{"id":18,"date":"2026-04-12T13:16:27","date_gmt":"2026-04-12T13:16:27","guid":{"rendered":"https:\/\/www.devopsschool.com\/tutorials\/alibaba-cloud-dedicated-host-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-computing\/"},"modified":"2026-04-12T13:16:27","modified_gmt":"2026-04-12T13:16:27","slug":"alibaba-cloud-dedicated-host-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-computing","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/tutorials\/alibaba-cloud-dedicated-host-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-computing\/","title":{"rendered":"Alibaba Cloud Dedicated Host Tutorial: Architecture, Pricing, Use Cases, and Hands-On Guide for Computing"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Category<\/h2>\n\n\n\n<p>Computing<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">1. Introduction<\/h2>\n\n\n\n<p>Alibaba Cloud <strong>Dedicated Host<\/strong> (often abbreviated as <strong>DDH<\/strong> in Alibaba Cloud documentation and APIs) is a Computing service that lets you run <strong>Elastic Compute Service (ECS)<\/strong> instances on <strong>physically isolated, single-tenant hosts<\/strong> that are dedicated to your account.<\/p>\n\n\n\n<p>In simple terms: you <strong>rent an entire physical server<\/strong> (the host) from Alibaba Cloud, and then you create one or more ECS virtual machines (instances) on that host. No other Alibaba Cloud customer shares that host with you.<\/p>\n\n\n\n<p>Technically, Dedicated Host is a <strong>host-level capacity container<\/strong> for ECS. You purchase or allocate a dedicated host in a specific region\/zone, then deploy ECS instances whose vCPU and memory are carved out of the host\u2019s capacity. This model is useful when you need <strong>host isolation<\/strong>, <strong>predictable performance<\/strong>, or <strong>license\/compliance<\/strong> alignment that is difficult to achieve on shared multi-tenant infrastructure.<\/p>\n\n\n\n<p>Dedicated Host solves problems such as:\n&#8211; Meeting <strong>regulatory\/compliance<\/strong> requirements that mandate single-tenant compute.\n&#8211; Supporting <strong>Bring Your Own License (BYOL)<\/strong> or socket\/core-based licensing strategies that benefit from host-level control.\n&#8211; Reducing \u201cnoisy neighbor\u201d risk and improving <strong>performance predictability<\/strong> for sensitive workloads.\n&#8211; Enabling <strong>placement control<\/strong> (where your instances run) for operational or policy reasons.<\/p>\n\n\n\n<blockquote>\n<p>Service status and naming: As of the latest generally available Alibaba Cloud ECS documentation, <strong>Dedicated Host<\/strong> remains an active ECS capability and is commonly referenced as <strong>DDH<\/strong>. Always confirm the latest capabilities and limits in the official ECS Dedicated Host documentation (links in the Resources section).<\/p>\n<\/blockquote>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">2. What is Dedicated Host?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Official purpose<\/h3>\n\n\n\n<p>Alibaba Cloud Dedicated Host provides <strong>dedicated physical hosts<\/strong> for your ECS instances, offering <strong>single-tenant isolation<\/strong> and <strong>host-level resource control<\/strong> while still using the ECS virtualization and management plane.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Core capabilities<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Single-tenant physical isolation<\/strong>: the host is dedicated to your Alibaba Cloud account.<\/li>\n<li><strong>Deploy ECS instances on the host<\/strong>: create and manage ECS instances that consume the host\u2019s CPU and memory capacity.<\/li>\n<li><strong>Placement and capacity control<\/strong>: choose deployment strategies (for example, manual selection of a host vs. placement by the platform within a dedicated host group\/cluster\u2014capabilities vary; verify in official docs for your region).<\/li>\n<li><strong>Visibility into host capacity<\/strong>: track available\/used vCPU and memory at the host level.<\/li>\n<li><strong>Integration with ECS ecosystem<\/strong>: VPC networking, security groups, cloud disks, snapshots, monitoring, IAM (RAM), and auditing.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Major components<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Dedicated Host (DDH)<\/strong>: the physical server allocated to your account, with defined CPU and memory capacity and a host type\/SKU.<\/li>\n<li><strong>ECS instances on DDH<\/strong>: virtual machines deployed onto a DDH. Their instance types must be compatible with the host\u2019s capacity and supported families.<\/li>\n<li><strong>Networking<\/strong>: typically <strong>VPC + vSwitch + security groups<\/strong>. Instances on DDH attach to VPC networking like normal ECS instances.<\/li>\n<li><strong>Storage<\/strong>: typically <strong>cloud disks<\/strong> (ESSD\/SSD\/HDD depending on region and offering). Dedicated Host does not automatically imply local disks; verify host\/instance storage options per instance family.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Service type<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Infrastructure \/ Compute capacity service<\/strong> (host-level) that underpins <strong>ECS<\/strong> instance deployment.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Scope (regional\/zonal\/account)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Account-scoped<\/strong>: Dedicated Hosts belong to your Alibaba Cloud account and are governed by RAM permissions.<\/li>\n<li><strong>Region and zone scoped<\/strong>: Dedicated Hosts are created in a specific <strong>region<\/strong> and usually a specific <strong>zone<\/strong>. ECS instances placed on a DDH must match the zone and networking constraints. Confirm exact placement rules in the latest ECS docs for your regions.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">How it fits into the Alibaba Cloud ecosystem<\/h3>\n\n\n\n<p>Dedicated Host sits in the <strong>Computing<\/strong> layer and is consumed via <strong>ECS<\/strong>. You typically combine it with:\n&#8211; <strong>VPC<\/strong> for private networking\n&#8211; <strong>Security Groups<\/strong> for instance firewalling\n&#8211; <strong>Elastic IP Address (EIP)<\/strong> for public connectivity (optional)\n&#8211; <strong>ApsaraDB \/ OSS \/ NAS<\/strong> for data services\n&#8211; <strong>CloudMonitor<\/strong> for metrics and alerting\n&#8211; <strong>ActionTrail<\/strong> for audit logs\n&#8211; <strong>Resource Management<\/strong> (resource groups, tags) for governance<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">3. Why use Dedicated Host?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Business reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Compliance and audit<\/strong>: Some standards or customer contracts require single-tenant compute or clearer isolation boundaries.<\/li>\n<li><strong>Licensing optimization<\/strong>: Certain commercial software licenses are priced per socket\/core\/host. Host-level dedication can simplify license accounting (always validate license terms with your vendor).<\/li>\n<li><strong>Cost predictability for steady workloads<\/strong>: If you keep many instances running continuously, paying for a host can be easier to forecast than per-instance variability (depends on your instance mix and discounts).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Technical reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Stronger isolation<\/strong> than shared tenancy for compute resources, reducing contention risk.<\/li>\n<li><strong>Placement control<\/strong>: Align workloads that must reside on the same host or must not share with unknown tenants (exact placement features vary; verify).<\/li>\n<li><strong>Consistency<\/strong>: Standardize host hardware profiles for performance-sensitive services.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Operational reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Capacity planning<\/strong> at a host level: you manage headroom (vCPU\/memory) explicitly.<\/li>\n<li><strong>Change control<\/strong>: Dedicated capacity can simplify operational approvals for regulated environments.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Security\/compliance reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Single-tenant host boundary<\/strong> reduces cross-tenant risk on the same physical machine.<\/li>\n<li>Easier to align with data residency and internal security policies that mandate dedicated compute.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Scalability\/performance reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Better predictability for latency-sensitive services.<\/li>\n<li>Ability to reserve host capacity for critical workloads (note: dedicated host itself is the reservation; additional reservation constructs, if any, must be verified in official docs).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">When teams should choose Dedicated Host<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>You have <strong>compliance<\/strong> requirements for single-tenant compute.<\/li>\n<li>You need <strong>BYOL<\/strong> alignment or <strong>license mobility<\/strong> strategies.<\/li>\n<li>You run <strong>steady, long-lived<\/strong> compute where host-level commitment makes sense.<\/li>\n<li>You need <strong>tight operational control<\/strong> over placement and capacity.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">When teams should not choose it<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>You need maximum elasticity with minimal planning (shared ECS is simpler).<\/li>\n<li>Your workloads are spiky and short-lived (host costs may be underutilized).<\/li>\n<li>You don\u2019t want to manage capacity fragmentation (instances may not \u201cfit\u201d even if total free capacity looks sufficient).<\/li>\n<li>You could meet requirements with simpler constructs (for example, shared ECS + security controls), or with <strong>Bare Metal ECS<\/strong> if you truly need non-virtualized performance (evaluate carefully).<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">4. Where is Dedicated Host used?