Introduction: The original intention of MyBase is to solve the various pain points encountered by users in the cloud, and to meet the different needs of the company's various roles on the database.
The birth background of MyBase
(1) The troubles of going to the cloud
Currently, databases are mainly divided into three categories: offline self-built databases, cloud self-built databases and cloud databases.
Through interviews with users who use cloud databases in the cloud and offline, we conclude that different types of users encounter the following situations when they go to the cloud:
1. Offline self-built database
- advantage
1) Autonomous and controllable
Compared with cloud databases, some users believe that offline self-built databases are more secure and reliable;
2) Exclusive use of resources
All resources are allocated by users themselves, and do not need to be shared with other users;
3) Data security
Users use self-built databases to increase data security to a certain extent;
- Disadvantage
1) Complex operation
Users need to purchase hardware by themselves and put it on the shelf to build a data center, which has high operating costs and is extremely cumbersome and complicated;
2) High pressure on operation and maintenance
In the event of a power outage or equipment failure in the computer room center, the staff in the operation and maintenance center will be very stressed;
3) Long online period
All facilities need to be built from zero, and the online cycle is very long;
4) Poor scalability
Storage expansion and computing expansion are very poor;
5) High cost
It is necessary to set up a dedicated team, and the cost of manpower and material resources is very high.
2. Self-built database on the cloud
- advantage
1) Shorten the online cycle
There is no need to purchase hardware and build a data center on your own, you can directly purchase resources on the cloud according to your needs, and you can quickly deploy your business;
2) Scalability (medium)
Rich resources on the cloud, low expansion difficulty;
3) Cloud DC infrastructure is stable
Cloud vendors spend a lot of energy to build data centers, and the infrastructure is more stable than self-built;
- Disadvantage
1) Complex operation
The DBA needs to install and deploy the database, build HA, backup, and monitor by itself;
2) High pressure on operation and maintenance
The daily operation and maintenance of the database still needs to be handled by the DBA;
3) Shared resources
Share resource pools with other users;
4) No SLA guarantee
3. Cloud database
- advantage
1) Servicing
Fully managed, maintenance-free, and rapid kernel evolution;
2) Scalability (excellent)
Only simple operations can complete the expansion;
3) SLA guarantee, high reliability
4) Rich supporting tools
- Disadvantage
1) Worry about data security
I can't see or touch, I feel guilty. No host permissions, only instance permissions. There is no way to start host auditing, only DB instances can be audited at most;
2) Costs may increase
Self-built on the cloud only needs to pay for basic resources such as ECS, and the price of cloud database services may increase by more than 10%;
3) Shared resources
(2) Balance the concerns of each post
As shown in the figure above, different positions have different concerns about the database.
Under normal circumstances, the CFO only cares about cost issues, and the CEO will consider data security, autonomous controllability and fast GTM issues, and focus on product safety and rapid launch.
DBAs are more concerned about autonomy and control. If all businesses use cloud services, will DBAs face the risk of being replaced? On the other hand, resources are monopolized. If resources can be monopolized, the stability of the entire system can be guaranteed to be optimal, and there is no need to compete for resources with other users.
Development, operation and maintenance personnel pay attention to convenience, and they are more favored by the ability to provide service-oriented and fully managed products.
Product form and definition of MyBase
(1) The product form of MyBase
In response to the above problems, Alibaba Cloud database product managers, developers, and architects put forward a new design concept after thinking and thinking: move IDC to the cloud, and build an independent and controllable IDC on the cloud. After the cloud is fully deployed, it can still be autonomous and controllable, and at the same time it can reduce costs and increase efficiency.
1. Exclusive resources
Users purchase their own dedicated physical machines without having to compete for resources with other users.
2. Open OS permissions
Open the entire back-end OS permissions to users, users can see all system logs and related directories, and can also install their own software on them.
3. Adjustable resource scheduling
If the user has multiple databases, some are memory-consuming (such as Redis), and some are computationally consuming, these various types of databases can be mixed on a physical machine. At present, resource scheduling provides a customized scheduling mode, and users can configure themselves according to their own business.
4. Alibaba Cloud Kernel
MyBase opens the entire Alibaba Cloud service kernel to users, and users only need to purchase a physical machine to get a full set of Alibaba Cloud database kernels. Under the premise of autonomous and controllable, you can enjoy fully managed cloud services. Currently, MyBase supports multiple databases such as MySQL/SQLServer/PostgreSQL/Redis/MongoDB.
(2) MyBase product definition
1. Product definition
Purchase cloud database services in the form of a host, currently including RDS MySQL, PostgreSQL, SQL Server and Redis services. In addition to giving PaaS databases the same capabilities, they also have resource over-allocation, hybrid deployment, resource scheduling, flexible strategies, and more open permissions. Independent operation and maintenance capabilities to meet the core requirements of large and medium-sized enterprise customers for independent management of databases on the cloud.
2. Sales method
1) Purchase on a monthly basis, starting with two sets;
2) The host is paid, and the instance is free;
3) Support local SSD disk and ESSD cloud disk (additional charge);
4) Support Shenlong server.
