Alibaba Cloud ACK Pro and ACK@Edge: Cloud-Native Evolution for Enterprises
The Alibaba Cloud Container Service for Kubernetes (ACK) team has been exploring how to better support the hybrid cloud and the distributed cloud architecture that integrates the cloud and edge applications and better support the global application delivery, to help enterprises reduce costs and improve efficiency. In this blog,
Kubernetes-based Cloud-Native Computing
Kubernetes-based cloud-native computing has also become a new operating system. A growing number of industries and enterprises adopt and benefit from the prototype of the cloud-native operating system. Alibaba Cloud also continuously refines the cloud-native operating system provided for customers. What outstanding features does the cloud-native operating system have?
First of all, the infrastructure layer provides powerful infrastructure as a service (IaaS) resources. The computing resources based on the 3rd generation of X-Dragon architecture can be elastically scaled to provide higher performance at an optimized cost. The cloud-native distributed file system is built to persist data in containers. The cloud-native network accelerates the delivery of applications and provides application-type load balancing and container network infrastructure.
Second, the ACK service has accompanied thousands of enterprise customers to carry out a large number of production-grade scenarios at the container orchestration layer, in various industries since its launch in 2015. An increasing number of customers are arranging most or even all of their applications in a cloud-native architecture. As the business further develops, to meet the requirements for high reliability and security of large- and medium-sized enterprises, Alibaba Cloud launches ACK Pro, the Enterprise Edition of ACK. ACK Pro provides an SLA-warrantied availability and customers can be compensated for the failure to meet the availability.
Major Strengths of ACK Pro: High Reliability, High Security, and High Scheduling Performance
ACK Pro inherits all the strengths from ACK clusters of the Managed Edition, such as managed primary nodes and high availability. In addition, ACK Pro clusters provide higher reliability, security, and scheduling performance. ACK Pro is applicable to enterprise customers with massive services in production environments, where high stability and security are required.
ACK Pro is built for massive production environments in enterprises. A single ACK Pro cluster supports up to 5,000 nodes. Management resources can be automatically scaled. The etcd uses encrypted disks and adopts frequent cold and hot backup and geo-disaster recovery. Management components such as kube-apiserver and etcd have enhanced observability. You can view monitoring metrics of core management components on dashboards and set alert rules for them. The ACK team has also strengthened the autonomy mechanism for the managed primary components, striving to detect and fix errors in a timely manner to minimize adverse impact. In addition, the ACK team has made an official commitment that cluster management can provide an SLA-warrantied availability of 99.95% and customers can be compensated for the failure to meet the availability.
Container security has been valued by an increasing number of customers. ACK Pro further improves the security features during application deployment and running by introducing a new security management module. The module provides several features. First, the module allows you to configure container security policies. You can define a Kubernetes Pod Security Policy (PSP) to check whether a request to deploy and update a pod in the cluster is valid. Second, the module allows you to configure inspection jobs for the cluster. The module can scan and detect security risks in the workload configurations of the cluster and interprets the information in the inspection reports. Based on this, you can learn whether the runtime configurations of applications in the current state are secure in real time. Third, the module monitors runtime security and generates alerts. Specifically, it scans and terminates malicious image startup, viruses, and malware and detects attacks on the container side, such as intrusions into containers, container escapes, and high-risk operations on containers. ACK Pro also allows you to encrypt and decrypt secrets data by using the keys defined in Alibaba Cloud Key Management Service (KMS). This way, secrets can be encrypted when they are stored in disks. In addition, ACK Pro supports sandboxed containers and encrypted computing clusters, providing comprehensive security assurance.
High Performance Scheduling
ACK Pro has enhanced the scalability of the native kube-scheduler in Kubernetes. It supports batch scheduling. You can schedule a group of associated processes or jobs to a cluster at a time based on the All-or-Nothing principle. This prevents deadlocks caused by scheduling failures of some jobs. In addition, it provides topology-aware CPU scheduling for CPU-sensitive workloads. This ensures resource allocation to this type of business and avoids performance deterioration caused by context switching. In our best practices, intelligent CPU scheduling improves the performance of applications in X-Dragon-based Elastic Compute Service (ECS) Bare Metal instances by 60% to 150% and decreases the latency of applications by 100% under high loads.
