Getting Started with Alibaba — Alibaba ECS
This tutorial is a part of “Getting Started with Alibaba Cloud” Tutorial Series. Previous articles in this series include:-
- Getting Started with Alibaba Cloud — Resource and Access Management for Better Practices — 1
- Getting Started with Alibaba Cloud — Resource and Access Management for Better Practices — 2
In this article, we shall delve into Alibaba Cloud (Aliyun for short) Elastic Compute Service or ECS. If you have been following our previous articles, by now you know how to create a RAM user for daily usage besides the Root Account provided by Aliyun. It is recommended that you use that User for this and future tutorials as well. Make sure to not give it all-out admin access since that should only rest with the Root Account.
We will go over the Elastic Compute Service offered by Alibaba Cloud. If you are coming from a different Cloud platform, this should be a walk in the park for you. For those coming from AWS, it would be EC2. For those coming from GCP, it would be Compute Instance and so on. Compute forms one of the foundational pillars of cloud computing. It is important for a beginner to understand the working of Compute Resources on a specific cloud platform since most offerings will essentially be an abstraction over the compute resource itself.
Here we will go over basic topics like how to deploy ECS instance on Alibaba Cloud, what are security groups in Alibaba Cloud, the different payment options and networking billing methods offered by Aliyun. We shall deploy a Linux ECS Instance and have some fun with it. In the next parts of the tutorial, we shall explore hosting on Alibaba Cloud’s ECS, deploying multiple Alibaba Cloud ECS instances behind a Load Balancer (SLB) and Autoscaling Groups on Alibaba Cloud. So, without further ado, let’s start with today’s objectives.
Creating an Alibaba Cloud ECS Instance.
First, log in using the RAM User into your Aliyun Console. Next, click on the hamburger menu which appears on the top left corner and select Elastic Compute Service (additionally, you may choose to start this as well for it to appear as a shortcut). This should lead you to the ECS console, something similar to the screen below.
Next, click on “Create Instance” to start the process. It should lead you to a screen showing various fields under “Basic Configuration”. This is the section where we select stuff like which OS to use for the Virtual Machine we are about to deploy. The screen below should look familiar.
There are a few things to consider here. We will go over each of the fields appearing on the screen one by one.
- Billing Method. You can choose to buy an ECS instance from Alibaba Cloud. This wouldn’t really be “buying” in the sense that you will be paying rent up-front for a specific interval of time. During that time, that instance will be dedicated to you. The longer you choose to rent the ECS instance, the more discount you will get. This is the “Subscription” option. On the other hand, “Pay-As-You-Go” means that you will pay for the rent as you continue to commission (fancy word!) for the ECS instance. This is suited for short-term usage like this tutorial.
- Region. Next up is choosing where will you like Alibaba Cloud to allot you your ECS instance. At the time of writing, Aliyun has 21 regions in total from where you may choose. The easy logic to go with is that choose the region closest to you. It’s pretty convenient with AWS and Azure where you have well-known tools to measure the latency of each region with your location. I will be choosing Mumbai since it is closest to me.
- Instance Type. This is the type of ECS instance you want to provision. There are many task-specific instance types. The name of the instance signifies things like its main purpose, the generation it belongs to and also how powerful it is compared to the weakest instance in that family (family is a categorization of instances based on the main purpose of those). You can find a complete list of these on Alibaba’s official Documentation for ECS. I will choose to go with t5.micro since it is the smallest type available and this is just a tutorial. Burstable Instance types offer elevated levels of performance for a limited amount of time.
- Image. This basically is the operating system that will be used to make the virtual machine for you. Alibaba Cloud offers its own version of Linux called ‘Aliyun Linux’. However, here, we have gone with Ubuntu.
- Storage. Now you have your hard-disk on your PC right? Similarly, an ECS instance also has to have its disk. This is the option where you can select which kind of disk you want to launch your ECS with. Alibaba Cloud offers “Ultra Disk” and “Standard SSD” type disks. The more capacity of the disk you choose, the better IOPS you will get. However, it will cost you. The option “Release with Instance” makes sure that this disk is deleted when the ECS instance is deleted. You may choose to uncheck this option but be aware that when you delete or “release” your Alibaba Cloud ECS instance, the disk will be retained. You shall be charged for the disks you maintain.
