaboration
ProjectMan DocMan Wiki HiChat (coming soon)

Efficient
R&D

Continuous
delivery Cloud IDE Open Source Images CodeHub CloudPipeline CloudBuild CloudDeploy CloudRelease

Smart O&M

Security
Application Application Operations Vulnerability SSL Certificate
protection Performance Management Cloud Eye
Scan Service Manager
Management

Page 15 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. HUAWEI CLOUD Academy

2. Developers

3. HUAWEI CLOUD Marketplace

4. Partners

Page 17 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 HUAWEI CLOUD Marketplace: Premium
Selection, Convenient Usage
HUAWEI CLOUD Marketplace is the enterprise software and service transaction platform on HUAWEI
CLOUD. HUAWEI CLOUD Marketplace works with service providers, aiming to offer diverse, high-quality,
and convenient products and services for HUAWEI CLOUD users.

Finance Government Manufacturing Healthcare Transportation Education …

End user

Distributor Technical
partner partner
Self-operated
Marketplace
6 solutions 8 sub-markets
9 sections
Service

Cloud Application Developer

partner

Collection Mall marketplace Solution

partner

By Nov 2018, HUAWEI CLOUD Marketplace has accommodated 1000+ service providers and offered 1,300+
products, covering basic software, enterprise applications, site construction, services, security, APIs, IoT, and
developer tools.

Page 18 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 HUAWEI CLOUD Marketplace - E2E
Comprehensive Services
HUAWEI CLOUD Marketplace offers E2E comprehensive services for partners. In 2018, HUAWEI CLOUD Marketplace
launched Business School, making it easy to join HUAWEI CLOUD Marketplace and pushing transaction with
operation.

Negotiation Partner Services Operations & Marketing Monetization

• Professional • Operations •
• Online
consulting Test resource dashboard reconciliation
• Service design application • Advertisement
• Monthly
• • Solution testing on home page
Package design settlement
• Security testing • Popular
• On-premise Technical Operations product display • Quick payment
Consulting service model support
• Troubleshooting Monetization
support • Brand hall

• Documentation • Standardization • Major Huawei

and • New product exhibitions
• HUAWEI CLOUD • Generous
information promotion branding
• Marketing • Knowledge & • partner
Forum & salon
strategy skills transfer • “HUAWEI CLOUD benefits
Market • Training Marketing Marketplace • Annual MVPs
Development • Onsite & online
analysis support Incentives
analysis support training Partner” logo

Page 19 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 HUAWEI CLOUD Collection Mall
The Cloud Collection Mall is an on-cloud boutique marketplace launched on HUAWEI CLOUD in 2018,
where you can buy and download HUAWEI CLOUD products. Working with certified software and
application providers, the Cloud Collection Mall offers a wide range of top-quality products.

Ecosystem
Cloud
Strict quality controls on Synchronous multi-channel
Collection each product, and E2E distribution and other
Mall transaction supervision marketing advantages

Customer Service provider

On-cloud Smart Smart cities
enterprise manufacturing
A wide range of products Huawei experts offer support
applications
and a sufficient profit margin to all customers.

Distributor Huawei expert

Video Security Service IoT API Developer
ecosystem

Strict quality controls attract countless users through Huawei's direct sales and distributor networks,
benefiting both HUAWEI CLOUD and its partners
Page 20 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 HUAWEI CLOUD Select Solution
Premium product selection from Cloud Collection Mall + Huawei cloud services,
providing one-stop shopping experience

Integrated delivery &

customization
(local service providers)
Integrated construction
(Huawei team/integration
service providers)
Certified component A
Certified component B
HUAWEI CLOUD Select
Certified component C Solution
...
Selected components
(Providers of certified components)

+ solution design
• HUAWEI CLOUD IaaS & PaaS offering one-stop services

Page 21 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Service Providers in HUAWEI CLOUD
Marketplace

Page 22 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. HUAWEI CLOUD Academy

2. Developers

3. HUAWEI CLOUD Marketplace

4. Partners

Page 23 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Partnering for Greater Success

HUAWEI CLOUD Partner Network

Marketing Trainings Technical Support Global Ecosystem

You will have
opportunities to
participate in co-branded
marketing campaigns,
customer-facing technical
communication events,
seminars, and exhibitions.
You will have access to
numerous technical training
and certification
opportunities, strengthening
your HUAWEI CLOUD
business and technical
support capabilities.
You will become an industry
leader with HUAWEI CLOUD
architects and experts
standing by to provide
professional technical
support and help you build
solutions. 。
Standing on the shoulders
of Huawei's global, open
ecosystem, you can
quickly develop your own
local ecosystem partners.

Page 24 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 HUAWEI CLOUD Partner Network
HCPN is a categorical partnership program. Based on their functions,
Strategy
partners can be divided into consulting partners and technology
Premier Premier partners. When applying to join HCPN, partners can choose an

Advanced appropriate type.

Advanced
HCPN Consulting Partners
Standard HCPN consulting partners are professional service firms that
Standard
help customers of all sizes to design, architect, migrate, or build
Consulting Partners Technology Partners
new applications or perform daily customer service operations on
1. System Integrators (SIs) 1. ISV HUAWEI CLOUD. Consulting partners include system integrators
2. Strategic Consultancies 2. SaaS (SIs), strategic consultancies, agencies, managed service providers
3. Agencies 3. PaaS
4. Managed Service Providers 4. Developer Tools (MSPs), value-added resellers (VARs) and telecom operators.
(MSPs) 5. Database HCPN Technology Partners
5. Value-Added Resellers (VARs) 6. Management and
6. Telecom Operators Security Vendors HCPN technology partners are commercial software and/or
Internet service companies that provide software solutions that
The HUAWEI CLOUD Partner Network (HCPN) is a global
partner program for HUAWEI CLOUD. We’re focused on are either hosted on or integrated with HUAWEI CLOUD. Technology
helping HCPN partners build success on HUAWEI CLOUD by partners include independent software vendors (ISVs), SaaS, PaaS,
providing valuable business, technical, and marketing
support. developer tools, database, management and security vendors.

Page 25 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 HCPN Partners Requirements
➢ Consulting Partners
Requirements Standard Advanced Premier Strategic
Huawei Cloud Partner Revenue (USD, Annually) USD 12,000 USD 120,000 USD 360,000 USD 1,200,000

Customer References on Huawei Cloud 2 5 10 20

Huawei Cloud Business Professional 1 2 5 10

Huawei Cloud Technical Professional 1 2 5 10

Huawei Cloud TCO and Cloud Economics 1 2 5

Huawei Cloud Certified Associate 1 2 5 10

Huawei Cloud Certified Solutions Architect – 1 2 5

Professional
➢ Technology Partners
Requirements Standard Advanced Premier
Direct or Indirect Huawei Cloud Partner Revenue (USD, Annually) USD 12,000 USD 120,000 USD 360,000

Products in General Availability on Huawei Cloud √ √ √

Customer References on Huawei Cloud 1 3 5
Huawei Cloud OpenLab Technical Validation √
Huawei Cloud Certified Associate 1 2
Validated Support Statement for Huawei Cloud on Partner’s √ √
Website

Page 26 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 HCPN Partners Benefits
Benefits Standard Advanced Premier Strategic
Training Support
Access HCPN Website, use partners dedicated documents and supports √ √ √ √
Access Huawei Cloud College for online technical and business training √ √ √ √
Eligible to access Huawei Cloud College for Sandbox experiments √ √ √ √
Access Huawei Cloud College for free partner professional training and online accreditation √ √ √ √
* Partner professional training including: Business Professional, Technical Professional,
Professional Service, TCO and Cloud Economics
Provide Huawei Cloud Career Accreditation exam voucher (Huawei Cloud Certified 1 2 5 10
Associate), partner can conduct an accreditation exam at a local training institution
designated by Huawei Cloud
Provide Huawei Cloud Career Accreditation exam voucher (Huawei Cloud Certified Solutions 1 2 5
Architect-Professional), partner can conduct an accreditation exam at a local training
institution designated by Huawei Cloud
Huawei Cloud Solution Training for Partners √ √ √ √
Technical Support
Access HCPN Website, get product and solution materials √ √ √ √
Huawei Cloud Online Help Center √ √ √ √
https://support-intl.huaweicloud.com/index.html
Huawei Cloud Service Hotline Support √ √ √ √
Huawei Cloud Service Ticket Support √ √ √ √
Huawei Cloud SA Ad-Hoc Support √ √ √
Huawei Cloud dedicated SA support √

Page 27 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 HCPN Partner Programs
Partners Can Apply to
Become
SN. Program Description Consulting Technology
Partners Partners
Designed for system integrators (SIs), strategic consulting firms, resellers, agents, managed service
HCPN Solution providers (MSPs), value-added resellers (VARs), and carrier partners, the HCPN Solution Partner
1 Partner Program Program can use HUAWEI CLOUD products as a portion of its differentiated solution and resell these
√
products to end customers.
Designed for HCPN Consulting Partners who are experienced in cloud infrastructure and application
HCPN Service
2 Partner Program
migration, the HCPN Service Partner Program provides customers with services such as cloud √
consulting, cloud migration, operation and maintenance management, and security management.

HCPN Software Partners who develop software solutions are encouraged to apply to participate in the program for
3 Partner Program building, launching and developing software on HUAWEI CLOUD.
√

HUAWEI CLOUD partners can promote and sell their software and services to HUAWEI CLOUD
HCPN Marketplace
4 Program
customers. HUAWEI CLOUD Marketplace is an online software and service store that helps customers √ √
find and quickly enable software and services running on HUAWEI CLOUD.
The HCPN AI Club Partner Program is designed for HCPN partners with experienced technical
HCPN AI Club capabilities and proven customer success in the AI area. Club members can demonstrate their
5 Partner Program expertise in specific AI areas to showcase their differentiated competencies and create value for their
√ √
customers.

These partners can leverage their network resources to build cloud + network solutions with This program is open
HCPN Carrier
6 Partner Program
HUAWEI CLOUD to meet users' needs for cloud services while driving the consumption of network only to telecom operator
resources. partners.

Page 28 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Joining HCPN and Partner Programs to
Get Dedicated Services

Learn and Join Create

Partner Test and
Experience Business
Programs Verify
Value

Developer 6 Partner OpenLab

Community Programs Certification Ecosystem

One-stop services Join HCPN partner Assign experts to Promote HUAWEI

help you quickly programs to get verify and optimize CLOUD in specific
develop into an benefits. solutions at Huawei vertical industries.
expert. OpenLabs.

https://e.huawei.com/en/partner/openlab
Page 29 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 HCPN Partner Journey
Step 1 Step 2

Join HCPN Join Partner Programs

HCPN Solution Partner Program

HCPN Service Partner Program
HCPN Software Partner Program
Partner HCPN
HCPN Marketplace Program
HCPN AI Club Partner Program
HCPN Carrier Partner Program

Step 1: Join the HCPN to gain basic benefits.

Step 2: Join HCPN partner programs to gain additional benefits and develop business.

Page 30 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Partner Journey
❶ ❷ ❸ ❹ ❺ ❻
Contact Develop Receive
Apply to join Apply for Customers
HUAWEI customers and incentive
the HCPN and benefits, buy HUAWEI
CLOUD associate with rewards from
partner trainings, and CLOUD
ecosystem customer HUAWEI
programs certifications services
manager accounts CLOUD

Communication Register Partner Apply for Partner Benefits Develop Customers Customers Buy Issue Incentive
✓ HUAWEI CLOUD Accounts Partner Trainings and Partners recommend HUAWEI CLOUD Rewards
products, Log in to the HUAWEI Certifications HUAWEI CLOUD ✓ Customers can HUAWEI CLOUD
ecosystem, and CLOUD official website, ✓ Register customer accounts products to customers. deal with HUAWEI calculates partner
suggestions on apply to become a and associate partner Bind to Customer CLOUD or channel performance at a
cooperation partner, sign accounts with customer Accounts partners. fixed day of each
✓ Willingness to agreements, and obtain accounts. Customers create ✓ Calculate partner month and pay
cooperate with a partner account. ✓ Partners learn online HUAWEI CLOUD incentive rewards. incentive rewards
HUAWEI CLOUD, Join Partner Programs courses and take exams on accounts online and Trading and settlement: to partners online.
discussions and Join partner programs HUAWEI CLOUD Academy. bind these accounts ① Agent mode
agreements on and sign agreements ✓ Partners learn certification with the partner ② Resale mode
cooperation and online (if required) courses online and contact accounts. ③ Charge for value-
objectives HALP to take exams. added services

Page 31 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Summary
⚫ Compositions of HUAWEI CLOUD ecosystem

⚫ Trainings and certifications provided by HUAWEI CLOUD Academy

⚫ Tools and supports provided by Developer Center

⚫ Compositions and market strategies of HUAWEI CLOUD Marketplace

⚫ HCPN, Requirements, and Benefits

Page 32 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Recommendations
⚫ HUAWEI CLOUD Website
 https://intl.huaweicloud.com

Page 33 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
Thank You
www.huawei.com
HUAWEI CLOUD Service - Management System

Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.

 Foreword
⚫ This course describes how to manage systems on the HUAWEI CLOUD
management console.

Page 2 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Objectives
⚫ After completing this course, you will be able to:

 Understand how to access, register, and log in to HUAWEI CLOUD official website.

 Understand the layout, attributes, and benefits of HUAWEI CLOUD management

console.

 Understand frequent operations on HUAWEI CLOUD management console.

 Understand Identify and Access Management (IAM) on HUAWEI CLOUD management

console.

 Understand how to access and use the management consoles of HUAWEI CLOUD
services such as Elastic Cloud Server (ECS) and Elastic Volume Service (EVS).

Page 3 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Registration and Login

2. HUAWEI CLOUD Management Console

3. Identity and Access Management (IAM)

4. Examples of HUAWEI CLOUD Services

Page 4 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Register a HUAWEI CLOUD Account

Page 5 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Log In to HUAWEI CLOUD

Page 6 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Registration and Login

2. HUAWEI CLOUD Management Console

3. Identity and Access Management (IAM)

4. Examples of HUAWEI CLOUD Services

Page 7 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Management Console Homepage

Page 8 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Management Scope

Page 9 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Region Switching

Page 10 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 User Information Management

Page 11 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Registration and Login

2. HUAWEI CLOUD Management Console

3. Identity and Access Management (IAM)

4. Examples of HUAWEI CLOUD Services

Page 12 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 What Is IAM?
Identity and Access Management (IAM) provides identity authentication and permission
management. With IAM, you can manage user accounts and control their access to cloud
resources through permissions and policies.

Page 13 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 IAM - Users
You can plan user groups based on users' responsibilities and grant them the corresponding permissions. Users in a user
group have all of its permissions. User groups help improve the efficiency of permission management.

Page 14 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 IAM - Projects

You can click Modify

to modify the
information about the
project.

A project groups and isolates OpenStack

resources, such as computing, storage, and
network resources. Resources in your account
must be mounted under projects. A project can
be a department or a project team. You can
access IAM with the security administrator
permission to create projects in a region and
perform isolated management of resources.

Page 15 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Registration and Login

2. HUAWEI CLOUD Management Console

3. Identity and Access Management (IAM)

4. Examples of HUAWEI CLOUD Services

Page 16 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Elastic Cloud Server
⚫ Elastic Cloud Server (ECS) provides scalable, on-demand cloud servers for
secure, flexible, and efficient application environments, ensuring reliable,
uninterrupted services.

⚫ An ECS is a computing server that consists of CPUs, memory, images, and

EVS disks allowing on-demand allocation and elastic scaling. ECSs integrate
Virtual Private Clouds (VPCs), virtual firewalls, and multi-data-copy
capabilities to create efficient, reliable, and secure computing
environments. This ensures stable and uninterrupted operation of services.

Page 17 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 ECS Management Console

Procedure
1. Log in to the management console, click Service List and choose
Computing > Elastic Cloud Server.
2. On the displayed page, click Buy ECS.
3. Set parameters based on the planning for SAP application nodes
and other nodes. (choose two types of login)
4. Create other ECSs as required.
Page 18 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Elastic Volume Service
⚫ Elastic Volume Service (EVS) is a scalable virtual block storage device with
the distributed architecture. EVS disks provide high data reliability and I/O
throughput. Using EVS disks is like using hard disks on physical servers.
You can format EVS disks attached to ECSs, create file systems on EVS
disks, and store data into them persistently.

Page 19 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 EVS Management Console

Procedure
1. Visit the HUAWEI CLOUD website and
log in to the management console.
2. Under Storage, click Elastic Volume
Service.
3. The disk list page is displayed.
4. Click Buy Disk.
5. Configure basic information about the
EVS disk as required.
6. Click Next and then Submit.
Page 20 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
7. On the Resource Details page, you can confirm the disk details.
8. Pay for the fees as prompted and click OK.
9. The disk list page is displayed.
10. In the disk list, view the disk status.
11. If the disk status changes to Available, the disk is successfully
created.
12. Click Attach in the Operation column and attach the disk to the
ECS.
 Summary
⚫ Registration and Login

⚫ HUAWEI CLOUD Management Console

⚫ Identity and Access Management (IAM)

⚫ Examples of HUAWEI CLOUD Services

Page 21 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
1. How many types of login users does HUAWEI CLOUD support?

A. 1

B. 2

C. 3

D. 4

Page 22 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
1. How many types of login users does HUAWEI CLOUD support?

A. 1

B. 2

C. 3

D. 4

Page 23 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Recommendations
⚫ Huawei Learning website
 http://support.huawei.com/learning/en/newindex.html

⚫ HUAWEI CLOUD service website

 https://intl.huaweicloud.com/

Page 24 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 More Information

Acronyms or Full Spelling

Abbreviations
IAM Identity and Access Management

ECS Elastic Cloud Server

VPC Virtual Private Cloud

EVS Elastic Volume Service

Page 25 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
Thank You
www.huawei.com
 Computing Cloud Service -
Elastic Cloud Server
Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Foreword
⚫ This chapter gives a general overview of Elastic Cloud Server (ECS), a
service on HUAWEI CLOUD.

Page 2 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Objectives
⚫ After completing this course, you will be able to:
 Understand the concepts, functions, and application scenarios of ECS.

 Create and manage ECSs.

 Learn ECS FAQs.

Page 3 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Overview

2. ECS Purchasing

3. ECS Management

4. Related Services

Page 4 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 What Is ECS?
⚫ Elastic Cloud Server (ECS) a cloud server that provides scalable, on-demand
computing resources for secure, flexible, and efficient applications.

Page 5 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Advantages

Security

Stability and Competitive

Reliability Advantage

Auto Scaling

Page 6 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Architecture
AZ 1
⚫ ECS works with other products and services to provide VPC

computing, storage, network, and image installation

functions. IP

⚫ ECSs are deployed in multiple availability zones (AZs) EIP ECS EVS

connected with each other through an internal network. If AZ 2 Subnet

an AZ becomes faulty, other AZs in the same region will Security
group
not be affected.
VBS IMS
⚫ With the Virtual Private Cloud (VPC) service, you can build EVS disk 1
ECS 1
a dedicated network, set the subnet and security group,
and allow the VPC to communicate with the external
network through an EIP (bandwidth support required).

⚫ With the Image Management Service (IMS), you can install

ECS 2 EVS disk 2
images on ECSs, or create ECSs using private images and ...
...
deploy services quickly.

⚫ The Elastic Volume Service (EVS) provides storage and

Volume Backup Service (VBS) provides data backup and
recovery functions. ECS x EVS disk x

Page 7 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Features
⚫ Security protection: Worry-free comprehensive security protection

⚫ Reliable data: Scalable, reliable high throughput virtual block storage based on distributed
architecture

⚫ Flexible, easy-to-use: Multi-choice management via the management console, remote

access, and APIs with full rights

⚫ Rich specifications: Multiple ECS types, specifications, and images

⚫ Stable network access: Fast, stable, and secure dedicated network transmission channels

⚫ Multi-level monitoring: Open platform for real-time resource monitoring, alarming, and
notification

Page 8 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Application Scenarios
Scenario Application Recommended Configuration
• Official websites
• Specifications: s3.large.2
Internet • Website R&D and testing
• Disk: Common I/O EVS disk, 100 GB
• Small-scale databases
• Precision advertising
• Specifications: m3.2xlarge.8
E-Commerce • E-Commerce
• Disk: Ultra-high I/O EVS disk, 100 GB
• Mobile apps
• HD video
Graphics • Graphics rendering • Specifications: g1.2xlarge
rendering • Remote desktops • Disk: High I/O EVS disk, 100 GB
• Engineering drawing
• MapReduce • Specifications: d2.4xlarge.8
Data analysis
• Hadoop • Disk: Local disks, 8 x 1.6 TB
• Scientific computing
High-
• Genetic engineering • Specifications: h3.4xlarge.4
performance
• Games and animation • Disk: Ultra-high I/O EVS disk, 100 GB
computing
• Biopharmaceuticals and storage

Page 9 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Success Stories
⚫ vmall.com: the first All-in-Cloud e-commerce platform in China based on the one-
stop e-commerce solution provided by HUAWEI CLOUD.

⚫ Yonyou Telecom: HUAWEI CLOUD removes their need to maintain backend

resources and enables them to focus on product development for meeting user
requirements to the maximum extent.

⚫ China Pacific Property Insurance Co., Ltd.: uses HUAWEI CLOUD services for data
acquisition and analysis, which has significantly reduced their investments.

⚫ Shanghai International Port Group: The launch of the Ganghangzongheng

(shipping) platform has resolved issues in user data query and therefore are
warmly welcomed in the shipping industry.

Page 10 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Overview

2. ECS Purchasing

3. ECS Management

4. Related Services

Page 11 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 ECS Types
⚫ HUAWEI CLOUD provides various ECS types for different application
scenarios.

 General computing  Ultra-high I/O

 General computing-plus  High-performance computing
 General-entry  Ultra-high performance
 Memory-optimized computing

 Large-memory  GPU-accelerated

 Disk-intensive  FPGA-accelerated

Page 12 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 ECS Flavor Naming Rules
ECS flavors are named using the format "AB.C.D".

The format is defined as follows:

⚫ A specifies the ECS type. For example, s indicates a general-computing ECS, c a computing
ECS, and m a memory-optimized ECS.

⚫ B specifies the type ID. For example, the 1 in s1 indicates a general-computing first-
generation ECS, and the 2 in s2 indicates a general-computing second-generation ECS.

⚫ C can be any of the following options: medium, large, or xlarge.

⚫ D specifies the ratio of vCPU to memory expressed in a digit. For example, value 4 indicates
that the ratio of vCPU to memory is 4.

Page 13 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Network Bandwidth
⚫ ECS intranet bandwidths and PPS capabilities are limited based on flavors.
 Assured bandwidth: indicates the assured ECS bandwidth.

 Maximum bandwidth: indicates the maximum ECS bandwidth.

 Maximum PPS: indicates maximum ECS capabilities in transmitting and

receiving packets.

Page 14 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 ECS Purchasing Process

1 2 3

Configure ECS Select an image Configure the

specifications. and add disks. network.

Confirm the
Specify a login
specifications and
mode.
purchase it.
5 4

Page 15 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
Step 1: Configure ECS Specifications
⚫ Select a billing mode.

Use Pay-per-
use for all labs

⚫ Configure specifications.
Step 2: Select an Image and Add Disks
⚫ Select an image.

⚫ Add disks.
Step 3: Configure the Network
Step 4: Specify a Login Mode
⚫ Key pair: A key pair is used for ECS login authentication. You can select an existing
key pair, or click Create Key Pair and create a desired one.

⚫ Password: A username and its initial password are used for ECS login
authentication. The initial password of user root is used for authentication in Linux,
while that of user Administrator is used for authentication in Windows.
Step 5: Confirm the Specifications and
Purchase It
 Contents
1. Overview

2. ECS Purchasing

3. ECS Management

4. Related Services

Page 23 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Managing ECSs
⚫ Logging In to an ECS

⚫ Managing the Lifecycle of an ECS

⚫ Modifying ECS Specifications

⚫ Reinstalling/Changing an ECS OS

⚫ Resetting the Password for Logging In to an ECS

⚫ Backup Up ECS Data

Page 24 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Logging In to an ECS
⚫ Log in to a Windows ECS.
Password-
authenticated
ECS

VNC
Mode 1
Key-
Obtain the
authenticated Log in to the ECS.
password.
ECS

Mode 2 MSTSC

⚫ Log in to a Linux ECS.

Key-authenticated
SSH key+EIP
ECS User root

User root VNC+password

Password-
authenticated ECS

User root SSH password+EIP

Page 25 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Managing the Lifecycle of an ECS
⚫ A lifecycle indicates the ECS statuses recorded from the time when the ECS is
created through the time when the ECS is deleted or released. ECS lifecycle
management includes starting, stopping, restarting, and deleting ECSs.

⚫ Method 1

⚫ Method 2

Page 26 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Modifying ECS Specifications
⚫ If the ECS specifications do not meet service requirements, you can modify
the ECS specifications, including vCPUs and memory.

⚫ If you want to use an ECS for a long time, you can change its billing mode
from pay-per-use to yearly/monthly to reduce cost.

Page 27 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Reinstalling/Changing an ECS OS
⚫ Reinstall: If the OS of an ECS fails to start or requires optimization, reinstall the OS.

⚫ Change: If the OS running on an ECS cannot meet service requirements, change

the ECS OS.

Page 28 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Resetting the Password for Logging In to
an ECS
⚫ Reset the password for logging in to an ECS if the password is lost or has expired.

⚫ Prerequisites: You have installed password reset plug-ins before your ECS password is lost or expires.

⚫ Note: The one-click password reset plug-ins have been installed by default on an ECS created using a
public image.

Page 29 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Backup Up ECS Data
Create full-ECS backups and use EVS disk data consistency to restore ECS
service data. This maximally ensures user data security and correctness.

Page 30 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Overview

2. ECS Purchasing

3. ECS Management

4. Related Services

Page 31 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Backup Up ECS Data

Page 32 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
1. Is an ECS a physical server? ( )
A. Yes

B. No

2. What is used by an ECS to store data? ( )

A. Auto Scaling

B. Elastic Volume Service

C. Cloud Container Engine

D. Cloud Eye

Page 33 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
1. Is an ECS a physical server? ( )
A. Yes

B. No

2. What is used by an ECS to store data? ( )

A. Auto Scaling

B. Elastic Volume Service

C. Cloud Container Engine

D. Cloud Eye

Page 34 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Summary
⚫ HUAWEI CLOUD ECS

⚫ ECS concepts, functions, and application scenarios

⚫ ECS purchasing and management

Page 35 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Recommendations
⚫ Huawei Learning website
 http://support.huawei.com/learning/en/newindex.html

⚫ ECS documentation at Help Center

 https://support-intl.huaweicloud.com/ecs/index.html

Page 36 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
Thank You
www.huawei.com
 Computing Cloud Service –
Auto Scaling
Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Foreword
⚫ This chapter provides an overview of Auto Scaling (AS) and its basic
functions, application scenarios, and usages.

Page 2 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Objectives
⚫ Upon completion of this course, you will:
 Be familiar with AS concepts, functions, and application scenarios.

 Be able to create AS groups and bandwidth scaling policies.

Page 3 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Overview

2. Creating an AS Group

3. Creating a Bandwidth Scaling Policy

4. Usage and Management

5. Related Services

Page 4 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Concepts
⚫ AS automatically adjusts resources based on your service needs and allows
you to specify AS configurations and policies as required. These
configurations and policies free you from having to repeatedly adjust
resources to keep up with service changes and demand spikes, thereby
reducing the resources and manpower required.

Auto Scaling

Page 5 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Product Architecture

Page 6 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Features

Auto Scaling

Benefits

Even Instance Automatic

Distribution Notification

Page 7 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Product Advantages

Low Cost Auto

Adjustment

Benefits

High Visual
Availability Management

Page 8 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Application Scenarios
Typical Application Scenario Description

Web app service The AS service scales up or down logical servers of common web services,
such as enterprise websites, e-commerce platforms, video websites, online
education institutions, and mobile apps. Requests from clients are distributed
among app servers through load balancing. The AS service scales up or down
app servers according to the number of requests. If you enable the bandwidth
scaling function, AS will adjust the bandwidth size based on access traffic.

High-performance cluster The AS service scales up or down distributed backend servers of common web
deployment services in real time based on the data volume.
The servers include distributed big data computing nodes and data retrieval
servers in computing clusters.

Request server deployment The AS service is used for deploying server clusters that are used to send
requests or collect data.
These servers are time-effective. The AS service enables quick creation,
deployment, and scaling of these servers.

Page 9 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Overview

2. Creating an AS Group

3. Creating a Bandwidth Scaling Policy

4. Usage and Management

5. Related Services

Page 10 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Wizard-based Creation Process

1 2 3

Create an AS
Create an AS group. Create an AS policy.
configuration.

Page 11 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Configuring Parameters - Creating an AS
Group

Page 12 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Configuring Parameters - Creating an AS
Group

Page 13 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Parameters for Creating an AS Group
Parameter Description Example Value

Max. Instances or Min. Instances Specifies the maximum or minimum number of instances in an AS group. 10 or 5
Expected Instances Specifies the expected number of ECS instances in an AS group. 6
AZ Specifies a physical region where resources use independent power supplies and networks. AZs are None
physically isolated but interconnected through an internal network.

VPC Specifies the VPC of the ECS network. All ECSs in an AS group belong to the same VPC. None
Subnet By default, only ECSs in the same VPC subnet can communicate with each other. None
Security Group You can define different access rules for a security group to protect the ECSs that are added to this None
security group.
Load Balancing This parameter is optional. A load balancer automatically distributes access traffic to all ECSs in an AS None
group to balance their service load. It enables higher levels of fault tolerance in your applications
and expands application service capabilities.

Health Check Method Checks the ECS health status. When the health check detects a faulty ECS, the system removes the None
faulty ECS from the AS group and adds a new one. The health check supports two modes,
respectively ECS health check and ELB health check.

Health Check Interval Specifies the health check period for an AS group. 5 minutes
Instance Removal Policy Specifies the priority for removing an ECS instance. If required conditions are met, scaling actions are None
triggered to remove instances.

Release EIP on Instance Removal If the AS configuration of an AS group uses an EIP, the system binds the EIP to the newly created None
ECS instance when the scaling action is performed. If you select Yes, the EIP bound to the ECS
instance is released when the instance is removed from the AS group. Otherwise, the system reserves
the EIP.

Page 14 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Configuring Parameters - Creating an AS
Configuration

Page 15 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Configuring Parameters - Creating an AS
Configuration

Page 16 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Parameters for Creating an AS Configuration
Parameter Description Example Value
Configuration
Specifies the name of an AS configuration. None
Name

Select Create a new specifications template.

Configuration Create a new specifications
Template If this option is selected, configure the parameters, such as ECS Type, vCPU, Memory, Image, and Disk template
to create an AS configuration.

Specifications The public cloud provides various ECS types for you to select based on application scenarios. Memory-optimized

Image Images are classified into public images, private images, and shared images. Public image
The disk, also called the EVS disk, can be a system disk or a data disk.
Disk Common I/O
The disk type includes common I/O, high I/O, and ultra-high I/O.

Security Controls ECS access within or between security groups to enhance security protection on ECSs. None
Group

EIP Specifies a static public IP address bound to an ECS in a VPC. Using the EIP, the ECS provides services Automatically assign
externally. The system provides the following options:
Do not use: Without an EIP, the ECS cannot access the Internet and is used only in the private network
or in a cluster.
Automatically assign: The system automatically assigns an EIP for the ECS. The EIP provides exclusive
bandwidth that is configurable.

Login Mode A key pair is used for authenticating the ECS. In this mode, create or import a key pair on the Key Pair Key pair
page.
Advanced This parameter allows you to configure File Injection, User Data Injection, and ECS Group. You can None
Settings select Do not configure or Configure now.

Page 17 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Configuring Parameters - Adding an AS
Policy

Page 18 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Parameters for Adding an AS Policy
Parameter Description Example Value
Policy Name Specifies the name of an AS policy. as-policy-p6g5
Policy Type The value can be Alarm, Scheduled, or Periodic. Alarm
Monitoring Type Specifies the alarm monitoring type. The value can be System monitoring or Custom monitoring. System monitoring
Alarm You can use an existing alarm rule or create an alarm rule. To create an alarm rule, configure the None
following parameters:
Alarm Name: specifies the name of the new alarm rule, for example, as-alarm-7o1u.
Trigger Condition: specifies a metric and condition for triggering a scaling action. For example,
when the CPU usage becomes higher than 70%, AS automatically triggers a scaling action.
Monitoring Interval: specifies the period for the metric, for example, 5 minutes.
Consecutive Occurrences: specifies the number of consecutive times, for example, one time, for
triggering a scaling action during a monitoring period.

Scaling Action Specifies an action and the expected number of instances. The following AS action options are Add 1 instance
available:
Add: adds instances to an AS group when the scaling action is performed.
Reduce: removes instances from an AS group when the AS action is performed.
Set to: sets the expected number of instances in an AS group to a specified value.
Cooldown Period Specifies a period of time after a scaling action starts and before any further scaling actions can be 900s
triggered.
The cooling duration prevents alarm-triggered scaling actions. Scaling actions triggered at a
scheduled time or periodically will not be affected. However, the AS service restarts the cooling
duration in seconds after a scheduled or periodic scaling action is performed.

