Hi everyone, welcome to the first chapter in our Tencent Cloud Solutions Architect Associate course, Cloud Architecture Design Basics. At the end of this chapter, you'll be able to understand the principles behind designing cloud solutions including, high availability, high security, high scalability and cost optimization. Understand foundational Tencent Cloud products, and design a workable Tencent Cloud solution. In this chapter, will cover two sections, Cloud Architecture solutions and Designing a Workable Solution. This video will cover the first section, Cloud Architecture Solutions. The next video will cover the second section. Okay, let's get started with Section 1, Cloud Architecture Solutions. Now, in this video will cover the reasons why we need Cloud Architecture Solutions, High Availability Architecture Solutions, High Scalability Architecture Solutions, High Security Architecture Solutions, and Cost Optimization Architecture Solutions. So why do we need Cloud Architecture Solutions? Well, the technical implementation of services infrastructure for implementing applications and continuity, security, growth and costs involved in cloud products and services, require Cloud Architecture Solutions such as hardware planning, data planning, network planning, disaster recovery planning and cost planning. The purpose of Cloud Architecture Solutions, is to select and combine Cloud products at a reasonable cost, to meet service requirements, and improve system availability, scalability and security. Support services and metrics must also be taken into account when designing Cloud Architecture Solutions. Now, let's go over High Availability Architecture Solutions. Will go over the concept of high availability, the principles of High Availability, and Tencent Clouds High Availability Service. High Availability, HA, is the probability that a computer system can run normally and continuously without any faults. In Internet services, this probability refers to the average probability, that a computer system can provide services for users normally. HA can be measured using the following equation. Mean time to failure divided by the sum of the mean time to failure and the mean time to repair times 100%. HA Solutions greatly improved the probability of the continuous fault free running of the computer system, through certain system designs and system function support. Below are the four types of availability levels, ranging from basic availability with an annual downtime of 87.6 hours, to extremely High Availability with an annual downtime of 5 minutes. As you can see, High Availability is very important. So how can you improve Availability? Well, you should try to maximize the mean time to failure, and minimize the mean time to repair. To do this, you need to evaluate the availability level, the redundancy design, and the elasticity design of the Cloud Architecture. Now, some of the main factors that enable High Availability are, strong international disaster recovery and service recovery capabilities. Disaster recovery, DR, can be divided into six levels from level 1 to level 6. With the first four levels being the initial construction objective, and the last two levels being the ultimate objective. The ultimate goal is to obtain a DR level of six, with a recovery time objective of minutes, and a recovery point objective of zero. This slide shows you the RPO, RTO and NRO. Now, remember that you want to reduce the RTO while increasing the RPO. However, you need to keep in mind that as you do so, your costs will escalate. For example, for RPO, you might use tape backup initially, but later use asynchronous replication, which will result in higher costs. Similarly for RTO, you might start off with manual migration, but later transition into a fully automated migration system, which will increase costs. Therefore, what's important when designing DR for a customer, is to determine the acceptable RPO and RTO for the customer and consider your NRO's. The availability requirements must be specified during system design. And the availability must be evaluated in a timely and continuous manner, based on the specified period and unexpected adjustment. The requirements include, available time requirements within a period, including the planned and unplanned downtime. Service volume indicators and response time requirements. And availability requirements during special periods. Mail Systems and E-commerce platforms are examples of systems that require 24/7 availability. Okay, now let's move on to Redundancy Design, which is one of the ways to ensure HA, in a single node and single channel scenario. If you have a failure in one channel, this can lead to a failure in the entire stream. In contrast, in a multi node and multi channel scenario, if you have a failure in one channel, this will not lead to a failure in the entire stream, because there are other nodes and channels available. Here are diagrams of three modes that exemplify Redundancy Design. Primary-secondary mode, Dual-system duplex mode, and Cluster mode. The dual-system duplex mode, is often used for high availability purposes. And the cluster mode is commonly used for Hadoop big data platforms. The primary-secondary mode, is the most used redundancy design mode, and is used when the performance of a single instance is sufficient to support service load. In the primary-secondary mode, when the primary server is faulty, the standby server takes over services immediately. In addition under this mode, TencentDB is deployed in the dual system hot standby mode by default, and user configurations are not required. In the dual-system duplex mode, two applications exist. Each application has two instances for HJA, and the two applications occupy one instance respectively and back up each other to achieve HA. The cluster mode can be used