Is it able to ssh to google compute engine virtual machines from mainland China directly (there is no direct access to any google websites)? If the line is unstable or blocked, can we get a good user experience by deploying a proxy server in Hong Kong or some accessible data center in US ?
Google Cloud Platform do not have any restriction on the traffic coming from China.
By looking at your comment, it seems like you are experiencing some issues while accessing Google Cloud Platform products from within
mainland China. It might be caused by networking conditions
in China, rather than Google's own services.
If you required any technical assistance with this issue, you could contact one of Google's Technological partners
Our transparency report found here may also be useful:
Note: If you are interested in setting up any workload connected with Google Cloud Platform in Hong Kong region, you may also use this help center article. As per the article, the Hong Kong cloud region currently offers services like compute, storage, security & networking. These services can be used alongside with various other Google Cloud Platform products(or any compatible outside products) according to your purpose/needs.
Related
today I got an email that my project was mining cryptocurrencies and the instance was blocked, but no cryptocurrencies have ever been mined in the project.
How does google cloud conclude that cryptocurrencies are mined in the project?
I deploy a project in the energy sector based on blockchain technology, but this is only a deployment - I only deploy a project based on ethereum, and I do not know how google claims that I violate the rules of using the cloud.
Anyone had a similar problem? The solution is in the almost production phase and changes at this stage will be costly.
Whatever network monitoring and heurestics Google Cloud applies, we cannot know, because it is their company internal information.
We cannot know either how you violated Google Cloud rules and thus this question and the matter is strictly between you and Google. We are not starting to guess what stuff you run on your servers and so on.
If Google Cloud support is unhelpful, just use some more customer friendly cloud service provider and close your account with them. Generally, your negotiation power resolving issues like this with Google is zero so there is nothing can you do.
Earlier I could able to use Pivotal cloud foundry free subscription to do my poc but now not able to do so and name of cloudfoundry changed to Tanzu.
I would like to understand the timeline history of Cloudfoundry as it keeps changing.
Kindly help.
A brief summary:
Pivotal Web Services came out in roughly 2013. It was a public-facing PaaS operated by Pivotal. It ran on AWS & used the opensource Cloud Foundry bits. It had a selection of services available that were powered by App Direct.
Pivotal Cloud Foundry came out shortly after PWS & was an on-premises version of Cloud Foundry. This was based on the opensource Cloud Foundry but had many things added on top, like a friendly UI over Bosh (Ops Manager), an autoscaler, a scheduler, Apps Manager (similar to the Console on PWS), and many services which you could also install and manage yourself. Over time it came to support multiple IaaS solutions, like vSphere, AWS, GCP & Azure.
When Pivotal was acquired by VMware at the beginning of 2020, the branding switched so that formerly labeled Pivotal products are now under the Tanzu name. VMware continues to develop this software under the Tanzu brand.
At the beginning of 20201, PWS was sunset. It's no longer available, but there are other public CF offerings available, some of which offer free trials as well. You can see them on the CF Foundation's website: https://www.cloudfoundry.org/certified-platforms/.
The Cloud Foundry Foundation continues to publish OSS versions of Cloud Foundry. There is the class version that can be deployed using Bosh on an IaaS (cf-deployment), as well as two newer methods for deploying on Kubernetes (KubeCF & cf-for-k8s).
Regarding the concern on Free Subscription: PWS took its final bow and left the stage back in Jan'21. You are no longer allowed to create org or use PWS anymore. For reference see this article:
https://tanzu.vmware.com/content/pivotal-web-services-blog/pivotal-web-services-end-of-availability-announcement-and-timeline
Cloud Foundry was originally developed by VMware in 2009 and went
public in 2011. Somewhere in 2013-14 Pivotal was formed who led the CF
into open source era. By end of 2019; VMWare completed the acquisition
of Pivotal and named VMware Tanzu..
Below links might be helpful:
https://www.jrebel.com/blog/pivotal-cloud-foundry
https://www.brighttalk.com/webcast/14883/385309/from-pivotal-to-vmware-tanzu-what-you-need-to-know
A little more history in general can be found here:
https://developer.ibm.com/blogs/history-cloud-foundry-1/
https://developer.ibm.com/blogs/history-cloud-foundry-2/
I'm trying to understand the various steps and requirements I need to go through in order to make our website available from China, both on the regulation side (Great Firewall) but also on the technical side (technical limitations and changes to perform) for https://unly.org/
Right now, it doesn't seem to be allowed: http://www.chinafirewalltest.com/?siteurl=https%3A%2F%2Funly.org%2F
I don't need nor want to own a .ch website, I just want to make my website available for Chinese at https://unly.org/. Also, the website is currently hosted on AWS Lambda (using the Serverless framework), and only deployed in the eu-west-1 region (Ireland) only.
