Hello everyone. Welcome to Alibaba Cloud ACA system operators certification training. In this chapter, we will introduce networking on Cloud, including how to apply Alibaba Cloud and networking features to implement a connectivity to build a full mesh to global network on Cloud, and also apply the networking security solutions. In this section, we will introduce the comprehensive networking products such as VPC, CEN, EIP, NAT gateway, Express Connector, SLB, VPN Gateway Global Accelerator, Anti-DDoS etc. Let's start from the introduction about Alibaba global network infrastructure. In 2021, Alibaba Cloud has deployed 23 global regions, including 12 international region and the 11 mainland China region in total would provide the 110 POP access point to interconnect your on-premise datacenter to the Cloud regions. We also provide more than 2,800 CDN nodes to accelerate your content delivery. In Asia Pacific, we have China, mainland China, Hong Kong, Japan, Indonesia, Australia, Singapore, Malaysia, India, and Dubai region. In Europe we have UK and Germany region. In USA, we have US West and the US East regions. In the next section, we're going to take a look of the service portfolio of networking family. If we divide your digital transformation journey into different phase, we can leverage different networking products to help you accelerate your digital transformation. From the network connecting to Cloud phase, you have your existing on-premise network and you also need to interconnect to the Cloud network. In this phase, you can use Express Connect or VPN gateway or Smart Access Gateway to build this interact connection between your on-premise network and the Cloud network and finally, build a hybrid Cloud. You can use shared traffic package, shared bandwidth package to optimize your traffic costs. For your network on the Cloud you can use virtual private Cloud to define your network's goal, how many private IP you may need and how many subnet you may need. Then you can use several load balancer to expose your public facing surveys to the Internet. You also can band Elastic IP to your ECS to your back-end application server in order to expose this server to the Internet. You also can deploy a NAT gateway by divine the SNAT and DNAT entry, You can control the incoming and outcoming traffic using the Elastic IP addresses. When a large amount of application has been deployed on the Cloud in your global network. In this phase, you may need to build a full mesh to global network with interconnectivity. We can leverage Cloud Enterprise Network or global accelerator to help you build a full mesh the global network. You can deploy this global connection within minutes encoding all the 23 regions we mentioned before. We provide a very high network availability to 99.95 percent. In the next section, we will take a look of the Hybrid Cloud Network Solutions. In this hybrid Cloud phase, you will have your on-premise network. You also have your Cloud network deployed in the nearest region to your on-premise region. You may need to interconnect the two networks. We can leverage, first of all, we can use VPN gateway to do that IPSec connection between your headquarter network and the nearest Cloud network. You also can deploy Smart Access Gateway, which is SD-WAN solution, a hardware solution to be plugging to your site network, your branch office network, or your branch hotel, supermarket network to facilitate this interconnection. Another solution is to deploy a leased line by using Express Connect between your IDC network and the Cloud network. This leased line solution is more expensive, but the connection is more secured and the network quality will also be improved comparing to the IPSec connection. For your network already on the Cloud, of course, you can deploy your backend service in different availability zones to prove the service availability. You can deploy your application on the ECS in Zone A and Zone B. In order to expose this application to the Internet, you have different options. First option is you can directly bend the EIP with your backend ECS instance. Then the Internet custom user can get access to your application using this IP address. Another option is to bend this backend the ECS group with a load balancer with SLB. In this case, the SLB will distribute order, Internet, and request and according to your forwarding rule, SLB will forward the traffic to the corresponding backend servers. The third option is to use NAT gateway by defining SNAT and DNAT, you can manage the incoming and outcoming traffic. Especially when your ECS need to get some content from Internet, for example, to download a hotfix to fix a vulnerability detected in your ECS, you may need to use NAT gateway in order to communicate with Internet. For interconnecting your current region with different region, you can use CEN, you just need to attach your VPC into the CEN instance and then different VPC in different region can be communicated with each other. In the previous overview, we mentioned Express Connect. This product can help you build a private network communication channel between VPC and your local IDC. For Express Connect, we have two options. First option is to build a lease line using our partner's network. For example, Express Cloud Exchange to establish a leased line between the IDC and Alibaba Cloud POP access point. Once your network has been added into Alibaba Cloud POP access point, it will generate a virtual border router and you can add this VBR into the CEN network. Finally, your IDC can communicate with different VPC inside the CEN. Another option is to build a direct lease line between your IDC