ECS Demo
Start course

This course introduces you to Alibaba’s Elastic Compute Service, or ECS, one of the most common services within the Alibaba platform. It is a high-performance, stable, reliable, and scalable compute service that allows you to deploy virtual servers within your Alibaba Cloud environment. Most people will require some form of ECS Instance running within their environment as a part of at least one of their solutions.

This course covers the following components:

  • ECS Concepts
  • ECS Instances
  • ECS Images
  • ECS Storage
  • ECS Snapshots
  • ECS Security Groups and
  • ECS Networks

For feedback, queries, or suggestions on this course, please contact us at

Intended Audience

This course is designed for IT professionals who are just starting out in the world of Alibaba Cloud and want to know more about the ECS service it offers.


To get the most from this course, you should already have some basic knowledge of cloud computing. If you would like to brush up on your knowledge before taking this course, please consider taking our What is Cloud Computing? course.


Hello, and welcome to this demonstration of the Elastic Compute Service. The first place you need to start on the console is always the top left hand corner. This is where you can access all of those services. So let's start with the Elastic Compute Service. Now, the first thing we're presented with is a dashboard of all of the instances we have running across all regions. Now I think this is a useful feature for those of you who have used other cloud computing platforms, you generally have to choose each of the regions to see what instances you have running an each, which can mean that you miss one or two. The thing I like about this first view is it just gives you a summary of all of your regional instances running. From this panel, we have the option to create an instance. Now, the first option we have on creating an instance is to select a billing method. There are two types of billing methods, a subscription service or a pay as you go service. 

Let's quickly review these two billing models so we're clear on them. A subscription is essentially an upfront payment which you need to make before you can run anything in Alibaba Elastic Compute Service. You can only use subscription resources after you've paid the total price of the subscription. So we will need to go through and complete the payment for this instance before we can actually use it with this model. The billing cycle is the time commitment we make when we purchase the subscription instance. Elastic Compute Service resources are charged separately, so the instance, the image and disks and bandwidth are separate items. Local disks, however, that are attached to the instance are billed together with the instance cost. Now, most importantly, you have to pay the fees before you can use these resources. The billing cycle starts from the time when the purchase subscription resources are activated or renewed, and it ends the next day after the expiration date. So if we create this instance at 1 p.m. on May 9th 2020, with the subscription duration of one month, the first billing cycle is from 1 p.m. on May 9th 2020 to 0:00:00 on June 10th 2020. After the billing cycle expires, you can renew your ECS instance to continue using that resource. So, if we were to renew the subscription within the subscription period, the second billing cycle would be from 1 p.m. on June the 10th 2020, to 0:00:00, on July 10th 2020. Now, one thing to remember is you can't release an instance within a subscription period. So when a subscription expires, the instance is gone. That's it, it's automatically released if you don't renew it within the period of that subscription. Now, after you create a subscription instance, you can change it specifications or resize subscription cloud disks that are attached to it. Once you've paid for it, it's yours for that period, however i.e., there's no refund or reallocation of your spend. So if you need more flexibility when you're choosing your instances, then you're probably better off with the pay as you go billing model. And that's the second option we've got here, Pay As You Go Billing. And with this model, you basically pay after the fact. So pay as you go resources are built based on the billing cycle and paid each hour. So you pay for each hour you use it. After we've created an instance using pay as you go billing, we can change its configurations just as we can with the subscriptions, we can also change between the billing methods. So we can change between pay as you go ECS resources and subscription resources. So you can effectively switch between the two. However, that rule doesn't apply to all instance types. And it may vary from region to region. And keep in mind that there's no refund or reallocation of subscription reinvestment. And there are some limits around what you can and can't do. Currently, you can switch up to 20 instances and the instance has to be either in the running or stopped state, it cannot be in a released state. If you stop an instance in the pay as you go model, you're still billed for the resources until they're actually released. So that's why that release switch we'll see later is very important. Okay, so those are the two models and they both have their benefits and their nuances.