The website doesn't sell anything online: It's an information website, not e-commerce.
I've looked into this issue for a few hours, but I'm a bit lost regarding the exact steps needed to make it happen.
Here are a few questions I haven't found answers for:
Does deploying the lambda to cn-north-1 (China Beijing) is a requirement or can Chinese users access my eu-west-1 lambda if I get an ICP license?
Regardless of the deploying region, I seem to need an ICP License, as the AWS FAQ says at
https://www.amazonaws.cn/en/about-aws/china/faqs/#new%20step:
Q: Do I need to file for ICP Recordal or ICP License if I want to host public content on AWS China (Beijing) Region or AWS China (Ningxia) Region?
Yes. In accordance with Chinese laws and regulations, if you use either AWS China Region to host a website providing non-commercial internet information services, you must undertake filing procedures for a non-commercial website (“ICP Recordal”) through the relevant government authority. If you use either AWS China Region to host a website providing commercial internet information services, you must obtain a value-added telecommunications license for a commercial website (“ICP License”) from the relevant government authority. You may be required to produce your ICP Recordal or ICP License, as applicable, before you host public content using one of the AWS China Regions.
AWS China (Beijing) Region is operated by Sinnet, who is responsible for content hosted in the Beijing Region, while AWS China (Ningxia) Region is operated by NWCD, who is responsible for content hosted in the Ningxia Region. Both Sinnet and NWCD provide support at no additional charge for customers seeking ICP related services, though customers are responsible for any fees imposed by the applicable government authorities. To learn more about the filing procedures, please visit Sinnet at http://www.sinnet.com.cn/service.aspx?PartNodeId=35 and NWCD at http://nwcdcloud.cn/ICP.aspx.
As for actually getting the license, it's a bit out of topic here, but I couldn't understand the first provider workflow:
http://www.sinnet.com.cn/en/ website is a mix of english and chinese and I got lost in translation (even when using their english website version)
http://nwcdcloud.cn/ContactUs.aspx seems to require to send an email to support#amazonaws.com.cn, no idea what happens next
Anyway, the process seems to take around 4-6 weeks. So, it likely takes even more time than that.
Regarding the technical details now, it seems like the China region (cn-north-1 Beijing and cn-northwest-1 Ningxia) behave in a very particular way on AWS Lambda.
They only support REGIONAL endpoints
They do not support native Serverless environment variables
See
https://github.com/serverless/serverless/pull/4665#issuecomment-365843810
Lambda - EnvironmentVariablesFeature is not supported in cn-north-1 region
Also, there are technical impacts on the website itself:
Google services are banned, or limited (Google Analytics (limited), Google Tag Manager, Google Fonts (banned)) and must be changed, converted to owned CDN, etc.
And I've probably missed other technical limitations, since that's just those I learned about within 2h of digging around.
Are there other steps I overlooked? (regulation or technical)
Do you have any advices or feedback about how to make a website hosted on AWS Lambda available in China?
Since your question contains several different aspects, I'll split my answer into two parts:
Make your website available from China
From my experience, it doesn't matter whether you're using a .com or .cn domain. You could use a .cn domain to host a Chinese version of your website, of course. But I don't think it would help with any of the problems you describe
For a "standard", international website hosted outside China, it depends on the GFW whether it's accessible from inside China or not. In your case, it seems to be blocked
Google services are banned indeed. There's nothing you can do about it
In order to officially register your website (to get it "unblocked"), you do need an ICP license as you've already found out. A good overview about the registration workflow is given by Alibaba Cloud
I've never went through the complete exercise, but I doubt it's possible without some help from somebody speaking Chinese
AWS Lambda
The setup you describe - deploying lambda functions to two different regions, one being somehow non "standard" (the Chinese one) - might create problems on the techical side as well. I'd suggest starting with a simple (one region) setup first until you get the ICP problem fixed, maybe using some China-aware CDN provider. Or you try with a "standard" AWS region closer to China; for this case, some people recommend the Singapore region.
