Hello and welcome to session three. RDS key features. In this session I'll talk you through the key features of the Alibaba Cloud Relational Database Service or RDS. In this session, we'll cover the following: security, database and account management, read-only instances, monitoring, and backups.

The first key feature to talk about is security. RDS provides a three-level security defense system to protect the database against security threats. The first security feature is to prevent anti-distributed denial of service attacks or anti-DDoS. It provides real-time traffic monitoring against layer three to layer seven DDoS flood attacks, such as SYN, UDP, ACK, ICMP, DNS Query, NTP Replay, and HTTP. If any high-risk traffic is identified, the traffic is directed to the cleaning center for traffic cleaning. IP addresses are either cleaned and allowed through or are put on a deny list.

The second security feature is the whitelist configuration. RDS supports the configuration of up to 1000 whitelist IP addresses per RDS instance. Any IP address that is not in the whitelist will be blocked to secure the RDS instance. Also as mentioned earlier, an RDS instance will have a private IP address as a default. This private IP address will only appear after you configure the IP whitelist and the third security feature is the protection of the database from various attacks.

By default, RDS can defend against attacks like SQL injection and brute force attacks. It also provides SQL audits, allowing you to keep track of who accessed the instance, when, and what action was taken at the time.

The next key feature is database and account management. An RDS instance supports three ways to manage the database. The first way is by using the management console. The RDS management console provides an integrated console for users to conveniently create or delete databases and accounts without the need for any additional or other third party tools.

The second way is by using an API. Alibaba Cloud provides open API that can be invoked by tools like the Alibaba Cloud CLI or command-line interface. You can use CLI to invoke these APIs or use other tools that you are familiar with.

And the third way is by using the database client. RDS supports common database clients like MySQL-Front, Microsoft SQL Server Management Studio and pgAdmin. Which client tool you use is dependent on which database engine was selected.

The next key feature is the read only instance. Read only instances are available on the following database engines. MySQL, SQL Server, Host 3 SQL and HePass. RDS allows you to create read only instances to reduce the read request pressure on the primary instance. This is useful if you have a few write requests, but lots of read requests.

Read only instances for MySQL support pay-as-you-go for flexible billing and subscription for lower costs. All the other engines only support pay-as-you-go billing. Read only instances reside in the same region as the primary instance, but can be in different zones.

The specifications of a read only instance can differ from the specification of the primary instance and can be changed at any time. It's recommended best practice that the specification of a read only instance be greater than or equal to the specifications of the primary instance, otherwise the read only instance may encounter high latency or be unable to handle heavy traffic loads.

Read only instances do not require database or account maintenance, because their database and account information are synchronized with the primary instance. RDS automatically replicates the whitelist of the primary instance to every read instance you create.

The next key feature is monitoring. There are two ways to monitor your RDS instance's performance. The first way is through the RDS management console. It provides real-time monitoring for crucial instances, information like CPU utilization and memory usage, disk space, input/output operations per second, total connections, network traffic.

Monitoring is done in real time so that you can monitor and protect business critical applications. You can also set alarms to notify you when certain metrics go too high. The second way is by using Alibaba's Cloud monitor service.

By using Cloud Monitor, you can monitor not only RDS, but also other services like ECS performance at the same time. There are also some special metrics in Cloud Monitor that are especially for RDS, such as CPU utilization, storage, and memory.

And the last key feature to look at is backup and restore. RDS instances can be backed up in two different ways, automatic or manual. If the data of your RDS instance is lost or corrupt, you can restore the instance by using its backup files.

The first way is automatic. Automatic backups are achieved by creating a backup policy. You can customize things like the backup cycle, backup time, backup log retention time and how long backups are kept after an RDS instance is released.

The second one is to create a manual backup. Manual backups have two choices, physical or logical. With the physical backup, the entire instance is backed up. With a logical backup, you can choose to backup the entire instance or just database on the instance. You can create a backup manually at any time and it's worth noting that automatic backups only work with physical backups. So if you've not created a backup policy, but choose to do a physical backup, a backup policy will be created with default settings.

Backup files occupy backup storage. Each RDS instance is allocated with a free quota for backup storage. This free quota size can be found under the usage statistics within the RDS instance. If the total size of backup files exceeds the free quota, additional fees are incurred. You can also download the backup data to store it somewhere else or you can store files in OSS archive storage for cheaper and steady offline storage.

So let's recap what we've covered. There are three levels of security defense, anti-DDoS, whitelists and protection from SQL injection and brute force attacks. An RDS instance supports three ways to manage the database: the management console, APIs, and database clients.

To reduce the read request pressure on the primary instance, read only instances can be created and removed as required. There are two ways to monitor your RDS instance's performance, the RDS management console, and Alibaba Cloud Monitor.

And the last feature we looked at, was the two ways to create backups, automatically via a backup policy and manually via a physical or logical backup. That's all for this section. Thank you for listening and I'll see you in the last session, creating your first RDS instance.