Let's just walk through and you'll see how flexible that can make your ECS usage. So with subscriptions, which allows us to basically reserve instances for a period of time and the durations we're given, duration options one month, right up to a year, and if we use the subscription service, the pricing is calculated as a pay upfront cost. And inside the dashboard here, you're given a running cost of what that estimate would be. The other option we have is pay as you go pricing. And this is charged by the billing hour. So you're basically paying on per use and you are charged as you use it. So the two licensing models have a different pricing scale. The subscription service is probably in my view, more economical, but you do have more flexibility with the pay as you go. The second option are the regions. Now we've got a series of regions which is great. And one of the I think the benefits of the Alibaba service is that you do have regional coverage. You can choose any of the Asia Pac regions, whichever one is closest to you, or you can easily choose one of the US ones as well, which I think is great. So if you're using a particular location based service, then of course, choose the regions closest to you. We will use the US Silicon Valley one for now, and the next option we have is choosing an availability zone. So we can choose one of the two availability zones or choose a random feature which basically assigns your instance automatically. So once we've got our paying model set, we've got our region set, next choice is what type of instance we want to run, and essentially what type of service we want to run. So, instance type is grouped in families, and you have the choice of choosing instance type that suits various workloads. It's quite easy to use the configurations if you're not familiar with instance types or you really don't want to go into that level of detail then you can just choose family type. So, general purpose is computing that's going to give you the best flexibility, Compute Optimized is best for instance, or applications where there's more processing required, data crunching, anything that requires a high level of compute those instances will suit. Again, you can choose any of these specific use cases or just search for specific instance types. You also have the option to use the Alibaba Elastic Compute Service as a bare metal instance. So you can literally run your own, you've got choices, choosing the type of CPU you want, the type and size, we can set a memory preference if we know what we're looking for, and we can just search for instance types. The I/O optimized is basically giving us the option to provide bit of throughput should we need that. Quick note here that Ipv4 is the default networking networking range, you can use Ipv6, but not for all instances. 

