![Figure(1) types of cloud computing [4]](https://www.researchgate.net/profile/Ehab-Ahmad/publication/338674443/figure/fig1/AS:848687819395075@1579354352794/Figure1-types-of-cloud-computing-4_Q320.jpg)
![Figure(2) architecture of ECS components [1]](https://www.researchgate.net/profile/Ehab-Ahmad/publication/338674443/figure/fig2/AS:848687819407363@1579354352835/Figure2-architecture-of-ECS-components-1_Q320.jpg)
Content uploaded by Ehab Saad Ahmad
Author content
All content in this area was uploaded by Ehab Saad Ahmad on Feb 03, 2020
Content may be subject to copyright.
1
Infrastructure as a service: A practical study of Alibaba Cloud
Elastic Compute Service (ECS)
Ehab Saad Ahmad
Tartous University
2
Infrastructure as a service: A practical study of Alibaba Cloud
Elastic Compute Service (ECS)
*Abstract*
This research implements a practical study of the Elastic Computing Service (ECS) from Alibaba
Cloud, which is the third largest provider of cloud computing services in the world and the number
one provider in the People's Republic of China. The research is based on testing ECS practically
by building a Linux webserver, exploring the required steps and making a group of tests.
The practical study is divided to eight phases: Testing datacenters Location, Testing Regions
Instances Availability, Testing ECS Instances Hardware Diversity, System Images Types and
Security, Security Groups, Elastic Internet Protocol, Upgrade or Downgrade Hardware
Specifications and Pricing management.
This research was done on actual Alibaba Cloud systems without the use of any simulation for
the cloud or any of its services in intent of making a real practical study with results that help
better understanding of cloud computing systems.
Keywords: Cloud Computing, instances, EIP, ECS, IAAS, Security Groups.
3
1 Introduction:
Cloud computing is the new era of resource sharing among different networks and locations, it’s
an increasingly popular way to access multiple services, platforms and hardware from almost
anywhere. The flexibility that comes away with Cloud computing is the major cause of its success
in the last few years; this flexibility is called elasticity in cloud computing, the more the cloud is
elastic the more it’s powerful.
Cloud computing is based on large datacenters in different locations, these datacenters include
many servers that are combined together to provide services to the customer. However, the
customer might not know where the server is physically located and he only need to worry about
configuring the services he needs. This principle has changed the pricing mechanism of the old
IT world from “paying before using” to “pay as you go“ which allows the customer to pay on
different basis like pay per hour or pay per used Giga Bytes. A new paying method called “Pre-
emptible” is based on the “pay as you go“ billing method and is billed based on the duration of
usage. Services in Cloud computing are available in different shapes, regular customers prefer
to use software as a cloud service like using Gmail as a cloud mail service, more experienced
users might purchase platform as a service like the RDS(Relational Database Service) platform
provided by Alibaba cloud. IT specialist engineers can handle using infrastructure as a cloud
service, which is almost a hardware, and VMware service.
There are many Cloud vendors in the market like Amazon AWS, Google Cloud, Microsoft Azure
and Alibaba cloud. In this paper, we study Alibaba cloud Elastic computing services (ECS) in
different aspects: Services, Pricing Plans, Infrastructure, Security and more. Alibaba cloud is a
significant player in the market with promising robust features and competitive pricing plans.
Reference studies focused on the general view of cloud computing and infrastructure as a service
like [2] , [3]. while [10] studied security issues in Amazon web services images, [12] studied the
elastic internet protocol and security groups. Other researches focused on cloud cost benefits
and pricing comparison [6],[7]. The research effort on Alibaba cloud is still small compared with
other clouds like Amazon AWS. In this paper we focus on Alibaba cloud Elastic computing service
as one of the most important services in the cloud computing field.
4
2 Research Goals and Importance
This research aims to study Alibaba IAAS (infrastructure as a service) as an elastic computing
service (ECS) by practically building a Linux web server on an ECS instance using available
system images and testing Alibaba cloud elasticity in multiple ways. During this paper, we will
discuss hardware elasticity, pricing methods, system images security, elastic internet protocols,
upgrade/downgrade ability and more.
The research importance comes from that it introduces a reference implementation for one of the
key networking services in IAAS providers, which is Elastic computing service. The selected cloud
“Alibaba Cloud” is the number one cloud in China and one of the top three Cloud computing
providers in global market share, with more than one million users around the world [1]., while
there are greater number of researches based on Amazon AWS There is only a few researches
talking about Alibaba cloud.