and Alibaba Cloud POP access point. Now let's take a look of the Global Cloud Network Solution. CEN which is short for Cloud enterprise network can provide the intranet full meshed network and it can be deployed within several minutes and finally, can connect your business all around the world. The CEN deployment is very easy, so we can set up a multi-region network environmental in just four easy step within five minutes. It's cost effective comparing to manage different ISB webinars. You just need to sign one single CEN instance and the bandwidth package and all will be managed by Alibaba Cloud. We'll provide a mounted link redundancy with a very good service availability, 99.95 percent. Since you are no longer using Internet to communicate between different regions, you are using intranet, the data is transferred via intranet is more secured. We take this example. Imagine you have your on-premise data center in Hong Kong. You have your office network in Beijing. You have your branch network in London. You have VPC in London and you also have some mobile device and laptop in order to connect it to the intranet. For all such kind of purpose, we can just simply create a CEN instance and attach different networks into the CEN. We can attach Hong Kong VPC into CEN. We can use Express Connect to interconnect your IDC to CEN and you can then attach your branch network in London using the SHG. You can attach your mobile device to connect to CEN using VPN gateway to generate SSL-VPN. Finally, all kind of networks can be attached into the CEN and then you can use CEN bandwidths package to manage the cross region communication. For example, if you have your networking in Mainland China and you have network in Europe, in this case you should purchase the bandwidth package between Mainland China and then Europe. If you have some SaaS solution and the back-end server is located in LAC region, but your end-user is located in a different region and they have the connectivity issue or performance issue using Internet, for this pen point, you can use global accelerator. We just take example from China Mainland and the USA. Imagine you have some SaaS solution, the back-end server is located in the USA, we take an example like your Office 365 or Salesforce, just an example and your end user located in China mainland they have connectivity issue or performance issue with very high latency and a high packet loss to rate. For this pen point, you can use global accelerator to improve the user experience. You just need to decide in which region is your accelerates ration region in China Mainland, in North, South, or East or West China then we will deploy our accelerator IP for your end user located in this region. You have to specify the listener based on which part we can transport and for what the user request. You also need to specify the endpoint group. You can forward the traffic to the original server located in the USA and you can also specify how many percent of traffic go to the server A, how many percent of the traffic go to server B. The back-end server located in Alibaba Cloud, it can also be hosted in some other platform like AWS or your on-premise data center. For the last mile connection, you can use Internet or you can build a lease line using Express connect. To protect your public facing applications, you can put anti-DDOs prime in or pro service in front of a global accelerator in order to mitigate the DDOS attacks. The autotraffic including attack traffic and normal traffic will first of all go to anti-DDOs endpoint. We will do the mitigation and only the clean traffic can reach out to global accelerator endpoint. Only the authorized request can reach out to your back-end service. That can protect your back-end service from a DDos attack, and improve your service availability and the user experience. Let's put all together to summarize all the networks product and solution we mentioned before. First of all, we start from the user network. Imagine you have a different kind of existing networks in, for example, your Hangzhou headquarter network, Beijing branch network, your mobile device, your Shanghai IDC, your Hong Kong IDC, etc. Then you can use different service to build a hybrid Cloud for interconnecting your existing network to the nearest Cloud network. For example, you can use express connect to build a lease line. You can use SAG to build a IPSec connection, you can use VPN gateway of course to build also IPSec connection in order to connect to the nearest Alibaba Cloud region. Then finally, build a hybrid cloud. With different hybrid Cloud deployed in different region, you may need to interconnect different region and to build a full mesh to the global network. You'll have to use Cloud Enterprise Network to get access from one point, connect all the networks over the world. For your service already deployed on the Cloud, you can define a VPC to define your networks scope and ip address numbers and use EIP, NAT gateway or SLB to expose your public facing service and use objects Storage Service, RDS or ECS to host your application and store your data. Finally, you can reach out to Internet or get access from the Internet. It's almost the end of the chapter. In this networking on the Cloud chapter, we introduced VPC, CEN, EIP, NAT gateway, Express Connect, SLP, VPN gateway, global accelerator , and Anti-DDoS protection. Either you want to build format the global network or build a hybrid network, or just accelerate one SaaS solution from different region, you always can pick up to corresponding service from our networking family. Thank you for watching this chapter, see you in the next chapter.
