Automate performance monitoring of all your web resources and applications in real-time
Alibaba CloudMonitor is a flexible monitoring service that provides in-depth insights into your cloud deployments. CloudMonitor provides advanced analytics on critical metrics such as CPU utilization, latency and also lets you customize metrics specific to business requirements.
CloudMonitor enables you to protect your deployments from security threats, network issues or system failure by sending alerts through a variety of channels including Social Networking Service (SNS), Social Messaging Service (SMS), instant messenger and email when a threat is detected.
Alibaba CloudMonitor provides a solution that adds another layer of security to your cloud deployments as it can detect intrusions and security breaches according to the metrics you define. This can raise an alarm that you set via Social Networking Service (SNS), Social Messaging Service (SMS), Instant Messenger (Ali Trade Manager only) and/or email.
You can closely monitor your resources in real-time including ECS (Elastic Compute Service), RDS (Relational Database Service), Server Load Balancer, Block Storage volumes and tweak deployments to optimize performance and save on operational costs.
As an easy-to-use service, CloudMonitor enables you to automate the monitoring and performance of Alibaba Cloud deployments including servers and databases with custom metrics. This helps you to track and collect log files and get statistical insights into the utilization of resources running on Alibaba Cloud. You can define metrics such as memory utilization and application connections, which will provide insights to enhance application performance.
Alibaba CloudMonitor offers the following functions.
|Site Monitoring||Monitors availability of user sites||Checks status of sites including http, ping, tcp, udp, dns, pop, smtp, ftp and response time.|
|Cloud Service Monitoring||Monitoring of cloud service||Checks status of ECS CPU and memory usage, system load, disk, disk read and write, incoming data volume and outgoing data volume, TCP and process count.|
|User-defined Monitoring||Metric items defined by monitoring users||Allows customization of user-defined metrics.|
|Alarm||Raises alarm||Supports emails, messages, and Ali Trade Manager to raise alarms and notifications.|
|User Management||Manages alarm reporter and the alarm group||Sets alarm group and alarm reporter.|
Secure your cloud resources with Resource Access Management to define fine-grained access permissions for users and groups.
Alibaba Cloud Resource Access Management (RAM) is an identity and access control service which enables you to centrally manage your users (including employees, systems or applications) and securely control their access to your resources through permission levels. RAM thereby allows you to securely grant access permissions for Alibaba Cloud resources to only your selected high-privileged users, enterprise personnel and partners. This helps to ensure secure and appropriate usage of your cloud resources and protects from any unsolicited access to your account.
Alibaba Cloud Resource Access Management or RAM is a cloud-based management service designed to centrally control resource access and collectively manage users. With RAM you can create, manage and keep track of different users or groups accessing your cloud resources and grant various levels of access permissions
Create, manage, rename and delete RAM users, groups and roles; grant necessary permissions
Utilize unified management of access permissions and identity credentials for Alibaba Cloud resources
Revoke permissions from one or multiple resources or user account based on business requirement
Fine-grained Authorization: Allows you to grant permission for one or multiple operations on a single resource
For example, a resource owner can grant permission to create, perform operations or delete resources
Multi-dimensional Authorization: Restricts access permissions by IP, time and other dimensions
Version Management Mechanism: Retain multiple versions of each authorization policy to eliminate risk of unwanted deletion of policy
Allows you to define and control various authorization policies for specific Alibaba Cloud resources meeting certain business conditions
Lets you grant read-only, full, or customized permissions to users, partners and enterprise employee accounts
Enables you to define user or service specific roles
Follows Multi-Factor Authentication (MFA) technique to ensure protection for your account
Allows you to simply access and configure RAM using web-based Alibaba Cloud Management Console or APIs
Enables centralized management without paying extra charges; pay only for other services used by your RAM users
Provides one consolidated bill for all expenses incurred by resource operations performed by all users present in multiple accounts falling under one enterprise account
Create, delete and manage encryption keys with Alibaba Cloud Key Management Service
Alibaba Cloud Key Management Service (KMS) is a secure and easy-to-use service to create, control, and manage encryption keys used to secure your data
With Alibaba Cloud KMS you protect the confidentiality, integrity, and availability of keys while saving costs at the same time. You can integrate KMS with other Alibaba Cloud services such as ApsaraDB for RDS and OSS, to encrypt critical information such as certificates and keys stored with these services. You can use these keys securely and conveniently, and focus on developing encryption/decryption function scenarios.
Alibaba Cloud Key Management Service (KMS) is a fully managed service to create, delete and manage encrypted keys to protect your data. For common key management scenarios, you can use APIs or Alibaba Cloud management console to produce and manage Customer Master Keys (CMKs).
For common encryption/decryption scenarios, you can use the API to locally encrypt/decrypt small volumes of data or envelope encryption technology for relatively larger volumes of data.
Also, you can define usage policies for data encryption. You can integrate it with various Alibaba Cloud storage services to ensure the security of the stored data.
KMS enables you to easily encrypt data use SDKs or APIs to perform encryption/decryption of data keys.
Major problems to resolve using KMS:
|Role||Problem||How to resolve the problem using KMS|
|Application/Website developer||My program needs to use a key for encryption or a certificate for signature, and I hope the key is managed in a secure and independent manner. I hope I can safely access the key no matter where my application is deployed. I would never allow deploying the plaintext key randomly, which is too risky.||Through the envelop encryption technology, users can store the Customer Master Key (CMK) in KMS and deploy only the encrypted data key, and users can call KMS to decrypt the data key only when they need to use it.|
|Service developer||I do not want to be responsible for the security of users’ keys and data. I hope users can manage their keys by themselves and I can use specified keys to encrypt their data with their authorization. In this way, I can devote all energy to developing service functions.||Based on the envelop encryption technology and the open APIs of KMS, service developers can use specified CMKs to encrypt and decrypt data keys, easily satisfying the requirement of not storing the plaintext directly in a storage device; therefore, service developers do not need to worry about how to manage users’ keys.|
|Chief Security Officer (CSO)||I hope the key management of my company can meet compliance requirements. I need to ensure that keys are reasonably authorized and any use of keys must be audited.||KMS can be associated with RAM for unified authorization management.|
Allows you to create, view, enable, and disable CMKs to encrypt/decrypt data keys
Enables you to view the whole master key list for all services integrated with KMS
Enables HTTPS protocol to protect data while using SDKs to access keys
Supports HMAC-SHA1 signature scheme
Maintains confidentiality, integrity, and availability of keys used to protect data
Easily integrates with other Alibaba Cloud products such as ApsaraDB for RDS to protect the data stored using these services
Encrypts your static files stored in Object Storage Service ensuring security
Allows you to store, transfer and use encrypted data by encapsulating its data keys (DKs) in an envelope and stores CMKs in KMS
Allows users to call KMS to decrypt data key only when needed
Automatically scales to meet encryption needs as per your business requirement
Stores multiple copies of encrypted versions of your master keys ensuring high durability and availability
Potential to deploy in multiple availability zones within a region to ensure high availability of encryption keys