Alibaba Cloud Dedicated Host Tutorial: Architecture, Pricing, Use Cases, and Hands-On Guide for Computing

Category

Computing

1. Introduction

Alibaba Cloud Dedicated Host (often abbreviated as DDH in Alibaba Cloud documentation and APIs) is a Computing service that lets you run Elastic Compute Service (ECS) instances on physically isolated, single-tenant hosts that are dedicated to your account.

In simple terms: you rent an entire physical server (the host) from Alibaba Cloud, and then you create one or more ECS virtual machines (instances) on that host. No other Alibaba Cloud customer shares that host with you.

Technically, Dedicated Host is a host-level capacity container for ECS. You purchase or allocate a dedicated host in a specific region/zone, then deploy ECS instances whose vCPU and memory are carved out of the host’s capacity. This model is useful when you need host isolation, predictable performance, or license/compliance alignment that is difficult to achieve on shared multi-tenant infrastructure.

Dedicated Host solves problems such as: – Meeting regulatory/compliance requirements that mandate single-tenant compute. – Supporting Bring Your Own License (BYOL) or socket/core-based licensing strategies that benefit from host-level control. – Reducing “noisy neighbor” risk and improving performance predictability for sensitive workloads. – Enabling placement control (where your instances run) for operational or policy reasons.

Service status and naming: As of the latest generally available Alibaba Cloud ECS documentation, Dedicated Host remains an active ECS capability and is commonly referenced as DDH. Always confirm the latest capabilities and limits in the official ECS Dedicated Host documentation (links in the Resources section).

---

2. What is Dedicated Host?

Official purpose

Alibaba Cloud Dedicated Host provides dedicated physical hosts for your ECS instances, offering single-tenant isolation and host-level resource control while still using the ECS virtualization and management plane.

Core capabilities

• Single-tenant physical isolation: the host is dedicated to your Alibaba Cloud account.
• Deploy ECS instances on the host: create and manage ECS instances that consume the host’s CPU and memory capacity.
• Placement and capacity control: choose deployment strategies (for example, manual selection of a host vs. placement by the platform within a dedicated host group/cluster—capabilities vary; verify in official docs for your region).
• Visibility into host capacity: track available/used vCPU and memory at the host level.
• Integration with ECS ecosystem: VPC networking, security groups, cloud disks, snapshots, monitoring, IAM (RAM), and auditing.

Major components

• Dedicated Host (DDH): the physical server allocated to your account, with defined CPU and memory capacity and a host type/SKU.
• ECS instances on DDH: virtual machines deployed onto a DDH. Their instance types must be compatible with the host’s capacity and supported families.
• Networking: typically VPC + vSwitch + security groups. Instances on DDH attach to VPC networking like normal ECS instances.
• Storage: typically cloud disks (ESSD/SSD/HDD depending on region and offering). Dedicated Host does not automatically imply local disks; verify host/instance storage options per instance family.

Service type

• Infrastructure / Compute capacity service (host-level) that underpins ECS instance deployment.

Scope (regional/zonal/account)

• Account-scoped: Dedicated Hosts belong to your Alibaba Cloud account and are governed by RAM permissions.
• Region and zone scoped: Dedicated Hosts are created in a specific region and usually a specific zone. ECS instances placed on a DDH must match the zone and networking constraints. Confirm exact placement rules in the latest ECS docs for your regions.

How it fits into the Alibaba Cloud ecosystem

Dedicated Host sits in the Computing layer and is consumed via ECS. You typically combine it with: – VPC for private networking – Security Groups for instance firewalling – Elastic IP Address (EIP) for public connectivity (optional) – ApsaraDB / OSS / NAS for data services – CloudMonitor for metrics and alerting – ActionTrail for audit logs – Resource Management (resource groups, tags) for governance

---

3. Why use Dedicated Host?

Business reasons

• Compliance and audit: Some standards or customer contracts require single-tenant compute or clearer isolation boundaries.
• Licensing optimization: Certain commercial software licenses are priced per socket/core/host. Host-level dedication can simplify license accounting (always validate license terms with your vendor).
• Cost predictability for steady workloads: If you keep many instances running continuously, paying for a host can be easier to forecast than per-instance variability (depends on your instance mix and discounts).

Technical reasons

• Stronger isolation than shared tenancy for compute resources, reducing contention risk.
• Placement control: Align workloads that must reside on the same host or must not share with unknown tenants (exact placement features vary; verify).
• Consistency: Standardize host hardware profiles for performance-sensitive services.

Operational reasons

• Capacity planning at a host level: you manage headroom (vCPU/memory) explicitly.
• Change control: Dedicated capacity can simplify operational approvals for regulated environments.

Security/compliance reasons

• Single-tenant host boundary reduces cross-tenant risk on the same physical machine.
• Easier to align with data residency and internal security policies that mandate dedicated compute.

Scalability/performance reasons

• Better predictability for latency-sensitive services.
• Ability to reserve host capacity for critical workloads (note: dedicated host itself is the reservation; additional reservation constructs, if any, must be verified in official docs).

When teams should choose Dedicated Host

• You have compliance requirements for single-tenant compute.
• You need BYOL alignment or license mobility strategies.
• You run steady, long-lived compute where host-level commitment makes sense.
• You need tight operational control over placement and capacity.

When teams should not choose it

• You need maximum elasticity with minimal planning (shared ECS is simpler).
• Your workloads are spiky and short-lived (host costs may be underutilized).
• You don’t want to manage capacity fragmentation (instances may not “fit” even if total free capacity looks sufficient).
• You could meet requirements with simpler constructs (for example, shared ECS + security controls), or with Bare Metal ECS if you truly need non-virtualized performance (evaluate carefully).

---

4. Where is Dedicated Host used?

Industries

• Financial services (risk systems, core banking components, trading support)
• Healthcare and life sciences (regulated workloads, sensitive datasets)
• Government and public sector (single-tenant requirements)
• Telecommunications (network functions and operational systems)
• SaaS providers with strict customer isolation needs
• Media/gaming (latency and performance consistency)

Team types

• Platform engineering teams building standardized compute landing zones
• Security and compliance teams enforcing tenant isolation requirements
• DevOps/SRE teams running stateful services with strict performance SLOs
• Enterprise infrastructure teams migrating from on-prem virtualization

Workloads

• Commercial databases and middleware with host-based licensing concerns
• Security-sensitive services (PKI components, internal auth services)
• Stateful systems needing predictable CPU scheduling
• Private Kubernetes nodes with strict isolation requirements (verify operational fit)

Architectures

• Three-tier applications with dedicated app/database layers
• Microservices platforms where critical components run on dedicated hosts
• Hybrid architectures: on-prem + Alibaba Cloud, with dedicated hosts for regulated tiers

Real-world deployment contexts

• Production environments with compliance obligations
• Dedicated capacity pools for a business unit
• Dev/test environments only when required by licensing constraints (otherwise shared ECS is more cost-effective)

---

5. Top Use Cases and Scenarios

Below are realistic Dedicated Host scenarios. Each includes the problem, why Dedicated Host fits, and a short example.

