Database, Security, CDN, and EI Services

Foreword

 In addition to compute, storage, and networking services, enterprises need database

services, security services, Content Delivery Network (CDN), and EI services. These
services can be billed on a pay-per-use basis and are easy to maintain, helping
enterprises reduce investment and facilitate O&M.
 This chapter introduces database services, security services, CDN, and EI services.

3 Huawei Confidential
 Objectives

 Upon completion of this course, you will:

 Understand the basic concepts.
 Understand the service positioning, principles, and functions.

4 Huawei Confidential
 Contents

1. Database Services
 Database Basics
 Database Portfolio
 RDS for MySQL
 RDS for PostgreSQL
 Document Database Service (DDS)

2. Security Services
3. Content Delivery Network (CDN)
4. EI Services
5 Huawei Confidential
Databases and Instances

 A database is a collection of files that

Database contain data organized using a given Students
model.

Teachers

 An instance contains a set of background Student information

processes and memory structures. It is the library for the class of
Instance data management software that connects 2018
Parents
users and the operating system (OS).

6 Huawei Confidential
Database Types

A relational database organizes data using a

relational model. Data is stored in rows and
columns. A user retrieves data from a database
A non-relational database refers to a non-relational
through a query, which is a type of command that
data storage system not compliant with ACID
qualifies certain areas of the database. A relational
properties.
model can be simply understood as a two-
dimensional table model, and a relational
database is a way of organizing data consisting of
two-dimensional tables and their relationships.

Relational database Non-relational database

7 Huawei Confidential
 Contents

1. Database Services
 Database Basics
 Database Portfolio
 RDS for MySQL
 RDS for PostgreSQL
 Document Database Service (DDS)

2. Security Services
3. Content Delivery Network (CDN)
4. EI Services
8 Huawei Confidential
Differences Between Cloud and Other Database Solutions
On-premises
databases

</>
$ $
Server procurement, hardware and operating
Equipment room hosting fees High DBA costs
systems deployment

Databases built on
ECSs

</>
Rent
$
Purchase and installation of ECS rental fees High DBA costs
database software

Cloud
Databases

</>
$
No need to purchase or install any Just pay for the Focus on architecture design and
software or hardware databases performance optimization

9 Huawei Confidential
HUAWEI CLOUD Database Portfolio
 GaussDB is an open-source database designed for small and medium enterprises to achieve the ultimate in cost-
effectiveness. GaussDB is a Huawei-developed database that meets the high reliability and performance requirements
of governments and enterprises.

Relational database services Non-relational database services

GaussDB(for openGauss) RDS for GaussDB(for Mongo)

MySQL
OLTP DDS GaussDB(for Cassandra)
GaussDB(for MySQL) Community
Edition GaussDB(for Redis)
RDS for
OLAP GaussDB(DWS) PostgreSQL
GaussDB(for Influx)

Database tools
Distributed Database Data Replication Database and Application
Data Admin Service
Middleware Service Migration
(DAS)
(DDM) (DRS) UGO

Huawei-developed Open-source

10 Huawei Confidential
 Contents

1. Database Services
 Database Basics
 Database Portfolio
 RDS for MySQL
 RDS for PostgreSQL
 Document Database Service (DDS)

2. Security Services
3. Content Delivery Network (CDN)
4. EI Services
11 Huawei Confidential
What Is RDS for MySQL?
 MySQL is one of the world's most popular open-source relational databases. It works with the Linux,
Apache, and PHP (LAMP) stack to provide efficient web solutions. RDS for MySQL is reliable, scalable,
inexpensive, easy to manage, and immediately ready for use, freeing you to focus on developing your
services.

Immediately Reliable Secure

ready for use

Open
Scalable Easy to Inexpensive
source manage

12 Huawei Confidential
Advantages of RDS for MySQL

Performance Security
Security
Group

 Huawei enhanced MySQL kernel (HWSQL)  RDS for MySQL is certified by China's Ministry of Public
provides 3 times higher performance in high- Security, uses security groups and VPCs to control access to
concurrency scenarios. databases, and supports post-incident audit.

Efficiency

A fault occurs.
Purchase Reliability Primary instance Standby instance

Standby instance Primary instance

 A web-based management console provides an easy way  Enhanced semi-synchronous replication prevents data loss.
to create, scale, monitor, and operate DB instances. Automatic failover takes only a few seconds, ensuring a low
recovery time objective (RTO).