The nice thing about it all is that you get to see an estimated price that you will have to pay for provisioning this instance. In my opinion, this is pretty handy. With other cloud platforms, you may need to check with an external “Cloud Price Calculator” of some sort to get such an estimate which Aliyun offers right out of the box. The below screen also shows what happens when you select some alternative options.
Clicking on next will bring you to the Networking section of the ECS deployment. We will be discussing topics like Bandwidth Billing and Security Groups. Topics like Elastic Network Interface and VPCs will be covered in a future tutorial. The screen below should look familiar.
Here, we have the following options to discuss: -
- Bandwidth Billing. It may be that you want to use this instance as just a private instance. In such a case, the option will not appear since you do not need to assign a Public IP to the instance. But in our case, we shall access the instance and we need it to have a public IP. Since this means there will be traffic incoming and outgoing from your instance, the network services of Alibaba Cloud will be used. For this reason, they will bill you. You have 2 options to pay. First, you can “Pay-By-Traffic”. This means that you will only pay for the amount of network traffic that comes into your instance. For a given bandwidth, you may have a very less amount of traffic coming in. So, you may opt for this. However, “Pay-By-Bandwidth” offers lower costs for short-term usage. Based on the bandwidth you selected, you just need to pay regularly for it. This means you will have a stable charge billed against you by Alibaba Cloud. Here, we choose to “Pay-By-Bandwidth” with 1 Mbps.
- Security Group. Security Groups are like a layer or envelope around your ECS instances. As an analogy, consider an apartment building. There are many families living in multi-storeyed apartment. Each flat in the multi-storeyed apartment is like an ECS instance. Now when someone from the outside comes into the apartment, the outsider is checked at the perimeter gate first to determine if he/she is allowed. This prevents anyone from just barging in and harming a resident, right? A Security Group is just like that. It houses ECS instances and determines which connections will be allowed into the instance. By default, every traffic going outside (outbound/egress) is allowed. But to be allowed in, there must be the rule. Aliyun, like most other Cloud Providers, provides a default Security Group right out of the box. That is selected here by default. For more discussions on Security Group, please skip ahead.
The screen below shows our choices. Note that we have decreased our bandwidth to 1Mbps. This is not reflected in the image.
When you click on Next, you will be asked to set the instance’s system configuration. This is where you set stuff like the Login method. Generally, SSH is preferred with key pairs. However, for the sake of easiness, we have opted for a password. Some cloud providers might not offer the option of Logon using Password. The instance name has been set to “my-first-instance’ and a description has been added as shown below.
At the next step, you will encounter the “Grouping” option. This is optional but pretty handy. Refer to the screen below.
Basically, this is used for “Grouping” your instances. For beginners, this might seem confusing. After all, why do we need this if we already have “Security Groups”? Think of it this way, within a multi-storey apartment, you have a lot of families. Each family is like an ECS instance. Now, every family may have its speciality. One family may be a family of doctors, another might have lawyers or say, engineers or bankers. Basically, if you are Indian, these are the most “coveted” professions even though we are discussing IT stuff 😊. Isn’t it easy to recognise each flat at the door by the title of the family members?
Tags allow exactly that. You can tag your ECS instances and then use those tags to refer to the instances from Services like CloudMonitor. Once done, click on “Next: Preview”.
On this screen, you will be shown a summary of your choices. Also, you will be able to select an “Automatic Release” date and time. Basically, this means that the ECS instance will be automatically deleted at a specific time. I have chosen an approx. 30 minutes which is the least permissible time limit. Below you will be able to see the total cost per hour. Clicking on “Create Instance” completes the process and starts provisioning. You will be directed to the ECS console which should look similar to the screen below.
After the Aliyun ECS instance has been successfully created, let’s connect to it and check it out. Click on “Connect” and this will open a new tab where you will be prompted for a VNC password. Set it to something you can remember. Next, you will be shown the console where you first need to type in your root user credentials to log in (refer to Step 3).
At this step, the ECS instance has been successfully created. You can work on it. In our case, this instance will be deleted automatically along with the disks. Next, we shall discuss a few important terms related to Alibaba Cloud ECS. Please note that these are also general topics of discussion across other cloud platforms as well like AWS/GCP/OCI. So if you have gotten until this point, our main objective is over. The below sections are for beginners in Alibaba Cloud (or any cloud for that matter).