3. Product principle
The product principle mainly includes the following five parts:
1) Over-allocation of custom resources
When virtualizing, users can over-allocate resources based on actual needs, such as 200% of resources or 300% of resources.
2) Custom hybrid deployment
Multiple types of databases can be mixed and deployed together.
3) Self-selected resource scheduling
4) DBaaS can be integrated
5) Permission open
(3) Changes in the form of cloud database services
In the past, many cloud database users shared the resource pool on the cloud with other users. With the product form of MyBase, through the purest physical isolation, users can monopolize the resource pool and operate their own resources independently, which is more convenient and safer. .
(4) OS permissions
MyBase opens OS permissions to realize the purest permissions for users and dispel users' doubts about going to the cloud. Retaining all the original operation and maintenance work modes can give full play to the value of DBA and solve database problems in time. At the same time, users can also deploy original self-developed management systems (such as monitoring, etc.). More advantages are as follows:
Features of MyBase
(1) Open MyBase OS login
As shown in the figure above, after opening the OS, users can perform the following operations:
1) Log in to the purchased dedicated host and have the rights of ordinary users;
2) Mount an independent cloud disk and provide it to users to write (free 100G cloud disk);
3) Information such as instance logs are provided for users to read;
4) Deploy and run your own processes and tools.
(2) MyBase's rich permissions are open
As shown in the figure above, MyBase currently has a wealth of permissions open, and the operating system directory permissions include:
1) Database instance space directory (rx):
View common logs such as error log, slow log, and audit log.
2) Operating system directory (rx):
View common directories and files such as host logs and kernel configuration.
At the same time, we have built the OS tools commonly used by DBA into MyBase, including:
1)yum
2)make;cmake
3) pt tool command
4) tcpdump (packet capture)
5) lrzsz (upload and download)
6) gzip (compressed)
7)wget
8) mysql; psql (client)
9)kill
10) Other commonly used DBA commands
At present, MyBase already has a fairly complete OS tool, and we will continue to improve it based on user feedback and needs in the future to facilitate users to use.
(3) MyBase system pre-installed software
As shown in the figure above, MyBase is currently pre-installed with many software commonly used by users, including functional software such as login, compilation, compression, and decompression, to create a one-stop service for users.
(4) MyBase links the fortress machine to make the most secure database
After we released the OS permissions, in order to prevent a few users from operating at will, we set up a bastion machine mechanism, and users cannot log in to the background directly after logging in. At the same time, we have set up three safety measures: operation audit, authority control and safety certification.
1. Operation audit
Multi-faceted records of operation and maintenance personnel's operational behaviors, as a basis for retrospective guarantee and accident analysis, include the following aspects:
1) Operation and maintenance operation records
Detailed records of operational errors, malicious operations, and unauthorized operations;
2) Linux command audit
Can extract command character audit, command fixed-point playback;
3) Windows operation video
The whole process of recording remote desktop operations, including keyboard operation, mouse operation, window opening, etc.;
4) File transfer audit
Support remote desktop file transfer, SFTP original file audit.
2. Authority control
Carry out account management and control and authority group management, separate functions and powers for personnel and asset management, including the following aspects:
1) Account control
The uniqueness of operation and maintenance accounts, to solve problems such as shared accounts, temporary accounts, and abuse of permissions;
2) Right group management
Establish authorization management of personnel responsibilities and resource allocation according to personnel, servers, and server groups
3. Safety certification
Introduce a two-factor authentication mechanism to prevent fraudulent use and reuse of the identity of operation and maintenance personnel.
It supports multiple two-factor authentication mechanisms, and controls the risk of account password leakage through SMS authentication, RAM sub-account MFA and other technologies.
to sum up
The original intention of MyBase is to solve the various pain points encountered by users in the cloud, and at the same time meet the different needs of the company's various roles for the database, mainly from four aspects:
1. Cloud services
MyBase provides users with Alibaba Cloud cloud service technology. Users only need to purchase a physical machine to use all instances for free, and it supports the functions of existing RDS and has powerful expansion capabilities.
2. Safe isolation
The user can enjoy the host exclusively, and the integrated bastion host management ensures that the user does not need to worry about security issues while enjoying the OS permissions.
3. Autonomous and controllable
Open OS permissions, retain the user's operation and maintenance habits in the original operating system, and deploy their own common tools in MyBase. DBAs can give full play to their own advantages without worrying about losing operation and maintenance permissions.
4. High cost performance
Let users reduce costs and increase efficiency, and provide custom over-provisioning functions. Users can over-provision resources according to actual business needs, effectively reducing costs.
Original link: https://developer.aliyun.com/article/782293?
Copyright statement: The content of this article is voluntarily contributed by Alibaba Cloud real-name registered users. The copyright belongs to the original author. The Alibaba Cloud Developer Community does not own its copyright and does not assume corresponding legal responsibilities. For specific rules, please refer to the "Alibaba Cloud Developer Community User Service Agreement" and the "Alibaba Cloud Developer Community Intellectual Property Protection Guidelines". If you find suspected plagiarism in this community, fill in the infringement complaint form to report it. Once verified, the community will immediately delete the suspected infringing content.