SCHEDULE A CALL

Cloud Monitor

Automate performance monitoring of all your web resources and applications in real-time



Overview

Alibaba CloudMonitor is a flexible monitoring service that provides in-depth insights into your cloud deployments. CloudMonitor provides advanced analytics on critical metrics such as CPU utilization, latency and also lets you customize metrics specific to business requirements.

CloudMonitor enables you to protect your deployments from security threats, network issues or system failure by sending alerts through a variety of channels including Social Networking Service (SNS), Social Messaging Service (SMS), instant messenger and email when a threat is detected.



Product Details

Alibaba CloudMonitor provides a solution that adds another layer of security to your cloud deployments as it can detect intrusions and security breaches according to the metrics you define. This can raise an alarm that you set via Social Networking Service (SNS), Social Messaging Service (SMS), Instant Messenger (Ali Trade Manager only) and/or email.

You can closely monitor your resources in real-time including ECS (Elastic Compute Service), RDS (Relational Database Service), Server Load Balancer, Block Storage volumes and tweak deployments to optimize performance and save on operational costs.

As an easy-to-use service, CloudMonitor enables you to automate the monitoring and performance of Alibaba Cloud deployments including servers and databases with custom metrics. This helps you to track and collect log files and get statistical insights into the utilization of resources running on Alibaba Cloud. You can define metrics such as memory utilization and application connections, which will provide insights to enhance application performance.



Benefits

Site Monitoring

  • Provides statistical calculations, monitors the status of your web applications and helps in cloud server monitoring.
  • Notifies you during any security menace or incidents of application failure.

Cloud Service Monitoring

  • Monitors Alibaba Cloud services including Elastic Compute Service, Relational Database Service and Server Load Balancer.
  • Provides preconfigured metrics for each service which helps to monitor each service.

Customized Monitoring

  • Customized monitoring services developed to suit unique business requirements.
  • You can also define metrics such as memory utilization and application connections, which will provide insights to enhance application performance.

Detailed Analytics

  • Stores unlimited data on the cloud, enabling precise and detailed analysis of trends based on historical data.


Features

Advanced Monitoring

  • Provides insights into CPU utilization and other performance metrics of ECS instances without additional charges.
  • Monitors other Alibaba Cloud resources when required.
  • Monitors application availability and accessibility from different ports.
  • Monitors site availability and response time.

Alarm and Contact Management

  • Provides uniformed and batch management services for alarm notifications.
  • Supports notifications through SNS, SMS, Ali Trade Manager and email.

Open Source Service

  • Offers distributed architecture that supports access from multiple Internet Data Centers.
  • Provides APIs to flexibly access other cloud products and services.
  • Customize data monitoring rules using open rules and interactive data interfaces.

Network Advantage

  • Seamless data transmission among Alibaba Cloud data centers via Intranet without consuming public bandwidth.
  • Offers multi-line access to backbone networks.
  • Provides reliable and efficient data transmission between multiple nodes.

Alibaba CloudMonitor offers the following functions.

Module Capability Main functions
Site Monitoring Monitors availability of user sites Checks status of sites including http, ping, tcp, udp, dns, pop, smtp, ftp and response time.
Cloud Service Monitoring Monitoring of cloud service Checks status of ECS CPU and memory usage, system load, disk, disk read and write, incoming data volume and outgoing data volume, TCP and process count.
User-defined Monitoring Metric items defined by monitoring users Allows customization of user-defined metrics.
Alarm Raises alarm Supports emails, messages, and Ali Trade Manager to raise alarms and notifications.
User Management Manages alarm reporter and the alarm group Sets alarm group and alarm reporter.

Resource Access Management

Secure your cloud resources with Resource Access Management to define fine-grained access permissions for users and groups.

Overview

Alibaba Cloud Resource Access Management (RAM) is an identity and access control service which enables you to centrally manage your users (including employees, systems or applications) and securely control their access to your resources through permission levels. RAM thereby allows you to securely grant access permissions for Alibaba Cloud resources to only your selected high-privileged users, enterprise personnel and partners. This helps to ensure secure and appropriate usage of your cloud resources and protects from any unsolicited access to your account.