13 Huawei Confidential
Architecture of RDS for MySQL

DBA Delivery and O&M Developer User

personnel
Manage Deploy Develop Access

Applications

RDS console Read/ Read only

Instance management Backup Write
Instance access
Launch
Backup and restoration Failover
Instance monitoring Monitor Primary Standby Read replica
Elastic scaling instance instance
Log management Replication
Scale
Parameter configuration

Storage Storage Storage

14 Huawei Confidential
Application Scenarios of RDS for MySQL

Users of other cloud vendors

Fast-growing start-ups

Internet, e-commerce, and game enterprises

IoT enterprises

IoT
High performance

High throughput RDS

High availability

15 Huawei Confidential
RDS for MySQL Features - Cross-AZ HA

Cross-AZ HA

HA Functions
 Cross-AZ HA supports switchover in seconds.

Primary Standby  Up to 5 read replicas can be created for offloading read

traffic.

 Standby DB instances are invisible to users. Users can access

DB instances through virtual IP addresses.

 Read replicas cannot exist alone and must come with single

or primary/standby DB instances.
Replica 1 Replica 2 Replica 3 Replica 4 Replica 5

16 Huawei Confidential
RDS for MySQL Features - Read/Write Splitting

Application Functions
 A single read/write splitting address is provided, transparent to
Write Read applications.
request request  Read-only permissions can be configured for each node.
Unified address for read/write  Instance health check is performed. If a DB instance breaks down
splitting (proxy) or the latency exceeds what is supported, read requests are no
longer allocated to the instance.

Write
request
Read Read Read
Advantages
HA request request request  A single read/write splitting address is provided, and
read/write splitting does not require application
reconstruction.
Primary Standby Replica 4 Replica 4 Replica 4  The read weight assigned to a read replica is configurable.

17 Huawei Confidential
RDS for MySQL Feature - Point-In-Time Recovery (PITR)

Full data backup + Binlog backup Functions

Current time  Instance-level restoration in seconds is supported.
Automated Automated Automated Automated
backup backup backup backup
 Automated backups can be configured to be saved for up to 732
Binlog Binlog Binlog Binlog days (approximately 2 years).
(every 5 minutes)
 You can restore data to any point in time at least 5 minutes ago
1 2 3 4
and restore the data to a new DB instance or to the original DB
OBS
instance.
Point-in-Time Recovery (PITR)
Latest restorable time Advantages
Latest automated  The backup retention period is up to 732 days.
Latest Binlog
backup
1 2 3 backup  RDS provides free backup space approximately equal to your
OBS purchased storage space.

18 Huawei Confidential
 Contents

1. Database Services
 Database Basics
 Database Portfolio
 RDS for MySQL
 RDS for PostgreSQL
 Document Database Service (DDS)

2. Security Services
3. Content Delivery Network (CDN)
4. EI Services
19 Huawei Confidential
What Is RDS for PostgreSQL?
 RDS for PostgreSQL is a typical open-source relational database that excels in data reliability and
integrity. It supports Internet e-commerce, geographic location application systems, financial insurance
systems, complex data object processing, and other applications.

PostgreSQL

20 Huawei Confidential
Advantages of RDS for PostgreSQL

Efficient
Ease-of-use Reliability
management

 Services can be provisioned in  The primary and standby  A range of metrics are monitored
minutes, and multiple instances can fail over in the and can be viewed on the console.
specifications are available. event of a fault.

High
Scalability Easy migration
performance

 Resources are used on  Read replicas can be created  Data Replication Service (DRS)
demand and can be scaled for read/write splitting. provides online and offline
flexibly. migration and is compatible with
third-party databases.

21 Huawei Confidential
Architecture of RDS for PostgreSQL

DBA Delivery and O&M Developer User

personnel
Manage Deploy Develop Access

Applications

RDS console Read/ Read only

Write
Instance management Backup
Instance access Launch
Backup and restoration Failover
Instance monitoring Monitor Primary Standby Read replicas
Elastic scaling instance instance
Log management Scale Replication
Parameter configuration

Storage Storage Storage

22 Huawei Confidential
Applications of RDS for PostgreSQL

Mixed-mode Multiple data High Oracle

operations models reliability replacement

23 Huawei Confidential
RDS for PostgreSQL Features - High Availability
Benefits of the HA cluster architecture:
 You can choose a failover policy to prioritize reliability or availability.
 DB instances can be deployed in one AZ or across AZs and can
automatically fail over within a cluster.
AZ 1 AZ 2  You can manually switch a primary instance to standby to simulate a fault.
 A read replica can automatically associate itself with a new primary node.

App 1 App 2  A switchover can be completed in seconds.

Failover  The standby database does not handle traffic. It only ensures RTO.
 A Huawei-developed HA Monitor module is used.
Primary Standby  Virtual IP addresses can be switched completely invisibly to the
applications.
 Multiple primary/standby switchovers can be performed.
 Automatic fault detection is provided.