Page 19 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Overview

2. Creating an AS Group

3. Creating a Bandwidth Scaling Policy

4. Usage and Management

5. Related Services

Page 20 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Configuring Parameters - Creating a
Bandwidth Scaling Policy

Page 21 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Parameters for Creating a Bandwidth
Scaling Policy
Parameter Description Example Value
Region Specifies the region where the AS group resides. None
Policy Name Specifies the name of the bandwidth scaling policy. None
EIP Specifies the public network IP address whose bandwidth needs to be scaled. None
Policy Type The value can be Alarm, Scheduled, or Periodic. Alarm
Alarm You can use an existing alarm rule or create a new one. Create Alarm Rule
To create an alarm rule, configure the following parameters:
Alarm Name: specifies the name of the new alarm rule, for example, as-alarm-7o1u.
Trigger Condition: specifies a monitoring metric and condition for triggering a scaling action. For
example, when the CPU usage becomes higher than 70%, AS automatically triggers a scaling action.
Monitoring Interval: specifies the interval (such as five minutes) at which the alarm status is updated
based on the alarm rule.
Consecutive Occurrences: specifies the number of sampling points when an alarm is triggered.

Scaling Action Specifies an action and the number/percentage of instances. Add 1 instance
The following AS action options are available:
Add
Reduce
Set to
Limit Specifies the maximum and minimum bandwidth allowed (Mbit/s). 2000 Mbit/s

Cooldown Period Specifies a period of time after a scaling action starts and before any further scaling actions can be 900s
triggered. The cooling duration prevents alarm-triggered scaling actions. Scaling actions triggered at a
scheduled time or periodically will not be affected. However, the AS service restarts the cooling duration
in seconds after a scheduled or periodic scaling action is performed.

Page 22 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Overview

2. Creating an AS Group

3. Creating a Bandwidth Scaling Policy

4. Usage and Management

5. Related Services

Page 23 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Management Overview
⚫ AS Groups

⚫ AS Configurations

⚫ Scaling Actions

⚫ Scaling Bandwidth Policies

⚫ AS Group and Instance Monitoring

⚫ Constraints

Page 24 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 AS Groups
⚫ An AS group consists of a collection of ECS instances and AS policies that
have similar attributes and apply to the same application scenario.
 Creating an AS group

 Adding a load balancer to an AS group

 Adding/Replacing an AS configuration to/in an AS group

 Enabling an AS group

 Disabling an AS group

 Modifying an AS group

 Deleting an AS group

Page 25 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 AS Configurations
⚫ An AS configuration is a template listing specifications for the instances
that will be added to an AS group.
 Using an existing ECS to create an AS configuration

 Using a new specifications template to create an AS configuration

 Copying an AS configuration

 Deleting an AS configuration

Page 26 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Resource Expansion
⚫ When service demands increase, you need to expand resources through
scaling actions.

⚫ There are three methods for resource expansion:

 Dynamically expanding resources

 Expanding resources as planned

 Manually expanding resources

Page 27 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Scaling Actions - Configuring an Instance
Removal Policy
⚫ AS supports the following instance removal policies:
 Oldest instances created based on the oldest configuration

 Newest instances created based on the oldest configuration

 Oldest instances

 Newest instances

Page 28 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Scaling Actions – Viewing a Scaling Action
⚫ On the AS group details page, click the Monitoring tab, and click Diagram
or Table to view scaling actions. Below are some diagrams.

Page 29 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Scaling Actions - Adding a Lifecycle Hook
⚫ After a lifecycle hook is added to an AS group, when the AS group performs a scaling
action, the lifecycle hook suspends the instance that is being added to or removed from the
AS group and sets the instance to the waiting state. During the waiting period, you can
perform customized operations on the instance. For example, you can install or configure
software on the newly started instance, or download the log file from the instance before
the instance terminates.

 Adding a lifecycle hook

 Modifying a lifecycle hook

 Deleting a lifecycle hook

 Perform a callback action

Page 30 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Scaling Actions - Managing AS Policies
⚫ An AS policy specifies conditions for triggering an AS action. An AS action
will be triggered if conditions are met. The AS service allows you to:
 Create an AS policy

 Modify an AS policy

 Delete an AS policy

 Enable an AS policy

 Disable an AS policy

 Manually execute an AS policy

Page 31 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 AS Group and Instance Monitoring
A health check removes abnormal instances from an AS group. Then, the AS group
creates new instances so that the number of instances is the same as the number
before instance removal. There are two types of AS group health checks.

⚫ ECS health check: checks the ECS running status. If an ECS is stopped or deleted, it
is considered as abnormal. The AS group automatically removes the abnormal
instances.

⚫ ELB health check: checks the ECS running status based on the health check result
obtained using a load balancing listener. After you add multiple elastic load
balancers to an AS group, the AS group will remove the ECSs once one of the load
balancers detects that the ECSs are abnormal.

Page 32 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Constraints
AS has the following restrictions:

⚫ Only applications that are stateless and can be horizontally scaled can run on ECS
instances in an AS group.

⚫ The following table lists the constraints on AS resources.

Category Description Default Value

AS group Maximum number of AS groups that you can create 10

AS configuration Maximum number of AS configurations that you can create 100

AS policy Maximum number of AS policies that can be added to an AS 10

group
Instance Maximum number of instances that can be added to an AS 300
group
Bandwidth scaling Maximum number of bandwidth scaling policies that you can 50
policy create

Page 33 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Overview

2. Creating an AS Group

3. Creating a Bandwidth Scaling Policy

4. Usage and Management

5. Related Services

Page 34 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Related Services
⚫ Elastic Cloud Server

⚫ Virtual Private Cloud

⚫ Elastic Load Balance

⚫ Simple Message Notification

⚫ Cloud Trace Service

⚫ Cloud Eye

Page 35 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
1. Which of the following methods does AS use to expand resources?
A. Dynamically expanding resources

B. Expanding resources as planned

C. Manually expanding resources

D. Automatically expanding resources

2. Which of the following policies does AS support?

A. Alarm policies

B. Scheduled policies

C. Periodic policies

D. Monitoring policies

Page 36 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
1. Which of the following methods does AS use to expand resources?
A. Dynamically expanding resources

B. Expanding resources as planned

C. Manually expanding resources

D. Automatically expanding resources

2. Which of the following policies does AS support?

A. Alarm policies

B. Scheduled policies

C. Periodic policies

D. Monitoring policies

Page 37 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Summary
During this chapter, we covered:

⚫ Concepts, functions, and application scenarios of the AS service

⚫ Creation and management of AS groups and bandwidth scaling policies

Page 38 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 More Information

Abbreviation Full Name

AS Auto Scaling

ELB Elastic Load Balance

Page 39 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
Thank You
www.huawei.com
 Computing Cloud Service –
Image Management Service
Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Foreword
⚫ This course introduces Image Management Service (IMS), a computing
service provided by HUAWEI CLOUD for creating and managing images.

Page 2 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Objectives
⚫ After completing this course, you will:
 Understand basic concepts, functions and application scenarios of IMS.

 Be able to create and manage private images.

Page 3 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Introduction

2. Image Creation

3. Image Management

4. FAQs

5. Related Services

Page 4 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Basic Concepts
Image
An image provides information required for you to create an ECS, BMS, or disk.

IMS allows you to easily create and manage images. You can use a public, private,
or shared image to create ECSs or BMSs, or an ECS or external image file to create
a private image.

Page 5 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Basic Concepts
Image Type

⚫ Images are classified as public, private, and shared images.

⚫ Public images are provided by the cloud platform, private images are
created by image owners, and shared images are created and shared by
others.

Page 6 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Private Image
⚫ Private images can be classified into three types as follows:

⚫ System disk image: contains an OS and necessary applications, and is used

to create ECSs for migrating services to the cloud.

⚫ Data disk image: contains only service data, and can be used to create data
disks for migrating data to the cloud.

⚫ Full-ECS image: contains an OS, applications, and data.

Page 7 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Product Advantages
⚫ Convenient

⚫ Secure

⚫ Flexible

⚫ Uniform

Page 8 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Functions
⚫ IMS provides public images supporting popular OSs.

⚫ You can create system disk images, data disk images, and full-ECS images.

⚫ Private images can be modified and deleted, and system and data disk
images can be shared with others.

⚫ Existing images can be used to create ECSs and BMSs.

Page 9 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Introduction

2. Image Creation

3. Image Management

4. FAQs

5. Related Services

Page 10 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Methods for Creating a Private Image
⚫ Create a system disk image from a Windows ECS.

⚫ Create a system disk image from a Linux ECS.

⚫ Create a system disk image from an external image file containing a Windows OS.

⚫ Create a system disk image from an external image file containing a Linux OS.

⚫ Create a data disk image using an ECS data disk.

⚫ Create a data disk image from an external image file.

⚫ Create a full-ECS image from an ECS.

⚫ Create a full-ECS image from a CSBS backup.

Page 11 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Creating a System Disk Image from a
Windows ECS

1 2 3

Configure the Install Create a system

Windows ECS. Cloudbase-Init. disk image.

Confirm the
configurations
and submit.
4

Page 12 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Configuring the Windows ECS
⚫ If the ECS uses a static IP address, configure DHCP for the ECS, allowing it
to dynamically obtain an IP address.

Page 13 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Installing Cloudbase-Init
⚫ You are advised to install Cloudbase-Init on the ECS that will be used to create the
system disk image so that new ECSs created from this image are customizable.

Page 14 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Optimizing Before Image Creation
⚫ To ensure that the image created from an ECS supports both Xen and KVM,
install the PV driver and UVP VMTools on the ECS.

Page 15 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Creating a System Disk Image
⚫ You can create a Windows system disk image from an ECS that runs a
Windows OS.

Page 16 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Creating a System Disk Image from a Linux
ECS

1 2 3

Configure NIC Install and

Clear network rule
attributes for the configure Cloud-
files.
ECS. Init.

Confirm the Check and detach

Create a Linux
configurations and data disks from
private image.
submit. the ECS.
6 5 4

Page 17 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Configuring NIC Attributes for the ECS

⚫ If the ECS uses a static IP address, configure DHCP for the ECS, allowing
it to dynamically obtain an IP address.

Page 18 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Deleting Network Rule Files
⚫ Before creating an image, delete network rule files on the ECS to ensure
that the image will not contain them.

⚫ Do not restart the ECS after network rule files are deleted. Otherwise, these
network rules will be regenerated and included in the image.

Page 19 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Installing Cloud-Init
⚫ Install Cloud-Init on the ECS before using it to create an image so that new
ECSs created from the image support customization. Without Cloud-Init,
ECSs are accessible only with the image password. You can perform the
following steps to install Cloud-Init:
 Check whether Cloud-Init has been installed.

 Install Cloud-Init.

 Configure user permissions on the ECS based on the user role.

 Check whether Cloud-Init is successfully configured.

Page 20 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Detaching Data Disks from the ECS
⚫ If the ECS used to create the image has multiple data disks, new ECSs
created using the image may be unusable. To prevent this, detach all data
disks from the ECS before image creation.

Page 21 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Creating the System Disk Image
⚫ You can create a Linux system disk image from an ECS that runs a Linux OS.

Page 22 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Creating a Windows System Disk Image from an
External Image File
⚫ If the image file has been initialized:

Register the
Upload the file to
uploaded file as an
an OBS bucket.
image.

⚫ If the image file has not been initialized:

Register the
Upload the file to Create an ECS
uploaded file as an
an OBS bucket. using the image.
image.

Create a system
disk image from Configure the ECS.
the ECS.

Page 23 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Uploading the Image File
⚫ Use OBS browser to upload the external image file to an OBS bucket.

⚫ The external image file is either unencrypted or encrypted using SSE-KMS.

⚫ The storage type of the OBS bucket must be Standard.

Page 24 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Registering an Image File as a Private Image
⚫ Register an uninitialized image file as an uninitialized private image.

⚫ Register an initialized image file as a normal private image.

Page 25 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Creating a Linux System Disk Image from an
External Image File
⚫ If the image file has been initialized:

Register the
Upload the file to
uploaded file as an
an OBS bucket.
image.

⚫ If the image file has not been initialized:

Register the Create an ECS

Upload the file. uploaded file as an using the image.
image.

Create a system
disk image using Configure the ECS.
the ECS.

Page 26 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Creating a Data Disk Image from a Data Disk
⚫ Before creating a data disk image from a data disk, ensure that the ECS
has a system disk and the data disk is not empty.

⚫ A data disk image can be used by only one data disk.

Page 27 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Creating a Data Disk Image from an External
Image File
⚫ The image file OS type must be
Windows or Linux.

⚫ The disk capacity ranges from 40

GB to 2048 GB.

⚫ The image file must be uploaded

to an OBS bucket, and the
storage class of the OBS bucket
must be Standard.

⚫ A data disk image can be used

by only one data disk.

Page 28 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Creating a Full-ECS Image from an ECS
⚫ You can use an ECS with data disks to create a full-ECS image containing
both an OS and your service data, and this image can be used to quickly
create ECSs with service data.

Page 29 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Creating a Full-ECS Image from a CSBS Backup
⚫ If you have backed up an ECS, you can use the backup to create a full-ECS
image and use the image to create identical ECSs.

Page 30 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents

1. Introduction

2. Image Creation

3. Image Management

4. FAQs

5. Related Services

Page 31 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Modifying Images
⚫ Only private images in Normal state can be modified. You can modify the
image name, description, minimum memory, maximum memory, and NIC
multi-queue.

Page 32 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Creating ECSs from an Image
⚫ You can use a public or private image to create an ECS.

⚫ The only difference is that an ECS created from a public image contains an
OS and pre-installed applications, and you need to install personal
applications as needed. An ECS created from a private image contains an
OS, pre-installed applications, and some personal applications.

Page 33 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Creating ECSs from an Image
⚫ You can delete unneeded images.

Page 34 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Creating ECSs from an Image
⚫ IMS allows you to share your private images.

Page 35 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Exporting Images
⚫ IMS allows you to export your private images to a specified storage device
or other cloud platform.

⚫ Currently, you can export only private images that are in Normal state and
download them from the OBS bucket. When exporting an image, you can
specify its format.

⚫ The size of exported images varies by format, and you will be charged for
image storage space used.

Page 36 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Encrypting Images
⚫ You can create an encrypted private image to ensure image data security.

Page 37 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Replicating Images Within a Region
⚫ This function helps convert an encrypted image to an unencrypted image,
or the reverse.

Page 38 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Replicating Images Across Regions
⚫ If you have created a private image in a region, you can replicate it to other
regions. This enables you to duplicate ECSs and migrate services across
regions.

Page 39 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Tagging Images
⚫ You can assign tags to private images to simplify management.

Page 40 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Exporting Image Information
⚫ Information about all public and private images, such as image name, type,
OS, creation time, and disk capacity, can be exported as a CSV file.

Page 41 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Introduction

2. Image Creation

3. Image Management

4. FAQs

5. Related Services

Page 42 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 FAQs
⚫ How many private images can be created under an account?

⚫ Currently, you can create up to 50 private images under an account within a region.
If you require more, submit a service ticket to request a quota increase.

⚫ How can I change an unencrypted image to an encrypted one?

⚫ You can replicate the unencrypted image and specify a key for encrypting the
replicated image.

⚫ Must ECSs be stopped before using them to create a private image?

⚫ Not necessarily. IMS now allows you to create private images from running ECSs.

Page 43 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Introduction

2. Image Creation

3. Image Management

4. FAQs

5. Related Services

Page 44 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Related Services
⚫ Elastic Cloud Server (ECS): An ECS can be made into an image or created from an image.

⚫ Bare Metal Server (BMS): A BMS can be made into an image or created from an image.

⚫ Object Storage Service (OBS): Images are stored in OBS buckets.

⚫ Data Encryption Workshop (DEW): provides keys for encrypting private images.

⚫ Elastic Volume Service (EVS): Data disks created from data disk images can be attached to
ECSs.

⚫ Cloud Server Backup Service (CSBS): A CSBS backup can be used to create full-ECS images,
which can be used to create ECSs.

⚫ Cloud Trace Service (CTS): records IMS operations for query, auditing, and backtracking.

Page 45 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
1. What image types does IMS support?
A. Public image

B. Private image

C. Encrypted image

D. Shared image

Page 46 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
1. What image types does IMS support?
A. Public image

B. Private image

C. Encrypted image

D. Shared image

Page 47 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Summary
⚫ This course:

⚫ Described what IMS is.

⚫ Introduced basic concepts and functions of IMS.

⚫ Discussed image creation and management.

Page 48 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Recommendations
⚫ Huawei Learning
 http://support.huawei.com/learning/Index!toTrainIndex

⚫ HUAWEI CLOUD Help Center

 https://support-intl.huaweicloud.com/ims/index.html

Page 49 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
Thank You
www.huawei.com
Storage Services - Elastic Volume Service
Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Foreword
⚫ This course introduces HUAWEI CLOUD Elastic Volume Service (EVS).

Page 2 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Objectives
⚫ Upon completion of this course, you will be able to:
 Describes HUAWEI CLOUD EVS.

 Understand the concepts, functions, and application scenarios of EVS.

 Understand how to create and manage EVS disks.

 Understand how to troubleshoot EVS frequently asked questions (FAQs).

Page 3 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Overview

2. Purchasing

3. Usage and Management

4. FAQs

5. Related Services

Page 4 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Concepts
⚫ EVS offers scalable block storage for cloud servers. With high reliability,
high performance, and rich specifications, EVS disks can be used for
distributed file systems, development and test environments, data
warehouse applications, and high-performance computing (HPC) scenarios
to meet diverse service requirements.

⚫ You can create EVS disks and attach them to servers. The method for using
EVS disks is the same as that for using traditional disks on physical servers.

Page 5 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Product Advantages

High
reliability

Rich High
specifications performance

EVS

Multi-
Easy to use terabyte
capacity

Page 6 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Product Architecture

Page 7 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Functions
EVS provides storage resources for servers.
⚫ Create disks.

⚫ Attach disks to servers.

⚫ Detach disks.

⚫ Expand disk capacities.

⚫ Create backups for disks.

⚫ Create snapshots.

⚫ Delete disks.

⚫ Query disks.

Page 8 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Application Scenarios
IOPS per Max. IOPS/EVS
Disk Type Typical Application Scenario
GB/EVS disk disk
Common I/O 2 2,200 Suitable for scenarios that feature few transactions and
require large capacity and normal read/write speed.
For example, office applications or small-scale test
environments.
High I/O 6 5,000 Suitable for mainstream scenarios that require high
performance and high reliability.
For example, large-scale development and test
environments, web server logs, and enterprise
applications. Typical enterprise applications include SAP,
Microsoft Exchange, and Microsoft SharePoint.
Ultra-high I/O 20 33,000 Suitable for read/write-intensive applications that
require ultra-high I/O and throughput, such as
distributed file systems used in the HPC scenarios or
NoSQL and relational databases used in I/O-intensive
scenarios.
Typical databases include MongoDB, Oracle, SQL Server,
MySQL, and PostgreSQL.

Page 9 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Billing
⚫ EVS disks are billed based on factors, including capacity, type, and usage
duration. You can pay for EVS disks in yearly/monthly or pay-per-use
billing mode.

⚫ EVS disk types are classified as common I/O, high I/O, and ultra-high I/O
based on I/O performance and differ in performance and price.

Page 10 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Overview

2. Purchasing

3. Usage and Management

4. FAQs

5. Related Services

Page 11 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Operation Procedure

Page 12 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Key Purchasing Parameters
Parameter Mandatory Description
Billing Mode Mandatory Pay-per-use or yearly/monthly
AZ Mandatory Availability zone (AZ) where the disk belongs
Disk types are classified as common I/O, high I/O, and ultra-high I/O
Disk Type Mandatory
by I/O performance.
Capacity (GB) Mandatory Data disk: 10 GB to 32768 GB
Create from backup Optional The disk will be created from a backup.
Create from snapshot Optional The disk will be created from a snapshot.

Share Optional A shared disk can be attached to multiple servers for use.
SCSI EVS disks allow the server OS to directly access the underlying
SCSI Optional
storage media and send SCSI commands to the disks.
Encryption Optional Disk encryption is used for data disk encryption only.
Auto Backup Optional Data on the disks can be backed up according to the backup policy.
Tags can be created during disk creation to identify cloud resources
Tag Optional for purposes of easy categorization and quick search.

Disk Name Optional volume-0001

Quantity Mandatory -

Page 13 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Disk Type

IOPS per GB/EVS

Disk Type Max. IOPS/EVS disk Max. Throughput
disk

Common I/O 2 2,200 90 MB/s

High I/O 6 5,000 150 MB/s

Ultra-high I/O 50 33,000 350 MB/s

Page 14 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Device Type
⚫ VBD is the default disk device type. VBD EVS disks support only basic SCSI
read/write commands.

⚫ SCSI EVS disks support transparent SCSI command transmission and allow the
server OS to directly access the underlying storage media. Besides basic read/write
SCSI commands, SCSI EVS disks also support advanced SCSI commands.
 SCSI EVS disks: BMSs support only SCSI EVS disks, which can be used as either system
disks or data disks.

 Shared SCSI EVS disks: Shared SCSI EVS disks must be used together with a distributed
file system or cluster software. Because most cluster applications, such as Windows
MSCS, Veritas VCS, and Veritas CFS, require the usage of SCSI reservations, you are
advised to use shared EVS disks with SCSI.

Page 15 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Disk Status
Status Description Status Description
Data is being downloaded from an
The EVS disk is attached to a server and
In-use Downloading image to the EVS disk. This status
is in use.
occurs when you create a server.
The EVS disk is successfully created and An error occurs when you try to create
Available Error
has not been attached to any server. an EVS disk.
An error occurs when you try to delete
Creating The EVS disk is being created. Deletion Failed
an EVS disk.
An error occurs when you try to expand
Attaching The EVS disk is being attached. Expansion failed
the capacity of an EVS disk.
An error occurs when you try to restore
Detaching The EVS disk is being detached. Restoration failed
an EVS disk from a backup.
Data on the EVS disk is being restored
Deleting The EVS disk is being deleted. Rolling back
from a snapshot.
A VBS backup is being used to restore An error occurs when an EVS disk is
Restoring Rollback failed
the EVS disk. being rolled back from a snapshot.
The capacity of the EVS disk is being
Expanding Awaiting transfer An EVS disk is awaiting for a transfer.
expanded.
Data on the EVS disk is being uploaded
Uploading to an image. This status occurs when - -
you create an image from a server.

Page 16 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Disk Status Changes
⚫ Create a disk: Creating → Available (if the creation succeeded) or Error (if the creation failed)
⚫ Attach a disk: Available → Attaching → In-use (if the attachment succeeded)
⚫ Detach a disk: In-use → Detaching → Available (if the detachment succeeded)
⚫ Expand the capacity of an Available disk: Available → Expanding → Available (if the expansion
succeeded) or Expansion failed (if the expansion failed)
⚫ Expand the capacity of an In-use disk: In-use → Expanding → In-use (if the expansion succeeded) or
Expansion failed (if the expansion failed)
⚫ Delete a disk: Available, Expansion failed, Error, Restoration failed, or Rollback failed → Deleting → No
longer displayed (if the deletion succeeded) or Deletion failed (if the deletion failed)
⚫ Restore data from a backup: Available → Restoring → Available (if the restoration succeeded) or
Restoration failed (if the restoration failed)
⚫ Roll back data from a snapshot: Available or Rollback failed → Rolling back → Available (if the rollback
succeeded) or Rollback failed (if the rollback failed)
⚫ Transfer a disk: Available → Awaiting transfer → Available (if the transfer succeeded)

Page 17 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Overview

2. Purchasing

3. Usage and Management

4. FAQs

5. Related Services

Page 18 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Common Functions
⚫ Attachment

⚫ Detachment

⚫ Deletion

⚫ Capacity Expansion

⚫ Backup

⚫ Snapshot

Page 19 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Attachment
⚫ EVS disks cannot be used independently. You must attach EVS disks to servers,
and the disks can be used as data disks.
 A system disk is automatically added during server creation, and you do not need to
manually attach the system disk.
 Data disks can be created during or after server creation. If you create data disks during
server creation, the disks will be automatically attached to the server. If you create data
disks after server creation, you need to manually attach the disks to the server.
⚫ Number of servers that a data disk can be attached to:
 A non-shared data disk: 1
 A shared data disk: 16
⚫ Disk attachment process:
Available → Attaching → In-use (if the attachment succeeded)

Page 20 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Detachment
⚫ If an EVS disk is attached to a server, the disk status is In-use. In this case, if
the operations you need to perform require the disk to be in the Available
state, detach the disk from the server. Such operations include data rollback
from a snapshot.
 Before detaching a system disk, ensure that the server using this system disk is in the
Stopped state. That said, the server must be stopped when detaching its system disk.

 A data disk can be detached when the server is in either Stopped or Running state.

⚫ Disk detachment process:

 In-use → Detaching → Available (if the detachment succeeded)

Page 21 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Deletion
⚫ If an EVS disk is no longer used, you can delete it to release virtual resources. After
a disk was deleted, it will no longer be charged.
 Before deleting an EVS disk, ensure that the disk status is Available, Error, Expansion
failed, Restoration failed, or Rollback failed.

 Before you delete a shared disk, ensure that the disk has been detached from all its
servers.

 When you delete an EVS disk, all the disk data including the snapshots created for this
disk will be deleted. Exercise caution when performing this operation.

⚫ Disk detachment process:

Available, Expansion failed, Error, Restoration failed, or Rollback failed → Deleting → No
longer displayed (if the deletion succeeded) or Deletion failed (if the deletion failed)

Page 22 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Capacity Expansion
⚫ When the storage space of an EVS disk is insufficient, you can handle the insufficiency in
either of the following ways:
 Create a new disk and attach it to a server.
 Expand the capacity of an existing disk. The capacities of both system disks and data disks can be
expanded.
⚫ You can expand the disk capacities when the disks are in the In-use or Available state.
 Expanding an In-use disk means that the to-be-expanded disk has been attached to a server.
 Expanding an Available disk means that the to-be-expanded disk has not been attached to any
server.
⚫ Capacity expansion process (Available disks):
Available → Expanding → Available (if the expansion succeeded) or Expansion failed (if the expansion
failed)
⚫ Capacity expansion process (In-use disks):
In-use→ Expanding → In-use (if the expansion succeeded) or Expansion failed (if the expansion failed)

Page 23 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Backup
⚫ EVS disk backups are created using the Volume Back Service (VBS) service.
 Backups can be created for EVS disks only when the disks are in the Available
or In-use state.

 With backup policies configured, data on EVS disks can be periodically backed
up to improve data security.

 When data on an EVS disk is lost, you can restore the disk data from the
backup.

⚫ Process of data restoration from a backup:

Available → Restoring → Available (if the restoration succeeded) or Restoration
failed (if the restoration failed)

Page 24 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Snapshot
⚫ You can create EVS snapshots to save the disk data at specific time points.
⚫ If a snapshot is no longer used, you can delete it to release virtual resources.
⚫ You can create EVS disks from snapshots.
⚫ If the data on an EVS disk is incorrect or damaged, you can roll back the data from
a snapshot to the source disk to restore data.
 You can only roll back the snapshot to its source EVS disk. A rollback to another EVS disk
is not possible.
 A snapshot can be rolled back only when the snapshot status is Available and the sourc
e EVS disk status is Available (not attached to any server) or Rollback failed.
⚫ Process of data rollback from a snapshot:
Available or Rollback failed → Rolling back → Available (if the rollback succeeded) or Rollb
ack failed (if the rollback failed)

Page 25 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Overview

2. Purchasing

3. Usage and Management

4. FAQs

5. Related Services

Page 26 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 FAQs
⚫ Can I attach an EVS disk to multiple servers?
 No. An EVS disk can be attached to only one server.

 A shared EVS disk can be attached to a maximum of 16 servers.

⚫ Will data in the EVS disk be lost after the disk is detached?
If the CMK used to encrypt the disk is available, you can detach the encrypted
disk, and data will not be lost.

⚫ Why I cannot view the attached EVS disk on the server?

After attaching the disk to the server on the management console, the disk
cannot be used. You need to initialize the disk first and then view and use the disk
on the server.

Page 27 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Overview

2. Purchasing

3. Usage and Management

4. FAQs

5. Related Services

Page 28 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Related Services
⚫ Elastic Cloud Server (ECS)

⚫ Bare Metal Server (BMS)

⚫ Volume Backup Service (VBS)

⚫ Data Encryption Workshop (DEW)

⚫ Cloud Eye

⚫ Cloud Trace Service (CTS)

⚫ Tag Management Service (TMS)

Page 29 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Related Services (Diagram)

Page 30 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
1. Which of the followings are EVS disk types? (multiple-answer question)
A. Ultra-high I/O
B. High I/O
C. Common I/O
D. Optimized I/O

2. How many servers can a shared EVS disk be attached to at most? (single-choice
questions)
A. 5
B. 7
C. 8
D. 16

Page 31 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
1. Which of the followings are EVS disk types? (multiple-answer question)
A. Ultra-high I/O
B. High I/O
C. Common I/O
D. Optimized I/O

2. How many servers can a shared EVS disk be attached to at most? (single-choice
questions)
A. 5
B. 7
C. 8
D. 16

Page 32 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
1. Briefly describes the methods that can be used to restore data on EVS disks.

⚫ Restore disk data from backups.

⚫ Restore disk data from snapshots.

Page 33 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Summary
⚫ Describes HUAWEI CLOUD EVS.

⚫ Introduces the concepts, functions, and application scenarios of EVS.

⚫ Introduces how to create and manage EVS disks.

Page 34 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 More Information
⚫ For more information, visit at:

⚫ https://support-intl.huaweicloud.com/evs/index.html

Page 35 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Recommendations
⚫ Huawei learning website
 http://support.huawei.com/learning/en/newindex.html

⚫ Huawei support cases

 http://support.huawei.com/enterprise/servicecenter?lang=en

Page 36 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Acronyms

Acronym Full Name Description

Number of operations performed
IOPS Input/Output Operations Per Second
per second
VBD Virtual Block Device Virtual block storage device
SCSI Small Computer System Interface Small computer system interface

Page 37 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
Thank You
www.huawei.com
Cloud Storage Services - Volume Backup
Service
Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Foreword
⚫ This chapter describes Volume Backup Service (VBS) on HUAWEI CLOUD.

Page 2 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Objectives
⚫ On completion of this course, you will be able to:
 Describe VBS.

 Know the concepts, functions, application scenarios, and common operations of

VBS.

 Know the VBS advantages and the charging standards.

 Know the frequently asked questions (FAQs) and some troubleshooting cases of
VBS.

Page 3 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Service Overview

2. Key Features

3. Common Operations

4. Limitations and Restrictions

5. FAQs and Troubleshooting Cases

6. Related Services

Page 4 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Introduction to VBS
⚫ HUAWEI CLOUD provides Cloud Server Backup Service (CSBS) and Volume
Backup Service (VBS) to protect your data against viruses, unintentional
deletions, and software and hardware faults. This course introduces VBS.

⚫ VBS secures your data. If an Elastic Volume Service (EVS) disk is faulty or
encounters a logical error (for example, mis-deletion, hacker attack, and
virus infection), you can use data backups to restore data quickly.

Page 5 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Product Architecture
Region A

1. Back up EVS disks to OBS.

EVS disk
ECS

2. Restore EVS disks from backups.

OBS

3. Create EVS disks from backups.

EVS disk
ECS

Page 6 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Comparison with CSBS

Aspect CSBS VBS

Backup and All or part of EVS disks (including
One or more specified EVS disks
restoration system and data disks) on a single
(system or data disks)
objects Elastic Cloud Server (ECS)

Only data disks need to be backed

Recommended An entire ECS needs to be
up, because the system disk does
scenarios protected.
not contain personal data.

All EVS disks on an ECS have

consistent data. They are backed up
at the same time, eliminating the Backup cost is reduced while
Advantages
problem of data inconsistency maintaining data security.
caused by backups generated at
different points in time.

Page 7 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Main Functions
⚫ EVS disk backup

⚫ Policy-driven data backup

⚫ Data backup management

⚫ Restoration of EVS disk data from backups

⚫ EVS disk creation from backups

Page 8 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Application Scenarios
Hacker Attack or Virus Infection
VBS immediately restores data to the latest snapshot point in time.

Data Mis-deletion
VBS immediately restores data to the latest snapshot point in time.

Application Update Error

VBS immediately restores data to the latest snapshot point in time.

ECS Breakdown
VBS immediately restores data to the latest snapshot point in time to
ensure normal ECS running.

Page 9 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Advantages

Traditional disk backup VBS

⚫
⚫
Stores data to backup Provides 99.999999999% durability for
storage media, with low OBS data, ensuring your backup data
reliability. Secure security.
⚫
⚫
Uses dedicated backup Provides a simple GUI for you to
software, needing extra back up or restore your data with a
expertise. Easy to use few clicks.
⚫
⚫ Performs incremental backups after
Requires dedicated backup
the initial full backup to reduce
storage devices, with high
Cost-effective storage space occupied.
cost on procurement and ⚫
Pays for backup storage space on a
configuration.
per-use basis, reducing costs.

Page 10 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Charging Standards
⚫ VBS itself is currently free of charge.

⚫ Because VBS backups are stored on Object Storage Service (OBS), you
are charged for the OBS service you use by storage capacity and
storage duration.

Page 11 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Service Overview

2. Key Features

3. Common Operations

4. Limitations and Restrictions

5. FAQs and Troubleshooting Cases

6. Related Services

Page 12 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Key Features
⚫ Online backup

⚫ Permanent incremental backup

⚫ OBS for backup storage

⚫ Policy-driven automatic backup

Page 13 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Online Backup
⚫ Backs up EVS disks based on snapshots.

⚫ Supports on-demand online backup at any time.

⚫ Does not interrupt services.

⚫ Does not require uninstallation of EVS disks.

⚫ Requires no agents to be deployed in the service system.

⚫ Minimizes impacts on customers' service systems.

⚫ Requires no agents to be deployed on VMs.

Page 14 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Permanent Incremental Backup
⚫ Offers permanent incremental backup.

⚫ Improves backup efficiency.

⚫ Cuts down the backup window by 95%.

⚫ Reduces backup data storage space.

⚫ Performs full backup upon the initial backup operation.

⚫ Performs incremental backup for subsequent backup operations.

⚫ Restores data to any backup point in time, independent from single

backups.

