阿里云中Web应用托管的最佳实践

tech2022-08-31  115

This article was originally published on Alibaba Cloud. Thank you for supporting the partners who make SitePoint possible.

本文最初发表在阿里云上 。 感谢您支持使SitePoint成为可能的合作伙伴。

Deploying a highly available and scalable web application on a traditional data center is a complex and expensive undertaking. One must invest a lot of effort and resources into capacity management. But more often than not, it ends up in over or under-provisioning of resources, further resulting in inefficient investment in underutilized hardware. To tackle this challenge, Alibaba Cloud offers a reliable, scalable, and high-performing cloud infrastructure for most demanding web application deployment scenarios. This document intends to provide practical solutions and best practices when it comes to scaling your web application on Alibaba Cloud.

在传统数据中心上部署高可用性和可伸缩性的Web应用程序是一项复杂而昂贵的工作。 必须在容量管理上投入大量的精力和资源。 但是通常情况是,它最终会导致资源过多或资源不足,从而进一步导致对未充分利用的硬件的低效投资。 为了应对这一挑战, 阿里云为最苛刻的Web应用程序部署方案提供了可靠,可扩展且高性能的云基础架构。 本文档旨在提供有关在阿里云上扩展Web应用程序的实用解决方案和最佳实践。

通用Web应用程序托管的传统解决方案 (Traditional Solution for Common Web Application Hosting)

In a traditional web hosting space, designing a scalable architecture is always a challenge. The below diagram depicts a traditional web hosting model. The purpose of this diagram is to help you compare it with a similar architecture hosted on the cloud.

在传统的Web托管空间中,设计可伸缩的体系结构始终是一个挑战。 下图描述了传统的虚拟主机模型。 该图的目的是帮助您将其与云上托管的类似体系结构进行比较。

Traditional web hosting usually follows a three-tier design that divides the architecture into presentation, application, and persistence layers. The design achieves scalability through the inclusion of additional servers at each of these layers. The architecture also has built-in high availability features. The section below examines the means of deploying this traditional web hosting in Alibaba Cloud.

传统的Web托管通常遵循三层设计,将体系结构分为表示层,应用程序层和持久性层。 该设计通过在每个这些层中包含其他服务器来实现可伸缩性。 该体系结构还具有内置的高可用性功能。 以下部分研究了在阿里云中部署这种传统虚拟主机的方法。

阿里云上的简单Web应用程序托管架构 (Simple Web Application Hosting Architecture on Alibaba Cloud)

The diagram below shows how the traditional web hosting architecture looks like when deployed using various Alibaba Cloud products and services:

下图显示了使用各种阿里云产品和服务进行部署时传统网络托管架构的外观:

The key components of this architecture include:

该体系结构的关键组件包括:

Elastic Compute Service (ECS) — Built on Alibaba Cloud's own large-scale distributed computing system, Elastic Compute Service or ECS is a scalable and highly-efficient cloud computing service. Alibaba Cloud ECS helps you to quickly build more stable and secure web applications to adapt to your business' real-time needs.

弹性计算服务(ECS) —建立在阿里云自己的大规模分布式计算系统上,弹性计算服务或ECS是可扩展且高效的云计算服务。 阿里云ECS可帮助您快速构建更稳定,更安全的Web应用程序,以适应企业的实时需求。

Object Storage Service (OSS) — Alibaba Cloud offers various options to store, access, and backup your data on the cloud. For static storage, it provides Object Storage Service (OSS) to facilitate automatic data replication and failure recovery.

对象存储服务(OSS) -阿里云提供了多种选项来存储,访问和备份云中的数据。 对于静态存储,它提供对象存储服务(OSS)来促进自动数据复制和故障恢复。

ApsaraDB for RDS — Relational Database Service or RDS is a stable, reliable, elastic and high-performance online database service based on Alibaba Cloud's own distributed system. It supports MySQL, SQL Server, PostgreSQL, and PPAS. Furthermore, it provides a comprehensive set of features including disaster recovery, data backup, monitoring, and migration.