3 SAAS, PAAS and IAAS
SAAS, PAAS and IAAS are the three main types of cloud computing as shown in figure (1).
Each type controls a group of layers depending on the user experience and requirements
3.1 Software as a service (SAAS)
SAAS is the highest layer of the three types, it’s the nearest to the user. The user accesses the
application through a browser interface but does not have access to the underlying architecture
such as network, servers, operating systems, and storage [2]. In SAAS, vendors manage
everything: applications, data, runtime, middleware, operating systems, virtualization, servers,
storage and networking. The simplest example for SAAS is Gmail as cloud software service; the
user needs to configure almost nothing but to enter his credentials and login. However, the user
has no control over updates or log files unless the vendor of the service provides it.
3.2 Platform as a service (PAAS)
PAAS provides a platform allowing end user to develop, run, and manage applications without
the complexity of building and maintaining the infrastructure. PAAS is more for Developer than
5
for usual users, a good example of PAAS is Alibaba cloud Relational Database System (RDS)
where users can set up, operate, and scale a relational database in the cloud.
3.3 Infrastructure as a service (IAAS)
IAAS provides only a base infrastructure (Virtual machine, Servers, Storage attached, and
Networking). End user needs to be more experienced than a regular user because he has to
configure the environment that will work on that infrastructure which includes (Operating systems,
Middleware, Runtime, Data and Applications).
IAAS provides solid cost savings because the infrastructure associated with providing compute
power, storage, and networking does not need to be purchased and maintained by the customer.
These assets are the responsibility of the IAAS vendor and customers are only charged for what
they use when they use it [3]. A good example of IAAS is Amazon EC2 and Alibaba Elastic
compute service (ECS).
Figure(1) shows the three types of cloud computing IAAS,PAAS and SAAS and which layers the
user needs to configure in each type. Without using any cloud vendor the user must configure
all nine layers to make his application works.
Figure(1) types of cloud computing [4]
6
4 Elastic Compute Service (ECS)
ECS is a scalable IAAS service provides a flexible way to use high performance servers, upgrade
or downgrade hardware specifications and scale computing resources on-demand
4.1 ECS major components
• Cloud Instances: is typically accepted to be a virtual system resource established within
that cloud [5]. An instance should include: a CPU, RAM, operating system and disks.
• System Images: provides either Windows or Linux Operating systems. These images
might be provided with pre-installed softwares based on user requirements to reduce the
configuration time.
• Storage: a high performance and low latency storage disks with adaptable size.
• Snapshot: a copy of a storage drive at certain point in time. It is often used to back up
and restore data, and to create custom images.
• Security group: an access list that acts as a firewall with the ability of adding and
removing security rules.
4.2 ECS benefits:
• No need to purchase hardware or construct data centers up front.
• ECS is transparent; users submit tasks without needing to know the exact resource on
which it will execute [6].
• ECS enables rapid deployment by preparing instances in a short time.
• ECS users scale and release resources based on actual business needs.
• ECS in many vendors like Alibaba and AWS provides basic security needs like anti
viruses, firewalls and vulnerability analysis.
7
5 Alibaba ECS Practical study:
The testing methodology consist of multiple phases, each phase includes one or more
components of Alibaba ECS architecture. In order to practically study the ECS components we
setup an ECS instance with a Linux image, a webserver and a web host manager software.
Figure(2) shows the architecture of ECS components which will be partially covered in this study.
Figure(2) architecture of ECS components [1]
5.1 Phase 1: Testing Servers Location:
Alibaba cloud covers 20 regions around the world: China (Hong Kong), Singapore, Australia
(Sydney), Malaysia (Kuala Lumpur), Indonesia (Jakarta), India (Mumbai), Japan (Tokyo), US
(Silicon Valley), US (Virginia), Germany (Frankfurt), UK (London), UAE (Dubai). Region refers to
a physical node on a global scale. Each region is composed of multiple zones. A zone is
composed of one or multiple scattered data centers, each of which has independent supporting
facilities including redundant power supplies, networks, and connections. A zone helps to improve
8
the efficiency of production apps and databases and has higher availability, error tolerance
capabilities, and extendibility than a single data center.