1) BYOL for host/socket/core licensed software

• Problem: Software licensing is tied to physical cores/sockets or requires dedicated hardware.
• Why Dedicated Host fits: You control host-level isolation and can map VM usage to a dedicated physical host boundary.
• Example: An enterprise deploys a commercial database with licensing that benefits from running on dedicated physical hosts.

2) Regulatory requirement for single-tenant compute

• Problem: A regulator or customer contract requires workloads to run on single-tenant infrastructure.
• Why Dedicated Host fits: The host is dedicated to your account; other tenants do not share the same physical machine.
• Example: A healthcare provider runs sensitive patient processing services on Dedicated Host.

3) Reduce “noisy neighbor” risk for latency-sensitive services

• Problem: Shared tenancy can introduce variable performance due to other tenants.
• Why Dedicated Host fits: Dedicated physical host reduces cross-tenant contention.
• Example: A payment gateway’s transaction service runs on DDH for stable latency.

4) Isolation boundary for security hardening

• Problem: Security team wants a stronger isolation layer than shared infrastructure for certain systems.
• Why Dedicated Host fits: Physical isolation complements VPC/security group controls.
• Example: Internal authentication services and secrets brokers run on DDH.

5) Dedicated capacity pool for a critical business unit

• Problem: A business unit needs guaranteed compute capacity during peak.
• Why Dedicated Host fits: Host capacity is reserved for your account and can be managed as a pool.
• Example: An e-commerce company reserves hosts for checkout services.

6) Controlled placement for clustering or affinity requirements

• Problem: Certain systems require specific placement patterns (e.g., keep a set of nodes together or isolate them).
• Why Dedicated Host fits: You can place instances onto selected dedicated hosts (placement options vary—verify).
• Example: A low-latency analytics cluster places worker nodes on specific hosts.

7) Migration path from on-prem virtualization to cloud

• Problem: Teams used to managing host capacity and VM placement need a similar model in cloud.
• Why Dedicated Host fits: It resembles a “virtualization cluster” approach while retaining cloud APIs.
• Example: A company migrates VMware-like VM fleets to ECS-on-DDH.

8) Multi-tenant SaaS with premium “dedicated compute” tier

• Problem: Some customers demand physical isolation from other customers.
• Why Dedicated Host fits: You can offer a dedicated host-backed deployment option.
• Example: A SaaS vendor provisions one DDH per premium customer environment.

9) Workloads requiring predictable performance baselines

• Problem: Performance testing and benchmarking need consistent underlying hardware.
• Why Dedicated Host fits: Single-tenant host reduces variability and simplifies test comparisons.
• Example: A performance engineering team benchmarks builds on DDH.

10) Incident isolation and blast-radius reduction

• Problem: A noisy or compromised workload should not impact unrelated workloads.
• Why Dedicated Host fits: You can segment by host, limiting certain resource-sharing risks.
• Example: Security isolates internet-facing components onto a dedicated host pool.

11) Dedicated environment for third-party audits

• Problem: Auditors require clear evidence of physical isolation.
• Why Dedicated Host fits: Dedicated host allocation supports clearer audit narratives (confirm evidence/artifacts in docs).
• Example: A fintech prepares audit documentation demonstrating dedicated host usage.

12) Specialized operational control for patch windows/maintenance coordination

• Problem: Teams want tighter control over maintenance events for critical workloads.
• Why Dedicated Host fits: While the cloud still manages hardware, host-level management primitives may support planning (verify exact maintenance event behavior).
• Example: A bank schedules OS patching and capacity headroom on dedicated hosts.

---

6. Core Features

Note: Feature availability can vary by region, host type, and ECS instance family. Verify details in official Alibaba Cloud ECS Dedicated Host documentation for your region.

6.1 Single-tenant physical host allocation

• What it does: Allocates a physical server to your account.
• Why it matters: Stronger isolation than shared compute.
• Practical benefit: Helps meet compliance and reduces performance interference.
• Caveats: You still share underlying cloud facilities (network fabric, control plane). Dedicated Host does not automatically mean isolated network—use VPC/security controls.

6.2 Run ECS instances on Dedicated Host

• What it does: Lets you create ECS instances “on” a chosen dedicated host.
• Why it matters: You get VM agility (images, snapshots, cloud disks) with dedicated hardware boundaries.
• Practical benefit: Standard ECS management experience with dedicated placement.
• Caveats: Not all ECS instance types are supported on DDH; selection depends on region and host type.

6.3 Host capacity accounting (vCPU/memory)

• What it does: Shows total vs available vCPU and memory on the host.
• Why it matters: Capacity planning and preventing overcommit beyond supported limits.
• Practical benefit: Predictable scheduling and easier headroom management.
• Caveats: Capacity fragmentation can occur (e.g., you may have enough total memory but not enough contiguous capacity to fit a chosen instance shape—behavior depends on allocation rules; verify).

6.4 Placement control (manual host selection)

• What it does: Lets you select a specific dedicated host when creating an ECS instance (typical DDH workflow).
• Why it matters: Enables controlled placement for compliance, performance, or operational segmentation.
• Practical benefit: You can separate tiers (web/app/db) by host or consolidate specific nodes.
• Caveats: Some automation integrations (Auto Scaling, orchestration) may have constraints; verify supported deployment policies.

6.5 Dedicated Host groups/clusters (where available)

• What it does: Allows organizing multiple dedicated hosts into a logical container for management and placement policies.
• Why it matters: Easier operations at scale: tagging, policy, and capacity planning across many hosts.
• Practical benefit: Platform teams can manage capacity pools per environment.
• Caveats: Terminology and availability vary; confirm “Dedicated Host Cluster” capabilities in your region.

6.6 Integration with ECS images, snapshots, and cloud disks

• What it does: Instances on DDH use standard ECS constructs like images and cloud disks.
• Why it matters: You keep cloud operational conveniences.
• Practical benefit: Fast provisioning, standard backup via snapshots, disk resizing (subject to ECS disk rules).
• Caveats: Storage performance depends on disk type and instance family; DDH does not automatically increase disk throughput.

6.7 Networking integration (VPC, security groups, EIP)

• What it does: Instances on DDH attach to VPC/vSwitch and use security groups like other ECS instances.
• Why it matters: Consistent network model across shared and dedicated compute.
• Practical benefit: Private subnets, NAT, SLB, and microsegmentation remain available.
• Caveats: Public access still requires careful design (EIP, SLB, NAT). Dedicated host is not a security boundary by itself.