ApsaraDB for RDS —关系数据库服务或RDS是基于阿里云自己的分布式系统的稳定,可靠,弹性和高性能的在线数据库服务。 它支持MySQL,SQL Server,PostgreSQL和PPAS。 此外,它提供了一套全面的功能,包括灾难恢复,数据备份,监视和迁移。

DNS — Alibaba Cloud DNS service provides a highly available and scalable DNS service for your domain management needs. It automatically reroutes requests for your domain to the nearest DNS server.

DNS-阿里云DNS服务可为您的域管理需求提供高可用性和可扩展的DNS服务。 它会自动将对您域的请求重新路由到最近的DNS服务器。

Server Load Balancer (SLB) — Server Load Balancer is a web traffic distribution service that maximizes and extends the external service capabilities of your web applications. By seamlessly distributing traffic across multiple cloud servers and eliminating single points of failure, SLB enhances the reliability, usability, and availability of your applications.

服务器负载平衡器(SLB) -服务器负载平衡器是一种网络流量分发服务,可最大化和扩展Web应用程序的外部服务功能。 通过在多个云服务器之间无缝分配流量并消除单点故障,SLB增强了应用程序的可靠性,可用性和可用性。

利用云进行Web应用程序托管 (Leveraging the Cloud for Web Application Hosting)

When deploying a web application on Alibaba Cloud, you should consider making modifications in your deployment to fully utilize the advantages of the cloud. Below are some key considerations of when hosting an application on Alibaba Cloud.

在阿里云上部署Web应用程序时,应考虑在部署中进行修改以充分利用云的优势。 以下是在阿里云上托管应用程序时的一些关键注意事项。

一个区域中的多个数据中心 (Multiple Data Centers in a Region)

Within a certain region, Alibaba Cloud usually operates at least two data centers called Availability Zones (AZs). Elastic Compute Service (ECS) in different AZs are both logically and physically separated. Alibaba Cloud provides an easy-to-use model for deploying your applications across AZs for higher availability and reliability.

在某个区域内,阿里云通常运行至少两个称为可用区(AZ)的数据中心。 不同可用区中的弹性计算服务(ECS)在逻辑上和物理上都是分开的。 阿里云提供了一种易于使用的模型,用于跨可用区部署您的应用程序,以提高可用性和可靠性。

Web应用程序和服务器的高安全性 (High Security for Web Applications and Servers)

Web application security is one of the primary concerns for organizations today, with more than 90% of the applications being vulnerable to security attacks. These attacks can exploit websites and inherent servers, which puts businesses at the risk of financial loss. To protect your web applications from such attacks, Alibaba Cloud provides a suite of network and application security services, such as Anti-DDoS (Basic and Pro), Web Application Firewall (WAF), and Server Guard.

Web应用程序的安全性是当今组织关注的主要问题之一,其中90%以上的应用程序容易受到安全攻击。 这些攻击可以利用网站和固有服务器,从而使企业面临财务损失的风险。 为了保护您的Web应用程序免受此类攻击,阿里云提供了一套网络和应用程序安全服务,例如Anti-DDoS (基本和专业版), Web应用程序防火墙 (WAF)和Server Guard 。

In addition to these services, users can proactively limit external traffic by defining firewalls and permissions. The diagram below depicts the Alibaba Cloud web application hosting architecture that comes with a group firewall to secure the entire infrastructure.

除了这些服务,用户还可以通过定义防火墙和权限来主动限制外部流量。 下图描述了阿里云Web应用程序托管体系结构,该体系结构带有用于保护整个基础架构的组防火墙。

For the web server cluster, a firewall security group allows access only on ports 80 and 443 (HTTP and HTTPS).

对于Web服务器群集,防火墙安全组仅允许访问端口80和443(HTTP和HTTPS)。 To protect the application server cluster, the security group allows access only from the web servers.

