Accelerate and Protect Your Websites and Apps with Anti-DDoS Premium’s Mainland China Acceleration (MCA) Service
By Thomas Poon, Solutions Architect
After successfully building your website, web application, or mobile applications, you need to carefully consider how you would launch your product. This may include network considerations as well as security considerations.
In particular, you may be concerned about protecting your websites or apps against external threats, such as DDoS attacks. While DDoS attacks typically do not sacrifice data privacy, it will make your application unresponsive or even forcing your internet service provider to “blackhole” the whole website.
In this article, I’ll show you how to use Alibaba Cloud’s Anti-DDoS Premium to protect your critical assets against DDoS attacks. I’ll also show you how to accelerate access for Mainland China users to your application hosted outside Mainland China, such as Singapore and Hong Kong, with the new Mainland China Acceleration (MCA) service.
The following will be a step-by-step explanation about how to configure the whole setup in under 30 minutes.
Setting Up Anti-DDoS Premium Mainland China Acceleration (MCA) Service
We have set up an internet accessible website, hosted on Alibaba Cloud OSS: http://websitetemplate.oss-cn-hongkong.aliyuncs.com
For this tutorial, we’ll imagine this is our original website that we wish to protect and accelerate.
Access the Anti-DDoS Premium console, purchase the Anti-DDoS Premium service together with the Mainland China Acceleration instance (you may contact Alibaba Cloud to assist you).
- For the Anti-DDoS Premium insurance plan: It provides 2 unlimited mitigations per month (unlimited plan available).
- For the Mainland China Acceleration plan: By default it provides 10Mb accelerated bandwidth between Mainland China and overseas.
Now we can start configuring the Anti-DDoS + MCA services. Click Provisioning -> Add Website
Complete the setup as below :
Website domain: demo.alibabacloudhk.com (we want end user to use this domain name to access)
Protocol : HTTP (it also supports web socket)
Origin Server : websitetemplate.oss-cn-hongkong.aliyuncs.com (this is our website)
Then click Add Website
The DDoS protection setup is almost complete. Click Return to Website List
You will be able to see that the Domain is configured to Anti-DDoS and MCA instance IPs.
Configuring the Mainland China Acceleration Selector
Next we will configure the MCA, so that for China Mainland users will use the MCA first, and fail-over to Anti-DDoS IP if MCA is under attack.
Switch to the Security Traffic Manager tab and click Add Rule
Add the MCA rule in which the MCA IP has a high priority and the Anti-DDoS IP is low Priority.
The Security Traffic Manager will generate a CNAME record, which is responsible for the traffic fail-over between the MCA IP and then Anti-DDoS Premium IP address if necessary.
Setting Up the DNS Service for Mainland User
Now we will configure the DNS service, so the user will be able to resolve demo.alibabacloudhk.com to MCA and Anti-DDoS Premium.
Go to the Alibaba Cloud DNS service console. Under Domains, click on your domain name.
Click Add Record, and then set the demo.alibabacloudhk.com as CNAME “58nz89begh5mzq5d.scommander.com”
Verifying the Results from Mainland China
You can find any machine located in China, to ping the hostname, you will find the hostname will first resolved to the CNAME, and then connect to the MCA with extremely fast speed ( ~ 31ms from Shanghai to Hong Kong ).
The procedures just configured the following architecture.
Now your website is protected by Alibaba Cloud’s Anti-DDoS Premium service, and accelerated to Mainland China users as well.