So if you have an Ipv6 solution that you need to support, do bear that in mind when you're selecting your instances. Instances vary from region to region, so if you are looking for an edge case type of CPU, you're probably better off choosing one of the APEC regions. Okay, so we can just choose a simple instance type or at this point, we're gonna be given a price estimate based on our billing hour and with that calculation is quite useful to us as we step through, just to give ourselves a quick look at what their costs would be. We can also slide between the two pricing models at this point, if we're interested just to get an idea of what it would cost us for a month or for three months and there is also a price calculator which is a very useful tool which helps you estimate usage volume outside of the actual console. Anyway, here we are back in our console. So as we scroll down, we've got a few other choices. The first one is how many instances do we want to launch in this first configuration, one, two, five, et cetera. Now, this is important if we are launching a batch, we are gonna be given the option to save this configuration as a launch template. So if we are looking at using this for auto scaling, we can essentially have this fire up as many instances as we wish. The next thing we need to choose is what type of image we're gonna use. So, a public image is one that everyone can access, it's essentially a machine image that's ready to go and shared by many people in the community. We can have a custom image, which is one that we've created ourselves and saved into our account. We can have a shared image which is perhaps a instance type that we think is useful for our company across all our regions, so we can share it between accounts, it may be something that's shared with partners even, it may be developed by partners. So that's a shared image, which is available to us. And it's also possible for us to purchase a pre configured image from the marketplace, which is often quite useful when looking for bundled things. In terms of the operating systems that we've got available in Alibaba cloud, this, of course, will always be growing. But what I liked about the Alibaba Suite is that you get the latest versions of most of the common Linux Operating Systems supported with the latest builds of those common operating systems. If you do have to use Windows, then a number of choices here. So it's a well supported Windows platform, we can just get a quick idea of the price difference here. So it's gonna cost us more if we go for a Windows image. If we don't have to use Windows operating system, then SUSE or Ubuntu is gonna suit you just fine. This option here, the Security Enhancement is a service that comes with Alibaba, which literally just makes sure that you don't do anything silly with security, which I think is a really good feature. So you can turn it on or off if you do have specific security rules that you need to run. Now, the other thing that we do as a default is set the storage for the instance. Now this is not necessarily our data storage, this is just what we might call instant storage, ephemeral memory even. And we've got a number of choices here, we can have a standard SSD, enhanced SSD, both will make a difference to the pricing, you can go for the default version, which is 40 Gigabyte you can step it up or down. Basically, this option here is important because if you leave this checked, then when you terminate this instance, the storage will be released, so you won't be paying for that additional storage. If you turn that flag off, then it will store the instance, it will keep it and you will be paying for that volume. So if you starting and terminating a lot of instances, then that flag can make a big difference because you'll have a lot of disks that you'll need to pay for. Okay, now there's a backup option. So with this, it basically enables a snapshot, it's a really simple snapshot service quite like that, use the default version, or you can create your own snapshot policy depending on what you want from this platform. It is a very simple and easy to use process. This can all be driven by the console or from the API's. So again, that's quite easy to automate. Now, once we've got our sort of basic storage, we can add a disk as well. So this is basically if we wanna have disk storage attached or related by this instance, we can create as many of these as we want. When the instance is terminated, it will be released. If you want this to be persistent storage, make sure you turn this off. So, also do you want to encrypt the disk? Again, this is just simple AES encryption, very useful, should always have it on. Okay, so use as KMS, no additional costs for that. Once you've got there, you're running with encryption, perfect. Again, we can use the backup and just using the default plan or we can set our own, whatever you need for that. So our prices, crept up a little here, not much, 23 cents per hour, not bad. Very economical, and again, if we want to, we can flip back down to our subscription pricing, just to see what that would look like. Let's see, okay, so $358 for three months, not bad. Let us just just do quick double check here. And if we change regions, let's see if that changes our pricing, 205, it's cheaper, okay. But this instance type is not available in that region. So remember, each of the regions have their own specific instance type. So if you are looking for specific instance support, you need to check that you've got it in that region. So Singapore is slightly cheaper than the Silicon Valley instance, interesting. Okay, so we'll just go back to the one we had first. Now, we need to create the virtual private cloud that this instance is gonna sit in. So that's what we call networking and these things we need to sit before we can launch our instance. So the VPC stands for virtual private cloud, and it basically is the networking subnet that we are going to have as our own private network, okay? Now, we can call it whatever we like, we can call it Default VPC, we can call it any name we want. We can select what type of internet gateway we use. We can go through the console and configure those which will do when we look at networking. Okay, we're just going to keep moving through here because the default setting is going to give us the connectivity we need. There are a couple of choices we have. First of all, is do we wanna assign a public IP address? Do we want this to be, this instance to be accessible from the internet? If so, then we'll need to attach an elastic IP address. Now, in terms of connectivity, one of the choices I like about the Alibaba service is that you can pay by bandwidth, or pay by traffic. This is useful because if we're paying by bandwidth, we're basically paying to reserve a certain amount of throughput. If we're paying by traffic, we're only paying for what we use. So if we're looking at using this for burst activity, supporting a site for a number of weeks or days, then pay by traffic is going to be a more operationally efficient option because we can literally set what type of traffic we're expecting, and what the throughput we want to be. And all the way up to very high, super fast performance, which is quite cool. And then if we're just doing DevOps, if we're doing DevOps or dev tests, and we just need a simple machine, without a lot of connectivity, a lot of users, then we can really step this down. Alternatively, we can do it by bandwidth and just make this a very underutilized conductivity or we can pump it right up As you can see the, the price calculation is converted for us on the fly, which again is pretty useful. So when we're talking scale, and when we're doing this at large scale, we have a lot of levers which we can, tweak to get the very best pricing from the Alibaba service which I like. Okay, so once we've got our gateway, we've got our Virtual Private Cloud, we're gonna have to set some security groups up. So we can use the default settings for this and this will basically limit access to this instance on two or three required ports depending on the instance type. 