为了保护应用程序服务器群集,安全组仅允许从Web服务器进行访问。 For the DB server, its security group permits access to app data requests from the application servers. Additionally, the security group for DB servers permits access only from the application layer. To ensure complete security, access to port 22 (SSH) for direct host management is allowed only from the whitelisted IPs configured in the security group's firewall rules.

对于数据库服务器,其安全组允许访问来自应用程序服务器的应用程序数据请求。 此外,数据库服务器的安全组仅允许从应用程序层进行访问。 为了确保完全安全,仅允许从安全组的防火墙规则中配置的白名单IP访问端口22(SSH)以进行直接主机管理。

将ECS视为动态资源 (Treating ECS as Dynamic Resources)

To build and host a fault-tolerant and a scalable application on Alibaba Cloud, you will need a flexible system that takes the dynamic nature of ECS into account. It is essential to understand that cloud resources may become unavailable or lost in case of a failure. Moreover, once a new virtual server is provisioned, you cannot assume anything about the IP address allocated to it. To handle such scenarios, Alibaba Cloud allows you to select the location of resources and provides Elastic IPs. They are procured for keeping the IP address of a resource as static. In case you provision a new ECS instance, you can map the same EIP to the new instance.

要在阿里云上构建并托管容错和可扩展的应用程序,您将需要一个灵活的系统,该系统应考虑到ECS的动态特性。 必须了解,万一发生故障,云资源可能变得不可用或丢失。 而且,一旦配置了新的虚拟服务器,就无法假定有关分配给它的IP地址的任何信息。 为了处理这种情况,阿里云允许您选择资源的位置并提供弹性IP 。 采购它们是为了使资源的IP地址保持静态。 如果您提供新的ECS实例,则可以将相同的EIP映射到新实例。

With all these factors in mind, let's look at some of the best practices for deploying your web applications based on specific scenarios.

考虑到所有这些因素,让我们看一下基于特定方案部署Web应用程序的一些最佳实践。

最佳实践1:通过内容交付进行应用托管 (Best Practice #1: Application Hosting with Content Delivery)

Up until this point, the above web application architecture was best suited to serve all the user requests from a single central location. However, in case of high traffic volume, Content Delivery Network (CDN) helps to optimize the performance of your web application ensuring a latency-free experience.

到目前为止,以上Web应用程序体系结构最适合从单个中央位置满足所有用户请求。 但是,在高流量的情况下,Content Delivery Network(CDN)有助于优化Web应用程序的性能,从而确保无延迟的体验。

参考架构 (Reference Architecture)

With Alibaba Cloud CDN, a growing network of global edge locations is responsible for caching static and streaming content. CDN fetches original content from OSS and caches the content at edge nodes. Once cached, future requests are automatically routed to the nearest edge location to ensure content delivery with the best possible performance. This process, in turn, frees up extra load from servers due to the traffic hitting servers directly, allowing an efficient consumption of compute resources.

借助阿里云CDN ,不断增长的全球边缘位置网络负责缓存静态和流式内容。 CDN从OSS获取原始内容,并将内容缓存在边缘节点上。 缓存后,将来的请求会自动路由到最近的边缘位置,以确保以最佳性能交付内容。 反过来,由于流量直接流向服务器,此过程又释放了服务器的额外负载,从而有效地消耗了计算资源。

The following architecture diagram illustrates a typical web application hosting with CDN.

以下架构图说明了使用CDN托管的典型Web应用程序。

Alibaba Cloud CDN can also work seamlessly with any non-Alibaba Cloud origin server. There are also no financial commitments for using Alibaba Cloud CDN – you pay only for as much or as little content that actually gets delivered through the service.

