Virtual Private Cloud - VPC Test

A virtual private cloud (VPC) is a private network dedicated for your use. You have full control over your VPC. For example, you can specify the CIDR block and configure route tables and gateways. In a VPC, you can deploy Apsara Stack resources, such as Elastic Compute Service (ECS) instances, ApsaraDB RDS instances, and Server Load Balancer (SLB) instances.

Furthermore, you can connect your VPC to other VPCs or on-premises networks to create a custom network environment. This way, you can migrate applications to the cloud and extend data centers.

Using this test, administrators can quickly identify the VPCs that have been created, and can understand the status and configuration of each VPC - eg., how many route tables, gateways, vRouters, vSwitches etc., have been configured per VPC.

Target of the test : An Alibaba Cloud Account

Agent deploying the test : A remote agent

Outputs of the test : One set of results for VPC that is configured on the Alibaba cloud

Configurable parameters for the test
Parameters Description

Test period

How often should the test be executed

Host

The host for which the test is to be configured.

Alibaba Access Key and Alibaba Secret Key

This test makes REST API requests to the Alibaba cloud to pull the metrics. For this purpose, the test needs to be configured with an AccessKey pair. An AccessKey pair is typically used to call an operation of an Alibaba Cloud service. It is also used to initiate an API request or use a cloud service SDK to manager cloud resources. An AccessKey pair is characterized by an AccessKey ID and an AccessKey Secret. The AccessKey ID is used to identify a user/cloud account. The AccessKey Secret is used to verify a user/cloud account.

The first step to configuring the eG agent with an AccessKey pair is to create an AccessKey pair for the target cloud acount. To achieve this, follow the steps below:

  1. Log on to the RAM console by using an Alibaba Cloud account.
  2. In the left-side navigation pane, click Users under Identities.
  3. On the Users page, click the username of the RAM user for which you want to create an AccessKey pair in the User Logon Name/Display Name column.

  4. On the page that appears, click Create AccessKey in the User AccessKeys section.

    Note:

    You must enter a verification code if you create an AccessKey pair for the first time.

  5. Click Close.

    Note:

    • The AccessKey secret is displayed only when you create an AccessKey pair.

    • If the AccessKey pair is leaked or lost, you must create a new one. You can create a maximum of two AccessKey pairs.

  6. Make note of the AccessKey ID and AccessKey secret, once they are displayed.
  7. Then, configure the Alibaba Access Key parameter of the test with the AccessKey ID, and the Alibaba Secret Key parameter with the AccessKey Secret you made note of.

If you failed to make note of the AccessKey ID and AccessKey Secret at the time of creating the AccessKey pair, then you can obtain the same at a later point in time. Similarly, if an AccessKey pair pre-exists for the target cloud account, then you do not have to create another one. Instead, you can obtain the AccessKey ID and AccessKey Secret of the existing AccessKey pair and configure the eG agent with the same. For this, follow the steps below:

  1. Use an Alibaba Cloud account to log on to the Alibaba Cloud Management console.
  2. Move the pointer over the profile picture in the upper-right corner, and click AccessKey.
  3. In the Security Tips message that appears, click Continue to manage AccessKey. AccessKey ID and AccessKey Secret are displayed. 
  4. Make note of the displayed ID and secret.
  5. Then, configure the Alibaba Access Key parameter of the test with the AccessKey ID, and the Alibaba Secret Key parameter with the AccessKey Secret you made note of.

Detailed Diagnosis

To make diagnosis more efficient and accurate, the eG Enterprise embeds an optional detailed diagnostic capability. With this capability, the eG agents can be configured to run detailed, more elaborate tests as and when specific problems are detected. To enable the detailed diagnosis capability of this test for a particular server, choose the On option. To disable the capability, click on the Off option.

