Alibaba Security & Monitoring
The course is part of this learning path
In this course, we'll take a look at the services available to help you secure and monitor your Alibaba cloud environment and also help you prepare for the security element of Alibaba's ACA exam. We'll start by looking at Alibaba Security Center and the features that it offers.
Next, we look at Alibaba's anti-DDoS service, including a brief overview of how it works, and what versions are available. Finally, we cover Cloud Monitor, a service that allows you to monitor your cloud resources and internet applications.
- Understand the basics of Alibaba Security Center and its offerings
- Learn about the anti-DDoS service and how it works to protect your Alibaba cloud environments from attack
- Learn how to monitor your resources and applications with Alibaba Cloud Monitor
- Cloud architects
- Security engineers
- Anyone looking to secure their Alibaba Cloud infrastructure
- Anyone studying for the ACA exam
To get the most out of this course, you should have a basic understanding of Alibaba cloud and cloud security in general.
Hello and welcome to session three, an introduction to Alibaba Cloud Monitor. In this session, we will be taking a high-level overview of some of the features provided by Alibaba's Cloud Monitor service to satisfy the requirements for the Alibaba ACA exam.
So, the first thing to cover is, what is Cloud Monitor? Cloud Monitor is a service that monitors Alibaba Cloud resources and internet applications. It provides a one-stop, out-of-the-box monitoring solution, providing services such as cloud service monitoring, site monitoring and custom monitoring to safeguard your products and business. It allows you to monitor your IT infrastructure and internet quality based on events, custom metrics, alerts and logs.
Cloud Monitor provides seamless integration. It can be used immediately after you create an Alibaba Cloud account. You can view the status of your cloud services and configure alert rules for the services in the Cloud Monitor console. The way Cloud Monitor works is by collecting metrics from various monitoring services such as cloud service monitoring, site monitoring and custom monitoring, and events such as cloud service events and custom events. These metrics and events can then be passed to the alerting system, which can then provide alerts and notifications using voice, text, email or DingTalk. And they can also trigger other cloud services, such as the log service, message service, and the function compute service.
Cloud Monitor has some key features. The first one is dashboards. Individual ECS instance metrics can be viewed from an instance page, however, if you have for example an application deployed on multiple ECS instances, then within cloud monitor, you can create your own custom dashboards which can provide a rich array of monitoring charts. And you can add monitoring data of these ECS instances to the same monitoring chart to view the change trend of the monitored data in one place. Supported types include line charts, area charts, tables, heat maps and pie charts.
Application groups allow you to manage resources from different services and regions by group. You can create application groups based on your business requirements, and add your cloud resources such as servers and databases to application groups. You can also manage alert rules by application group.
Host monitoring allows you to install Cloud Monitor agents on servers to collect monitoring data of metrics that are related to CPU, memory, disc and network usage. It also allows you to configure alert rules and alarm rules for up to 30 different metrics. You can also use the host monitoring feature to monitor virtual machines or physical machines from another vendor. It supports hosts that run Linux or Windows operating systems.
Event monitoring covers service faults, operation and maintenance events, and business exceptions. It provides event statistics by service, level, name and application group to facilitate resource association and thought review. You can customize the recipients and methods of event notifications to prevent key events from being ignored, the event details can help you locate faults.
Flexible alert rules, alert notifications, and alarms can be set based on different scenarios, and send notifications using multiple methods. Cloud Monitor sends an alert notification immediately after an alert rule is triggered by an alarm rule. This allows you to detect and fix resource exceptions at the earliest opportunity, and improve service reliability.
With custom monitoring, if the system metrics cannot meet your requirements, Cloud Monitor allows you to create custom metrics. The monitored data of custom metrics is collected and reported to Cloud Monitor. The metric data can then be displayed in monitoring charts and used to trigger the alert service. Unlike event monitoring, which focuses on the data of non-continuous events, custom monitoring focuses on periodically collected time series data.
Site monitoring is a service that allows you to test network connectivity. It sends detection requests that simulate real user access from Alibaba Cloud data centers to your site. Site monitoring monitors the availability, connectivity and domain name resolution of sites. It monitors the connectivity and response time of domain names, IP addresses, and ports, and sends alert notifications based on monitoring results.
Site monitoring is applicable in the following scenarios. Performance analysis. You can create site monitoring tasks to obtain information about a specified site, such as the time taken to resolve the domain name to an IP address, time taken to establish the connection, time taken to receive the first packet, and download time. The information can help you analyze the performance bottlenecks of your service.
Competitive analysis. Monitor your site and competitive sites at the same time by using selected detection points. Based on the monitoring result, you can compare the quality of your service with that of competitive services. And probe coverage analysis sends detection requests from all Alibaba Cloud regions to your site to test the access to your site. And the alert service allows you to configure alert rules, and sends alert notifications if alerts are triggered.
You can configure alert rules to specify how Cloud Monitor checks the monitoring data, and when Cloud Monitor sends alert notifications. After you configure alert rules for important metrics, you can receive alert notifications if exceptions occur, and handle the exceptions at the earliest opportunity. That concludes this session on an introduction to Alibaba Cloud Monitor.
David’s IT career started in 1990, when he took on the role of Database Administrator as a favor for his boss. He redirected his career into the Client Server side of Microsoft with NT4, and then progressed to Active Directory and each subsequent version of Microsoft Client/Server Operating Systems. In 2007 he joined QA as a Technical Trainer, and has delivered training in Server systems from 2003 to 2016 and Client systems from XP onwards. Currently, David is a Principal Technical Learning Specialist (Cloud), and delivers training in Azure Cloud Computing, specializing in Infrastructure Compute and Storage. David also delivers training in Microsoft PowerShell, and is qualified in the Alibaba Cloud Space.