阿里云CDN也可以与任何非阿里云原始服务器无缝协作。 使用阿里云CDN也没有任何财务承诺–您只需为通过服务实际交付的内容量付费即可。

最佳实践2:具有自动缩放功能的Web应用程序托管 (Best Practice #2: Web Application Hosting with Auto Scaling)

In a traditional infrastructure hosting model where you require to provision a fixed number of servers, you are forced to stand up servers based on demand spikes. This method relies on accurate capacity planning, or else would lead to considerable expenditure on unused server capacity. In the real world, a typical traffic experienced on a website looks like this:

在传统的基础架构托管模型中,您需要配置固定数量的服务器,因此,您将根据需求高峰来强制启动服务器。 此方法依赖于准确的容量规划,否则将导致未使用的服务器容量上的可观支出。 在现实世界中,网站上遇到的典型访问量如下所示:

参考架构 (Reference Architecture)

On Alibaba Cloud, a web application can leverage on-demand provisioning of additional servers, or downward adjustment during less traffic period to minimize utility cost. All of these are performed automatically by Alibaba Cloud Auto Scaling service. Instead of a traffic forecasting model to provision servers ahead, Alibaba Cloud Elastic Compute Service (ECS instances are provisioned on the fly according to a set of triggers for scaling the fleet out and back in. Addition or removal of servers managed by Auto Scaling from Server Load Balancer occurs automatically, making this deployment option a genuinely robust setup. The diagram below illustrates a typical web application hosting along with auto-scaling:

在阿里云上,Web应用程序可以利用按需配置额外的服务器,或者在较少的流量时间内进行向下调整,以最大程度地降低公用事业成本。 所有这些都是由阿里云Auto Scaling服务自动执行的。 阿里云弹性计算服务(ECS实例是根据一组触发来进行机群横向扩展和纵向扩展的触发器而动态配置的),而不是预先提供服务器的流量预测模型。从服务器自动扩展所管理的服务器的添加或删除Load Balancer自动发生,使此部署选项成为真正可靠的设置,下图说明了典型的Web应用程序托管以及自动缩放:

Let us now briefly discuss the key component of this architecture, Auto Scaling. You can set up Auto Scaling triggers depending on metrics data obtained directly from Alibaba Cloud Monitor. For example – you can set Auto-scaling to trigger if the CPU utilization has been at 75% or above for the past five minutes or in case your current application uses up to 35% of the memory. Moreover, you can also provision a set number of instances at a particular time according to the expected load and your organization's requirements.

现在让我们简要讨论该体系结构的关键组件Auto Scaling。 您可以根据直接从阿里云监控器获取的指标数据来设置Auto Scaling触发器。 例如,您可以将自动缩放设置为在过去五分钟内CPU使用率达到75%或以上,或者当前应用程序使用了35%的内存时触发。 此外,您还可以根据预期的负载和组织的要求在特定时间设置一定数量的实例。

最佳实践3:具有更高IO性能的Web应用程序托管 (Best Practice #3: Web Application Hosting with Higher IO Performance)

In the face of growing business demands, the need to maintain your application's high performance is crucial. Even the minutest of failures can lead to extreme response time and hamper user experience. The traditional single instance database design may not be sufficient enough to meet a large volume of I/O requests.

面对不断增长的业务需求,保持应用程序高性能的需求至关重要。 即使是最微小的故障也可能导致极长的响应时间并妨碍用户体验。 传统的单实例数据库设计可能不足以满足大量I / O请求。

To reduce the burden from the database, you should separate write and read requests into different database instances. While you carry out the separation, don't forget to include a memcached layer between the web hosting servers and the database.

为了减轻数据库的负担,您应该将读写请求分离到不同的数据库实例中。 进行分离时,请不要忘记在虚拟主机服务器和数据库之间包括一个内存缓存层。

There are two key components in this architecture:

此体系结构中有两个关键组件:

ApsaraDB for Memcache: It is an online open caching service that provides high-speed access to queries and data while accessing hotspot data. Additionally, it supports key-value databases and is compatible with ECS service. You can retain hotspot data and reduce the stress on the database to shorten read response time.

