IT2314

Database, Security, and CDN Services

Database Services
A database is a collection of files that contain data organized using a given model. An instance contains a set
of background processes and memory structures. It is the data management software that connects users and
the operating system.

Types of Database
• A relational database organizes data using a relational model. Data is stored in rows and columns. A
user retrieves data from a database through a query, which is a type of command that qualifies certain
areas of the database. A relational model can be simply understood as a two-dimensional table model,
and a relational database is a way of organizing data consisting of two-dimensional tables and their
relationships.
• A non-relational database refers to a non-relational data storage system not compliant with ACID
properties.

ACID stands for atomicity, consistency, isolation, and durability.

• Atomicity: Atomicity is the guarantee that series of database operations in an atomic transaction will
either all occur or none will occur. If an error occurs during transaction execution, the transaction will
be rolled back to the state from before it was committed.
• Consistency: A consistent transaction will not violate integrity constraints placed on the data by the
database rules. That is, executing a transaction cannot destroy the integrity or consistency of database
data.
• Isolation: Isolation means that concurrent transactions are executed sequentially. It guarantees the
individuality of each transaction and prevents them from being affected by other transactions.
• Durability: Once a transaction is committed, it will remain in the system even in the event of a system
failure.

Differences Between Cloud and Other Database Solutions

• If customers want to build their own databases, they need to purchase hardware such as database
servers and switches. If the hardware is damaged or replaced, the cost of repairing or replacing it is
typically at least 30% of the project budget. The sunk cost of this project is considerable. Open-source
databases cannot be optimized. To ensure database reliability, customers have to prepare backup
resources, which means more money. Public network traffic and domain name transfer are not free
either.
• If customers want to deploy databases on ECSs, they need to purchase primary/standby ECS instances.
Physical devices are provided by the service provider. Customers do not need to pay for the equipment
room. They only need to hire DBA engineers to operate and maintain the database services. Elastic
resources are provided. But open-source databases cannot be optimized, and backup represents a
separate cost, along with traffic over a public network.
• Using cloud databases, customers only need to pay for the DB instances. The service provider provides
the physical devices and maintains databases at its own cost. Resources are elastic and there is no
charge for any public network traffic. Even the domain name generated for the DB instance is free,
and regular updates help keep your instances updated to the latest MySQL version.

06 Handout 1 *Property of STI

 [email protected] Page 1 of 5
 IT2314

HUAWEI CLOUD Database Services

GaussDB is an open-source database designed for small and medium enterprises to achieve the ultimate in
cost-effectiveness. GaussDB is a Huawei-developed database that meets the high reliability and performance
requirements of governments and enterprises.
• PostgreSQL is an object-relational database management system (ORDBMS) derived from the
POSTGRES package based on the 4.2 version written at the University of California, Berkeley. Many
leading POSTGRES concepts were not around until fairly late in the development of business
databases.
• NoSQL refers to non-relational databases. Traditional relational databases are unable to keep up with
the ultra-large-scale processing and massive concurrent SNS website requests involved with Internet
Web 2.0 websites. NoSQL databases are designed to address the challenges of handling the multiple
data types involved in large-scale data collections, especially where big data applications are
concerned. NoSQL databases come in a variety of types based on different data models. The main
types are key-value pair, wide column, document, and graph.
• Distributed Database Middleware (DDM) works with the RDS service to remove a single node's
dependency on hardware, facilitate capacity expansion to address data growth challenges, and ensure
fast response to query requests. DDM eliminates the bottlenecks in capacity and performance and
ensures that concurrent access is possible for a massive amount of data.
• Data Replication Service (DRS) is a stable, secure, and efficient cloud service for online database
migration and real-time database synchronization. DRS simplifies data transmission between
databases and reduces data transfer costs.
• Data Admin Service (DAS) enables you to manage DB instances on a web-based console, simplifying
database management and improving efficiency and security.

RDS for MySQL

MySQL is one of the world's most popular open-source relational databases. It works with the Linux, Apache,
and Perl/PHP/Python to establish a LAMP model for efficient web solutions. RDS for MySQL is reliable, secure,
scalable, inexpensive, and easy to manage.
• It supports various web applications and is cost-effective, preferred by small- and medium-sized
enterprises.
• A web-based console provides comprehensive visualized monitoring for easier operations.
• You can flexibly scale resources based on your service requirements and pay for only what you use.

RDS for PostgreSQL

PostgreSQL is an open-source object-relational database management system that focuses on extensibility
and standards compliance. It is known as the most advanced open-source database available. RDS for
PostgreSQL excels in processing complex online transaction processing (OLTP) transactions and supports
NoSQL (JSON, XML, or hstore) and geographic information system (GIS) data types. It has earned a reputation
for reliability and data integrity, and is widely used for websites, location-based applications, and complex
data object processing.
• RDS for PostgreSQL supports the postgis plugin and provides excellent spatial performance.
• RDS for PostgreSQL is a good cost-effective solution for many different scenarios. You can flexibly scale
resources based on your service requirements and pay for only what you use.

06 Handout 1 *Property of STI

 [email protected] Page 2 of 5
 IT2314

Document Database Service

Document Database Service (DDS), compatible with MongoDB, is a secure, high availability (HA) database
service that is reliable, scalable, and easy to use. It provides functions such as one-click deployment, elastic
capacity expansion, disaster recovery, backup, restoration, monitoring, and alarm reporting.

