AWS security levels

Infrastructure Protection

Infrastructure protection ensures that systems and resources within your workloads are protected against unintended and unauthorized access, and other potential vulnerabilities. Amazon Virtual Private Cloud (Amazon VPC) allows you to isolate your AWS resources in the cloud. A VPC enables you to launch resources into a virtual network that you’ve defined and that closely resembles a traditional network that you’d operate in your own data center. 

Services :-

  • AWS Firewall Manager is a security management service that allows you to centrally configure and manage AWS WAF rules across your accounts and applications. Firewall Manager is able to bring new applications and resources into compliance with a common set of security rules from the start.
  • AWS Direct Connect is a cloud service solution that is used to establish a dedicated and secure network connection from your premises to AWS. Using AWS Direct Connect, you can establish private connectivity between AWS and your data center, office, or colocation environment. In many cases, this can reduce your network costs, increase bandwidth throughput, and provide a more consistent network experience than internet-based connections.
  • AWS CloudFormation automates and simplifies the task of repeatedly creating and deploying AWS resources in a consistent manner.  With AWS CloudFormation, you can ensure that all of your security and compliance controls are deployed along with your new environment.
  • Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. It assesses applications for vulnerabilities or deviations from best practices. After performing an assessment, Amazon Inspector produces a detailed list of security findings prioritized by level of severity.

Data Protection

Protecting data at rest has to do with encrypting data while using one of our storage services, including our database services. When it comes to Amazon S3, for example, there are two types of encryption options available:  

  • Client side : you can do it by youself
  • Server Side : AWS will do it for you.

Any data that gets transmitted from one system to another is considered data in transit. AWS recommends the following solutions and best practices to help you provide the appropriate level of protection for your data in transit, including the confidentiality and integrity of your application’s data.

Additional AWS Services for Data Protection

  • AWS CloudHSM provides hardware security modules (HSM) in the AWS Cloud. An HSM is a computing device that processes cryptographic operations and provides secure storage for cryptographic keys. CloudHSM allows you to generate, store, import, export, and manage cryptographic keys, including symmetric keys and asymmetric key pairs.
  • Amazon S3 Glacier is a storage service optimized for infrequently used data, also called cold data. This service provides durable and extremely low-cost storage with security features for data archiving and backup. Amazon S3 Glacier stores data as archives within vaults.  You can enforce compliance controls for individual Amazon S3 Glacier vaults with a vault lock policy. 
  • AWS Certificate Manager (ACM) handles the complexity of creating and managing public SSL/TLS certificates for your AWS based websites and applications. ACM can also be used to issue private SSL/TLS X.509 certificates that identify users, computers, applications, services, servers, and other devices internally. 
  • Amazon Macie uses machine learning to automatically discover, classify, and protect sensitive data in AWS. Macie recognizes sensitive data such as personally identifiable information (PII) or intellectual property. It provides you with dashboards and alerts that give visibility into how this data is being accessed or moved.
  • AWS Key Management Service (AWS KMS) is a managed service that allows you to create and control the keys used in data encryption. If you want a managed service for creating and controlling encryption keys, but do not want or need to operate your own hardware security module (HSM), consider using AWS KMS. You can use the key management and cryptographic features directly in your applications or through AWS services that are integrated with AWS KMS, including AWS CloudTrail, which helps meet your auditing, regulatory, and compliance needs.

DDoS Mitigation

  • Edge locations are physical data centers located in key cities, that are different from Availability Zones. As access to certain data increases with time, this data is copied to an edge location near your customer base for better performance and latency. Threats can then be taken care of at these edge locations, away from your web applications, AWS resources, and the original data.
  • Amazon Route 53 is a highly available and scalable DNS service that can be used to direct traffic to your web application. It includes many advanced features like traffic flow, latency-based routing, weighted round-robin, Geo DNS, health checks, and monitoring. You can use these features to improve the performance of your web application and to avoid site outages. Route 53 is hosted at numerous AWS edge locations, creating a global surface area capable of absorbing large amounts of DDoS traffic.
  • Amazon CloudFront is a content delivery network (CDN) service that can be used to deliver data, including your entire website, to end users. CloudFront only accepts HTTPS and HTTP well-formed connections to prevent many common DDoS attacks. These capabilities can greatly improve your ability to continue serving traffic to end users during larger DDoS attacks. 
  • AWS Shield is a managed DDoS protection service that safeguards web applications that run on AWS. AWS Shield provides always-on detection and automatic inline mitigations that minimize application downtime and latency.
  • AWS Web Application Firewall (WAF) helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. AWS WAF gives you control over which traffic to allow or block by defining customizable web security rules.