24 Huawei Confidential
RDS for PostgreSQL Features - Point-In-Time Recovery (PITR)

 Backup cycle: 7 to 732 days

App
 Pay-per-use: Free EVS storage space equal to the
requested storage and virtually limitlessly
expandable
Backup (full/incremental)  Reliability: Up to 11 nines of data reliability

OBS
 Security encryption: KMS encryption and
RDS
multiple protections
Data archived in OBS can be restored to any
Restore (any point in time)
point in time.

25 Huawei Confidential
 Contents

1. Database Services
 Database Basics
 Database Portfolio
 RDS for MySQL
 RDS for PostgreSQL
 Document Database Service (DDS)

2. Security Services
3. Content Delivery Network (CDN)
4. EI Services
26 Huawei Confidential
What Is DDS?
 Document Database Service (DDS) is a high-performance, highly availability MongoDB-compatible database service
that is scalable and secure. It provides one-click deployment, elastic capacity expansion, disaster recovery, backup,
restoration, monitoring, and alarm reporting.

27 Huawei Confidential
DDS Advantages

100% MongoDB Reliable, available, and

compatibility secure

 You can migrate on-premises MongoDB  You can create and save automated or manual
databases to the cloud without backups of your DB instance to ensure data
reconstructing your services. security.

Efficient O&M 3 types of architectures

 You can monitor DB instances from a  You can use clusters, replica sets, and single
convenient UI and expand storage in nodes as required.
just a few clicks.

28 Huawei Confidential
Basic Concepts
 A DDS cluster consists of three types of nodes: mongos, config, and shard, each of which has
different functions.

 Each mongos node routes read and write

mongos requests, providing a unified interface for
accessing DB instances.

 A config node is deployed as a replica set

config and stores instance configuration data.

shard  Shard nodes store user data.

29 Huawei Confidential
Overview Architecture
 DDS supports the following deployment modes:

 Cluster instances are recommended for service

Cluster systems that require both high availability and
scalability.

 Replica set instances are well suited to small- and

Replica set medium-sized service systems that require high
availability.

 A single-node architecture is useful for R&D,

Single node testing, and non-core data storage of enterprises.

30 Huawei Confidential
Applications - Gaming
 DDS offers fast, reliable access to
increasingly complex player
profiles, including details such as
character scores, items acquired
and other details. For MMO
games, the highly-available
architecture of DDS clusters and
replica sets can provide a smooth
gaming experience even during
peak hours.

31 Huawei Confidential
Applications - IoT
 IoT applications feature high-concurrency
writes, diverse data types, and sudden spikes in
data volumes. With high performance and
asynchronous data writes, DDS is able to
process data as fast as in-memory databases
when and where it is needed. In addition, the
quantities and specifications of mongos and
shard nodes in DDS cluster instances can be
dynamically increased to meet growing
demands, making DDS ideal for IoT
applications.

32 Huawei Confidential
Applications - Internet
 DDS replica sets use a three-node
architecture to deliver reliability and
enable disaster recovery. The three data
nodes form an anti-affinity group and are
deployed on different physical servers to
automatically synchronize data. The
primary and secondary nodes provide
services. Each node has an independent
private network address and works with
the driver to distribute read load.

33 Huawei Confidential
Differences Between Cloud and Other Database Solutions
 Benefits: Cloud database O&M is more efficient, freeing up your database team to focus on database architecture design.
[On-premises Databases] [Databases on an ECS] [Cloud Databases]
 Server procurement and hardware and  Database hardware procurement  No hardware or software investment
operating systems deployment and installation  Focused on database architecture design
 Costs of renting cloud servers
 High hosting fees  Focused on database application optimization
 OS and database O&M  Database O&M
Database architecture design Database architecture design Database architecture design Handled
Database tuning Database tuning Database tuning by users
Elastic scaling Elastic scaling Elastic scaling
High availability High availability High availability Handled by
DBAs with
Backup and restoration Backup and restoration Backup and restoration
cloud service
Version upgrades and patch Version upgrades and patch assistance
Version upgrades and patch installation
installation installation
Database software installation Database software installation Database software installation
OS version upgrade and patch OS version upgrade and patch
OS version upgrade and patch installation
installation installation
OS installation OS installation OS installation Managed by
Server deployment and maintenance Server deployment and maintenance Server deployment and maintenance cloud services

Rack stacking Rack stacking Rack stacking

Equipment room, power supply, air Equipment room, power supply, air
Equipment room, power supply, air
conditioning, and network conditioning, and network
conditioning, and network infrastructure
infrastructure infrastructure
Handled by users Handled by DBAs with cloud service assistance Managed by cloud services