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Industries<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Financial services (risk systems, core banking components, trading support)<\/li>\n<li>Healthcare and life sciences (regulated workloads, sensitive datasets)<\/li>\n<li>Government and public sector (single-tenant requirements)<\/li>\n<li>Telecommunications (network functions and operational systems)<\/li>\n<li>SaaS providers with strict customer isolation needs<\/li>\n<li>Media\/gaming (latency and performance consistency)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Team types<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Platform engineering teams building standardized compute landing zones<\/li>\n<li>Security and compliance teams enforcing tenant isolation requirements<\/li>\n<li>DevOps\/SRE teams running stateful services with strict performance SLOs<\/li>\n<li>Enterprise infrastructure teams migrating from on-prem virtualization<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Workloads<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Commercial databases and middleware with host-based licensing concerns<\/li>\n<li>Security-sensitive services (PKI components, internal auth services)<\/li>\n<li>Stateful systems needing predictable CPU scheduling<\/li>\n<li>Private Kubernetes nodes with strict isolation requirements (verify operational fit)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Architectures<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Three-tier applications with dedicated app\/database layers<\/li>\n<li>Microservices platforms where critical components run on dedicated hosts<\/li>\n<li>Hybrid architectures: on-prem + Alibaba Cloud, with dedicated hosts for regulated tiers<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Real-world deployment contexts<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Production environments with compliance obligations<\/li>\n<li>Dedicated capacity pools for a business unit<\/li>\n<li>Dev\/test environments only when required by licensing constraints (otherwise shared ECS is more cost-effective)<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">5. Top Use Cases and Scenarios<\/h2>\n\n\n\n<p>Below are realistic Dedicated Host scenarios. Each includes the problem, why Dedicated Host fits, and a short example.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">1) BYOL for host\/socket\/core licensed software<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Software licensing is tied to physical cores\/sockets or requires dedicated hardware.<\/li>\n<li><strong>Why Dedicated Host fits:<\/strong> You control host-level isolation and can map VM usage to a dedicated physical host boundary.<\/li>\n<li><strong>Example:<\/strong> An enterprise deploys a commercial database with licensing that benefits from running on dedicated physical hosts.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">2) Regulatory requirement for single-tenant compute<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> A regulator or customer contract requires workloads to run on single-tenant infrastructure.<\/li>\n<li><strong>Why Dedicated Host fits:<\/strong> The host is dedicated to your account; other tenants do not share the same physical machine.<\/li>\n<li><strong>Example:<\/strong> A healthcare provider runs sensitive patient processing services on Dedicated Host.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">3) Reduce \u201cnoisy neighbor\u201d risk for latency-sensitive services<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Shared tenancy can introduce variable performance due to other tenants.<\/li>\n<li><strong>Why Dedicated Host fits:<\/strong> Dedicated physical host reduces cross-tenant contention.<\/li>\n<li><strong>Example:<\/strong> A payment gateway\u2019s transaction service runs on DDH for stable latency.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">4) Isolation boundary for security hardening<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Security team wants a stronger isolation layer than shared infrastructure for certain systems.<\/li>\n<li><strong>Why Dedicated Host fits:<\/strong> Physical isolation complements VPC\/security group controls.<\/li>\n<li><strong>Example:<\/strong> Internal authentication services and secrets brokers run on DDH.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">5) Dedicated capacity pool for a critical business unit<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> A business unit needs guaranteed compute capacity during peak.<\/li>\n<li><strong>Why Dedicated Host fits:<\/strong> Host capacity is reserved for your account and can be managed as a pool.<\/li>\n<li><strong>Example:<\/strong> An e-commerce company reserves hosts for checkout services.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6) Controlled placement for clustering or affinity requirements<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Certain systems require specific placement patterns (e.g., keep a set of nodes together or isolate them).<\/li>\n<li><strong>Why Dedicated Host fits:<\/strong> You can place instances onto selected dedicated hosts (placement options vary\u2014verify).<\/li>\n<li><strong>Example:<\/strong> A low-latency analytics cluster places worker nodes on specific hosts.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">7) Migration path from on-prem virtualization to cloud<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Teams used to managing host capacity and VM placement need a similar model in cloud.<\/li>\n<li><strong>Why Dedicated Host fits:<\/strong> It resembles a \u201cvirtualization cluster\u201d approach while retaining cloud APIs.<\/li>\n<li><strong>Example:<\/strong> A company migrates VMware-like VM fleets to ECS-on-DDH.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">8) Multi-tenant SaaS with premium \u201cdedicated compute\u201d tier<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Some customers demand physical isolation from other customers.<\/li>\n<li><strong>Why Dedicated Host fits:<\/strong> You can offer a dedicated host-backed deployment option.<\/li>\n<li><strong>Example:<\/strong> A SaaS vendor provisions one DDH per premium customer environment.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">9) Workloads requiring predictable performance baselines<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Performance testing and benchmarking need consistent underlying hardware.<\/li>\n<li><strong>Why Dedicated Host fits:<\/strong> Single-tenant host reduces variability and simplifies test comparisons.<\/li>\n<li><strong>Example:<\/strong> A performance engineering team benchmarks builds on DDH.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">10) Incident isolation and blast-radius reduction<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> A noisy or compromised workload should not impact unrelated workloads.<\/li>\n<li><strong>Why Dedicated Host fits:<\/strong> You can segment by host, limiting certain resource-sharing risks.<\/li>\n<li><strong>Example:<\/strong> Security isolates internet-facing components onto a dedicated host pool.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">11) Dedicated environment for third-party audits<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Auditors require clear evidence of physical isolation.<\/li>\n<li><strong>Why Dedicated Host fits:<\/strong> Dedicated host allocation supports clearer audit narratives (confirm evidence\/artifacts in docs).<\/li>\n<li><strong>Example:<\/strong> A fintech prepares audit documentation demonstrating dedicated host usage.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">12) Specialized operational control for patch windows\/maintenance coordination<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Teams want tighter control over maintenance events for critical workloads.<\/li>\n<li><strong>Why Dedicated Host fits:<\/strong> While the cloud still manages hardware, host-level management primitives may support planning (verify exact maintenance event behavior).<\/li>\n<li><strong>Example:<\/strong> A bank schedules OS patching and capacity headroom on dedicated hosts.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">6. Core Features<\/h2>\n\n\n\n<blockquote>\n<p>Note: Feature availability can vary by <strong>region<\/strong>, <strong>host type<\/strong>, and <strong>ECS instance family<\/strong>. Verify details in official Alibaba Cloud ECS Dedicated Host documentation for your region.<\/p>\n<\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\">6.1 Single-tenant physical host allocation<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Allocates a physical server to your account.<\/li>\n<li><strong>Why it matters:<\/strong> Stronger isolation than shared compute.<\/li>\n<li><strong>Practical benefit:<\/strong> Helps meet compliance and reduces performance interference.<\/li>\n<li><strong>Caveats:<\/strong> You still share underlying cloud facilities (network fabric, control plane). Dedicated Host does not automatically mean isolated network\u2014use VPC\/security controls.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6.2 Run ECS instances on Dedicated Host<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Lets you create ECS instances \u201con\u201d a chosen dedicated host.<\/li>\n<li><strong>Why it matters:<\/strong> You get VM agility (images, snapshots, cloud disks) with dedicated hardware boundaries.<\/li>\n<li><strong>Practical benefit:<\/strong> Standard ECS management experience with dedicated placement.<\/li>\n<li><strong>Caveats:<\/strong> Not all ECS instance types are supported on DDH; selection depends on region and host type.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6.3 Host capacity accounting (vCPU\/memory)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Shows total vs available vCPU and memory on the host.<\/li>\n<li><strong>Why it matters:<\/strong> Capacity planning and preventing overcommit beyond supported limits.<\/li>\n<li><strong>Practical benefit:<\/strong> Predictable scheduling and easier headroom management.<\/li>\n<li><strong>Caveats:<\/strong> Capacity fragmentation can occur (e.g., you may have enough total memory but not enough contiguous capacity to fit a chosen instance shape\u2014behavior depends on allocation rules; verify).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6.4 Placement control (manual host selection)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Lets you select a specific dedicated host when creating an ECS instance (typical DDH workflow).<\/li>\n<li><strong>Why it matters:<\/strong> Enables controlled placement for compliance, performance, or operational segmentation.<\/li>\n<li><strong>Practical benefit:<\/strong> You can separate tiers (web\/app\/db) by host or consolidate specific nodes.<\/li>\n<li><strong>Caveats:<\/strong> Some automation integrations (Auto Scaling, orchestration) may have constraints; verify supported deployment policies.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6.5 Dedicated Host groups\/clusters (where available)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Allows organizing multiple dedicated hosts into a logical container for management and placement policies.<\/li>\n<li><strong>Why it matters:<\/strong> Easier operations at scale: tagging, policy, and capacity planning across many hosts.<\/li>\n<li><strong>Practical benefit:<\/strong> Platform teams can manage capacity pools per environment.