In order to provide quick and reliable service, the need for the nearest location of service arises
and for which the choice of region and the availability zone plays a vital role [7]. Choosing the
region should be based on customers’ location; if customers were based in Syria then the best
region for our Linux webserver would be UAE (Dubai). Choosing a broader region will cause
more latency and increase network payment.
5.2 Phase 2: Testing Regions Instances Availability:
After Choosing UAE region for our Linux webserver, we had to change it back to another broader
region, because although the UAE is closer to Syria but it has only one zone with very limited
instances options. For example, UAE region has only 2 General Purpose instances options, in
contrast with India region that has 16 General Purpose instance options. Figure (3) shows that
Alibaba cloud ECS regions aren’t equal and some regions are limited in compare with others.
Figure(3) Alibaba ECS Regions Differences Example
9
5.3 Phase 3: Testing ECS Instances Hardware Diversity:
Although some regions have more options than the others; Alibaba ECS instances provide wide
range of specification types, based on the business and usage scenarios. These instances types
are available to the client in seven categories [1] as:
• General purpose: balanced CPU-to-memory ratio, ideal for testing and development,
small to medium-sized database systems, and Enterprise-level applications of various
types and sizes.
• Compute Optimized: high CPU-to-memory ratio, ideal for High-performance science
and engineering applications, front-end servers and strong network performance based
on sufficient computing capacity.
• Memory Optimized: high Memory-to-CPU ratio, ideal for applications that involve a large
number of memory operations, queries, and computations, applications with cache, search
applications, and in-memory databases.
• Big Data: ideal for massive log processing, large data warehousing, and other scenarios
that require offline computing and storage of massive data.
• Instances with local SSD: ideal for scenarios that impose high demands on storage I/O
performance and high availability architecture at the application level. For example, they
are suitable for NoSQL databases, massively parallel processing (MPP) databases, and
distributed file systems.
• High clock speed: ideal for Scenarios where large volumes of packets are received and
transmitted, such as on-screen video comments and telecom data forwarding, Frontends
of Massively Multiplayer Online (MMO) gaming Data analysis, batch processing, and video
encoding.
• Entry-level: These instances are not ideal for business scenarios with consistent
performance requirements.
There is no option for building a custom instance in Alibaba cloud. However, Google Cloud [8]
supports creating custom instances if predefined instance types don't meet customers’ needs.
10
For our first instance, we chose an Entry-level instance of type ecs.xn4.small ( xn4 is the family
name and small is the instance size). This instance has 1 GB of RAM and 1 physical Intel Xeon
Platinum 8168 Processor with 24 cores and a Max Turbo Frequency of 3.70 GHz [9].
5.4 Phase 4: System Images Types, Updates and Security
System images are divided into four categories
• Public Image: official public images includes Windows server (Enterprise and Datacenter
versions from 2008 to 2019), Linux/Unix-like OS (CentOS, Ubuntu, RedHat, Debian,
SUSE Linux, Open SUSE, CoreOS, FreeBSD) and Alibaba’s own Linux system “Aliyun
Linux”.
• Custom Image: Custom images are created from system snapshots. These images
include the standard system environments, configured user environments, and
applications. Custom images reduce the effort to set up the system from scratch.
• Shared Image: Shared images are system images shared by users to other users.
Alibaba Cloud cannot guarantee the security and integrity of shared images. A security
analysis [10] on Amazon AWS public and shared images shows that shared images may
be vulnerable to security risks such as unauthorized access, malware infections, and the
loss of sensitive information.
• Marketplace Image: The Marketplace provides certified images. Preinstalled with OS,
configured user environments, and applications, to be deployed immediately. Suitable for
website building, application development, visualized administration, and other
personalized use scenarios.
As India region has no shared images available and we didn’t create any Custom images
previously, we tried the Public image and the Marketplace image.
5.4.1 Testing ECS Images:
The easiest way for building our Linux webserver is using a Marketplace image, we tried a
marketplace image of Linux server with cPanel & WHM “Web Host Manager software” pre-
installed, This method reduces time and effort required to setup the server. The available image
was “cPanel & WHM v82.0.11”.However, this is an old version of the software “8 versions old
11
to latest stable version 82.0.19” and it needs immediate update to the Latest version as it misses
many security updates. Using market place image made our webserver up and running in minutes
not hours, but it would still need some time to check the softwares versions and security updates.
Market place images are always shipped with operating systems, the cPanel & WHM v82.0.11
was shipped with a Centos 7 Linux system with kernel version 3.10.0-693.17.1.e17 as shown
in Figure (4).
