Hi everyone, welcome to the first chapter in our Tencent Cloud SysOps Associate course, Tencent Cloud operations and maintenance overview. At the end of this chapter, you'll be able to understand the basic functions and concepts of Tencent Cloud products, how to login to the Tencent Cloud management console, and how to perform basic operations on the Tencent Cloud console. In this chapter, we'll cover two sections : Tencent Cloud products overview, and introduction to the Tencent Cloud console. This video will cover the first section, Tencent Cloud products overview. The next video will cover the second section. Let's get started with section 1, Tencent Cloud products overview. In this video we'll cover a list of Tencent Cloud services and provide an overview of Tencent Cloud products. Tencent Cloud offers almost 300 products and services in China and offers over 100 products and services internationally. The diagram lists the main Tencent Cloud services that are provided to our customers including Cloud APIs for video, communication, big data, AI, voice and face recognition, as well as monitoring. The basic services that Tencent Cloud provides are network security, marketing risk control, host security, and application security. Tencent Cloud's security infrastructure is built around scalability. We ensure all our existing and future products and services meet our rigorous security standards. Tencent Cloud infrastructure as a service offers computing, storage, CDN, object storage, private network, Direct Connect for hybrid Cloud, peer-to-peer network, as well as relational, and non-relational databases Let's look at an overview of Tencent Cloud products, and more specifically, the Tencent Cloud computing model. CVM or Cloud Virtual Machine is a scalable Cloud computing service that features flexible configuration, high stability and reliability, as well as security protection. GPU Cloud computing is a fast reliable and powerful computing service based on GPU and can be applied to deep learning, image processing, and scientific computing. In addition, Tencent Cloud offers FPGA support or field-programmable gate array, which is a customizable and dedicated hardware chip that can process multi-point interconnection data. Finally, Tencent Cloud also offers CDH or CVM-dedicated host, which is a physically isolated Cloud computing service with exclusive resources. Now, let's go over the Tencent Cloud network. CLB or Tencent Cloud's Load Balancer is a service that distributes traffic to multiple CVM instances to elevate service capabilities of an application system and eliminate single points of failure for higher availability. Tencent's Virtual Private Cloud, which is a software defined network for isolating Cloud network space, can provide better Cloud resource security and meet various customer requirements. Furthermore, Tencent Cloud offers Direct Connect and VPN, which are suitable for hybrid Cloud solutions. Direct Connect establishes a dedicated connection between Tencent Cloud and enterprise data centers, complying with security standards while providing consistent and reliable performance. VPN establishes connections over the public network while encrypting the data to provide secure tunnels between Tencent Cloud and IDCs. An elastic network interface is used to bind CVM within a VPC network and enables free migration among CVMs. NAT gateway is a high bandwidth and availability network Cloud service that supports IP address translation, enabling secure access without exposing private network information. A peering connection is a Cloud resources interconnection service that connects VPCs together and enables communication between resources on Tencent Cloud. Peering connections can be used across multiple regions or multiple accounts. Tencent Cloud's CLB is a secure and fast traffic distribution service. Inbound traffic can be automatically distributed to multiple CVM instances in the Cloud via CLB improving service capabilities systematically and eliminating single points of failure. CLB offers multiple protocol forwarding, which supports requests from layer 4 protocols such as TCP and UDP protocols, and layer 7 protocols such as HTTP and HTTPS protocols. CLB uses three types of traffic distribution algorithms. Weighted least-connection scheduling uses a weight based on the server's processing capability and the number of current connections to dynamically assign traffic to the CVM according to least connections. The source hashing scheduling algorithm uses the source IP address of the request as the hash key and consistently connects to the same host. Additionally, there is also disaster recovery across different availability zones with CLB cross-region support, as well as multi-availability deployment in the same region Let's look at a high level overview of Tencent Cloud's virtual private Cloud and the different services involved in the business workflow processes. Starting with the users IDC, Direct Connect or VPN gateway is deployed depending on the use case. To connect to the Internet, NAT gateway and public gateways, elastic IPs, as well as public and private CLBs can be used. From the diagram, we can also see a peering connection between zone A and zone B. A peering connection is a private link created between different VPCs to support cross-account and cross-region multi-point interconnection between the VPCs. CCN or Cloud Connect Network may also be used to achieve cross-region communication. Tencent Cloud's NAT gateway supports SNAT, high-performance forwarding, automatic disaster recovery, as well as monitoring and alerts. Hosts that need to access the Internet will have their address translated and routed through the NAT gateway. NAT gateways make it easy for customers to easily configure their environment for accessing the private subnets and to enable automatic service and security updates. Tencent Cloud's VPN connection is a network-based technology that uses a VPN gateway and tunnel to enable data transfer between EDCs and Tencent Cloud resources. VPN connection allows for easy configuration along with secure and reliable communication via encrypted tunnels, it also ensures stable connections and high availability. In addition to providing rapid deployment of elastic services, Tencent Cloud provides support for monitoring VPN connections and setting up alerts for VPN traffic, as well as alerts for any other issues. VPN connection creates solutions for complex scenarios, such as cross-regional disaster recovery and hybrid Cloud deployment. Now, let's move on to an overview of Tencent Cloud's storage products. Tencent Cloud's Cloud storage products include Cloud Block Storage, Cloud Archive Storage, Cloud File Storage, and Cloud Object Storage. Cloud Block Storage or CBS offers elastic efficient and reliable data storage and backup services and is typically interconnected to the CVM or container instances. Cloud Archive Storage or CAS