Auto Scaling, as a resource management service, automatically monitors and manages resources, such as Elastic Compute Service (ECS) instances. Auto Scaling infrastructure security primarily encompasses physical host security and resource capacity security. To guarantee host security, Auto Scaling provides basic security services including network security, data security, and vulnerability scanning. To guarantee resource capacity security, Auto Scaling provides multi-zone disaster recovery and elastic self-healing capabilities across Alibaba Cloud zones to ensure increased system availability and fault tolerance.
Physical host security
Alibaba Cloud data centers are constructed in compliance with the Class A standards of GB50174 Code for Design of Electronic Information System Room and the Tier 3+ standards of TIA-942 Telecommunications Infrastructure Standard for Data Centers.
Disaster recovery of data centers: Alibaba Cloud data centers are installed with heat sensors, smoke sensors, and precise air-conditioning systems in hot-standby mode to maintain consistent temperature and humidity. Additionally, the data centers are powered by public power utilities with backup power systems for added reliability.
Personnel management: At Alibaba Cloud data centers, access to machine rooms, measurement areas, and storage rooms is secured through dual-factor authentication, such as fingerprint and identity verification. Additionally, physical isolation using iron cages in specific areas and strict account management, identity authentication, authorization management, separation of duties, and access control measures are enforced to ensure security.
O&M and audit: Alibaba Cloud data centers are equipped with security monitoring systems in various areas, and access to production systems is restricted to the use of bastion hosts for O&M purposes. Furthermore, all operation records are logged and stored in a centralized log platform.
Storage asset management: Alibaba Cloud offers fine-grained, component-level management of storage assets, providing unique hardware identification information to facilitate the retrieval of storage media or small devices within which the media is located. Furthermore, any storage media that are not securely sanitized or physically destroyed in accordance with specific requirements are prohibited from leaving data centers or security controlled areas.
Data destruction: Alibaba Cloud has established a mechanism that adheres to the standards outlined in NIST Special Publication 800-88, Guidelines for Media Sanitization, in order to securely erase data from storage media. This mechanism enables Alibaba Cloud to promptly delete data assets and completely destroy data by sanitizing the media multiple times when terminating services for customers.
Network isolation: Alibaba Cloud isolates production networks from non-production networks and uses network access control lists (ACLs) to block access from cloud service networks to physical networks. At the edges of production networks, bastion hosts are deployed, and O&M personnel from office networks can access the production networks only after completing a multi-factor authentication process by using domain accounts and dynamic passwords on the bastion hosts.
Cross-zone disaster recovery
A zone refers to a physical area that has its own independent network and power supply.
Zones within the same region can effectively communicate with each other by using an internal network and benefit from low-latency links. Fault isolation can be implemented between zones, ensuring that the normal operation of other zones is not affected even if one zone fails.
Each region is fully isolated, and the zones within each region are also isolated from each other.
Elastic recovery
Auto Scaling supports health checks, including custom checks, instance health checks, load balancer health checks, or a combination of these checks. This allows for the regular monitoring of ECS instances or elastic container instances.
When an ECS instance or elastic container instance is deemed unhealthy, Auto Scaling automatically replaces it by creating a new instance to maintain the desired number of healthy instances.