Reference

Overview of AWS Security – Network Security

Tips for Securing Your EC2 Instance

Amazon Inspector rules packages and rules

Data protection in Amazon S3

AWS Key Management Service Cryptographic Details

VPN Connections Overview

AWS Best Practices for DDoS Resiliency

AWS Edge Locations

Regards

Osama

Types of AWS Credentials

In this post, I will talk about AWS IAM Users and Groups and AWS credentials.

The careful management of access credentials is the foundation of how you will secure your resources in the cloud. As we saw in the previous video, every interaction you make with AWS is authenticated. When you open an AWS account, the identity you begin with has access to all AWS services and resources in that account. You use this identity to establish less-privileged users and role-based access in IAM. IAM is a centralized mechanism for creating and managing individual users and their permissions with your AWS account.

An IAM group is a collection of users. Groups allow you to specify permissions for similar types of users. For example, if you have a group named “Developers,” you can give that group the types of permissions that developers typically need. This can be considered a form of role-based access control. Create groups that reflect organization roles, not technical commonality.

AWS Credentials

  • Username/Password
    • password policy is a set of rules that define the type of password an IAM user can set. You should define a password policy for all of your IAM users to enforce strong passwords and regular changing of passwords. Password requirements are similar to those found in most secure online environments. 
  • Multi-factor authentication
    • Multi-factor authentication (MFA) is an additional layer of security for accessing AWS services. With this authentication method, more than one authentication factor is checked before access is granted, which consists of a user name and password, and the single-use code from the MFA device. AWS CLI also supports MFA. Please click here for a list of supported MFA devices.
  • User Access Key
    • Users need their own access keys to make programmatic calls to AWS using the AWS CLI, the AWS SDKs, or direct HTTPS calls using the APIs for individual AWS services. Access keys are used to digitally sign API calls made to AWS services. Each access key credential is comprised of an access key ID and a secret key. Each user can have two active access keys, which is useful when you need to rotate the user’s access keys or revoke permissions.
  • Amazon EC2 key Pair

To enable SSH or RDP connections to an Amazon Elastic Cloud Compute (EC2) instance, AWS uses a public–key infrastructure to sign the login request. The public and private keys are known as a key pair. To log in to your instance, you must create a key pair, or use an existing key pair, and provide the private key when you connect to the instance. You can choose to have the EC2 key pairs generated by AWS or import your own set of keys. 

EC2 key pairs do not provide accountability (as in who is using the keys); therefore, they are not recommended for routine usage. If you require daily access to the instance, AWS recommends that EC2 instances be part of a directory domain (Active Directory or LDAP) in order to enable federated access and provide accountability by tracking which user is logging into which instance.