to achieve high availability, and overcome the performance bottleneck caused by a single node when services have high performance requirements, and cannot rely on a single mode. In the cluster mode, load balancing configurations can also be used. Tencent Cloud's TencentDB for Red's Cluster Edition, TencentDB for Memcached and TDSQL use the cluster mode. This diagram demonstrates the principle of scalability. You can change your configurations by scaling up, increasing the resources in your system. On the other hand, you can increase your number of instances by scaling out, which is a more flexible method. Scaling out also allows you to implement auto scaling when the server is busy. Tencent cloud HA support can be divided into hardware support, platform support and AJ components. In terms of hardware support, Tencent cloud deploys its servers all over the world, making comprehensive disaster recovery policies possible. High quality IDC Server rooms are used to implement multi carrier access and high standard server room network construction. In terms of platform support, virtualization technology, redundant data storage and automatic instance fail over are implemented in the data center. In terms of AJ components, Tencent Cloud provides high availability product designs such as dual system hot backup through databases and nat gateways. And distributed deployment through SCF and cloud cash. A J components include storage, database network Middleware and CDN and acceleration. Storage includes object storage, file storage, archive storage and block storage. While database includes relational databases, elastic cash, H tap databases, time series databases and distributed databases. Network includes NAT Gateway and DNS while middleware includes message queue, API gateway and 10 cent clouds microservices latform TSF. Finally, CDN and acceleration includes website acceleration, download acceleration, audio and video acceleration and security acceleration. Here's a typical logical diagram of Tencent clouds, HA architecture. It contains HA components such as CDB, CVM readiness and ClB and reflects architecture designs such as to region 3DC load balancing and elastic scaling. The diagram also illustrates how networks can be connected via VPC peering connection, although not shown here. Networks can also be connected via cloud connect network. Okay, now let's move on to high scalability architecture solutions. We'll dive into high scalability concepts, high scalability principles and Tencent clouds decoupling components. System scalability is defined as the ability for the system to adjust to service and function changes. In contrast, high system scalability is when module functions can be modified without affecting other modules. Adding or deleting function modules does not affect the original architecture, and the development team can easily cope with service changes and roll out. High scalability design principles include core principles of high scalability, such as decoupling. The decoupling process involves standard cloud components and his microservice based. Base on Tencent clouds standard components, asynchronous reconstructions can be implemented using message queues. This process involves sorting out key paths of business logic and separating non-key logic. A synchronously processing, distributed transactions using the storage and forwarding functions of message queues and using the message queue, subscription function. Tencent cloud standard components, reduce the need to develop general services. Specifically, clustering and scaling capabilities are taken into consideration when designing cloud services. So that businesses do not need to worry about these capabilities. In addition, cloud services are standardized and highly abstract and do not involve specific business logic. Lastly, highly abstract services provides standard interfaces, reducing data dependency and improving scalability. Tencent clouds standard components also involve separating compute and storage. For example, sessions and tokens should be stored in high speed cash components instead of computing servers. In addition, compute and storage should be separated to avoid data coupling and support the elastic scaling of computing capabilities. Microservice based decoupling components involved properly designing the service granularity. Clarifying the dependency between services and isolating the dependent service logic to be an independent service. Okay, now, let's take a look at high security architecture solutions will explore high security concepts high security principals. Tencent clouds, high security services and high security use cases. The purpose of high security is to ensure service continuity and security prevent data losses and prevent data leakages, which involves principles such as host security. Network security, data security, application security and service security. One principle of high security is host security which includes host risks such as Trojan horse attacks, password breach attacks and vulnerability attacks. Host security can be insured by formulating a proper patch update policy implementing periodic vulnerability scanning. Installing security protection software and disabling or replacing high risk ports. Another principle of high security is network security, which includes network risks such as DDoS attacks, XSS attacks, injection attacks, CC attacks and CSRF attacks. Network security can be insured by traffic cleaning, periodic vulnerability scanning and network isolation to prevent data losses. High security principles also include data security, which involved data risks such as data leakage and data theft. Data leakage can occur as a result of employee negligence and system faults. While data theft can occur as a result of sniffing attacks and man in the middle attacks. Data