Management Automation — Enterprises’ Inevitable Approach to Cloud Migration

Catch the replay of the Apsara Conference 2020 at this link!

By Xuming from Alibaba Cloud Open Platform

Why Do We Need Automation on the Cloud?

However, with the constant maturity of cloud computing, it is an inevitable trend for enterprises to migrate their business to the cloud. Under such circumstances, if domestic enterprises keep their old-fashioned ideas, their business operation will be negatively affected. The management automation on cloud resources can reduce financial costs and increase enterprises’ efficiency and competitiveness by lowering technical thresholds.

Automation Needs Enterprise Customers

In the picture above, the customer wanted more than just the development of programming automation in the O&M field. The first thing the customer considered was how to manage budgets and staff. After communicating with the customer, we made a list of main requirements for the customer’s cloud migration:

1. Organization Management

Many enterprises have their own account and permission systems, which need to be interconnected with on-cloud systems. On Alibaba Cloud, enterprises can use Resource Access Management (RAM) (including identity management, permission management, and other components), resource management (including resource directories, resource groups, resource sharing, tags, and other components), and other products under the enterprise IT governance product line to interconnect those systems.

2. Orchestration Automation of Infrastructure

Alibaba Cloud has already provided more than 200 cloud services and more than 10,000 OpenAPIs. Resource orchestration tools, such as Terraform and Resource Orchestration Service (ROS), can help customers efficiently manage resources on the cloud and reduce the complexity of management with the concept of IaC.

3. Orchestration Automation of Application Programs

Open-source O&M tools, such as Ansible, Puppet, and Chef can be used for application deployment. Currently, Alibaba Cloud primarily supports Ansible and provides Operation Orchestration Service (OOS). The Open Application Model (OAM) specification was recently released as well, which further simplifies the application deployment process.

4. Security Requirements

Without automation, it is often too late to fix security loopholes manually. Powered by RAM and other security products, Alibaba Cloud’s OpenAPI system provides a high-level of security to prevent various security issues.

5. Compliance Requirements

Compliance, on the one hand, requires external compliance, such as compliance of audit data and financial data. On the other hand, it requires compliance of internal data. Alibaba Cloud provides customers with ActionTrial and Config, as well as the compliance capabilities of industries cloud. This topic will be described subsequently.

6. Monitoring Requirements

When monitoring the resources on the cloud, customers need to connect the monitoring system with operations of enterprises, including data integration and data visualization. Cloud Monitor is a useful tool for automatic monitoring on Alibaba Cloud. In addition to its visual interface, Cloud Monitor can connect to systems of customers through OpenAPI.

7. Cost Requirements

In addition to the financial compliance issues mentioned earlier (such as ledger account), it is also related to cost optimization. In this regard, Alibaba Cloud provides some methods for tagging resources, such as Tag and resource groups. These tags or resource groups enable a more refined resource allocation for customers.

8. Situation Awareness

Customers can reserve resources in advance and quickly allocate resources based on the current resource usage and historical records, or according to prior planning. This requires cloud computing products to be capable of rapid scaling as well as perceiving resource usage and planning.

Aiming at the enterprise scenarios mentioned above, I would like to introduce the sample solution launched by the Alibaba Cloud Open Platform team, which is integrated with preceding capabilities. The solution not only defines best practices for migrating enterprises’ IT to the cloud, but it also provides the automation codes for Terraform. You can download the latest codes from Github. Please visit this website and share your opinions with us.

Upgrade the OpenAPI Automation Capabilities

As shown in the picture above, Alibaba Cloud had several long-standing defects in terms of basic automation capabilities:

  • Insufficient coverage of orchestration products, such as Terraform, makes rapid orchestration impossible for some products.
  • Many ambiguous calling strategies at the OpenAPI level affect the efficiency optimization of the client. For example, the throttling threshold is not transparent, and the caller has some problems with unknown causes.
  • For important resources, it is difficult for customers to know the quota limit of resources. Therefore, customers can only raise the demand through tickets with limited response speed.
  • Due to some historical reasons, many Alibaba Cloud products need to be manually activated, which becomes a stumbling block on the automation process.
  • Customers must manually authorize the inter-access among Alibaba Cloud products in the console. This stops the progress of automatic connection.

To solve these issues, Alibaba Cloud has made efforts to eliminate barriers that affect user experience and made some achievements.

Supporting Terraform for Products

WeWork manages Terraform based on Github and Atlantis

Currently, the number of products supported by Alibaba Cloud’s Terraform has increased from 40 to 53, and the number of resources has grown to 249. It can meet the needs of most scenarios. Alibaba Cloud will launch some tools in the second half of this year, such as cloud-based Terraform workflows and the ability to visually write Terraform templates. The former can reduce the extra burden of customers in building and managing their own Terraform workflows, and the latter can improve the user experience while lowering usage costs.

Quota Management

The Quota Center Mainly Solves Three Problems:

  • Product Quotas Request: After logging on to the corresponding page, users can check the quota settings and use quotas of 15 cloud products.
  • Self-Service Application for Adjusting Quotas: Users can directly submit an application for adjusting quotas to the corresponding cloud product administrator at the quota center. The administrator will make a quick decision on whether the application should be approved or not according to the real situation of customers.
  • Providing OpenAPI and Alerts for Getting Quotas: The application on the client-side may need to acquire quota information in real-time to determine the next operation process. When the quota is insufficient, the application sends an alert to users to adjust the operation strategies in time.

Hundreds of enterprise customers have applied for quota increases through the quota center since its launch. In the future, more cloud products will be able to solve quota issues in the quota center.

Automation Activation for Cloud Products

Alibaba Cloud’s Terraform Provider has supported the automatic activation of these products. Users only need to add a DataSource corresponding to the cloud product activation in the template. Then, users need to set enable = "On" to run the terraform apply to enable automatic activation. For example, codes for activating log service Terraform automatically are listed below:

Data "alicloud_log_service" "open" {
2. Enable = "On"
3. }

Cross-Service Access to SLR

The flowchart above shows that the Service Linked Role (SLR) mechanism does not require user intervention. A sub-user with product management permission can trigger the SLR creation of the related product. At the same time, the modification and deletion are strictly controlled to avoid misoperations.

Currently, up to 36 products support SLR and more products will be supported in the second half of this year. At that time, automatic cross-service access will no longer be a problem on Alibaba Cloud.

OpenAPI Access Compliance

To meet such needs, Alibaba Cloud has upgraded its OpenAPI access compliance capability, as shown in the following picture:

In the past, customers would go through the public network when accessing OpenAPI, as shown in the picture. However, if customers need to access Alibaba Cloud OpenAPI in a VPC network, they can now change the target endpoint to xxx-vpc.[RegionId], when calling OpenAPI in a public cloud environment. Thus, all traffic destined for this target domain name is forwarded to the internal network of Alibaba Cloud instead of a public network. This enhances the security of specific industries.


Original Source:

Follow me to keep abreast with the latest technology news, industry insights, and developer trends.