Additional AWS Services for Identity and Access Management

  • AWS Secrets Manager is designed to centrally manage secrets used to access resources on AWS, on-premises, and third-party services. Secrets can be database credentials, passwords, third-party API keys, and even arbitrary text. Secrets Manager enables you to replace hardcoded credentials in your code with an API call to Secrets Manager to retrieve the secret programmatically. Also, you can configure Secrets Manager to automatically rotate the secret for you according to a schedule that you specify.
  • AWS Single Sign-On (SSO) is a cloud SSO service that allows for the central management of SSO access to multiple AWS accounts and business applications. It enables users to sign in to a user portal with their existing corporate credentials and access all of their assigned accounts and applications from one place. AWS SSO includes built-in SAML integrations to many business applications. AWS SSO may be integrated with Microsoft Active Directory, which means your employees can sign in to your AWS SSO user portal using their corporate Active Directory credentials. 
  • The AWS Security Token Service (STS) is a web service that enables you to request temporary, limited-privilege credentials for IAM users who are taking on a different role or for users who are being federated. A scenario in which someone, or something, needs access to your account to perform a specific task that is not done on a daily basis would be a great candidate for temporary credentials.
  • AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft AD, enables your domain workloads and AWS resources to use managed Active Directory in the AWS Cloud. AWS Managed Microsoft AD is built on actual Microsoft Active Directory and does not require you to synchronize or replicate data from your existing Active Directory to the cloud.
  • AWS Organizations lets you centrally manage and enforce policies for multiple AWS accounts. This service allows grouping accounts into organizational units and use service control policies to centrally control AWS services across multiple AWS accounts. With Organizations, you can also automate the creation of new accounts through APIs and simplify billing by allowing you to set up a single payment method for all the accounts in your organization through consolidated billing. Organizations is available to all AWS customers at no additional charge.
  • Amazon Cognito lets you add user sign-up, sign-in, and access controls to your web and mobile apps. You can define roles and map users to different roles so your app can access only the resources that are authorized for each user. User sign in can be done either by a third-party identity provider, or directly via Amazon Cognito.

An Amazon Cognito user pool is a user directory that manages the overhead of handling the tokens that are returned from social sign-in providers, such as Facebook, Google, and Amazon, and enterprise identity providers via SAML 2.0. After a successful user pool sign-in, your web or mobile app will receive user pool tokens from Amazon Cognito. These tokens can then be used to retrieve AWS credentials via Amazon Cognito identity pools. These credentials allow your app to access other AWS services and you don’t have to embed long-term AWS credentials in your app.

Reference :-

Regards

Osama

AUSOUG Virtual Connect 2020

I posted about this earlier , since AUSOUG had Virtual conference with different topics covering Cloud and databases.

my presentation was on Thursday about Oracle on azure. it was great pleasure to present again, the virtual connect had very big names in Oracle commuinty and had pleasure to present with them.

The Link for recorded session HERE

I recorded the session and it’s avaliable on my youtube channel HERE.

Enjoy learning

Osama

Setting up a Jenkins-Based Continuous Delivery Pipeline with Docker

As an important step in agile development, continuous integration is designed to maintain high quality while accelerating product iteration. Every time when the codes are updated, an automatic test is performed to test the codes and function validity. The codes can only be delivered and deployed after they pass the automatic test, This post describes how to combine Jenkins, one of the most popular integration tools, with Alibaba Cloud Container Service to realize automatic test and image building pushing.

1

Deploying Jenkins Applications and the Slave Nodes

1. Create a Jenkins orchestration template.

Create a new template and create the orchestration based on the following content.

jenkins:  image: 'registry.aliyuncs.com/acs-sample/jenkins:latest'  ports:      - '8080:8080'      - '50000:50000'  volumes:      - /var/lib/docker/jenkins:/var/jenkins_home  privileged: true  restart: always   labels:      aliyun.scale: '1'      aliyun.probe.url: 'tcp://container:8080'      aliyun.probe.initial_delay_seconds: '10'      aliyun.routing.port_8080: jenkins  links:      - slave-nodejs slave-nodejs:  image: 'registry.aliyuncs.com/acs-sample/jenkins-slave-dind-nodejs'  restart: always   volumes:      - /var/run/docker.sock:/var/run/docker.sock  labels:      aliyun.scale: '1' 

2. Use the template to create Jenkins applications and slave nodes.

You can also directly use a Jenkins sample template provided by Alibaba Cloud Container Service to create Jenkins applications and slave nodes.

2

3. After the successful creation, Jenkins applications and slave nodes will be displayed in the service list.

3

4. After opening the access endpoint provided by the Container Service, you can use the Jenkins application deployed just now.

4

Realizing Automatic Test and Automatic Build and Push of Image

Configure the slave container as the slave node of the Jenkins application.

