Alibaba ECS Compute Guide

Alibaba Cloud Elastic Compute Service (ECS)

Elastic Compute Service (ECS) is Alibaba Cloud's flagship compute service, providing scalable virtual servers that form the foundation of most cloud architectures. ECS offers one of the most extensive instance family portfolios in the cloud industry, with over 400 instance types spanning general purpose, compute optimized, memory optimized, GPU-accelerated, high-performance computing, big data, local SSD, and bare metal configurations. Whether you are running a simple web server, a distributed machine learning training job, or a high-frequency trading system, ECS has an instance type designed for your workload.

ECS instances run on Alibaba Cloud's Apsara distributed computing platform, which manages hardware resources across data centers and provides features like live migration, automatic failure recovery, and consistent performance isolation. The latest generation instances (7th and 8th generation) are built on custom hardware with enhanced networking, storage, and security capabilities including support for Trusted Platform Module (TPM) and AMD SEV for confidential computing.

This guide covers ECS instance families, pricing models, disk types, networking configuration, security hardening, and operational best practices for running production workloads on Alibaba Cloud ECS.

ECS Instance Families

Alibaba Cloud organizes ECS instances into families based on their compute characteristics. Understanding these families is essential for selecting the right instance for your workload and optimizing costs:

General Purpose (g-series)

General purpose instances provide a balanced ratio of CPU, memory, and networking resources. The current generation includes:

• ecs.g7 (Intel Ice Lake): 7th-gen general purpose with up to 128 vCPUs and 512 GiB memory. 2.7 GHz base frequency with turbo to 3.5 GHz. Best for web servers, application servers, and mid-size databases.
• ecs.g8a (AMD EPYC Genoa): 8th-gen AMD instances offering 10-15% better price-performance than g7. Up to 192 vCPUs. Best for cost-sensitive general workloads.
• ecs.g8ae (AMD EPYC Enhanced): Enhanced AMD instances with higher clock speeds and improved networking throughput. Ideal for latency-sensitive applications.
• ecs.g8y (Yitian 710 ARM): ARM-based instances using Alibaba's custom Yitian 710 processor. Up to 30% better price-performance for cloud-native workloads. Best for microservices, containers, and web applications.

Compute Optimized (c-series)

Compute optimized instances offer a higher ratio of vCPUs to memory (1:2 ratio) and are designed for CPU-intensive workloads:

• ecs.c7: Intel Ice Lake compute optimized. Best for batch processing, high-performance web servers, gaming servers, and video encoding.
• ecs.c8a: AMD EPYC Genoa compute optimized with better multi-threaded performance.
• ecs.c8y: ARM-based compute optimized using Yitian 710.

Memory Optimized (r-series)

Memory optimized instances provide a higher ratio of memory to vCPUs (1:8 ratio) for memory-intensive workloads:

• ecs.r7: Intel Ice Lake memory optimized. Up to 3072 GiB memory. Best for in-memory databases (Redis, SAP HANA), real-time analytics, and large caches.
• ecs.r8a: AMD EPYC Genoa memory optimized.
• ecs.re7p (Persistent Memory): Instances with Intel Optane persistent memory for ultra-large memory requirements at lower cost than DRAM.

GPU-Accelerated (gn-series)

GPU instances provide NVIDIA GPU cards for machine learning, deep learning, rendering, and scientific computing:

• ecs.gn7i (NVIDIA A10): Inference-optimized instances. Best for AI inference serving, video transcoding, and graphics rendering.
• ecs.gn7 (NVIDIA A100): Training-optimized instances with NVLink for multi-GPU communication. Up to 8x A100 80GB GPUs. Best for large-scale deep learning training.
• ecs.gn8 (NVIDIA H800): Latest generation training instances for foundation model training and large language model fine-tuning.