34 Huawei Confidential
 Contents

1. Database Services
2. Security Services
 Customer Requirements on Cloud Security
 HSS
 WAF
 DEW
 IAM

3. Content Delivery Network (CDN)

4. EI Services
35 Huawei Confidential
Customer Requirements on Cloud Security
CSA Top Threats Key Security Requirements for Enterprise Cloudification

 Data Leakage  Advanced persistent threat

(APT) Continuous Controllable O&M Data
 Insufficient identity, services confidentiality
credential, and access  Data loss
 Configure
management  Defend against security  Prevent data
 Insufficient due diligence network policies. Detect breach. Data is
 Insecure ports and APIs
attackers and and eliminate accessible only
 Abuse and nefarious use of
 System vulnerabilities cloud services hackers. risks. Audit and to authorized
Comply with trace operations. staff.
 Account hijacking  Denial of service (DoS) laws and
regulations.
 Malicious insiders  Shared technology
vulnerabilities

36 Huawei Confidential
HUAWEI CLOUD Security Services
 Build a series of top-quality security services for ensuring data security.
Management
Data Security Compute security
security
Data Encryption Host Security Service Managed Detection
Workshop (DEW) (HSS) Response (MDR)

Database Security Container Guard SSL Certificate

Service (DBSS) Service (CGS) Manager (SCM)
Dat
a security Cloud Certificate
App Cyber security Manager (CCM)

Web Application Cloud Bastion Host

Anti-DDoS
Firewall (WAF) (CBH)

Vulnerability Scan Advanced Anti-DDoS Situation Awareness

Service (VSS) (AAD) (SA)

37 Huawei Confidential
 Contents

1. Database Services
2. Security Services
 Customer Requirements on Cloud Security
 HSS
 WAF
 DEW
 IAM

3. Content Delivery Network (CDN)

4. EI Services
38 Huawei Confidential
What Is HSS?
 Host Security Service (HSS) helps you identify and manage the assets(activos) on your servers, eliminate risks, and
defend against intrusions and web page tampering(manipulacion). There are also advanced protection and security
operations functions available to help you easily detect and handle threats.

39 Huawei Confidential
HSS Features

Centralized
Precision defense
management

 You can easily manage, scan, and protect your  HSS blocks attacks with pinpoint accuracy by
servers from a single console. using advanced detection technologies and
diverse libraries.

Comprehensive
Lightweight agent
protection

 The lightweight agent occupies only very limited  Prevention before, protection during, and
resources, having no impact on system scanning and inspection after any attack.
performance.

40 Huawei Confidential
How HSS Works
 Install the HSS agent on your servers, and you will be able to monitor the server security status
and identify risks in a region from the HSS console.

41 Huawei Confidential
HSS Applications

Intrusion Security
detection compliance

Proactive Centralized
security management

Account Risk
protection assessment

42 Huawei Confidential
 Contents

1. Database Services
2. Security Services
 Customer Requirements on Cloud Security
 HSS
 WAF
 DEW
 IAM

3. Content Delivery Network (CDN)

4. EI Services
43 Huawei Confidential
What Is WAF?
 Web Application Firewall (WAF) keeps your website safe and stable. It comprehensively
examines website service traffic to accurately identify malicious requests and block attacks,
ensuring best-of-class system security and stability for your applications and data.

HUAWEI CLOUD

Internet/VPN/DC

Dedicated WAF
instances (Optional) Internal Web applications
load balancer and websites

44 Huawei Confidential
WAF Features

Comprehensive Protection Industry-leading Technologies

 WAF uses an extensive built-in attack signature  WAF uses an industry-leading engine to
library to detect and block dozens of common accurately identify a wide range of threats,
online attacks. greatly improving the threat discovery rate.

Top-notch Reliability Flexible Configuration

 WAF ensures zero service interruptions with  WAF provides multiple built-in configuration
distributed deployment, 24/7 monitoring, and fields, enabling users to customize rules for
remote disaster recovery. focused protection.

45 Huawei Confidential
How WAF Works
 After a website is connected to WAF, all website access requests are forwarded to WAF first.
Then, WAF inspects the traffic, filters out malicious traffic, and routes only normal traffic to the
origin server, keeping the origin server secure, stable, and available.

46 Huawei Confidential
WAF Application Scenarios

Basic Data Leak Web Tamper

Protection Prevention prevention

Protection for Promotion

Defense Against Zero-day
Activities on e-
Vulnerabilities
Commerce Platforms

47 Huawei Confidential
 Contents

1. Database Services
2. Security Services
 Customer Requirements on Cloud Security
 HSS
 WAF
 DEW
 IAM

3. Content Delivery Network (CDN)

4. EI Services
48 Huawei Confidential
What Is DEW?
 Data Encryption Workshop (DEW) is a cloud data encryption service. It provides Key
Management Service (KMS), Key Pair Service (KPS), and Dedicated Hardware Security
Module (Dedicated HSM).