6.8 Monitoring and alerting (CloudMonitor)

• What it does: Provides metrics/alerts for ECS instances and (in many cases) host-level visibility.
• Why it matters: Operations teams need health indicators and capacity alarms.
• Practical benefit: Alert when host capacity is low, or instance CPU is high.
• Caveats: Exact host-level metrics exposed can vary. Validate metric names and availability.

6.9 Governance: tags, resource groups, RAM control, audit logs

• What it does: Apply tags/resource groups, restrict access via RAM, and audit actions via ActionTrail.
• Why it matters: Dedicated hosts are often used in regulated environments with strict governance.
• Practical benefit: Least privilege, traceability, chargeback/showback.
• Caveats: Misconfigured RAM policies can create operational bottlenecks (e.g., no one can release hosts).

6.10 Lifecycle management (create, use, release)

• What it does: Purchase/allocate hosts, deploy instances, then release hosts when not needed.
• Why it matters: Dedicated capacity costs money even if idle.
• Practical benefit: Explicit lifecycle encourages cost discipline.
• Caveats: Releasing a host usually requires that it has no running instances (and sometimes no instances at all). Billing rules differ between subscription and pay-as-you-go—verify.

---

7. Architecture and How It Works

High-level service architecture

Dedicated Host introduces a two-level model: 1. Host level: You allocate a physical host (DDH) in a zone. 2. Instance level: You deploy ECS instances that consume host resources.

Control plane actions (create host, create instance, attach disks, assign networking) go through Alibaba Cloud APIs/console and are governed by RAM. Data plane traffic flows between ECS instances and other services through VPC networking, security groups, and optional load balancing/NAT.

Request/data/control flow (typical)

1. Admin purchases/creates a Dedicated Host in a zone.
2. Admin creates VPC/vSwitch and security group (or uses existing).
3. Admin launches an ECS instance and selects the Dedicated Host as placement.
4. ECS control plane allocates vCPU/memory from DDH capacity and provisions the instance.
5. Instance boots from an image; cloud disks attach; instance joins VPC.
6. Workload traffic flows through: – Internal VPC traffic to databases, caches, OSS endpoints, etc. – Optional public ingress/egress via EIP, SLB, NAT Gateway, or shared bandwidth packages (depending on your network design).

Integrations with related services

Common integrations include: – ECS: Instances, images, disks, snapshots, security groups. – VPC: vSwitch, route tables, NAT Gateway, VPN Gateway, CEN (depending on architecture). – Server Load Balancer (SLB): front-end traffic distribution (verify current Alibaba Cloud SLB product naming in your region). – CloudMonitor: metrics and alarms. – ActionTrail: auditing API and console actions. – Resource Management: resource groups, tag policies.

Dependency services

• Billing: Dedicated Host charges are separate from ECS instance charges in many purchasing models; confirm exact billing decomposition for your SKU.
• RAM: Permissions required for creating hosts and instances.
• Quota system: Region quotas for dedicated hosts and ECS.

Security/authentication model

• RAM users/roles authenticate to the Alibaba Cloud control plane.
• API calls are authorized by RAM policies.
• Instance access uses SSH keys (Linux) or passwords (less recommended) and security group rules.
• Auditing via ActionTrail records relevant API operations.

Networking model

• Instances on Dedicated Host use the same ECS network model:
• Deployed into VPC and vSwitch (subnet).
• Governed by security groups (stateful virtual firewall).
• Optional EIP for public IP; otherwise private-only.
• For inbound internet traffic at scale, typically use SLB in front of instances.

Monitoring/logging/governance considerations

• Use CloudMonitor for instance-level and (where supported) host-level metrics.
• Use ActionTrail for control-plane auditing.
• Use consistent tags and resource groups to track dedicated host ownership, environment, and cost center.
• Track host utilization and fragmentation over time to prevent waste.

Simple architecture diagram (Mermaid)

flowchart LR
  A[Admin / DevOps] -->|Console/API (RAM Auth)| C[ECS Control Plane]
  C --> D[Dedicated Host (DDH) in Zone]
  C --> E[ECS Instance on DDH]
  E --> F[VPC vSwitch]
  E --> G[Cloud Disks]
  E --> H[CloudMonitor / ActionTrail]

Production-style architecture diagram (Mermaid)

flowchart TB
  U[Users] -->|HTTPS| SLB[Load Balancer (SLB)]
  SLB --> W1[ECS Web Tier<br/>on Dedicated Host Pool]
  SLB --> W2[ECS Web Tier<br/>on Dedicated Host Pool]

  subgraph VPC[Alibaba Cloud VPC]
    direction TB
    subgraph APP[Private Subnets]
      W1 --> A1[ECS App Tier<br/>on Dedicated Host]
      W2 --> A2[ECS App Tier<br/>on Dedicated Host]
      A1 --> DB[ApsaraDB / Self-managed DB on ECS]
      A2 --> DB
      A1 --> CACHE[Cache/Queue Service]
      A2 --> CACHE
    end

    subgraph SEC[Security & Ops]
      CM[CloudMonitor Alarms]
      AT[ActionTrail Audit Logs]
      RAM[RAM Policies/Users/Roles]
    end
  end

  CM -.-> A1
  CM -.-> A2
  AT -.-> RAM

---

8. Prerequisites

Account requirements

• An active Alibaba Cloud account with a verified payment method.
• Billing enabled for ECS and related services.

Permissions (RAM)

Minimum permissions typically include: – ECS permissions to manage Dedicated Hosts and instances (e.g., policies equivalent to ECS full access or scoped custom policies). – VPC permissions to create/select VPC, vSwitch, and security groups. – If using EIP/SLB/NAT, permissions for those services too.

For least privilege: – Create a RAM policy that allows only required actions such as CreateDedicatedHost, DescribeDedicatedHosts, CreateInstance, RunInstances, StartInstance, StopInstance, DeleteInstance, and required VPC/security group actions.
– Verify exact action names in the official ECS RAM policy reference (action names can differ by API version).

Billing requirements

• Dedicated Host often has separate billing from ECS instances.
• Choose pay-as-you-go for a short lab if available in your region to reduce commitment risk.
• Be aware that Dedicated Hosts can be costly compared to shared ECS; plan cleanup.

Tools

• Alibaba Cloud Console (web UI)
• Optional: Alibaba Cloud CLI (aliyun) for verification and automation
  Official CLI: https://www.alibabacloud.com/help/en/alibaba-cloud-cli/latest/what-is-alibaba-cloud-cli

Region availability

• Dedicated Host is region and zone dependent.
• Before starting, confirm that your target region supports Dedicated Host and that desired host types are available.