Product Details

Alibaba Cloud Resource Access Management or RAM is a cloud-based management service designed to centrally control resource access and collectively manage users. With RAM you can create, manage and keep track of different users or groups accessing your cloud resources and grant various levels of access permissions



Benefits

Centralized management

  • Create, manage, rename and delete RAM users, groups and roles; grant necessary permissions

  • Utilize unified management of access permissions and identity credentials for Alibaba Cloud resources

  • Revoke permissions from one or multiple resources or user account based on business requirement


High Flexibility

  • Fine-grained Authorization: Allows you to grant permission for one or multiple operations on a single resource
    For example, a resource owner can grant permission to create, perform operations or delete resources

  • Multi-dimensional Authorization: Restricts access permissions by IP, time and other dimensions

  • Version Management Mechanism: Retain multiple versions of each authorization policy to eliminate risk of unwanted deletion of policy


Multiple Authorization Scenario Support

  • Allows you to define and control various authorization policies for specific Alibaba Cloud resources meeting certain business conditions

  • Lets you grant read-only, full, or customized permissions to users, partners and enterprise employee accounts

  • Enables you to define user or service specific roles


Enhanced Security

  • Follows Multi-Factor Authentication (MFA) technique to ensure protection for your account


Usability

  • Allows you to simply access and configure RAM using web-based Alibaba Cloud Management Console or APIs


Complimentary Service with Alibaba Cloud Subscription

  • Enables centralized management without paying extra charges; pay only for other services used by your RAM users

  • Provides one consolidated bill for all expenses incurred by resource operations performed by all users present in multiple accounts falling under one enterprise account



Features

Identity Management

  • User Identity Management: Create and manage user identities and grant permissions using the primary account
  • Multi-factor Authentication: Supports MFA devices that comply with TOTP protocol standard (RFC 6238) to keep user passwords secure and assign special permissions like shutting down virtual hosts
  • Independent Password Policy Management: Create custom password strength policies for users and set the number of allowed login attempts, password validity periods, and other password policies
  • User Groups: Create and manage user groups for assigning same set of permissions to multiple users
  • Access Keys: Set access keys for users wanting to perform operations using the console. You can also set API access keys if users want to call APIs

Authorization Management

  • Execution Permission: Set permissions for allowing or denying execution of certain operations on specific resources under certain conditions
  • Custom Authorization: Use custom authorization policies to manage user permissions effectively
  • Group Permission: The grouped authorization mechanism allows for scenario-specific authorization to reduce burden of permission management
  • User Authorization: Grant user or user group authorization to users under your or other Alibaba Cloud account

Authorization Policy Management

  • Custom Policy: Create, modify, and delete custom authorization policies for detailed requirements, such as controlling operation permissions for a certain ECS instance or resource operator request to come from a specified IP address
  • Resource Access: Users can access resources and perform operations on them using console, APIs, or client tools like aliyuncli

Alibaba Security Token Service

  • Access Permission: Security Token Service grants specific cloud resource access permissions to mobile clients, giving your mobile customers direct access to cloud resources
  • Custom Validity: Supports custom token validity periods for enhanced security

Centralized Control

  • User Resource Access Methods: Provides users with security channels (such as SSL) to request access to specific cloud resources at the designated time and from the specified source IP
  • Role and External Account Identity Federation Management: Associate RAM roles with external identity systems (such as your local enterprise domain accounts or app accounts) and directly use an external identity to log on to a RAM role to access Alibaba Cloud console or API
  • Cloud Resources: Control data instances created by RAM users in a centralized manner, so that you have full control over these instances and data after a user has left your organization

Usage and Billing

  • Free of Charge: RAM is offered at no additional cost. You are charged only for other Alibaba products/services used by RAM users
  • Consolidated Bill: Your account receives a consolidated bill for all expenses incurred from resource operations performed by all RAM users/accounts

Key Management Service

Create, delete and manage encryption keys with Alibaba Cloud Key Management Service

Overview

Alibaba Cloud Key Management Service (KMS) is a secure and easy-to-use service to create, control, and manage encryption keys used to secure your data

With Alibaba Cloud KMS you protect the confidentiality, integrity, and availability of keys while saving costs at the same time. You can integrate KMS with other Alibaba Cloud services such as ApsaraDB for RDS and OSS, to encrypt critical information such as certificates and keys stored with these services. You can use these keys securely and conveniently, and focus on developing encryption/decryption function scenarios.