As of writing, Alibaba Cloud provides three types of disks:- Ultra Disks, Standard SSDs and Enhanced SSD. Each offering has varying levels of IOPS. The larger the disk capacity, the more IOPS you get. This essentially means that larger disks will be faster.
When you create an Aliyun ECS instance, the instance must have an Ultra Disk or Standard SSD attached to it. This disk is provisioned in the same datacenter as the ECS instance. If you think about it, it makes sense because you would want your boot disk to be as close to your CPU as possible.
You can also create disks that you can attach to your instances. However, one disk can be attached to only one instance in Alibaba Cloud. Also, you can resize an already created disk. The steps include unmounting the disk from the instance, shutting the instance down, resizing the disk as needed and then re-attaching and re-mounting it after power on.
Snapshots are like Disk Backups. This can be used to create other disks from your disk. One thing you will hear is that “Snapshots are incremental”. This means that suppose you create a snapshot out of a disk. The next time you try creating a snapshot, you will be actually only modifying the snapshot based on only the part of the disks that have changed.
The disks you have made can be accessed under the “Storage & Snapshots” menu on the left side of the ECS console. Clicking on the disk shows the disk details as shown below. Notice that it has been mentioned that the Disk is already attached to an Alibaba Cloud ECS instance.
In this section, we will discuss Security Groups. You can access the security groups under the “Network & Security” options in the left side menu of the ECS console. You shall see a screen similar to the one shown below which lists all the security groups. Note that there are other offerings like VPC which will be explored in future tutorials. Alibaba Cloud, like other cloud providers, gives you a default security group.
Clicking on the security group name will show you the rules that are defined in the security group. Remember the apartment analogy? When there is incoming traffic to a specific instance in the security group, it is stopped at the security group level and checked if traffic from that source (usually a CIDR block or another security group) is allowed. If the destination matches in the security group, the “Action” is checked. Depending on the action, the traffic is either allowed or denied. The screen below depicts the rules in our default security group.
Let’s try to add a rule to the security group. You do that by clicking on “Add Security Group Rule” on the upper right side. The options in the following screen need to be filled in before the rule is added.
First, you need to select the direction of traffic (Inbound/Outbound). All outbound traffic from the ECS instances is allowed while Inbound traffic is not. Security Group Rules are regarded as “Stateful” in the sense that if you create an Outbound Rule, an Inbound Rule is automatically created.
Next, you need to decide the Action. After this, you specify the Protocol Type and port range. In our case, we have chosen to allow TCP traffic directed at port 3999 of our ECS instances. The Priority of the rule determines the fashion in which it will be assessed. Rules having a lower priority are given more importance. A priority of 2 here means that this rule overrules any rule stating otherwise with priority >2. It can be overruled only by a rule with priority 1. After this, you select the Authorization Type. By default, it is “IPv4 CIDR Block” but it can also be “Security Group”. Authorization Object denotes the outside source of the traffic. It can be a CIDR block or a security group name respectively. In our case, it’s the CIDR block 0.0.0.0/0 meaning any and all sources (basic networking knowledge is required to understand this). A brief description of the Security Group Rule follows. If you click on “OK”, the rule will be added as shown in the following picture. I must add at this stage that you shouldn’t allow all traffic from the internet at any port if you are not confident of the consequences. In short, it’s a bad practice.
Clicking on the second option in the left menu shows the instances which are a part of the security group. Since we only have 1 instance, that instance is only shown. Clicking on the instance name will show you the instance details as shown below.
A short discussion on Network Interfaces is in order at this point. Network Interfaces are attached to your Alibaba ECS instances. It is these network interfaces that allow you to instance to have IP addresses. You can access a list of Network Interfaces if you click on “ENIs” in the ECS console. ENI in Alibaba Cloud stands for Elastic Network Interface. Refer to the image below.
In this article, we discussed topics related to Alibaba Elastic Compute Service. We deployed an ECS instance and had a look at Disks and Security Groups. The understanding of computing resources in any cloud platform is essential to its mastery. In the next part, we shall see how you can host a simple web server on Alibaba ECS instance, the functions of Alibaba Cloud SLB and much more. Till then, stay safe and as we say at DC on Cloud, “Keep Calm n’ Cloud!”.