Quotas/limits

• Dedicated Host quotas per region/account may apply.
• Some accounts require quota increases before creating dedicated hosts.
• Verify in Quota Center and ECS documentation.

Prerequisite services

• VPC with at least one vSwitch in the same zone as your Dedicated Host.
• Security group in the same VPC.
• SSH key pair (recommended) for Linux instance access.

---

9. Pricing / Cost

Pricing varies by region, host type, billing method (subscription vs pay-as-you-go), and sometimes by enterprise agreement. Do not rely on fixed numbers from third parties—use the official pricing pages and the Alibaba Cloud pricing calculator for your region.

Pricing dimensions (typical)

Dedicated Host cost commonly depends on: – Host type/SKU (CPU generation, core count, memory) – Billing method – Pay-as-you-go: billed per hour/second granularity (model varies; verify) – Subscription: billed upfront for a term (monthly/annual) – Quantity of dedicated hosts – Region/zone (availability and price differ)

In addition, you usually still pay for: – ECS instance charges (depending on how Alibaba Cloud structures pricing for DDH in your region—some models charge primarily for host capacity, others may still include instance components; verify your pricing breakdown in the official pricing page) – Cloud disks (ESSD/SSD/HDD), snapshots, and IOPS tiers – Network: – Public bandwidth (EIP bandwidth or pay-by-traffic) – NAT Gateway, SLB, and inter-region traffic (if used) – Monitoring/logging (advanced monitoring, log storage if using Log Service)

Free tier

Dedicated Host is generally not a free-tier product. You may have general ECS or account credits, but do not assume a free tier for DDH.

Primary cost drivers

• Idle capacity: You pay for the host even if you run few/small instances.
• Overprovisioning headroom: Keeping extra capacity for failover or scaling increases costs.
• Disk performance tier: ESSD tiers and large IOPS requirements can dominate costs.
• Outbound internet traffic: High egress can be costly depending on bandwidth model.

Hidden/indirect costs

• Operational overhead: capacity planning and fragmentation management.
• High availability design: you may need multiple hosts across zones to meet HA targets.
• Backups: snapshot storage and retention.
• Security tooling: bastion hosts, WAF, vulnerability scanning, etc.

Network/data transfer implications

• Intra-VPC traffic is typically cheaper than internet egress, but cross-zone or cross-region traffic may have different billing. Verify Alibaba Cloud networking pricing for your topology.
• If you attach EIP and use pay-by-traffic, heavy outbound traffic can surprise you.

How to optimize cost

• Use Dedicated Host only for workloads that truly need it; keep the rest on shared ECS.
• Right-size hosts to your stable baseline and use shared ECS for burst (hybrid strategy).
• Standardize instance shapes to reduce fragmentation (fewer shapes fit better).
• Use tags and budgets to track host utilization and avoid “zombie” capacity.
• For subscription hosts, align term length with real workload commitment.

Example low-cost starter estimate (no fabricated numbers)

A practical way to estimate your lab cost:

1. Dedicated Host (pay-as-you-go)
   – Cost = host hourly rate × hours allocated
2. ECS instance OS disk + data disks
   – Cost = disk GB-month + IOPS tier + snapshots
3. Public access (optional)
   – If EIP: EIP bandwidth or traffic charges × usage
4. Other services (optional)
   – SLB, NAT Gateway, monitoring/log storage

To keep a lab low-cost: – Allocate one Dedicated Host for the shortest possible time. – Deploy one small ECS instance on it. – Avoid EIP if you can use a bastion/VPN already in your environment (but don’t build extra infrastructure just for a lab).

Example production cost considerations

For production, model: – N dedicated hosts across at least two zones for availability goals. – Average and peak instance footprint (vCPU/memory). – Disk requirements (capacity + performance). – Data protection (snapshots, cross-region backups). – Network egress volumes.

Official pricing references

• Alibaba Cloud pricing landing page: https://www.alibabacloud.com/pricing
• Alibaba Cloud pricing calculator (if available in your region): https://www.alibabacloud.com/calculator
• Dedicated Host product page (often links to pricing): https://www.alibabacloud.com/product/dedicated-host
• ECS documentation (Dedicated Host): https://www.alibabacloud.com/help/en/ecs

If your account is under an enterprise agreement, the effective price may be negotiated—confirm with your Alibaba Cloud account team.

---

10. Step-by-Step Hands-On Tutorial

This lab provisions a Dedicated Host and launches a Linux ECS instance on it, then verifies placement and connectivity.

Objective

• Create a Dedicated Host in Alibaba Cloud ECS.
• Create a VPC environment (or reuse an existing one).
• Launch an ECS instance on the Dedicated Host.
• Verify you can connect and confirm the instance is placed on the dedicated host.
• Clean up resources to avoid ongoing charges.

Lab Overview

You will: 1. Choose a region/zone that supports Dedicated Host. 2. Create VPC + vSwitch + security group. 3. Create an SSH key pair. 4. Purchase/create a Dedicated Host (pay-as-you-go if available). 5. Create an ECS instance and explicitly place it on the Dedicated Host. 6. Validate with console checks and an SSH login test. 7. Release the ECS instance and then release the Dedicated Host.

Cost warning: Dedicated Host can be significantly more expensive than a regular ECS instance. If pay-as-you-go is available, keep the host for the minimum time and clean up immediately after validation.

---

Step 1: Pick a region/zone and confirm Dedicated Host availability

1. Sign in to Alibaba Cloud Console: https://home.console.aliyun.com/
2. Open Elastic Compute Service (ECS).
3. In the top navigation, select a Region close to you (or required by policy).
4. In ECS, find Dedicated Hosts (menu naming varies by console version).
5. Confirm: – You can create a Dedicated Host in this region. – At least one zone and host type is available.

Expected outcome: You have identified a specific Region + Zone where Dedicated Host can be created.

Verification: You can view the Dedicated Host creation/purchase page and see available host types.

---

Step 2: Create a VPC and vSwitch (or reuse an existing VPC)

If you already have a VPC in the same region and an appropriate vSwitch in the same zone you selected, you can reuse it.

Create a new VPC (recommended for a clean lab): 1. Go to VPC Console. 2. Create a VPC: – IPv4 CIDR: choose a non-overlapping range such as 10.20.0.0/16. 3. Create a vSwitch in the same zone as the Dedicated Host: – vSwitch CIDR: e.g., 10.20.1.0/24.

Expected outcome: A VPC and vSwitch exist in your chosen region/zone.

Verification: In VPC console, confirm the vSwitch shows the correct zone.