Open the Jenkins application and enter the System Settings interface. Select Manage Node > Create Node, and configure corresponding parameters. See the figure below.

5

Note: Label is the only identifier of the slave. The slave container and Jenkins container run on the Alibaba Cloud platform at the same time. Therefore, you can fill in a container node IP address that is inaccessible to the Internet to isolate the test environment.

6

Use the jenkins account and password (the initial password is jenkins) in Dockerfile for the creation of the slave-nodejs image when adding Credential. Image Dockerfile address HERE

1. Create a project to implement the automatic test.

  1. Create an item and choose to build a software project of free style.
  2. Enter the project name and select a node for running the project. In this example, enter the slave-nodejs-ut node created above.
7

Configure the source code management and code branch. In this example, use GitHub to manage source codes.

8

Configure the trigger for building. In this example, automatically trigger project execution by combining GitHub Webhooks and services.

9

Add the Jenkins service hook to GitHub to implement automatic triggering.

Click the Settings tab on the Github project homepage, and click Webhooks & services > Add service and select Jenkins (Git plugin). Enter ${Jenkins IP}/github-webhook/ in the Jenkins hook URL dialog box.

1. http://jenkins.cd****************.cn-beijing.alicontainer.com/github-webhook/
10

Add a build step of Executes shell type and write shell scripts to execute the test.

11

The command in this example is as follows.

1. pwd
2. ls
3. cd chapter2
4. npm test

Create a project to automatically build and push images.

  1. Create an item and choose to build a software project of free style.
  2. Enter the project name and select a node for running the project. In this example, enter the slave-nodejs-ut node created above.
  3. Configure the source code management and code branch. In this example, use GitHub to manage source codes.
  4. Add the following trigger and set it to implement automatic image building only after success of the unit test.
12

Write shell scripts for building and pushing images.

13

The command in this example is as follows.

a.cd chapter2 b.docker build -t registry.aliyuncs.com/qinyujia-test/nodejs-demo . c.docker login -u ${yourAccount} -p ${yourPassword} registry.aliyuncs.com d.docker push registry.aliyuncs.com/qinyujia-test/nodejs-demo 

Automatically Redeploy the Application

Deploy the application for the first time

Use the orchestration template to deploy the image created above to the Container Service and create the nodejs-demo application.

Example

1. 
2. express:
3. image: 'registry.aliyuncs.com/qinyujia-test/nodejs-demo'
4. expose:
5. - '22'
6. - '3000'
7. restart: always
8. labels:
9. aliyun.routing.port_3000: express
10. 

1. Select the application nodejs-demo just created, and create the trigger.

14

 Add a line to the shell scripts you wrote in Realize automatic test and automatic build and push of image. The address is the trigger link given by the trigger created above.

i.curl 'https://cs.console.aliyun.com/hook/trigger?triggerUrl=***==&secret=***' 

Change the Command in the example from Realize automatic test and automatic build and push of image as follows.

i. cd chapter2
ii. docker build -t registry.aliyuncs.com/qinyujia-test/nodejs-demo .
iii. docker login -u ${yourAccount} -p ${yourPassword} registry.aliyuncs.com iv.docker push registry.aliyuncs.com/qinyujia-test/nodejs-demo
v. curl 'https://cs.console.aliyun.com/hook/trigger?triggerUrl=***==&secret=***'

After pushing the image, Jenkins automatically triggers redeployment of the nodejs-demo application.

Configure The Email Notification for the Results

If you want to send the unit test or image configuration results to relevant developers or project execution initiators through email, perform the following configurations.

On the Jenkins homepage, click System Management > System Settings, and configure a Jenkins system administrator email.

15

Install the Extended Email Notification plugin, configure SMTP server and other relevant information, and set the default recipient list. See the figure below.

16

The above example shows the parameter settings of the Jenkins application system. The following example shows the relevant configurations for Jenkins projects whose results are to be pushed through email.

1. Add post-building operation steps in the Jenkins project, select Editable Email Notification, and enter a recipient list.