ECS Pricing Models

Understanding ECS pricing is critical for cost optimization. Alibaba Cloud offers four pricing models for ECS instances:

Pay-As-You-Go

Billed per second (minimum 1 minute) with no upfront commitment. The most flexible option but also the most expensive. Use for development, testing, short-lived workloads, and instances that need to be stopped and started frequently. You only pay when the instance is running.

Subscription

Commit to 1-month to 3-year terms for 30-60% savings compared to Pay-As-You-Go. The instance runs continuously during the subscription period regardless of usage. Best for production workloads with predictable uptime requirements.

Preemptible Instances

Up to 90% discount compared to Pay-As-You-Go pricing. Preemptible instances can be reclaimed by Alibaba Cloud with a 5-minute notification when demand for the instance type increases. Best for fault-tolerant workloads like batch processing, CI/CD builds, stateless web servers behind load balancers, and big data analytics.

# Create a preemptible instance
aliyun ecs CreateInstance \
  --InstanceName "batch-worker-01" \
  --InstanceType ecs.g7.2xlarge \
  --ImageId ubuntu_22_04_x64_20G_alibase \
  --SpotStrategy SpotAsPriceGo \
  --SpotDuration 0 \
  --VSwitchId vsw-bp1**** \
  --SecurityGroupId sg-bp1****

# Query current spot prices
aliyun ecs DescribeSpotPriceHistory \
  --InstanceType ecs.g7.2xlarge \
  --NetworkType vpc \
  --ZoneId cn-hangzhou-a

Savings Plans

Commit to a consistent amount of compute spending (measured in RMB/hour or USD/hour) for 1 or 3 years. Unlike Subscription, Savings Plans provide the flexibility to change instance types, families, regions, and even switch between ECS and ECI (Elastic Container Instances). The discount applies automatically to your hourly compute spend.

ECS Storage: Cloud Disks

ECS instances use cloud disks (block storage) for system and data volumes. Alibaba Cloud offers several disk categories with different performance characteristics:

• ESSD (Enhanced SSD): The recommended disk type for most workloads. Available in four performance levels: PL0 (10,000 IOPS), PL1 (50,000 IOPS), PL2 (100,000 IOPS), and PL3 (1,000,000 IOPS). Uses NVMe protocol over 25 Gbps RDMA network.
• ESSD AutoPL: Auto-performance-level ESSDs that automatically adjust IOPS based on disk capacity. Simpler to manage than manual PL selection.
• SSD Cloud Disk: Previous generation SSDs. Lower cost than ESSD but also lower performance. Suitable for development and non-critical workloads.
• Ultra Cloud Disk: HDD-based storage for cold data, logs, and infrequent access workloads. Lowest cost per GB.

# Create an ESSD data disk
aliyun ecs CreateDisk \
  --DiskName "prod-data-vol" \
  --DiskCategory cloud_essd \
  --PerformanceLevel PL1 \
  --Size 500 \
  --ZoneId cn-hangzhou-a \
  --Encrypted true \
  --KMSKeyId key-****

# Attach disk to an instance
aliyun ecs AttachDisk \
  --InstanceId i-bp1**** \
  --DiskId d-bp1****

# Create a snapshot
aliyun ecs CreateSnapshot \
  --DiskId d-bp1**** \
  --SnapshotName "pre-upgrade-snapshot" \
  --RetentionDays 30

ECS Networking

ECS instances are deployed within a VPC (Virtual Private Cloud) and assigned to a vSwitch (subnet) in a specific availability zone. Each instance gets a primary private IP address from the vSwitch CIDR range and can optionally be assigned an Elastic IP Address (EIP) for internet access.