Figure(4) Old kernel for CentOS Linux
This kernel version is vulnerable to Denial of Service and Code Execution attacks with a high
severity rate, as RedHat has announced in 25 Jan 2018 [11]. Fixing the vulnerability require a
reboot after kernel update for CentOS which surly require command line experience.
By using Public image instead of marketplace image, we need to install the latest software version
ourselves using Command line and set things up manually, and we would still need to update
CentOS kernel.
5.5 Phase 5: Security Groups
Security Group is the runtime firewall-like protection of a running virtual machine instance [12].
ECS Security group rules consist of a protocol, port range and Authorization Objects. A default
security group is created if no security group has been created under the current account in the
chosen region. The default security group is a basic security group. The default rules of the
default security group are as follows:
• Inbound: ICMP, SSH (Secure Shell) port 22, and RDP (Remote Desktop Protocol) port
3389 are opened. The rule priority is 110.
• Outbound: Allow all access requests.
12
The priority of a default security group rule is 110, lower than any manually created security
group which is between 1 and 100, the lower the number the higher the priority. The priority
plays a role when two or more rules have the same protocol, authorization policy and direction.
While the default Security Group is tight and secure and only allows remote access to the ECS
instance, it needs some modification. In order to make our webserver runs correctly we need to
allow some inbound ports like HTTP (80), HTTPS(443) ,DNS(53) and other ports required by
the WHM and Cpanel softwares. Table (1) shows our security group rules.
Table(1) Security group Rules
Authorized
direction
Authorization
policy
IP protocol
Port number
range
Priority
Source CIDR
block
ingress
Accept
UDP
53/53
1
0.0.0.0/0
ingress
Accept
TCP
53/53
1
0.0.0.0/0
ingress
Accept
TCP
2082/2082
1
0.0.0.0/0
ingress
Accept
TCP
2086/2086
1
0.0.0.0/0
ingress
Accept
TCP
2096/2096
1
0.0.0.0/0
ingress
Accept
TCP
2083/2083
1
0.0.0.0/0
ingress
Accept
TCP
2087/2087
1
0.0.0.0/0
ingress
Accept
TCP
443/443
1
0.0.0.0/0
ingress
Accept
TCP
80/80
1
0.0.0.0/0
5.6 Phase 6: Elastic Internet Protocol “EIP”
Our webserver is up and running with it’s own static IP dedicated to it. However, if the ECS
instance is down for any reason the static IP will not be useful. Even if we have snapshots and
backups of our data and we used them to run our services in a different instance we won’t be
able to use our old static IP and we must use a new IP and remap our DNS records and refresh
the server.
Elastic IP Address (EIP) is a public IP address resource that can be purchased and used
independently. Elastic IPs allow IP addresses be associated with and disassociated from an ECS
13
instance at any time. This is extremely useful for development, where users might want to clone
an existing site of a snapshot, try out a new design, and if that design works users would simply
switch over the Elastic IP Address to point to the development server to make it live [13].
5.7 Phase 7: Upgrade or Downgrade Hardware Specifications
Business requirements and financial budget might change during time, users might need to
upgrade their ECS instance to better specifications or downgrade it to lower their financial
payments. Alibaba ECS provides a wide range of choices to upgrade or downgrade an ECS
instance. Upgrade or downgrade depends on multiple conditions:
• The ECS instance must be in stopped state.
• ECS doesn’t support changing the configurations of instances within or between such
instance type families: d1, d1ne, i1, i2, ga1, gn5, f1, f2, f3, ebmc4, ebmg5, sccg5, and
scch5.
• The available resources depends mostly on the current instance family, generation, region
or zone as some instance types may not be available in all zones.
For our webserver, we tested ECS upgrading ability and upgraded our small ecs.xn4.small to
get more Ram and more processing power. The whole process was done in minutes as we
stopped our instance, upgraded it from ecs.xn4.small (1 vCPU, 1 GB RAM) to ecs.n4.xlarge (4
vCPU, 8 GB RAM), made the payment and restarted our instance.
5.8 Phase 8: Price Management and Methods
Alibaba ECS instances support two billing methods:
• Subscription: A prepaid method that allows to use an instance only after making the
payment for it. Instance usage is billed on a monthly basis, Subscription is applicable to
fixed 24/7 services, such as Web services.