ApsaraVideo has used ACK as the service basis to manage resources on tens of thousands of nodes in more than 10 regions around the world. ACK Pro ensures O&M efficiency and high stability for massive computing resources at the infrastructure layer, allowing the ApsaraVideo team to focus on the video field to provide more value to customers.
ACK Pro has been available for public preview. You are welcome to apply for a trial on the official website.
Commercialized ACK@Edge Has Helped Several Enterprises Implement Edge Containers
In the era of the Internet of Everything (IoE), many enterprises are exploring the measures to extend the computing power of intelligent edges to edge nodes such as IoT devices. They are seeking to increase the connection speed, improve the real-time performance of services, and reduce the transmission restrictions caused by the central cloud and network.
Alibaba Cloud has deeply researched the requirements for implementing edge computing and cloud native and led the concept of “cloud-edge integration” in the industry. In June 2019, Alibaba Cloud officially released ACK@Edge. This edge container is designed to “extend cloud-native capabilities to the edge” and manage and control edge clouds, edge devices, and terminals in a centralized manner to achieve cloud-edge-terminal collaboration.
In the past year, ACK@Edge has been used in scenarios such as live audio and video streaming, cloud gaming, industrial Internet, transportation and logistics, and city brain. It has been providing services for Hema Fresh, Youku, ApsaraVideo, and many Internet and new retail enterprises.
After ACK@Edge is used in YY, YY can use APIs to manage and maintain edge container clusters and central container clusters in a centralized manner. This enables quick access to the edge computing power and autonomy of edge nodes. In addition, this allows YY to seamlessly access Prometheus to report monitoring data, significantly improving the overall O&M efficiency and resource utilization.
As its business grows, Youku is considering extending its centralized architecture from the Internet data center (IDC) to the edge architecture. Youku uses ACK@Edge to manage thousands of edge nodes of Alibaba Cloud in dozens of regions and release and elastically scale applications in a centralized manner. The dynamic scaling capability has reduced their machine costs by 50%. After the new architecture is used, the video playback pipeline is shifted from the Internet to the pipeline that starts from the Alibaba Cloud global network to edge nodes and then to terminals, reducing the network latency by 75%.
ACK@Edge allows Hema Fresh to build digital full-pipeline integration of people, goods, and sites and implement cloud-edge-terminal collaboration. Based on the excellent resource scheduling and application management capabilities of the cloud-native technology system and the advantages of nearby access to edge computing and real-time processing, Hema Fresh has achieved “cost reduction and efficiency improvement” in all aspects. The computing resource cost in stores has been reduced by 50% and the service provisioning efficiency at new stores has improved by 70%.
After ACK@Edge is commercially launched, ACK@Edge continues to meet the requirements for enterprise-grade edge containers for customers. ACK@Edge is applicable to scenarios including edge intelligence, smart buildings, smart factories, live audio and video streaming, online education, and content delivery networks (CDNs).
Cloud-native technology can maximize the scalability of the cloud, helping enterprises reduce costs and improve efficiency. It also provides more room for innovation. Cloud native will be combined with new technologies such as AI, edge computing, and confidential computing to build an intelligent, connected, and trusted innovative infrastructure for the digital economy.
“We are developing ACK products to be a new cornerstone, a new computing power, and a new ecosystem,” said Yi Li. “Cloud-native technologies are becoming the shortest path to realize the value of the cloud. The Alibaba Cloud team will help enterprises better support hybrid cloud, distributed cloud architectures with cloud-edge integration, and global application delivery. Alibaba Cloud will accelerate the upgrade to intelligent business by driving technical innovations on software and hardware integration based on cloud native, such as the X-Dragon architecture, Hanguang network processing units (NPUs), and shared scheduling of graphics processing units (GPUs). In addition, we will open up the technological ecosystem and global partner programs to allow more enterprises to enjoy the benefits of technologies in the era of cloud.”