Page 15 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 OBS for Backup Storage
⚫ VBS stores backup data on OBS, improving data availability.

⚫ Backup data can be remotely replicated to other storage devices,

improving reliability.

⚫ OBS is inexpensive, reducing customers' costs.

⚫ An EVS disk only occupies one snapshot no matter how many times it is
backed up, relieving the burden on local storage performance and
reducing local storage space.

Page 16 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Policy-Driven Automatic Backup
⚫ A backup policy can be associated with multiple EVS disks to implement
automatic backup for them, greatly reducing manual works.

⚫ You can set execution times for periodic backup to ensure data is backed
up in every critical point in time.

⚫ You can also set the number of backups, so that expired backups are
deleted automatically, avoiding unnecessary backups being retained.

Page 17 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Service Overview

2. Key Features

3. Common Operations

4. Limitations and Restrictions

5. FAQs and Troubleshooting Cases

6. Related Services

Page 18 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Common Operations (1)
⚫ Creating backups
1. On the VBS page, click Create VBS
Backup.

2. Select EVS disks you want to back up. 3. Set the backup name and select the backup methods.

Page 19 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Common Operations (2)
⚫ Creating EVS disks from backups
1. Click Create Disk.

2. Configure the disk specifications. 3. Confirm the disk information and click Submit.

Page 20 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Common Operations (3)
⚫ Deleting a single backup
2. Confirm the deletion information and click OK.
1. In the row of the disk, choose More > Delete.

⚫ Deleting backups in a batch

1. Select the backups you want to delete and 2. Confirm the deletion information and click OK.
click Delete in the upper left corner.

Page 21 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Common Operations (4)
⚫ Viewing backup details
1. Click the expansion arrow at the left of the backup name.

2. View the backup details.

⚫ Searching for backups

Specify the filter criteria to search for backups.

Page 22 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Common Operations (5)
⚫ Sharing backups with other projects
1. Click the expansion arrow at the left of the name of the backup. 2. On the Shares panel, click Share Backup.

3. Enter the project ID which can be obtained from the

My Credential page.

4. Specify the search criteria to Backups shared with me,

and you can view the backup.

Page 23 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Common Operations (6)
2. Configure the backup policy.
⚫ Creating a backup policy
1. On the Policies tab page, click Create Policy.

⚫ Editing backup policies

1. In the row of the policy, click Edit.

2. Modify the configuration

parameters of the backup
policy.
Page 24 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Common Operations (7)
⚫ Executing a backup policy 2. Confirm the policy information and click OK.

1. In the row of the policy, click Execute.

⚫ Deleting a backup policy

1. In the row of the policy, choose More > Delete. 2. Confirm the deletion information and click OK.

Page 25 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Common Operations (8)
⚫ Associating EVS disks

1. In the row of the policy, click Associate Disk.

2. Select the disks you want to associate with the policy and click OK.

Page 26 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Common Operations (9)
⚫ Disassociating EVS disks
1. Expand the list of associated disks.

2. Confirm the disk information and click OK.

Page 27 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Service Overview

2. Key Features

3. Common Operations

4. Limitations and Restrictions

5. FAQs and Troubleshooting Cases

6. Related Services

Page 28 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Limitations and Restrictions
⚫ VBS does not support concurrent multiple backups for one EVS disk,
because backup creation in such scenarios may fail and the time sequence
of backups may be incorrect.

⚫ Multiple EVS disks cannot be restored using one backup at the same time.

⚫ EVS disks created from backups cannot be used as system disks.

⚫ The default backup policy cannot be deleted.

Page 29 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Service Overview

2. Key Features

3. Common Operations

4. Limitations and Restrictions

5. FAQs and Troubleshooting Cases

6. Related Services

Page 30 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 FAQs (1)
⚫ Does VBS Support Cross-Region Backup and Restoration?
 No. Currently VBS supports only backup and restoration within a region but not across
regions.

⚫ Does VBS Support Simultaneous Backup of All EVS Disks on an ECS?

 Yes. You can create a backup policy and associate the backup policy with multiple EVS
disks. Then the backup policy can be executed to back up the multiple EVS disks at the
same time.

⚫ Can a Disk Only Be Associated With One Policy?

 Yes. If an EVS disk you select to be associated with the target policy has been associated
with another one, the system will disassociate it from the original policy and then
associate it with the target one.

Page 31 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 FAQs (2)
⚫ Do I Need to Stop the ECS Before Backing Up EVS Disks on an ECS Using VBS?
 VBS can back up EVS disks that are being used. When an ECS is running, data is written onto EVS
disks on the ECS, and some newly generated data is stored in the ECS memory as cached data.
During EVS disk backup, the data in the memory will not be automatically written onto EVS disks,
resulting in data inconsistency between EVS disks and their backups.

 To ensure data consistency and integrity, back up EVS disks during off-peak hours without data
writing to the EVS disks, or stop writing data to the EVS disks before backup. For a strict
requirement for data integrity, stop the server (cached data is written to EVS disks) and start an
offline backup job.

⚫ Do I Need to Stop the ECS Before Restoring EVS Disk Data with a VBS Backup?
 Yes. Before restoring the EVS disk data using a VBS backup, you must stop the ECS to which the EVS
disk is attached, and detach the EVS disk from the ECS. After the EVS disk data is restored, attach
the EVS disk to the ECS and start the ECS.

Page 32 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 FAQs (3)
⚫ Can a VBS Backup of a System Disk Be Used to Restore an ECS?
 Yes. You can restore the system disk using a VBS backup. Before restoring the system disk, you
must detach it from the ECS.

 You can also use the system disk to create new EVS disks. However, newly created EVS disks cannot
be used as system disks.

⚫ Is There a Quota Limit on the Number of Backups?

 Yes. A quota is used to prevent resource abuse. You can submit an application to increase your
quota if necessary.

⚫ Are My VBS Backups Retained After ECS Subscription Expires or EVS Disks Are Deleted?
 Yes, VBS backups created for EVS disks are retained when your ECS subscription expires or is
canceled. VBS backups are also retained when you delete EVS disks. You can continue to use these
VBS backups to create EVS disks.

Page 33 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 FAQs (4)
⚫ Does Backup Can Be Performed Several Times a Day?
 Yes. Up to 24 automatic backup jobs can be executed per day. Manual backup jobs have
no such restriction. The minimum frequency for policy-driven backup is once per
integral hour. Manual backup can be performed at any frequency.

⚫ Why Are CSBS Backups Displayed on the VBS Backup Page?

 CSBS backups of ECSs are also displayed on the VBS Backups tab page and can be
distinguished from VBS backups by Source in the backup details. To use CSBS to back
up a server is to back up every disk of the server. These disk backups are displayed on
the VBS backup list and can be directly used to restore disks. Backups whose Source is
CSBS can be deleted only on the CSBS page.

Page 34 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Troubleshooting Cases
⚫ When a backup is being created, its status changes to Error.
 Delete the VBS backups in the Error state and re-create them.

⚫ When an EVS disk is being restored, the status of the EVS changed to
Failed.
 Delete the failed EVS disk and create a new EVS disk using the backup.

⚫ VBS backups cannot be deleted, and the status of the backups is Deletion
failed.
 Contact technical support.

Page 35 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Service Overview

2. Key Features

3. Common Operations

4. Limitations and Restrictions

5. FAQs and Troubleshooting Cases

6. Related Services

Page 36 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Related Services
⚫ EVS
 VBS provides the data backup function for EVS disks. The created data backups
can be used to create EVS disks.

⚫ CSBS
 CSBS and VBS both provide data backup protection.

⚫ Simple Message Notification (SMN)

 VBS adopts SMN to notify users of VBS backup information.

⚫ Tag Management Service (TMS)

 Working with TMS, VBS supports tag presetting and backup filtering and
management.
Page 37 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Summary
⚫ Describes VBS provided on HUAWEI CLOUD.

⚫ Introduces the concepts, functions, application scenarios, common

operations, and restrictions and limitations of VBS.

⚫ Introduces the advantages and the charging standards of VBS.

⚫ Introduces FAQs, troubleshooting cases, and related services of VBS.

Page 38 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 More Information
⚫ Huawei E-Learning website:
 http://support.huawei.com/learning/Index!toTrainIndex

⚫ Huawei support case library:

 http://support.huawei.com/enterprise/servicecenter?lang=en

Page 39 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
Thank You
www.huawei.com
Cloud Storage Service – Object Storage
Service
Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Foreword
⚫ This course provides an overview about Object Storage Service (OBS) in
HUAWEI CLOUD.

Page 2 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Objectives
⚫ Upon completion of this course, you will:

 Know what OBS is.

 Understand basic concepts, functions, and application scenarios of

OBS.

 Know advantages and the charging standards of OBS.

 Know how to use the basic functions.

Page 3 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Introduction

2. Basics

3. Functions and Features

4. Using and Managing

5. FAQs and Troubleshooting

6. Reference Documents and Websites

Page 4 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Introduction to OBS
⚫ What is OBS?
Object Storage Service (OBS) is a stable, secure, efficient, and easy-to-use cloud
storage service. It provides highly reliable storage capabilities at relatively low
costs.

Page 5 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Product Advantages
⚫ Stable
With reliability built into multiple levels of the
architecture (such as equipment and data
redundancy within an AZ, as well as cross-AZ data
DR), OBS achieves up to 99.999999999% (11 nines)
in data durability, and maintains an impressive
99.99% service continuity rate.
Object storage service
⚫ Secure
OBS has passed the Trusted Cloud Service (TRUCS)
certification. It secures your data with multiple
protection mechanisms, including server-side
encryption, URL validation, VPC-based network
isolation, log auditing, and fine-grained permission
control.
Page 6 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
⚫ Efficient
OBS schedules data in the most optimal way, and
leverages transfer acceleration and big data
optimization to deliver the best possible data
access experience.
⚫ Easy to use
OBS supports REST APIs, provides multi-language
software development kits (SDKs), and is
compatible with all mainstream client tools.
Furthermore, OBS gives you the freedom to upload,
download, and manage your data anytime,
anywhere.
 OBS Charging Standards (1/2)
⚫ OBS provides two billing modes. You can prepay for yearly/monthly packages or pay per use. You are
charged per use by default.

Billing Mode Billing Item Details

Storage capacity per hour (GB) x hourly price of

Storage capacity
the corresponding storage class

Price per 10-thousand requests x Actual requests

Request
per hour/10,000 (rounded down)
• Inbound traffic over the Internet and intranet.
Pay per use Free of charge
• Outbound traffic over the intranet. Free of
Traffic fee
charge
• Outbound traffic over the Internet. Hourly
traffic (GB) x Unit price per GB

Data Restoration Restored data volume (GB) x Unit Price per GB

Page 7 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 OBS Charging Standards (2/2)
⚫ OBS provides two billing modes. You can prepay for yearly/monthly packages or pay per use. You are
charged per use by default.

Billing Mode Billing Item Details

• One-off payment and effective upon

payment
• Clear-up monthly
Resource package • Renewal and unsubscription not
supported
Yearly/Monthly OBS offers packages for multi-AZ • Multiple packages supported for one
prepayment storage, common storage, account
downstream traffic, and pull • Within the validity period of a package,
traffic. used resources are deducted from the
package quota first. If the used resources
exceed the package quota, the excessive
part is charged at the pay-per-use rates.

Page 8 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 OBS Application Scenario - Video Surveillance
• A single bucket can support a maximum of 1 billion
cameras.

Video Surveillance Cloud Services • A single bucket can store 100 billion objects, with the
capacity amounting to EB-level.
Campuses, buildings,
residences, stores 1 • One-channel video analysis can be done in 10
Video billion+ seconds; single-stream reaches the bandwidth
surveillance Camera performance of 300 MB/s; GPU computing efficiency
platform
links
Public increased by 50%.
network/ VMS • Fillp patent transmission acceleration is available.
Dedicated
Private connection • Storage price starts from ¥0.08/month per GB.
network
Object Storage
Service (OBS) You can pay as you go, without worries about
NVR Infrequent depreciation and O&M, greatly reducing the
Access
50% costs.
Costs • Multiple agencies can share their video
Archive
networking resources, video storage resources,
Screen Screen
and video analysis application resources.
• Resources can be provisioned in minutes, and
services can be flexibly deployed.

Page 9 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 OBS Application Scenario - Video on Demand

Cloud Services CDN Terminals

Latency as low as 10 ms
• QAT acceleration (HTTPS); delay
WAV
less than 10 ms; fluent online

Media transcoding video playing

Video on Demand
300 MB/s single-stream bandwidth
• Single-stream bandwidth reaches
300 MB/s.
High concurrency TPS
HD Upload videos • 10-million TPS concurrency and 100-billion
object storage per bucket (meeting the
OBS
requirements of processing 3 million
concurrent access requests out from 250
million mobile users)

Page 10 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 OBS Application Scenario - Backup and Archiving

Secure and reliable

Enterprise Cloud Services
Transmission • Widely compatible, supporting backup of all
Data Centers
channel
DR hosts/Test hosts mainstream OSs, applications, and databases;
Direct Connect/
Internet encrypted data transmission and storage
Enterprise Backup
applications Elastic Cloud Server
software
(ECS) Economic and efficient
Direct Connect/
Internet • Cloud resources are provisioned and charged
Restoration in cloud
Storage on demand. The initial investment is reduced
Databases gateway
Lifecycle OBS by 60%, and the construction period is
Direct Connect/
Internet shortened from months to days.
Standard
Unstructured
Data express Easy to manage
service (DES)
data • Public cloud computing, storage, and
Offline delivery Infrequent Access Archive
network services are at your request. No
dedicated O&M is required.

Page 11 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 OBS Application Scenario - High Performance
Computing
Fast upload and download
• Up to 300 MB/s single-stream

Public cloud
bandwidth, implementing quick
online import of data
VPC
• Temporary authorization: Secure and
Head convenient secondary distribution of
Jobs nodes Auto-Scaling Image
(ECS) Service (AS) Manageme data
nt Service
EVS (IMS)
Enterprise Large volume data import
Data Common
users
upload I/O • 120 TB data can be migrated to the
and Worker Scalable
Cloud Eye
download Computing nodes File Service cloud with the Teleport offline data
results HPC flavors (SFS)
transfer capabilities.
DES
Teleport OBS Archive storage price starts from
Identity and
Access ¥0.033/GB per month
Management
• Source data and calculation results can
(IAM)
be stored in the Archive storage,
costing as low as ¥0.033/GB per month.

Page 12 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 OBS Application Scenario - Mobile Internet
Scalable as needed
• Elastic resource scalability and flexible
End Users (Browsers, Apps) resource allocation
• Unlimited space for object storage

Static data
Static data responses Highly secure
Dynamic Dynamic requests • End to end (E2E) security service
data data
• 100 Gbit/s Anti-DDoS traffic cleaning
requests responses
CNAME • Web Application Firewall (WAF)
• Multi-level security protection for object
CDN
storage, ensuring data security

Retrieve
contents
10-million TPS concurrency
Dynamic website contents • 10-million TPS concurrency and 100-billion
Original site (Static script, object storage per bucket (meeting the
Intranet update attachments, images,
videos, and audio files)
requirements of processing 3 million
concurrent access requests out from 250
OBS million mobile users)
ELB ECS RDS

Page 13 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 OBS Application Scenario - Enterprise Cloud Box
100 km disaster recovery
Email • 99.999999999% (11 nines) data
system
durability
• 99.99% (4 nines) service availability
Mobile Online
PCs PAD Virtual
phones play
desktops Archive storage price starts from ¥0.033/GB
Dynamic Dynamic VPN dedicated network per month
data data
requests responses Static • Lower cost of storage for data archiving

Enterprise cloud box (service system): authentication, data • Replacement of tape library for long-term
management, and search archiving

Dual encryption
ELB ECS RDS VBS
• Encrypted transmission
Intranet
• Encrypted storage
update
Enterprise cloud box (data storage): files, video storage,
emails Full compatibility
• Partners and open source cloud disks provide
Lifecycle full compatibility with applications (Windows
OBS OBS
Standard Infrequent Access and macOS).
storage storage

Page 14 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Introduction

2. Basics

3. Functions and Features

4. Using and Managing

5. FAQs and Troubleshooting

6. Reference Documents and Websites

Page 15 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Basic OBS Concepts
⚫ Object
Internet
⚫ Bucket

⚫ AK and SK

⚫ Region OBS

Object Object
Object Object

Object Object
Object Object

Bucket Bucket

Page 16 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Introduction

2. Basics

3. Functions and Features

4. Using and Managing

5. FAQs and Troubleshooting

6. Reference Documents and Websites

Page 17 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Key Functions
⚫ Permission control

⚫ monitoring

⚫ Versioning

⚫ Tags

⚫ Event Notification

⚫ Lifecycle management

⚫ Static website hosting

⚫ Server-side encryption

Page 18 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Permission Control (1/6)

⚫ This section describes how to set the operation permissions to OBS

resources through Identity and Access Management (IAM).

IAM user group Permission Description

IAM user
Tenant Users with this permission can perform any
group Administrator operation on OBS resources.
IAM user
IAM user1 1
Users with this permission can query the usage of
Tenant Guest
OBS resources.
IAM user
IAM user 22

OBS Buckets Users with this permission can obtain the list,
IAM
IAM user
user 33 Viewer metadata, and location information of buckets.

Page 19 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Permission Control (2/6)
⚫ You can configure object and bucket ACLs to control requests for accessing OBS.

⚫ OBS provides account-based access control lists (ACLs).

 By configuring bucket and object ACLs, you can authorize the access permission to specific users,
bucket owners, anonymous users, registered users. In addition, bucket ACLs support the
authorization of access permission to log delivery users.

 Through bucket and object ACLs, you can authorize users the permissions to access buckets/objects
and ACLs.

Page 20 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Permission Control (3/6)
⚫ OBS supports fine-grained permission control for buckets and objects
through bucket policies. If an ACL and a bucket policy conflict with each
other, the bucket policy takes precedence over the ACL.

Page 21 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Permission Control (4/6)
⚫ ACL authorized users
Authorized
Description
User

Object owner is the account that creates the object. The owner of an
Owner
object has the ACL read and write permissions permanently by default.

A user that is not registered with OBS. If the access permission for a
Anonymous
bucket and objects in the bucket is authorized to anonymous users, all
User
users can access the bucket and its objects.

A user that is registered with OBS. For example, a registered user can
Registered User
access OBS Browser using AKs and SKs.

An account that has permission to access a bucket. The bucket owner

Specific User
authorizes this permission by account ID or account name.

Only bucket ACLs support this user group. A log delivery user delivers
Log Delivery
the access logs of buckets and objects to the target bucket.
User

Page 22 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Permission Control (5/6)
⚫ ACL Permission Control

Permission Description

A grantee with this permission for a bucket can obtain the

Read list of objects in the bucket and the metadata of the
Bucket access bucket.
permission
A grantee with this permission for a bucket can upload,
Write
overwrite, and delete any object in the bucket.
Object access
Read Allowed to obtain the object content and metadata.
permission
Allowed to obtain the ACL of the object/bucket.
Read The owner of this object/bucket has this permission
permanently by default.
ACL access
permission
Allowed to update the ACL of the object/bucket.
Write The owner of this object/bucket has this permission
permanently by default.

Page 23 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Permission Control (6/6)
⚫ Bucket policy application scenarios
 Get object contents.
◼ To obtain the content of an object in a bucket, you must configure the bucket policy (set General Settings to
Public Read or configure the Customized mode in the Advanced Settings) to grant such fine-grained permissions
to users.

 Manage OBS access permissions across accounts.

◼ To grant an IAM user in an account with the access permission to resources under another account, you must
configure a bucket policy with advanced settings.

 Manage all OBS operation permissions.

◼ To manage all operation permissions of OBS buckets and objects, you need to configure a bucket policy with
advanced settings.

Page 24 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Monitoring
⚫ OBS Control supports the monitoring of storage space, object counts, traffic, and number of requests.
You can view the bucket monitoring information on the Summary page of a bucket.

⚫ The Cloud Eye management console monitors the following statistics for buckets: upload traffic,
download traffic, GET and PUT requests, average TTFB of GET requests, 4xx and 5xx errors.

Page 25 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Versioning (1/4)
⚫ Enabling Versioning

 Upload objects and check their versions.

Existing objects before versioning is enabled Objects uploaded after versioning is enabled

Object.txt Object.txt
Versioning enabled Version ID=00002
Version ID=00001

Object.txt Object.txt
Versioning disabled
Version ID=null Version ID=00001

Versioning enabled

 The latest objects in a bucket are returned by default after a GET Object request.

 Objects can be downloaded by version IDs. By default, the latest object is downloaded if the version
ID is not specified.

Page 26 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Versioning (2/4)
⚫ Enabling Versioning

 You can select an object and click Delete on the right to delete the object. After the object is
deleted, OBS generates a Delete Marker with a unique version ID for the deleted object, and the
deleted object is displayed in the Deleted Objects list. If you try to access the deleted object, a 404
error will be returned.

Object.txt (delete marker)

Version ID=00003

Object.txt
Version ID=00002

Object.txt
Version ID=00001

 You can recover a deleted object by deleting the object version that has the Delete Marker.

 After an object is deleted, you can specify the version number in Deleted Objects to permanently
delete the object of the specified version.

Page 27 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Versioning (3/4)
⚫ Enabling Versioning

 An object is displayed either in the object list or the list of deleted objects. It will never be displayed
in both the lists at the same time. For example, after object A is uploaded and deleted, it will be
displayed in the Deleted Objects list. If you upload an object named A again, the object A will be
displayed in the Objects list, and the previously deleted object A will no longer be displayed in the
Deleted Objects list.

Object.txt
Version ID=00004

Object.txt (delete marker)

Version ID=00003

Object.txt
Version ID=00002

Object.txt
Version ID=00001

Page 28 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Versioning (4/4)
⚫ Suspending Versioning

 Once the versioning function is enabled, it can be suspended but cannot be disabled. Once versioning is
suspended, version IDs will no longer be allocated to newly uploaded objects. If an object with the same name
already exists and does not have a version ID, the object will be overwritten.

Object.txt Object.txt
Versioning enabled Upload a
Version ID=00002 Version ID=null
namesake object
Versioning enabled Object.txt after versioning Object.txt
Version ID=00001 is suspended Version ID=00002
Object.txt Object.txt
Versioning disabled
Version ID=null Version ID=00001
Versioning suspended
 Historical versions will be retained in OBS. If you do not need these historical versions, manually delete them.

 Objects can be downloaded by version IDs. By default, the latest object is downloaded if the version ID is not
specified.

Page 29 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Tags
⚫ Tags are used to identify and classify OBS buckets.

⚫ A tag is described using a key-value pair. Each tag has only one key and one value.

⚫ The key and value can exist in either sequence in a tag. Each key is unique among
all tags of a bucket, whereas values can be repetitive or blank.

Page 30 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Event Notification (1/2)
⚫ You can use Simple Message Notification (SMN) to send alarms and notifications,
and trigger workflows.

Page 31 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Event Notification (2/2)
⚫ OBS supports event notifications for the following events:

 Upload objects using PUT.

 Upload objects using POST.

 Replicate objects using COPY.

 Upload an object in multiparts.

 Delete objects with a specific object version.

 Delete objects with random object versions.

Page 32 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Lifecycle Management

⚫ You can manage the lifecycle of objects by configuring rules for deletion or
transition.

Page 33 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Static Website Hosting
⚫ OBS allows you to access static websites hosted by OBS.

Register a domain name.

Access Company A's website.

Create a bucket.

Upload static website files.

Users website
Configure static website
hosting.

Convert the domain Configure DNS.

Name to its CNAME.

Verify

Configure static website hosting.

Company A OBS bucket

Page 34 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Server-side encryption
⚫ Server-side encryption enabled:

 When uploading an object, the object data is encrypted on the server and then stored in OBS.

 When downloading the encrypted objects, the encrypted data will be decrypted on the server and displayed in
plaintext to users.

⚫ OBS supports both server-side encryption with KMS-managed keys (DEW-KMS) and server-side encryption with
customer-provided keys (SSE-C) by invoking APIs. In SSE-C mode, OBS uses the keys and MD5 values provided by
customers for server-side encryption.

Page 35 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 URL Validation
⚫ To prevent data in OBS from being stolen by other users, OBS supports URL validation based on the Referer field in
HTTP headers.

⚫ OBS also supports both whitelist and blacklist settings.

 If the Referer field in a request matches the whitelist, the request is allowed.

 If the Referer field in a request matches the blacklist, the request is denied or a specified page is returned.

Page 36 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Fragments Management
⚫ Why are fragments generated:

 The network is in poor conditions, and the connection to the OBS server is interrupted frequently.

 The upload task is manually suspended.

 The device is faulty.

 The device is powered off suddenly.

⚫ The storage space occupied by fragments in OBS is charged.

⚫ Fragments need to be manually cleared.

Page 37 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Introduction

2. Basics

3. Functions and Features

4. Using and Managing

5. FAQs and Troubleshooting

6. Reference Documents and Websites

Page 38 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Methods for Accessing OBS

OBS

OBS Browser OBS Console

Page 39 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 OBS Browser Management Functions
Bucket management OBS Browser Object management
Adding a bucket Creating a folder

Searching for a bucket Searching for a file or folder

Viewing bucket information Uploading a file or folder

Bucket ACL Task management Downloading a file or folder

Managing upload tasks

Bucket policies Renaming a file

Managing download tasks

CORS Copying a file or folder

Managing deletion tasks Moving a file or folder

Logging

Managing rename tasks

Lifecycle management Restoring an Archive file

Managing copy tasks

Fragment management Configuring an ACL for an object

Managing move tasks

Deleting a bucket Configuring a policy for an object

Managing restoration tasks

Adding an external bucket Deleting a file or folder

Page 40 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Preparing the OBS Browser Environment
1. Log in to OBS Console to obtain the OBS Browser software package.

On the home page of OBS Console, download the OBS Browser software package through the link based
on your operating system.

2. Create an access key (AK and SK).

a. In the upper right corner of the OBS Console page, click the username and choose My Credential.

b. On the My Credential page, click Add Access Key below the Access Keys area.

c. Enter the related information as prompted and save the newly created access key.

3. Log in to OBS Browser.

a. Decompress the OBS Browser software package.

b. Double-click obs.exe to run OBS Browser.

c. In the Manage Account dialog box that is displayed, click Add Account.

d. Enter the account information and click OK. Then you can log in to the storage service using the account and che
ck bucket and object resources owned by the account.

Page 41 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Using OBS Browser (1/4)
⚫ Adding a bucket
 Click Add Bucket in the upper left corner of the OBS browser home page.

 In the Add Bucket dialog box that is displayed, set Method to Create new bucket,
enter a region name and bucket name, and select a storage class for the bucket. Then
click OK.

 In the displayed dialog box, click OK.

The newly created bucket is displayed in the list.

Page 42 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Using OBS Browser (2/4)
⚫ Uploading a file or folder
You can use OBS Browser to upload files in multiparts. It supports the upload of a single
file with the maximum size of 48.8 TB.

OBS Browser supports resumable transfer.

 Click the bucket name to go to the object management page.

 Choose Upload > Upload File. You can upload a maximum of 500 files at a time.

 Alternatively, you can click Upload, and choose Upload Folder to upload a folder.

 Select a storage class.

 Click OK.

Click in the upper right corner of the page to enter the task management page. On the
page that is displayed, you can manage the upload tasks.

Page 43 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Using OBS Browser (3/4)
⚫ Downloading a file or folder
 Click the bucket name to go to the object management page.

 Select the file or folder to be downloaded and click Download.

 Select a storage path and click Download.

Click in the upper right corner of the page to enter the task management page. On the
page that is displayed, you can manage the download tasks.

⚫ Deleting a file or folder

 Click the bucket name to go to the object management page.

 Click next to the file or folder to be deleted and select Delete.

 In the dialog box that is displayed, click OK.

Page 44 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Using OBS Browser (4/4)
⚫ Deleting a bucket
Before deleting a bucket, ensure that all objects in the bucket have been deleted.

Only the bucket owner can delete a bucket.

 Click next to the bucket to be deleted and select Delete.

 Click OK in the confirmation dialog box.

 In the dialog box that is displayed, click OK.

Page 45 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Introduction

2. Basics

3. Functions and Features

4. Using and Managing

5. FAQs and Troubleshooting

6. Reference Documents and Websites

Page 46 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 FAQs and Troubleshooting
Question 1

⚫ After an object with a long name is downloaded to the local path using OBS
Console, why does the object name change?

Answer

⚫ For Windows, a file name can contain a maximum of 255 characters, including the
file name and file name extension. When an object with a name containing more
than 255 characters is downloaded to a local computer, the system keeps only the
first 255 characters automatically.

Page 47 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 FAQs and Troubleshooting
Question 2

⚫ A user logs in to OBS Console using Internet Explorer 11 and uploads an object. When the
user attempts to download the object to the original path to replace the original object
without closing the browser, a message is displayed indicating a download failure. Why is
this?

For example, a user uploads object abc from the root directory of local drive C to a bucket on
OBS Console. When the user attempts to download the object to the root directory of local
drive C to replace the original object without closing the browser, a message is displayed
indicating a download failure.

Answer

⚫ This problem is caused by browser incompatibility. It can be solved by using Google

Chrome as the browser. Alternatively, you can close the browser and try again.

Page 48 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 FAQs and Troubleshooting
Question 3

⚫ Why cannot objects be globally searched for in a bucket? For example, if the root directory
of bucket abc contains folder A and object B and folder A contains object C, object C
cannot be searched for in the root directory of bucket abc. It can be searched for only in
folder A.

Answer

⚫ OBS Console does not support iterative query of objects in a bucket but supports query of
objects in a directory only. If you want to search for an object, go to the directory where the
object resides and search for the object.

Page 49 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 FAQs and Troubleshooting
Question 4
⚫ Why is no upload task created and nothing displayed on the page after a large number of
files are selected for upload using OBS Browser? For example, after a user logs in to OBS
Browser and chooses Upload > Upload File to select a large number of files from drive C
for upload, no upload task is created and nothing is displayed on the page.

Answer
⚫ The total name length of all files to be uploaded cannot exceed 25,500 characters
(approximate value). If the name length exceeds the threshold, the system stops
responding to the upload request. The file uploading function of OBS Browser allows 500
files to be uploaded at the same time. If more files need to be uploaded, it is recommended
that you put the files in a folder and use the folder uploading function for upload.

Page 50 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 FAQs and Troubleshooting
Question 5
⚫ Why are the relevant tasks not displayed in the task list when objects are being uploaded,
downloaded, or deleted using OBS Browser?

Answer
⚫ When you use OBS Browser to upload, download, or delete objects, the internal database
of OBS Browser is invoked. By default, binary data generated while the database is running
is saved in the personal folder of the Windows operating system user.

⚫ If the username of the Windows operating system contains non-English characters, the
internal database of OBS Browser cannot identify the save path of data. As a result, upload,
download, and deletion tasks cannot be added to the task list. In this case, click System
Configuration > Other in the upper right corner of the page to change the save path to
ensure that the database is running properly.

Page 51 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 FAQs and Troubleshooting
Question 6
⚫ OBS is unavailable when an error is reported stating "Time difference is longer
than 15 minutes between the client and server." Why is this?

Answer
⚫ For security purpose, OBS checks the time difference between OBS Browser and
the server. When the time difference is longer than 15 minutes, such an error is
reported and you need to adjust the local time.

Page 52 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Introduction

2. Basics

3. Functions and Features

4. Using and Managing

5. FAQs and Troubleshooting

6. Reference Documents and Websites

Page 53 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Reference Documents and Websites
⚫ OBS Overview:

https://support.huaweicloud.com/en-us/productdesc-obs/en-us_topic_0045853681.html

⚫ OBS Console Operation Guide:

https://support.huaweicloud.com/en-us/usermanual-obs/obs_03_0054.html

⚫ OBS Client Operation Guide (OBS Browser):

https://support.huaweicloud.com/en-us/clientogw-obs/en-us_topic_0086375542.html

⚫ OBS Developer Guide:

https://support.huaweicloud.com/en-us/devg-obs/en-us_topic_0100849894.html

Page 54 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
1. (Multiple choices) Access requests to OBS can be controlled by ( )

A. ACLs

B. Bucket policies

C. User signature authentication

D. Server-side encryption

Page 55 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
1. (Multiple choices) Access requests to OBS can be controlled by ( )

A. ACLs

B. Bucket policies

C. User signature authentication

D. Server-side encryption

Page 56 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
1. (Multiple choices) Access requests to OBS can be controlled by ( )

A. ACLs

B. Bucket policies

C. User signature authentication

D. Server-side encryption

Page 57 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Summary
⚫ Introduces OBS.

⚫ Introduces the concepts, functions, and application scenarios of OBS.

⚫ Introduces the advantages and charging standards of OBS.

Page 58 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Acronym or Abbreviation

Abbreviation Full Name

API Application programming interface
AK Access key ID
SK Secret access key
ACL Access control list
SDK Software development kit
CORS Cross-origin resource sharing

Page 59 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
Thank You
www.huawei.com
Cloud Storage Services - Scalable File Service
Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Foreword
⚫ This course provides an overview about Scalable File Service (SFS) in
HUAWEI CLOUD.

Page 2 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Objectives
⚫ After completing this course, you will be able to:
 Know what SFS is.

 Understand basic concepts, functions, and application scenarios of SFS.

 Know advantages and the billing standards of SFS.

 Know SFS FAQs and corresponding answers.

Page 3 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. SFS Overview

2. Using and Managing

3. Restrictions and Limitations

4. FAQs

5. Troubleshooting Cases

Page 4 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 SFS Overview
⚫ Scalable File Service (SFS) provides high-performance file storage that is scalable on
demand. It can be shared with multiple Elastic Cloud Servers (ECS). Expandable to petabyte
ranges, SFS provides a fully hosted shared file storage. It features high availability and
durability, and provides supports for data-intensive and bandwidth-intensive applications.