In general any cloud service provider, GCP in this context, is it not relevant and mandatory for Google to specifically allow consumers to choose data residency and data processing region option for all services? Else serverless option will have serious adoption issue. Please clarify.
Google Cloud have two types of the products available: that have specified location and available globally.
You can deploy resources in specific location, multi-regional for:
Compute: Compute Engine, App Engine, Google Kubernetes Engine, Cloud Functions
Storage & Databases: Cloud Storage, Bigtable, Spanner, Cloud SQL, Firestore, Memorystore, Persistent Disk...
BigData & Machine learning: BigQuery, Composer, Dataflow, Dataproc, AI training,
Networking: VPC, Cloud Load Balancing,
Developer Tools...
Following products are available only globally: Networking, Big Data Pub/Sub, Machine Learning like vision API, Management Tools, Developer Tools, IAM.
For detailed list please check Google Cloud Locations Documentation
Even if the product is available globally, for example PubSub: it is possible to specify where messages are stored.
If the data in transit are the concern, you have to be aware that Google Cloud Platform uses data encryption at Rest. It consists on several layers of encryption to protect customer data.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
Pivotal gives you option to deploy your application with help of Cloud Foundry inside AWS Cloud. I am little confused how PCF and AWS are differ. I know that PCF gives solution using which host (client) can make their own cloud on-premises.
AWS do not provide anything like that. And has lot of other services for elasticity, agility and scalability.
But these two are huge in terms of offerings. Please help in differentiating these two.
PCF is a commercial cloud platform (product) built by Pivotal on top of open source Cloud Foundry. PCF can be deployed on AWS, GCP, OpenStack, VMware vSphere, and some other IaaS platforms.
You should consider using PCF if you want to run your own cloud platform and you don't want to start from scratch.
When using PCF, you can deploy, configure and operate other products provided by Pivotal and their partners, or build your own ones based on your needs.
A typical use case for PCF is when companies want to deploy their applications on-premises for any reason (cost efficiency, flexibility, legal regulations, control over infrastructure, etc.). In this case they decide to use PCF as a leverage to build and operate their own (private) cloud offering. Another use case is when companies don't want to depend on the underlaying IaaS infrastructure. In this scenario, they rely on the fact PCF is IaaS agnostic to give them the ability to migrate if they need to.
These can help you in finding the real difference between PCF and AWS.
https://aws.amazon.com/types-of-cloud-computing/
https://cloudacademy.com/blog/cloud-foundry-benefits/
In two line:
PCF - can be used as PaaS -[Platform as a Service]
AWS - can be used as IaaS -[Infrastructure as a Service]
The most distinct difference between IaaS and PaaS is that IaaS offers administrators more direct control over operating systems, but PaaS offers users greater flexibility and ease of operation.
SaaS examples: BigCommerce, Google Apps, Salesforce, Dropbox, MailChimp, ZenDesk, DocuSign, Slack, Hubspot.
PaaS examples: AWS Elastic Beanstalk, Heroku, Windows Azure (mostly used as PaaS), Force.com, OpenShift, Apache Stratos, Magento Commerce Cloud.
IaaS examples: AWS EC2, Rackspace, Google Compute Engine (GCE), Digital Ocean, Magento 1 Enterprise Edition*.
referece: bigcommerce
So, technically Pivotal Cloud Foundry is a cloud abstraction framework. It's intention is to wrap preexisting commercial cloud offerings to allow adopters to be protected (to a degree) from solution lock-in (here meaning that, the PCF Cloud API is a mapping and abstraction layer over other cloud delivery systems. It's core advantage is that you can always choose the cheapest provider without needing to rebuild your delivery / deployment infrastructure.
It's basically a re-imaging of the HAL concept (if your familiar with that) but instead of enabling the choice of hardware with a single software solution, it enables choice of cloud.
Main reason for using PCF is to enable a person to advantage from competition. Cloud solution providers want to specifically seek to couple you to their particular flavor of system so it takes alot of effort to change away from them so that they can easily adjust their costs (e.g. increase prices) because customers are sufficiently dependent on their particular service and there is a cost for the customer to switch.
Pivotal may offer a cloud of their own, but the idea of the open source cloud foundry is to not force that choice on the business or consumer.