ApsaraDB for Memcache:这是一种在线开放式缓存服务,可在访问热点数据时提供对查询和数据的高速访问。 此外,它支持键值数据库,并与ECS服务兼容。 您可以保留热点数据并减轻对数据库的压力,从而缩短读取响应时间。

ApsaraDB for Read-only RDS: In case the read requests exceed the write requests, a single instance will fail to handle them, impacting the performance of the application. To achieve a smoother reading and writing ability, ApsaraDB can create replicas of master instances with read-only accounts for RDS in a particular region. This offers faster response to read/write requests. Additionally, the replicas handle the read requests while the master instance only caters to write requests.

ApsaraDB只读RDS:如果读取请求超出写入请求,则单个实例将无法处理它们,从而影响应用程序的性能。 为了实现更流畅的读写能力,ApsaraDB可以创建具有特定区域RDS只读帐户的主实例的副本。 这样可以更快地响应读/写请求。 此外,副本副本处理读取请求,而主实例仅满足写入请求。

最佳实践4:具有多DC灾难恢复的Web应用程序托管 (Best Practice #4: Web Application Hosting with Multi-DC Disaster Recovery)

For businesses with large-scale, mission-critical web applications, the need to maintain high availability for a seamless user experience is crucial. In spite of the fact that cloud infrastructure ensures protection through security services you still need cross-data center deployments to provide additional security. This becomes even more imperative in case of data center downtime.

对于拥有大规模,关键任务Web应用程序的企业而言,保持无缝可用性的高可用性至关重要。 尽管云基础架构通过安全服务确保了保护,但您仍然需要跨数据中心部署以提供额外的安全性。 在数据中心停机的情况下,这变得更加必要。

参考架构 (Reference Architecture)

The key feature of this cloud architecture design is to distribute all the servers and database services across multiple DCs or Available Zones. This distribution is done as long as the servers are among the same region and can serve as one single web application system.

这种云体系结构设计的关键功能是将所有服务器和数据库服务分布在多个DC或可用区域中。 只要服务器位于同一区域内并且可以用作一个单独的Web应用程序系统,就可以完成此分发。

Let us look at the key considerations of Alibaba Cloud Web Application Hosting with Multi-DC Disaster Recovery.

让我们看一下具有多DC灾难恢复功能的阿里云Web应用程序托管的主要注意事项。

Complete Automation: This architecture detects server-related problems and ensures recovery by switching the production environment with the disaster recovery environment. ApsaraDB for RDS maintains a data backup but and also turns databases endpoints automatically in case the master database machine fails to function, ensuring excellent availability.

完全自动化:此体系结构检测与服务器有关的问题,并通过将生产环境与灾难恢复环境切换来确保恢复。 ApsaraDB for RDS不仅可以维护数据备份,还可以在主数据库计算机无法正常运行时自动打开数据库端点,从而确保出色的可用性。

Full Resource Utilization: In the suggested cloud architecture, there are no resources dedicated to the DR environment. As soon as any problem occurs, the system uses resources from the production environment to ensure disaster recovery. This facilitates the full utilization of resources, which makes it a cost-effective solution for businesses.

充分利用资源:在建议的云体系结构中,没有专用于灾难恢复环境的资源。 一旦发生任何问题,系统就会使用生产环境中的资源来确保灾难恢复。 这促进了资源的充分利用,从而使其成为企业的经济高效的解决方案。

最佳实践5:具有多区域部署的Web应用程序托管 (Best Practice #5: Web Application Hosting with Multi-Region Deployment)

For businesses operating in multiple countries or planning to expand globally, having a flexible IT architecture is essential for business growth. Such companies need highly stable and superior quality networks to keep up with technology and changing demands. For such firms, the primary concern relates to the critical need for an efficient and secure network through which they can connect their global businesses. Leasing lines from telecom service providers can be a costly option for small or mid-sized enterprise companies. To address this, Alibaba Cloud offers an easy and cost-effective way to connect with different regions of the world through dedicated lines. It also provides several other solutions to address data replication/synchronization across regions.