Page 5 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 SFS Product Architecture
VPC ⚫ Customers can specify the
AZ1 AZ2 AZ3
region, AZ, and VPC with
Subnet: 10.1.1.0/24 Subnet: 10.1.2.0/24 Subnet: 10.1.4.0/24 which the file system to be
created is associated.
⚫ That is, although ECSs in
one VPC resided in different
AZs, the can share the a file
system. If customer's
Subnet: 10.1.3.0/24
services have high
requirements on latency,
cross-AZ access should be
SFS SFS
avoided.

Page 6 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Advantages of SFS
⚫ File sharing

⚫ Elastic scalability

⚫ Superior performance and reliability

⚫ Seamless integration

⚫ Easy operation and low costs

Page 7 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Typical Scenarios
⚫ High-performance computing (HPC)
⚫ In industries that require HPC, such as simulation experiments, biopharmacy, gene sequencing, image
processing, and weather forecast, SFS provides superb computing and storage capabilities, as well as
high bandwidth and low latency.
⚫ Media processing
⚫ In such scenarios, a large number of workstations are involved in the whole program production
process. Different operating systems may be used by different workstations, requiring high-bandwidth
and low-latency file systems to share materials.
⚫ File sharing
⚫ For a company with a large number of employees, documents and data can be shared and accessed
using the SFS file systems.
⚫ Content management and web directories
⚫ SFS can be used in various content management systems to store and provide information for
websites, home directories, online releases, and archiving.
⚫ Big data and analytic applications
⚫ A file system provides aggregation bandwidth higher than 10 GBit/s and can process ultra-large data
files such as satellite images in a timely manner. In addition, the file system has high reliability to
prevent system failures from affecting service continuity.

Page 8 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Billing Standards
⚫ SFS is charged by used storage capacity. It provides two billing options:
pay-per-use and monthly/yearly subscription.

⚫ By default, SFS is charged on the pay per use basis, that is, by used storage
capacity and service duration. There is no minimum fee. Service duration is
calculated at the top of every hour. A duration of less than one hour is
rounded up to an hour.

⚫ Quota of a resource package is measured by GB or TB. Duration is

measured by year or month. Customers are advised to consider the
specifications, service duration, and storage capacity of a yearly/monthly
resource package before purchase.

Page 9 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Related Services
⚫ A file system can be mounted on different ECSs in the same project for file
sharing. SFS uses Identity and Access Management (IAM) to authenticate
user identities and control access to cloud resources. Meanwhile, file
systems are encrypted by Key Management Service (KMS), and the
performance is monitored by Cloud Eye.

⚫ SFS is related to the following services:

 Elastic Cloud Server (ECS)

 Virtual Private Cloud (VPC)

 Identity and Access Management (IAM)

 Key Management Service (KMS)

Page 10 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Basic Concepts of SFS
⚫ Network File System (NFS)
⚫ NFS is a distributed file system protocol that allows different computers and operating systems to share data over a
network.
⚫ CIFS (Common Internet File System)
⚫ CIFS is a protocol used for network file access. It is a public or open version of the Server Message Block (SMB)
protocol, which is initiated by Microsoft. CIFS allows applications to access files on computer over the Internet and
send requests for file services. Through the CIFS protocol, network files can be shared between hosts running
Windows.
⚫ File System
⚫ A file system provides users with shared file storage service through NFS or CIFS. It can be used to access network
files remotely. After users create shared directories in the management console, the file system can be mounted to
multiple ECSs and is accessible through the standard POSIX interface.
⚫ Availability zone (AZ)
⚫ An availability zone (AZ) is a geographical area with an independent network and an independent power supply. In
general, an AZ is an independent physical equipment room, ensuring the independence of the AZ. One region has
multiple AZs. If one AZ becomes faulty, the other AZs in the same region can still provide services. AZs in the same
region can access each other using the intranet. ECSs can share the same file system across AZs of the same region.
⚫ Region
⚫ Region is a geographical concept. Each region is a different geographical location. Customers can select the regions
closest to them to reduce access latencies.

Page 11 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. SFS Overview

2. Using and Managing

3. Restrictions and Limitations

4. FAQs

5. Troubleshooting Cases

Page 12 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Process of Accessing SFS

Page 13 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Common Operations
⚫ Creating a File System

⚫ Mounting a File System to an ECS

⚫ Managing VPCs

⚫ Creating a Encrypted File System

⚫ Deleting a File System

Page 14 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Creating a file system

1. Click Create File System. 2. Configure file system parameters.

3. Confirm configuration.

Page 15 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Common Operations
⚫ Mounting a file system to an ECS
1. Click Remote Login of an ECS.

2. Use the root account and 3. Run the mount command to mount a file system. After the
password to log in to the ECS. mounting is successful, you can view the mounted file system.

Page 16 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Common Operations
⚫ Managing VPCs

1. Select the target file system. 2. Click Add Authorized VPC on the Authorization tab page.

3. Add required VPC or VPCs.

Page 17 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Common Operations
⚫ Creating an encrypted file system

1. Click Create File System. 2. Select KMS Encryption and select an encryption key.

3. Confirm configuration.

Page 18 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Common Operations
⚫ Deleting a file system

1. Click Delete in the Operation column of the target file system.

2. Confirm the deletion and click OK.

Page 19 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. SFS Overview

2. Using and Managing

3. Restrictions and Limitations

4. FAQs

5. Troubleshooting Cases

Page 20 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Restrictions and Limitations
⚫ Note the following limitations and constraints when using SFS:
 SFS Capacity-Oriented supports NFSv3 and CIFS protocols. Currently, SFS Turbo supports only the
NFSv3 protocol.
 SFS does not support the replication function.
 The following table lists the operating systems on which SFS file systems can be mounted.
OS Version
CentOS CentOS 5,6,7 for x86
Debian Debian GNU/Linux 6,7,8,9 for x86
Oracle Oracle Enterprise Linux 5,6,7 for x86
Red Hat Red Hat Enterprise Linux 5,6,7 for x86
SUSE SUSE Linux Enterprise Server 10,11,12 for x86
Ubuntu Ubuntu 10,11,12,13,14,15 LTS for x86
Euler Euler OS 2
Fedora Fedora 24,25
OpenSUSE OpenSUSE 42
Windows Windows Server 2008,2008 r2,2012,2012 r2,2016 for x64; Windows 7,8,10

Page 21 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. SFS Overview

2. Using and Managing

3. Restrictions and Limitations

4. FAQs

5. Troubleshooting Cases

Page 22 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 FAQs (1/3)
⚫ Can a File System Be Mounted to a Windows ECS?
 Yes.

⚫ What Access Protocols Does SFS Support?

 SFS Capacity-Oriented supports standard NFSv3 and CIFS protocols. SFS Turbo supports
only the standard NFSv3 protocol.

⚫ What Is the Maximum Size of a File That Can Be Stored In a File System?
 For SFS Capacity-Oriented file systems, the supported maximum size of a file is 240 TB.
For SFS Turbo file systems, the supported maximum size of a file is 16 TB.

⚫ How Many File Systems Can Be Created by Each Account?

 Currently, a maximum of 10 shared file systems can be created for each account, and
they can be created at a time.

Page 23 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 FAQs (2/3)
⚫ How Is the Access Permission for a File System Controlled?
 An SFS Capacity-oriented file system can be shared by ECSs of multiple VPCs.
When the file system is mounted on the ECSs, files can be shared. You can set
the IP addresses or address segments authorized by a VPC to control the ECSs
in other VPCs to access the file system.
 An SFS Turbo file system can only be shared by ECSs in the same VPC. After an
SFS system is mounted on an ECS, the ECS can access the shared files and
prevent ECSs of other VPCs from accessing the shared files.
⚫ How Do I Check Whether a File System on a ECS Running Linux Is
Available?
 Log in to the ECS as the root user. Run the following command, and the
command output displays all available file systems with the same domain name.
showmount -e File system domain name

Page 24 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 FAQs (3/3)
⚫ How Can an ECS Access a File System?
 If your ECS is running Linux, you need to install the NFS client on the ECS and run a
command to mount the file system. If your ECS is running on Windows, you need to
install the NFS client, modify the NFS transfer protocol, and run a command to mount
the file system. Then, you can share the files and directories of the file system.

⚫ Can a File System Be Accessed Across VPCs?

 Cross-VPC access is supported for a file system of the SFS Capacity-Oriented type.

 A file system of the SFS Turbo type in a VPC is accessible only to AZs in the VPC.

Page 25 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. SFS Overview

2. Using and Managing

3. Restrictions and Limitations

4. FAQs

5. Troubleshooting Cases

Page 26 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Troubleshooting Cases (1/2)
⚫ When executing the mount command to mount a file system to an ECS,
the ECS system displays a timed out message.
 Possible cause 1: When the public cloud network is unstable or the customer
accesses the service for the first time, the routing times out. Prolong the
timeout period or retry the mounting command when this problem occurs.
 Possible cause 2: The DNS configuration of the ECS is incorrect. As a result, the
domain name of the file system cannot be parsed and the mounting fails.
⚫ When executing the mount command to mount a file system on an ECS,
the ECS system displays an access denied message.
 Possible cause 1: The file system has been deleted.
 Possible cause 2: The ECS and the file system do not reside in the same VPC.
 Possible cause 3: The shared path in the mount command is incorrect.
 Possible cause 4: The virtual IP address is used to access SFS.

Page 27 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Troubleshooting Cases (2/2)
⚫ An ECS fails to access a share. The system displays a message indicating
that the access request is denied. All services on the ECS are abnormal.
 Possible cause 1: The file system is abnormal.
 Possible cause 2: The ECS belongs to a different VPC from the file system.
 Possible cause 3: After a forcible unmount operation on the ECS, mounting fails.

Page 28 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
1. (Multiple-answer) Which of the following are the application scenarios of SFS?
A. Media processing

B. Log management

C. Content management and web directories

D. High-performance computing (HPC)

Page 29 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
1. (Multiple-answer) Which of the following are the application scenarios of SFS?
A. Media processing

B. Log management

C. Content management and web directories

D. High-performance computing (HPC)

Page 30 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Summary
⚫ Introduces SFS.
⚫ Describes the concepts, creation process, and application scenarios of SFS.
⚫ Introduces the advantages and billing standards of SFS.
⚫ Describes the common problems and faults of SFS.

Page 31 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
Thank You
www.huawei.com
 Network Cloud Services - Virtual Private
Cloud
Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Foreword
⚫ With ever-increasing online service requirements, enterprise networks
require a long time to market, have high O&M costs, and are faced with
high security risks. More and more enterprises are now deploying their
online services using Huawei Virtual Private Cloud (VPC).

⚫ Huawei VPC is an infrastructure networking service. It leverages secure

tunneling technology to provide secure and isolated networking
environments. This chapter introduces the Huawei VPC service.

Page 2 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Objectives
⚫ After completing this course, you will:
 Be familiar with the VPC service.
 Understand the concepts, functions, and application scenarios of the VPC
service.
 Be able to create and manage VPCs.

Page 3 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. VPC Overview

2. VPC Concepts

3. VPC Application Scenarios

4. VPC Use and Management

5. VPC FAQs and Troubleshooting

6. Related Services of VPC

Page 4 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 VPC Concept
A VPC is an isolated virtual network environment created on HUAWEI CLOUD.
You have complete control over your virtual network, including creating
subnets and security groups, assigning elastic IP addresses (EIPs), allocating
bandwidth, and configuring DHCP.

Page 5 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 VPC Product Architecture

Page 6 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 VPC Product Advantages

Secure and Reliable Flexible Configuration

Private networks on the cloud are Self-service network management
completely isolated. frees you from routine network
You can create Elastic Cloud configurations
Servers (ECSs) that are in different
availability zones, in the same VPC. and allows flexible network
deployment.

High-Speed Access Interconnection

Dynamic BGP network connections VPC peering enables
enable seamless high-speed access to interconnection between VPCs.
services on the cloud.

Page 7 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 VPC Application Scenario – Large Internet
Applications
Interne
t

Regio
n
VPC
EIP
Subnet 1

Web server
Internet
AZ gateway Direct
1 (NAT) Connect
DR On-premises
gateway network
Subnet 2

VPN VP On-premises
App N
gateway network
AZ
2

Page 8 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 VPC Application Scenarios
⚫ Hosting Universal Web Applications
 Application scenarios: Blogs and simple websites
 Characteristics: You can host web applications and websites in a VPC and use the VPC as a common
network. You can create a subnet and create ECSs in the subnet. You can also use EIPs to connect ECSs to
the Internet for running web applications deployed on the ECSs.
⚫ Building Enterprise Hybrid Cloud
 Application scenarios: E-commerce websites
 Characteristics: You can connect a VPC to your private cloud using a VPN connection. With a VPN
connection between the VPC and your traditional data center, you can easily use the ECSs and block
storage resources. Applications can be migrated to the cloud and additional web servers can be deployed
to increase the computing capacity on a network. In this way, a hybrid cloud is built.
⚫ Hosting Security-Demanding Services
 Application scenarios: Security-demanding service systems
 Characteristics: You can create a VPC and security groups to host multi-tier web applications in different
security zones. You can associate web servers and database servers with different security groups and
configure different access control rules for security groups. You can launch web servers in a publicly
accessible subnet and database servers in non-publically accessible subnets to ensure high security and
meet requirements of security-demanding scenarios.

Page 9 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Function Description
⚫ Private Network Customization

You can customize private subnets in your VPC and deploy applications and other services in the subnets accordingly.
⚫ Flexible Security Policy Configuration

You can use security groups to divide ECSs in a VPC into different security zones and then configure different access
control rules for each security zone. You can also create network ACLs to control traffic in and out of associated
subnets, improving subnet security.
⚫ EIP Binding

You can assign an independent EIP in your VPC. The EIP can be bound to or unbound from an ECS as required. The
binding and unbinding operations take effect immediately after the operations are performed.
⚫ Direct Connect/VPN Access

You can use a Direct Connect connection or VPN to connect your VPC with the corporate data center to form a hybrid
network for smooth application migration to the cloud.

Page 10 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. VPC Overview

2. VPC Concepts

3. VPC Application Scenarios

4. VPC Use and Management

5. VPC FAQs and Troubleshooting

6. Related Services of VPC

Page 11 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 VPC Concepts
⚫ Subnet
⚫ EIP
⚫ Bandwidth
⚫ Security group
⚫ VPN
⚫ Remote gateway
⚫ Remote subnet

Page 12 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. VPC Overview

2. VPC Concepts

3. VPC Application Scenarios

4. VPC Use and Management

5. VPC FAQs and Troubleshooting

6. Related Services of VPC

Page 13 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Typical VPC Application Scenarios
⚫ Configuring a VPC for ECSs that do not require Internet access
⚫ Configuring a VPC for ECSs that access the Internet using EIPs
⚫ Configuring a VPC for ECSs that access the Internet using a VPN

Page 14 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 VPC Configuration Procedure (1/2)
If your ECSs do not need to access the Internet (for example, the ECSs functioning as the
database or server nodes for deploying a website), follow the procedure in the next slide to
configure a VPC for the ECSs.

Page 15 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 VPC Configuration Procedure (2/2)

Task Description Mandatory

You must configure required parameters to create a VPC. The created VPC
comes with a default subnet you specified. Yes
01 Create a VPC.
After the VPC is created, you can create other required network resources in
the VPC based on your service requirements.

If you need another subnet in addition to the default one, you can create a
02 Create another No
subnet in the VPC.
subnet for the VPC.
The new subnet is used to assign IP addresses to NICs added to the ECS.

You can create a security group and add ECSs in the VPC to the security group
to improve ECS access security.
03 Create a security After a security group is created, it has a default rule, which allows all outgoing Yes
group. data packets. ECSs in a security group can access each other without the need
to add rules. If the default rule meets your service requirements, you do not
need to add rules to the security group.
After a security group is created, it has a default rule, which allows all outgoing
04 Add a security data packets. ECSs in a security group can access each other without the need No
group rule. to add rules. If the default rule does not meet your service requirements, you
can add a security group rule.

Page 16 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. VPC Overview

2. VPC Concepts

3. VPC Application Scenarios

4. VPC Use and Management

5. VPC FAQs and Troubleshooting

6. Related Services of VPC

Page 17 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Common Operations
⚫ VPC Common Operations
⚫ Security Group Common Operations
⚫ EIP Common Operations

Page 18 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 VPC Common Operations
⚫ Creating a VPC
⚫ Modifying a VPC
⚫ Creating a subnet for the VPC
⚫ Modifying a subnet
⚫ Deleting a VPC

Page 19 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Creating a VPC
⚫ Scenario
⚫ A VPC provides an isolated virtual network for ECSs. You can configure and manage the
network as required. Perform the following procedure to create a VPC. Then, create
subnets, security groups, and VPNs, and assign EIPs based on your actual network
requirements.
⚫ Procedure
⚫ Log in to the management console.
⚫ On the console homepage, under Network, click Virtual Private Cloud.
⚫ On the Dashboard page, click Create VPC.
⚫ On the Create VPC page, set parameters as prompted.
⚫ Click Create Now.

Page 20 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Console Page for VPC Creation

Page 21 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 VPC Configuration Parameters
Parameter Description Example Value
Specifies the desired region. Regions are geographic areas isolated from each other.
Resources are specific to a region and cannot be used across regions through internal
Region CN North-Beijing1
network connections. Select the nearest region for quick resource access and low network
latency.
Name Specifies the VPC name. VPC-001
Specifies the CIDR block for the VPC. The CIDR block of a subnet can be the same as the
CIDR block for the VPC (for a single subnet in the VPC) or a subset (for multiple subnets in
CIDR Block the VPC). 192.168.0.0/16
The following CIDR blocks are supported: 10.0.0.0 – 10.255.255.255 172.16.0.0 –
172.31.255.255 192.168.0.0 – 192.168.255.255
Specifies the enterprise project to which the VPC belongs. By default, the VPC belongs to the
Enterprise Project Default
Default project.
Specifies the VPC tag, which consists of a key and value pair. You can add a maximum of ten • Key: vpc_key1
Tag
tags to each VPC. • Value: vpc-01
Name (Subnet
Specifies the subnet name. Subnet
Settings)
CIDR Block (Subnet
Specifies the CIDR block for the subnet. This value must be within the VPC CIDR range. 192.168.0.0/24
Settings)
Gateway Specifies the gateway address of the subnet. 192.168.0.1
The external DNS server address is used by default. If you need to change the DNS server
DNS Server Address 192.168.1.0
address, ensure that the configured DNS server address is available.
Tag (Subnet Specifies the subnet tag, which consists of a key and value pair. You can add a maximum of • Key: subnet_key1
Settings) ten tags to each subnet. • Value: subnet-01
Page 22 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Creating a subnet for the VPC
⚫ Scenario

A subnet is automatically created when you create a VPC. If required, you can create
another subnet in the VPC.
⚫ Procedure

1. Log in to the management console.

2. On the console homepage, under Network, click Virtual Private Cloud.

3. In the navigation pane on the left, select the VPC for which a subnet is to be created.

4. On the Subnets page, click Create Subnet.

5. In the Create Subnet area, set parameters as prompted.

6. Click OK.

Page 23 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Console Page for Subnet Creation

Page 24 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Subnet Configuration Parameters

Parameter Description Example Value

Name Specifies the subnet name. Subnet

Specifies the CIDR block for the subnet. This value must be within
CIDR Block 192.168.0.0/24
the VPC CIDR range.

Gateway Specifies the gateway address of the subnet. 192.168.0.1

The external DNS server address is used by default. If you need to

DNS Server Address change the DNS server address, ensure that the configured DNS 192.168.1.0
server address is available.

Specifies the subnet tag, which consists of a key and value pair. • Key: subnet_key1
Tag
You can add a maximum of ten tags to each subnet. • Value: subnet-01

Page 25 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Security Group Common Operations
⚫ Creating a security group
⚫ Adding a security group rule
⚫ Deleting a security group rule
⚫ Deleting a security group

Page 26 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Creating a Security Group
⚫ Scenario
To improve ECS access security, you can create a security group, define security group rules, and add ECSs in the VPC
to the security group. We recommend that you allocate ECSs that have different Internet access policies to different
security groups.
⚫ Procedure
1. Log in to the management console.
2. On the console homepage, under Network, click Virtual Private Cloud.
3. In the navigation pane on the left, click Security Group.
4. On the Security Group page, click Create Security Group.
5. In the Create Security Group area, set parameters as prompted.
6. Click OK

Page 27 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Creating a Security Group Rule (1/2)
⚫ Scenario
After a security group is created, it has default rules. You can add new inbound and outbound rules to
the security group.
Inbound rules control incoming traffic to ECSs in the security group.
Outbound rules control outgoing traffic from ECSs in the security group.
⚫ Default security group rules

Transfer Port/Rang
Protocol Source/Destination Description
Direction e

Outboun
All All Destination: 0.0.0.0/0 Allows all outbound traffic.
d

Source: Current security

Allow inbound traffic from ECSs added to the same
Inbound All All group ID (for example, sg-
security group.
xxxxx)

Allows all IP addresses to access Linux ECSs over

Inbound TCP 22 Source: 0.0.0.0/0
SSH.

Allow all IP addresses to access Windows ECSs over

Inbound TCP 3389 Source: 0.0.0.0/0
RDP.
Page 28 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Creating a Security Group Rule (2/2)
⚫ Procedure

1. Log in to the management console.

2. On the console homepage, under Network, click Virtual Private Cloud.

3. In the navigation pane on the left, click Security Group.

4. On the Security Group page, locate the target security group and click Manage Rule in
the Operation column to switch to the page for managing inbound and outbound rules.

5. On the Inbound Rules or Outbound Rules tab, click Add Rule to add an inbound or
outbound rule.

Page 29 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Console Page for Security Group Rule Creation

Page 30 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Security Group Rule Configuration Parameters
Parameter Description Example Value
Specifies the network protocol for which the security group rule takes
Protocol TCP
effect.

Port: specifies the port or port range for which the security group rule
22 or 22-30
takes effect. The value ranges from 1 to 65535.

Port & Source (Inbound)
Source: specifies the source of the security group rule. The value can be
another security group, a CIDR block, or a single IP address. For
example: 0.0.0.0/0
• xxx.xxx.xxx.xxx/32 (IPv4 address) default
• xxx.xxx.xxx.0/24 (CIDR block)
• 0.0.0.0/0 (any IP address)

Port: specifies the port or port range for which the security group rule
22 or 22-30
takes effect. The value ranges from 1 to 65535.

Source: specifies the source of the security group rule. The value can be
Port & Destination
another security group, a CIDR block, or a single IP address. For
(Outbound)
example: 0.0.0.0/0
• xxx.xxx.xxx.xxx/32 (IPv4 address) default
• xxx.xxx.xxx.0/24 (CIDR block)
• 0.0.0.0/0 (any IP address)

Provides supplementary information about the security group. This

parameter is optional.
Description N/A
The security group description can contain a maximum of 255 characters
and cannot contain angle brackets (<) or (>).
Page 31 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 EIP Common Operations
⚫ Assigning an EIP and binding it to an ECS
⚫ Querying and modifying bandwidth

Page 32 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Assigning an EIP and Binding It to an ECS (1/3)
⚫ Scenario

You can assign an EIP and bind it to an ECS to enable the ECS to access the Internet.
⚫ Procedure

Assign an EIP.

1. Log in to the management console.

2. On the console homepage, under Network, click Virtual Private Cloud.

3. In the navigation pane on the left, choose Elastic IP.

4. On the Elastic IP page, click Buy EIP.

5. In the displayed dialog box, set parameters as prompted.

6. Click Buy Now.

Page 33 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Assigning an EIP and Binding It to an ECS (2/3)

Page 34 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Assigning an EIP and Binding It to an ECS (3/3)
Bind an EIP.

1. On the Elastic IP page, locate the row that contains the target EIP, and click Bind in the Operation
column.

2. Select the desired instance.

3. Click OK

Page 35 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Querying and Modifying Bandwidth (1/2)
⚫ Scenario

Modify the name and size of the EIP bandwidth.

⚫ Procedure

1. Log in to the management console.

2. On the console homepage, under Network, click Virtual Private Cloud.

3. In the navigation pane on the left, choose Elastic IP.

4. Locate the row that contains the target EIP in the EIP list, click More in the Operation column, and
select Modify Bandwidth.

5. Modify bandwidth parameters as prompted.

6. Click OK

Page 36 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Querying and Modifying Bandwidth (2/2)

Page 37 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. VPC Overview

2. VPC Concepts

3. VPC Application Scenarios

4. VPC Use and Management

5. VPC FAQs and Troubleshooting

6. Related Services of VPC

Page 38 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 VPC FAQs
⚫ Will I Be Charged for Using the VPC Service?
The VPC service is free of charge itself. However, you are charged for the bandwidth or VPN used in the VPC.
⚫ Which CIDR Blocks Are Available to the VPC Service?
The VPC service supports the following CIDR blocks: 10.0.0.0 – 10.255.255.255 172.16.0.0 – 172.31.255.255 192.168.0.0
– 192.168.255.255
⚫ Can Subnets Communicate with Each Other?
Subnets belong to VPCs. Subnets in the same VPC can communicate with each other. Subnets in different VPCs
cannot communicate with each other by default. However, you can create VPC peering connections to enable subnets
in different VPCs to communicate with each other.
⚫ Can I Modify the CIDR Block of a Subnet?
The subnet CIDR block cannot be modified after a subnet is created.
⚫ How Many Subnets Can I Create?
By default, one tenant can create a maximum of 100 subnets. If the number of subnets cannot meet your service
requirements, submit a service ticket to increase the quota.
⚫ What Is the Bandwidth Size Range?
The bandwidth size ranges from 1 Mbit/s to 2000 Mbit/s.
⚫ What Bandwidth Types Does the VPC Service Support?
The VPC service supports the dedicated bandwidth and shared bandwidth. The dedicated bandwidth can be used by
only one EIP, whereas the shared bandwidth can be shared by multiple EIPs.

Page 39 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. VPC Overview

2. VPC Concepts

3. VPC Application Scenarios

4. VPC Use and Management

5. VPC FAQs and Troubleshooting

6. Related Services of VPC

Page 40 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Related Services
⚫ ECS

A VPC provides an isolated virtual network for ECSs. You can configure and manage the network as
required. The VPC service provides multiple connectivity options for ECSs to access the Internet. You
can also customize the ECS access rules within a security group and between security groups to
improve ECS security.
⚫ ELB

ELB uses the EIP and bandwidth provided by the VPC service.
⚫ Cloud Eye

After the VPC service becomes available to you, you can use Cloud Eye to view status of monitored
objects of the service without requiring additional plug-ins to be installed.
⚫ Cloud Trace Service (CTS)

With CTS, you can record operations performed on the VPC service for further query, audit, and
backtrack purposes.

Page 41 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
Which of the Following Functions Are Provided by HUAWEI CLOUD VPC?
A. Customizing CIDR blocks

B. Customizing access control policies

C. Accessing the Internet using EIPs

D. Connecting a local data center using a VPN or Direct Connect connection

Page 42 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
Which of the Following Functions Are Provided by HUAWEI CLOUD VPC?
A. Customizing CIDR blocks

B. Customizing access control policies

C. Accessing the Internet using EIPs

D. Connecting a local data center using a VPN or Direct Connect connection

Page 43 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Summary
⚫ Introduces the HUAWEI CLOUD VPC service.
⚫ Introduces the concepts, functions, and application scenarios of the VPC
service.
⚫ Illustrates how to create and manage VPCs.

Page 44 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Recommendations
⚫ Huawei learning website:

http://support.huawei.com/learning/en/newindex.html
⚫ HUAWEI CLOUD official websites

https://www.huaweicloud.com/en-us/ (China)

https://intl.huaweicloud.com/?locale=en-us (International)

Page 45 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Acronyms

Acronym Full Name

AZ Availability Zone
BGP Border Gateway Protocol
DNS Domain Name Server
EIP Elastic Internet Protocol
IPsec Internet Protocol Security
VPN Virtual Private Network
IGW Integration Gateway
NAT Network Address Translation

Page 46 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
Thank You
www.huawei.com
Network Cloud Service - Elastic Load Balance
Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Foreword
⚫ This course introduces Elastic Load Balance (ELB), a network service
provided by HUAWEI CLOUD for load balancing.

Page 2 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Objectives
⚫ After completing this course, you will be able to:
 Describe what ELB is.

 Understand the architecture, advantages, and application scenarios of ELB.

 Create and manage load balancers.

Page 3 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Overview

2. Resource Management

3. FAQs

4. Related Services

Page 4 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 What Is ELB?
⚫ ELB automatically distributes incoming traffic across multiple servers to
balance their workload, increasing the service capabilities and fault
tolerance of your applications.

Page 5 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Architecture
⚫ Load balancer Load balancer (LVS*)

⚫ Listener Listener Listener Listener

⚫ Member (backend server)

⚫ Pool (backend server group) Member Member Member

Member Member Member

⚫ Health check
Member Member Member

Member Member Member

Pool Pool Pool

Health Health Health

check check check
*Linux Virtual Server

Page 6 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Product Advantages

High
availability

Advantages

High High
flexibility performance

Page 7 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Application Scenarios
⚫ High Traffic Services

⚫ Services with Significant Traffic Peaks

⚫ SPOF Elimination

⚫ Cross-AZ Load Balancing

Page 8 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 ELB Networking Example

Page 9 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Overview

2. Resource Management

3. FAQs

4. Related Services

Page 10 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Basic Operations

⚫ Create, delete, or query ⚫ Add, modify, or delete

load balancers. listeners.

ELB

⚫ Add or remove backend ⚫ Create, modify, or

servers. delete certificates.

Page 11 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Managing Load Balancers
⚫ Create load balancers.

⚫ Delete load balancers.

⚫ Query load balancers.

⚫ Adjust the bandwidth.

Page 12 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Creating a Load Balancer

Page 13 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Parameter Configuration for Creating a Load Balancer

Parameter Description Example Value

Name Load balancer name. elb_01

VPC Virtual Private Cloud (VPC) where the load balancer works VPC_01

Subnet Subnet of the load balancer subnet01

Private IP address of the load balancer

Virtual IP Manually
Two options are available: Automatically assign and Manually
Address specify
specify. If you select Manually specify, set an IP address.
Whether an EIP will be bound to the load balancer
EIP Two options are available: Not required and Use existing. If you Use existing
select Use existing, select an IP address.

Description Supplementary information about the load balancer N/A

Page 14 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Managing Listeners
⚫ Add listeners.

⚫ Modify listeners.

⚫ Delete listeners.

Page 15 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Adding a Listener

Page 16 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Parameter Configuration for Adding a Listener

Category Parameter Description Example Value

Name Listener name Listener01

Protocol and port the load balancer uses to receive

requests from the client and forward the requests to TCP/22
Frontend backend servers
UDP/53
Protocol/Port Four protocols are supported: TCP, UDP, HTTP, and
HTTPS (Termination), and supported port numbers HTTPS/443
range from 1 to 65535.
Listener
Backend Protocol used by backend servers to receive requests TCP/22
Protocol Three protocols are supported: TCP, UDP, and HTTP. HTTP/80

SSL/TLS certificate used when the frontend protocol is

Certificate N/A
HTTPS
Description Supplementary information about the listener N/A

Page 17 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Parameter Configuration for Adding a Listener (cont.)

Category Parameter Description Example Value

A group of backend servers that have the same features
Backend Server
Three options are available: Create new, Use existing, and Create new
Group
Not required.

Name Name of the backend server group pool-i28r

Algorithm the load balancer uses to distribute traffic
Load Balancing Weighted round
Three options are available: Weighted round robin,
Algorithm robin
Weighted least connections, and Source IP hash.
Whether to enable the sticky session feature
Backend server Sticky Session After the sticky session feature is enabled, all requests from a N/A
group client during one session are sent to the same backend server.
Sticky session type
Sticky Session
Three options are available: Source IP address, HTTP cookie, Source IP address
Type
and App cookie.
Cookie name
Cookie Name When App cookie is selected, you need to enter a cookie cookie1223
name.

Description Supplementary information about the backend server group N/A

Page 18 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Parameter Configuration for Adding a Listener (cont.)
Category Parameter Description Example Value
Enable
Whether to enable health checks ON
Health Check
Protocol used for health checks
Health Check Three options are available: TCP, UDP, and HTTP.
TCP
Protocol Once you have selected a protocol, you cannot change it. If the frontend protocol is
UDP, the health check protocol is UDP by default.
Domain name in the health check request
Domain The domain name can consist of letters, digits, hyphens (-), and periods (.), and must
www.elb.com
Name start with a letter or digit. This parameter is left blank by default and is available only
when the health check protocol is HTTP.
Health
check Port used to monitor the health status of backend servers
Health Check
The port number ranges from 1 to 65535. If no port number is specified, the port of 80
Port
each backend server is used for health check.
Maximum number of seconds between health checks
Interval 5 seconds
The value ranges from 1 to 50.
Maximum number of seconds to wait for receiving results of a health check
Timeout 10 seconds
The value ranges from 1 to 50.
Health check path, which is a URL
Check Path /index.html
This parameter is required when HTTP is used for health checks.
Maximum Maximum number of health check retries
3
Retries The value ranges from 1 to 10.

Page 19 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Managing Backend Server Groups
⚫ Add backend server groups.
⚫ Delete backend server groups.

Page 20 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Adding a Backend Server Group

Page 21 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Managing Backend Servers
⚫ Add backend servers.

⚫ Remove backend servers.

Page 22 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Adding Backend Servers

Page 23 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Managing Certificates
⚫ Create certificates.

⚫ Delete certificates.

⚫ Modify certificates.

Page 24 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Creating a Certificate

Page 25 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Overview

2. Resource Management

3. FAQs

4. Related Services

Page 26 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 FAQs
⚫ How many load balancers can I create?
 By default, you can create 10 load balancers. If you need more, you can increase
the quota up to 255.