Cloud platform

Encryption
Virtual HSM
chip

Tenant API API

CLI/Manager

ECS ECS

49 Huawei Confidential
DEW Services

KMS  A secure, reliable, and easy-to-use key hosting service

KPS  A secure, reliable, and easy-to-use SSH key pair hosting service

A cloud service used for encryption, decryption, signature,

Dedicated


signature verification, key generation, and the secure storage of

HSM keys

50 Huawei Confidential
KMS Application: Small Data Encryption and Decryption
 Scenario: You can use online tools on the KMS console or call KMS APIs to directly encrypt or decrypt small
amounts of data with a CMK, for instance, passwords, certificates, or phone numbers.

51 Huawei Confidential
KPS Applications

Windows ECS
login
Linux ECS login

</>

52 Huawei Confidential
Dedicated HSM Features

Reliability

Diverse Permission
applications management

Security Security
compliance management

On-cloud
Elastic scaling
protection

53 Huawei Confidential
Dedicated HSM Application Scenario
Sensitive data
encryption
Mobile payment Sensitive data
encryption
User access

Browser Dedicated HSM

Application instance Dedicated
APP server Internet
Frontend
APP
Web server
Sensitive data payment
system
Liquidation,
finance, and
HSM
instance
Encryption encryption payment systems
Encryption
Other ports Database resource pool POS payment
resource pool

Sensitive data
Electronic contract encryption
system
e-Invoice Electronic invoice Verification Payments
system
Electronic insurance Dedicated HSM
policy system instance
E-contract

Encryption resource pool

54 Huawei Confidential
 Contents

1. Database Services
2. Security Services
 Customer Requirements on Cloud Security
 HSS
 WAF
 DEW
 IAM

3. Content Delivery Network (CDN)

4. EI Services
55 Huawei Confidential
What Is IAM?
 Identity and Access Management (IAM) helps you manage your users and control their access to
HUAWEI CLOUD services and resources.

56 Huawei Confidential
Why Choose IAM?

Federated access with existing enterprise

accounts

Finer access control of HUAWEI CLOUD

resources

Delegated access to resources across

accounts

57 Huawei Confidential
Finer Access Control of HUAWEI CLOUD Resources

58 Huawei Confidential
Delegated Access to Resources Across Accounts

59 Huawei Confidential
Federated Access with Existing Enterprise Accounts

60 Huawei Confidential
 Contents

1. Database Services
2. Security Services
3. Content Delivery Network (CDN)
4. EI Services

61 Huawei Confidential
Pain Points

Website, download, and

VOD

Poor user experience Large bandwidth consumption and

Slow access high costs
Download or access failures Without CDN, everything must be fetched
Video freezing from origin servers, which wastes
bandwidth and costs money.

High concurrency Heavy O&M workload

Traffic bursts and concurrent Limited bandwidth
downloads when e-commerce A huge number of concurrent requests
promotions, popular games, or hit Inefficient O&M
TV series go online

62 Huawei Confidential
What Is CDN?
 Content Delivery Network (CDN) is an intelligent virtual network built on top of existing
Internet infrastructure. Origin content is cached on CDN nodes around the world so users can
quickly obtain desired content from nearby nodes.

63 Huawei Confidential
Node Distribution in the Chinese Mainland
 HUAWEI CLOUD CDN operates 2,000+ nodes in the
Chinese mainland. These nodes are connected to the
networks of top carriers in China such as China
Telecom, China Unicom, China Mobile, and China
Education and Research Network (CERNET), as well
as many small and medium-sized carriers. At least
100 Tbit/s of bandwidth is reserved for response to
traffic bursts, and bandwidth expansion is not limited.
CDN precisely schedules user requests to the most
appropriate edge nodes, providing efficient and
reliable acceleration.

Nodes in the Chinese mainland

64 Huawei Confidential
Node Distribution Outside the Chinese Mainland
 500+ nodes across over 70 countries and regions, international private lines, and Tbit/s-level
redundant bandwidth.

65 Huawei Confidential
Advantages of CDN

Intelligent
Global Presence Security Ease of Use Reliability
Scheduling

• Secure and reliable

content delivery
HUAWEI CLOUD CDN • Accurate and evolving You can manage your
services One-stop acceleration,
has over 2,000 nodes in the global IP geolocation domain names and logs,
• Advanced network including website,
Chinese mainland and over database customize configurations
security capabilities download, video, and
500 nodes outside the • Dynamic adjustment of (such as cache policies),
throughout the whole site acceleration,
Chinese mainland. The nodes to deliver cache to and analyze domain data
network, such as data meeting a wide range of
network bandwidth is users based on real-time on the easy-to-use CDN
transmission over requirements
higher than 100 Tbit/s. analysis console.
HTTPS and hotlink
protection

66 Huawei Confidential
How Does CDN Work?

67 Huawei Confidential
Application Scenarios - Website Acceleration
 Website Acceleration

 CDN is perfect for web portals, e-commerce platforms, news apps,

and user generated content (UGC)-focused apps. It provides excellent
acceleration for static content under an acceleration domain name. In
addition, it supports custom cache policies. You can set the maximum
cache age as needed.

