Next, let's look at RDS Monitoring and Security. The RDS console provides full performance metrics, which allow you to get a clear picture of the running state of each of your RDS database instances. So, these metrics are provided by CloudMonitor. CloudMonitor is the free monitoring tool that's built-in to the Alibaba Cloud platform. We also use this to monitor other services like ECS. And for RDS, CloudMonitor can record storage usage, memory usage, so that's RAM utilization, CPU usage, and many more.

Security. RDS provides a three-level Security Defense System to protect databases against a variety of security threats. We have a built-in anti-DDoS service, which protects against DDoS attacks up to five gigabits per second; built-in IP whitelisting, which supports up to 1,000 IPs per whitelist; and WAF or web application firewall, which can help defend against brute force attacks, SQL injection attacks, and a few other forms of common database-level attacks.

The RDS service also includes SQL audit capabilities, so you can keep track of the who, what, and when of database access and modification. On the security front, in terms of access to the RDS service and ability to manage the RDS service, we use something called RAM, Resource Access Management. This is actually how permissions are managed across all Alibaba Cloud services. So, of course, under your Alibaba Cloud account, you may have multiple users, perhaps you have developers, and database administrators, and auditors, and perhaps a few other types of roles.

Each of these people will have their own RAM account and they'll use this RAM account to log in to the Alibaba Cloud console. RDS allows you to set what's called RAM policy, which controls which of these RAM users can access and manage RDS. Now, that's at the RDS service level. So, what do you do about database users? How can your DBA manage permissions? RAM can't do that. RAM is designed to manage access to Alibaba Cloud's services. So, it actually works at the service level. If you need a service that allows you to manage user permissions at the database or table-level, then you need to use DMS.

DMS is our Data Management Service. So, with DMS, you can have a unified platform within the Alibaba Cloud console that manages access to individual databases, tables, and even columns for a variety of different users. And this is semi-automated. So, as the database administrator, you can set up a web form where your RAM users can apply for time-limited permissions to use the database. And then you, as the DBA, can approve. When you approve, the DMS system will automatically generate and execute GRANT statements to give the user the permissions they asked for and when their permissions expire, the accompanying REVOKE statements will also be automatically executed by DMS.

So, if you have multiple database users, this can save your database administrator a lot of time. Access control. So, again, this is done mostly through IP address whitelisting. Every RDS instance has at least one whitelist, which contains the IP addresses or address ranges that are allowed to access the database. We also provide SSL encryption. In particular, this supports MySQL and I believe also Microsoft SQL. So you can include encryption in transit between your ECS instances and your RDS database. So, if you want, you can add HTTPS SSL encryption as an optional feature so that access to your database instance is encrypted.