 What is Frontend Protocol/Port?

 Frontend Protocol/Port specifies the protocol and port that the load balancer
uses to receive requests. ELB provides load balancing at both Layer 4 and Layer
7. Select an appropriate protocol and port to suit your needs.

Page 27 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 FAQs (cont.)
⚫ Is the public IP address (EIP) assigned to a load balancer exclusive?
 During the lifecycle of the load balancer, the assigned public IP address is
exclusive to it.

⚫ What is the impact of deleting a load balancer?

 If the load balancer is working properly and its IP address has been resolved to
the domain name, the load balancer cannot be deleted. Once the load balancer
is deleted, its configuration is deleted and cannot be recovered, and its IP
address is released. If another load balancer is created, the system assigns a
new IP address.

Page 28 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 FAQs (cont.)
⚫ What is a listener?
 A listener checks for connection requests. It is configured with a protocol and
port that receive requests from the client, a protocol and port that route
requests to backend servers, and request forwarding policies.

⚫ What types of sticky sessions does ELB support?

 For load balancing at Layer 4 (TCP or UDP), IP addresses maintain sessions. For
load balancing at Layer 7 (HTTP or HTTPS), cookies maintain sessions.

Page 29 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 FAQs (cont.)
⚫ How can I rectify a health check failure?

⚫ You can try several methods:

 Check whether backend servers can provide services normally. If HTTP is used for the
health check, check whether the health check path of the backend server is correct.

 Check whether the source IP address is blocked by the firewall or other software on the
server.

 If the default health check configuration is used, check whether the security group rule
allows access to the service port of the backend server.

 If the health check port is different from the service port of the backend server, check
whether the security group rule allows access to both ports

 If the problem persists, contact technical support.

Page 30 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Overview

2. Resource Management

3. FAQs

4. Related Services

Page 31 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Related Services
⚫ Virtual Private Cloud

⚫ Identity and Access Management

⚫ Cloud Trace Service

⚫ Auto Scaling

⚫ Cloud Eye

⚫ Advanced Anti-DDoS

Page 32 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Comparison with Peer Vendors
Capability AWS Alibaba HUAWEI CLOUD

Cross-AZ load balancing Y N Y

Server health check Y Y Y

Security group Y N Y
SSL/TLS offloading Y N Y
HTTPS Y Supported offline Y
Sticky sessions Y Y Y

IPv6 Supported by EC2 only N N

Load balancing at Layer 4 and

Y Y Y
Layer 7
Operational monitoring Y Y Y
Service log recording Y Supported offline Y
Integration with Auto Scaling Y N Y

Page 33 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
1. Which of the following load balancing algorithms are provided by ELB?
A. Weighted round robin

B. Weighted least connections

C. Source IP hash

D. Encryption algorithm

2. Which of the following protocols are supported by ELB?

A. TCP

B. UDP

C. HTTP

D. HTTPS

Page 34 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
1. Which of the following load balancing algorithms are provided by ELB?
A. Weighted round robin

B. Weighted least connections

C. Source IP hash

D. Encryption algorithm

2. Which of the following protocols are supported by ELB?

A. TCP

B. UDP

C. HTTP

D. HTTPS

Page 35 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
1. Which of the following load balancing algorithms are provided by ELB?
A. Weighted round robin

B. Weighted least connections

C. Source IP hash

D. Encryption algorithm

2. Which of the following protocols are supported by ELB?

A. TCP

B. UDP

C. HTTP

D. HTTPS

Page 36 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Summary
⚫ This course described ELB and its main functions.

⚫ Now, you know how to create a load balancer; add a listener, a backend
server group, and backend servers to the load balancer; and create a
certificate for the load balancer.

Page 37 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Recommendations
⚫ Huawei Learning
 http://support.huawei.com/learning/Index!toTrainIndex

⚫ Huawei Knowledge Base

 http://support.huawei.com/enterprise/servicecenter?lang=en

Page 38 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
Thank You
www.huawei.com
HUAWEI CLOUD Network Service - Direct
Connect
Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Foreword
⚫ This chapter describes Direct Connect on HUAWEI CLOUD.

Page 2 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Objectives
⚫ Upon completion of this course, you will be able to:
 Know the basic concepts of Direct Connect.

 Create a direct connection.

 Manage direct connections.

Page 3 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Direct Connect Overview

2. Direct Connection Creation

3. Direct Connection Management

4. Common User Connection Management

5. Partner Connection Management

6. Virtual Gateway Management

7. Virtual Interface Management

8. FAQs

Page 4 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Direct Connect Overview
⚫ Direct Connect allows you to establish a private, dedicated network
connection from your data center, office, or collocation environment to the
public cloud platform. It reduces your network latency and provides a more
consistent network experience than Internet-based connections.
 Currently, only Direct Connect of the MPLS VPN type is supported.

 In self-service mode, you need to buy a connection and create a virtual gateway
and a virtual interface on the Direct Connect console. This mode is faster and
more flexible.

Page 5 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Direct Connect Architecture
⚫ A connection links HUAWEI CLOUD and your data centers or work
environments. A virtual gateway is bound to the Virtual Private Cloud (VPC)
that you need to access. A virtual interface connects the local gateway to
the virtual gateway to enable the local data center to access the VPC on
the cloud and construct a hybrid cloud.

Page 6 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Direct Connect Application Scenario
⚫ With Direct Connect, you can connect your network, data center, and
colocation environment to VPCs on the public cloud to enjoy a high-
performance, low-latency, and secure network.

Page 7 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Connections
⚫ Connections are abstractions of the network circuits between access points on the
cloud and local data centers for easy network circuit management. Connections
are dedicated channels for your local data centers to access VPCs on the cloud.
Compared with the traditional public network, connections are more stable,
reliable, and secure, and provide a maximum transmission rate of 10 Gbit/s.
⚫ Carriers can create hosted connections or purchase operations connections.
 Hosted connections are created by carriers for common users, and must be hosted on
operations connections.
 Operations connections are purchased by carriers. A common user leases a connection
of a carrier to connect the local data center to the access point and establish a direct
connection.

Page 8 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Connections
⚫ Common users can apply for standard connections and hosted
connections.
 In a standard connection, the port bandwidth is exclusively used by a user. This
type of connection allows users to create only one virtual interface.

 In a hosted connection, multiple users share the port bandwidth. Hosted

connections allow users to create multiple virtual interfaces to access their
VPCs.

Page 9 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Redundant Connections
⚫ Connections support the
redundancy configuration.
When two connections
connect to different access
points in the same region,
they are redundant for each
other. The two connections
work in active/standby
mode. When a connection is
faulty, services are
automatically switched to
another connection to
ensure stable running
services.

Page 10 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Virtual Gateways
⚫ Virtual gateways function as virtual routers to link direct connections to
VPCs. A virtual gateway needs to be bound to the VPC the direct
connection is going to access. You can use a virtual gateway to connect to
the network segment of the VPC to be accessed, and then use the VPC
peering connections to access multiple VPCs.

Page 11 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Virtual Interfaces
⚫ Virtual interfaces associate user gateways with virtual gateways to enable
local data centers to access VPCs.

⚫ Currently, virtual interfaces support Border Gateway Protocol (BGP). During

the connection access, you can use BGP to connect local data centers to
virtual gateways. BGP helps you build a hybrid cloud more efficiently,
flexibly, and reliably.

Page 12 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Direct Connect Overview

2. Direct Connection Creation

3. Direct Connection Management

4. Common User Connection Management

5. Partner Connection Management

6. Virtual Gateway Management

7. Virtual Interface Management

8. FAQs

Page 13 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Procedure for Creating a Direct Connection
 Buy a connection.

 Create a virtual gateway.

 Create a virtual interface.

Page 14 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Buying a Connection (1/5)
⚫ Common users can buy a connection from a HUAWEI CLOUD partner or in
self-service mode.
⚫ If you want to have a standard connection, you can apply for it by yourself
on the Direct Connect console or purchase one from a partner. If you want
to have a hosted connection, you can only purchase it from a partner.
⚫ A partner provides one-stop services, freeing you from contacting the
carrier to access a direct connection. However, in self-service mode, you
need to contact the carrier to access it to a direct connection after
purchasing a connection.
⚫ Before buying a connection, you are advised to consult the carrier about
the access scheme and pricing scheme.

Page 15 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Buying a Connection (3/5)
 Self-service purchase
1. Log in to the management console.
2. Under Network, select Direct Connect.
3. In the navigation pane on the left of Network Console, choose Direct
Connect > Connections.
4. In the upper right corner, click Self-service Purchase.
5. Set the parameters as prompted and click Next. The reviewer reviews the
submitted order.
6. After the order is approved, click Submit.
After the administrator approves the payment, the payment is complete. Then,
the system automatically assigns a connection ID to you.
7. Contact the provider to connect devices to the equipment room.
When connection status changes to Normal, the connection access is
complete.
Page 16 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Buying a Connection (4/5)
⚫ Partners can buy operations connections or create hosted connections for
common users.
 Buy an operations connection.
1. Log in to the management console.
2. Under Network, select Direct Connect.
3. In the navigation pane on the left of Network Console, choose Direct Connect >
Connections.
4. In the upper right corner of the Connections page, click Buy Operation Connection.
5. Set the parameters as prompted and click Next. The submitted order will be reviewed.
6. Check the order status.
7. After the application is approved, complete the payment. After the payment is complete, the
system automatically assigns a connection ID to you. Contact the provider to connect devices
to the equipment room.
When connection status changes to Normal, the connection access is complete.

Page 17 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Buying a Connection (5/5)
 Create a hosted connection.
1. Log in to the management console.
2. Under Network, select Direct Connect.
3. In the navigation pane on the left of Network Console, choose Direct Connect >
Connections.
4. In the upper right corner of the Connections page, click Create Hosted
Connection.
5. Set the parameters as prompted and click OK.
In the connection list, if the status of the connection is Normal, the connection is
created.

Page 18 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Parameters for Buying a Connection in Self-service
Mode
Example
Parameter Description
Value
Specifies the direct connection billing mode. At present, only Yearly and
Billing Mode Yearly/Monthly
Monthly are supported.
Region Specifies the region where the services will be handled. southchina

Location Specifies the connection access location. beijing-zhongjin

Name Specifies the connection name. dc-123

Specifies the type of the port used by the connection. The value can be 1GE or
Port Type 1GE
10GE.
Specifies the bandwidth of the connection. Select a value from the drop-down
Bandwidth 100 Mbit/s
list.
Provider Specifies the provider of the connection. China Mobile

Peering Position Specifies the physical location of the connection. Shenzhen

Description Provides supplementary information about the connection. N/A

Required
Specifies the required duration of the connection. 5 months
Duration

Page 19 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Parameters for Buying an Operations Connection

Example
Parameter Description
Value
Specifies the direct connection billing mode.
Billing Mode Yearly/Monthly
At present, only Yearly/Monthly is supported.
Region Specifies the region where the services will be handled. southchina
Specifies the connection access location.
Location Shanghai
The nearest access point may be selected according to a proximity principle.
Specifies the connection name.
Name dc-123
Enter 1 to 64 characters.
Specifies the type of the port used by the connection. The value can be 1GE or
Port Type 1GE
10GE.
Bandwidth Specifies the bandwidth size. The maximum value is 1000 Mbit/s. 100

Provider Specifies the provider of the connection. China Mobile

Peering Position Specifies the physical location of the connection. Shenzhen

Description Provides supplementary information about the connection. N/A

Required
Specifies the required duration of the connection. 5 months
Duration

Page 20 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Parameters for Creating a Hosted Connection

Example
Parameter Description
Value
Specifies the connection name.
Name client-dc-123
Enter 1 to 64 characters.
Project ID Specifies the name of the project containing the connection. cn-north-1
Operations
Specifies the operation connection on which the tenant connection depends. direconnect-1
Connection
Specifies the bandwidth of the tenant connection. It must be less than or equal
Bandwidth 100 Mbit/s
to the remaining bandwidth value of the operation connection.
VLAN Specifies the connection VLAN. 30
XXX
Specifies the name of the physical location where the connection will be company_XXX
Peering Position
established. street_XXX city
or Shenzhen
Provides supplementary information about the connection.
Description N/A
Enter 0 to 128 characters.

Page 21 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Creating a Virtual Gateway
1. Log in to the management console.
2. Under Network, select Direct Connect.
3. In the navigation pane on the left of Network Console, choose Direct
Connect > Virtual Gateways.
4. On the displayed Virtual Gateways page, click Create Virtual Gateway in
the upper right corner.
5. In the Create Virtual Gateway dialog box, set parameters and click OK.

Page 22 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Virtual Gateway Parameters

Parameter Description Example Value

Specifies the virtual gateway name.
Name vgw-123
Enter 1 to 64 characters.
VPC Specifies the VPC where the virtual gateway resides. VPC-001
Specifies the VPC CIDR blocks that can be accessed
using Direct Connect.
VPC CIDR 192.168.0.0/16
You can add multiple subnet CIDR blocks, separated
with commas (,).
Provides supplementary information about the
Description virtual gateway. N/A
Enter 0 to 128 characters.

Page 23 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Creating a Virtual Interface
1. Log in to the management console.
2. Under Network, select Direct Connect.
3. In the navigation pane on the left of Network Console, choose Direct
Connect > Virtual Interfaces.
4. On the displayed Virtual Interfaces page, click Create Virtual Interface in
the upper right corner.
5. In the Create Virtual Interface dialog box, set parameters and click OK.

Page 24 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Virtual Interface Parameters (1/2)
Parameter Description Example Value
Specifies the region where the services will be handled.
Region If you have selected a region and a project on the Homepage, you do southchina
not need to select the region here.
Specifies the virtual interface name.
Name vif-123
Enter 1 to 64 characters.
Connection Select an available connection. dc-123

Virtual Gateway Select an available virtual gateway. vgw-123

Specifies the IP address used to connect HUAWEI CLOUD in a direct

Local Gateway 10.0.0.1/24
connection.
Specifies the IP address used to connect the client network in a direct
connection.
Remote Gateway 10.0.0.2/24
The IP addresses of the remote gateway and local gateway must be in
the same network segment. Generally, a 30-bit mask is used.

Page 25 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Virtual Interface Parameters (2/2)
Parameter Description Example Value
BGP
If BGP is selected, the
Route Mode Static route and BGP are supported.
maximum number of BGP
ASN is 100.
Specifies the remote subnet and mask. If multiple remote subnets
Remote Subnet 192.168.51.0/24
are available, use commas (,) to separate them.
Specifies the autonomous system (AS) number of the BGP peer.
BGP ASN N/A
This parameter is required when Route Mode is set to BGP.
Specifies the MD5 value of the BGP peer.
BGP MD5 N/A
This parameter is required when Route Mode is set to BGP.
Provides supplementary information about the virtual interface.
Description N/A
Enter 0 to 128 characters.

Page 26 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Direct Connect Overview

2. Direct Connection Creation

3. Direct Connection Management

4. Common User Connection Management

5. Partner Connection Management

6. Virtual Gateway Management

7. Virtual Interface Management

8. FAQs

Page 27 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Direct Connection Management
⚫ Viewing a direct connection

⚫ Modifying a direct connection

Page 28 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Viewing a Direct Connection
1. Log in to the management console.
2. Under Network, select Direct Connect.
3. In the navigation pane, choose Direct Connect > Historical Direct
Connections.
4. In the direct connection list, locate the target one, and click before
it to view its details.

Page 29 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Modifying a Direct Connection
1. Log in to the management console.
2. Under Network, select Direct Connect.
3. In the navigation pane, choose Direct Connect > Historical Direct
Connections.
4. In the direct connection list, locate the target direct connection,
click Modify in the Operation column, and modify its name and
remote subnet as prompted.
5. Click OK.

Page 30 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Direct Connect Overview

2. Direct Connection Creation

3. Direct Connection Management

4. Common User Connection Management

5. Partner Connection Management

6. Virtual Gateway Management

7. Virtual Interface Management

8. FAQs

Page 31 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Common User Connection Management
⚫ Viewing a connection

⚫ Modify a connection

⚫ Unsubscribing a connection

Page 32 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Viewing a Connection
1. Log in to the management console.
2. Under Network, select Direct Connect.
3. In the navigation pane on the left, choose Direct Connect >
Connections.
4. In the connection list, click on the left of the target connection to view its
details.

Page 33 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Modifying a Connection
1. Log in to the management console.
2. Under Network, select Direct Connect.
3. In the navigation pane on the left, choose Direct Connect > Connections.
4. In the connection list, locate the target connection, click Modify in the
Operation column, and modify its name, peering position, and
description.
5. Click OK.

Page 34 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Unsubscribing a Connection
⚫ Prerequisites
Before unsubscribing a connection, you need to delete the virtual interface and
virtual gateway associated with it.
⚫ Procedure
1. Log in to the management console.
2. Under Network, select Direct Connect.
3. In the navigation pane on the left, choose Direct Connect > Connections.
4. In the connection list, locate the target connection, and click Unsubscribe in
the Operation column.
5. On the Unsubscriptions page, locate the target connection, and click
Unsubscribe in the Operation column.

Page 35 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Direct Connect Overview

2. Direct Connection Creation

3. Direct Connection Management

4. Common User Connection Management

5. Partner Connection Management

6. Virtual Gateway Management

7. Virtual Interface Management

8. FAQs

Page 36 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Partner Connection Management
⚫ Viewing an operations connection

⚫ Viewing a hosted connection

⚫ Modifying an operations connection

⚫ Modifying a hosted connection

⚫ Unsubscribing an operations connection

Page 37 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Viewing an Operations Connection
1. Log in to the management console.
2. Under Network, select Direct Connect.
3. In the navigation pane on the left, choose Direct Connect > Connections.
4. In the connection list, click the name of the target connection.
5. On the displayed page, view details about the operations connection.

Page 38 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Viewing a Hosted Connection
1. Log in to the management console.
2. Under Network, select Direct Connect.
3. In the navigation pane on the left, choose Direct Connect > Connections.
4. In the connection list, locate the operations connection on which the
hosted connection depends and click Manage Hosted Connection in the
Operation column.
5. In the displayed hosted connection list, locate the target one, and click
to view its details.

Page 39 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Modifying an Operations Connection
1. Log in to the management console.
2. Under Network, select Direct Connect.
3. In the navigation pane on the left, choose Direct Connect > Connections.
4. In the connection list, locate the target operations connection, click
Modify in the Operation column, and modify its name, peering position,
or description.
5. Click OK.

Page 40 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Modifying a Hosted Connection
1. Log in to the management console.
2. Under Network, select Direct Connect.
3. In the navigation pane on the left, choose Direct Connect > Connections.
4. In the connection list, locate the operations connection on which the
hosted connection depends and click Manage Hosted Connection in the
Operation column.
5. In the displayed hosted connection list, locate the target one, click
Modify in the Operation column, and modify its name, peering position,
bandwidth, or description.
6. Click OK.

Page 41 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Unsubscribing an Operations Connection
⚫ Prerequisites
 To unsubscribe an operations connection, you need to delete the hosted
connection depends on it, and then delete the virtual gateway and virtual
interface associated with it.
⚫ Procedure
1. Log in to the management console.
2. Under Network, select Direct Connect.
3. In the navigation pane on the left, choose Direct Connect > Connections.
4. In the connection list, locate the target operations connection, click More in
the Operation column, and select Unsubscribe from the drop-down list.
5. On the Unsubscriptions page, locate the target operations connection, and
click Unsubscribe in the Operation column.

Page 42 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Direct Connect Overview

2. Direct Connection Creation

3. Direct Connection Management

4. Common User Connection Management

5. Partner Connection Management

6. Virtual Gateway Management

7. Virtual Interface Management

8. FAQs

Page 43 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Virtual Gateway Management
⚫ Modifying a virtual gateway

⚫ Deleting a virtual gateway

Page 44 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Modifying a Virtual Gateway
1. Log in to the management console.
2. Under Network, select Direct Connect.
3. In the navigation pane on the left, choose Direct Connect > Virtual
Gateways.
4. In the virtual gateway list, locate the target virtual gateway and click
Modify in the Operation column.
5. In the Modify Virtual Gateway dialog box, modify the virtual gateway
name, VPC CIDR, and description. Click OK.

Page 45 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Deleting a Virtual Gateway
⚫ Prerequisites
 Before deleting a virtual gateway, you need to delete the virtual interface
associated with the virtual gateway.
⚫ Procedure
1. Log in to the management console.
2. Under Network, select Direct Connect.
3. In the navigation pane on the left, choose Direct Connect > Virtual
Gateways.
4. In the virtual gateway list, locate the target virtual gateway and click Delete in
the Operation column.
5. In the Delete Virtual Gateway dialog box, click OK.

Page 46 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Direct Connect Overview

2. Direct Connection Creation

3. Direct Connection Management

4. Common User Connection Management

5. Partner Connection Management

6. Virtual Gateway Management

7. Virtual Interface Management

8. FAQs

Page 47 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Virtual Interface Management
⚫ Modifying a virtual interface

⚫ Deleting a virtual interface

Page 48 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Modifying a Virtual Interface
1. Log in to the management console.
2. Under Network, select Direct Connect.
3. In the navigation pane on the left, choose Direct Connect > Virtual
Interfaces.
4. In the virtual interface list, locate the target virtual interface and click
Modify in the Operation column.
5. In the Modify Virtual Interface dialog box, modify the virtual interface
name, remote subnet, and description. Click OK.

Page 49 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Deleting a Virtual Interface
1. Log in to the management console.
2. Under Network, select Direct Connect.
3. In the navigation pane on the left, choose Direct Connect > Virtual
Interfaces.
4. In the virtual interface list, locate the target virtual interface and click
Delete in the Operation column.
5. In the Delete Virtual Interface dialog box, click OK.

Page 50 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Direct Connect Overview

2. Direct Connection Creation

3. Direct Connection Management

4. Common User Connection Management

5. Partner Connection Management

6. Virtual Gateway Management

7. Virtual Interface Management

8. FAQs

Page 51 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 FAQs (1/3)
⚫ Can I access multiple VPCs using a direct connection?
 No. Currently, you can access only one VPC using a direct connection. However,
after a direct connection is created, you can access different VPCs through VPC
peering connections.
⚫ What port types does Direct Connect support?
 Direct Connect supports the 1GE electrical port and 10GE optical port. The
maximum bandwidth supported by connections is 10 Gbit/s.
⚫ How do I plan the Direct Connect access address?
 The hosts at the two ends of a direct connection must use different private IP
addresses. If you use the public IP address, you need to map the public IP
address into a private one using NAT.

Page 52 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 FAQs (2/3)
⚫ How Direct Connect is charged?
 Currently, only the duration-based (yearly/monthly) billing mode is available.
⚫ How to unsubscribe a direct connection?
 For a direct connection that is applied for through email or call, contact the
customer service personnel to unsubscribe it.
 For a direct connection that is applied for in self-service mode, you need to
delete its virtual interface, delete the virtual gateway bound to the virtual
interface, and then unsubscribe the connection.

Page 53 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 FAQs (3/3)
⚫ Can a direct connection be used after being frozen?
 After a direct connection expires, resources can still be used within the grace
period (within seven days). You can renew the direct connection at this time.
 After the grace period ends, the direct connection enters the frozen state,
during which resources cannot be used. When you renew a direct connection
during the frozen period, you unfreeze it and can continue to use resources.
 The frozen state lasts for a certain period. If the time limit is exceeded, the
resources will be deleted and you cannot renew the subscription. HUAWEI
CLOUD controls the frozen period. Therefore, contact customer service
representatives for more information.

Page 54 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Recommendations
⚫ Huawei learning website
 http://support.huawei.com/learning/en/newindex.html

⚫ Huawei support cases

 http://support.huawei.com/enterprise/servicecenter?lang=en

Page 55 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
Thank You
www.huawei.com
Network Cloud Services - Virtual Private
Network
Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Foreword
⚫ This chapter introduces the Huawei Virtual Private Network (VPN) service.

Page 2 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Objectives
⚫ After completing this course, you will be able to:
 Be familiar with the VPN concepts.

 Understand the VPN application scenarios.

 Know how to use a VPN.

Page 3 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. VPN Overview

2. VPN Quick Start

3. VPN Use and Management

4. VPN FAQs

Page 4 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 VPN Concepts
A Virtual Private Network (VPN) establishes an encrypted communications
tunnel between a user and a Virtual Private Cloud (VPC). With VPN, you can
connect to a VPC and access service resources in it.

Remote office

Remote site
Core office

Mobile office

Page 5 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 VPN Gateway
A VPN gateway is an egress gateway of a VPC. It allows you to create a
secure, reliable, and encrypted connection between a VPC and the corporate
data center or between VPCs in different regions.

Page 6 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 VPN Connection
A VPN connection is an encrypted communications tunnel established
between your VPN gateway and the remote gateway. The VPN connection
uses the tunneling technology and sends traffic over the Internet. Currently,
only IPsec VPN connections are supported.

Page 7 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 VPN Types
VPNs can be categorized into the following three types based on their usage:
✓ Access VPN: allows employees to remotely access the corporate network.

✓ Intranet VPN: connects different branches or sites of an enterprise and enables

private communication between them over the Internet.
✓ Extranet VPN: connects enterprise internal networks with networks of partners
or authorized agencies.

Page 8 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Example IPsec VPN

Firewall 1 Firewall 2
100.1.1.1/24 200.2.2.2/24

Internet
Intranet of site 1 Intranet of site 2
192.168.1.0/24 192.168.2.0/24
IPsec tunnel

Local: 100.1.1.1 Local: 100.1.1.1

Remote: Remote:
200.2.2.2 200.2.2.2

Security header Security header Local: 192.168.1.1

Local: 192.168.1.1 Remote:
Remote:192.168.2.1 192.168.2.1

Encrypted data Encrypted data

Data Data

Page 9 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Product Architecture

Page 10 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Billing
⚫ HUAWEI CLOUD VPN uses pay-per-use pricing. You pay only for what you
use, for as long as you need it, without requiring complex forecasts and
budgets.
⚫ Billing mode: Pay-per-use
⚫ Billing formula: VPN connection price + Public network bandwidth price
⚫ By default, a VPN connection does not include public network bandwidth.
You need to buy public network bandwidth separately.

Page 11 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. VPN Overview

2. VPN Quick Start

3. VPN Use and Management

4. VPN FAQs

Page 12 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 VPN Quick Start
⚫ Getting started with the VPN service
 Buying a VPN gateway
 Buying a VPN connection

Page 13 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Buying a VPN Gateway (1/4)
⚫ Procedure:
1. Sign up and log in to the management console.

2. On the console homepage, under Network, click Virtual Private Network.

3. In the navigation pane on the left, choose Virtual Private Network > VPN
Gateways.

4. On the VPN Gateways page, click Create VPN Gateway.

5. Set the parameters as prompted and click Next.

6. Confirm the VPN gateway information and click Submit.

Page 14 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Buying a VPN Gateway (2/4)

Page 15 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Buying a VPN Gateway (3/4)
VPN gateway configuration parameters

Parameter Description Example Value

VPN gateways are billed in pay-per-use mode.
Billing Mode The price of a pay-per-use VPN gateway consists of the gateway Pay-per-use
configuration fee and bandwidth fee.
CN North-
Region Specifies the region where your VPN gateway is running. Beijing1
VPC Specifies the name of the VPC to which the VPN has access. vpc-001
Name Specifies the VPN gateway name. vpngw-001
Type Specifies the VPN type. IPsec is selected by default. IPsec
Currently, only Standalone is supported.
Reliability Standalone
In standalone mode, a VPN gateway has only one IP address.

Page 16 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Buying a VPN Gateway (4/4)
VPN gateway configuration parameters
Parameter Description Example Value

Billed By A VPN gateway can be billed by bandwidth or by traffic.

• Bandwidth: You specify a maximum bandwidth and pay for the
amount of time you use the bandwidth. Traffic
• Traffic: You specify a maximum bandwidth and pay for the total
traffic you use.
Specifies the bandwidth size (Mbit/s) of a local VPN gateway. The
bandwidth size is shared by all VPN connections created for the VPN
gateway. The total bandwidth size of all VPN connections created for
a VPN gateway cannot exceed the VPN gateway bandwidth size.
Bandwidth • When you use a VPN connection, if the network traffic exceeds the
100
Size VPN connection bandwidth, network congestion occurs and the
VPN connection is interrupted. Plan sufficient bandwidth in
advance to avoid the VPN connection interruption failure.
• You can configure alarm rules on Cloud Eye to monitor the
bandwidth.
Description Provides supplementary information about the VPN gateway. N/A
Page 17 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Buying a VPN Connection (1/2)
Procedure:
1. Sign up and log in to the management console.

2. On the console homepage, under Network, click Virtual Private Network.

3. In the navigation pane on the left, choose Virtual Private Network > VPN
Connections.

4. On the VPN Connections page, click Create VPN Connection.

5. Set the parameters as prompted and click Next.

6. Confirm the VPN connection information and click Submit.

Due to the symmetry of the tunnel, you also need to configure the IPsec VPN
tunnel on your router or firewall in the data center.

Page 18 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Buying a VPN Connection (2/2)

Page 19 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 VPN Connection Parameters (1/6)
VPN connection configuration parameters
Parameter Description Example Value

Billing Mode VPN connections are billed in pay-per-use mode. Pay-per-use

A region is a geographical area where you can run your VPN service.
Each region comprises one or more availability zones (AZs) and is CN North-Beijing1
Region
completely isolated from other regions. Only AZs in the same region N/A
can communicate with one another through an internal network.
Name Specifies the VPN connection name. vpn-001
Specifies the name of the VPN gateway used by the VPN
VPN Gateway vpcgw-001
connection.
Specifies the VPC subnets that need to communicate with your data
center or private network. You can set the local subnet using either
192.168.1.0/24,
Local Subnet of the following methods:
192.168.2.0/24
• Select subnets
• Specify CIDR blocks
Specifies the public IP address of the VPN connection in your data
Remote
center or on the private network. This IP address is used for N/A
Gateway
communicating with the VPN connection in the VPC.
Page 20 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 VPN Connection Parameters (2/6)
VPN connection configuration parameters

Parameter Description Example Value

Specifies the subnets of your data center or private network for
communicating with the VPC. The remote and local subnets cannot
192.168.3.0/24,
Remote Subnet have overlapping or matching CIDR blocks. The remote subnet CIDR
192.168.4.0/24
block cannot overlap with CIDR blocks involved in existing VPC
peering connections created for the local VPC.
Specifies the pre-shared key. The value is a string of 6 to 128
PSK characters. This parameter value must be the same for the VPN Test@123
connection in the VPC and that in the data center.
Confirm PSK Specifies the confirm pre-shared key. Test@123
Advanced • Default: Uses the default IKE and IPsec policies.
Custom
Settings • Custom: Uses custom IKE and IPsec policies.

Page 21 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 VPN Connection Parameters (3/6)
VPN connection configuration parameters (IKE policy)
Parameter Description Example Value
Specifies the authentication hash algorithm. The value can be sha1,
Authentication
sha2-256, sha2-384, sha2-512, or md5. sha1
Algorithm
The default value is sha1.
Specifies the encryption algorithm. The value can be aes-128, aes-
Encryption 192, aes-256, or 3des. The 3des algorithm is not recommended
aes-128
Algorithm because it is risky.
The default value is aes-128.
Specifies the Diffie-Hellman key exchange algorithm. The value can be
group2, group5, or group14.
DH Algorithm The default value is group5. group5
The DH algorithms used at the two sides of a VPN connection must be
the same. Otherwise, the negotiation will fail.
Specifies the version of the IKE protocol. The value can be v1 or v2.
Version v1
The default value is v1.

Page 22 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 VPN Connection Parameters (4/6)
VPN connection configuration parameters (IKE policy)

Parameter Description Example Value

Specifies the lifetime of the security association (SA), in
seconds.
Lifecycle (s) 86400
The SA will be renegotiated if its lifetime expires.
The default value is 86400.
If the IKE policy version is v1, the negotiation mode can be
Negotiation
configured. The value can be main or aggressive. main
Mode
The default value is main.

Page 23 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 VPN Connection Parameters (5/6)
VPN connection configuration parameters (IPsec policy)
Parameter Description Example Value
Specifies the authentication hash algorithm. The value can be sha1,
Authentication
sha2-256, sha2-384, sha2-512, or md5. sha1
Algorithm
The default value is sha1.
Specifies the encryption algorithm. The value can be aes-128, aes-192,
Encryption aes-256, or 3des. The 3des algorithm is not recommended because it is
aes-128
Algorithm risky.
The default value is aes-128.
Specifies the Diffie-Hellman key exchange algorithm. The value can be
group2, group5, or group14.
DH Algorithm The DH algorithms used at the two sides of a VPN connection must be group5
the same. Otherwise, the negotiation will fail.
The default value is group5.

Page 24 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 VPN Connection Parameters (6/6)
VPN connection configuration parameters (IPsec policy)

Parameter Description Example Value

Specifies the security protocol used for IPsec to transmit and
Protocol encapsulate user data. The value can be ah, esp, or ah-esp. esp
The default value is esp.
Specifies the lifetime of the SA, in seconds.
Lifecycle (s) The SA will be renegotiated if its lifetime expires. 3600
The default value is 3600.

Page 25 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. VPN Overview

2. VPN Quick Start

3. VPN Use and Management

4. VPN FAQs

Page 26 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 VPN Use and Management
⚫ Viewing a VPN gateway
⚫ Modifying a VPN gateway
⚫ Deleting a VPN gateway
⚫ Viewing a VPN connection
⚫ Modifying a VPN connection
⚫ Deleting a VPN connection

Page 27 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Viewing a VPN Gateway
⚫ Scenario
After creating a VPN gateway, you can view information about your VPN gateway.

⚫ Procedure
1. Log in to the management console.