<\/li>\n<li><strong>Caveats:<\/strong> Terminology and availability vary; confirm \u201cDedicated Host Cluster\u201d capabilities in your region.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6.6 Integration with ECS images, snapshots, and cloud disks<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Instances on DDH use standard ECS constructs like images and cloud disks.<\/li>\n<li><strong>Why it matters:<\/strong> You keep cloud operational conveniences.<\/li>\n<li><strong>Practical benefit:<\/strong> Fast provisioning, standard backup via snapshots, disk resizing (subject to ECS disk rules).<\/li>\n<li><strong>Caveats:<\/strong> Storage performance depends on disk type and instance family; DDH does not automatically increase disk throughput.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6.7 Networking integration (VPC, security groups, EIP)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Instances on DDH attach to VPC\/vSwitch and use security groups like other ECS instances.<\/li>\n<li><strong>Why it matters:<\/strong> Consistent network model across shared and dedicated compute.<\/li>\n<li><strong>Practical benefit:<\/strong> Private subnets, NAT, SLB, and microsegmentation remain available.<\/li>\n<li><strong>Caveats:<\/strong> Public access still requires careful design (EIP, SLB, NAT). Dedicated host is not a security boundary by itself.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6.8 Monitoring and alerting (CloudMonitor)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Provides metrics\/alerts for ECS instances and (in many cases) host-level visibility.<\/li>\n<li><strong>Why it matters:<\/strong> Operations teams need health indicators and capacity alarms.<\/li>\n<li><strong>Practical benefit:<\/strong> Alert when host capacity is low, or instance CPU is high.<\/li>\n<li><strong>Caveats:<\/strong> Exact host-level metrics exposed can vary. Validate metric names and availability.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6.9 Governance: tags, resource groups, RAM control, audit logs<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Apply tags\/resource groups, restrict access via RAM, and audit actions via ActionTrail.<\/li>\n<li><strong>Why it matters:<\/strong> Dedicated hosts are often used in regulated environments with strict governance.<\/li>\n<li><strong>Practical benefit:<\/strong> Least privilege, traceability, chargeback\/showback.<\/li>\n<li><strong>Caveats:<\/strong> Misconfigured RAM policies can create operational bottlenecks (e.g., no one can release hosts).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6.10 Lifecycle management (create, use, release)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Purchase\/allocate hosts, deploy instances, then release hosts when not needed.<\/li>\n<li><strong>Why it matters:<\/strong> Dedicated capacity costs money even if idle.<\/li>\n<li><strong>Practical benefit:<\/strong> Explicit lifecycle encourages cost discipline.<\/li>\n<li><strong>Caveats:<\/strong> Releasing a host usually requires that it has no running instances (and sometimes no instances at all). Billing rules differ between subscription and pay-as-you-go\u2014verify.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">7. Architecture and How It Works<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">High-level service architecture<\/h3>\n\n\n\n<p>Dedicated Host introduces a <strong>two-level model<\/strong>:\n1. <strong>Host level<\/strong>: You allocate a physical host (DDH) in a zone.\n2. <strong>Instance level<\/strong>: You deploy ECS instances that consume host resources.<\/p>\n\n\n\n<p>Control plane actions (create host, create instance, attach disks, assign networking) go through Alibaba Cloud APIs\/console and are governed by RAM. Data plane traffic flows between ECS instances and other services through VPC networking, security groups, and optional load balancing\/NAT.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Request\/data\/control flow (typical)<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Admin purchases\/creates a Dedicated Host in a zone.<\/li>\n<li>Admin creates VPC\/vSwitch and security group (or uses existing).<\/li>\n<li>Admin launches an ECS instance and selects the Dedicated Host as placement.<\/li>\n<li>ECS control plane allocates vCPU\/memory from DDH capacity and provisions the instance.<\/li>\n<li>Instance boots from an image; cloud disks attach; instance joins VPC.<\/li>\n<li>Workload traffic flows through:\n   &#8211; Internal VPC traffic to databases, caches, OSS endpoints, etc.\n   &#8211; Optional public ingress\/egress via EIP, SLB, NAT Gateway, or shared bandwidth packages (depending on your network design).<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Integrations with related services<\/h3>\n\n\n\n<p>Common integrations include:\n&#8211; <strong>ECS<\/strong>: Instances, images, disks, snapshots, security groups.\n&#8211; <strong>VPC<\/strong>: vSwitch, route tables, NAT Gateway, VPN Gateway, CEN (depending on architecture).\n&#8211; <strong>Server Load Balancer (SLB)<\/strong>: front-end traffic distribution (verify current Alibaba Cloud SLB product naming in your region).\n&#8211; <strong>CloudMonitor<\/strong>: metrics and alarms.\n&#8211; <strong>ActionTrail<\/strong>: auditing API and console actions.\n&#8211; <strong>Resource Management<\/strong>: resource groups, tag policies.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Dependency services<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Billing<\/strong>: Dedicated Host charges are separate from ECS instance charges in many purchasing models; confirm exact billing decomposition for your SKU.<\/li>\n<li><strong>RAM<\/strong>: Permissions required for creating hosts and instances.<\/li>\n<li><strong>Quota system<\/strong>: Region quotas for dedicated hosts and ECS.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Security\/authentication model<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>RAM users\/roles<\/strong> authenticate to the Alibaba Cloud control plane.<\/li>\n<li>API calls are authorized by <strong>RAM policies<\/strong>.<\/li>\n<li>Instance access uses <strong>SSH keys<\/strong> (Linux) or passwords (less recommended) and security group rules.<\/li>\n<li>Auditing via <strong>ActionTrail<\/strong> records relevant API operations.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Networking model<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Instances on Dedicated Host use the same ECS network model:<\/li>\n<li>Deployed into <strong>VPC<\/strong> and <strong>vSwitch<\/strong> (subnet).<\/li>\n<li>Governed by <strong>security groups<\/strong> (stateful virtual firewall).<\/li>\n<li>Optional <strong>EIP<\/strong> for public IP; otherwise private-only.<\/li>\n<li>For inbound internet traffic at scale, typically use <strong>SLB<\/strong> in front of instances.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Monitoring\/logging\/governance considerations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use <strong>CloudMonitor<\/strong> for instance-level and (where supported) host-level metrics.<\/li>\n<li>Use <strong>ActionTrail<\/strong> for control-plane auditing.<\/li>\n<li>Use consistent <strong>tags<\/strong> and <strong>resource groups<\/strong> to track dedicated host ownership, environment, and cost center.<\/li>\n<li>Track host utilization and fragmentation over time to prevent waste.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Simple architecture diagram (Mermaid)<\/h3>\n\n\n\n<pre><code class=\"language-mermaid\">flowchart LR\n  A[Admin \/ DevOps] --&gt;|Console\/API (RAM Auth)| C[ECS Control Plane]\n  C --&gt; D[Dedicated Host (DDH) in Zone]\n  C --&gt; E[ECS Instance on DDH]\n  E --&gt; F[VPC vSwitch]\n  E --&gt; G[Cloud Disks]\n  E --&gt; H[CloudMonitor \/ ActionTrail]\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Production-style architecture diagram (Mermaid)<\/h3>\n\n\n\n<pre><code class=\"language-mermaid\">flowchart TB\n  U[Users] --&gt;|HTTPS| SLB[Load Balancer (SLB)]\n  SLB --&gt; W1[ECS Web Tier&lt;br\/&gt;on Dedicated Host Pool]\n  SLB --&gt; W2[ECS Web Tier&lt;br\/&gt;on Dedicated Host Pool]\n\n  subgraph VPC[Alibaba Cloud VPC]\n    direction TB\n    subgraph APP[Private Subnets]\n      W1 --&gt; A1[ECS App Tier&lt;br\/&gt;on Dedicated Host]\n      W2 --&gt; A2[ECS App Tier&lt;br\/&gt;on Dedicated Host]\n      A1 --&gt; DB[ApsaraDB \/ Self-managed DB on ECS]\n      A2 --&gt; DB\n      A1 --&gt; CACHE[Cache\/Queue Service]\n      A2 --&gt; CACHE\n    end\n\n    subgraph SEC[Security &amp; Ops]\n      CM[CloudMonitor Alarms]\n      AT[ActionTrail Audit Logs]\n      RAM[RAM Policies\/Users\/Roles]\n    end\n  end\n\n  CM -.-&gt; A1\n  CM -.-&gt; A2\n  AT -.-&gt; RAM\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">8. Prerequisites<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Account requirements<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>An active <strong>Alibaba Cloud account<\/strong> with a verified payment method.<\/li>\n<li>Billing enabled for ECS and related services.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Permissions (RAM)<\/h3>\n\n\n\n<p>Minimum permissions typically include:\n&#8211; ECS permissions to manage Dedicated Hosts and instances (e.g., policies equivalent to ECS full access or scoped custom policies).\n&#8211; VPC permissions to create\/select VPC, vSwitch, and security groups.\n&#8211; If using EIP\/SLB\/NAT, permissions for those services too.<\/p>\n\n\n\n<p>For least privilege:\n&#8211; Create a RAM policy that allows only required actions such as <code>CreateDedicatedHost<\/code>, <code>DescribeDedicatedHosts<\/code>, <code>CreateInstance<\/code>, <code>RunInstances<\/code>, <code>StartInstance<\/code>, <code>StopInstance<\/code>, <code>DeleteInstance<\/code>, and required VPC\/security group actions.<br\/>\n&#8211; <strong>Verify exact action names<\/strong> in the official ECS RAM policy reference (action names can differ by API version).<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Billing requirements<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Dedicated Host often has <strong>separate billing<\/strong> from ECS instances.<\/li>\n<li>Choose <strong>pay-as-you-go<\/strong> for a short lab if available in your region to reduce commitment risk.<\/li>\n<li>Be aware that Dedicated Hosts can be costly compared to shared ECS; plan cleanup.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Tools<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Alibaba Cloud Console (web UI)<\/li>\n<li>Optional: <strong>Alibaba Cloud CLI (<code>aliyun<\/code>)<\/strong> for verification and automation<br\/>\n  Official CLI: https:\/\/www.alibabacloud.com\/help\/en\/alibaba-cloud-cli\/latest\/what-is-alibaba-cloud-cli<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Region availability<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Dedicated Host is region and zone dependent.