---

Step 3: Create a security group for SSH and basic outbound access

1. In ECS Console → Security Groups → Create Security Group.
2. Choose: – Network type: VPC – VPC: your lab VPC
3. Add inbound rules: – SSH (TCP 22) from your public IP (preferred) or a temporary narrow CIDR.
   • If you don’t know your public IP, you can temporarily use a restricted office/VPN range. Avoid 0.0.0.0/0 for production; for a short lab it is still risky.

Outbound defaults are usually permissive; keep defaults unless you need strict egress control.

Expected outcome: A security group exists allowing SSH from a safe source range.

Verification: Security group inbound rule list shows port 22 allowed from your chosen CIDR.

---

Step 4: Create an SSH key pair (Linux)

1. ECS Console → Network & Security (or Key Pairs) → Create Key Pair.
2. Name: ddh-lab-key
3. Download the private key file (.pem) and store it securely.
4. On your local machine, set permissions (macOS/Linux):

chmod 600 ddh-lab-key.pem

Expected outcome: You have a usable SSH private key for instance login.

Verification: Key pair appears in ECS console.

---

Step 5: Create the Dedicated Host

1. ECS Console → Dedicated Hosts → Create/Purchase Dedicated Host.
2. Choose: – Billing: Pay-as-you-go if available (recommended for lab). – Region/Zone: match the zone used by your vSwitch. – Host type: pick the smallest/lowest-cost host type available to your account/region. – Quantity: 1
3. Confirm and create.

Expected outcome: A Dedicated Host appears in the Dedicated Hosts list with a Host ID and Available Capacity.

Verification: – Dedicated Host status is Running/Available (wording varies). – You can see capacity fields (vCPU/memory) and a host ID like dh-xxxxx.

Common issue: You may hit a quota limit or “insufficient capacity” for a host type.
Fix: Try a different zone/host type or request quota increase in Quota Center.

---

Step 6: Create an ECS instance placed on the Dedicated Host

1. ECS Console → Instances → Create Instance.
2. Configure basics: – Billing: Pay-as-you-go (recommended for lab) – Region/Zone: same as Dedicated Host – Network: select your lab VPC and vSwitch
3. Instance placement: – Find the placement/tenancy setting (console wording varies). – Choose Dedicated Host and select your created host (by Host ID).
4. Instance type: – Choose an instance type that “fits” the DDH capacity and is supported for DDH in that region.
5. Image: – Choose a common Linux image (e.g., Alibaba Cloud Linux, Ubuntu, or CentOS if still offered in your region—verify current availability).
6. Storage: – Keep the default system disk size (small) and default disk type unless you need otherwise.
7. Security: – Security group: select your lab security group. – Login: select Key Pair and choose ddh-lab-key.
8. Public connectivity: – For easiest validation, you may assign a public IP or EIP depending on your account settings. – If you can’t assign a public IP directly, consider creating and binding an EIP (this may increase cost).
9. Create the instance.

Expected outcome: One running ECS instance is created on the Dedicated Host.

Verification: – In the instance details page, confirm there is a field such as Dedicated Host ID or similar showing the host ID you created. – The instance is in Running state.

Common issue: “No available host capacity” even though capacity looks available.
Fix: Instance shape may not fit due to allocation constraints/fragmentation. Try a smaller instance type or a different host type.

---

Step 7: Connect to the ECS instance via SSH

If the instance has a public IP: 1. Find the instance Public IP in ECS console. 2. SSH from your terminal:

ssh -i ddh-lab-key.pem root@<PUBLIC_IP>

• For Ubuntu images, the user is often ubuntu instead of root. Check the image documentation in the console.

Once connected, run:

uname -a
hostname

Expected outcome: You have interactive shell access to the instance.

Verification: The commands return Linux kernel and hostname output.

Common issue: SSH timeout.
Fix checklist: – Security group inbound rule allows TCP 22 from your current public IP. – Instance has a public IP/EIP and is reachable. – No local firewall/VPN is blocking outbound 22. – Instance is in the Running state.

---

Step 8 (Optional): Verify Dedicated Host placement via Alibaba Cloud CLI

If you want an additional verification path, install and configure Alibaba Cloud CLI:

• CLI overview: https://www.alibabacloud.com/help/en/alibaba-cloud-cli/latest/what-is-alibaba-cloud-cli

Then list dedicated hosts (command parameters vary by CLI version; verify in CLI docs):

aliyun ecs DescribeDedicatedHosts --RegionId <your-region-id>

And describe the instance to confirm the dedicated host ID:

aliyun ecs DescribeInstances --RegionId <your-region-id> --InstanceIds '["<your-instance-id>"]'

Expected outcome: CLI output includes the instance details showing association with your Dedicated Host.

Note: If CLI parameters differ in your environment, follow the latest CLI ECS command reference and API parameter names.

---

Validation

You have completed the lab if all are true: – A Dedicated Host exists in ECS console. – An ECS instance is running and shows it is associated with that Dedicated Host (host ID match). – You can SSH into the instance (if you enabled public access) and run basic commands.

---

Troubleshooting

Issue: Dedicated Host creation fails due to quota – Check Quota Center for ECS/Dedicated Host limits. – Try a different region/zone. – Request a quota increase if necessary.

Issue: No suitable instance types – Not all instance families are supported on DDH in all regions. – Choose from the recommended/compatible instance types shown in the console when you select Dedicated Host placement.

Issue: Instance won’t start on DDH – Ensure the instance is in the same zone as the DDH. – Ensure you selected the correct host during creation. – Try a smaller instance type or check available vCPU/memory on the DDH.

Issue: SSH access fails – Confirm security group rules. – Confirm you used the correct username for the selected image. – Confirm the key pair was selected at creation. – If you assigned an EIP, ensure it is bound to the instance and routing is correct.

---

Cleanup

To avoid ongoing charges, clean up in this order:

1. Terminate/Release the ECS instance – ECS Console → Instances → select instance → More → Release (wording varies). – Confirm instance is fully released.

2. Release the Dedicated Host – ECS Console → Dedicated Hosts → select host → Release. – If release is blocked, confirm there are no instances on the host.

3. Optional cleanup (if created): – Release EIP – Delete security group (if not used elsewhere) – Delete vSwitch and VPC (ensure nothing else depends on them) – Delete snapshots (if any)

Expected outcome: No billable DDH resources remain in the region.

---

11. Best Practices

Architecture best practices

• Use Dedicated Host selectively: Put only regulated/licensed/performance-critical tiers on DDH. Keep stateless or bursty tiers on shared ECS.
• Design for availability: A single host is a single failure domain. For HA:
• Use multiple dedicated hosts, ideally across zones where possible.
• Use load balancers and health checks.
• Avoid capacity fragmentation: Standardize instance sizes to improve packing efficiency.

IAM/security best practices

• Use RAM roles and least privilege:
• Separate roles for host management vs instance operations.
• Require approvals for releasing hosts in production.
• Enforce MFA for privileged RAM users.
• Use ActionTrail and route logs to a protected storage location.