2. On the console homepage, under Network, click Virtual Private Network.

3. In the navigation pane on the left, choose Virtual Private Network > VPN
Gateways.

4. View information about your VPN gateway on the VPN Gateways page.

Page 28 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Modifying a VPN Gateway
⚫ Scenario
If the VPN gateway information needs to be updated to keep up with the latest
network configuration, you can modify a VPN gateway.

⚫ Procedure
1. Log in to the management console.

2. On the console homepage, under Network, click Virtual Private Network.

3. In the navigation pane on the left, choose Virtual Private Network > VPN
Gateways.

4. On the VPN Gateways page, locate the target VPN gateway and click Modify.

5. Set the required parameters and click OK.

Page 29 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Deleting a VPN Gateway
⚫ Scenario
You can delete a VPN gateway to release network resources if it is no longer
required.

⚫ Procedure
1. Log in to the management console.

2. On the console homepage, under Network, click Virtual Private Network.

3. In the navigation pane on the left, choose Virtual Private Network > VPN
Gateways.

4. On the VPN Gateways page, locate the target VPN gateway and click Delete.

Page 30 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Viewing a VPN Connection
⚫ Scenario
After creating a VPN connection, you can view information about your VPN
connection.

⚫ Procedure
1. Log in to the management console.

2. On the console homepage, under Network, click Virtual Private Network.

3. In the navigation pane on the left, choose Virtual Private Network > VPN
Connections.

4. View information about your VPN connection on the VPN Connections page.

Page 31 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Modifying a VPN Connection
⚫ Scenario
If the VPN connection information needs to be updated to keep up with the latest network
configuration, you can modify a VPN connection.

⚫ Procedure
1. Log in to the management console.

2. On the console homepage, under Network, click Virtual Private Network.

3. In the navigation pane on the left, choose Virtual Private Network > VPN
Connections.

4. On the VPN Connections page, locate the target VPN connection and click Modify.

5. Set the required parameters and click OK.

Page 32 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Deleting a VPN Connection
⚫ Scenario
You can delete a VPN connection to release network resources if it is no longer
required.

⚫ Procedure
1. Log in to the management console.

2. On the console homepage, under Network, click Virtual Private Network.

3. In the navigation pane on the left, choose Virtual Private Network > VPN
Connections.

4. On the VPN Connections page, locate the target VPN connection and click
Delete.

Page 33 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. VPN Overview

2. VPN Quick Start

3. VPN Use and Management

4. VPN FAQs

Page 34 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 VPN FAQs (1/3)
⚫ What Types of VPNs Are Supported?
 Currently, only IPsec VPNs are supported.

⚫ How Many VPN Connections Can I Have?

 A maximum of two VPN gateways can be created in each account by default.
 A maximum of two VPN connections can be created in each account by default.
You can request to increase the VPN connection quota limit to up to 20. If you
still need more VPN connections, contact the administrator.

⚫ Does the IPsec VPN Support Automatic Negotiation?

 Yes. IPsec VPNs support automatic negotiation.

Page 35 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 VPN FAQs (2/3)
⚫ Why Is Not Connected Displayed as the Status for a Successfully Created VPN Connection?
After a VPN connection is created, its status changes to Normal only after the VMs or physical servers
on the two sides of the VPN connection communicate with each other.
 For IKE v1, if no traffic goes through the VPN connection for a period of time, the VPN connection
needs to be renegotiated. The negotiation time depends on the value of Lifecycle (s) in the IPsec
policy. Generally, the value of Lifecycle (s) is 3600 (1 hour), and the negotiation will be initiated in
the 54th minute. If the negotiation succeeds, the connection remains to the next round of
negotiation. If the negotiation fails, the status is set to Not connected within one hour. The
connection can be restored after the two sides of the VPN connection communicates with each
other. The disconnection can be avoided by using a network monitoring tool, such as IP SLA, to
generate ping packets for keeping the connection.
 For IKE v2, even if no traffic goes through the VPN connection for a period of time, the VPN
connection remains in the Connected status.

Page 36 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 VPN FAQs (3/3)
⚫ Does a VPN Allow for Communication Between Two VPCs?
 If the two VPCs are in the same region, you can use a VPC peering connection
to enable communication between them.
 If the two VPCs are in different regions, you can use a VPN to enable
communication between the VPCs. The CIDR blocks of the two VPCs are the
local and remote subnets, respectively.

Page 37 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 More Information
⚫ Acronyms

Acronym Full Name

GRE Generic Routing Encapsulation
L2TP Layer 2 Tunneling Protocol
PPTP Point-to-Point Tunneling Protocol
IKE Internet Key Exchange
SA Security Associations
AH Authentication Header
ESP Encapsulated Security Payload

Page 38 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Recommendations
⚫ Huawei learning website:
 http://support.huawei.com/learning/en/newindex.html

⚫ Huawei support cases:

 http://support.huawei.com/enterprise/servicecenter?lang=en

Page 39 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
Thank You
www.huawei.com
HUAWEI CLOUD Security Services
Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Foreword
⚫ This PPT introduces HUAWEI CLOUD security services.

Page 2 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Objectives
⚫ On completion of this course, you will be able to know:
 Security concerns of in-cloud users and the security ecosystem

 HUAWEI CLOUD security service system

 Concepts, functions, and application scenarios of HUAWEI CLOUD security

services

 Principles and features of HUAWEI CLOUD security services

 Purchase and use of HUAWEI CLOUD security services

Page 3 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
⚫ Basics of HUAWEI CLOUD Security Services
 Security Concerns and Security Ecosystem

 HUAWEI CLOUD Security Service Family

 Purchase and Use of HUAWEI CLOUD Security Services

⚫ Overview of HUAWEI CLOUD Security Services

Page 4 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Security Concerns of In-cloud Users

CSA Top Threats

Enterprises' Security Concerns for Migrating to the Cloud

• Data leaks
• Advanced persistent threats Service Continuity Controllable O&M Data
• Lack of identity, credential, (APTs) Confidentiality
and access management • Cyberattack • Security policy
• Data loss
• Insecure interfaces and defense configuration • Data theft
• Insufficient due diligence • Anti-hacking • Risk identification prevention
application programming
interfaces (APIs) • Abuse and malicious use of
• Law compliance and quantification • Access control
• Operations of unauthorized
cloud services
• System vulnerabilities auditable and employees
• Denial of Service (DoS) traceable • Access control
• Account hijacking
of cloud service
• Shared technical
• Malicious insiders providers
vulnerabilities

Page 5 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Security Ecosystem
Cloud Industry
Solutions …… General Security Solutions
Solutions
Government Compliance ……
Video industry Security solution
sector solution
marketpla
Security

Micro- ……
ce

vNGFW vWAF SSL VPN Mobile security

segmentation
Services
Security

Network Application Security ……

Host security Data security
security security management
Ecosystem
Basis

Page 6 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 HUAWEI CLOUD Security Service System
With data security as its core, HUAWEI CLOUD builds a series of security services to
meet the particular needs. Security Risks and Security Services
Solutions
Application Prevention of Data Security Host Security
and host Unauthorized Access
security Brute force Malicious
attacks programs DEW HSS
Unauthorized
Webshell
access
SQL injection XSS
DBSS CGS

Prevention of
Database Unauthorized View Application Security Network Security
Turn concepts
security
Dat Automatic
discovery
Dynamic
masking
into practices.
WAF Anti-DDoS
a Comprehensiv
e defense
Precise audit

VSS AAD

Prevention of
Unauthorized Transfer Security Management
Third-party
Key management
HSMs
Data International
Strong SES SCM SA
encryption standard
compliance
algorithms

Page 7 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 HUAWEI CLOUD Security Service Family - Data
Security
Security
Description
Name
Data Encryption Workshop
(DEW) is a full-stack data
encryption service. It covers
Key Management Service
(KMS), Key Pair Service
(KPS), and Dedicated HSM.
DEW With DEW, you can develop
customized encryption
applications, and integrate
it with other HUAWEI
CLOUD services to meet
even the most demanding
encryption scenarios.
Database Security Service
(DBSS) is a smart database
protection service. With the
• Sensitive data discovery and masking: The built-
reverse proxy and machine
learning technologies, the
DBSS
service is able to provide
such functions as sensitive
data discovery, data
masking, database auditing,
• Database audit: Monitors behavior, data, and
and injection prevention.
Page 8 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
Function Application Scenario
• Key and key pair management: KMS is a secure,
Applicable to the public sector,
reliable, and easy-to-use service designed to
Internet, e-commerce, transportation,
manage and protect your keys. KPS is a secure,
manufacturing, medical care, and
reliable, and easy-to-use service designed to
more industries
manage and protect your key pairs.
• Decrypting small-size data
• Dedicated HSM: It provides you with Dedicated
• Encrypting large volumes of data
HSM instances that are certified by China State
• Encrypting data in
Cryptography Administration (SCA), helping you
OBS/EVS/IMS/SFS/RDS
protect data security and privacy on Elastic Cloud
• Logging in to a Linux ECS
Servers (ECSs) and meet regulatory compliance
• Obtaining the password for
requirements. It offers you a secure and reliable
logging in to a Windows ECS
management for the keys generated by your
• Encrypting your service system
instances, and uses multiple algorithms to encrypt
using dedicated HSM
and decrypt data.
•Database firewall: Role-based access control and
minimum permission allocation; blocking of SQL
injections; auto-learning results applied to firewall
policies
Applicable to the finance, government,
in knowledge base, such as PCI-DSS/HIPAA/SOX,
education, medical care, insurance,
used to automatically discover sensitive data. Fine-
and gaming industries.
grained masking, row/column/table/view level
• Sensitive data leakage prevention
masking; generation of compliance reports to
facilitate audit.
performance exceptions. Records and stores local
and remote logs. Provides real-time alarms.
 HUAWEI CLOUD Security Service Family - Host
Security
Service
Description
Name
Host Security Service (HSS)
reduces intrusion risks with
such functions as intrusion
detection, vulnerability
HSS
management, baseline
inspection, and asset
management to enhance
overall security for hosts.
Container Guard Service
(CGS) scans vulnerabilities
and configuration
information in container
images. It also provides
CGS other security functions,
such as container security
policy configuration and
container escape detection,
to ensure container
security.
Page 9 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
Function Application Scenario
Account cracking protection, check for the
password complexity policy and weak passwords,
Applicable to the governments and
malicious program detection, remote login
public institutions, gaming, P2P,
detection, key file change detection, open port
healthcare, and more industries.
detection, software vulnerability detection, account
• Protects host security by means of
and software information management, web
pre-event prevention, during-event
directory management, process information
defense, and post-event detection.
detection, webshell detection, and configuration
detection
• Image vulnerability management: Runs
vulnerability scans on running images and
Applicable to the gaming, biological
provides mitigation actions.
gene, scientific computing, finance,
• Container security policy management:
media assets, energy, and tourism
Provides security policy configuration to help
industries.
enterprises formulate container process
• Ensures that the containers use
whitelists and file protection lists, strengthening
secure images with image
system and application security during
vulnerability scanning.
container runtime.
• Monitors the status of running
• Container escape detection: Scans all running
containers to ensure container
containers to detect any exception (such as,
security.
escape vulnerability attacks and escape file
access), and provides remediations.
 HUAWEI CLOUD Security Service Family – Application
Security
Service
Description
Name
Web Application Firewall (WAF) is
designed to keep web services stable
and secure. It examines all HTTP and
HTTPS requests to detect and block
the following attacks: SQL injections,
WAF cross-site scripting (XSS), webshells,
command and code injections, file
inclusion, sensitive file access, third-
party vulnerability exploits, CC attacks,
malicious crawlers, and cross-site
request forgery (CSRF).
Vulnerability Scan Service (VSS)
• Critical vulnerability scan: Monitors
discovers security risks in your
websites and servers. It also provides
VSS
common vulnerability scan,
vulnerability lifecycle management,
• Periodic risk detection: Periodically
and customized scanning.
• Weak password scan: Scans for
Page 10 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
Function Application Scenario
• Web application attack protection:
With preset powerful reputation
databases, WAF defends against
OWASP Top 10 threats, and detects
• General protection: Data
and blocks malicious scanners, IP
leakage prevention and web
addresses, and webshells.
tamper protection
• CC attack protection, precise
• Promotion at e-malls
protection, defense against malicious
• Zero-day vulnerabilities
scanners and crawlers, geolocation
access control, web tamper
protection, anti-crawler, and sensitive
information leakage prevention
•Full scan capabilities: Scans for
website, host, and middle
Applicable to industries with
vulnerabilities, as well as weak
vulnerability scanning
passwords.
requirements, such as,
government, finance, education,
the latest network vulnerabilities in
medical care, insurance,
real time to provide the fastest
transportation, e-commerce, and
vulnerability scan.
gaming.
• Latest CVE vulnerability scan
detects security threats to your assets.
in one click
• Weak password scan
standard web services, OSs, and
databases.
 HUAWEI CLOUD Security Service Family – Network
Security
Service
Description
Name
Anti-DDoS is a traffic scrubbing
service that protects resources,
such as ECSs, Elastic Load Balance
(ELB) instances, and Bare Metal
Anti-DDoS Servers (BMSs), from network and
application layer DDoS attacks. It
notifies users of detected attacks
instantly, ensures bandwidth
availability as well as the stable
and reliable running of services.
Based on anti-DDoS scrubbing
devices and a big data operation
platform, Advanced Anti-DDoS
AAD (AAD) is an advanced anti-DDoS
service that hides and protects
users' origin servers by traffic
forwarding.
Page 11 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
Function Application Scenario
• Website browsing: Websites are
prone to DDoS attacks, which
can ultimately cause them to
crash. The Anti-DDoS service can
withstand multi-layered (layers 4
• Anti-DDoS
to 7) attacks, which in turn
• Provides monitoring records for a
improves the browsing
single elastic IP address (EIP).
experience.
• Provides interception reports for the
• Gaming: Online gaming poses a
protected EIP.
considerable risk with regards to
malware. Anti-DDoS protects
against every form of DDoS
attack to ensure stable Internet
connections.
• Defends against massive DDoS attacks.
• Provides the function of configuring the
forward protocol.
• Adds your domain name to AAD.
• Sets alarm notifications.
Applicable to the gaming, finance,
• Provides traffic protection, website
and e-commerce industries.
protection, and security statistics for
AAD lines (China Telecom, China
Unicom, China Mobile, and BGP lines).
• Allows users to view defense reports of
AAD lines.
 HUAWEI CLOUD Security Service Family – Security
Management
Service
Description
Name
Security Expert Service (SES) is a
comprehensive security service jointly
provided by Huawei and information
security authorities. It helps you identify,
SES
prevent, and handle security threats to
hosts, websites, and systems, and
ensure compliance with governmental
security requirements.
Situation Awareness (SA) provides a
unified platform for threat detection
and risk handling to protect your assets
on the cloud. It can detect typical
SA security risks and offers strong pre-,
during-, and post-attack security
management capabilities, providing
attack histories, current situations, and
forecasts.
SSL Certificate Manager (SCM) is a
Secure Sockets Layer (SSL) certificate
management platform. The platform
SCM helps you to purchase SSL certificates,
upload local (external) SSL certificates,
and centrally manage internal and
external SSL certificates.
Page 12 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
Function
SES provides the following editions:
• Standard edition: Provides five service categories:
website security assessment, host security assessment,
security hardening, security monitoring, and
emergency response.
• Enterprise edition: Provides security consulting,
security assessment, security hardening, security
inspection, emergency response, and hosting for
enterprises.
• Data collection: Deploys flow probes and intrusion
detection systems at the entrance and exit of HUAWEI
CLOUD to collect network traffic and logs of security
devices such as Anti-DDoS, AAD, WAF, and HSS to the
security threat analysis platform.
• Threat discovery: Identifies about 30 major security
threats using threat models and big data.
• Centralized display: The security status of tenant
assets is centrally displayed.
• Threat analysis: Provides threat analysis from the
angles of the victim and attacker, and adjusts security
policies in a timely manner.
• Security orchestration: Collaborates with other security
services to create and deliver security policies for the
known security threats in one click.
SCM provides six types of SSL certificates.
Applicable Scenario
Applicable to the government sector, taxation,
education, telecommunications, energy, transportation,
and gaming, and finance industries.
• Pre-event prevention (security assessment and
security monitoring), during-event (emergency
response), and post-event (security hardening) are
used together to protect enterprise security.
Applicable to the finance, government, education,
medical care, insurance, and gaming industries.
• Overview of security posture
• Regularly reviews the asset security status.
• Views threat details.
• Understands the host security posture from
multiple angles.
• Shows security intelligence on a large screen in real
time (Professional Edition).
• Security orchestration
• Gets notified once a threat event was discovered
(Professional Edition).
Applicable to the websites and apps, improving
website security, website brand awareness, and SEO
search ranking.
• Organization Validation (OV): Small- and medium-
sized enterprises
• Extended Validation (EV): Enterprises with strict
security requirements
• Domain Validation (DV): testing of personal
websites
 Purchase and Use of HUAWEI CLOUD Security Services

⚫ HUAWEI CLOUD provides a uniform management console.

⚫ Users purchase the services you want.
⚫ Security services can be used independently or together.
⚫ Cloud service operation logs can be queried on the CTS
console.
⚫ Alarms are sent by SMS or email.

Page 13 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Basics of HUAWEI CLOUD Security Services
 Security Concerns and Security Ecosystem
 HUAWEI CLOUD Security Service Family
 Purchase and Use of HUAWEI CLOUD Security Services

2. Overview of HUAWEI CLOUD Security Services

Page 14 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Data Encryption Workshop (DEW)
Dedicated HSM Key Management
HUAWEI
Service (KMS)
HUAWEI
CLOUD CLOUD
DEK CMK Root Key

chip
Encryption
e- e-
Invoice Contract Object
Verification Virtual CMK 1
Storage DEK 1
HSM
e-Policy EMR API Service
Verification (OBS)
Elastic

chip
Encryption
Personal privacy CMK 2
Encryption Users using Volume DEK 2
data system Virtual Service
HSM service-generated keys
Public utilities API (EVS) Root key
Sensitive data system
Volume
Video data CMK 3
Backup DEK 3
system
Service
(VBS)

chip
Encryption
Liquidatio
Users using Relational
n system
Encryption
Exclusive
imported keys Database
Financial HSM DEK 4
CMK 4
Payment system
API Service
payment (RDS)
system

•
•
Deep integration: Easy to use and requires no secondary
High security: Only tenants can access and operate data.
•
development.
Exclusive chip encryption: Ensures high performance and
•
High security: Supports user imported keys, which cannot be
concurrent processing, without delay.
accessed or controlled by the cloud service provider.
•
Compliance: Supports CSCA certified algorithms and FIPS140-2
•
Considerate management: Supports key rotation, meeting large
certified Level 3 HSM protection.
enterprises' requirements for internal control.

Page 15 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Database Security Service (DBSS)
Database firewall Sensitive data discovery Database audit
and masking
Database Database
Database Non-masking DBSS
Authorized query User 1
Normal users
users 19900808 Modificatio
RDS n RDS
RDS Masking
query User 2
DBSS

modification
User 1 query
DBSS

operation

deletion
User 2

User 3
xxxxxxxx
Unauthorized User-installed User-installed
User-installed users databases databases
User 3 on ECS
Attackers databases on ECS
on ECS Remote log storage

• Database intrusion prevention: Blocks SQL
injection attacks in real time.
• Fine-grained access control: Role-based and
minimized permission.
• Learning mode: The security mode generated
from self-learning and can be applied to the
firewall policy.
• Automatic sensitive data discovery: Automatically
detects sensitive data based on compliance
requirements and generates masking rules with one
click.
• Dynamic masking: Original data is not modified and
columns of sensitive data are anonymized.
• Multiple masking rules: Email masking and
character string masking.
• Activity and exception monitoring: Manages
activities at the column level, and monitors
behavior, login, and access exceptions.
• Real-time alarm: Real-time alarm reporting on
attacks such as SQL injection.
• Audit report: Near-immediate availability of
compliance audit report.

Currently, the following database types are supported: SQL Server (from version 2008 to 2014), MySQL
(from version 5.5 to 5.7), and PostgreSQL (from version 9.4 to 9.5).
Page 16 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Host Security Service (HSS)
• Asset, configuration, and
HSS Security Risk vulnerability detections
console Management • Visual security risks and situational
Asset awareness
Unified security Management • Real-time notification of asset
management changes

• Checks for configuration baselines in

Security align with over 10 industry
Vulnerability
benchmarks.
Management Compliance
• Meets the governmental compliance
HSS requirements.
Agent • Meets the PCI-DSS file integrity
requirements.
Baseline • Dual-factor authentication prevents
Inspection brute-force attacks.
• Based on the AI detection engine,
Intelligent
In-cloud/On- effectively removes viruses, Trojan
Intrusion
premises horses, cryptocurrency miners, and
servers Detection backdoors.
* HSS can be deployed on the HUAWEI CLOUD, hybrid Intrusion • Web tamper protection (real-time
cloud, other public clouds, private clouds, and data Detection
blocking + recovery)
centers.

50000+ servers are running properly at the same time, reducing 90% attacks.

Page 17 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Container Guard Service (CGS)
CGS: full lifecycle security protection for container environment
Build Ship Run

1 2 3
✓ 
Image security scanning Image security scanning

• Image security policy

• Runtime security
• Container escape
CGS
prevention
• Container firewall
• Password management
• Vulnerability database and
• User rights control
malicious program library
Security
update
intelligence
• Unknown vulnerability
detection
• Malicious behavior prevention
• Machine learning

Page 18 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Web Application Firewall (WAF)
Technology Innovation
HUAWEI CLOUD • Three-engine architecture: semantic, regular, and AI
WAF engines improve the threat detection rate by over 30%.
Attack
Attacke • Dynamic anti-crawler: Uses an industry-leading anti-
traffic
r North crawler algorithm based on encryption technologies to
Legitimate China
East China
traffic South
effectively prevent data leakage.
Route the traffic for
1 www.XX.com Protection engine
China
Hong Kong
• CC attack protection: Precisely blocks CC attacks based on
User to HUAWEI CLOUD WAF. cluster the IP address, cookie field, and referer.

2 Reliability
Off-HUAWEI Back-to-source
• Remote disaster recovery in China: Ensure that services
CLOUD
are not interrupted.
Tenant VPC
• Real-time monitoring: 24x7 monitoring by a professional
operations team.
Web server Web server • Privacy protection: Prevents privacy leaks.
(Off-HUAWEI CLOUD) (HUAWEI CLOUD)
Easy to Use
The primary WAF benefit is protection for custom web
• WAF requires no component installation and
applications' "self-inflicted" vulnerabilities in web application
code developed by the enterprise, and protection for maintenance.

vulnerabilities in off-the-shelf web application software. • The WAF console is designed in a user-friendly manner.
• Security experts available to help route operations.
Page 19 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Vulnerability Scan Service (VSS)
Major
Description
Function
Scanning for over 30 types of vulnerabilities,
including but not limited to OWASP Top 10,
Onlin Vulnerability
assessment
web injection, file inclusion, configuration error,
information disclosure, and backdoor
e implantation vulnerabilities.
Detects threats to website services, including
Detection
but not limited to sensitive information,
✓ Intelligent scanning and service to service unsolicited advertisements, malicious codes,
✓ Out-of-the-box
analysis threats and malicious links.
✓ Easy-to-use
✓ Real-time monitoring and dynamic
frequency adjustment Baseline In compliance with governmental security
compliance requirements, discovers non-compliant items
check and generates professional reports.

Vulnerability Generation of detailed reports viewable and

report downloadable online.

✓ Custom scan settings ✓ Collaboration with other cloud Critical CVE Security experts analyze the latest critical
✓ Multi-scenario security services to build a three- vulnerability vulnerabilities and update rules to provide the
applicability dimensional security system. scan fastest and most complete CVE vulnerability scan.

Page 20 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 SSL Certificate Manager (SCM)
Improved website
SCM: Secure transmission for websites security
and applications SSL certificates are used
to encrypt website data
transmission and protect
communication between
websites and users. They
help minimize data and
traffic hijacking risks.
Higher SEO rankings
Search engines, such as
Baidu and Google, as
well as SEOs tend to
recommend websites
with SSL certificates.
Optimized website image
Green padlocks indicate that
the website is well
protected. An enhanced SSL
certificate also allows the
website brand name or
organization name be
displayed in the address box
of the browser, improving
user trust and brand
awareness.

Commercial Commercial Commercial Commercial

Item Test Certificate
Certificate Certificate Certificate Certificate
Domain Organization Extended Validation
Certificate type OV Pro EV Pro
Validation (DV) Validation (OV) (EV)
Security level ★★ ★★★ ★★★★ ★★★ ★★★★★

Trust level ★ ★★★ ★★★ ★★★★ ★★★★★

Encryption strength 256-bit 256-bit 256-bit 256-bit 256-bit

Supported
RSA RSA ECC/RSA RSA ECC/RSA
algorithms
Domain name
DNS DNS/Email DNS/Email DNS/Email DNS/Email
ownership
verification verification verification verification verification
verification
Extended Extended
Organization Organization
Enterprise Review — organization organization
validation validation
validation validation
Display of green
√ √ √ √ √
padlock and https
Display of company
— — — √ √
name.
Guaranteed Max. $1.5 million Max. $1.5 million Max. $1.5 million Max. $1.5 million
—
compensation USD USD USD USD
Application
★ ★★★ ★★★ ★★★★ ★★★★★
scenarios
Automatic
Approval period 3-5 working days 3-5 working days 7–10 working days 7–10 working days
Page 21 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved. approval
 Anti-DDoS
Anti-DDoS is a highly reliable and secure DDoS protection service with on-demand and scalable features,
thereby ensuring the stable running of resources such as ECS, ELB, and BMS on HUAWEI CLOUD.

Architectur Attack types supported

e
1. Malformed and probe packet filtering
2. Defense against network transmission-
Anti-DDoS devices are based attacks: Effectively defends against
deployed at network ingress attacks such as SYN, SYN-ACK, FIN, RST,
and egress. UDP, ICMP Flood, and TCP connection
Internet exhaustion.
3. Application layer threat prevention:
The detecting center detects Effectively prevents attacks such as HTTP
Data center Traffic Anti-DDoS GET/POST Flood, CC, HTTP Slow
network access traffic based
diversion Header/POST, and HTTPS Flood.
on user-configured security
policies.
Traffic Scrubbing
retrieval center
Detection
If an attack is detected, the Attack scale supported
Detection center detecting center diverts 1. Free defense for 5 Gbit/s DDoS attacks
traffic to the scrubbing 2. Attack defense response in seconds
center to cleanse abnormal
traffic, and then forwards
Detection data
normal traffic.
Normal traffic Remarks: HUAWEI CLOUD continuously improves
IP IP Abnormal traffic service performance according to customer
address address requirements.
1 2 Unprotected
traffic

Page 22 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Advanced Anti-DDoS (AAD)
AAD is a value-added service to protect Internet servers (both HUAWEI CLOUD
and other hosts) against bandwidth-consuming DDoS attacks. It diverts attack
traffic to high-defense IP addresses for scrubbing, keeping your businesses stable
and reliable.
High-defense
 Connection to IP address High-defense 1. Change the DNS or
AAD
data center service IP address.
Users
 Domain name access IP address access
www.example.com= Origin server IP address
Origin server IP address access from the client
2. Traffic is diverted to the
Traffic
retrieval
high-defense center.
www.example.com= High-defense IP address Origin server IP
High-defense access from the client  address
CNAME

3. Service traffic is retrieved

DNS Client Protected to the origin server.
origin server
service

Page 23 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Security Expert Service (SES)
Detects potential vulnerabilities, such as SQL injections,
XSS, file upload, download, and inclusion, sensitive
information leakage, and weak passwords.
Professional qualifications ensure
top quality.
Website
Identifies security threats to hosts based on
security vulnerability scan results and log analysis, and
assessment performs baseline check on OSs and
Enterprise
middleware.
CISSP and CISA-certified experts Edition Host security
assessment
• Security Checks packets transmitted over
consulting HTTP/HTTPS and monitors websites
• Security Manual service from six angles: webshells, tampering,
hardening broken links, open services, availability,
• Emergency and vulnerability.
response
• Security Security
assessment monitorin
• Security g
inspection Detects and handles malicious programs
• Security product and files in the host and web systems
hosting respectively. Provides recommendations for
quick resumption of services.
Emergency
response

Performs vulnerability scans on OSs and

middleware and provides recommendations for
Security hardening components to reduce the attack
hardening surface of the system.

Page 24 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Situation Awareness (SA)
SA integrates risk discovery, mitigation, and Situation Awareness (SA)
management. Provides a unified platform for threat detection and risk
handling through big data analysis.
Data
collection Threat
Backtracking
discovery
• Data collection: Flow probes and intrusion detection systems are

Security deployed at the entrances and exits of HUAWEI CLOUD to collect

Security
response Threat monitoring
network traffic and logs of security devices such as Anti-DDoS, AAD,
analysis
Security
WAF, and HSS into the analysis platform.
SA
orchestratio
n • Threat discovery: Different threat models are established to identify
30 major security threats through big data learning and analysis.

• Centralized presentation: The security status of tenant assets is

Security policy delivery

Security threat centrally displayed on the awareness overview page for tenants to
analysis
monitor overall security status.
AI service Big data service platform
• Threat analysis: Threat analysis is provided based on attack asset
perspective and attack source perspective, so that tenants can adjust
Security threat

VSS DDoS IDS Flow probe

detection security policies in time.

• Security orchestration: The security policies are one-click generated

Security defense
and delivered to detect security threats, which are associated with
WAF HSS ACL/Security group DBSS
security defense products.

Page 25 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
1. Which of the following security services can be used to protect websites? (Multi-
choice)
A. WAF

B. VSS

C. SCM

D. Anti-DDoS

Page 26 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
1. Which of the following security services can be used to protect websites? (Multi-
choice)
A. WAF

B. VSS

C. SCM

D. Anti-DDoS

Page 27 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Summary
⚫ Describes HUAWEI CLOUD security services.
⚫ Explains the concepts, functions, application scenarios, and principles of
these security services.
⚫ Presents something users need to know before purchasing and using the
services.

Page 28 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Recommendations
⚫ HUAWEI CLOUD website:
 https://intl.huaweicloud.com/

⚫ HUAWEI CLOUD Help Center:

 https://support-intl.huaweicloud.com

Page 29 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
Thank You
www.huawei.com
HUAWEI CLOUD - Cloud Eye
Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Foreword
⚫ This chapter describes Cloud Eye on HUAWEI CLOUD.

Page 2 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Objectives
⚫ Upon completion of this course, you will be able to:
 Describe Cloud Eye.

 Master the basic functions of Cloud Eye.

 Understand the concepts and scenarios of Cloud Eye.

 Create and manage alarm rules on the Cloud Eye console.

Page 3 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Cloud Eye Overview

2. Cloud Eye Functions

3. Alarm Rules

4. Open APIs

5. Applications

Page 4 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 What Is Cloud Eye?
⚫ Cloud Eye is a multi-dimensional resource monitoring platform. You can
use Cloud Eye to monitor the utilization of service resources, track the
running status of cloud services, configure alarm rules and notifications,
and quickly respond to resource changes.

⚫ Cloud Eye can monitor metrics of various services, such as Elastic Cloud
Server (ECS), Bare Metal Server (BMS), Auto Scaling (AS), Elastic Volume
Service (EVS), Virtual Private Cloud (VPC), Relational Database Service
(RDS), Distributed Cache Service (DCS), Distributed Message Service (DMS),
Elastic Load Balance (ELB), Web Application Firewall (WAF), and Workspace.

Page 5 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Cloud Eye Architecture
• Cloud Eye receives monitoring
data of all metrics reported by
different cloud services, such
as ECS, EVS, VPC, and ELB.
• Cloud Eye collects, aggregates,
and stores metric data,
visualizes monitoring data on
the console, and generates
alarms when the monitoring
data reaches configured
thresholds.

Page 6 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Application Scenarios
⚫ Routine management: Cloud Eye monitors many items, such as CPUs, disk
I/O, and memory, ensuring service reliability.
 Social media platforms, video live broadcasting, e-commerce websites, and
service crowdsourcing platforms
⚫ Alarm notification: If an alarm is generated or cleared, Cloud Eye notifies
you by email or text message for fault locating and demarcation, or by
sending HTTP or HTTPS requests to the server IP addresses.
⚫ Capacity adjustment: You can set alarm rules for ECS metrics, such as CPU
usage and memory usage. When the threshold is reached, the ECS service
works together with AS to automatically expand capacity, preventing
services from being affected.

Page 7 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Application Scenario: E-Commerce Websites
⚫ These websites feature sharp increase in traffic within extremely short time
periods, and require high data and network security.

Page 8 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Cloud Eye Advantages
⚫ Automatic provisioning: After registration on the cloud platform, Cloud Eye is enabled automatically.
After deploying a cloud service, you can view the service running status and set alarm rules on the
Cloud Eye console.

⚫ Real-time and reliable monitoring: Raw data is reported to Cloud Eye in real time for monitoring of
cloud services. Alarms are generated and notifications are sent to you in real time.

⚫ Cost-effective: Cloud Eye is free of charge.

⚫ Visualized monitoring: Cloud Eye monitoring panels provide rich monitoring graphs supporting
automatic data refresh and multi-metric comparison, meeting your requirements for monitoring data
virtualization.

⚫ Multiple notification methods: Cloud Eye notifies you by email or text message, allowing you to keep
track of the running status of cloud services. Cloud Eye can also send HTTP or HTTPS requests to a
server IP address of your choice, helping you build smart alarm handling programs.

Page 9 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Cloud Eye Overview

2. Cloud Eye Functions

3. Alarm Rules

4. Open APIs

5. Applications

Page 10 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Automatic Monitoring
⚫ Monitoring starts automatically after you create ECSs or AS groups. No
manual intervention or additional plug-ins are required.