17

2. Add a mailing trigger.

18

Cheers

Osama

Set Up Your First Server on Alibaba Cloud

I posted before about AWS, Azure and OCI but this time i am trying to cover Alibaba , in this post i will show you how to setup your first Compute instance whatever OS you want CentOS or Ubuntu depeds on what you want

What you need ?

  • A valid Alibaba Cloud account., create free one with 300$ credit
  • An ECS instance running CentOS 7 or whatever OS you want.
  • A root password for your server.

Connect to your Alibaba Cloud

Locate the Internet IP address (Public IP address) associated with your Alibaba Cloud ECS Instance.

If you are running Linux or Mac, use a terminal application to connect to the instance via SSH. If you are on Windows, you can use PuTTy.

Change the Hostname

The hostname is a default identifier when you communicate to a Linux server. It is like a computer name that is associated with your home PC or laptop. Naming your CentOS 7 server with a descriptive hostname helps you to differentiate your machines especially if you are running a bunch of them.

check the update

$ sudo yum update

check your hostname

$ hostname

change your hostname, we need to install nano text editor using the command below:

$ sudo yum install nano

Then, edit the /etc/cloud/cloud.cfg file and find the entry preserve_hostname. Change its value from false to true.

$ sudo nano /etc/cloud/cloud.cfg
preserve_hostname true

Then, edit the /etc/hostname file using a nano editor by typing the command below:

$ sudo nano /etc/hostname

You will need to add two entries on this file just below the 127.0.0.1 localhost entry. The first entry you are adding uses the loopback interface address 127.0.1.1. Please note that this is different from the address 127.0.0.1 which have a ‘localhost’ value in the same file.

Reboot your Alibaba Cloud ECS instance for the changes to take effect by typing the command below:

$ sudo reboot

Also you can create non root user by

$ sudo adduser

For instance, to add a user identified as osama on your server, use the command below:

$ sudo adduser osama

Next, we assign a password to the user we have created above:

$ sudo passwd osama

now assign the administrative task to this user

$ sudo gpasswd -a osama wheel

Cheers

Osama

Create a Serverless Website with Alibaba Cloud Function Compute

Regarding to Wikipedia, Serverless computing is a cloud computing execution model in which the cloud provider runs the server, and dynamically manages the allocation of machine resources. Pricing is based on the actual amount of resources consumed by an application, rather than on pre-purchased units of capacity

Today i will show you an example how to create serverless website but this time not using Amazon AWS, Azure or OCI but Alibaba Cloud Provider.

Create a Function Compute Service

Go to the console page and click through to Function Compute.

Click the add button beside Services.

In the Service slide out, give your service a name, an optional description, and then slide open the Advanced Settings.

In Advanced Settings you can grant access for Functions to the Internet, to VPC resources, and you can attach storage and a log service to a Function. You can also configure roles.

For our tutorial, we will need Internet access so make sure this configuration is on.

We will leave VPC and Log Configs as they are.

In the Role Config section, select Create New Role, and in the dropdown list pick AliyunOSSReadOnlyAccess as we will be accessing our static webpages from an Object Storage Service bucket.

Click Authorize.

You will see a summary of the Role you created.

Click Confirm Authorization Policy.

You have successfully added the Role to the Service.

Click OK.

ou will see the details of the Function Compute Service you just created.

Now let’s create a Function in the Service. Click the add button next to Functions.

You will see the Create Function process. The first part of the process is Function Template.

There are many Function Templates available, including an empty Function for writing your own bespoke Functions.

Alibaba Cloud-supplied Template Functions are very useful as they have relevant method invocation and demo code for getting started quickly with Function Compute.

let’s choose the flask-web Function written in Python2.7.

Click Select.

We are now at the Configure Triggers section of creating a Function.

Select HTTP Trigger from the dropdown list. Give the Trigger a name and choose Authorization details (anonymous does not require authorization).

Choose your HTTP methods and click Next. We are going to build a simple web-form application so we will need both the GET and POST HTTP methods.

Now we arrive at the Configure Function Settings.

Give the Function a name then scroll down to Code details.

We’ll leave the supplied code for now. Scroll down to below the code sample.

You will see Environment Variable input options and Runtime Environment details.