security can be insured by assigning access permissions based on the principle of the least privilege and encrypting data. The final high security principle is service and application security. Which includes service and application risks such as speculators, financial fraud and application vulnerabilities. Service and application security can be insured by creating anti bot policies using Tencent Cloud to identify user profiles. And enhancing application protection and fixing vulnerabilities. Here are the different types of high security services offered by Tencent Cloud. Network security services include anti DDoS protection and the threat intelligence cloud query service. Marketing risk control services include 10Di service security protection and verification codes. Application security services include web application firewall vulnerability scans and network asset risk monitoring systems. Host security systems include web shell detection, password breach attack detection and more. Data security services include the data encryption service, key management service and sensitive data processing. Regarding network security, Tencent cloud offers 900 GB BGP protection for a single customer in China with exclusive 30 line BG PIP. Access resources. Tencent cloud also offers TenDI service security protection which covers registration protection, login protection and spam protection. Regarding intranet security, Tencent cloud provides Tenant isolation ACL and security groups via VPC. For host security, Tencent Cloud offers security protection services such as intrusion prevention and vulnerability warnings via cloud workload protection. Tencent cloud also offers professional services such as security solutions for emergency response and penetration tests. Finally, regarding application security, Tencent Cloud provides one stop security solutions for apps. Okay, let's move on to cost optimization architecture solutions. We'll look at cost optimization concepts, ways to reduce costs, cost effective Tencent Cloud services and cost optimization use cases. The most important cost optimization concept for the cloud industry is that cloudification or migration to the cloud reduces investments in resources. For example, migrating to the cloud can reduce a customer's management, development and ops costs. It can also decrease a customer's data center, hardware and network costs. Finally, it can also reduce the customer's time spent on IDC site selection, integration service providers selection, business negotiations, device commissioning and trial runs. Migrating to the cloud also allows customers to fail fast which means that companies can try other solutions if one solution doesn't work. Now let's look at ways to reduce costs. The first way to reduce costs is to reduce infrastructure costs by adopting pay as you go and elastic scaling or scaling out your system when demand for resources is high and scaling in your system when demand for resources is low. Another way to reduce costs is to reduce development costs. TSF, a past platform centered on applications and microservices saves you costs by eliminating the need to build applications and microservices yourself. In addition Tencent clouds serverless cloud function, a serverless execution environment provided by Tencent Cloud helps reduce development costs by allowing you to run code without purchasing or managing servers. Finally, Tencent clouds pass allows you to focus your development resources on core services and let Tencent cloud handle everything else. Another way to reduce costs is to reduce operations and management O&M costs. Tencent cloud can reduce your O&M costs by providing a monitoring management portal for all cloud products to facilitate the real time and accurate monitoring of the health statuses of Tencent clouds products and services. Tencent clouds one stop O&M service, BlueKing offers a comprehensive O&M and management platform, improving operations efficiency and reducing O&M costs. The final way to reduce costs is to select a suitable Tencent cloud payment mode. Tencent cloud offers several payment modes including monthly subscription, pay as you go and the free basic edition. Monthly subscription allows you to pay for several months up front at a lower rate before using cloud resources. Meanwhile, pay as you go, allows you to pay for what you actually use with no upfront payments required, with billing cycles ranging from hourly and daily to monthly. Finally, the free basic edition is available for some security products that provide the basic edition with limited functions for free. Tencent cloud also offers reserve instances which provides a discount for pay as you go instances in exchange for long term use and spot instances which are available only for certain regions and instance types. Customers should contact Tencent cloud to use spot instances. Monthly subscription is suitable when stable service and long term usage is needed and there are low costs. Pay as you go is suitable when there are fluctuating and unpredictable service demands and short term usage. Let's compare how Tencent clouds pass and IS services differ. Tencent Clouds Pass Service includes databases, application platforms and dedicated application processing. It features elastic resource scaling on demand purchase and reduced development and O&M costs. In contrast Tencent clouds IS service includes computing, network and storage. It features elastic resource scaling and on demand purchase. It also offers standardized management to reduce O&M costs. The high availability and security of Tencent cloud services enabled Tencent cloud users to reduce DR and security investments. This diagram illustrates how cost optimization can be implemented via elastic scaling and how you can decouple your system and scale these services as needed.