ECS networking capabilities scale with instance size:

• Network bandwidth: Ranges from 1 Gbps for small instances to 100 Gbps for bare metal instances
• PPS (packets per second): Ranges from 300K to 24M depending on instance type
• ENI (Elastic Network Interfaces): Support for multiple ENIs for network isolation and multi-homing
• ERdMA: Enhanced RDMA support on 7th-gen and later instances for ultra-low-latency networking

Auto Scaling

Alibaba Cloud Auto Scaling (previously known as ESS — Elastic Scaling Service) automatically adjusts ECS capacity based on demand. Configure scaling groups with minimum, maximum, and desired capacity, then define scaling rules based on CloudMonitor metrics, schedules, or custom triggers:

# Create a scaling group
aliyun ess CreateScalingGroup \
  --ScalingGroupName "web-tier-asg" \
  --MaxSize 20 \
  --MinSize 2 \
  --DefaultCooldown 300 \
  --VSwitchIds '["vsw-bp1****","vsw-bp2****"]' \
  --LoadBalancerIds '["lb-bp1****"]' \
  --MultiAZPolicy BALANCE

# Create a scaling configuration (launch template)
aliyun ess CreateScalingConfiguration \
  --ScalingGroupId asg-bp1**** \
  --InstanceType ecs.g7.xlarge \
  --ImageId ubuntu_22_04_x64_20G_alibase \
  --SystemDiskCategory cloud_essd \
  --SystemDiskSize 40 \
  --SecurityGroupId sg-bp1****

# Create a target tracking scaling rule
aliyun ess CreateScalingRule \
  --ScalingGroupId asg-bp1**** \
  --ScalingRuleName "cpu-target-tracking" \
  --ScalingRuleType TargetTrackingScalingRule \
  --TargetValue 60 \
  --MetricName CpuUtilization \
  --EstimatedInstanceWarmup 300

Security Best Practices

Securing ECS instances requires a layered approach covering network, identity, and host-level controls:

• Security Groups: Apply least-privilege security group rules. Never open port 22 (SSH) or 3389 (RDP) to 0.0.0.0/0 in production. Use bastion hosts or VPN for administrative access.
• Key Pairs: Use SSH key pairs instead of passwords for Linux instances. Disable password authentication in sshd_config after deploying keys.
• Disk Encryption: Enable ESSD encryption with KMS-managed or customer-managed keys.
• Cloud Assistant: Use Cloud Assistant (equivalent to AWS SSM) for patch management and command execution without exposing SSH ports.
• Security Center: Enable Alibaba Cloud Security Center for vulnerability scanning, baseline checks, and intrusion detection on ECS instances.
• Instance RAM Roles: Attach RAM roles to ECS instances instead of embedding AccessKey credentials in application code.

# Create and attach a RAM role to an ECS instance
aliyun ram CreateRole \
  --RoleName "ecs-app-role" \
  --AssumeRolePolicyDocument '{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":["ecs.aliyuncs.com"]}}],"Version":"1"}'

# Attach a policy to the role
aliyun ram AttachPolicyToRole \
  --PolicyType System \
  --PolicyName AliyunOSSReadOnlyAccess \
  --RoleName ecs-app-role

# Attach the role to an ECS instance
aliyun ecs AttachInstanceRamRole \
  --InstanceIds '["i-bp1****"]' \
  --RamRoleName ecs-app-role \
  --RegionId cn-hangzhou

Monitoring and Troubleshooting

CloudMonitor provides default metrics for all ECS instances including CPU utilization, memory usage (requires CloudMonitor agent), disk I/O, network traffic, and instance health. Set up alerts for key thresholds to catch issues before they impact users.

For deeper visibility, install the CloudMonitor agent on your instances to collect memory utilization, disk space, process counts, and custom application metrics. The agent is lightweight and reports metrics every 15 seconds.

When troubleshooting ECS issues, use the following tools:

• Instance Diagnostics: Built-in health check that verifies instance status, network connectivity, and disk health
• System Events: Check for scheduled maintenance events, live migration notifications, and hardware failure alerts
• Serial Console: Access the instance console for debugging boot issues and network misconfigurations
• Instance Metadata: Query instance metadata at http://100.100.100.200/latest/meta-data/ for instance details, RAM role credentials, and user-data