The option to selectively enable/disable the detailed diagnosis capability will be available only if the following conditions are fulfilled:

  • The eG manager license should allow the detailed diagnosis capability
  • Both the normal and abnormal frequencies configured for the detailed diagnosis measures should not be 0.
Measurements made by the test
Measurement Description Measurement Unit Interpretation

Status

Indicates the status of this VPC.

 

The values that this measure reports and their corresponding numeric values are listed below:

Measure Value Numeric Value
Available 1
Not Bound 2

Note:

This measure reports the Measure Values listed in the table above to indicate the current status of a VPC. In the graph of this measure however, the same is indicated using the numeric equivalents only.

Use the detailed diagnosis of this measure to know more about this VPC.

Route tables

Indicates the number of route tables configured in this VPC.

Number

By default, a maximum of 9 custom route tables can alone be created per VPC. You can override this default limit by requesting a quota increase using the Quota Management Page in Alibaba cloud console.

To know which route tables are created for this VPC, use the detailed diagnosis of this measure.

vSwitch

Indicates the number of vSwitches configured for this VPC.

Number

A vSwitch is a basic network component that connects different cloud resources in a VPC. After you create a VPC, you can create a vSwitch to divide your VPC into multiple subnets. vSwitches deployed in a VPC can communicate with each other over the private network. You can deploy your applications in vSwitches that belong to different zones to improve service availability.

By default, a maximum of 24 vSwitches can be configured per VPC. You can override this default limit by requesting a quota increase using the Quota Management Page in Alibaba cloud console.

To know which vSwitches are created in this VPC, use the detailed diagnosis of this measure.

ECS instance

Indicates the number of ECS instances deployed in this VPC.

Number

Elastic Compute Service (ECS) is a high-performance, stable, reliable, and scalable IaaS-level service provided by Alibaba Cloud. ECS eliminates the need to invest in IT hardware up front and allows you to quickly scale computing resources on demand. This makes ECS more convenient and efficient than physical servers. ECS provides a variety of instance types that suit different business needs and help boost business growth.

To know which ECS instances are deployed in this VPC, use the detailed diagnosis of this measure.

SLB instance

Indicates the number of SLB instances deployed in this VPC.

Number

Alibaba Cloud Server Load Balancer (SLB) distributes traffic among multiple instances to improve the service capabilities of your applications. You can use SLB to prevent single point of failures (SPOFs) and improve the availability and the fault tolerance capability of your applications.

To know which SLB instances are deployed in this VPC, use the detailed diagnosis of this measure.

NAT gateway

Indicates the number of NAT gateways configured in this VPC.

Number

NAT gateways are enterprise-class gateways that provide the Source Network Address Translation (SNAT) and Destination Network Address Translation (DNAT) features. Each NAT gateway provides a throughput capacity of up to 10 Gbit/s. NAT gateways also support cross-zone disaster recovery.

Using the detailed diagnosis of this measure, you can quickly identify the NAT gateways configured in this VPC.

Security group

Indicates the number of security groups configured in this VPC.

Number

Security groups function as virtual firewalls that provide Stateful Packet Inspection (SPI) and packet filtering capabilities to isolate security domains on the cloud. You can configure security group rules to control the inbound and outbound traffic of ECS instances in security groups.

Using the detailed diagnosis of this measure, you can quickly identify the security groups configured in this VPC.

For complete information on a target VPC, use the detailed diagnosis of the Status measure. The name of the VPC, its IPv4 address, and its CEN instance are displayed as part of detailed diagnostics.

Figure 1 : Detailed diagnosis of the Status measure reported by the Virtual Private Cloud - VPC test

To know which route tables are created for the target VPC, use the detailed diagnosis of the Route tables measure. The ID, status, and description of each route table are displayed as part of detailed diagnostics.

Figure 2 : Detailed diagnosis of the Route tables measure

To know which vSwitches are created in this VPC, use the detailed diagnosis of the vSwitch measure.

Figure 3 : Detailed diagnosis of the vSwitch measure