K2 Cloud
In this article:
K2 Cloud#
K2 Cloud provides infrastructure services (Infrastructure as a Service, IaaS) and is an in-house development of K2 Integration company. The cloud platform is deployed in our own and partner data centers and is used to provide PaaS (Platform as a Service) and SaaS (Software as a Service) solutions.
K2 Cloud is deployed in two geographically distributed regions: ru-msk (Moscow) and ru-spb (St. Petersburg) featuring three availability zones (ru-msk-comp1p, ru-msk-vol51, ru-msk-vol52) and one availability zone (ru-spb-a), respectively. Each availability zone is based on one or more data centers, and its computing and engineering infrastructures are independent of those in the other zones.
In terms of the resources, the services are divided into global ones (IAM, Billing, DNSaaS), which use the same resources for all regions, and regional ones (Instances, Volumes, Object storage, Kubernetes clusters, etc.), which use region-specific resources.
The set of supported services and available resources depends on a region. The ru-spb-a offers gp2 and st3 volume types and instance type families for gen5 and gen7 generations.
The K2 Cloud infrastructure is protected from unauthorized access, attacks and other security incidents and complies with the requirements of Federal Law “On Personal Data” No. 152-FZ to the first level of protection for personal data processing.
What services K2 Cloud provides?
Virtual machines#
Compute resources in K2 Cloud are represented as virtual machine instances, or just instances. You can choose an availability zone (data center in which physical hardware is located), quantity and performance of virtual central processing units (vCPU), RAM size and many other parameters during an instance creation process.
Launch templates save instance configuration information and help reduce the number of steps and actions to create instances. In particular, launch templates are used to describe the configuration of instances in the Auto Scaling service. For each launch template, you can create its versions with different instance parameters.
You can import virtual machines, as well as available volumes from an existing infrastructure to K2 Cloud and export them back to a local virtualization infrastructure, using the service Import/Export.
Dedicated host is a physical server provisioned only to a particular user (company) — no one else can run instances on it. The user can choose the server configuration: the number of available physical cores, sockets, and RAM. Different instance types can be run on the same server.
You can assign individual tags to any instance or volume. Tags help identify and organize multiple resources of the same type easier and faster and manage them more conveniently. You can tag both existing and new instances and volumes, search for these resources, and filter them by tags.
Data storage#
Volume in K2 Cloud is the main storage for instance data. Volumes are virtual block storage devices. You can create a volume separately from an instance or together with the instance. The cloud provides users with several volume types differing in characteristics, capabilities, and cost.
Images allow you to save the instance configuration and launch parameters, which is handy if you frequently use a particular configuration. K2 Cloud provides many tested images of various operating systems to deploy instances quickly and efficiently. You can create custom images based on instances and volume snapshots, or import them into K2 Cloud.
Volume snapshots allow you to save the current state of the OS and data available on the volume. You can use a snapshot for creating new volumes or use it as either a backup or installation package of an OS or other software. Ready-made volume snapshots are available from K2 Cloud, but you can also create custom ones.
Volume versions are snapshots of the volume state at a point in time. They can be used to preserve the volume state before updates or critical changes. Unlike volume snapshots, versions are stored in the same storage system as the volume itself. Thus, you can quickly roll back the volume to a previous state without having to copy data from another storage.
K2 Cloud object storage is intended to store large amounts of arbitrary data (documents, backups, etc.) and has an AWS S3-compatible API. All objects are distributed across containers called buckets. Buckets can be used to store backups or data available over the Internet via HTTP. Object versioning allows you to store multiple versions of objects in a single bucket and protects them against deletion and overwriting. Access to objects in buckets can be set via Access Control Lists (ACL). Buckets can contain static websites and you may configure HTTPS access to them. You can set a CORS policy to enable cross-domain requests to objects in a bucket .
The EFS (Elastic File System) service provides a file storage that multiple instances can share. The instances can be running in different VPCs and even in other networks outside the cloud. The file system is replicated among multiple data centers within a region, ensuring service reliability and high availability.
Backup#
K2 Cloud Backup service allows you to automate the creation of recovery points for instances and volumes. You can select resources to be backed up and set the backup schedule, retention period, etc. Recovery points are kept on dedicated storage systems separate from the volumes. Recovery points are immutable and so cannot be modified. Moreover, they are automatically encrypted, thus providing an additional level of security.
Networks#
K2 Cloud allows you to create virtual private clouds (VPC), which ensure virtual resource isolation at the network layer. As part of a private cloud, you can create subnets, instances in the subnet, DHCP options, routing tables, and VPN- connections and other resources.
K2 Cloud allows you to create instances connected to subnets or several subnets that are present in one of the availability zones.
You can use security groups and access control lists to manage the network access to the cloud. K2 Cloud provides public IP addresses and allows you to use your own provider-independent IPv4 address blocks.
Auto Scaling#
The Auto Scaling service allows you to automatically run the required number of virtual machine instances to support the current application workload. You can create both groups where the number of instances is fixed and groups where it can change depending on the load. Health check mechanisms ensure that new instances are launched to replace failed ones, while scaling policies add/terminate instances to/in the group upon specified alarms.
Load balancing#
Load Balancing service automatically distributes inbound traffic across a group of instances in one or more availability zones.
K2 Cloud supports Network Load Balancers (NLB) and Application Load Balancers (ALB). The former work on OSI Layer 4 and distribute TCP or UDP traffic, while the latter work on OSI Layer 7 and distribute HTTP and HTTPS traffic.
Depending on your goals, you can create different types of balancers:
external, to distribute inbound Internet traffic;
internal, to distribute intra-VPC traffic.