对于在多个国家开展业务或计划向全球扩展的企业而言,拥有灵活的IT架构对于业务增长至关重要。 这些公司需要高度稳定和优质的网络来跟上技术和不断变化的需求。 对于这样的公司,最主要的问题涉及对有效和安全的网络的迫切需求,通过它们他们可以连接其全球业务。 对于中小型企业公司而言,电信服务提供商的租赁线路可能是一种昂贵的选择。 为了解决这个问题,阿里云提供了一种简便且经济高效的方式,可以通过专用线路与世界各地联系。 它还提供了其他几种解决方案来解决跨区域的数据复制/同步问题。

参考架构 (Reference Architecture)

The architecture below matches the need of multi-node deployments across different regions. An application that is deployed in China can also be deployed in the U.S. region simultaneously. The two applications interact with each other at the service and data layers. Using Alibaba Cloud Express Connect, the two VPCs in multiple regions are connected through a dedicated line. This allows a secure connection via the internet between ECS instances located in the China region and those located in the U.S. region. Despite being in different locations, the two RDS instances can also synchronize data in real time. Alibaba Cloud OSS allows cross-region data replication to meet the demands of a large volume of data replication through the Internet.

下面的体系结构满足了跨不同区域的多节点部署的需求。 在中国部署的应用程序也可以同时在美国地区部署。 这两个应用程序在服务和数据层相互交互。 使用阿里云Express Connect ,多个区域中的两个VPC通过专用线路连接。 这允许位于中国区域的ECS实例和位于美国区域的ECS实例之间通过Internet进行安全连接。 尽管位于不同的位置,这两个RDS实例也可以实时同步数据。 阿里云OSS允许跨区域数据复制来满足通过Internet进行大量数据复制的需求。

A multi-region deployment based on this architecture is simple and cost effective.Users can quickly build their multi-region application and maintain all the cloud resources around the world with a single Alibaba Cloud account. Alibaba Cloud also offers multiple data transmission solutions to address most users' business scenarios requirement.

基于此架构的多区域部署既简单又经济高效。用户可以使用一个阿里云帐户快速构建其多区域应用程序并维护全球所有云资源。 阿里云还提供多种数据传输解决方案,以满足大多数用户的业务场景需求。

结论 (Conclusion)

On comparing the traditional and cloud web hosting methods, as an organization, it is imperative for you to look beyond hardware and price to leverage the true inherent value of the hosting solution and the associated business benefits. A traditional web hosting system requires you to purchase, install, manage, and maintain the hardware setup and infrastructure to host your site; a task that can take an extremely long duration. Such necessities make the traditional hosting solution cumbersome, time-consuming, and extortionate.

作为组织,在比较传统的托管方法和云托管方法时,您必须超越硬件和价格,以利用托管解决方案的内在价值和相关的业务收益。 传统的Web托管系统要求您购买,安装,管理和维护用于设置站点的硬件设置和基础结构; 一项可能耗时极长的任务。 这些需求使传统的托管解决方案变得繁琐,费时且费力。

Moreover, most of the large-scale enterprises have a presence in multiple locations, each needing a dedicated vendor/staff. Managing these vendors from a remote location further adds up to the organizational cost. Also, there are other hidden costs such as extra taxations to procure hardware, delivery charges, and along with operational overheads.

此外,大多数大型企业在多个地点都有分支机构,每个地点都需要专门的供应商/员工。 从远程位置管理这些供应商进一步增加了组织成本。 此外,还有其他隐性成本,例如购买硬件的额外税收,运输费用以及运营开销。

In contrast, cloud web hosting offers multiple advantages with a potential to yield significant business benefits. Also, cloud web hosting ensures SLAs that promise high availability for your website. Besides, it lets you pay as you consume the resources with no hidden costs enabling you to plan your IT budget efficiently.

相比之下,云虚拟主机具有多种优势,有可能带来巨大的业务收益。 此外,云虚拟主机可确保SLA保证您网站的高可用性。 此外,它使您可以在消耗资源时付款,而没有任何隐性成本,从而可以有效地计划IT预算。

翻译自: https://www.sitepoint.com/best-practices-of-web-application-hosting-in-alibaba-cloud/

最新回复(0)