As a result the Cloud provider market is currently split into three categories: German corporations (e.g. Telekom) promoting themselves as truly compliant, US corporations with German hosting (Microsoft and Oracle) that self-promote themselves as compliant and US corporations such as AWS and Google that are aggressively attacked by German Cloud providers as violating German consumer protection law.
In the past I personally have lost customers in Germany because my services use App-engine and CloudSQL in Ireland. Thus, I hope Google follows with a German server for their cloud services.
In my personal experience the 'requirement' of some companies that data must be hosted in Germany is their own internal policy rather than something that is prescribed by their reading of the law. However there have been some court rulings where servers hosted in Germany are applied additional restrictions over servers hosted in Ireland.
A lot of this may also have to do with own interests. In the 80s and 90s every EU country wanted US silicon fabs in their underdeveloped regions. Now every country wants hosting farms.
Oh dear god let it be at the EU level. The only way small EU countries full of semi-corrupt conservatives get decent consumer protection law is when it's an EU law.
In this specific case, I think Germany is the only exception, but to me it makes perfectly sense: sensitive personal data like medical records should not circulate outside the country.
Even at EU level, how could Germany as a nation guarantee privacy if data is physically maintained in Ireland, where most of the US companies have offices just because of cheaper taxation...? As a country I would't promise that, and as a citizen I wouldn't trust such a promise (side note, I'm Italian so I have no gain/part into this).
Having a computer on German soil does not mean that
1) the packets themselves will not travel outside Germany (hint: AMS-IX);
2) people interested in the data contained in that computer will not read it, store it, use it outside Germany.
From the technology point of view, country borders do not exist. (Unless you force a country-wide firewall).
If sensitive data must be properly encrypted. Once it is encrypted you can store it everywhere you want.
Unfortunately real-world (meaning, not theoretical) encryption is not perfect, thus the sole fact to encrypt is not sufficient to let you store any data wherever you want. At least not in Germany, and at least not from my pov.
To remain in topic with this specific law, data in transit can exit Germany soil, provided that the recipient gives guarantees on its usage (including not store it). This kind of laws should be seen to regulate sensitive (user) data as managed by (big, multinational) organizations, that are thus required to enforce security for both stored and in transit data.
I understand that this may seem silly, but without such laws the landscape would be way worse (consider, e.g., how many personal data are actually traded across the world for ads reasons).
Yes, but they usually have minimums. Like "Employees must get at least X weeks paid holiday", or "Customers must have a right to return something within at least X days". In countries where X was 0, or there was lots of exceptions, a minimum brings those laws forward.
The prospect of the UK leaving the EU terrifies me.
Then again I tend to be biased against centralisation of power so maybe don't listen to me when it comes to the EU.
Which ones would those be? From an American perspective, they all look like they're full of semi-corrupt liberals ..
What? Sweden and Finland and the Baltic states?
But good try with the stereotyping and the assuming.
That said, I wouldn't be so naive as to trust any government not to be attacking cloud providers, but it's important for companies making decisions to understand the jurisdictions their data will end up being regulated by.
Those regulate how personal data has to be handled within the state and communal administrations. Those regulations concern private businesses in so far as administrative tasks are delegated to the corporate sector.
As long as the NSA can request data from US companies in foreign countries this is not at all compliant with EU Data protection laws at all. Under the current situation ANY US company providing services is not compliant and German companies with sensitive data would be stupid to put this data on US owned servers - wherever they are.
I see it everyday: I work at a company that manufactures running shoes in Germany and the retailers we sell to are mostly small, very competent running stores for enthusiasts - not your average national chain like Runner's Point. However these stores barely have any digital inventory/order/customer management solution, use way overpriced point of sale systems and often resort to fax machines when submitting an order. Well, what I'm trying to say is that there are potential customers for useful niche services left and right. It's just not always very obvious.
What you're doing, looks great though.
Germany is horrible at e-commerce. There are still so many opportunities to "disrupt" this sector.
I remember someone posting in a recurring revenue thread on HN about a similar service for medical doctors some time ago, was that your inspiration?
Edit: and a different linguistic area
Why not? Well, you have to have very standardized services which the customer understands to adopt a booking solution. For example, if you're a customer and can say "I want a 45 minute shoulder massage from Cindy", then Cindy's shop can use a booking platform. Most AR customers can't, because the client can't predict how long a dental appointment last, doesn't know that Joe can't come out to his house unless Frank gets the van back in time, etc etc. This is disproportionately the case for upmarket services businesses, which is where AR is moving. (e.g. We want customers with a $100+ value per appointment -- more "professional services" like accountants/medical/HVAC than "personal services" like hair care/massage therapy/etc.)