<\/li>\n<li>Before starting, confirm that your target region supports Dedicated Host and that desired host types are available.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Quotas\/limits<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Dedicated Host quotas per region\/account may apply.<\/li>\n<li>Some accounts require quota increases before creating dedicated hosts.<\/li>\n<li>Verify in <strong>Quota Center<\/strong> and ECS documentation.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Prerequisite services<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>VPC<\/strong> with at least one <strong>vSwitch<\/strong> in the same zone as your Dedicated Host.<\/li>\n<li><strong>Security group<\/strong> in the same VPC.<\/li>\n<li>SSH key pair (recommended) for Linux instance access.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">9. Pricing \/ Cost<\/h2>\n\n\n\n<blockquote>\n<p>Pricing varies by <strong>region<\/strong>, <strong>host type<\/strong>, <strong>billing method<\/strong> (subscription vs pay-as-you-go), and sometimes by enterprise agreement. Do not rely on fixed numbers from third parties\u2014use the official pricing pages and the Alibaba Cloud pricing calculator for your region.<\/p>\n<\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\">Pricing dimensions (typical)<\/h3>\n\n\n\n<p>Dedicated Host cost commonly depends on:\n&#8211; <strong>Host type\/SKU<\/strong> (CPU generation, core count, memory)\n&#8211; <strong>Billing method<\/strong>\n  &#8211; <strong>Pay-as-you-go<\/strong>: billed per hour\/second granularity (model varies; verify)\n  &#8211; <strong>Subscription<\/strong>: billed upfront for a term (monthly\/annual)\n&#8211; <strong>Quantity<\/strong> of dedicated hosts\n&#8211; <strong>Region\/zone<\/strong> (availability and price differ)<\/p>\n\n\n\n<p>In addition, you usually still pay for:\n&#8211; <strong>ECS instance charges<\/strong> (depending on how Alibaba Cloud structures pricing for DDH in your region\u2014some models charge primarily for host capacity, others may still include instance components; <strong>verify your pricing breakdown<\/strong> in the official pricing page)\n&#8211; <strong>Cloud disks<\/strong> (ESSD\/SSD\/HDD), snapshots, and IOPS tiers\n&#8211; <strong>Network<\/strong>:\n  &#8211; Public bandwidth (EIP bandwidth or pay-by-traffic)\n  &#8211; NAT Gateway, SLB, and inter-region traffic (if used)\n&#8211; <strong>Monitoring\/logging<\/strong> (advanced monitoring, log storage if using Log Service)<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Free tier<\/h3>\n\n\n\n<p>Dedicated Host is generally <strong>not<\/strong> a free-tier product. You may have general ECS or account credits, but do not assume a free tier for DDH.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Primary cost drivers<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Idle capacity<\/strong>: You pay for the host even if you run few\/small instances.<\/li>\n<li><strong>Overprovisioning headroom<\/strong>: Keeping extra capacity for failover or scaling increases costs.<\/li>\n<li><strong>Disk performance tier<\/strong>: ESSD tiers and large IOPS requirements can dominate costs.<\/li>\n<li><strong>Outbound internet traffic<\/strong>: High egress can be costly depending on bandwidth model.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Hidden\/indirect costs<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Operational overhead<\/strong>: capacity planning and fragmentation management.<\/li>\n<li><strong>High availability design<\/strong>: you may need multiple hosts across zones to meet HA targets.<\/li>\n<li><strong>Backups<\/strong>: snapshot storage and retention.<\/li>\n<li><strong>Security tooling<\/strong>: bastion hosts, WAF, vulnerability scanning, etc.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Network\/data transfer implications<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Intra-VPC traffic is typically cheaper than internet egress, but cross-zone or cross-region traffic may have different billing. Verify Alibaba Cloud networking pricing for your topology.<\/li>\n<li>If you attach EIP and use pay-by-traffic, heavy outbound traffic can surprise you.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">How to optimize cost<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use Dedicated Host only for workloads that truly need it; keep the rest on shared ECS.<\/li>\n<li>Right-size hosts to your stable baseline and use shared ECS for burst (hybrid strategy).<\/li>\n<li>Standardize instance shapes to reduce fragmentation (fewer shapes fit better).<\/li>\n<li>Use tags and budgets to track host utilization and avoid \u201czombie\u201d capacity.<\/li>\n<li>For subscription hosts, align term length with real workload commitment.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Example low-cost starter estimate (no fabricated numbers)<\/h3>\n\n\n\n<p>A practical way to estimate your lab cost:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Dedicated Host (pay-as-you-go)<\/strong><br\/>\n   &#8211; Cost = <code>host hourly rate \u00d7 hours allocated<\/code><\/li>\n<li><strong>ECS instance OS disk + data disks<\/strong><br\/>\n   &#8211; Cost = <code>disk GB-month + IOPS tier + snapshots<\/code><\/li>\n<li><strong>Public access (optional)<\/strong><br\/>\n   &#8211; If EIP: <code>EIP bandwidth or traffic charges \u00d7 usage<\/code><\/li>\n<li><strong>Other services<\/strong> (optional)<br\/>\n   &#8211; SLB, NAT Gateway, monitoring\/log storage<\/li>\n<\/ol>\n\n\n\n<p>To keep a lab low-cost:\n&#8211; Allocate <strong>one<\/strong> Dedicated Host for the shortest possible time.\n&#8211; Deploy <strong>one small ECS instance<\/strong> on it.\n&#8211; Avoid EIP if you can use a bastion\/VPN already in your environment (but don\u2019t build extra infrastructure just for a lab).<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Example production cost considerations<\/h3>\n\n\n\n<p>For production, model:\n&#8211; N dedicated hosts across at least two zones for availability goals.\n&#8211; Average and peak instance footprint (vCPU\/memory).\n&#8211; Disk requirements (capacity + performance).\n&#8211; Data protection (snapshots, cross-region backups).\n&#8211; Network egress volumes.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Official pricing references<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Alibaba Cloud pricing landing page: https:\/\/www.alibabacloud.com\/pricing  <\/li>\n<li>Alibaba Cloud pricing calculator (if available in your region): https:\/\/www.alibabacloud.com\/calculator  <\/li>\n<li>Dedicated Host product page (often links to pricing): https:\/\/www.alibabacloud.com\/product\/dedicated-host  <\/li>\n<li>ECS documentation (Dedicated Host): https:\/\/www.alibabacloud.com\/help\/en\/ecs<\/li>\n<\/ul>\n\n\n\n<p>If your account is under an enterprise agreement, the effective price may be negotiated\u2014confirm with your Alibaba Cloud account team.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">10. Step-by-Step Hands-On Tutorial<\/h2>\n\n\n\n<p>This lab provisions a Dedicated Host and launches a Linux ECS instance on it, then verifies placement and connectivity.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Objective<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Create a <strong>Dedicated Host<\/strong> in Alibaba Cloud ECS.<\/li>\n<li>Create a <strong>VPC environment<\/strong> (or reuse an existing one).<\/li>\n<li>Launch an <strong>ECS instance on the Dedicated Host<\/strong>.<\/li>\n<li>Verify you can connect and confirm the instance is placed on the dedicated host.<\/li>\n<li>Clean up resources to avoid ongoing charges.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Lab Overview<\/h3>\n\n\n\n<p>You will:\n1. Choose a region\/zone that supports Dedicated Host.\n2. Create VPC + vSwitch + security group.\n3. Create an SSH key pair.\n4. Purchase\/create a Dedicated Host (pay-as-you-go if available).\n5. Create an ECS instance and explicitly place it on the Dedicated Host.\n6. Validate with console checks and an SSH login test.\n7. Release the ECS instance and then release the Dedicated Host.<\/p>\n\n\n\n<blockquote>\n<p>Cost warning: Dedicated Host can be significantly more expensive than a regular ECS instance. If pay-as-you-go is available, keep the host for the minimum time and clean up immediately after validation.<\/p>\n<\/blockquote>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 1: Pick a region\/zone and confirm Dedicated Host availability<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Sign in to Alibaba Cloud Console: https:\/\/home.console.aliyun.com\/<\/li>\n<li>Open <strong>Elastic Compute Service (ECS)<\/strong>.<\/li>\n<li>In the top navigation, select a <strong>Region<\/strong> close to you (or required by policy).<\/li>\n<li>In ECS, find <strong>Dedicated Hosts<\/strong> (menu naming varies by console version).<\/li>\n<li>Confirm:\n   &#8211; You can create a Dedicated Host in this region.\n   &#8211; At least one <strong>zone<\/strong> and <strong>host type<\/strong> is available.<\/li>\n<\/ol>\n\n\n\n<p><strong>Expected outcome:<\/strong> You have identified a specific <strong>Region + Zone<\/strong> where Dedicated Host can be created.<\/p>\n\n\n\n<p><strong>Verification:<\/strong> You can view the Dedicated Host creation\/purchase page and see available host types.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 2: Create a VPC and vSwitch (or reuse an existing VPC)<\/h3>\n\n\n\n<p>If you already have a VPC in the same region and an appropriate vSwitch in the same zone you selected, you can reuse it.<\/p>\n\n\n\n<p><strong>Create a new VPC (recommended for a clean lab):<\/strong>\n1. Go to <strong>VPC Console<\/strong>.\n2. Create a <strong>VPC<\/strong>:\n   &#8211; IPv4 CIDR: choose a non-overlapping range such as <code>10.20.0.0\/16<\/code>.\n3. Create a <strong>vSwitch<\/strong> in the <strong>same zone<\/strong> as the Dedicated Host:\n   &#8211; vSwitch CIDR: e.g., <code>10.20.1.0\/24<\/code>.<\/p>\n\n\n\n<p><strong>Expected outcome:<\/strong> A VPC and vSwitch exist in your chosen region\/zone.<\/p>\n\n\n\n<p><strong>Verification:<\/strong> In VPC console, confirm the vSwitch shows the correct zone.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 3: Create a security group for SSH and basic outbound access<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>In <strong>ECS Console<\/strong> \u2192 <strong>Security Groups<\/strong> \u2192 <strong>Create Security Group<\/strong>.<\/li>\n<li>Choose:\n   &#8211; Network type: <strong>VPC<\/strong>\n   &#8211; VPC: your lab VPC<\/li>\n<li>Add inbound rules:\n   &#8211; <strong>SSH (TCP 22)<\/strong> from <em>your public IP<\/em> (preferred) or a temporary narrow CIDR.