 Advantages
 Quick configuration: Domain names can be configured in just six simple
steps.

 Secure acceleration: HTTPS and referer validation ensure high security.

 Flexible configuration: Content can be cached permanently or temporarily, or

not cached.

 CDN can be used together with OBS, ECS, and DNS to build an E2E
solution.

68 Huawei Confidential
Application Scenarios - Download Acceleration
 Download Acceleration

 CDN is useful for download clients, game clients, app stores,

websites that provide download services based on HTTP or HTTPS,
and apps that require updates in real time, such as mobile games.

 Advantages
 Real-time analysis: Log monitoring and statistical analysis are performed
in real time.

 Reliability: HTTPS acceleration and referer validation ensure high

security.

 Cost-effectiveness: CDN interworks with OBS to further enhance

performance and reduce costs.

 CDN can be used together with OBS and DNS to build an E2E
solution.

69 Huawei Confidential
Application Scenarios - VOD Acceleration
 VOD Acceleration

 CDN is a must if you intend to provide on-demand audiovisual

services or live streaming services over the HTTP Live Streaming
(HLS) protocol. Such services include online education, video
sharing, and music or video on demand.

 Advantages
 Real-time monitoring: Data such as traffic and bandwidth generated is
displayed in CDN in real time.

 Security: Referer validation protects copyrighted images from being used.

 Flexible configuration: Content can be cached permanently or temporarily,

or not cached.

 CDN can be used together with OBS and DNS to build an E2E
solution.

70 Huawei Confidential
Application Scenarios - Whole Site Acceleration
 Whole Site Acceleration

 CDN is a good option for websites that consist of both dynamic and
static content, and for websites that involve a large number of ASP,
JSP, or PHP requests.

 Advantages
 Separation of dynamic and static content: Dynamic and static content is
accelerated separately.

 Secure acceleration: HTTPS and referer validation ensure high security.

 Sequential retrieval: If the number of content retrieval requests to an origin

server increases sharply, you can set a threshold. Once the threshold is
exceeded, the retrieval requests are queued for response based on the time
the requests are sent.

 CDN can be used together with OBS, ECS, and DNS to build an
E2E solution.

71 Huawei Confidential
Contents

1. Database Services
2. Security Services
3. Content Delivery Network (CDN)
4. EI Services
Huawei EI Service Panorama - Artificial Intelligence
 HUAWEI CLOUD provides comprehensive AI and big data cloud services to facilitate the intelligent
upgrades of governments and enterprises and build ubiquitous and pervasive AI.

ModelArts Image Recognition Optical Character Recognition Conversational Bot Service

(OCR) (CBS)

Natural Language Processing Content Moderation Video Content Recognition Image Search
Customization (NLPC) (VCR) (IS)

Speech Interaction Service Facial Recognition Human Analysis Service Video Content Processing
(SIS) (HAS) (VCP)

73 Huawei Confidential
HUAWEI CLOUD EI Service Panorama - Big Data
 HUAWEI CLOUD provides comprehensive AI and big data cloud services to facilitate the intelligent
upgrades of governments and enterprises and build ubiquitous and pervasive AI.

MapReduce Service CloudTable Service Data Lake Visualization

Data Lake Insight
(MRS) (CloudTable) (DLV)
(DLI)

Data Warehouse Service Cloud Stream Service Trusted Intelligent Computing Data Lake Governance Center
(DWS) (CS) Service (DGC)
(TICS)

Recommender System Cloud Search Service Log Analysis Service Data Ingestion Service
(RES) (CSS) (LOG) (DIS)

74 Huawei Confidential
One-Stop AI Development Platform ModelArts
 ModelArts is a one-stop AI development platform. For machine learning and deep learning, it supports
data preprocessing, semi-automated data labeling, distributed training, automated model building, and on-
demand deployment of device-edge-cloud models. ModelArts helps AI developers build and deploy
models quickly and manage the lifecycle of AI workflows.