Deployment Modes
• Cluster: Cluster instances are recommended for service systems that require both high availability and
scalability.
• Replica set: Replica set instance suits small- and medium-sized service systems that require high
availability.
• Single node: Single node instances are useful for R&D, testing, and non-core data storage of
enterprises.

Security Services
Security services are developed to address different aspects of information security.

Host Security Service (HSS) helps you identify and manage the assets on your servers, eliminate risks, and
defend against intrusions and web page tampering. There are also advanced protection and security
operations functions available to help you easily detect and prevent threats.

Web Application Firewall (WAF) keeps web services stable and secure. It examines all HTTP and HTTPS
requests to detect and block the following attacks: Structured Query Language (SQL) injection, cross-site
scripting (XSS), web shells, command and code injections, file inclusion, sensitive file access, third-party
vulnerability exploits, Challenge Collapsar (CC) attacks, malicious crawlers, and cross-site request forgery
(CSRF).

06 Handout 1 *Property of STI

 [email protected] Page 3 of 5
 IT2314

Data Encryption Workshop (DEW) is a cloud data encryption service. It consists of the following services: Key
Management Service (KMS), Cloud Secret Management Service (CSMS), Key Pair Service (KPS), and Dedicated
Hardware Security Module (Dedicated HSM). It helps you secure your data and keys, simplifying key
management.
• Key Management Service (KMS) is a secure, reliable, and easy-to-use service for managing your keys
on the cloud. It helps you easily create, manage, and protect keys.
• Cloud Service Management Service (CSMS) is a secure, reliable, and easy-to-use secret hosting
service.
• Key Pair Service (KPS) is a secure, reliable, and easy-to-use cloud service designed to manage and
protect your SSH key pairs.
• Dedicated Hardware Security Module enables data encryption on the cloud, specifically, encrypting
and decrypting data, verifying signature, generating keys, and storing keys.

Identity and Access Management (IAM) provides permissions management to help you securely control
access to your cloud services and resources. IAM offers the following advantages:
• Fine-grained access control for Huawei Cloud resources: If you purchase multiple Huawei Cloud
resources, such as Elastic Cloud Servers (ECSs), Elastic Volume Services (EVSs), and Bare Metal Servers
(BMSs), for different teams or applications in your enterprise, you can use your account to create IAM
users for the team members or applications and grant them permissions required to complete specific
tasks. The IAM users use their own usernames and passwords to log in to Huawei Cloud and access
resources in your account.
• Cross-account resource access delegation: If you purchase multiple Huawei Cloud resources, you can
delegate another account to manage some of your resources for efficient O&M. For example, you can
create an agency for a professional O&M company to enable the company to manage specific
resources with the company's own account. If the delegation changes, you can modify or revoke the
delegated permissions at any time. In the following figure, account A is the delegating party, and
account B is the delegated party.
• Federated access to Huawei Cloud with existing enterprise accounts: If your enterprise has an
identity system, you can create an identity provider (IdP) in IAM to provide single sign-on (SSO) access
to Huawei Cloud for employees in your enterprise. The identity provider establishes a trust
relationship between your enterprise and Huawei Cloud, allowing the employees to access Huawei
Cloud using their existing accounts.

06 Handout 1 *Property of STI

 [email protected] Page 4 of 5
 IT2314

Content Delivery Network

Content Delivery Network (CDN) is a smart virtual network on the Internet infrastructure. CDN can cache
origin content on points of presence (PoPs) closer to users, so content can load faster. PoPs are also known as
CDN nodes or cache nodes, which users need the fewest intermediate steps to connect to. Compared with
other nodes, PoPs provide users with faster response and connection. CDN speeds up site response and
improves site availability. It breaks through the bottlenecks caused by low bandwidth, heavy access traffic,
and uneven distribution of PoPs.

How CDN Works

When a user accesses a website that uses CDN, the local DNS server redirects the request to CDN using a
CNAME record. Then, CDN calculates the PoP that responds the fast based on preset rules (including content
types, geological locations, and network loads), and sends the PoP IP address to the user. With CDN, the user
gets the requested content faster. The HTTP request process varies based on whether the CDN PoP has the
desired content.
The HTTP request processes are as follows:
1. A user enters the domain name of a website (for example, www.example.com) in the browser. The
browser sends a DNS request to the local DNS server.
2. The local DNS checks whether its cache includes the IP address of www.example.com. If yes, the local
DNS returns the cached information to the user. If no, the local DNS sends a resolution request to the
authoritative DNS.
3. The authoritative DNS resolves the domain name. The domain name points to
www.example.com.c.cdnhwc1.com (CNAME record of the domain name).
4. The local DNS redirects the request to the CDN service.
5. CDN performs intelligent domain resolution. It provides the user with the IP address of the CDN PoP
which responds the fastest.
6. The user's browser obtains the IP address of this CDN PoP.
7. The user's browser sends the access request to this CDN PoP.
o If this CDN PoP has cached the content, it sends the desired resource to the user and ends the
request.
o If this CDN PoP has not cached the content, it sends a request to the origin server to retrieve
the content. CDN caches the retrieved content on this CDN PoP based on custom cache
policies. Then, the PoP sends the desired content to the user and ends the request.

06 Handout 1 *Property of STI

 [email protected] Page 5 of 5