Help Center/ DataArts Studio/ User Guide/ DataArts DataService/ API Development/ Preparations/ an Exclusive DataArts DataService instance
Updated on 2022-09-23 GMT+08:00

an Exclusive DataArts DataService instance

This topic describes how to an exclusive DataArts DataService instance. You can create an API in Exclusive DataArts DataService and use it to provide services only after the instance is available.

To create or delete an exclusive cluster or change API quotas, you must have either of the following accounts:

  • DAYU Administrator with the VPCEndpoint Administrator permission
  • Tenant Administrator with the VPCEndpoint Administrator permission

Network Environment Preparation

After a DataArts DataService exclusive cluster is created, resources are located in the resource tenant zone. ELB performs load balancing for the nodes in the cluster.

You can access the cluster in either of the following ways:

  • Private address: IP address of the VPC endpoint
  • Public address (optional): EIP bound to ELB The EIP is available only when you enable the Internet access when creating the DataArts DataService cluster.
Figure 1 Networking of the DataArts DataService exclusive cluster

To ensure that the created exclusive cluster is accessible, pay attention to the following network configurations:

  • Virtual Private Cloud (VPC)

    A VPC must be configured for an exclusive DataArts DataService instance. Resources (such as ECSs) in the same VPC can use the private address of the exclusive instance to call APIs.

    When an exclusive instance, you are advised to configure the same VPC as other associated services to ensure network security and facilitate network configuration.

  • Elastic IP (EIP)

    If you want to call an API of an exclusive instance, buy an EIP and bind it to the instance. The EIP will be used as the Internet entry of the instance.

  • Security Group

    A security group is similar to a firewall. It controls who can access the specified port of an instance and enables the communication data flow of the instance to move to the specified destination address. You are advised to enable the IP address and port in the inbound direction of the security group to protect the network security of the instance to the maximum extent.

    The security group bound to an exclusive instance must meet the following requirements:

    • Inbound rule: To call APIs from the Internet or from resources in other security groups, enable ports 80 (HTTP) and 443 (HTTPS) in the inbound direction of the security group bound to the exclusive instance.
    • Outbound direction: If the backend service is deployed on the Internet or in another security group, enable the backend service address and API calling listening port in the outbound direction of the security group bound to the exclusive instance.
    • If the frontend and backend services of the API are bound to the same security group and VPC as the exclusive instance, you do not need to enable the preceding ports for the exclusive instance.
  • Route

    In the physical machine management scenario, if the physical machine and the cluster have different network segments, you need to configure a route.

    On the Basic Details page of the cluster, you can add or delete routes.

    If the DataArts DataService cluster does not support routes, you can contact related support personnel to modify the configuration item dlm.instance.route.action.support to enable this function.

Procedure

a DataArts DataService incremental package. The system automatically creates a cluster based on your selected specifications.

  1. Locate an enabled instance and click .
  2. On the displayed page, set parameters based on Table 1.

    Table 1 Parameters for an exclusive DataArts DataService instance

    Parameter

    Description

    Package

    Select DataArts DataService.

    Billing Mode

    Currently, Yearly/Monthly is supported.

    Workspace

    The workspace for which you want to use the incremental package. For example, if you want to use DataArts DataService Exclusive in workspace A of the DataArts Studio instance, select workspace A. After an exclusive DataArts DataService cluster, you can view it in workspace A.

    AZ

    When you buy a DataArts Studio instance or incremental package for the first time, you can select any available AZ.

    When you buy another DataArts Studio instance or incremental package, determine whether to deploy your resources in the same AZ based on your DR and network latency demands.
    • If your application requires good DR capability, deploy resources in different AZs in the same region.
    • If your application requires a low network latency between instances, deploy resources in the same AZ.

    For details, see AZs.

    Name

    N/A

    Description

    A description of the exclusive DataArts DataService cluster.

    Version

    Cluster version of the exclusive DataArts DataService cluster.

    Cluster Details

    The number of concurrent API requests supported varies depending on the instance specifications.

    Enabling public IP address

    If you select Enabling public IP address, external services can call the APIs created in exclusive instances through the Internet address.

    Bandwidth

    Bandwidth range on the Internet.

    VPC

    A VPC is a secure, isolated, and logical network environment.

    Cloud resources (such as ECSs) within the same VPC can call APIs using the private IP address of DataArts DataService Exclusive.

    Deploy the DataArts DataService Exclusive instance in the same VPC as your other services to facilitate network configuration and secure network access.

    NOTE:

    After the DataArts DataService instance is created, the VPC cannot be changed.

    Subnet

    A subnet provides dedicated network resources that are logically isolated from other networks for network security.

    Deploy the DataArts DataService Exclusive instance in the same subnet of the same VPC as your other services to facilitate network configuration and secure network access.

    NOTE:

    After the DataArts DataService instance is created, the subnet cannot be changed.

    Security Group

    A security group is used to set port access rules, define ports that can be accessed by external services, and determine the IP addresses and ports that can be accessed externally.

    For example, if the backend service is deployed on an external network, configure security group rules to allow access to the IP address and listening port of the backend service.

    NOTE:
    1. If Enabling the public IP address is selected, the security group must allow access from ports 80 (HTTP) and 443 (HTTPS) in the inbound direction.
    2. After the DataArts DataService instance is created, the security group cannot be changed.

    Managing Cluster Resources Using an Enterprise Project

    Enterprise project associated with the exclusive DataArts DataService cluster. An enterprise project facilitates management of cloud resources. For details, see Enterprise Management User Guide.

    Nodes

    N/A

    Required Duration

    N/A

  3. Click Now, confirm the settings, and click Next.

Setting the Allocated API Quota

After creating an exclusive cluster, you need to set the allocated API quota so that you can create APIs. To set the quota, perform the following steps:

  1. On the Workspaces page, locate a workspace and click Edit in the Operation column.

    Figure 2 Editing a workspace

  2. In the displayed Workspace Information dialog box, click Edit to set the allocated quota.

    Figure 3 Setting the allocated quota

    You will be charged for the APIs you create. If you increase the API quota, more APIs can be created in the workspace and the fees may increase.

  3. Set the allocated API quota for DataArts DataService Exclusive.

    Figure 4 Setting the quota

    The allocated quota cannot be less than the used quota and not greater than the total quota minus the total allocated quota plus the previously allocated quota.