SOFAStack introduces the concept of a workspace on top of underlying Alibaba Cloud resources. A workspace is a group of resources that share network connectivity, a consistent security policy, and minimal access latency. Workspaces allow you to easily group and manage resources. For example, you can create separate workspaces for development, testing, and production based on your delivery needs. Resources in different workspaces are isolated from each other. You can assign separate operator permissions to manage each workspace.
To support high availability (HA), a workspace can span multiple zones but not multiple regions. You must allocate resources for applications in each workspace. Different workspaces can host different application versions. The relationship between applications, workspaces, regions, and zones is shown in the following figure:
After you create a workspace, you can centrally manage and perform operations and maintenance (O&M) on its underlying resources. You can also use other SOFAStack products in each workspace, such as Classic Application Service, Real-time Monitoring, and Key Management Service.
Workspace isolation
Resources in different workspaces are isolated from each other. For VPC-based workspaces, this isolation is achieved using a virtual private cloud (VPC). Each workspace corresponds to a single VPC, creating an independent and logically isolated private network.
Workspace resource binding
Resource binding is the process of importing purchased or created Infrastructure as a Service (IaaS) resources into a target workspace so they can be managed as a group.
To import resources in a VPC, you can attach the VPC to the current workspace. The ECS instances, disks, snapshots, security groups, and private-network SLB instances in that VPC are then automatically imported into the workspace.
For workspaces created in regions that support only the VPC network type, you must attach a VPC before you can use the workspace.
You can manually import other resources, such as RDS, OTS, OCS, and OSS, from the resource list page in the resource management section of the workspace.
You can also remove imported resources from a workspace. When you remove a resource, it is unlinked from the workspace but is not deleted. You can continue to manage the resource in the Alibaba Cloud Management Console and import it into another workspace at a later time.
Resource metadata synchronization
After you import resources into a workspace, their metadata from Alibaba Cloud is periodically synchronized to the SOFAStack platform. For example, if you change the instance type of an ECS instance in the Alibaba Cloud Management Console, the change is reflected in the workspace's resource management section after the next synchronization. The current data synchronization epoch is about 5 minutes.
First, prepare your resources in the Alibaba Cloud Management Console. This includes actions such as purchasing instances or changing specifications. Then, import the resources into the target workspace using the resource management feature. After the import is complete, you can perform regular O&M operations from within the workspace's resource management section. To prevent unexpected results caused by data synchronization delays, avoid making changes in both the Alibaba Cloud Management Console and the SOFAStack platform at the same time.