is a functionality of our object storage service, COS. You can think of CAS as our long-term tape drives for archived data that should rarely need to be accessed. Cloud File Storage or CFS is the traditional network-attached storage that runs on the NFS protocol. Cloud Object Storage or COS is very similar to AWS's Amazon S3 and fully supports the S3 protocol API commands. Cloud Storage Gateway allows customers to configure a virtual software appliance that can run on a virtual environment creating a gateway into COS. Some of the storage tools and services offered by Tencent Cloud include Cloud Data Migration or CDM and Cloud Log Services or CLS. CDM offers customers hardware appliances that can be used to physically transfer large amounts of data to Tencent Cloud's COS. CLS is a comprehensive solution that offers real-time log collection, storage, search, analysis, consumption, and shipping. CFS or Cloud File Storage is a storage product offered by Tencent Cloud that supports enterprise file-sharing, as well as high-performance computing and big data analysis. It is a secure and scalable file sharing and storage solution used for media streaming processing, content management and web services, and dedicated software environments. CFS provides numerous computing nodes with scalable capacity and performance while offering comprehensive file storage security and management features. Tencent Cloud's COS mainly stores unstructured data such as videos, audio, pictures, and files as objects rather than as blocks. It is suitable for application data storage , data processing, content distribution, big data analysis, as well as disaster recovery and backup. COS has high performance and sharing capabilities and can connect with HTTP endpoints and other interfaces. It is distributed on a very large scale and is suitable for big data scenarios. In contrast, block storage mainly focuses on high I/O performance such as operating systems or relational databases. It is also usually not shared and is mounted to the host directly. Meanwhile, file storage is focused on file sharing and the data is shared through NFS or CIFS. File storage is also limited in its performance, it has to be accessed through a mounted file system. Cloud Storage Gateway, CSG, can be downloaded by the customer and installed on their virtual environment and can be used to access the public Cloud storage without changing the current IT architecture. The different access levels are iSCSI, NFS, and VTL. CSG has three configuration modes; volume gateway, file gateway, and tape gateway. These gateways connect to various object storage tiers with iSCSI mapping to standard storage, NFS mapping to low frequency storage, and VTL mapping to archival storage. Let's move on to an overview of Tencent Cloud's database products. Tencent Cloud's database products are classified into centralized databases, distributed databases, and transmission services. The centralized databases are implemented through the TencentDB product series, which are based on traditional database engines such as MySQL or MariaDB, and support in-memory caching services like Redis. Distributed databases include TDSQL, MongoDB, CynosDB, CTSDB, and TData. TDSQL is compatible with relational database engines and offers additional support for horizontal scaling. Transmission services such as DTS allow customers to perform migrations, synchronizations or replications of data. It is also possible to use this service along with a peering connection for data synchronization across regions. The TencentDB product series includes relational databases such as TencentDB for MySQL, TencentDB for SQL server, TencentDB for MariaDB, and TencentDB for PostgreSQL. TencentDB features include backup, scaling, data migration, high performance, and data availability, and supports read replicas and Multi-AZ deployments. TencentDB for Redis is compatible with the Redis protocol and uses primary, secondary, and hot standby for automatic disaster recovery. Like all TencentDB databases, TencentDB for Redis implements backup mechanisms and supports smooth expansion. Now, let's go over Tencent Cloud security product. Tencent Cloud has a very robust security portfolio with various protocols for network security, marketing risk management, application security, and host security. For network security, Tencent Cloud provides anti-DDoS protection, intelligent sample analysis, an antivirus engine, an advanced threat trace system, an intelligent Cloud threat search service, and an advanced threat detection system. Marketing risk management includes registration and login protection, as well as verification code and anti-scalping. For application security, Tencent Cloud provides a popular product called web application firewall. Additionally, Tencent Cloud offers mobile application security, mobile game safety, application-level intelligent gateways, and a network asset risk monitoring system. For host security, Tencent Cloud provides Cloud workload protection along with Trojan security, password cracking alerts, vulnerability management, and asset management. Let's look at an overview of Tencent Cloud's anti-DDoS protection products. This is one of Tencent's best protection services due to Tencent's large presence in the social networking and video streaming industries, as well as the fact that Tencent is the largest video game publisher in the world. Having experienced frequent DDoS attacks internationally, Tencent Cloud is very familiar with the cybercrime industry's chain of DDoS attacks and can handle these attacks in a very professional way. The DDoS attacker first looks for available vulnerabilities, performs a scan and creates a controller, then executes a network attack. The attacker essentially utilizes servers to search for targets and carry out attacks. Finally, depending on whether the blackmail attempt was successful or not, the attacker would either stop or continue the attack. Tencent Cloud protects CVMs by processing login logs, malicious files, operation records, application components, and asset information. Tencent's host security leverages machine learning, features safe operations, threat intelligence, and Cloud threat scanning and is easily configurable through the console. Now, let's go over Tencent's web application firewall which provides a one-stop application protection platform for enterprises. WAF allows customers to build an intelligent firewall with web intrusion defense that protects against zero-day vulnerabilities and features automatic updates. WAF has an AI-based protection mechanism that controls and prevents malicious access such as page modification and Cloud caching. Anti-scalping technology evaluates whether the user's behavior is that of a natural person. It is an intelligent method that analyzes the user's network, regional, and business attributes using machine learning to determine whether the user's behavior is real or fake.
