Implement secure access and high service availability by integrating Anti-DDoS, GA, and Global Traffic Manager (GTM) 3.0 - Alibaba Cloud DNS

Scenarios

Enterprises engaging in industries such as websites, games, videos, and live streaming can integrate their application services with Alibaba Cloud CDN to accelerate access to origin server content. These enterprises usually require high service availability. If a service has multiple origin servers, Global Traffic Manager (GTM) can be used to monitor the IP addresses of these origin servers. This helps isolate abnormal IP addresses at the earliest opportunity and ensures service continuity.

Architecture

The business scenarios of many enterprises require both domain name acceleration and high availability of origin servers. To meet such requirements, we recommend that you integrate Alibaba Cloud CDN with GTM.

Prerequisites

The domain name cloud-example.com is hosted by Alibaba Cloud DNS, and the business domain name is www.cloud-example.com.
Note
You can also use GTM even if your business domain name is not hosted by Alibaba Cloud DNS. You need to add a canonical name (CNAME) record to point the business domain name to the access domain name of your GTM instance at the Domain Name System (DNS) service provider.
A GTM instance is purchased, such as gtm-cn-vkl3pob**0a. If no instances are purchased, purchase an instance first.
Expected result: If all origin servers work as expected, Alibaba Cloud CDN sends requests to Origin Server 1. If Origin Server 1 encounters exceptions, Alibaba Cloud CDN sends requests to Origin Server 2. If both Origin Server 1 and Origin Server 2 encounter exceptions, Alibaba Cloud CDN sends requests to Origin Server 3. After Origin Server 1 is recovered, Alibaba Cloud CDN continues to send requests to Origin Server 1.

Procedure

Step 1: Configure the GTM instance

Log on to the Alibaba Cloud DNS console.
In the left-side navigation pane, click Global Traffic Manager. On the page that appears, click the Global Traffic Manager3.0 tab.
On the Domain Name Instance Configuration tab, click Create Access Domain Name.
In the Select Scenario dialog box that appears, click Custom Scenario.
On the Create Access Domain Name page, move the pointer over the icon of the access domain name, and click Basic Configuration to complete the basic configuration. In this example, the Access Domain Name parameter is set to gtm.cloud-example.com. For more information, see Configure an access domain name.
On the Access Domain Name page, move the pointer over the address pool icon, and click Basic Configuration to complete the address pool configuration. Then, move the pointer over the address pool icon and click Add Address to add addresses to the address pool. For more information, see Configure an address pool.
Note
In this example, ping-based health checks are configured for the addresses. For more information, see Health check templates.
On the Access Domain Name page, configure a policy for load balancing between addresses and a policy for load balancing between address pools. In this example, Order (Preemptible Mode) is specified as the load balancing policy for addresses and Poll is specified as the load balancing policy for address pools.
Important
The preceding example demonstrates the configuration procedure. If red or orange alert items appear in the actual configuration, check the address health status at the earliest opportunity.
Configure alert rules for the instance. For more information, see the Procedure section of the Configure alert settings topic.
On the Access Domain Name page, move the pointer over the icon of the access domain name, and then click Enable.
In the Confirm Access Domain Name Enabling message, confirm the access domain name and click OK.
Important
- If a domain name record with the same name and the same type exists in the Authoritative DNS Resolution module of Alibaba Cloud DNS, the system first intelligently schedules and resolves DNS requests for this domain name based on the policy configured in GTM to implement advanced features such as traffic load balancing and failovers.
- If you disable or delete this access domain name in GTM, requests for this domain name will be resolved by the Authoritative DNS Resolution module of Alibaba Cloud DNS.

Step 2: Add the domain name in the Alibaba Cloud CDN console

Log on to the Alibaba Cloud CDN console.
In the left-side navigation pane, click Domain Names. On the page that appears, click Add Domain Name. Configure the parameters in the Business Information and Origin Servers sections. In this example, the Domain Name to Accelerate parameter is set to www.cloud-example.com, Site Domain is selected for the Origin Info parameter, and the access domain name gtm.cloud-example.com of the GTM instance is entered in the Domain Name field. For more information, see Add a domain name.

Step 3: Connect the business domain name to CDN

In the Alibaba Cloud DNS console, add a CNAME record to point the business domain name www.cloud-example.com to the access domain name www.cloud-example.com.w.cdngslb.com of CDN. For more information, see Add a CNAME record for a domain name.
Note
After the CNAME record is added, on the Domain Names page in the Alibaba Cloud CDN console, Configured is displayed in the CNAME Status column of the domain name.

Important

We recommend that you do not use GTM if you connect your business domain name to Content Delivery Network (CDN) of different service providers and want to implement disaster recovery for the access domain names of CDN. To use GTM, you need to add the CNAME provided by a CDN service provider to an address pool configured in GTM. However, this setting cannot achieve the optimal results for the health check and failover features. In most cases, a CDN service provider has a large number of CDN nodes. The number of monitoring nodes in GTM is limited. As a result, GTM cannot obtain the accurate statuses of health checks and cannot implement failovers.