Cost best practices

• Track host utilization (allocated vs available CPU/memory).
• Use tags like env=prod, owner=team-x, cost-center=1234, workload=db.
• Set budgets/alerts for Dedicated Host spending.
• Prefer pay-as-you-go for labs, and ensure cleanup.

Performance best practices

• Right-size instance types to workload needs.
• Select disk types (ESSD tiers) based on real IOPS/latency requirements.
• Use placement to separate noisy internal workloads even within your own account (e.g., keep batch jobs off hosts running latency-critical services).

Reliability best practices

• Implement backups (snapshots, database backups) and test restores.
• Use multi-host strategy for critical services.
• Automate instance provisioning using images and infrastructure-as-code (Terraform is commonly used on Alibaba Cloud—verify provider support for dedicated host resources).

Operations best practices

• Maintain a capacity plan per environment:
• baseline capacity
• growth forecast
• failover headroom
• Document host lifecycle procedures:
• provisioning
• maintenance windows
• decommissioning
• Standardize naming:
• ddh-<env>-<zone>-<team>-<index>
• ecs-<app>-<env>-<role>-<index>

Governance/tagging/naming best practices

• Mandatory tags for all hosts and instances.
• Resource groups per environment (dev/test/prod) or per business unit.
• Periodic reviews:
• unused hosts
• underutilized hosts
• instances missing tags

---

12. Security Considerations

Identity and access model

• Dedicated Host is controlled via Alibaba Cloud RAM.
• Implement:
• Least privilege policies for DedicatedHost* and ECS instance actions.
• Separate duties (host provisioning vs instance operations vs auditing).
• Logging and change management.

Encryption

• For data at rest, use encrypted cloud disks if supported for your region/disk type.
• For data in transit:
• Use TLS for application traffic.
• Use SSH keys for admin access.

Dedicated Host does not inherently encrypt your data; encryption depends on the storage and application layers.

Network exposure

• Keep instances private in VPC by default.
• Use controlled ingress patterns:
• SLB for application traffic
• Bastion host or VPN for admin access
• Restrict security group rules to least access:
• SSH from admin CIDRs only
• No broad inbound 0.0.0.0/0 unless unavoidable and protected by additional controls

Secrets handling

• Avoid baking secrets into images.
• Use a secrets manager approach appropriate for Alibaba Cloud (verify current recommended services and patterns in official docs).
• Rotate credentials and keys regularly.

Audit/logging

• Enable ActionTrail and retain logs according to policy.
• Collect OS and application logs (Log Service/SLS is commonly used on Alibaba Cloud; verify your regional availability and compliance requirements).

Compliance considerations

• Dedicated Host helps with single-tenant compute requirements, but compliance also depends on:
• access controls
• encryption
• logging
• vulnerability management
• incident response

Common security mistakes

• Assuming Dedicated Host replaces network security controls.
• Overexposing instances with public IPs and broad security group rules.
• Failing to log and audit host/instance lifecycle actions.
• Not restricting who can release or reconfigure Dedicated Hosts.

Secure deployment recommendations

• Use a private VPC design, with controlled ingress and egress.
• Enforce tagging and policy-as-code where possible.
• Apply vulnerability management and patching to the guest OS.
• Maintain documented runbooks for host and instance incidents.

---

13. Limitations and Gotchas

Exact limits and behaviors can differ by region and host type. Confirm with official ECS documentation and your account’s quota settings.

Known limitations / common constraints

• Zone binding: Dedicated Hosts are typically created in a specific zone; ECS instances must match the zone.
• Instance type compatibility: Not all ECS instance types/families can be deployed on Dedicated Host.
• Capacity fragmentation: You may be unable to place an instance even if total remaining resources seem sufficient.
• Billing while idle: Dedicated Host costs accrue even if no instances are running (depending on billing model).
• Lifecycle dependency: You often cannot release a Dedicated Host while it still has instances deployed.
• Operational overhead: Requires ongoing capacity planning and utilization management.

Quotas

• Number of Dedicated Hosts per region.
• Possibly per host type.
• vCPU/memory caps per account or zone.
• These quotas may be adjustable via support request.

Regional constraints

• Certain host types may exist only in selected regions/zones.
• Some compliance features, disk types, or monitoring features may vary.

Pricing surprises

• Underutilization is the most common cost pitfall.
• High-performance disk tiers and snapshots can exceed compute costs.
• Public egress charges can be significant.

Compatibility issues

• Some images or instance families may not be supported with certain dedicated host types.
• Some automation and scaling tools may have limitations with dedicated placement (verify before adopting).

Migration challenges

• Moving from shared ECS to DDH typically means redeploying instances onto DDH (image-based migration can help).
• Planning downtime or using blue/green deployment is often required.

Vendor-specific nuances

• Dedicated Host provides single-tenant host isolation but still uses the cloud control plane.
• Hardware maintenance events and failover behavior are cloud-managed; understand what is and isn’t guaranteed in SLAs and documentation.

---

14. Comparison with Alternatives

Dedicated Host is one option in the Alibaba Cloud Computing portfolio. Here’s how it compares to common alternatives.

Key alternatives

• Alibaba Cloud ECS (shared tenancy): Standard multi-tenant compute instances.
• Alibaba Cloud ECS Bare Metal Instance: Bare metal compute (no virtualization layer) for maximum performance and hardware-level control.
• Other clouds:
• AWS Dedicated Hosts
• Azure Dedicated Host
• Google Cloud Sole-tenant nodes
• Self-managed:
• On-prem virtualization or bare metal in colocation facilities

Comparison table

Option	Best For	Strengths	Weaknesses	When to Choose
Alibaba Cloud Dedicated Host	Single-tenant host isolation with ECS management	Host-level isolation, placement control, ECS ecosystem integration	Requires capacity planning; can be costly if underutilized; instance type constraints	Compliance/BYOL/predictable performance needs
Alibaba Cloud ECS (shared)	General-purpose workloads, elastic scaling	Simplicity, broad instance selection, lower entry cost	Multi-tenant “noisy neighbor” risk; less isolation	Most web apps, dev/test, bursty workloads
Alibaba Cloud ECS Bare Metal Instance	Maximum performance, specialized workloads	Direct hardware performance, strong isolation	Less VM flexibility; may have different operational patterns and availability constraints	High-performance databases, NFV, custom virtualization stacks
AWS Dedicated Hosts	Dedicated host model on AWS	Mature ecosystem, license mobility options	Different APIs/constraints; cost	When you are standardized on AWS
Azure Dedicated Host	Dedicated hosts in Azure	Integration with Azure governance	Similar capacity planning complexity	When you are standardized on Azure
GCP Sole-tenant nodes	Dedicated compute nodes in GCP	Strong GCP integration	Similar complexity; product differences	When you are standardized on GCP
On-prem / colo	Full control, custom hardware	Maximum control, data locality	CapEx/ops burden, longer procurement cycles	Strict data locality, special hardware, long-lived stable workloads