If we're using a Linux instance, then we'll probably need Port 22, and if we're using remote desktop protocol with Windows, then we will probably need to use 3389. You can configure the security groups as you need to. What I think is quite useful at this point in the console is that it's quite easy to do, you don't have to create a whole lot of rules. So if you're not a networking expert, you can generally choose these defaults. And this will mean that your instance cannot be connected to from the internet until you turn on some of the other ports, okay? It does mean that you will be able to access this machine using a terminal session, or using a remote desktop protocol session if you are using Windows with those ports enabled, okay? If we are going to click Attach an Elastic Network Interface, then we can use this to balance connectivity across availability zones, we can use it to cluster services, and it will become something that's useful with auto scaling as well at a later point. Now, as I mentioned, some services support IPV6, some do not just one slight difference there between Alibaba and some of the other cloud providers, perhaps. If you do need IPV6, then start with that in mind, choose a region and instance families that will support IPV6, you can see that on that first screen. All right, not all do, okay? So next is our system configurations. We've got a few things to consider here. The first one is our key pair. Now a key pair is basically a PEM file, which is an encrypted ID if you like, that we create and we will use that pem, .pem file to connect to this instance once you've started it. So the key pair we either have created one and we'll use that or we can create one in the dashboard, I'm just gonna use one I created earlier. We can give our instance a name, we can launch it whatever we like with a description. 

We can set a host name from the console, we would generally have to do that with a bootstrap and we can put a sequential suffix in front of the instance name so that we can identify it and use that for all of the usual naming conventions and tagging - becomes quite useful for billing reports later, release protection, which will stop people from accidentally releasing the instance from the console. If it also prevents that happening via the API. 

Under Advanced Options, we can set a RAM role. Instance RAM doesn't mean random access memory here, RAM stands for resource access management. And that is basically a service that allows you to authorize role based permissions to your instances. And that in turn enables more fine grained access control. So you have to create the roles in the ram section of the console, and once you've done that, you can assign that role to your instance. That then allows any code or app you're running on this instance to access other Alibaba services by using a temporary sts token or a security token service credential. Again, more fine grained access really good.

 The user data is basically the script we use to bootstrap any instance. So we put a script in here, we'll run to do any sort of basic configuration tasks, setting permissions, etc. So the next phase is just previewing what we've got, we can change any of these settings at this point, which again, is quite useful, we can check the API endpoints. So this will just give us a quick look and very useful for the dev team, we have the option to automatically release these instances. So let's envisage we have a large batch of reporting to run for the end of each month. We may use those description license agreements, because we know we're going to need this for a set period of time, we know that the report runs on the fifth of every month. So if we wanna have huge amounts of capacity available just for that period, and then afterwards, we wanna crush all that down, we can use an scheduled process for that. And with the scheduling, we can use the automatic release just to scale in all of our instances. Remember everything that has a cost if we're using an elastic IP address or Class C address, if we're using data, we're storing data on disks, all of that has a cost. So if we're looking at having the cheapest, most efficient runtime available, then this automatic release just goes up and cleans up everything after that period or whatever and we don't have additional resources sitting there costing us. At this point we're ready to launch our instance, we need to select the ECS Terms of Service prior to starting it. Otherwise it won't let us start. And once we have done this, the instance, here it is starting up. From here, we can see it and configure it within our dashboard.


Overview - ECS Concepts - ECS Instances - ECS Images - ECS Storage - ECS Snapshots - ECS Security Groups - ECS Networking

About the Author

David has been a trainer with QA for over 12 years and has been training cloud technologies since 2017.  Currently certified in Microsoft and Alibaba cloud technologies David has previously been a system and Network administrator amongst other roles.    

Currently, he is a Principle Technology Learning Specialist (Cloud) at QA. He loves nothing more than teaching cloud-based courses and also has a passion for teaching PowerShell scripting.

Outside of work, his main love is flying Radio control airplanes, and teaching people to fly them.