ModelArts 3.0 ModelArts Pro Knowledge Compute

Intelligent sensing, cognition, and World's first enterprise-grade AI New path integrating industry
decision-making application development suite expertise with AI

75 Huawei Confidential
Functions of ModelArts

76 Huawei Confidential
FusionInsight Intelligent Data Lake - Milestones

FusionInsight 8.0.0
MRS cloud-native data lake
Research on DWS cloud data warehouse
Hadoop
started FusionInsight 8.1.0
MRS cloud-native
FusionInsight
FusionInsight FusionInsight FusionInsight data lake
First cloud-based
DWS cloud data
V1.0 V2.3 version V6.5
warehouse

2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021

Internal use

CarbonData contributed to Open-source

Joint innovation in openLooKeng
financial projects the Apache community

10+ years of technological accumulation, worldwide R&D teams, and continuous version iteration enable service
evolution for 3,000+ customers.

77 Huawei Confidential
FusionInsight Intelligent Data Lake
BI reporting Self-service analysis Data mining Real-time retrieval Operation forecast

Data access | Data governance | Offline analysis | Real-time analysis | Data warehouse/mart
Interactive query | Real-time retrieval | Multimode analysis | AI inference | Graph computing

Real-time data
Data Lake Governance Center (DGC)
import to the Data integration, development,
Data sources Data catalog Data governance Data services
lake and scheduling
Transaction system DWS MRS cloud-native data lake GES
cloud data
Spark Flink ClickHouse HetuEngine graph engine
Web/Mobile warehouse

Third party DLC unified metadata and security

Social media Computing

Incremental (BMSs, physical machines, VMs, and containers)
IoT update
Storage
(OBS/HDFS)
More
HUAWEI CLOUD

78 Huawei Confidential
MRS: Three Cloud - Native Data Lakes, One Architecture
Traditional MRS cloud-native • Lakehouse reduces data migration
big data data lake workload by 80%.
Logical
data lake • Cross-source cross-domain
collaboration improves the
Hours efficiency by 50x.
Seconds
Manual • Unified interfaces simplify data
Cross-lake/
migration usage.
Government Finance Carrier Enterprise -warehouse/
-cloud
• ACID is supported, and data
Real-time timeliness is improved from T+1 to
T+1
Full update Hive + Spark HetuEngine
Flink +
IoTDB More
T+0 data lake T+0.
ClickHouse Incremental • Self-service BI enables real-time
update OLAP in milliseconds.
• Batch-stream integration enables
data utilization in seconds.
DLC unified metadata | unified security
3 copies 1.2 copies
Storage- Open formats: TXT | ORC | Parquet | Hudi
Storage-
compute • In-memory computing improves
coupling OBS unified storage compute Offline data analysis performance by 50%+.
decoupling
lake • Multi-engine computing, such as
interactive, BI, and AI analysis, is
Hours Zero supported.
Upgrade Interruption • Storage-compute decoupling enables
interrupted Rolling elastic resource expansion.
upgrade

81 Huawei Confidential
GaussDB (DWS): Next-Generation Cloud Data Warehouse
• GaussDB(DWS) is a distributed database for data analysis and hybrid transaction/analytical processing. It supports both x86 and Kunpeng
architectures and row and column storage, with the capabilities of PB-level data analysis, multi-mode analysis, and real-time processing.
GaussDB(DWS) spans across the core systems of industries such as finance, government, and telecom.

• One set of kernel and one set of architecture ensure consistent user
Cloud-native data
Unified kernel experience for public and hybrid clouds.
warehouse
and • ECS, BMS, and physical machine (HUAWEI CLOUD Stack)
Service applications architecture modes are supported.
• Industry first: a single cluster with 2,048 nodes, certified by a
Key Government IoT
and enterprise Internet (industrial third-party authority
industries Largest • Industry first: a single cluster with 482 4-socket all-flash servers,
(finance) application) financial data with a storage capacity of 20 PB
warehouses • 280+ patents worldwide
Real-time Self- Graph engine worldwide • Crowned the best product in the data warehouse category of
Batch Data Online
data service GES the Big Data World in 2020
data mart query
Major warehousing warehousing analysis AI engine
scenarios ModelArts
High performance High scalability
Big data
Industry-leading TPC-DS 2,048 nodes
MRS
performance > 100 PB
Key
competencies High availability Enterprise-level features:
High-performance cloud storage
Strong consistency Logical cluster, collaborative
In a cluster, RPO = 0, RTO < computing (+HD), convergent
Peer products: Teradata, Oracle, AWS Redshift, and Alibaba Cloud 30s analysis (+AI), and real-time
AnalyticDB Online scale-out analysis (+IoT)

