On June 1, the 2023 Alibaba Cloud Summit Guangdong-Hong Kong-Macao Greater Bay Area was held in Guangzhou. Guido, General Manager of Alibaba Cloud Intelligent Open Platform, delivered a speech on "Building a Safe, Efficient, and Stable Excellent Architecture" at the meeting, and officially The "Alibaba Cloud Excellent Architecture White Paper" was released to provide guidance for enterprise cloud-management cloud solutions and product implementation, and help enterprises build a more secure, efficient, and stable cloud architecture.
This book is co-authored by Alibaba Cloud architect team, product team, global delivery team and many other teams based on the experience of serving enterprises over the past years. The matrix of methodologies, solutions, detections and tools is introduced to help enterprises effectively deploy, use and manage the cloud well.
From "Using the Cloud" to "Using the Cloud"
Digital transformation is in full swing, and cloud computing has gradually become the core driving force for enterprise development. Under this trend, for today's enterprises, "whether to go to the cloud" is no longer a question. However, when entering the deep water area of the cloud, problems such as outdated traditional architecture, low operational efficiency, and low system stability are constantly exposed. Customers are paying more and more attention to controlling risks, reducing costs, and improving efficiency on the cloud.
For cloud users, it is a huge challenge to maintain a good cloud architecture in the process of migrating to, using, and managing the cloud. For cloud applications, stability, security, performance, and cost are the most general abstractions in architecture design, and they are also the dimensions that require the most attention at the organizational level. Therefore, based on years of experience in serving customers from various industries, Alibaba Cloud summarizes the best practices of architecture design on the cloud into a series of methodologies and design principles to form the Alibaba Cloud Well-Architected Framework to help Cloud users build good to great cloud architectures.
Architecture of Excellence defines five pillars of best practice
Alibaba Cloud's excellent architecture is composed of five pillars: security compliance, stability, cost optimization, excellent operation, and efficient performance. It provides a matrix of methodologies, solutions, detection, and tools. business development.
◉ Security compliance: Identify the internal and external security requirements and regulatory demands of the enterprise, plan and implement comprehensively in the cloud environment for network security, identity security, host security, data security, etc., while continuously detecting threats and quickly response.
◉ Stability: Failure of a single component cannot be avoided in any environment. The goal of stability is to minimize the overall impact of a single component failure on the business.
◉ Cost optimization: Understand the cost distribution of cloud resources through technical means, help enterprises balance business goals and costs on the cloud, build business applications by fully and efficiently using cloud services, and improve the fit between the cloud environment and business needs as much as possible. Continuous optimization to avoid resource waste, reduce unnecessary cloud expenses and improve operational efficiency.
◉ Operational Excellence: Focus on the construction and use of tools and systems related to the application development state and operation state. At the same time, it is also necessary to consider how the organization responds to applications, workloads, resources, events, etc., define daily operating procedures, and guide enterprises to build their own operating model.
◉ Efficient performance: Automatically trigger elastic scaling capabilities based on performance monitoring indicators, use the resource reserves of the cloud platform to cope with traffic peaks, and establish a complete observability system to help locate performance bottlenecks. Establish a performance baseline through performance testing, verify architecture design goals and continue to optimize.
Sustainable landing solutions
Implementing a safe, efficient, and stable excellent architecture is a continuous process that requires constant iteration. Alibaba Cloud proposes three stages of "learning, measuring, and optimizing" for customers' implementation. In the learning phase, you can use white papers to understand the best practices under each pillar; in the measurement phase, you can use assessment questionnaires and maturity reports to understand the current status and problems of the current cloud application architecture; Solutions and tooled products can be optimized and improved by themselves. In the process of business iteration, continuous measurement and improvement are also required.
Security is the lifeline of every business. For cloud applications, it is often necessary to access cloud services to obtain data through Alibaba Cloud AccessKey. Once the corresponding AccessKey is mismanaged and leaks, it will often cause irreparable consequences such as data leakage, financial loss, regulatory accountability, and reputation damage. Therefore, from a security point of view, it is extremely important for applications to safely use AccessKey during the architecture design process. Taking the identity and access control scenario in the security compliance pillar as an example, it introduces how to practice the cloud best practices defined in the excellent architecture in the application key management scenario:
◉ During the learning phase, the security compliance pillar of the Architecture of Excellence proposes several best practices for the management of program identities (in this case, AccessKey). One of them is to periodically rotate the AccessKey. The exposure time of AccessKey is shortened by regular rotation to reduce the risk of leakage.
◉ In the measurement phase, the governance detection report provided by Alibaba Cloud Governance Center products can multi-dimensionally scan the risks in the use of AccessKey under the current cloud account. For example, AccessKeys that are not regularly rotated, and AccessKeys that have never been used and have been idle for a certain period of time, risk warnings and detailed lists are given.
◉ In the optimization phase, the Cloud Governance Center provides improvement plans and suggestions for the identified problems. Users can perform self-service management according to the corresponding plan documents, clean up idle AccessKeys, rotate AccessKeys, use temporary keys (STS Token), etc., to reduce the risk of AccessKey leakage and improve maturity.
It can be seen that the implementation of the excellence framework is a continuous process. At the same time, with the continuous development of Alibaba Cloud, the definition and best practices of the excellent architecture will continue to be iterated and improved. On the way for enterprises to go to the cloud, Alibaba Cloud will continue to work hard to help enterprises to use the cloud well, use the cloud well, and manage the cloud well.
Click to download the white paper
Click to try cloud products for free now to start the practical journey on the cloud!
This article is the original content of Alibaba Cloud and may not be reproduced without permission.