• Pay As You Go: A postpaid method in which payment can be after using the instance.
Instance usage is billed on a minute basis. Pay As You Go is applicable to scenarios
where sudden traffic spikes occur, such as temporary scaling, interim testing, and
scientific computing.
14
During this research, we have tested both ways for 3 months. As we run a webserver we
couldn’t turn off the instance at any time and our first payment method was pay as you go.
5.8.1 Payment for our ecs.xn4.small instance:
The payment was 10.90$ for the first month, and for the next month it was 11.30$. This
is accurate because ecs.xn4.small is charged for 0.015$ per hour, taking into account
that one month was 30 days and the other was 31. An Internet Traffic Fees ($ 0.090
USD per GB) should be taken into account. However, using a subscription method for
our third month saved us some money with a fixed monthly payment of $ 7.3.
While using subscription method saves some money in compare with pay as you go,
turning off an instance in pay as you go might save some money due to reducing the
working hours.
Payment might vary between regions and zones, figure (5) shows that there are three different
prices for a month for the same instance type in three different regions.
Figure (5) Different Payment for the same Instance
15
6 Conclusion:
Cloud services such as Alibaba Cloud are changing the way we are dealing with IT world; it’s
easy to obtain resources and processing power today, users can simply buy resources online
and use a graphical user interface to control the virtual machines. Elastic compute services as
an IAAS is one of the most important features in cloud computing. In this paper we explored
Alibaba cloud ECS architecture providing a reference implementation of it’s services. We
investigated every step in building an online service with a practical example of a Linux
webserver.
Our findings demonstrates that Alibaba ECS provides a wide range of hardware specifications
that could cover almost any working scenario with the ability of choosing the nearest datacenter
to the customers and upgrading or downgrading resources on demand. Users must be aware
that instance types are not the same in every region or zone and pricing of the same instance
might vary between those regions and zones. Some security issues were found on available
system images and could be resolved by updating and upgrading to the latest versions available.
16
7 References:
1. Alibaba cloud main website https://www.alibabacloud.com/ visited: October 2019.
2. Freet, David & Agrawal, Rajeev & John, Sherin & Walker, Jessie. (2015). Cloud forensics
challenges from a service model standpoint: IaaS, PaaS and SaaS. 148-155.
3. Kulkarni, Gurudatt & Sutar, Ramesh & Gambhir, Jayant & Lecturer, In & Marathwada, Mitra
& Mandal, & Polytechnic, Pune. (2011). CLOUD COMPUTING-INFRASTRUCTURE AS
SERVICEAMAZON EC2. International Journal of Engineering Research and Applications
(IJERA). Vol. 2, Issue 1. pp.117-125.
4. Alibaba Cloud Educational Academy https://edu.alibabacloud.com/ visited: October 2019.
5. Delport, Waldo & Kohn, Michael & Olivier, Martin. (2011). Isolating a cloud instance for a
digital forensic investigation.
6. Kondo, D., Javadi, B., Malecot, P., Cappello, F., & Anderson, D. P. (2009, May). Cost-
benefit analysis of cloud computing versus desktop grids. In IPDPS (Vol. 9, pp. 1-12).
7. A. Wahid and M. T. Banday, "Machine Type Comparative of Leading Cloud Players Based
on Performance & Pricing,"
2018 International Conference on Advances in Computing,
Communications and Informatics (ICACCI)
, Bangalore, 2018, pp. 2364-2368.
8. Google Cloud website https://cloud.google.com/compute/docs/instances/creating-instance-
with-custom-machine-type visited: November 2019.
9. Intel website https://ark.intel.com/content/www/us/en/ark/products/120504/intel-xeon-
platinum-8168-processor-33m-cache-2-70-ghz.html visited: October 2019.
10. Balduzzi, Marco & Zaddach, Jonas & Balzarotti, Davide & Kirda, Engin & Loureiro, Sergio.
(2012). A security analysis of amazon's elastic compute cloud service.
11. RHSA Important kernel security and bug fix update https://www.redhat.com/archives/rhsa-
announce/2018-January/msg00080.html
visited: November 2019.
12. Stabler, Greg & Rosen, Aaron & Goasguen, Sebastien & Wang, Kuang-Ching. (2012).
Elastic IP and security groups implementation using OpenFlow.
13. Cloud, A. E. C. (2011). Amazon web services. Retrieved November, 9(2011), 2011.
