Cloud Deployment Process for Internet of Vehicles: IoV Series (III)

We have discussed the application architecture and service selection on the cloud. This chapter summarizes the process of cloud migration. You will have to go into more details during the migration, we will omit some details to focus on the main procedures. The following figure shows the general migration process:

The migration to Alibaba Cloud involves the following stages: database configuration and data migration, deployment of basic services such as the Dubbo service, MQ service and storage service, application deployment and configuration, functional testing and integration testing, and flow cutting and security reinforcement.

Database Preparation and Configuration

For security and stability purposes, add the IP addresses or IP address segment for accessing the database to the whitelist of the target instance before you use the RDS instance. We recommend that you maintain the whitelist periodically because correct use of the whitelist improves access security for your RDS instance.

After you create the database and account, configure the migration task. Use the same method to migrate offline data to the cloud database with Data Transmission Service.

Data Transmission supports data migration between Redis instances. If the source instance is a user-created Redis instance, Redis migration supports incremental data synchronization, which enables smooth Redis data migration without stopping local application servicesd.

MongoDB clusters are migrated to ApsaraDB for HBase clusters. HBase supports a lot of scenarios and can be selected based on the business model. The ratio depends on the service QPS, storage capacity, read and write requests, delays, and stability. You can choose the SSD cloud disk, ultra cloud disk, exclusive specifications, general specifications, and 4cpu8g to 32cpu128g for your ApsaraDB for HBase cluster.

The master node does not provide storage and uses primary and backup protection for single-point disaster tolerance by default. The SSD cloud disk is more stable than the ultra cloud disk and has better performance for reading, especially in the random read.

For a large data volume and common response delay, select the common 4cpu16g disk and ultra cloud disk, where you can mount a lot of disks. If you require a low response delay, select the exclusive 8cpu32g or 16cpu64g model, and use the SSD cloud disk. If you do not have high requirements for QPS (such as 10,000 to a million QPS), select the 4cpu8 or 4cpu16g model. If you require excellent reading performance, select the 1:4 memory model, generally with 1:2 reading.

For Elasticsearch, we strongly recommend that you configure monitoring and alarms for the following parameters:

  1. Cluster status (The cluster status indicator is green or red)
  2. Node disk usage (%) (The alarm threshold must be less than 75% and cannot exceed 80%.)
  3. Node HeapMemory usage (%) (The alarm threshold must be lower than 85% and cannot exceed 90%.)
  4. Node CPU usage (%) (The alarm threshold cannot exceed 95%)
  5. Node load_1m (The reference value is 80% of the number of CPU cores.
  6. Cluster query QPS (count/second)
  7. Cluster write QPS (count/second)

Basic Service Preparation and Configuration

Object Storage Service (OSS)

Message Queue (MQ)

Distributed Application Configuration Center

MaxCompute

Application Deployment and Configuration

Server Load Balancer configuration

Test and verification

Traffic Cutover

Although the domain name has been resolved to the new IP address, the shortest cycle of resolution record refreshing is only 10 minutes. However, we are unable to control local DNS caches on clients, which means some customers still visit the old site. For customers still visiting the IDC, we enable 302 redirection on the front-end Nginx server of the IDC to direct the customers to Alibaba Cloud.

As the Nginx server is based on Layer-7 Server Load Balancer, you need to match it to the domain name. “server_name” of the Nginx server corresponds to the domain name configured for the redirection URL. To resolve the domain name to the Alibaba Cloud IP address, you can set the IP address to the Alibaba Cloud IP address on the host configuration page for the Nginx server. Observe for a period of time until all traffic is smoothly cut over to Alibaba Cloud. However, it is recommended that you retain old applications for a period of time in case of an emergency. In case of any problems, you can modify DNS resolution to quickly restore original services.as shown in the following figure.

Enterprises need to develop detailed rollback plans based on their business. For example, if business is important and no data errors are tolerable, it is recommended to synchronize the online database with the offline database when databases are cut over to the cloud. You can set the online database as a master database, set the offline database as a slave database, and enable master-slave synchronization to ensure data consistency. Although the operation process is complex, it is necessary to anticipate risks and measures. For important services and data, it is necessary to prepare a detailed cutover plan and rollback plan. However, for less important and influential services with a high rollback price, you need to handle the situation flexibly.

Security Reinforcement

Anti-DDoS Service Pro Configuration

After configuration on the Alibaba Cloud Security Anti-DDoS console is completed, the Anti-DDoS Service Pro instance can forward request messages passing through the Anti-DDoS Service Pro port to the corresponding origin site (real server) port. To maximize the stability of services, it is recommended that you perform a local test before fully switching services. You can locally access the backend service port of the Anti-DDoS Service Pro instance through the telnet command. If the telnet command is available, data is successfully forwarded.

Web Application Firewall (WAF) Configuration

Before you cut over service traffic to the WAF instance, you should locally verify whether all configurations and WAF forwarding are normal. First, modify the local hosts file to ensure that request messages to protected sites pass through the WAF instance first. Modify the hosts file and save the changes. Ping the protected domain name locally. The IP address to which the domain name is resolved is expected to be the previously bound WAF IP address. If the IP address is still the source site address, you can refresh local DNS caches (you can run the ipconfig/flushdns command on the Windows cmd CLI). After confirming that the address in the hosts file takes effect (the domain name is resolved locally to the WAF instance IP address), open the browser and enter the domain name. The website can be accessed if the WAF instance is configured correctly.

Modify the DNS and resolve the website domain name to the WAF instance IP address to cut over services. After the website domain name is resolved to the WAF instance IP address, the DNS is connected to the WAF instance to be protected. After configuring the resolution record, you can ping the website domain name or other tools to check the effectiveness of DNS resolution.

Reference:https://www.alibabacloud.com/blog/cloud-deployment-process-for-internet-of-vehicles-iov-series-iii_594264?spm=a2c41.12414498.0.0

Follow me to keep abreast with the latest technology news, industry insights, and developer trends.