---

15. Real-World Example

Enterprise example: Regulated payment platform with license constraints

• Problem: A regulated payments company must isolate sensitive transaction processing and align deployment with commercial software licensing based on physical host boundaries. They also need clear audit evidence and predictable performance.
• Proposed architecture:
• Two zones in a region (where available)
• A pool of Dedicated Hosts per zone
• ECS instances for app and middleware tiers placed on DDH
• Managed database service (or self-managed DB on ECS) in private subnets
• SLB for inbound traffic, WAF/edge controls (if used), NAT for controlled egress
• CloudMonitor alarms and ActionTrail for audit
• Why Dedicated Host was chosen:
• Single-tenant compute boundary for compliance
• Improved performance predictability
• Better alignment with vendor licensing rules (after legal review)
• Expected outcomes:
• Reduced audit friction with clearer infrastructure isolation
• More consistent latency during peak transaction windows
• Improved governance via host-level capacity pools and tagging

Startup/small-team example: Premium isolated tier for B2B SaaS

• Problem: A B2B SaaS startup has a few enterprise customers demanding dedicated infrastructure isolation and predictable performance, but the rest of the platform can remain multi-tenant.
• Proposed architecture:
• Standard SaaS runs on shared ECS with autoscaling
• Premium tier runs on a small Dedicated Host pool
• Separate VPC or subnet segmentation per premium tenant
• Centralized logging, monitoring, and CI/CD pipelines across both tiers
• Why Dedicated Host was chosen:
• Provides a “dedicated compute” SKU without building a separate on-prem footprint
• Keeps most workloads cost-efficient on shared ECS
• Expected outcomes:
• Ability to close enterprise deals with isolation requirements
• Controlled incremental cost (hosts only for premium tenants)
• Operational consistency (still ECS-based)

---

16. FAQ

1) What is Alibaba Cloud Dedicated Host?

Dedicated Host is an ECS capability that allocates a physical host dedicated to your account, allowing you to run ECS instances on single-tenant hardware.

2) Is Dedicated Host the same as bare metal?

No. Dedicated Host typically still runs virtualized ECS instances on a dedicated physical server. ECS Bare Metal Instance is a separate option when you require non-virtualized bare metal performance. Verify current product specifics in official docs.

3) Do I still use VPC and security groups with Dedicated Host?

Yes. ECS instances on Dedicated Host use the standard ECS networking model: VPC, vSwitch, and security groups.

4) Can I choose which host my instance runs on?

In most Dedicated Host workflows, yes—you can select a specific host for placement. Some regions may also support group/cluster placement strategies. Verify your region’s console options.

5) Are all ECS instance types supported on Dedicated Host?

No. Supported instance families depend on region and host type. Always check the instance type list shown when creating an instance with Dedicated Host placement.

6) Does Dedicated Host guarantee better performance?

It often improves predictability by removing cross-tenant contention, but performance still depends on instance type, disk performance, network design, and workload behavior.

7) What happens if I don’t fully utilize a Dedicated Host?

You still pay for the host (depending on billing method). Underutilization is a common cost pitfall—monitor utilization and right-size.

8) Can I stop all instances and stop paying for the host?

Not necessarily. Dedicated Host billing is host-based. Stopping instances might not stop host charges. Verify billing rules for your host SKU and billing method.

9) How do I prove to auditors that I’m using Dedicated Host?

You can show host allocation in the ECS console/API outputs, billing records, and resource configurations. Confirm what artifacts your auditors accept and what Alibaba Cloud documents provide.

10) Can I use encrypted disks on ECS instances running on Dedicated Host?

In many regions, yes—disk encryption is a disk feature, not strictly a host feature. Verify encryption support for your disk type and region.

11) Can I use Auto Scaling with Dedicated Host?

This depends on current ECS/Auto Scaling integration features and placement constraints. If autoscaling is required, validate the latest Auto Scaling documentation and test behavior in a staging environment.

12) Is Dedicated Host regional or global?

Dedicated Host is created in a specific region and typically a specific zone. It is not a global resource.

13) Can I move an instance from one Dedicated Host to another?

Migration capabilities depend on ECS features, instance family, and region. In many clouds, such moves may require stop/start or redeploy. Verify supported migration methods in official docs.

14) What is the biggest operational risk with Dedicated Host?

Capacity planning and fragmentation. You must ensure enough headroom and that your instance shapes fit the remaining capacity.

15) When should I prefer shared ECS over Dedicated Host?

For most general workloads, dev/test, and highly elastic services where host-level isolation is unnecessary, shared ECS is simpler and usually more cost-efficient.

16) Does Dedicated Host isolate me from all other customers completely?

It provides a single-tenant host boundary for compute. You still use shared cloud services (control plane, network fabric, managed services). Treat it as one layer in a defense-in-depth strategy.

17) Do Dedicated Hosts support snapshots and images like normal ECS?

Typically yes, because your instances are standard ECS instances. Confirm any limitations for your specific instance families.

---

17. Top Online Resources to Learn Dedicated Host

Resource Type	Name	Why It Is Useful
Official documentation	Alibaba Cloud ECS Documentation (Dedicated Host entry point) — https://www.alibabacloud.com/help/en/ecs	Primary reference for DDH concepts, workflows, limits, and region-specific notes
Official product page	Dedicated Host product page — https://www.alibabacloud.com/product/dedicated-host	High-level overview and links into docs/pricing
Official pricing	Alibaba Cloud Pricing — https://www.alibabacloud.com/pricing	Starting point for pricing; follow links to product-level pricing
Pricing calculator	Alibaba Cloud Calculator — https://www.alibabacloud.com/calculator	Region-aware estimation (availability may vary)
Official console	Alibaba Cloud Console — https://home.console.aliyun.com/	Where you actually create DDH and ECS instances
Official CLI docs	Alibaba Cloud CLI — https://www.alibabacloud.com/help/en/alibaba-cloud-cli/latest/what-is-alibaba-cloud-cli	Automation and verification using CLI
Official API reference	ECS API (search “DedicatedHost” actions) — https://www.alibabacloud.com/help/en/ecs/developer-reference/api-reference	Programmatic operations like CreateDedicatedHost/DescribeDedicatedHosts (verify API names/versions)
Official security/audit	ActionTrail documentation — https://www.alibabacloud.com/help/en/actiontrail	Audit who did what in your Alibaba Cloud account
Official monitoring	CloudMonitor documentation — https://www.alibabacloud.com/help/en/cloudmonitor	Metrics and alerts for ECS and related resources
Community learning	Alibaba Cloud community portal — https://www.alibabacloud.com/blog	Practical articles (validate against current official docs for accuracy)

