Setup AlibabaCloud OSS on Windows VM
Setting up AlibabaCloud OSS on Windows VM (ECS) is our next tutorial where we will demonstrate how easy is to setup AlibabaCloud Object Storage Service on a Windows VM or Elastic Compute Service (ECS) how is the product called. AlibabaCloud may not be so popular outside China borders but we can say that is quite a major player on the cloud market, their offering is as good as Amazon AWS, Google Cloud Platform or Microsoft Azure but the only thing that makes AlibabaCloud appealing is the fact that currently is the only company that provides a full range of cloud services within Mainland China as opposed to the other well known cloud providers. We are not saying that other cloud providers doesn’t have a good presence and service portfolio for China but AlibabaCloud – known as Aliyun in China – covers everything there and from our experience we can say that their support staff is very responsive providing even guidance in terms of ICP licensing – a must when you want to do business in China. We are sure you are not here to hear about AlibabaCloud’s market share and let’s jump straight to our technical tutorial about AlibabaCloud OSS on Windows.
Table of contents
Context
Setup a new AlibabaCloud OSS bucket
Create a new RAM user
Create a new RAM policy
RAM policy assignment
Download OSS Utils (ossutil) package to Windows VM
Configure AlibabaCloud OSS Utils
Test the access from Windows ECS to AlibabaCloud OSS
Context
Assuming that we have a few ECS (Elastic Compute Service) Windows machines within AlibabaCloud China – Hangzhou region and one of them plays a very important role for our stack, is a database server based on Microsoft SQL. We all know that a backup must be always in place when a database come into the mix and this comes at a cost. By using slow or fast disks for storing long term backups can have a big impact on our budget and then we have to look for alternative solutions. Often the most cost effective service for storing backups of any kind is the Storage service provided by any respectable cloud provider like S3 from Amazon, GCS from Google Cloud, FS from Azure and now OSS from AlibabaCloud. In this specific case we will be using AlibabaCloud’s Object Storage Service (OSS) within China as this is the most cost effective solution to store our long term backups for MSSQL from China.
Setup AlibabaCloud OSS Bucket
Having an active AlibabaCloud account and being logged in we can start our tutorial by creating a new OSS Bucket called for example mssql-backups
. When creating the OSS Bucket we must make sure that we are choosing the same region as our ECS, by using the same region we will decrease network latency and also we will eliminate any cost associated with network egress / ingress traffic.
After creating the OSS Bucket we need to make a note of the Internal Endpoint the can be found on the Overview
section of the bucket properties page. In our case the Endpoint is called oss-cn-hangzhou-internal.aliyuncs.com
, we will be using this later on our tutorial.
Do not use the Endpoint labeled as Internet Access unless you are connecting from an external service other than AlibabaCloud, this will incur some ingress / egress fees.
Create a new RAM user
Having now an OSS Bucket where to store our backups we can move to our next step where we have to create a new RAM (Resource Access Management) user. This new RAM user will have limited access to OSS by using a RAM policy – we will talk about this on the next step -, but now let’s create quickly a new RAM user called as well mssql-backups
. Thinking about security we should create mssql-backup
user having only programmatic access
to our resources, so we must untick Console Password Logon
option and select only Programmatic Access
.
Once the user has been created AlibabaCloud will generate a pair of keys for us, AccessKeyId
(example: LTAI4FjfwSH7gbraTUvP7q2o
) and SecretAccessKey
(example: V7RkWvcXQTvQxwFqoRgZ6aBDu4uRW7
). SecretAccessKey
key will be shown only once so we must save both these keys somewhere safe as we will make use of them later, without these two keys we would not be able to access OSS from Windows.
Create a new RAM policy
On this particular step we have to create a new RAM policy that defines the access level – actions and resources – to our AlibabaCloud services. Knowing that we only need to store backups within mssql-backups
OSS bucket our policy will have to be very specific and simple, let’s create a new RAM policy called mssql-backups-policy
and use the JSON formatted lines as shown below:
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"oss:GetObject",
"oss:ListObjects",
"oss:PutObject",
"oss:DeleteObject"
],
"Resource": [
"acs:oss:*:*:mssql-backups/*",
"acs:oss:*:*:mssql-backups"
]
}
],
"Version": "1"
}
The above RAM Policy lines are pretty much self-explanatory, this policy says that whoever uses it it will have access to only acs:oss:*:*:mssql-backups/*
resources which is our OSS Bucket that we have previously created and the only actions permitted (Get, List, Put, Delete
) are for OSS.
RAM policy assignment
So far we covered a lot of ground, we have created an OSS Bucket, a RAM user and also a RAM policy. Now it is time to assign our newly created mssql-backups-policy
RAM policy to our mssql-backups
RAM user.
Let’s get back to our RAM > Users page and click on the Permissions tab, here we have to click on Add Permissions button which will open a pop-up window with all custom or predefined RAM policies. In our case we have select Custom Policy from drop-down menu and add mssql-backups-policy
followed by OK button.
Download OSS Utils (ossutil) package to Windows VM
Now we have to log into our Windows ECS and download ossutils
(Windows x86 64bit) zipped package to C:\AliCloudUtils
for example. The link shown below will get us directly to the download page:
https://www.alibabacloud.com/help/doc-detail/50452.htm?spm=a2c63.p38356.879954.8.16d21cb4DccffY#concept-cnr-3d4-vdb
Configure AlibabaCloud OSS Utils
Once ossutil
has been downloaded, unzipped and its content moved to C:\AliCloudUtils
we have to configure the package by creating .ossutilconfig
file where we will be define the credentials needed. So we have to go to C:\Users\[YourUsername]\
and create a new file using Notepad called .ossutilconfig
, this will contain all data we need in order to access our OSS bucket like shown in the example below:
[Credentials]
language = EN
accessKeyID = LTAI4FjfwSH7gbraTUvP7q2o
accessKeySecret = V7RkWvcXQTvQxwFqoRgZ6aBDu4uRW7
stsToken =
endpoint = oss-cn-hangzhou-internal.aliyuncs.com
Make sure you replace the values for accessKeyID
, accessKeySecret
and endpoint
with yours.
Test the access from Windows ECS to AlibabaCloud OSS
We are almost done but before that let’s have a quick test of our AlibabaCloud OSS setup on Windows just to see if we are able to perform all operations needed for our MSSQL backups.
First let’s try to list all objects from our newly created mssql-backups
OSS bucket:
C:\AliCloudUtils>ossutil64.exe ls oss://mssql-backups
Object Number is: 0
0.139227(s) elapsed
As expected ossutil
returned no files as we haven’t uploaded any yet.
Let’s create a new file on our Windows ECS like show below:
C:\AliCloudUtils>echo.>oss-test-file.txt
And now let’s try to upload this file to OSS:
C:\AliCloudUtils>ossutil64.exe cp oss-test-file.txt oss://mssql-backups
Succeed: Total num: 1, size: 2. OK num: 1(upload 1 files).
0.111314(s) elapsed
We can see that our file has been successfully uploaded.
What about deleting this test file from OSS Bucket:
C:\AliCloudUtils>ossutil64.exe rm oss://mssql-backups/oss-test-file.txt
Succeed: Total 1 objects. Removed 1 objects.
0.081583(s) elapsed
We are now officially done, our AlibabaCloud OSS setup on Windows works as expected. All that’s left is to blend this knowledge with some PowerShell scripts.
Our short tutorial called Setup AlibabaCloud OSS on Windows ends here.