82 Huawei Confidential
GES: Integrated Graph Analysis and Querying
1 One-stop graph database and engine
• Integrated graph database and graph analysis engine
• Comprehensive graph analysis and query capabilities provided through
user-friendly GUI
Government: Finance: Industrial: Manufacturing: Internet: • China's first commercial native graph product with proprietary
public opinion anti-money device network material precision intellectual property rights
survey laundering management management recommendation 2 Integrated analysis and query
• A set of data is used for two purposes: query and analysis.
• Mainstream graph query languages, Cypher and Gremlin, are
supported, and native REST APIs and open-source APIs are available.
Algorithm • Over 30 high-performance algorithms are used for analysis and
development High-performance Web portal compute in multiple scenarios. More than 10 graph neural networks
Release cloud graph engine and graph embedding algorithms are provided.
Result
Abundant graph analysis Visualizer
Business algorithm libraries display
modeling High-performance graph 3 Large scale and high performance
Service app
computing kernel • Graphs with over 10 billion vertices and 100 billion edges
embedding
Distributed powerful graph • The query and algorithm performance is better than that of
Submit storage engine competitors in the industry. The 6-hop query response is within
Mobile
Business seconds. Many algorithms are excellent in large graph compute.
client
user
4 No-code visual analysis makes the GES easy to use
• Editing and entity drill-down are made simple with the intuitive GUI.
• Wizard-based algorithm operations can be performed on the GUI,
and the operation results and analytics are represented in an intuitive
manner.

5 Huawei-developed kernel that has won international awards for

multiple times

83 Huawei Confidential
DGC: One-Stop Data Development and Integration Management for
3x Higher Efficiency in Data Assetization
Data Lake Governance Center (DGC)
Data Sources Data Lake Mall

Data Design Data Development Data Quality Data Assets Data Security Industry data applications
Data architecture and Development, Control Data lineage and Permissions, privacy,
models orchestration, and Rules, checks, and global view and audit Data tag libraries
Stream data scheduling reports
Data model libraries

Metric applications

Data reports
Business
data Data Data
Integration FusionInsight Intelligent Data Lake Openness
Real-time API
access development
Offline API publishing ISV data
Big data application suites
migration API operations
Third-party MRS DWS GES CSS
tools

84 Huawei Confidential
 Quiz

1. CDN is a free cloud service.

True

False

2. Which of the following are the application scenarios for HUAWEI CLOUD CDN?
A. Website acceleration

B. File download acceleration

C. VOD acceleration

D. ECS running acceleration

85 Huawei Confidential
 Summary

This course introduces database services, security services, CDN, and EI services of HUAWEI
CLOUD, including:
 Relational and non-relational database types, and the application scenarios and key features of
different databases.
 Basic concepts and importance of security services.
 Functions and working rules of the CDN and Enterprise Intelligence (EI) services.

After completing this course, you will have a comprehensive understanding of HUAWEI
CLOUD and can better help enterprises accelerate cloud migration and business innovation.

86 Huawei Confidential
 Recommendations

 Huawei Learning Website

 https://e.huawei.com/en/talent/#/
 HUAWEI CLOUD Technical Support
 https://support.huaweicloud.com/intl/en-us/help-novice.html
 HUAWEI CLOUD Academy
 https://edu.huaweicloud.com/intl/en-us/

87 Huawei Confidential
 Acronyms and Abbreviations
 AZ: availability zone
 APP: application
 API: application programming interface
 APT: advanced persistent threat
 CDN: content delivery network
 CPU: central processing unit
 CSA: cloud security alliance
 DDoS attack: distributed denial-of-service attack
 DDS: document database service
 DDM: distributed database middleware

88 Huawei Confidential
 Acronyms and Abbreviations
 DAS: data admin service
 DWS: data warehouse service
 DEW: data encryption workshop
 EI: enterprise intelligence
 ELB: elastic load balance
 HA: highly available
 HSS: host security service
 IT: Internet technology
 IAM: identity and access management
 KMS: key management system

89 Huawei Confidential
 Acronyms and Abbreviations
 LAMP: Linux+Apache+PHP+MySQL (a set of open-source software usually used to build dynamic
websites)
 OLAP: online analytical processing
 OLTP: online transaction processing
 OBS: object storage service
 PITR: point-in-time recovery
 RTO: recovery time object
 UGC: user generated content
 VIP: virtual IP address
 WAF: web application firewall

90 Huawei Confidential
Thank you. Bring digital to every person, home, and
organization for a fully connected, intelligent
world.

Copyright©2021 Huawei Technologies Co., Ltd.

All Rights Reserved.

The information in this document may contain predictive

statements including, without limitation, statements regarding
the future financial and operating results, future product
portfolio, new technology, etc. There are a number of factors that could
cause actual results and developments to differ materially from those
expressed or implied in the predictive statements. Therefore, such
information is provided for reference purpose only and constitutes
neither an offer nor an acceptance. Huawei may change the information
at any time without notice.