Hi everyone, welcome to the second chapter in our Tencent Cloud solutions architect associate course, designing Tencent Cloud basic infrastructure. At the end of this chapter, you'll be able to correctly choose Tencent Cloud regions and AZs, understand Tencent Clouds CVM selection principles, design network architecture on Tencent Cloud VPC, and plan and choose data storage products on Tencent Cloud. In this chapter will cover four sections, deployment area selection, service, configuration selection, network environment design, and data storage design. This video will cover the first section, deployment areas selection, subsequent videos will cover the remaining sections. Let's get started with section 1, deployment area selection. In this video will cover region selection, AZ selection, and multi-region deployment cases. Let's begin with region selection. In this subsection will cover what a region is, how a region should be selected, and when multiple regions should be selected. What is a region? A region is the geographic location of a physical data center. Tencent Cloud isolates different regions to ensure maximum stability and fault tolerance between different regions. We recommend you choose the region closest to the customer to reduce the latency and improve communication speeds. What are some features of regions? First, networks in different regions are isolated from each other. Cloud products in different regions by default cannot communicate with each other through the internet. Second, Cloud products in different regions can access the internet using public IP addresses. Cloud products in VPC can also communicate with each other through the Tencent Cloud high-speed interconnection network using the peer-to-peer connection provided by Tencent Cloud. Third, by default, CLB supports traffic forwarding within a region and can be bound to CVMs in the same region. If the cross-region binding function is enabled, CLB can be bound to CVMs across regions. Tencent Cloud can provide customers with its financial cloud services which is an open industry solution for enterprises and insurance, securities, funds, banks, consumer finance, and internet finance. Centered around the needs and characteristics of the financial industry, the solution meets the security compliance requirements of the industry and provides high concurrency processing, massive data storage, big data mining and analysis and high security and reliability capabilities accumulated over Tencent's years of experience in internet operations. The solution features high security, high reliability, and high scalability and can flexibly adapt to service growth, helping traditional financial customers make the transition to financial cloud services. Tencent Cloud provides a separate financial cloud service for the financial industry because the financial industry has more stringent data protection security design, and compliance requirements than other industries do. The features offered by Tencent Cloud's financial cloud services include higher-tier data centers and isolation, compliance, multiple cloud services, and improved security service, and a dedicated zone O and M service. Tencent Cloud resources are differentiated by region. Some resources are globally unique, some are available in all regions, and some can be used only in a single region. For example, user accounts are globally unique, which means that you cannot have multiple accounts with the same user ID in the cloud system. SSH keys are available in all regions, which means that after you create a key it can be used across all regions. However, other resources, such as CVM instances, custom images, elastic, IPs, security groups, CBS, snapshots, CLB,VPC, subnets, and routing tables can only be associated with one region. When selecting a region, you should try to select the region closest to the customer. Place products in the same region, and make sure that the products within the same region support intra-network communication. To connect two regions, you must establish a public network communication or a peer-to-peer connection. There will be many situations that require you to select multiple regions in your service design. For example, you should select multiple regions for scenarios that feature a long physical distance between multiple business logics such as global access to e-commerce, and a distributed file system for enterprises. Setting up disaster recovery for use cases such as multi-site solutions for the financial industry, and geo-redundant setup for the core applications of large enterprises also requires selecting multiple regions. The diagram on the right illustrates a typical disaster recovery architecture that features a primary region and a secondary region, and utilizes data transmission to synchronize the databases in different regions. Okay, now let's move on to AZ selection. In this subsection will cover what an AZ is and how to select multiple AZs. An availability zone or an AZ refers to the physical data center where Tencent Cloud has independent power and network capabilities in a given region. Multiple AZs in the same region are connected through low-latency intranet links. Tencent Cloud AZs are distributed globally, and new AZs are gradually being added. AZs are used for fault isolation. When starting an instance, you can select any AZ in the specified region. You can also migrate instances to another AZ. Tencent Cloud resources are not only differentiated by region, but also by availability zone. Different resources have different availability across different regions and AZs, for example, SSH keys can be used in all regions and AZs. In contrast, CVM instances, CBS, and subnets can only be associated with a single AZ in a single region, while custom images, elastic IPs, security groups, snapshots, CLBs, VPCs, and routing tables can be associated with multiple AZs in a single region. So in what situations should you select multiple AZs? You should select multiple AZs for scenarios that require high availability and disaster recovery, such as implementing intra-city disaster recovery for core application systems in the financial industry, and enabling high availability for the mail systems of medium and large-sized enterprises. The diagram on the right shows a typical high availability architecture. Now let's take a look at multi-region deployment cases. In this subsection will cover multi-region deployment strategies and multi-region deployment case analysis. You should keep in mind the following facts about region and AZ selection when deploying cloud resources in multiple regions. First, AZs in the same region connect via internal network communication. Second, by default, cloud products in different regions cannot communicate with each other through the internal network. Third, CLB can only be bound to CVMs within the same region. Fourth, regions can access each other through a public IP address or a VPC Peering Connection. Fifth, the resources of different cloud accounts are isolated from each other, and finally be careful not to select the wrong region and AZ when purchasing cloud products. To establish network communication between regions, you should use a public IP address. To establish network communication between VPCs, you should use a Peering Connection. Multi-region deployment is characterized by intra-city DR, high availability of application systems, data DR in multiple AZs, and remote DVR in multiple regions. In multi-region deployment, Tencent Cloud implements geo-redundant solutions. The diagram on the right illustrates a recovery setup where only the minimum services are running with connectivity provided via a VPC Peering Connection and constant backup and synchronization performed for data consistency.