<ul>\n<li>If you don\u2019t know your public IP, you can temporarily use a restricted office\/VPN range. Avoid <code>0.0.0.0\/0<\/code> for production; for a short lab it is still risky.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<p>Outbound defaults are usually permissive; keep defaults unless you need strict egress control.<\/p>\n\n\n\n<p><strong>Expected outcome:<\/strong> A security group exists allowing SSH from a safe source range.<\/p>\n\n\n\n<p><strong>Verification:<\/strong> Security group inbound rule list shows port 22 allowed from your chosen CIDR.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 4: Create an SSH key pair (Linux)<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>ECS Console \u2192 <strong>Network &amp; Security<\/strong> (or <strong>Key Pairs<\/strong>) \u2192 <strong>Create Key Pair<\/strong>.<\/li>\n<li>Name: <code>ddh-lab-key<\/code><\/li>\n<li>Download the private key file (<code>.pem<\/code>) and store it securely.<\/li>\n<li>On your local machine, set permissions (macOS\/Linux):<\/li>\n<\/ol>\n\n\n\n<pre><code class=\"language-bash\">chmod 600 ddh-lab-key.pem\n<\/code><\/pre>\n\n\n\n<p><strong>Expected outcome:<\/strong> You have a usable SSH private key for instance login.<\/p>\n\n\n\n<p><strong>Verification:<\/strong> Key pair appears in ECS console.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 5: Create the Dedicated Host<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>ECS Console \u2192 <strong>Dedicated Hosts<\/strong> \u2192 <strong>Create\/Purchase Dedicated Host<\/strong>.<\/li>\n<li>Choose:\n   &#8211; Billing: <strong>Pay-as-you-go<\/strong> if available (recommended for lab).\n   &#8211; Region\/Zone: match the zone used by your vSwitch.\n   &#8211; Host type: pick the smallest\/lowest-cost host type available to your account\/region.\n   &#8211; Quantity: 1<\/li>\n<li>Confirm and create.<\/li>\n<\/ol>\n\n\n\n<p><strong>Expected outcome:<\/strong> A Dedicated Host appears in the Dedicated Hosts list with a <strong>Host ID<\/strong> and <strong>Available Capacity<\/strong>.<\/p>\n\n\n\n<p><strong>Verification:<\/strong>\n&#8211; Dedicated Host status is <strong>Running\/Available<\/strong> (wording varies).\n&#8211; You can see capacity fields (vCPU\/memory) and a host ID like <code>dh-xxxxx<\/code>.<\/p>\n\n\n\n<p><strong>Common issue:<\/strong> You may hit a quota limit or \u201cinsufficient capacity\u201d for a host type.<br\/>\n<strong>Fix:<\/strong> Try a different zone\/host type or request quota increase in Quota Center.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 6: Create an ECS instance placed on the Dedicated Host<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>ECS Console \u2192 <strong>Instances<\/strong> \u2192 <strong>Create Instance<\/strong>.<\/li>\n<li>Configure basics:\n   &#8211; Billing: Pay-as-you-go (recommended for lab)\n   &#8211; Region\/Zone: same as Dedicated Host\n   &#8211; Network: select your lab VPC and vSwitch<\/li>\n<li>Instance placement:\n   &#8211; Find the placement\/tenancy setting (console wording varies).\n   &#8211; Choose <strong>Dedicated Host<\/strong> and select your created host (by Host ID).<\/li>\n<li>Instance type:\n   &#8211; Choose an instance type that \u201cfits\u201d the DDH capacity and is supported for DDH in that region.<\/li>\n<li>Image:\n   &#8211; Choose a common Linux image (e.g., Alibaba Cloud Linux, Ubuntu, or CentOS if still offered in your region\u2014verify current availability).<\/li>\n<li>Storage:\n   &#8211; Keep the default system disk size (small) and default disk type unless you need otherwise.<\/li>\n<li>Security:\n   &#8211; Security group: select your lab security group.\n   &#8211; Login: select <strong>Key Pair<\/strong> and choose <code>ddh-lab-key<\/code>.<\/li>\n<li>Public connectivity:\n   &#8211; For easiest validation, you may assign a public IP or EIP depending on your account settings.\n   &#8211; If you can\u2019t assign a public IP directly, consider creating and binding an <strong>EIP<\/strong> (this may increase cost).<\/li>\n<li>Create the instance.<\/li>\n<\/ol>\n\n\n\n<p><strong>Expected outcome:<\/strong> One running ECS instance is created <strong>on the Dedicated Host<\/strong>.<\/p>\n\n\n\n<p><strong>Verification:<\/strong>\n&#8211; In the instance details page, confirm there is a field such as <strong>Dedicated Host ID<\/strong> or similar showing the host ID you created.\n&#8211; The instance is in <strong>Running<\/strong> state.<\/p>\n\n\n\n<p><strong>Common issue:<\/strong> \u201cNo available host capacity\u201d even though capacity looks available.<br\/>\n<strong>Fix:<\/strong> Instance shape may not fit due to allocation constraints\/fragmentation. Try a smaller instance type or a different host type.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 7: Connect to the ECS instance via SSH<\/h3>\n\n\n\n<p>If the instance has a public IP:\n1. Find the instance <strong>Public IP<\/strong> in ECS console.\n2. SSH from your terminal:<\/p>\n\n\n\n<pre><code class=\"language-bash\">ssh -i ddh-lab-key.pem root@&lt;PUBLIC_IP&gt;\n<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>For Ubuntu images, the user is often <code>ubuntu<\/code> instead of <code>root<\/code>. Check the image documentation in the console.<\/li>\n<\/ul>\n\n\n\n<p>Once connected, run:<\/p>\n\n\n\n<pre><code class=\"language-bash\">uname -a\nhostname\n<\/code><\/pre>\n\n\n\n<p><strong>Expected outcome:<\/strong> You have interactive shell access to the instance.<\/p>\n\n\n\n<p><strong>Verification:<\/strong> The commands return Linux kernel and hostname output.<\/p>\n\n\n\n<p><strong>Common issue:<\/strong> SSH timeout.<br\/>\n<strong>Fix checklist:<\/strong>\n&#8211; Security group inbound rule allows TCP 22 from your current public IP.\n&#8211; Instance has a public IP\/EIP and is reachable.\n&#8211; No local firewall\/VPN is blocking outbound 22.\n&#8211; Instance is in the Running state.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 8 (Optional): Verify Dedicated Host placement via Alibaba Cloud CLI<\/h3>\n\n\n\n<p>If you want an additional verification path, install and configure Alibaba Cloud CLI:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>CLI overview: https:\/\/www.alibabacloud.com\/help\/en\/alibaba-cloud-cli\/latest\/what-is-alibaba-cloud-cli<\/li>\n<\/ul>\n\n\n\n<p>Then list dedicated hosts (command parameters vary by CLI version; verify in CLI docs):<\/p>\n\n\n\n<pre><code class=\"language-bash\">aliyun ecs DescribeDedicatedHosts --RegionId &lt;your-region-id&gt;\n<\/code><\/pre>\n\n\n\n<p>And describe the instance to confirm the dedicated host ID:<\/p>\n\n\n\n<pre><code class=\"language-bash\">aliyun ecs DescribeInstances --RegionId &lt;your-region-id&gt; --InstanceIds '[\"&lt;your-instance-id&gt;\"]'\n<\/code><\/pre>\n\n\n\n<p><strong>Expected outcome:<\/strong> CLI output includes the instance details showing association with your Dedicated Host.<\/p>\n\n\n\n<p><strong>Note:<\/strong> If CLI parameters differ in your environment, follow the latest CLI ECS command reference and API parameter names.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Validation<\/h3>\n\n\n\n<p>You have completed the lab if all are true:\n&#8211; A Dedicated Host exists in ECS console.\n&#8211; An ECS instance is running and shows it is associated with that Dedicated Host (host ID match).\n&#8211; You can SSH into the instance (if you enabled public access) and run basic commands.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Troubleshooting<\/h3>\n\n\n\n<p><strong>Issue: Dedicated Host creation fails due to quota<\/strong>\n&#8211; Check <strong>Quota Center<\/strong> for ECS\/Dedicated Host limits.\n&#8211; Try a different region\/zone.\n&#8211; Request a quota increase if necessary.<\/p>\n\n\n\n<p><strong>Issue: No suitable instance types<\/strong>\n&#8211; Not all instance families are supported on DDH in all regions.\n&#8211; Choose from the recommended\/compatible instance types shown in the console when you select Dedicated Host placement.<\/p>\n\n\n\n<p><strong>Issue: Instance won\u2019t start on DDH<\/strong>\n&#8211; Ensure the instance is in the <strong>same zone<\/strong> as the DDH.\n&#8211; Ensure you selected the correct host during creation.\n&#8211; Try a smaller instance type or check available vCPU\/memory on the DDH.<\/p>\n\n\n\n<p><strong>Issue: SSH access fails<\/strong>\n&#8211; Confirm security group rules.\n&#8211; Confirm you used the correct username for the selected image.\n&#8211; Confirm the key pair was selected at creation.\n&#8211; If you assigned an EIP, ensure it is bound to the instance and routing is correct.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Cleanup<\/h3>\n\n\n\n<p>To avoid ongoing charges, clean up in this order:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\n<p><strong>Terminate\/Release the ECS instance<\/strong>\n   &#8211; ECS Console \u2192 Instances \u2192 select instance \u2192 More \u2192 Release (wording varies).\n   &#8211; Confirm instance is fully released.<\/p>\n<\/li>\n<li>\n<p><strong>Release the Dedicated Host<\/strong>\n   &#8211; ECS Console \u2192 Dedicated Hosts \u2192 select host \u2192 Release.\n   &#8211; If release is blocked, confirm there are <strong>no instances<\/strong> on the host.<\/p>\n<\/li>\n<li>\n<p>Optional cleanup (if created):\n   &#8211; Release EIP\n   &#8211; Delete security group (if not used elsewhere)\n   &#8211; Delete vSwitch and VPC (ensure nothing else depends on them)\n   &#8211; Delete snapshots (if any)<\/p>\n<\/li>\n<\/ol>\n\n\n\n<p><strong>Expected outcome:<\/strong> No billable DDH resources remain in the region.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">11. Best Practices<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Architecture best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Use Dedicated Host selectively<\/strong>: Put only regulated\/licensed\/performance-critical tiers on DDH. Keep stateless or bursty tiers on shared ECS.<\/li>\n<li><strong>Design for availability<\/strong>: A single host is a single failure domain. For HA:<\/li>\n<li>Use multiple dedicated hosts, ideally across zones where possible.<\/li>\n<li>Use load balancers and health checks.<\/li>\n<li><strong>Avoid capacity fragmentation<\/strong>: Standardize instance sizes to improve packing efficiency.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">IAM\/security best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use <strong>RAM roles<\/strong> and least privilege:<\/li>\n<li>Separate roles for host management vs instance operations.<\/li>\n<li>Require approvals for releasing hosts in production.<\/li>\n<li>Enforce <strong>MFA<\/strong> for privileged RAM users.<\/li>\n<li>Use <strong>ActionTrail<\/strong> and route logs to a protected storage location.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Cost best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Track <strong>host utilization<\/strong> (allocated vs available CPU\/memory).