⚫ After obtaining resources, you can view resource monitoring data on the
Server Monitoring or Cloud Service Monitoring page on the Cloud Eye
console within 5 to 10 minutes. During this time, the system is obtaining
and aggregating data.

Page 11 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Rollup Methods
⚫ Rollup metric data refers to the data aggregated based on raw monitoring
data. Cloud Eye supports the following rollup methods:
 If Avg. is selected for Statistic, Cloud Eye calculates the average value of metric data within a rollup
period.

In this case, if you change the time ranges of the monitoring data, the peak values may be
inconsistent.

 If Max. is selected for Statistic, Cloud Eye calculates the maximum value of metric data within a
rollup period.

 If Min. is selected, Cloud Eye calculates the minimum value of metric data within a rollup period.

 If Sum is selected for Statistic, Cloud Eye calculates the sum of metric data within a rollup period.

 If Variance is selected for Statistic, Cloud Eye calculates the variance value of metric data within a
rollup period.

Page 12 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Rollup Data Retention
⚫ Retention durations for rollup metric data depend on the rollup period.
 Metric data whose rollup period is 5 minutes is retained for 10 days.

 Metric data whose rollup period is 20 minutes is retained for 20 days.

 Metric data whose rollup period is 1 hour is retained for 155 days.

 Metric data whose rollup period is 4 hours is retained for 300 days.

 Metric data whose rollup period is 1 day is retained for 5 years.

Page 13 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Exporting Data
⚫ On the Cloud Eye console, choose Server Monitoring or Cloud Service
Monitoring, then click Export Data. In the Export Data dialogue box,
specify Time Range, Resource Type, Dimension, Monitored Object, and
Metric. Click Export.

Page 14 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Flexible Alarm Rule Configuration
⚫ Flexible alarm configurations are supported, such as setting alarm policies
and disabling or enabling alarm rules.
 You can create an alarm rule manually or by using an alarm template. Alarm templates
facilitate batch creation of alarm rules.

 Parameter values configured in an alarm rule can be modified at any time. The new
parameter values take effect from the next monitoring period.

 If a monitored cloud resource is not used, you can disable the alarm rule configured for
it. If you decide to use the cloud resource again, you can then enable the alarm rule.

 If a monitored cloud resource is no longer used or has been deleted, you can manually
delete the alarm rule configured for it.

 You can create a maximum of 1000 alarm rules.

Page 15 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Real-time Notifications
⚫ You can enable Send Notification when creating alarm rules to receive
alarm notifications by email or text message in real time.
 When the status of an alarm rule changes (between Alarm or OK), Cloud Eye
notifies you through email or text message for fault locating and demarcation.
It can also send HTTP or HTTPS requests to the IP address of a specified server.

 When the status of an alarm rule remains Alarm, Cloud Eye only notifies you
when the status first occurs.

Page 16 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Monitoring Panels
⚫ Panels, severing as custom monitoring platforms, allow you to view core
metrics

and compare the performance data of different services.

⚫ Currently, each user can create a maximum of 20 monitoring panels, and a

maximum of 24 monitoring graphs can be added to each panel. A
maximum of 20 monitoring items can be added to a single graph.

Page 17 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Server Monitoring
⚫ Server Monitoring includes Basic Monitoring and OS Monitoring. Basic Monitoring
monitors those metrics automatically reported by ECSs. By installing the Agent on an ECS or
BMS, OS Monitoring provides server monitoring that is system-wide, active, and fine-
grained. In this document, "fine-grained" means that data is collected at 10-second
intervals.

⚫ To meet the basic monitoring and O&M requirements for servers, Server Monitoring
monitors more than 40 metrics, such as those for CPU, memory, disk, and network.

⚫ The Agent’s system resources usage is low. In an ECS, the Agent uses less than 0.5% CPU
and less than 50 MB memory. The percentages in a BMS is less than 1.5% and less than 50
MB, respectively.

Page 18 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Installing the Agent
1. Log in to an ECS or a BMS as user root.

2. Run the following command to install the Agent:

cd /usr/local && wget https://telescope-ap-southeast-1.obs.ap-southeast-
1.myhwclouds.com/scripts/agentInstall.sh && chmod 755 agentInstall.sh && ./agentInstall.sh

3. On the Server Monitoring page, select the target ECSs or BMSs and click Restore
Agent Configurations. On the displayed page, click One-Click Restore to complete
the configuration.

Page 19 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Resource Groups
⚫ A resource group allows you to add and monitor correlated resources and provides the
collective health status for all contained resources.

⚫ Each user can create a maximum of 10 resource groups, each of which containing a
maximum of 200 resources.

⚫ The quotas of various resources in a resource group are as follows:

 ECS: 200

 BMS: 100

 EVS disk: 200

 VPC: 50 each for EIP address and bandwidth

 RDS: 50 for each type of database

Page 20 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Cloud Eye Overview

2. Cloud Eye Functions

3. Alarm Rules

4. Open APIs

5. Applications

Page 21 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Creating an Alarm Rule
1. Log in to the management console.

2. Under Management & Deployment, select Cloud Eye.

3. In the navigation pane on the left, choose Alarm Management >

Alarm Rules and click Create Alarm Rule.

4. On the Create Alarm Rule page, set parameters as prompted. For

details, see Alarm Rule Parameters.

Page 22 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Creating an Alarm Rule

Page 23 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Alarm Rule Parameters
Parameter Description Example Value
Elastic Cloud
Resource Type Type of the cloud resource for which the alarm rule is configured
Server

Dimension Dimension of the selected cloud resource ECS

Monitored Specific resource for which the alarm rule is configured

ecs-test
Object You can specify one or more resources.

Source Means by which you create the alarm rule Manually create

Quantitative value of a specific dimension (such as CPU usage or memory usage) of a resource
Metric CPU Usage
(such as an ECS or BMS)
Alarm policy that triggers an alarm
Alarm Policy For example, trigger an alarm if the metric raw data is no less than 80% for 3 consecutive 5- N/A
minute periods.
Severity of the alarm
Alarm Severity Major
Valid values are Critical, Major, Minor, and Informational.
Whether to notify users when alarms are generated or cleared.
Send
A notification can be sent by email, text message, or HTTP/HTTPS requests to a server. Yes
Notification
Valid values are Yes (recommended) and No.
Name of the topic to which the alarm notification is sent
Topic 123
You can select an existing topic or create a new one.
Trigger Condition for triggering the alarm notification
Generate alarm
Condition You can select Generated alarm, Cleared alarm, or both.

Page 24 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Introduction to SMN
⚫ A topic is a specified event to publish messages and subscribe to notifications. It
serves as a message sending channel, where publishers and subscribers can
interact with each other.

⚫ After a topic is created, you need to add subscribers it. Then, when an alarm is
triggered, Cloud Eye is able to send the alarm information to subscribers of this
topic.

Page 25 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Creating a Topic and Adding a Subscription
1. On the Topics page of the Simple Message Notification (SMN) console, click Create Topic.
Enter a topic name and display name as prompted.
⚫ Topic Name: specifies the topic name, which
⚫ Contains only uppercase or lowercase letters, numerals, hyphens (-), and underscores (_), and must start with a letter or a numeral.

⚫ Must be 1-256 characters long.

⚫ Must be unique, and cannot be modified after the topic is created.

⚫ Display Name: specifies the message sender name, which cannot exceed 192 bytes.

2. Locate the created topic, click More under Operation, and select Add Subscription.
If Protocol is set to Email, enter one or more valid email addresses, for example, [email protected].

If Protocol is set to HTTP or HTTPS, enter one or more public network URLs, for example, http://example.com/notification/action.

If Protocol is set to SMS, enter one or more valid phone numbers, for example, 18512345678.

If Protocol is set to DMS, subscription endpoints are message queues. This type of subscriptions does not need confirmation.

Page 26 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Cloud Eye Overview

2. Cloud Eye Functions

3. Alarm Rules

4. Open APIs

5. Applications

Page 27 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Support for RESTful APIs
⚫ RESTful APIs that are used to manage metrics of common cloud services

⚫ Return code of the API for adding metrics

 Normal: 201

 Abnormal
Returned Values Description
400 Bad Request The server failed to process the request.
You must enter a username and password to access the
401 Unauthorized
requested page.
403 Forbidden You are forbidden to access the requested page.
408 Request Timeout The request timed out.
429 Too Many Requests The number requests exceeded the maximum.
Failed to complete the request because of an internal service
500 Internal Server Error
error.
Failed to complete the request because the service is
503 Service Unavailable
unavailable.

Page 28 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Cloud Eye Overview

2. Cloud Eye Functions

3. Alarm Rules

4. Open APIs

5. Applications

Page 29 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Working with AS to Adjust the Number of Instances

⚫ Cloud Eye monitors metrics (such as CPU usage and memory usage) that
reflect the AS workload and triggers instance scaling to balance computing
resources. This allows resource utilization and availability to be improved
while ensuring user experience.

Page 30 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Working with AS to Adjust the Bandwidth
⚫ A bandwidth scaling policy can be created on the AS console to improve
bandwidth utilization and availability while ensuring user experience.

Page 31 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
Which rollup methods does Cloud Eye support ( )?
A. Max.

B. Min.

C. Avg.

D. Sum

E. Variance

Page 32 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
Which rollup methods does Cloud Eye support ( )?
A. Max.

B. Min.

C. Avg.

D. Sum

E. Variance

Page 33 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Summary
⚫ Cloud Eye application scenarios and functions
⚫ Configuration of simple metrics

⚫ How Cloud Eye works together with AS

Page 34 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Recommendations
⚫ Huawei learning website
 http://support.huawei.com/learning/Index!toTrainIndex

⚫ Huawei support cases

 http://support.huawei.com/enterprise/servicecenter?lang=zh

Page 35 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
Thank You
www.huawei.com
HUAWEI CLOUD Service - Relational
Database Service
Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Foreword
⚫ This course gives a general overview of Relational Database Service (RDS),
a service on HUAWEI CLOUD.

Page 2 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Objectives
⚫ After completing this course, you will be able to:

⚫ Know what RDS is.

⚫ Distinguish the concepts, scenarios, functions, and key features of the three
RDS DB engines.

⚫ Master basic RDS database operations, such as creating, connecting,

scaling, monitoring, and deleting RDS DB instances.

Page 3 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. RDS Overview

2. RDS Key Features

3. RDS Basic Operations

4. FAQs

Page 4 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 What Is RDS?
⚫ RDS is a cloud-based web service that is reliable, scalable, easy to manage,
and immediately ready for use. It provides MySQL, PostgreSQL, and SQL
Server DB instances that can be deployed in single or primary/standby
mode. You can obtain a DB instance on the RDS console within several
minutes.

⚫ RDS also provides some database O&M functions, including high

availability, disaster recovery, database backup and restoration, elastic
scaling, and performance monitoring.

⚫ RDS can significantly reduce the complexity and cost of database O&M,
allowing you to focus on developing your services.

Page 5 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Comparison Between Self-Built Databases and
HUAWEI CLOUD Database
Self-Built Databases V.S. Databases on Cloud Servers V.S. HUAWEI CLOUD Database
• Purchase and install both hardware • Purchase and install • No need to purchase and
and software including servers, database software by install any hardware and
systems, and databases yourself software
• Expensive equipment room • Cloud server rent fees • Only RDS fees
hosting
• High DBA costs • Low DBA costs
• High DBA costs

Application optimization Application optimization Application optimization

Database elastic scaling Database elastic scaling Database elastic scaling

Database high availability Database high availability Database high availability

Data backup and restoration Data backup and restoration

Data backup and restoration
Database software upgrade or patch Database software upgrade or patch
Database software upgrade or patch
installation installation
installation
Database software installation Database software installation
Database software installation
OS version upgrade or patch installation OS version upgrade or patch installation
OS version upgrade or patch installation
OS installation OS installation
OS installation
Server deployment and maintenance Server deployment and maintenance
Server deployment and maintenance
Rack stacking Rack stacking
Rack stacking
Infrastructure (equipment rooms, power Infrastructure (equipment rooms, power
Infrastructure (equipment rooms, power supplies, air conditioners, and networks) supplies, air conditioners, and networks)
supplies, air conditioners, and networks)
Solved by yourself Solved by cloud service providers

Page 6 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Application Scenarios
Scenario Type Description
Internet websites Websites for online gaming, e-commerce, e-government, enterprise portals, social platforms, and
community forums can be migrated to HUAWEI CLOUD on which RDS can quickly provide easy-to-
use and secure database services with low cost and high performance.
Internet of Things RDS can provide reliable database services for IoT applications, such as IoV applications that need
(IoT)
to connect, monitor, and manage a large number of terminal devices.
Development and Software developers can set up a development and testing environment on HUAWEI CLOUD. In
testing
this way, they can directly use stable, reliable RDS with various specifications to perform joint tests
instead of building databases by themselves, which takes much time and high costs.
Enterprise Service systems such as enterprise office applications and SaaS applications can be migrated to
application
systems HUAWEI CLOUD on which RDS can manage service data, reduce IT construction costs and
maintenance workload. In addition, you can work or use the SaaS service anytime, anywhere.
Mobile RDS enables you to add and configure mobile applications to your terminals (such as mobile
applications
phones or other mobile devices). Moreover, RDS can authenticate identities and store, push,
release, and analyze data.

Page 7 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Advantages
Read/write
Failover
(automatic)
Compute Compute
Primary Standby
DB DB
instance instance

Data replication
Read/write

Storage Storage

Instant Availability High Reliability High Security

Cloud
resources

Easy Management Elastic Scaling

Page 8 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Structure ⚫ Console Home: Unified web portal for the public cloud. After
logging in and selecting RDS, you will be redirected to the
RDS console.

⚫ RDS console: Self-service management console for RDS web

users. You can input parameters required in DB instance
management commands. For example, when creating a DB
instance, you need to set the DB engine and version,
specifications, storage space, and automated backup policy.

⚫ RDS management plane: Deployed with RDS backend nodes

that perform DB instance creation, configuration, and other
management operations. In most cases, RDS management-
plane nodes connect to RDS DB instances and issue
management commands for execution. When RDS
management-plane nodes need to obtain compute resources,
they invoke IaaS-layer services to apply for resources.

Page 9 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Structure ⚫ ECS/EVS/VPC: Services on the IaaS layer, which provide elastic
compute, storage, and networking resources. RDS applies for
resources from these services to build a running environment
for DB instances.

⚫ RDS instance plane: Includes DB engines and required tools,

such as backup tools. After you create and initialize a DB
instance, applications in other ECSs can connect to the DB
instance to read and write data.

⚫ Cloud Eye: Metric monitoring service. RDS DB instances

regularly report their running status to Cloud Eye. Cloud Eye
stores and displays status data and reports alarms when the
metrics of DB instances exceed your specified thresholds.

⚫ OBS: Object Storage Service. RDS uses the OBS service to

store DB instance backup files.

Page 10 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. RDS Overview

2. RDS Key Features

3. RDS Basic Operations

4. FAQs

Page 11 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 RDS Key Features
Key Features
✓ Database types and versions: MySQL 5.6/5.7, PostgreSQL 9.5/9.6/10.0,
SQL Server 2016 Web/SP1 Standard/SP1 Enterprise Editions, 2014 SP2
Web/SP2 Standard/SP2 Enterprise Editions, 2008 R2 SP3 Web/R2 SP3
Standard Editions
✓ Data security: Supports multiple security policies such as VPCs, subnets,
security groups, VPNs, and SSL to protect database and user privacy.
✓ Database reliability: Supports three data copies and ensures database
data reliability up to nine nines and backup data reliability up to eleven
nines.
✓ High availability: Deploys primary/standby DB instances in an AZ or
across
Read AZs.
replicas The service availability is greater than 99.95%.
✓ DB instance access: Supports multiple access methods including private
IP address access, public IP address access, and VPN access.
✓ DB instance management: Supports lifecycle management, such as
adding, deleting, modifying, querying, and rebooting DB instances.

Page 12 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 ✓ DB instance monitoring: Monitors key performance metrics of DB

Key Features instance OSs and DB engines, including CPU, memory, and storage space
usage, I/O activities, the number of database connections, QPS/TPS, buffer
pool, and read/write activities.
✓ Elastic scaling: Horizontal scaling: Creating or deleting read replicas (up to
five). Vertical scaling: Changing the DB instance class or scaling storage
space (up to 2 TB).
✓ Backup and restoration: Backup: Adding, deleting, querying, and
replicating automated, manual, full, and incremental backups. Restoration:
Restoring data to any point in time within the backup retention period or
restoring data to a new or an original DB instance.
✓ Log management: Supports queries of slow query SQL logs and error
logs.replicas
Read

✓ Parameter configuration: Enables you to adjust DB engine parameter

configurations based on monitoring and log information. You can perform
lifecycle management of DB engine parameters in batches, such as
adding, deleting, modifying, querying, resetting, comparing, and
replicating parameter groups.

Page 13 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Key Feature – High Availability
Advantages
Read/write Read/write
⚫ RDS can automatically provide high availability and failover capabilities for DB
instances with just a few clicks.

Compute Compute ⚫ Primary/standby DB instances provide high availability if the primary DB

instance fails. In addition, you can maintain database services in the planned
Failover
(automatic) system maintenance window to enhance the availability.

⚫ Primary and standby DB instances use independent storage and improve data
Primary DB Standby DB
reliability through adding data redundancy.
instance instance
Measures
Data replication
⚫ According to your settings, the primary DB instance can replicate data to the
standby DB instance in asynchronous or semi-synchronous mode.

⚫ If the primary DB instance fails, RDS can fail over to the standby DB instance

Storage Storage immediately to continue to provide database read and write services. After the
failover, the data replication roles of the primary and standby DB instances are
exchanged.

Page 14 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Key Feature – High Availability
Read/write Advantages

Although RDS supports high availability, if a database or table is

Compute Failover
Compute
(automatic) maliciously or mistakenly deleted, data on the standby DB instance is also
Primary Standby
DB DB deleted and cannot be restored. In this case, backups can be used to
instance instance
restore DB instances after data is deleted.
Data
Read/write replication

Storage Storage

Backup

Backup

Page 15 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Key Feature – DB Instance Monitoring
Advantages
DBA
View monitoring
information Manage ⚫ You can know the performance and health status of DB instances and
or set alarm rules RDS console engines in real time.
Cloud Eye Send
console alarms
Overview Measures
Instance ⚫ RDS works with the free Cloud Eye service to display the performance
Redirected Management and health status of DB instances and engines.
to
Backup
⚫ RDS monitors active DB instances and engines, and sends
Management
performance metrics to Cloud Eye.
Data Migration
Send
⚫ RDS monitors key performance metrics of DB instances and engines,
Manage
raw data
including CPU, memory, and storage space usage, I/O activities, the
VM
VM
DB instances
number of database connections, QPS/TPS, buffer pool, and
read/write activities.
DB engine
DB engine You can be redirected to the Cloud Eye console to view the graphs
DB engines ⚫

about DB instance and engine performance.

Page 16 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. RDS Overview

2. RDS Key Features

3. RDS Basic Operations

4. FAQs

Page 17 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 DB Instance Lifecycle Management
DB instances are the smallest management units used by RDS. Each is an isolated database environment
on the cloud. A DB instance can contain multiple user-created databases. You can use the same tool or
program to access these databases. You can use the RDS console or APIs to create DB instances and
manage them easily. Add
Add:

Delete: Delete Query

⚫ Buy DB instances

⚫ Delete DB instances ⚫ Connect to DB instances

⚫ Configure network security policies

Reboot Modify ⚫ Back up databases

Reboot: Modify:

Scale up storage space Query:

⚫ Reboot DB instances ⚫

⚫ Change DB instance classes

⚫ View DB instance details
⚫ Restore databases
⚫ Monitor DB instances and engines
⚫ Configure DB engine parameters
⚫ Query database logs
⚫ Change associated parameter groups

Page 18 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Buying an RDS DB Instance
Scenarios
You can quickly buy a DB instance on the RDS console.

Procedure

Page 19 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Connecting to an RDS DB Instance
Scenarios
You can connect and manage DB instances using the Data Admin Service (DAS) service or other clients. By default, you
have the remote login permission. It is recommended that you use the DAS service to connect and manage DB instances,
which is more secure and convenient.

This slide uses DAS as an example to describe how to connect to a DB instance. For details about how to connect to a DB
instance through a client, see "Connecting to a DB Instance" in the Relational Database Service Getting Started.

Procedure

Page 20 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Creating a Read Replica
Scenarios
Read replicas are used to enhance the read capabilities of primary DB instances and reduce the load on primary DB
instances. After DB instances are created, you can create read replicas for them.

A maximum of five read replicas can be created for a primary DB instance.

Procedure

Page 21 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Changing a Pay-per-Use DB Instance to
Yearly/Monthly
Scenarios
You can change a pay-per-use DB instance to yearly/monthly. If you use RDS for a long time, you can change the billing
mode of a DB instance from pay-per-use to yearly/monthly for a lower tariff.

Procedure

Page 22 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Changing a Single DB Instance to Primary/Standby

Scenarios
You can change the DB instance type from single to primary/standby to improve the instance reliability while retaining
the original instance resources.

Procedure

Page 23 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Manually Switching Between Primary and Standby
DB Instances
Scenarios
If you choose to create primary/standby DB instances, RDS will create a primary DB instance and a synchronous standby
DB instance in the same region. You can access only the primary DB instance. The standby instance serves as a backup. If
the primary DB instance fails, the standby DB instance is promoted to the new primary instance and takes over services
for failover support.

Procedure

Page 24 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Changing the CPU or Memory of a DB Instance
Scenarios
You can change the CPU or memory of a DB instance as required. If the status of a DB instance changes from Changing
instance class to Available, the change is successful.

Procedure

Page 25 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Rebooting a DB Instance
Scenarios
You may need to reboot a DB instance for maintenance purposes. For example, if the status of a DB instance is
Abnormal, you can try rebooting it to restore its status to Available. After modifying some parameters, you must reboot
the DB instance for the modifications to take effect. You can reboot a primary DB instance or a read replica on the
management console.

Procedure

Page 26 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Renaming a DB instance
Scenarios
This section describes how to change the name of a primary DB instance or read replica.

Procedure

Page 27 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Deleting a Pay-per-Use DB Instance
Scenarios
You can manually delete the following DB instances that are not in use to release resources:

⚫ Primary DB instances

⚫ Read replicas

Procedure

Page 28 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Deleting a Yearly/Monthly DB Instance
Scenarios
You can manually delete the following DB instances that are not in use to release resources:

⚫ Primary DB instances

⚫ Read replicas

Procedure
1. Log in to the HUAWEI CLOUD management console.

2. Click Fees in the upper right corner of the page. The Billing Center page is displayed.

3. In the navigation tree on the left, choose Unsubscriptions and Changes > Unsubscriptions, select the order to be
unsubscribed from, and click to Unsubscribe in the Operation column.

4. On the Unsubscribe page, select a reason for unsubscription, and click Unsubscribe.

5. In the displayed dialog box, check the unsubscription information and click Next.

After the DB instance order is successfully unsubscribed, the DB instance is no longer displayed in the instance list on the
Instance Management page.

Page 29 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Modifying an Automated Backup Policy
Scenarios
When you create a DB instance, an automated backup policy with a 7-day backup retention period is enabled by default. You can also disable
it. However, it is strongly recommended that you enable the automated backup policy for data restoration. After a DB instance is created, you
can modify the automated backup policy as needed. RDS backs up data based on the automated backup policy you have set. For DB instances
with the ultra-high performance, the automated backup policy cannot be disabled.

RDS automatically backs up data at the DB instance level. If a database is faulty or data is damaged, you can restore it from backups to ensure
data reliability. Backups are saved as packages in OBS buckets to ensure data confidentiality and durability. Since backing up data affects the
database read and write performance, you are advised to enable automated backups during off-peak hours.

Procedure
1. Log in to the HUAWEI CLOUD management console.

2. Click Fees in the upper right corner of the page. The Billing Center page is displayed.

3. In the navigation tree on the left, choose Unsubscriptions and Changes > Unsubscriptions, select the order to be unsubscribed from,
and click to Unsubscribe in the Operation column.

4. On the Instance Management page, locate the target DB instance and click its name.

5. On the Backup & Restore page, click Modify Backup Policy. If you want to enable the automated backup policy, click .

6. If you want to enable the automated backup policy, click .

7. Click OK to save the modification.

Page 30 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Creating a Manual Backup
Scenarios
RDS allows you to create manual backups of a running primary DB instance. You can use these backups to restore data.

Manual backup will be retained until you delete them manually.

Procedure

Page 31 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Restoring a DB Instance to a Point in Time
Scenarios
You can use existing automated backups to restore DB instances to a point in time.

Procedure

Page 32 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Restoring a Backup
Scenarios
You can use an automated or manual backup to restore a DB instance to the status when the backup was created. You
can restore the DB instance to a new or an original DB instance.

Procedure

Page 33 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Scaling a DB Instance
Scenarios
You can scale up storage space if it is no longer sufficient for your requirements. When the DB instance status is Storage
full, data cannot be written to databases.

Procedure

Page 34 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Configure DB Engine Parameters
Scenarios
You can modify parameters in user-created parameter groups.

Procedure

Page 35 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Viewing or Downloading Logs
Scenarios
Error logs contain logs generated during the database running. The logs help you analyze problems with the database.
You can also download error logs for service analysis

Procedure

Page 36 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Viewing Monitoring Metrics
Scenarios
Cloud Eye monitors RDS operating status. You can view the RDS monitoring metrics on the management console.

Monitored data takes some time for transmission and display. The RDS status displayed on the Cloud Eye console is the
status of the last 5 to 10 minutes. If your RDS is newly created, wait for 5 to 10 minutes and then view the monitoring
data.

Procedure
1. Log in to the HUAWEI CLOUD management console.

2. Under Management & Deployment, click Cloud Eye.

3. In the navigation pane on the left, choose Cloud Service Monitoring > Relational Database Service.

4. On the displayed page, locate the target DB instance and click View Graph in the Operation column.

5. In the RDS monitoring area, you can select a duration to view the monitoring data.

Page 37 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Setting an Alarm Rule
Scenarios
You can set RDS alarm rules to customize the monitored objects and notification policies and to stay aware of the RDS
operating status.

The RDS alarm rules include alarm rule names, services, dimensions, monitored objects, metrics, alarm thresholds,
monitoring period, and whether to send notifications.

Procedure
1. Log in to the HUAWEI CLOUD management console.

2. Under Management & Deployment, click Cloud Eye.

3. In the navigation pane on the left, choose Alarm Management > Alarm Rules.

4. On the displayed Alarm Rules page, click Create Alarm Rule.

Page 38 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Summary
 Introduces the HUAWEI CLOUD RDS service.

 Describes the concept, scenarios, advantages, and key features of RDS.

 Demonstrates how to use RDS.

Page 39 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 More Information
⚫ For details about basic RDS operations, you can also see the RDS videos on
Help Center.

⚫ You can also seek help from HUAWEI CLOUD intelligent Q&A for common
RDS problems.

Page 40 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Recommendations
⚫ Huawei learning website:
 http://support.huawei.com/learning/en/newindex.html

⚫ Huawei support cases:

 http://support.huawei.com/enterprise/servicecenter?lang=en

⚫ RDS Help Center

 https://support-intl.huaweicloud.com/rds/index.html

Page 41 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
Thank You
www.huawei.com
HUAWEI CLOUD - Enterprise
Intelligence
Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Foreword
⚫ This course introduces HUAWEI CLOUD EI products, solutions, and
applications.

Page 2 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Objectives
⚫ Learn about HUAWEI CLOUD EI products and solutions and how to apply
them.

Page 3 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. AI Industry Trends

2. HUAWEI CLOUD EI Services

3. Industrial Practices of HUAWEI CLOUD EI

Page 4 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Four Phases of AI System Development
Major AI Services Required by Enterprises
Development

Service automation Data integration and Massive data and deep Human-machine
service intelligence learning
Phases

interaction
Application
Fields

Recommendation, Automatic translation,

Smart assistant, multi-
Automatic prediction, detection, automatic Q&A, and
turn dialog, and more
management, intelligent design, logistics, autonomous driving
automatic generation, scheduling, and more (concerning language, vision,
and more natural language, and more)

Page 5 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 AI 2.0: Platform as a Service, Facilitating Enterprise
Development
Computer According to the latest Gartner
vision Quadrant:
technology has Voice recognition
matured leads in commercial • Currently, voice recognition is first
deployment used for large-scale commercial use.
For example, common social
software and input methods have the
voice recognition function.

• The computer vision technologies

gradually become mature, and a
great breakthrough has been made
in image recognition, OCR (high
maturity), and facial recognition.
Natural language
processing • The hype around platform services,
such as machine learning, deep
learning, graph computing, edge
computing, and IoT, will come to an
end. Achievements have been made
in applying machine learning to the
industry field, from deep learning to
visual analysis.

Page 6 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 HUAWEI CLOUD EI Development Milestones and
Achievements
• Having the core project PMC and
committer • IDC: Huawei
1.Hadoop Core/HBase: 7 ranked number 1
2.Spark + CarbonData: 8 in China's big data
• CarbonData: top Apache project market.
• 190+ patents
Enterprise big data EI cloud services
platform
Telecom big data (FusionInsight)
solution Cloud EI service
(Telco industry)
Big data technology Reliable and secure self-
research management
Performance-
Traditional BI oriented and
(Telco industry) equipment-based
Hadoop Kernel
optimization and
ETL & analytics community
technology contributions AI practice: Focus on the
AI technology inside of Huawei and
research support intelligent
upgrades.
2002 2007 2011 2013 2015 2017
Page 7 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 HUAWEI CLOUD EI: An Affordable, Effective, and
Reliable AI Platform

For ISVs in …

Government Manufacturing Finance Healthca Energy Logistics

re

Cloud Intelligence

Multi-Domain Collaborative Decision-making

Decision
Intelligent Decision
inference
optimizatio
support
... Edge Device
n Intelligence
General-Purpose AI Services Models and
EI DevOps

Conversational functions HiAI

Face
Bot Service ImageSearch ...
Recognition
(CBS) LiteService
NPU
Essential Platform Services Intelligent
Machine Deep
Cloud Search Graph Engine EdgeFabric (IEF)
Learning Service Learning
Service (CSS) Service (GES)
(MLS) Service (DLS)

Data Lakes: Intelligent Bases for Data

Storage

Page 8 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 HUAWEI CLOUD EI: Full-Stack Enablement for All
Scenarios

45 services
AI General APIs AI Advanced APIs AI Pre-integrated Solutions

ASR TTS Image NLP CBS

Image
Search VCM VCT City Internet Home Vehicle
142 functions

platform Moder
18 Logistics Healthcare Campus Manufa
services OCR Face ation HAS IDS VGS VCC VCR
cturing
platform-
36 related
15 visual services ML as a Service functions
ModelArts Deep Machine Inferencing
Learning Learning ExeML GES Batch
AI Platform
98 APIs
Services AI Frameworks Mindspore
language
8
services GPU
AI Accelerators Ascend
pre-
8 integration
solutions
decision- Data Cloud Data Data MapReduce
4 CloudTable
making services Ingestion Migration Warehouse (MRS)
Big Data
Services Data Lake Data Lake Cloud
Factory Insight (DLS) Strea
m

Page 9 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Geared up for the AI Era with HUAWEI CLOUD

ECS Heterogeneous Heterogeneo

BMS
inference us training
ECS/CCI ECS

H6 Ai1
Ascend 310 inside Ascend 310 inside
Inference: 16 TOPS Inference: up to 512
TOPS
Physical.
At1 At1
Ascend 910 inside Ascend 910 inside
Training: up to 2 PFLOPS Training: up to 2 PFLOPS

Ascend Inside

Page 10 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. AI Industry Trends

2. HUAWEI CLOUD EI Services

3. Industrial Practices of HUAWEI CLOUD EI

Page 11 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 ModelArts: A Faster Inclusive AI Development
Platform
minutes
18 Ultrafast Simplified

10 minutes

0 Coding
0 AI skills

similar products of ModelArts

other manufacturers Semi-automatic labeling, automatic
Conduct algorithm training using ResNet50 with parameter optimization, automatic
128 nodes based on millions of images network design

ExeML
f(x)
Time used for One-click
Model building
Simplified model training deployment Visualized
using ExeML
algorithm reduced by 50% to the cloud, edge, workflow
without learning AI marketplace
Data preparation development or device management
skills with AI
efficiency for fast model
improved a resource
generation sharing
hundredfold
Readily acquired Fast training Fast launch

Page 12 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Cloud - Edge - Device Synergy Makes AI Anywhere

Edge
Bot
Edge EI Customer 3rd-party
HUAWEI CLOUD Service Applicatio Application
EI s ns s Camera

Pre-integrated IEF IEF Edge Mobile phone

General Advanced APIs Container/Function Deployment,
APIs Solutions Deployment & mgmt.
Message, Security... IoT device
AI Essential Device mgmt. Hardware and
ModelArts Smart sound box
Platforms GES DLS MLS Batch Data ingestion Chipsets

5x
Performance improvement
30x
Bandwidth saving
6 MB 10 Million
Superior container engine Number of connections

Page 13 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 GES: Implements Large-scale Relational Data Analysis
and Query
Rich graph analysis
algorithm libraries

High-performance graph Distributed high-

computing kernel performance graph storage

200x 20,000 QPS 30% 50%

Computing Query Recommendatio Knowledge association
performanc throughpu n accuracy precision
e t

Route selection in network Social relationship mining Knowledge graph

topologies Auxiliary recommendations
(100 billion+ relationships, (million-level knowledge
(10+ constraints for 10 million (1 billion+ offerings, 100
responses within seconds) points, 10 million+
routes) million+ users)
associations)

Page 14 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Cloud Search Service

Fast retrieval Flexible & scalable Word dictionary Easy O&M

management
Supported Search Enhanced Processing
Functions Functions Capabilities
Various word splitters
(English, Pinyin, Jieba, IK, Customized PB-scale data
and simplified/traditional snapshot policy processing Track analysis
Chinese)
Synonyms Custom word Hundreds of
dictionary nodes in a cluster
Vector data
Hamming
Thousands of Reverse image search
Custom highlighting distance-based
scoring search fields
Exact search, fuzzy Product Seamless
search, search based quantization– interconnection
on combined based scoring with multiple Voiceprint retrieval
conditions, and algorithm data sources
Euclidean
geographical location distance–based Near real-time
search scoring data indexing Text retrieval

Page 15 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Diversified AI Applications
Content
Moderation
Recognition
General OCR Face Recognition
& Human Comparison
Card OCR Analysis Service
Search
Vision Image Tagging
Receipt OCR OCR
Video Content
ImageSearch Comprehension
Domain OCR
(VCC)
Video analysis
Custom OCR Video Content
AI
Tagging
General APIs
Video
Question- Recognition
Natural
Answering Bot
Language Video Guard
Task-oriented Processing Service (VGS)
Speech and
Conversationa
Conversati Semantics Automatic Speech
l Bot
onal Recognition (ASR)
Speech Bot
Service Text To Speech
Analytics
(TTS)
CBS Machine
Customization Translation

Page 16 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 AI Application - OCR

General OCR Receipt OCR Card OCR

Page 17 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 AI Applications in Vision
Face Recognition Image Recognition Content Moderation ImageSearch

Face Recognition provides Content Moderation adopts ImageSearch provides

Image Recognition precisely
capabilities of face detection, cutting-edge image, text, and image retrieval based on
recognizes object tags,
face key point locating, face video technologies that
scenarios, tags, concept tags, the image text or visual
retrieval, face verification, precisely detect advertisements,
and more in scenarios of the features. The service
and live detection in pornographic or terrorism-
copyright image library, supports image search
scenarios of identity related material, and sensitive
news media, and industrial based on the text and
authentication, passenger political information, reducing
detection. content.
flow analysis, facial any non-compliance risks in
attendance, and more. your business.

business modernlizatio
n

ship por
t

Page 18 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 AI Application - Conversational Bot Service

Government Healthcare Automobile

• Features 24/7 real-time emergency
NEW Fields commands
• Facilitates public services
• Makes decision-making more
effective, based on public sentiment
• Generates reports automatically,
improving efficiency by 35%
• Assists in diagnosis, improving
treatment efficiency
• Provides intelligent guidance,
accelerating medical treatment
• Provides pre-sales shopping
guidance, increasing potential
customers by 18%
• Offers post-sales customer
services, improving the overall
service quality
• Calls automatically, reducing labor
costs

Intelligent Intelligent Customization in Speech Conversation

Functions
Phonebot Q&A vertical domains analytics assistant

Language Language
Technologies Knowledge graph Basic algorithms
comprehension generation

Page 19 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 MRS: One-Stop Big Data Platform Accommodating
Full - Stack Hadoop Components

MapReduce Service (MRS) provides enterprise- Success Stories

level Hadoop big data clusters that can be fully
managed by tenants. HUAWEI CLOUD EI MRS Helps Zhejiang
Xinzailing Technology Co., Ltd. Seize Intelligent
Elevator Era
Real-time monitoring: Processed data is imported
into the real-time elevator monitoring system,
allowing alarms to be reported if elevator faults occur.