Product Details

Alibaba Cloud Key Management Service (KMS) is a fully managed service to create, delete and manage encrypted keys to protect your data. For common key management scenarios, you can use APIs or Alibaba Cloud management console to produce and manage Customer Master Keys (CMKs).

For common encryption/decryption scenarios, you can use the API to locally encrypt/decrypt small volumes of data or envelope encryption technology for relatively larger volumes of data.

Also, you can define usage policies for data encryption. You can integrate it with various Alibaba Cloud storage services to ensure the security of the stored data.

KMS enables you to easily encrypt data use SDKs or APIs to perform encryption/decryption of data keys.


Major problems to resolve using KMS:

Role Problem How to resolve the problem using KMS
Application/Website developer My program needs to use a key for encryption or a certificate for signature, and I hope the key is managed in a secure and independent manner. I hope I can safely access the key no matter where my application is deployed. I would never allow deploying the plaintext key randomly, which is too risky. Through the envelop encryption technology, users can store the Customer Master Key (CMK) in KMS and deploy only the encrypted data key, and users can call KMS to decrypt the data key only when they need to use it.
Service developer I do not want to be responsible for the security of users’ keys and data. I hope users can manage their keys by themselves and I can use specified keys to encrypt their data with their authorization. In this way, I can devote all energy to developing service functions. Based on the envelop encryption technology and the open APIs of KMS, service developers can use specified CMKs to encrypt and decrypt data keys, easily satisfying the requirement of not storing the plaintext directly in a storage device; therefore, service developers do not need to worry about how to manage users’ keys.
Chief Security Officer (CSO) I hope the key management of my company can meet compliance requirements. I need to ensure that keys are reasonably authorized and any use of keys must be audited. KMS can be associated with RAM for unified authorization management.


Benefits

Fully Managed

  • Enables easy encryption/decryption of data keys by allowing storage of Customer Master Key (CMK) in KMS
  • Manages availability, security, and maintenance of underlying infrastructure

Secure

  • Transfers data over Transport Layer Security (TLS) to ensure complete security of your data

Easy Management of User Keys

  • Envelope Encryption Technology
  • Uses specified CMKs for easy encryption/decryption of data
  • Eliminates need to store plain text directly in storage device

Easy to Use

  • Enables easy encryption/decryption of data keys by allowing storage of Customer Master Key (CMK) in KMS
  • Manages availability, security, and maintenance of underlying infrastructure

Multi-region Support

  • Supports five regions worldwide; usage limits are relatively independent for each user in different regions

Cost-Effective

  • Saves cost compared to procuring expensive hardware equipment to secure physical environment
  • Pay only for resources needed as per your business requirements


Features

Key management-related functions

  • Allows you to create, view, enable, and disable CMKs to encrypt/decrypt data keys

  • Enables you to view the whole master key list for all services integrated with KMS

Security

  • Enables HTTPS protocol to protect data while using SDKs to access keys

  • Supports HMAC-SHA1 signature scheme

  • Maintains confidentiality, integrity, and availability of keys used to protect data


Easy Integration

  • Easily integrates with other Alibaba Cloud products such as ApsaraDB for RDS to protect the data stored using these services

  • Encrypts your static files stored in Object Storage Service ensuring security

Envelope Encryption Technology

  • Allows you to store, transfer and use encrypted data by encapsulating its data keys (DKs) in an envelope and stores CMKs in KMS

  • Allows users to call KMS to decrypt data key only when needed

Scalability and Durability

  • Automatically scales to meet encryption needs as per your business requirement

  • Stores multiple copies of encrypted versions of your master keys ensuring high durability and availability

  • Potential to deploy in multiple availability zones within a region to ensure high availability of encryption keys