<\/li>\n<li>Use <strong>tags<\/strong> like <code>env=prod<\/code>, <code>owner=team-x<\/code>, <code>cost-center=1234<\/code>, <code>workload=db<\/code>.<\/li>\n<li>Set budgets\/alerts for Dedicated Host spending.<\/li>\n<li>Prefer <strong>pay-as-you-go for labs<\/strong>, and ensure cleanup.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Performance best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Right-size instance types to workload needs.<\/li>\n<li>Select disk types (ESSD tiers) based on real IOPS\/latency requirements.<\/li>\n<li>Use placement to separate noisy internal workloads even within your own account (e.g., keep batch jobs off hosts running latency-critical services).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Reliability best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Implement backups (snapshots, database backups) and test restores.<\/li>\n<li>Use multi-host strategy for critical services.<\/li>\n<li>Automate instance provisioning using images and infrastructure-as-code (Terraform is commonly used on Alibaba Cloud\u2014verify provider support for dedicated host resources).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Operations best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Maintain a capacity plan per environment:<\/li>\n<li>baseline capacity<\/li>\n<li>growth forecast<\/li>\n<li>failover headroom<\/li>\n<li>Document host lifecycle procedures:<\/li>\n<li>provisioning<\/li>\n<li>maintenance windows<\/li>\n<li>decommissioning<\/li>\n<li>Standardize naming:<\/li>\n<li><code>ddh-&lt;env&gt;-&lt;zone&gt;-&lt;team&gt;-&lt;index&gt;<\/code><\/li>\n<li><code>ecs-&lt;app&gt;-&lt;env&gt;-&lt;role&gt;-&lt;index&gt;<\/code><\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Governance\/tagging\/naming best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Mandatory tags for all hosts and instances.<\/li>\n<li>Resource groups per environment (dev\/test\/prod) or per business unit.<\/li>\n<li>Periodic reviews:<\/li>\n<li>unused hosts<\/li>\n<li>underutilized hosts<\/li>\n<li>instances missing tags<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">12. Security Considerations<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Identity and access model<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Dedicated Host is controlled via Alibaba Cloud <strong>RAM<\/strong>.<\/li>\n<li>Implement:<\/li>\n<li>Least privilege policies for <code>DedicatedHost*<\/code> and ECS instance actions.<\/li>\n<li>Separate duties (host provisioning vs instance operations vs auditing).<\/li>\n<li>Logging and change management.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Encryption<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>For data at rest, use <strong>encrypted cloud disks<\/strong> if supported for your region\/disk type.<\/li>\n<li>For data in transit:<\/li>\n<li>Use TLS for application traffic.<\/li>\n<li>Use SSH keys for admin access.<\/li>\n<\/ul>\n\n\n\n<blockquote>\n<p>Dedicated Host does not inherently encrypt your data; encryption depends on the storage and application layers.<\/p>\n<\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\">Network exposure<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Keep instances private in VPC by default.<\/li>\n<li>Use controlled ingress patterns:<\/li>\n<li>SLB for application traffic<\/li>\n<li>Bastion host or VPN for admin access<\/li>\n<li>Restrict security group rules to least access:<\/li>\n<li>SSH from admin CIDRs only<\/li>\n<li>No broad inbound <code>0.0.0.0\/0<\/code> unless unavoidable and protected by additional controls<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Secrets handling<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Avoid baking secrets into images.<\/li>\n<li>Use a secrets manager approach appropriate for Alibaba Cloud (verify current recommended services and patterns in official docs).<\/li>\n<li>Rotate credentials and keys regularly.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Audit\/logging<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Enable <strong>ActionTrail<\/strong> and retain logs according to policy.<\/li>\n<li>Collect OS and application logs (Log Service\/SLS is commonly used on Alibaba Cloud; verify your regional availability and compliance requirements).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Compliance considerations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Dedicated Host helps with <strong>single-tenant compute<\/strong> requirements, but compliance also depends on:<\/li>\n<li>access controls<\/li>\n<li>encryption<\/li>\n<li>logging<\/li>\n<li>vulnerability management<\/li>\n<li>incident response<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Common security mistakes<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Assuming Dedicated Host replaces network security controls.<\/li>\n<li>Overexposing instances with public IPs and broad security group rules.<\/li>\n<li>Failing to log and audit host\/instance lifecycle actions.<\/li>\n<li>Not restricting who can release or reconfigure Dedicated Hosts.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Secure deployment recommendations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use a private VPC design, with controlled ingress and egress.<\/li>\n<li>Enforce tagging and policy-as-code where possible.<\/li>\n<li>Apply vulnerability management and patching to the guest OS.<\/li>\n<li>Maintain documented runbooks for host and instance incidents.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">13. Limitations and Gotchas<\/h2>\n\n\n\n<blockquote>\n<p>Exact limits and behaviors can differ by region and host type. Confirm with official ECS documentation and your account\u2019s quota settings.<\/p>\n<\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\">Known limitations \/ common constraints<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Zone binding<\/strong>: Dedicated Hosts are typically created in a specific zone; ECS instances must match the zone.<\/li>\n<li><strong>Instance type compatibility<\/strong>: Not all ECS instance types\/families can be deployed on Dedicated Host.<\/li>\n<li><strong>Capacity fragmentation<\/strong>: You may be unable to place an instance even if total remaining resources seem sufficient.<\/li>\n<li><strong>Billing while idle<\/strong>: Dedicated Host costs accrue even if no instances are running (depending on billing model).<\/li>\n<li><strong>Lifecycle dependency<\/strong>: You often cannot release a Dedicated Host while it still has instances deployed.<\/li>\n<li><strong>Operational overhead<\/strong>: Requires ongoing capacity planning and utilization management.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Quotas<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Number of Dedicated Hosts per region.<\/li>\n<li>Possibly per host type.<\/li>\n<li>vCPU\/memory caps per account or zone.<\/li>\n<li>These quotas may be adjustable via support request.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Regional constraints<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Certain host types may exist only in selected regions\/zones.<\/li>\n<li>Some compliance features, disk types, or monitoring features may vary.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Pricing surprises<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Underutilization is the most common cost pitfall.<\/li>\n<li>High-performance disk tiers and snapshots can exceed compute costs.<\/li>\n<li>Public egress charges can be significant.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Compatibility issues<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Some images or instance families may not be supported with certain dedicated host types.<\/li>\n<li>Some automation and scaling tools may have limitations with dedicated placement (verify before adopting).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Migration challenges<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Moving from shared ECS to DDH typically means redeploying instances onto DDH (image-based migration can help).<\/li>\n<li>Planning downtime or using blue\/green deployment is often required.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Vendor-specific nuances<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Dedicated Host provides single-tenant host isolation but still uses the cloud control plane.<\/li>\n<li>Hardware maintenance events and failover behavior are cloud-managed; understand what is and isn\u2019t guaranteed in SLAs and documentation.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">14. Comparison with Alternatives<\/h2>\n\n\n\n<p>Dedicated Host is one option in the Alibaba Cloud Computing portfolio. Here\u2019s how it compares to common alternatives.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Key alternatives<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Alibaba Cloud ECS (shared tenancy)<\/strong>: Standard multi-tenant compute instances.<\/li>\n<li><strong>Alibaba Cloud ECS Bare Metal Instance<\/strong>: Bare metal compute (no virtualization layer) for maximum performance and hardware-level control.<\/li>\n<li><strong>Other clouds<\/strong>:<\/li>\n<li>AWS Dedicated Hosts<\/li>\n<li>Azure Dedicated Host<\/li>\n<li>Google Cloud Sole-tenant nodes<\/li>\n<li><strong>Self-managed<\/strong>:<\/li>\n<li>On-prem virtualization or bare metal in colocation facilities<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Comparison table<\/h3>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Option<\/th>\n<th>Best For<\/th>\n<th>Strengths<\/th>\n<th>Weaknesses<\/th>\n<th>When to Choose<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>Alibaba Cloud Dedicated Host<\/strong><\/td>\n<td>Single-tenant host isolation with ECS management<\/td>\n<td>Host-level isolation, placement control, ECS ecosystem integration<\/td>\n<td>Requires capacity planning; can be costly if underutilized; instance type constraints<\/td>\n<td>Compliance\/BYOL\/predictable performance needs<\/td>\n<\/tr>\n<tr>\n<td><strong>Alibaba Cloud ECS (shared)<\/strong><\/td>\n<td>General-purpose workloads, elastic scaling<\/td>\n<td>Simplicity, broad instance selection, lower entry cost<\/td>\n<td>Multi-tenant \u201cnoisy neighbor\u201d risk; less isolation<\/td>\n<td>Most web apps, dev\/test, bursty workloads<\/td>\n<\/tr>\n<tr>\n<td><strong>Alibaba Cloud ECS Bare Metal Instance<\/strong><\/td>\n<td>Maximum performance, specialized workloads<\/td>\n<td>Direct hardware performance, strong isolation<\/td>\n<td>Less VM flexibility; may have different operational patterns and availability constraints<\/td>\n<td>High-performance databases, NFV, custom virtualization stacks<\/td>\n<\/tr>\n<tr>\n<td><strong>AWS Dedicated Hosts<\/strong><\/td>\n<td>Dedicated host model on AWS<\/td>\n<td>Mature ecosystem, license mobility options<\/td>\n<td>Different APIs\/constraints; cost<\/td>\n<td>When you are standardized on AWS<\/td>\n<\/tr>\n<tr>\n<td><strong>Azure Dedicated Host<\/strong><\/td>\n<td>Dedicated hosts in Azure<\/td>\n<td>Integration with Azure governance<\/td>\n<td>Similar capacity planning complexity<\/td>\n<td>When you are standardized on Azure<\/td>\n<\/tr>\n<tr>\n<td><strong>GCP Sole-tenant nodes<\/strong><\/td>\n<td>Dedicated compute nodes in GCP<\/td>\n<td>Strong GCP integration<\/td>\n<td>Similar complexity; product differences<\/td>\n<td>When you are standardized on GCP<\/td>\n<\/tr>\n<tr>\n<td><strong>On-prem \/ colo<\/strong><\/td>\n<td>Full control, custom hardware<\/td>\n<td>Maximum control, data locality<\/td>\n<td>CapEx\/ops burden, longer procurement cycles<\/td>\n<td>Strict data locality, special hardware, long-lived stable workloads<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">15. Real-World Example<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Enterprise example: Regulated payment platform with license constraints<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> A regulated payments company must isolate sensitive transaction processing and align deployment with commercial software licensing based on physical host boundaries. They also need clear audit evidence and predictable performance.