Secure Ultrafast query: With MRS/HBase point query and

Easy to Use European PSA certified,
Auto Scaling support for Kerberos
authentication and multi-user
management
Fast
Embedded CarbonData, Reliable
allowing query of 1 trillion All-node HA and real-time
data points in seconds SMS/email notification
batch scan capabilities, MRS works with Elasticsearch
to offer ultrafast query services for elevator data at
the business layer.
Multidimensional analytics: Using MRS Spark, batch
computing applications can easily be developed to
periodically obtain data from HBase for
multidimensional data analysis. They can then
generate elevator running reports for future use of
upper-layer business departments.

Page 20 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 DWS: Enterprise - Class Data Warehouse
Data Warehouse Service (DWS) is a fully-managed,
enterprise-class database service. It is O&M-free
and supports online scale-out and multi-source
data loading. It is compatible with the PostgreSQL
ecosystem and helps enterprises efficiently analyze
and monetize datasets online.
High Reliability
HA for all components,
ensuring zero single points of
failure (SPOFs) in the system
Enriched Ecosystem
Compatible with the
PostgreSQL ecosystem,
interconnects with nearly 20
types of ETL and BI tools, and
supports efficient import of
data from multiple sources
to databases.
Page 21 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
Security
Obtained the European PSA
certification, with tenants
isolated to ensure data
privacy security.
Low Cost
Pay as you go, costing only
one tenth as much as
traditional data
warehouses.
Success Stories
DWS helps a software company in the
construction field build a unified data
warehouse.
Unified Architecture: Consolidates the original multi-
technology architecture, simplifying data transfer and
O&M.
Super-Fast Querying: Aggregates multidimensional
data for online query and analysis, maximizing
inventory data monetization.
Fast Service Launch: Compatibility with the SQL
standard; smooth migration of original services,
reduced development costs of new services, and
shortened TTM from 1-2 weeks to 1-2 days
Elastic Scalability: On-demand resource expansion,
providing quick response to service growth
requirements.
 CloudTable: A Time Series, Spatiotemporal NoSQL
Database Based on HBase
CloudTable Service (CloudTable) is a distributed, scalable,
and fully managed NoSQL storage service on HUAWEI Success Stories
CLOUD. Based on Apache HBase, it offers strong
consistency and single-digit millisecond latency, making
CloudTable Helps Power Company Build a
it optimal for storing and querying large-scale structured
Sales Platform to Provide Big Data
and semi-structured data. It also provides time series Services
database capabilities and enables spatiotemporal big
data query analysis based on OpenTSDB and GeoMesa.
Application scenario:
High Performance Massive amounts of meter data need to be stored and
Supports millisecond-level Enriched Ecosystem queried. High-speed point query, range query, joint
latency, tens of millions of Compatible with native query, and real-time query are involved.
transactions per second (TPS), APIs of HBase, OpenTSDB, Response in milliseconds:
and scale-out. and GeoMesa In a point query, it takes 6 ms to query 20.7 billion pieces
of data of a year.
Time Series Database Spatiotemporal Big It takes 12.8 ms to query 96 pieces of data of one day.
Read/write performance is It takes 20.4 ms to query 672 pieces of data of a week.
improved by 30%-60%.
Data It takes 60 ms to query 2880 pieces of data of a month.
CloudTable supports IoT
Interpolation, downsampling, In a real-time query, it takes 1.1 ms to find the latest
storage and analysis of
and aggregation analysis piece of data among 4.5 billion pieces of data of a year.
massive amounts of
capabilities are supported. The
spatiotemporal data,
time series database has a
surpassing conventional GIS
high compression ratio (10:1)
systems.
and is cost-efficient.
Page 22 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 CS: Real - time Stream Computing Engine on the IoT

Cloud Stream Service (CS) is a real-time streaming

data analysis service. CS adopts the serverless
architecture and fully manages computing Success Stories
resources, allowing you to run StreamSQL, Spark,
and Flink jobs immediately. It delivers a low-delay,
high-throughput intelligent stream computing Cloud Stream Service Assists Huawei
Consumer BG in Precision Marketing
platform.

Powerful Functions Secure

Adopts both Flink and Physical isolation; fully- • Increase the click-through rate tenfold and the
Spark engines to deliver managed computing reservation rate 5.6 times.
industry-leading resources
capabilities. • Cover over 200 million users with a total of over
8 billion user tags of 15 tag types.
Easy to Use Pay per Use
Pay only for the SPUs • Reduce the average handling time per customer
Diversified SQL
functions, geographic you use and the complaint from 10 minutes to 3 minutes.
functions, online duration required
editing and (precise to the second).
debugging

Page 23 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 DLI: Data Mining Expertise in the Information Era
Data Lake Insight (DLI) is a fully managed big data
processing and analysis service freeing you from
server management. DLI provides insights from
Success Stories
heterogeneous data of various cloud services by
using SQL and Spark programs, without data SINOIMEX Achieves Fast Service Innovation Through
Efficient Big Data Analysis
migration. It supports standard SQL and is SINOIMEX is the first commercial institution in China to
compatible with SparkSQL. collect statistics on world goods trade and global buyer
data. After big data analysis, it generates information
Zero Data Migration Easy Data Sharing reports for members to query or download. The average
First federated analysis Data permission control and number of visits per day is 30,000.
authorization are implemented
of heterogeneous data for tables, columns, and views Reduce construction cost by 70%: It is easy-to-use
sources, requiring no to implement data sharing and and requires no O&M on the cloud, saving over
additional data migration. monetization among enterprise US$86,000 in building clusters offline.
departments or subsidiaries.
Migrate all data to the cloud within 2 hours: Use the
.NET platform to develop SINOIMEX portal website,
Pay per Use which is seamlessly interconnected with the ODBC.
You only need to pay for Open Ecosystem Smoothly migrated more than 3000 tables and over
resources you select for Zero changes when migrating 300 Impala SQL codes.
your queries. Auto scaling business data, and fully
of storage and computing compatible with Spark interfaces Provision new services 60% faster: Before migrating
resources allows you to such as SQL, Streaming, R, services to the cloud, 80% of the manual workload is
query data without worrying Python, and ML. for O&M and only 4% of the 100 TB of inventory data
about whether you have is valuable. Now, all data can be used in service
sufficient resources. innovation, maximizing data asset monetization.

Page 24 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 DLF: Data Lake Factory
Data Lake Factory (DLF) is a one-stop Big Data
collaboration platform, enabling data modeling,
data integration, script development, job
scheduling, job monitoring, and more. DLF makes
Big Data more accessible than ever before,
helping you quickly build Big Data processing
centers.
One-Stop IDE Platform
Easy building of cloud
data warehouses, without
requiring multiple tools
Easy to Use
Online editing and
commissioning of SQL/shell
scripts, 10+ types of preset
tasks, and intuitive drag-
and-drop interface
Page 25 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
Success Stories
Helping a Digital Building Platform
Service Provider Build a Cloud Data
Warehouse
Reduced Cost
Data Lake Development
Out-of-the-box and free of O&M, reducing
Management of multiple
big data services and data warehouse construction costs by 70%
support for cross-service
job orchestration and Rapid R&D
scheduling Easy-to-use one-stop development platform,
shortening development time required for
Stable and Efficient new data analysis tools from weeks to days
Scheduling
Diverse scheduling Efficient Processing
configuration policies and Fast integration of multiple heterogeneous
million-level job
scheduling
data sources and unified data management
and analysis, halving data processing time
 DIS: Lifting and Shifting Data to Cloud in Real Time,
Enabling a Full Connection Between Cloud Services
Data Ingestion Service (DIS) ingests large
amounts of data in real time. Its flexible data
collection, efficient transmission, and real-time Success Stories
distribution help you easily build applications Helping a Digital Building Platform Service Provider Build
capable of processing or analyzing streaming data. Helping a Company
a Cloud Build an IoT Platform
Data Warehouse
to Drive Real-Time Data Service
Secure and Reliable Innovation
High Efficiency Data encryption before
Millions of concurrent transmission, isolation of
tenant resources and
jobs, millisecond-level
operations, cross-AZ data • Real-time data collection from
response, and hundreds of storage, 99.9% of data
GB data transmitted per availability thousands of terminals
partition per day
• Near-real-time data import into
Easy to Use
Connection of multi-language Cost-Effective databases
SDK/Agent with mainstream Pay-as-you-go
open-source collection tools to pricing, 80% cheaper
easily collect, transfer, and • Labor cost halved
distribute data, and preset ETL
than systems built
operators. based on Flume and
Kafka

Page 26 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 CDM: Cloud Data Migration
CDM implements data mobility by enabling batch data migration among homogeneous and
heterogeneous data sources. It supports on-premises and public-cloud-based data sources, including file
systems, relational databases, data warehouses, NoSQL, big data, and object storage.
Third-party
Third-party HUAWEI CLOUD Helping a Digital Building Platform
cloud
cloud
Service Provider Build a Cloud Data
DB DB
Warehouse
Server
Hadoop Hadoop Server
HTTPS HTTPS
Big data Big data
Relational
Relational database
database

Data Data
CD
CDM warehouse warehouse CDM
M
Enterprise FTP DIS FTP DIS Enterprise
data center
VPN VPN data
center
DB Elasticsearch Elasticsearch DB

Server Server
OBS OBS
Big data Big data

Page 27 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. AI Industry Trends

2. HUAWEI CLOUD EI Services

3. Industrial Practices of HUAWEI CLOUD EI

Page 28 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Making It Possible with HUAWEI CLOUD

8 200
Industries AI Projects

City Manufacturing Healthcare Home

• Traffic flow
optimization
• Transportation
safety/traffic trend
analysis
• Production quality • Pathology • Home security
monitoring analysis solutions
• Sales forecasting and • Gene analysis • Elderly and child
production planning care

Campus Logistics Automobile Internet

• Passenger flow density • Inventory and route
analysis management
• Abnormal event • Document identification
monitoring and intelligent customs
clearance
• Fleet management • Content review
and intelligent • Intelligent video
operation recommendation
• Driver behavior
specifications

Page 29 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Three Major Applications of AI

1 2
Efficiency improvement Professional inheritance
Massive repetition Expert experience scenario
scenario

3
Breakthrough achievement
Cross-domain coordination scenario

Page 30 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Massive Repetition Scenario
AI makes you focus on high-valued services.
Example: Image Copyright Protection

Adding text Changing the color Adding pictures

Recapturing the image Cutting the image Modifying the image

50 million authorized images 100 million images from the Internet

Enablement of HUAWEI CLOUD EI service ImageSearch

ImageSearch significantly improves the methods for copyright image accountability. The service helps find over
80,000 infringed images from the 42 million images on the Internet according to 5000 copyright images.

Page 31 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Expert Experience Scenario
Specialist AI assistants help make experts more productive.

AI
10,000 pathologists vs 1.3 billion Sensitivity (true positive rate): 99%
population Specificity (true negative rate): 80%
Cervical cancer detection project
AI assistants are desperately needed to
Enablement of HUAWEI CLOUD EI visual analysis service
reach the expert level.

Page 32 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Multi-Domain Coordination Scenario
Endeavoring to make an intelligent, fully connected world.

More complicated cities Higher process requirements

Population gathering, traffic congestion, worsening environment Higher quality requirements and increasingly elaborated
How do we properly configure and efficiently utilize resources? requirements for classifications
How do we achieve flexible production?

Average traffic 15.2% Average 15%

delay vehicle Hit ratio of meeting customers' personalized requirements: 28%
speed
Enablement of HUAWEI CLOUD EI
services related to big data analysis, Enablement of HUAWEI CLOUD EI service MLS
deep learning, and reinforcement
learning

Page 33 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 EI City Intelligent Twins

Transport Emergency Environment

17.7% 24/7 70%

Average vehicle waiting time Risk alerts and interactive platform Accuracy of pollutant concentration
forecast every two days

Water treatment Water conservation Gas

> 10% > 8 types > 10%

Water consumption of sewage pools River regulation and water environment Less wasted gas
monitoring

Page 34 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
Thank You
www.huawei.com
API Gateway
Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Foreword
This chapter describes the trends and critical issues of API development and
introduces the key features and success stories of HUAWEI CLOUD API
Gateway.

Page 1 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Objectives
Upon completion of this course, you will:
• Understand what is API Gateway.

• Understand the key features of API Gateway.

• Understand the application scenarios of API Gateway and how it facilitates

enterprise digital transformation and API monetization.

Page 2 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. API Gateway Overview

2. The API Economy

3. FAQs

Page 3 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 API Gateway Overview
API Gateway is a high-performance, high-availability, and high-security API
hosting service that helps enterprises build, manage, and deploy APIs at any
scale. With just a few clicks, you can implement internal system integrations,
open up mature capabilities, and monetize operation capabilities with
minimal costs and risks.

Page 4 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. API Gateway Overview

2. The API Economy

3. FAQs

Page 5 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Opening Up IT Business Capabilities and Enabling
Asset Monetization Through APIs
B2B business cooperation model in 2019 The use of open APIs to greatly improved R&D efficiency. The "API Economy" creates value.

APICloud
SaaS 21 billion API calls per

API Economy has been

10% day

shaped up to be at a
600,000 apps generated
Other per year

large scale.
20% Development EaseMob

16,000 APIs
B2B

2 months
business
time Serves 130,176 enterprises.
Rollout time
cooperation
Saleforce
API quantity 7 days
API 1.65 trillion 13 billion transactions
70% completed through
APIs per day
Tradition mode API mode

According to Gartner, 70% of B2B business IDG: The Internet has proved that APIs can speed Market winners are no longer those who
cooperation will be conducted by using APIs up independent development and innovation. By are large in scale but those who boast
in 2019. APIs will become an important tool to using open APIs, developers can implement an rapid development. Speed is the only
important factor in the success of an
present and use digital assets such as data and idea in a few days, and scale or abandon it within
enterprise. The API Economy has been
software in the future. a short period the dominant trend.
APIs have become an important channel for enterprises to extend their products, acquire customers, help partners provide high-
value services, and expand the business ecosystem.

Page 6 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 The Shared Service System: Bringing New Opportunities and
Major Transformation to the Enterprise IT Industry
Monolithic Applications
• Siloed structure: highly complex, making maintenance, upgrade, and
extension difficult
• Difficulty in agile development and release
• Re-deployment of the whole application required in case of partial
updates
• Tedious application-by-application expansion required, with increased
difficulty in the event of a resource conflict
• Application-wide impact from a single unstable service
• Difficulty in introducing new technologies and frameworks because all
functions are deployed in a homogeneous framework
Page 7 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
Architecture of the Shared Service System
• Microservice structure: easy to implement, with each service
focusing on only one function
• Loosely coupled and highly reliable
• Motivating continuous integration (CI) and continuous delivery (CD),
and ensured system availability and stability even during frequent
service release
• Service development with optimal programming languages and tools
to resolve pertinent issues
• Development of services by separate teams, accelerating service
rollout
 The API Economy: A New Business Model
Enterprises accumulate service capabilities (functions) or valuable data as they develop. While ensuring no disclosure of
confidential information, they can offer these capabilities or data to other enterprises through APIs for paid use to
increase revenues. API provider
Select APIs API
consumer

Build
Open
capabilitie
APIs
s

Rapid
rollout
Advantage Obtaining
of speed value

Statistics of Apigee show that API calls are rapidly API providers and API consumers are not independent from each
increasing in all industries. other but interchangeable, forming a closed-loop ecosystem.

Opening APIs greatly promotes service innovation and standardization of existing services.
Page 8 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Critical Issues in Opening Up API Capabilities

Frontend applications need
to respond quickly to
customers' fragmented
requirements.
Backend services need to
offer stability, security, and
reliability.
Unpredictability of future Permission control and request How can we quickly obtain
application scenarios makes it throttling need to be implemented and master APIs?
difficult to determine how to on APIs to ensure legitimate usage of
open APIs, which APIs to
services and data and protect
open, and how to
information assets.
continuously evolve APIs
based on statistics.

Enterprise IT system architects: API providers: Enterprise managers: App developers:

How can we implement a two- How can we open up How can we make capability opening How can we quickly obtain
speed IT architecture? capabilities? manageable and controllable? and master APIs?

Page 9 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 API Gateway: 4-Year Track Record, 1 Billion API Calls
Per Day
Application Development Unified Automatic deployment; microservice registry, discovery, and Smart
and testing orchestration governance; middleware running O&M

API opening platform – API Gateway (high-performance, high-availability, and high-security API hosting service)

Distribut Distribut Distribute Application

Application Open source Enterpri Performance
DevCloud Cloud se-class ed ed d Function Function
Orchestratio native Management
Service cloud Cache Message Database computing
n Service Graph (APM)
Engine middlew Service Service Middlewa
(AOS) (CSE) are (DCS) (DMS) re (DDM) Application
PaaS
Creation of topology
Call chain
app, PaaS, Business enhancement: Control plane HA, cross-AZ SLA metrics
Cloud and IaaS HA, rolling upgrade, and bare metal container Log correlation
Performance resources Cloud analysis
Test Service with a few Container Exception
(CPTS) Engine Open source Docker warning
clicks
(CCE) native Backtracking
...

IaaS Computing (ECS/BMS/ARM) Storage (EVS/OBS/SFS) Network (VPC/EIP)

API Gateway currently supports all API integration and opening on HUAWEI CLOUD

Page 10 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 API Gateway: Facilitating Enterprise Digital
Transformation
Assuring
Accelerating Inspiring Satisfying
Security of Information
Agile Services Innovative Applications Personalized Experiences
Assets

• App developers can • API Gateway aggregates
quickly acquire, learn,
debug, and use APIs,
and connect to
standard, simple APIs to
speed up application
construction. • Backend services are out-
• Service providers can
open, manage, and
monitor APIs easily and
efficiently.
• Security transmission
protocols and access
authentication ensure
various service APIs, application access security.
• With the API orchestration • Multi-level request throttling
facilitating app utilization
function, scenario-specific policies can be configured to
and breaking service
APIs can be offered to ensure stability of backend
boundaries.
improve user experience. services.
• Log auditing provides
objective evidence for
• In the mobile Internet era,
of-box, allowing app problem tracking and
a backend service needs to
developers to focus on recovery.
adapt to multiple types of
service innovation and • Interconnection with
terminals.
promote product enterprises' existing user
competitiveness. authentication system
assures user authentication
security.

Page 11 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 API Lifecycle Management to Support Continuous
Service System Evolution
New services are introduced and existing services are continuously evolving, requiring API lifecycle management.

API providers define and create APIs, which are invisible to API
Create consumers because they have not been deployed on API Micro
API Gateway.
providers

API administrator
Visualized API
management Remove Publish APIs are published and deployed on API Micro Gateway, visible on
API Developer Portal and available for API consumers to subscribe
to.

API
Authorize The app authentication mechanism is provided to control user
Create access through AppKey and AppSecret.
Authorize

Publish
Remove APIs are removed from API Micro Gateway and deleted from the API
catalog.

Smooth replacement of existing services by new services, ensuring the stable running of customer applications.

Page 12 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Flexible Route Configuration to Decouple Frontends
and Backends
Performance: single-node, 15,000 QPS

Before Address change After Address change

Application 1 !!! 10.156.12.11
10.156.12.11 Application 1

AI AI

RES
Application 2 10.156.66.45 Application 2T Only 10.156.66.45
Imperceptibl configuration
ECS eRES required ECS
T
Application 3 Application 3 RES API 10.156.xx.xx
10.156.xx.xx
Gatewa
T
CCE y CCE
RES
Application n T
Application n
10.156.xx.xx 10.156.xx.xx
Third-party Third-party
services services

• Application development involves numerous service • Only service addresses need to be configured for applications to access APIs
addresses. through API Gateway.
• N applications must be updated in the event of service • Service addresses on API Gateway can be changed without needing to
address changes. update applications.

Flexible route configuration avoids unnecessary application adaptation.

Page 13 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Hierarchical Service Management and Control for
Orderly Opening of Service Assets
System System
API providers API consumers
administrator administrator

Publication

Subscript
review
Facial Visible on Searchable Subscribed API

review
Register API Publish
on the service Subscribe by a police

ion
recognitio parameter the service available
n API configuratio catalog catalog application for calling
n

Traffic control Publication review Usage application

When registering APIs APIs must be reviewed by the After subscribing to APIs on
through manual creation or system administrator before they API Developer Portal, API
YAML import, API providers can be published. Published APIs consumers can access the
can configure API- or app- can be accessed over public APIs only after obtaining
based request throttling networks. consent from the API
policies to control API calls. providers.
Multi-level administration makes service capability opening manageable and controllable.

Page 14 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Open API Marketplace for Fast Acquisition, Learning,
Debugging, and Use of APIs

API Marketplace: API documentation and

Quick API debugging
inspiration for SDKs for efficient
with optimal experience
innovation development

• Querying published APIs on • Online API debugging on API • Standardization of open API

API Developer Portal or API Gateway as a better documentation

Marketplace alternative to Postman • SDKs for efficient application

• A wide variety of API services • Immediate display of development

available, encouraging debugging results, with easy-

innovation reading return parameters

Page 15 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 API Call Monitoring to Promote Customer Service
Insight Analyze the same type of services
provided by different vendors, providing a
foundation for judging service quality and
utilization.

Service insight:
System monitoring: risk prediction
Learn about the usage of applications and services by
Monitor the calling performance and statuses of
Managers analyzing the types of APIs called by apps and the
O&M backend service APIs, monitor trends, and identify
number of call times, assisting managers with service
personne problems and risks.
evolution and decision making.
l

API metrics

Page 16 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Protecting Customers' Service Assets Through
Multiple Security Measures
➢ Access Security
Access Security • Secure network transmission through
Secure transmission Log Auditing HTTPS
protocols Interconnection with
App access ELK to provide logs • AppKey/AppSecret and token
authentication authentication to verify app identities

➢ Threat Prevention
• Request throttling by API and app to
Injection prevent malicious attacks
API Gateway
attacks • IP address blacklist or whitelist to prevent
API calling Service
API calling low and slow attacks
• Security sandbox for running unreliable
Cross-site code
scripting (XSS) ➢ Log auditing
attacks
• Log auditing provides objective evidence
for problem tracking and recovery.
Threat Prevention Third-Party
Request throttling Authentication System ➢ Extended authentication services
IP address blacklist or Interconnecting with
whitelist customers' single sign-on • Third-party authentication services
Security sandbox (SSO) server can be extended through AuthAdv.

Page 17 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Application Scenario 1: Multi-Scenario Servitization
Reconstruction
Implement lightweight servitization reconstruction on software package systems,
such as ERP and MES, to integrate cloud-based applications.
1. Major issues to be resolved
How to perform efficient and lightweight
Lightweight service
Enterprise software Cloud-based servitization reconstruction on software
integration of
package application application packages to integrate on-cloud applications
traditional applications
and off-cloud software packages?
2. Huawei's solutions
• Perform non-intrusive reconstruction on
Modernization and modernize software packages and
ERP PDM FIN SCM
plug-ins Cloud-based traditional siloed applications.
Other apps • Provide message and API capabilities for
Message
proprietary queuing traditional applications through data
applications Configuration conversion and plug-in configuration.

Transformation 3. Success story: CRM-MES integration

CRM SaaS used by Huawei's consumer
Filtering network is integrated with the
API Manufacturing Execution System (MES) to
Routing
Gateway query mobile number IMEI numbers. MES is
Log miner plug-ins/SDKs
Formatting servitized through API Gateway to provide
Proprietary
standard APIs, opening cloud-based SaaS
cloud-native
capabilities. The integration is completed
applications
within just one hour.
Page 18 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Application Scenario 2: Capability Opening and API
Monetization
Building an API opening platform, embracing the API Economy.
Outsourcing Third-party Third-party 1. Major issues to be resolved
Suppliers Distributors
manufacturers logistics developers
• Enterprises will become IT-based in the future,
so API monetization is crucial.
• API design will change from technology-driven
B2B gateway to service-driven.
API marketplace – open APIs EDI/AS2/RN 2. Huawei's solutions
Build a unified API gateway for the enterprise API
marketplace, reducing interface interconnections.
API Gateway integration platform 3. Success story
API Gateway Use API Gateway to package enterprise
MQS Protocol Data intelligence (EI) services into standard APIs, and
API design
conversion conversion
launch the APIs in the marketplace for sale. In
addition to monetizing service capabilities,
Multiple on- and off-cloud deployment modes for enterprise enterprises can choose well-developed third-party
applications API services from the marketplace and focus on
Other core business, reducing R&D investment and
Materials Warehousing Logistics Order improving operations efficiency.
systems

Page 19 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Recommended Evolution Roadmap for an API
Opening Platform
Follow the cloud migration process
to quickly interconnect cloud Integrate cloud-based applications and Streamline upstream and downstream partners and third-
applications with local services and interconnect devices; build a cloud-based party cloud applications; implement multi-cloud
data, laying a foundation for unified integration platform to converge collaboration and ecosystem integration, realizing
integration. enterprises' internal data. comprehensive service convergence.

Phase 1: Phase 3:
Interconnection of core cloud- Phase 2: Partner collaboration, third-party collaboration, and service
based services Internal integration innovation

IoT applications

Management
applications
Management

e innovation
Collaborativ
applications

applications

application
applications

applications

Production
Production

IoT
Cloud migration
app

API opening platform API opening platform API opening platform

IT IT OT

Industrial equipment
On-premise On-premise On-premise Industrial equipment Partners

Page 20 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 API Gateway Pricing Details (1 vCPU Required for
Every 2 Million API Calls)
Billing
Pricing Pricing Tier Pricing Basis Formula
Item

a. Pricing type: tiered pricing

b. Billing mode: pay-per-use
c. Billing cycle: day First tier: 0.06
d. Billing time: Bills are generally issued within 1 to 3 hours after the (0–10 million) Price for API calls =
current billing cycle ends. (Number of API calls
RMB per
e. Fee deduction mode: After a bill is generated, the billing fee is Second tier: 0.04 you receive -
API calls automatically deducted from your account balance. 100,000 API
(10–100 million) Number of free API
f. Currency: RMB calls
calls) x Unit price at
g: API calls: All API calls received by API Gateway will be billed. Third tier: 0.03
* The free tier of API Gateway covers the first 1 million API calls the relevant tier
received per calendar month. If this threshold is exceeded, you will (> 100 million)
be charged based on different tiers.

Total price for

a. Pricing type: fixed pricing Data transferred outbound data
b. Billing mode: pay-per-use from API transfer over public
c. Billing cycle: day networks = Amount
d. Billing time: Bills are generally issued within 1 to 3 hours after the Gateway over
current billing cycle ends. public networks: of data transferred
Outbound e. Fee deduction mode: After a bill is generated, the billing fee is 0.8 from API Gateway
data automatically deducted from your account balance. RMB per GB over public networks
transfer f. Currency: RMB Data transferred x Unit price +
g: If you use API Gateway along with backend services that are in from backend Amount of data
different regions or offered by other cloud service vendors,
additional charges may be incurred for transferring data from API services over transferred from
Gateway to the backend services. The billing will be based on the public networks: backend services
unit price for outbound data transfer over public networks. 0.8 over public networks
x Unit price
Page 21 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Embracing The API Economy, Expanding to New
Frontiers (6 Million API Calls a Day)
An enterprise opens standard RESTful APIs for its video services, such as live broadcast, video on demand (VOD), and transcoding,
through API Gateway. These APIs are launched to the HUAWEI CLOUD API marketplace, and packaged into HUAWEI CLOUD video
solutions for cloud tenants.
Uncovering service capabilities with Removes issues with industry
APIs attributes
An operations-based framework provides
Original SaaS products are
complete, end-to-end (E2E) services
comprehensive and mostly oriented
through APIs on the cloud. The services
towards the broadcasting & TV field.
include uploading, transcoding,
However, they cannot flexibly adapt to
screenshot capturing, pornographic
Standard other fields due to industry-specific
image identification, fast editing, smart Flexible
attributes. SaaS software modification
labeling, storage, VOD sharing, live
Opening is costly and time-consuming. Using
broadcast templates, cloud directing, Atomizing service
capabilities APIs can uncover atomic service
cloud near video on demand (NVOD), capabilities
through APIs capabilities without having to address
stream splitting, and data statistics
issues with industry attributes, thus
collection. The framework provides
creating universal capabilities.
customers with one-stop video and audio
services.
API delivery is simpler and faster than Simple Uncovering service capabilities allows
traditional SaaS delivery. To use an API, a rapid integration with partners, as well
user only needs to purchase the API from Online transaction as the rapid introduction of capabilities
the marketplace, and calls it by following Innovation of third-party cooperative partners.
and delivery
the instructions in the reference Capabilities of various APIs are
documents. The entire process takes less combined to drive service innovation.
than 30 minutes, significantly lowering
the usage and delivery costs.
Supports more lightweight delivery Explores new opportunities

Page 22 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Flexible Video Delivery Enabled by API Gateway (88
Offerings Available in the Marketplace)
Choose the Obtain video
HUAWEI CLOUD solution
video solution. HUAWEI CLOUD video solution capabilities.

Online API
market
API Gateway API Marketplace
transactions
API Request are connected
Customized manageme throttling & API API
Mobile offline
Data and
publishing purchasing
to the service User
nt caching service system. service
transaction opening
IoT API SDK API system
distribution
API review
generation subscription
PC
API API API Pay-per-
authentication monitoring promotion use

API call API information

Video
Service delivery
deployment Pornographic capabilities
Transcodin Screenshot
image Live TV VOD
identification
g capturing

Page 23 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. API Gateway Overview

2. The API Economy

3. FAQs

Page 24 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 How Are API Gateway Services Charged?

You can enable API Gateway and create and manage APIs for free. You pay
only for the number of API calls received and the amount of data
transmitted. There are no minimum charges or upfront payments.

Page 25 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 What SDK Languages Does API Gateway Support?

API Gateway supports SDKs of Java, Go, Python, C#, JavaScript, PHP,
C++, C, and Android.

Page 26 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 How Can I Protect My APIs?

Bind request throttling policies to your APIs to protect the APIs

against heavy traffic. By default, an API can be called up to 200 times
per second.

Page 27 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Do I Need to Publish an API Again After Modification?

Yes. After you modify the parameters of a published API, you must
publish the API again to synchronize the modified information to the
environment.

Page 28 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Recommendations
HUAWEI CLOUD Help Center

https://support.huaweicloud.com/en-us/productdesc-apig/en-
us_topic_0080101651.html

API Gateway Demo

https://console.huaweicloud.com/apig/#/apig/expdemo

Page 29 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
Thank You
www.huawei.com