Click Next.

Click Next at Configure Function Permissions.

Verify the Configuration details and click Create.

You will arrive at the Function’s IDE. Here you can enter new code, edit the code directly, upload code folders, run, test, and fix your code.

Scroll down.

Copy the URL as we will need to add this to our static webpages so they can connect to our Function Compute Service and Function.

Set Up and Configure an OSS Bucket

Click through to Object Storage Service on the Products page.

If you haven’t yet activated Object Storage Service, go ahead and activate it. In the OSS console, click Create Bucket.

Choose a name for the OSS Bucket and pick the region – you cannot change the region later. Select the Storage Class – you also cannot change this later.

We have selected Public Read for the Access Control List.

When you’re ready, click OK.

You will see the Overview page for your bucket. Make a note of the public Internet URL.

In the Files tab, upload your static web files.

I uploaded a simple index.html homepage and a background picture.

<script type="text/javascript">
        const functionURL = '<<Function URL>>';
        const doHome = new XMLHttpRequest();
doHome.open('GET', functionURL, true);
doHome.onload = function () {    
document.getElementById('home_message').innerHTML = doHome.responseText;
        };
        doHome.send();
</script>

In Basic Settings, click Configure to configure your Static Pages.

Add the homepage details and click Save.

Now go to a new browser window and access the OSS URL you saved earlier.

Back in the Function Compute console, you can now test the flask-app paths directly from the code.

We already tested index.html with no Path variable. Next, we test the app route signin with GET and check the Headers and status code.

The signin page code is working correctly. You can also check the Body to make sure the correct HTML will render on the page. Notice that because I entered the path variable, signin is appended to the URL.

Of course, any errors you encounter will show up in the Logs section for easy debugging.

Now, let’s test this page on the Internet.

If you get an error here, implement a soft link for the page in OSS. Go to the OSS bucket and click More dropdown for the HTML file in question and choose Set soft link.

Give the link a name and click OK.

A link file will appear in the list of static files and you will now be able to access the page online with the relevant soft link and it will render as above.

Back in Function Compute, we can test the POST method in the console with the correct username and password details in the same way.

Add the POST variables to the form upload section in the Body tab.

Now you can test this function online.

Cheers

Osama

Alibaba cloud services

I had chance to test alibaba cloud and so far i found it beyond my expectations, i wrote before this blog about it in small introdtion here.

In this one i will write about the services and what this cloud provide :-

Elastic Computing

  • ELASTIC COMPUTE SERVICE (ECS) : Secure, scalable, and high-performing virtual servers.
  • Elastic GPU Service : Powerful parallel computing capabilities
  • Server Load Balancer (SLB) : Distribute traffic across servers
  • Elastic Container Instance: An agile and secure serverless container instance service.
  • ECS Bare Metal Instance : Elastic bare metal computing service
  • Simple Application Server : All-in-one services for fast deployment

Network

  • Virtual Private Cloud Launch a private cloud network
  • Server Load Balancer Distribute traffic across resources
  • NAT Gateway Public Internet gateway
  • Alibaba Cloud PrivateZone A private domain name management service
  • Elastic IP An independent public IP resource
  • Data Transfer Plan Package for your Internet traffic usage
  • Alibaba Cloud CDN Speed up file distribution to end-users
  • Dynamic Route for CDN Provide dynamic acceleration abilities

Storage

  • Object Storage Service Store, backup and archive your data
  • Elastic Block Storage A high-performance, high-reliability, and low-latency block storage service
  • Apsara File Storage NAS File storage for ECS, HPC, Container

Media Services

  • ApsaraVideo for Media Processing A transcoding multimedia cloud service
  • ApsaraVideo VOD An all-in-one VOD solution
  • ApsaraVideo Live Live streaming platform for audio & video

