What is Alibaba Cloud Hybrid Cloud Management?
Alibaba Cloud Hybrid Cloud Management provided by ZStack Cube Ultimate integrates the simple, strong, scalable, and smart (4S) features of ZStack Cube Ultimate Private Cloud and the advanced, secure, and stable features of Alibaba Cloud Public Cloud. It is a hybrid cloud management solution that seamlessly integrates cloud services and terminals, interconnecting the control panel and data panel.
Concepts
- ZStack Cube Ultimate Alibaba Cloud Hybrid Cloud Management
provides the following cloud computing products of Alibaba Cloud:
- ECS Instance: An elastic compute service (ECS) instance is a VM instance created on Alibaba Cloud.
- Disk: A disk provides storage space for an ECS instance created on Alibaba Cloud.
- Image: An image is a template file that is used to create ECS instances. Images are categorized into custom images and Alibaba Cloud images.
- Security Group: A security group provides security control services for ECS instances on the L3 network. It filters the inbound or outbound packets of ECS instances based on security rules.
- VPC: A virtual private cloud (VPC) is a private network dedicated for ECS instances created on Alibaba Cloud.
- EIP: An elastic IP address (EIP) is an IP address in Alibaba Cloud public networks. You can attach EIPs to ECS instances so that the ECS instances can access public networks by using the EIPs.
- VPN: Establishes a site-to-site IPsec VPN channel to enable communications
between private networks in a local data center and Alibaba Cloud VPC. This
section includes:
- VPN Gateway: A virtual private network (VPN) gateway establishes a secure connection between a local data center and Alibaba Cloud VPC by using an encrypted channel.
- VPN Customer Gateway: A VPN customer gateway provides services for a local data center.
- VPN Connection: A VPN connection is an encrypted communication channel established between a VPN gateway and VPN customer gateway.
- Express Connect: Express Connect uses physical circuits (electric cables or
optical fibers leased from operators) to connect local data centers with
Alibaba Cloud access points and Alibaba Cloud VPC. This way, private
networks on Alibaba Cloud and in local data centers can communicate with
each other in a fast, stable, and secure manner. This section includes:
- Router Interface: A router interface is a virtual device that is used to establish communication channels and control their status.
- Virtual Border Router: A virtual border router (VBR) is virtualized from a physical switch port on the access point of Alibaba Cloud. It forwards the data on the physical circuit to Alibaba Cloud VPC.
- Alibaba Cloud NAS: Alibaba Cloud NAS is a network-attached file storage
service. It provides highly reliable and available distributed file systems
that can be accessed by using standard file access protocols. In addition,
Alibaba Cloud NAS is scalable in storage space and performance and can be
managed in a namespace while shared with multiple users. ZStack Cube Ultimate seamlessly integrates with Alibaba Cloud NAS.
You can add primary storage of the AliyunNAS type on ZStack Cube Ultimate
Private Cloud so as to use the distributed
storage independently deployed on Alibaba Cloud. This section includes:
- File System: A file system is a backend storage system used for Alibaba Cloud NAS primary storage. Before you add an AliyunNAS primary storage, you need to add an NAS file system.
- Permission Group: A permission group is an allowlist of IP addresses or IP ranges which can access file systems according to specified permission rules.
- Data Center: Data centers are resources corresponding to Alibaba Cloud
regions and zones. These resources include:
- Region: A region is a physical data center. A region in ZStack Cube Ultimate Hybrid Cloud corresponds to a region in Alibaba Cloud.
- Zone: A zone is a physical area in a region that is independent from other zones in the region in terms of electricity and network supplies.
- Setting: ZStack Cube Ultimate Hybrid Cloud provides the
following basic settings:
- AccessKey Management: An AccessKey pair is an identity credential that has access to APIs of Alibaba Cloud or Private Alibaba Cloud. It has full access to the Cloud. An AccessKey pair consists of AccessKey ID and AccessKey secret.
- Hybrid Cloud Settings: Hybrid cloud settings allow you to configure settings that take effect on the whole platform.
Physical Deployment
ZStack Cube Ultimate Hybrid Cloud uses an in-process micro-service architecture and does not introduce a new module. ZStack Cube Ultimate management nodes need to access the Internet so that they can call Alibaba Cloud Public Cloud APIs.
Architecture
ZStack Cube Ultimate Hybrid Cloud includes the following sections:
- Identity Authentication:Alibaba Cloud AccessKey: integrates Resource Access Management of Alibaba Cloud Public Cloud / Private Cloud. A user authorized with an Alibaba Cloud AccessKey pair can access remote resources on Alibaba Cloud.
图 2. Identity Authentication 
- Network Interconnection:
You can use IPsec tunnels or Alibaba Cloud Express Connect to connect local Private Cloud with Alibaba Cloud Public Cloud. This way, local-remote L3 networks can access each other. The Local-remote network interconnection is the foundation of ZStack Cube Ultimate Hybrid Cloud.
ZStack Cube Ultimate Hybrid Cloud allows you to use IPsec tunnels or Alibaba Cloud Express Connect to establish interconnected networks.图 3. IPsec Tunnel 
图 4. Alibaba Cloud Express Connect 
- Resource Management:You can authorize a RAM user to manage Alibaba Cloud Public Cloud resources, including ECS instances, VBR, VPC, and virtual switches.
Resource Management
- Business Implementation:
The identity authentication, network interconnection, and resource management mechanisms help establish a flexible and elastic business system architecture. After the hybrid cloud platform is established, you can deploy flexible and multi-dimensional business modes on it.
Characteristics
- Seamless integration:
ZStack Cube Ultimate Hybrid Cloud seamlessly integrates Alibaba Cloud Public Cloud. Combined with the benefits of ZStack Cube Ultimate Private Cloud, it provides users a platform to manage both public clouds and private clouds in a unified way.
- Seamless upgrading:
ZStack Cube Ultimate Hybrid Cloud allows seamless upgrading without affecting business continuity.
- Easy to use:
ZStack Cube Ultimate Hybrid Cloud seamlessly integrates cloud services and terminals in a unified cloud platform. You can easily manage local private clouds and access resources on the public cloud as needed.
Scenarios
- Data backup on the Cloud
Financial, medical and some other industries have a high requirement for the compliance of long-term data storage. However, backing up data in local data centers is relatively risky, cost-consuming, and hard for O&M. To deal with these problems, ZStack Cube Ultimate Hybrid Cloud helps you back up the data to the Cloud, providing you with a stable data storage service at a lower cost.
- Data storage on Cloud
Enterprises and institutions need to store large amounts of data. In these scenarios, you can use ZStack Cube Ultimate Hybrid Cloud to store data on Cloud. This solution lowers your investment and management costs and allows data access from multiple regions and zones.
- Data migration on Cloud
High data negotiability is important to some enterprises and institutions whose works are finished based on multi-regional cooperation. In these scenarios, you can use ZStack Cube Ultimate Hybrid Cloud to migrate data to Cloud, thus ensuring a stable data transmission and data integrity.