Network connections#
K2 Cloud provides various means of connection both between networks in the cloud and to external networks.
The VPN connection allows you to configure a secure connection between the infrastructure in K2 Cloud and a remote infrastructure. The high availability mode employs two tunnels terminated in different availability zones. If the connection is lost, traffic is automatically switched to another tunnel. BGP-based dynamic routing eliminates the need to manually configure static routes.
The Direct Connect service enables L3 connectivity between corporate networks and K2 Cloud via BGP. This ensures secure and fast data transfer between them with low latency and guaranteed throughput.
Using the Traffic Mirroring service, you can replicate all the inbound and/or outbound traffic between network interfaces of instances in the same availability zone. To mirror a specific traffic only, you can use filters. The service easily integrates with third-party open-source security tools. This enables total control over inbound and outbound traffic for the purposes of diagnostics, monitoring, and threat detection.
Transit gateways allow you to organize traffic exchange between different VPCs. A transit gateway can be accessed from other projects, so these gateways can be used to provide connectivity between subnets in different projects, even when they are owned by different companies.
Thanks to flexible routing based on transit gateways, you can create complex network topologies from multiple VPCs, where each VPC can act as a separate security zone. If necessary, dedicated VPCs can host infrastructure for traffic inspection, filtering, and/or additional processing.
Project network infrastructure visualization using the network map facilitates network architecture analysis, inventory of available resources, and drafting of documentation and presentations.
DNSaaS#
DNSaaS provides DNS zone hosting functionality. It allows you to create and administer DNS zones and resource records within them. K2 Cloud supports both public and private DNS zones and ensures high availability and scalability of the service.
PaaS#
The PaaS service allows you to quickly deploy cloud resources with the necessary infrastructure and software. Currently, Databases, Caching, Search and Analytics, Message Brokers, Logging, and Monitoring services are available and supported in the PaaS section. With integrated PaaS monitoring and logging services, you can track the statuses of PaaS services. For PaaS services in a high-availability configuration, you can create internal and/or Internet-facing load balancers to automatically distribute requests across cluster nodes.
The following DBMS are available for deployment in the Databases category MySQL, PostgreSQL, Redis, and MongoDB. You can run both standalone databases and high-availability database clusters.For MySQL, PostgreSQL, and MongoDB databases, you can create an arbitrator-enabled cluster to ensure the required fault tolerance level and save on cloud resources. Scheduled backups are also supported for MySQL and PostgreSQL databases.
In the Caching category, there are two of the most popular caching solutions available — Memcached and Redis. They are deployed in memory and reduce response times for database queries, e-commerce sessions, streaming analytics and other types of transactions.
It takes just a few minutes to deploy and configure the popular service Elasticsearch in the Search and analytics category.
The Message Brokers category features common message brokers: RabbitMQ and Apache Kafka. Message brokers enable the creation of flexible and scalable systems thanks to asynchronous message exchange and delivery mechanisms and support for a wide range of protocols. Built-in replication mechanisms enable the creation of high-availability systems. RabbitMQ is available with one and three nodes, while Apache Kafka offers one-, three-, and six-node configurations. Apache Kafka configurations with one and three nodes can be used for test purposes.
The Monitoring category offers Prometheus service based on a popular open-source monitoring system. It allows for an easy integration of PaaS services deployed in K2 Cloud into a single monitoring system. In addition, you can add your own services to the monitoring system.
The Logging category offers ELK service based on ELK stack. Elasticsearch is used to store and index the logs; Logstash, to filter and process logs; and Kibana, to visualize received data. The service allows for the centralized and automated log data collection from other PaaS services deployed in K2 Cloud. As with PaaS monitoring service, you can connect your own services to the logging system.
Kubernetes clusters#
Service Kubernetes clusters allows you to launch clusters, scale worker nodes, and delete launched clusters. When creating a cluster in K2 Cloud, you can install additional services:
Ingress Controller can be used to route all requests, coming from outside to applications, deployed in Kubernetes.
EBS-provider allows Kubernetes to manage volumes in cloud and use them as Persistent Volumes.
Docker Registry safely stores container images for further deployment in Kubernetes.
ELB Provider allows you to deploy load balancers for a Kubernetes cluster. Both network and application load balancers are supported.
Cluster Autoscaler allows you to flexibly manage the number of workers in node groups in a Kubernetes cluster depending on the load.
Kubernetes Dashboard simplifies cluster administration (deployment, updating, bug fixing) via a GUI.
Monitoring#
K2 Cloud Monitoring service enables real-time cloud performance monitoring. You can collect metrics for cloud resources (instances, volumes, buckets, Auto Scaling groups, application load balancers, Internet gateways, VPN tunnels, etc.) and configure alarms for events.
Activity Log#
Activity Log allows you to store and explore records about actions (API requests) made by all company users.
IAM#
The IAM (Identity and Access Management) service allows you to control and flexibly configure user access to the infrastructure in K2 Cloud, using various tools and services.
Using Projects, you can provision a dedicated cloud infrastructure to a company user or department for their daily tasks.
User access rights can be managed by means of groups and policies. Each policy grants access to a specific service. Policies can be assigned to both a user and a group. With groups, you can grant the same rights to multiple users at once, rather than assigning them to each user individually.
The Identity providers service lets you to centrally manage users through an external identity provider. Integrated with the IAM service, it allows you to control access to cloud resources without configuring privileges for every user. Authentication and authorization in K2 Cloud can be performed through an external identity provider using its login and password.
Cloud resource usage is controlled, among other things, through notifications and quotas. Quotas enable flexible management of cloud resource limits, while notifications promptly bring you details of various events (maintenance, failures, etc.).
Hope you enjoy your K2 Cloud experience!