Database

  • ApsaraDB for PolarDB – New generation of “Super MySQL, PostgreSQL or compatible Oracle” supporting up to 100 TB storage.
  • Distributed Relational Database Service Be scalable for big relational databases.
  • ApsaraDB RDS for MariaDB TX Capable and fully managed database
  • ApsaraDB RDS for SQL Server Flexible version control and lower costs
  • ApsaraDB RDS for MySQL Featured stable and capable with MySQL
  • ApsaraDB RDS for PostgreSQL Get low latency with high concurrency
  • PolarDB Box An ApsaraDB for PolarDB database appliance deployed on the premises
  • ApsaraDB for OceanBase Financial-grade database: high stability, high scalability, and high performance
  • ApsaraDB RDS for PPAS Use simple tools to lower migration cost
  • Distributed Relational Database Service Be scalable for big relational databases

Security

  • Security Center Round the clock security and protection
  • Bastionhost A system O&M and operation audit platform
  • Cloud Firewall The first defense of network security
  • ActionTrail Maintain security and compliance
  • Anti-DDoS Basic Basic DDoS protection integrated with ECS
  • SSL Certificates Service Apply, buy, and manage SSL certificates
  • Web Application Firewall Secure your web applications
  • Cloud Config Configuration trace and compliance audit
  • Anti-DDoS Protect against high volume DDoS attacks

Analytics

  • Hologres (Interactive Analytics) Real-time analytics compatible with PostgreSQL
  • E-MapReduce Big Data processing service
  • Realtime Compute A platform for real-time data processing
  • MaxCompute Large-scale data warehousing
  • DataV Insightful big data visualization
  • Elasticsearch Search and analytics with Elasticsearch
  • Log Service An all-in-one service for log-type data

Artificial Intelligence

  • Intelligent Speech Interaction Speech recognition & synthesis platform
  • Machine Translation Bespoken and qualified machine translation
  • Machine Learning Platform For AI An end-to-end machine learning platform
  • Image Search High-precision visual search solution

Enterprise Applications

  • WHOIS Search WHOIS database to look up domain
  • Domains Join the 20 million on Alibaba Cloud
  • Web Hosting Cloud Web Hosting from $5.90 per month
  • Alibaba Cloud DNS Manage your DNS settings
  • Intelligent Robot Chatbot platform for smart interactions
  • Alibaba Mail A public cloud-based email service
  • Direct Mail A simple and efficient email service
  • API Gateway Open your data and service to users

Internet of Things

  • Tracing Analysis Easily debug and analyze applications
  • Application Real-Time Monitoring Service Build business monitoring capabilities
  • CloudMonitor Real-time cloud monitoring service
  • Application High Availability Service Guarantees application high availability

I tried to brief some of the common products for Alibaba cloud, not all the services listed here, you can back to my blog post here.

Cheers
Osama

Alibaba Cloud – Small Introduction

I had chance to work and test alibaba cloud, so i thought it’s good idea to write something about it since i already used AWS, Azure and OCI and this is will be my 4th cloud vendor.

Alibaba Cloud is the subsidiary of the e-commerce hub Alibaba Group. The group launched its cloud services in 2009. Today, cloud is the most ambitious project of Alibaba Group where they are investing their hard efforts to win over AWS.

The company has an exclusive range of cloud computing products and services that are divided into 7 categories of Elastic Computing and Networking, Security and Management, Database, Application Services, Domains and website, Storage and CDN and Analytics. Customers of Alibaba Cloud are eligible to get the benefits of cloud security, record breaking computing power, cloud security, safeguard your data, etc.

I really like the cloud and the portal, it’s very simple and ease of use, include to this, having a lot of different features same as AWS, you can check them from here.

the alibaba cloud known as different name also, Aliyun, Alibaba Cloud has 19 regional data centres globally, including China North, China South, China East, US West, US East, Europe, United Kingdom, Middle East, Japan, Hong Kong, Singapore, Australia, Malaysia, India, and Indonesia, right now the Data Center in Germany is operated by Vodafone Germany

Some of the clients that using this cloud : Ford, Air Aisa, Lazada, and more.

Some of the services that providing by alibaba:-

  • Elastic Computing
  • Storage & CDN
  • Networking
  • Database Services
  • Security

and will discuss each one of them in different post, the next one will be alibaba services.

Cheers

Osama