---

18. Training and Certification Providers

Institute	Suitable Audience	Likely Learning Focus	Mode	Website URL
DevOpsSchool.com	Cloud/DevOps engineers, SREs, platform teams	DevOps practices, cloud operations, infrastructure automation (verify current course catalog)	Check website	https://www.devopsschool.com/
ScmGalaxy.com	Beginners to intermediate DevOps learners	SCM, CI/CD, DevOps foundations (verify current offerings)	Check website	https://www.scmgalaxy.com/
CLoudOpsNow.in	Cloud operations practitioners	CloudOps operations, monitoring, reliability practices (verify current offerings)	Check website	https://www.cloudopsnow.in/
SreSchool.com	SREs and operations engineers	SRE principles, observability, incident response (verify current offerings)	Check website	https://www.sreschool.com/
AiOpsSchool.com	Ops teams exploring AIOps	AIOps concepts, automation, operations analytics (verify current offerings)	Check website	https://www.aiopsschool.com/

---

19. Top Trainers

Platform/Site	Likely Specialization	Suitable Audience	Website URL
RajeshKumar.xyz	DevOps/cloud training content (verify specific focus areas)	Individuals and teams seeking guided training	https://rajeshkumar.xyz/
devopstrainer.in	DevOps training and mentoring (verify current programs)	Beginners to intermediate DevOps practitioners	https://www.devopstrainer.in/
devopsfreelancer.com	Freelance DevOps consulting/training platform (verify offerings)	Teams needing short-term help or coaching	https://www.devopsfreelancer.com/
devopssupport.in	DevOps support and training resources (verify offerings)	Ops/DevOps teams seeking hands-on support	https://www.devopssupport.in/

---

20. Top Consulting Companies

Company	Likely Service Area	Where They May Help	Consulting Use Case Examples	Website URL
cotocus.com	Cloud/DevOps consulting (verify current services)	Cloud architecture, DevOps implementation, operations processes	Designing ECS + Dedicated Host landing zones; cost optimization; security baseline implementation	https://cotocus.com/
DevOpsSchool.com	DevOps consulting and enablement (verify current services)	DevOps transformation, CI/CD, cloud operations coaching	Building IaC pipelines; observability stack design; 운영 runbooks and SRE practices	https://www.devopsschool.com/
DEVOPSCONSULTING.IN	DevOps consulting (verify current services)	Implementation support, process improvements, automation	Migrating workloads to Alibaba Cloud; standardizing deployment pipelines; monitoring and alerting setup	https://www.devopsconsulting.in/

---

21. Career and Learning Roadmap

What to learn before Dedicated Host

• Core cloud networking: VPC, subnets (vSwitch), route tables, NAT, private connectivity
• Compute fundamentals: ECS instances, images, disks, security groups
• Linux administration: SSH, systemd, logs, patching
• IAM basics (RAM): users, roles, policies, MFA
• Observability: metrics, logs, alerting, incident basics

What to learn after Dedicated Host

• High availability design on Alibaba Cloud:
• Multi-zone architectures
• Load balancing and failover patterns
• Infrastructure as Code:
• Terraform (verify Alibaba Cloud provider support for Dedicated Host resources)
• CI/CD pipelines for infrastructure
• Security engineering:
• Centralized logging
• Threat detection and vulnerability management
• Policy-as-code and continuous compliance
• Cost management:
• Tag-based allocation
• Utilization reporting
• Budgeting and governance

Job roles that use it

• Cloud Solutions Architect
• Platform Engineer
• DevOps Engineer
• Site Reliability Engineer (SRE)
• Cloud Security Engineer
• Infrastructure/Systems Engineer

Certification path (if available)

Alibaba Cloud certification offerings change over time. Check Alibaba Cloud certification pages and training partners for current tracks that include ECS and architecture topics. Dedicated Host is typically covered as part of ECS/architecture learning rather than as a standalone certification.

Project ideas for practice

1. Build a two-tier app where the database tier runs on Dedicated Host and the web tier runs on shared ECS.
2. Create a “premium tenant” template: one DDH + isolated subnet + hardened security group + monitoring.
3. Implement tagging and budget alarms for a dedicated host pool.
4. Document a capacity plan: packing strategy, headroom targets, instance standardization.

---

22. Glossary

• Alibaba Cloud: Cloud provider offering ECS, VPC, storage, databases, and governance services.
• Computing: Service category covering compute infrastructure like ECS and host-level offerings.
• ECS (Elastic Compute Service): Alibaba Cloud virtual machine service.
• Dedicated Host (DDH): A physical host dedicated to a single Alibaba Cloud account for running ECS instances.
• Region: Geographic area containing multiple zones (e.g., a city/metro).
• Zone: Isolated location within a region; often maps to a data center site.
• VPC (Virtual Private Cloud): Private network in Alibaba Cloud.
• vSwitch: Subnet within a VPC, tied to a specific zone.
• Security Group: Stateful virtual firewall controlling inbound/outbound traffic for ECS instances.
• EIP (Elastic IP Address): Public IP that can be bound to ECS instances.
• Cloud Disk: Block storage attached to ECS instances.
• Snapshot: Point-in-time backup of a cloud disk.
• RAM (Resource Access Management): Alibaba Cloud IAM service for users, roles, and permissions.
• ActionTrail: Alibaba Cloud audit logging for API and console actions.
• CloudMonitor: Alibaba Cloud monitoring service for metrics and alarms.
• BYOL: Bring Your Own License—using your existing software licenses on cloud infrastructure (subject to license terms).
• Capacity fragmentation: When remaining host resources cannot satisfy an instance shape due to allocation constraints.

---

23. Summary

Alibaba Cloud Dedicated Host is a Computing service that provides single-tenant physical hosts for running ECS instances with stronger isolation, improved performance predictability, and better alignment with certain compliance and licensing needs.

It fits best when you need host-level control—such as regulated workloads, BYOL scenarios, or premium isolated tiers—while still benefiting from ECS features like images, cloud disks, VPC networking, and cloud-native monitoring.

Cost and security are tightly linked with Dedicated Host: – Cost: The biggest driver is host underutilization. Plan capacity carefully, standardize instance shapes, and track utilization with tags and monitoring. – Security: Dedicated Host improves physical isolation, but you still need RAM least privilege, secure networking (VPC + security groups), encryption, and auditing (ActionTrail).

If you’re new to Dedicated Host, the best next step is to repeat the lab in a non-production environment, then design a small multi-host architecture that meets your availability goals and validates your cost model using the official Alibaba Cloud pricing pages and calculator.