<\/li>\n<li><strong>Proposed architecture:<\/strong><\/li>\n<li>Two zones in a region (where available)<\/li>\n<li>A pool of Dedicated Hosts per zone<\/li>\n<li>ECS instances for app and middleware tiers placed on DDH<\/li>\n<li>Managed database service (or self-managed DB on ECS) in private subnets<\/li>\n<li>SLB for inbound traffic, WAF\/edge controls (if used), NAT for controlled egress<\/li>\n<li>CloudMonitor alarms and ActionTrail for audit<\/li>\n<li><strong>Why Dedicated Host was chosen:<\/strong><\/li>\n<li>Single-tenant compute boundary for compliance<\/li>\n<li>Improved performance predictability<\/li>\n<li>Better alignment with vendor licensing rules (after legal review)<\/li>\n<li><strong>Expected outcomes:<\/strong><\/li>\n<li>Reduced audit friction with clearer infrastructure isolation<\/li>\n<li>More consistent latency during peak transaction windows<\/li>\n<li>Improved governance via host-level capacity pools and tagging<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Startup\/small-team example: Premium isolated tier for B2B SaaS<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> A B2B SaaS startup has a few enterprise customers demanding dedicated infrastructure isolation and predictable performance, but the rest of the platform can remain multi-tenant.<\/li>\n<li><strong>Proposed architecture:<\/strong><\/li>\n<li>Standard SaaS runs on shared ECS with autoscaling<\/li>\n<li>Premium tier runs on a small Dedicated Host pool<\/li>\n<li>Separate VPC or subnet segmentation per premium tenant<\/li>\n<li>Centralized logging, monitoring, and CI\/CD pipelines across both tiers<\/li>\n<li><strong>Why Dedicated Host was chosen:<\/strong><\/li>\n<li>Provides a \u201cdedicated compute\u201d SKU without building a separate on-prem footprint<\/li>\n<li>Keeps most workloads cost-efficient on shared ECS<\/li>\n<li><strong>Expected outcomes:<\/strong><\/li>\n<li>Ability to close enterprise deals with isolation requirements<\/li>\n<li>Controlled incremental cost (hosts only for premium tenants)<\/li>\n<li>Operational consistency (still ECS-based)<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">16. FAQ<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">1) What is Alibaba Cloud Dedicated Host?<\/h3>\n\n\n\n<p>Dedicated Host is an ECS capability that allocates a <strong>physical host dedicated to your account<\/strong>, allowing you to run ECS instances on single-tenant hardware.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">2) Is Dedicated Host the same as bare metal?<\/h3>\n\n\n\n<p>No. Dedicated Host typically still runs <strong>virtualized ECS instances<\/strong> on a dedicated physical server. <strong>ECS Bare Metal Instance<\/strong> is a separate option when you require non-virtualized bare metal performance. Verify current product specifics in official docs.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">3) Do I still use VPC and security groups with Dedicated Host?<\/h3>\n\n\n\n<p>Yes. ECS instances on Dedicated Host use the standard ECS networking model: <strong>VPC<\/strong>, <strong>vSwitch<\/strong>, and <strong>security groups<\/strong>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">4) Can I choose which host my instance runs on?<\/h3>\n\n\n\n<p>In most Dedicated Host workflows, yes\u2014you can select a specific host for placement. Some regions may also support group\/cluster placement strategies. Verify your region\u2019s console options.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">5) Are all ECS instance types supported on Dedicated Host?<\/h3>\n\n\n\n<p>No. Supported instance families depend on region and host type. Always check the instance type list shown when creating an instance with Dedicated Host placement.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">6) Does Dedicated Host guarantee better performance?<\/h3>\n\n\n\n<p>It often improves <strong>predictability<\/strong> by removing cross-tenant contention, but performance still depends on instance type, disk performance, network design, and workload behavior.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">7) What happens if I don\u2019t fully utilize a Dedicated Host?<\/h3>\n\n\n\n<p>You still pay for the host (depending on billing method). Underutilization is a common cost pitfall\u2014monitor utilization and right-size.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">8) Can I stop all instances and stop paying for the host?<\/h3>\n\n\n\n<p>Not necessarily. Dedicated Host billing is host-based. Stopping instances might not stop host charges. Verify billing rules for your host SKU and billing method.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">9) How do I prove to auditors that I\u2019m using Dedicated Host?<\/h3>\n\n\n\n<p>You can show host allocation in the ECS console\/API outputs, billing records, and resource configurations. Confirm what artifacts your auditors accept and what Alibaba Cloud documents provide.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">10) Can I use encrypted disks on ECS instances running on Dedicated Host?<\/h3>\n\n\n\n<p>In many regions, yes\u2014disk encryption is a disk feature, not strictly a host feature. Verify encryption support for your disk type and region.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">11) Can I use Auto Scaling with Dedicated Host?<\/h3>\n\n\n\n<p>This depends on current ECS\/Auto Scaling integration features and placement constraints. If autoscaling is required, validate the latest Auto Scaling documentation and test behavior in a staging environment.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">12) Is Dedicated Host regional or global?<\/h3>\n\n\n\n<p>Dedicated Host is created in a <strong>specific region<\/strong> and typically a <strong>specific zone<\/strong>. It is not a global resource.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">13) Can I move an instance from one Dedicated Host to another?<\/h3>\n\n\n\n<p>Migration capabilities depend on ECS features, instance family, and region. In many clouds, such moves may require stop\/start or redeploy. Verify supported migration methods in official docs.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">14) What is the biggest operational risk with Dedicated Host?<\/h3>\n\n\n\n<p>Capacity planning and fragmentation. You must ensure enough headroom and that your instance shapes fit the remaining capacity.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">15) When should I prefer shared ECS over Dedicated Host?<\/h3>\n\n\n\n<p>For most general workloads, dev\/test, and highly elastic services where host-level isolation is unnecessary, shared ECS is simpler and usually more cost-efficient.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">16) Does Dedicated Host isolate me from all other customers completely?<\/h3>\n\n\n\n<p>It provides a single-tenant <strong>host<\/strong> boundary for compute. You still use shared cloud services (control plane, network fabric, managed services). Treat it as one layer in a defense-in-depth strategy.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">17) Do Dedicated Hosts support snapshots and images like normal ECS?<\/h3>\n\n\n\n<p>Typically yes, because your instances are standard ECS instances. Confirm any limitations for your specific instance families.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">17. Top Online Resources to Learn Dedicated Host<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Resource Type<\/th>\n<th>Name<\/th>\n<th>Why It Is Useful<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>Official documentation<\/td>\n<td>Alibaba Cloud ECS Documentation (Dedicated Host entry point) \u2014 https:\/\/www.alibabacloud.com\/help\/en\/ecs<\/td>\n<td>Primary reference for DDH concepts, workflows, limits, and region-specific notes<\/td>\n<\/tr>\n<tr>\n<td>Official product page<\/td>\n<td>Dedicated Host product page \u2014 https:\/\/www.alibabacloud.com\/product\/dedicated-host<\/td>\n<td>High-level overview and links into docs\/pricing<\/td>\n<\/tr>\n<tr>\n<td>Official pricing<\/td>\n<td>Alibaba Cloud Pricing \u2014 https:\/\/www.alibabacloud.com\/pricing<\/td>\n<td>Starting point for pricing; follow links to product-level pricing<\/td>\n<\/tr>\n<tr>\n<td>Pricing calculator<\/td>\n<td>Alibaba Cloud Calculator \u2014 https:\/\/www.alibabacloud.com\/calculator<\/td>\n<td>Region-aware estimation (availability may vary)<\/td>\n<\/tr>\n<tr>\n<td>Official console<\/td>\n<td>Alibaba Cloud Console \u2014 https:\/\/home.console.aliyun.com\/<\/td>\n<td>Where you actually create DDH and ECS instances<\/td>\n<\/tr>\n<tr>\n<td>Official CLI docs<\/td>\n<td>Alibaba Cloud CLI \u2014 https:\/\/www.alibabacloud.com\/help\/en\/alibaba-cloud-cli\/latest\/what-is-alibaba-cloud-cli<\/td>\n<td>Automation and verification using CLI<\/td>\n<\/tr>\n<tr>\n<td>Official API reference<\/td>\n<td>ECS API (search \u201cDedicatedHost\u201d actions) \u2014 https:\/\/www.alibabacloud.com\/help\/en\/ecs\/developer-reference\/api-reference<\/td>\n<td>Programmatic operations like CreateDedicatedHost\/DescribeDedicatedHosts (verify API names\/versions)<\/td>\n<\/tr>\n<tr>\n<td>Official security\/audit<\/td>\n<td>ActionTrail documentation \u2014 https:\/\/www.alibabacloud.com\/help\/en\/actiontrail<\/td>\n<td>Audit who did what in your Alibaba Cloud account<\/td>\n<\/tr>\n<tr>\n<td>Official monitoring<\/td>\n<td>CloudMonitor documentation \u2014 https:\/\/www.alibabacloud.com\/help\/en\/cloudmonitor<\/td>\n<td>Metrics and alerts for ECS and related resources<\/td>\n<\/tr>\n<tr>\n<td>Community learning<\/td>\n<td>Alibaba Cloud community portal \u2014 https:\/\/www.alibabacloud.com\/blog<\/td>\n<td>Practical articles (validate against current official docs for accuracy)<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">18. Training and Certification Providers<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Institute<\/th>\n<th>Suitable Audience<\/th>\n<th>Likely Learning Focus<\/th>\n<th>Mode<\/th>\n<th>Website URL<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>DevOpsSchool.com<\/td>\n<td>Cloud\/DevOps engineers, SREs, platform teams<\/td>\n<td>DevOps practices, cloud operations, infrastructure automation (verify current course catalog)<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.devopsschool.com\/<\/td>\n<\/tr>\n<tr>\n<td>ScmGalaxy.com<\/td>\n<td>Beginners to intermediate DevOps learners<\/td>\n<td>SCM, CI\/CD, DevOps foundations (verify current offerings)<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.scmgalaxy.com\/<\/td>\n<\/tr>\n<tr>\n<td>CLoudOpsNow.in<\/td>\n<td>Cloud operations practitioners<\/td>\n<td>CloudOps operations, monitoring, reliability practices (verify current offerings)<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.cloudopsnow.in\/<\/td>\n<\/tr>\n<tr>\n<td>SreSchool.com<\/td>\n<td>SREs and operations engineers<\/td>\n<td>SRE principles, observability, incident response (verify current offerings)<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.sreschool.com\/<\/td>\n<\/tr>\n<tr>\n<td>AiOpsSchool.com<\/td>\n<td>Ops teams exploring AIOps<\/td>\n<td>AIOps concepts, automation, operations analytics (verify current offerings)<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.aiopsschool.com\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">19. Top Trainers<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Platform\/Site<\/th>\n<th>Likely Specialization<\/th>\n<th>Suitable Audience<\/th>\n<th>Website URL<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>RajeshKumar.xyz<\/td>\n<td>DevOps\/cloud training content (verify specific focus areas)<\/td>\n<td>Individuals and teams seeking guided training<\/td>\n<td>https:\/\/rajeshkumar.xyz\/<\/td>\n<\/tr>\n<tr>\n<td>devopstrainer.in<\/td>\n<td>DevOps training and mentoring (verify current programs)<\/td>\n<td>Beginners to intermediate DevOps practitioners<\/td>\n<td>https:\/\/www.devopstrainer.in\/<\/td>\n<\/tr>\n<tr>\n<td>devopsfreelancer.com<\/td>\n<td>Freelance DevOps consulting\/training platform (verify offerings)<\/td>\n<td>Teams needing short-term help or coaching<\/td>\n<td>https:\/\/www.devopsfreelancer.com\/<\/td>\n<\/tr>\n<tr>\n<td>devopssupport.in<\/td>\n<td>DevOps support and training resources (verify offerings)<\/td>\n<td>Ops\/DevOps teams seeking hands-on support<\/td>\n<td>https:\/\/www.devopssupport.in\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">20. Top Consulting Companies<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Company<\/th>\n<th>Likely Service Area<\/th>\n<th>Where They May Help<\/th>\n<th>Consulting Use Case Examples<\/th>\n<th>Website URL<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>cotocus.com<\/td>\n<td>Cloud\/DevOps consulting (verify current services)<\/td>\n<td>Cloud architecture, DevOps implementation, operations processes<\/td>\n<td>Designing ECS + Dedicated Host landing zones; cost optimization; security baseline implementation<\/td>\n<td>https:\/\/cotocus.com\/<\/td>\n<\/tr>\n<tr>\n<td>DevOpsSchool.com<\/td>\n<td>DevOps consulting and enablement (verify current services)<\/td>\n<td>DevOps transformation, CI\/CD, cloud operations coaching<\/td>\n<td>Building IaC pipelines; observability stack design; \uc6b4\uc601 runbooks and SRE practices<\/td>\n<td>https:\/\/www.devopsschool.com\/<\/td>\n<\/tr>\n<tr>\n<td>DEVOPSCONSULTING.IN<\/td>\n<td>DevOps consulting (verify current services)<\/td>\n<td>Implementation support, process improvements, automation<\/td>\n<td>Migrating workloads to Alibaba Cloud; standardizing deployment pipelines; monitoring and alerting setup<\/td>\n<td>https:\/\/www.devopsconsulting.in\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">21. Career and Learning Roadmap<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">What to learn before Dedicated Host<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Core cloud networking<\/strong>: VPC, subnets (vSwitch), route tables, NAT, private connectivity<\/li>\n<li><strong>Compute fundamentals<\/strong>: ECS instances, images, disks, security groups<\/li>\n<li><strong>Linux administration<\/strong>: SSH, systemd, logs, patching<\/li>\n<li><strong>IAM basics (RAM)<\/strong>: users, roles, policies, MFA<\/li>\n<li><strong>Observability<\/strong>: metrics, logs, alerting, incident basics<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">What to learn after Dedicated Host<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>High availability design<\/strong> on Alibaba Cloud:<\/li>\n<li>Multi-zone architectures<\/li>\n<li>Load balancing and failover patterns<\/li>\n<li><strong>Infrastructure as Code<\/strong>:<\/li>\n<li>Terraform (verify Alibaba Cloud provider support for Dedicated Host resources)<\/li>\n<li>CI\/CD pipelines for infrastructure<\/li>\n<li><strong>Security engineering<\/strong>:<\/li>\n<li>Centralized logging<\/li>\n<li>Threat detection and vulnerability management<\/li>\n<li>Policy-as-code and continuous compliance<\/li>\n<li><strong>Cost management<\/strong>:<\/li>\n<li>Tag-based allocation<\/li>\n<li>Utilization reporting<\/li>\n<li>Budgeting and governance<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Job roles that use it<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Cloud Solutions Architect<\/li>\n<li>Platform Engineer<\/li>\n<li>DevOps Engineer<\/li>\n<li>Site Reliability Engineer (SRE)<\/li>\n<li>Cloud Security Engineer<\/li>\n<li>Infrastructure\/Systems Engineer<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Certification path (if available)<\/h3>\n\n\n\n<p>Alibaba Cloud certification offerings change over time. Check Alibaba Cloud certification pages and training partners for current tracks that include ECS and architecture topics. Dedicated Host is typically covered as part of ECS\/architecture learning rather than as a standalone certification.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Project ideas for practice<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Build a two-tier app where the database tier runs on Dedicated Host and the web tier runs on shared ECS.<\/li>\n<li>Create a \u201cpremium tenant\u201d template: one DDH + isolated subnet + hardened security group + monitoring.<\/li>\n<li>Implement tagging and budget alarms for a dedicated host pool.<\/li>\n<li>Document a capacity plan: packing strategy, headroom targets, instance standardization.<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">22. Glossary<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Alibaba Cloud<\/strong>: Cloud provider offering ECS, VPC, storage, databases, and governance services.<\/li>\n<li><strong>Computing<\/strong>: Service category covering compute infrastructure like ECS and host-level offerings.<\/li>\n<li><strong>ECS (Elastic Compute Service)<\/strong>: Alibaba Cloud virtual machine service.<\/li>\n<li><strong>Dedicated Host (DDH)<\/strong>: A physical host dedicated to a single Alibaba Cloud account for running ECS instances.<\/li>\n<li><strong>Region<\/strong>: Geographic area containing multiple zones (e.g., a city\/metro).<\/li>\n<li><strong>Zone<\/strong>: Isolated location within a region; often maps to a data center site.<\/li>\n<li><strong>VPC (Virtual Private Cloud)<\/strong>: Private network in Alibaba Cloud.<\/li>\n<li><strong>vSwitch<\/strong>: Subnet within a VPC, tied to a specific zone.<\/li>\n<li><strong>Security Group<\/strong>: Stateful virtual firewall controlling inbound\/outbound traffic for ECS instances.<\/li>\n<li><strong>EIP (Elastic IP Address)<\/strong>: Public IP that can be bound to ECS instances.<\/li>\n<li><strong>Cloud Disk<\/strong>: Block storage attached to ECS instances.<\/li>\n<li><strong>Snapshot<\/strong>: Point-in-time backup of a cloud disk.<\/li>\n<li><strong>RAM (Resource Access Management)<\/strong>: Alibaba Cloud IAM service for users, roles, and permissions.<\/li>\n<li><strong>ActionTrail<\/strong>: Alibaba Cloud audit logging for API and console actions.<\/li>\n<li><strong>CloudMonitor<\/strong>: Alibaba Cloud monitoring service for metrics and alarms.<\/li>\n<li><strong>BYOL<\/strong>: Bring Your Own License\u2014using your existing software licenses on cloud infrastructure (subject to license terms).<\/li>\n<li><strong>Capacity fragmentation<\/strong>: When remaining host resources cannot satisfy an instance shape due to allocation constraints.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">23. Summary<\/h2>\n\n\n\n<p>Alibaba Cloud <strong>Dedicated Host<\/strong> is a Computing service that provides <strong>single-tenant physical hosts<\/strong> for running <strong>ECS instances<\/strong> with stronger isolation, improved performance predictability, and better alignment with certain compliance and licensing needs.<\/p>\n\n\n\n<p>It fits best when you need host-level control\u2014such as regulated workloads, BYOL scenarios, or premium isolated tiers\u2014while still benefiting from ECS features like images, cloud disks, VPC networking, and cloud-native monitoring.<\/p>\n\n\n\n<p>Cost and security are tightly linked with Dedicated Host:\n&#8211; <strong>Cost<\/strong>: The biggest driver is host underutilization. Plan capacity carefully, standardize instance shapes, and track utilization with tags and monitoring.\n&#8211; <strong>Security<\/strong>: Dedicated Host improves physical isolation, but you still need RAM least privilege, secure networking (VPC + security groups), encryption, and auditing (ActionTrail).<\/p>\n\n\n\n<p>If you\u2019re new to Dedicated Host, the best next step is to repeat the lab in a non-production environment, then design a small multi-host architecture that meets your availability goals and validates your cost model using the official Alibaba Cloud pricing pages and calculator.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Computing<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2,5],"tags":[],"class_list":["post-18","post","type-post","status-publish","format-standard","hentry","category-alibaba-cloud","category-computing"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts\/18","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/comments?post=18"}],"version-history":[{"count":0,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts\/18\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/media?parent=18"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/categories?post=18"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/tags?post=18"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}