(I should mention that, even in the hypothetical case that a HNer were in direct competition with AR, I'd be more than happy to see other options available.)
The problem you've listed (not knowing how long a dental appointment will last) isn't really a problem for a booking system...a dental office with a receptionist scheduling patients will run into the exact same issue and the same rules that the receptionist uses can be programed into a booking engine. The bigger problem for a dental office is that the calendar is locked in a management system that's probably running on a Windows computer somewhere in the office. Maintaining two calendars is almost never going to work and the one in the cloud will never be the calendar of record. Short of going the ZocDoc route and having practices reserve certain spots for appointments booked online (businesses hate doing this), you're always going to run into problems with conflicting appointments. The interesting thing is that most dental practices won't care about conflicting appointments since the only patients that will book online will be new patients and patients that have fallen out of the typical schedule. Everyone else will schedule their appointments with the receptionist at the end of their previous appointment. So most dental practices will happily juggle appointments to fit those specific types of patients into their schedule.
But that's the dental industry and almost every other industry has just as many quirks as the dental industry does, if not more. And that's why the market will most likely be filled with smaller, specialized vendors that target either one or possibly a handful of verticals. I'm betting the winners will be the companies that make the management systems used by the businesses, but that's not happening quickly since most of them are small ISVs that only understand Windows development and think cloud computing is something that meteorologists do.
Legally, all asses are covered, and for 90% that's all that matters, regulatory compliance.
Germany, unlike Ireland, comes with the added bonus that if privacy protection is violated, shit will hit the fan. But that's all it is, a bonus.
Most assume the NSA can get to the data wherever it is, and those very few genuinely worried about that look for protection in encryption rather than legal jurisdiction.
But better latency is something nice to have.
Not at all. Look at the US, which has:
us-west-1 US West (N. California)
us-west-2 US West (Oregon)
ap-southeast-1 - Asia Pacific (Singapore)
ap-southeast-2 - Asia Pacific (Sydney)
Europe (Ireland: 25 ms 27 ms 24 ms
Europe (Frankfurt): 39 ms 39 ms 42 ms
 Hitting ec2.eu-west-1.amazonaws.com vs. ec2.eu-central-1.amazonaws.com.
Or just ignore all that and use route 53 latency based routing for your dns records. It will return the record for the least latent endpoint, per client.
In case anyone cares
Selecting EU (Frankfurt) I get:
Write Throughput: $0.000702 per hour for every 10 units of Write Capacity
Read Throughput: $0.0001404 per hour for every 50 units of Read Capacity
This is strange as every other region has equal pricing for Write (10) versus Read (50).
Also, Frankfurt's Writes would be ~10 times cheaper than Ireland (Write Throughput: $0.00735 per hour for every 10 units of Write Capacity)
Edit: thanks for the replies, it seems that the '/pt/' localized version of the page hadn't been updated yet. I was able to find the informatin on '/en/'.
That brings me to my question: How do you store your data so that you comply with the laws of a country, when you actually export your product to several countries? Having multiple instances of your system seems impractical and sharding data by country across regions could be rather hard. I.e. I am in Canada, we have US clients who desire their data to be in the US and Canadians who want it in Canada. Either we add complexity or someone doesn't get what they want.
Whatever the location, it's still terribly expensive. Just looking at the Internet traffic charges makes my wallet hurt. I could not affort to serve traffic at any volume from AWS. Luckily there are a lot of other options in Germany.
This might have been more important when the first location was chosen than it is now, and latencies in Europe are mostly pretty minimal anyway.
It's not like English is a problem in the Netherlands, but if you absolutely needed native English speakers then London with LINX would have been a much better choice for a datacenter.
> Ireland was probably chosen because of low corporate tax rates.
Perhaps you are right. It just sounds incredibly short sighted if true. That's like, to use notax's example location, locating your startup in North Dakota because the rent is cheap over there.
Amsterdam would have been a much better location with better and cheaper bandwidth from a much larger selection of providers. In addition to better infrastructure, Amsterdam has a wider and deeper talent pool for datacenter talent.
I also have a hard time really buying the tax argument as Facebook and Google have European datacenters outside Ireland and they seem to manage their Irish tax strategy just fine. Even Apple is reportedly eyeing a datacenter in the Netherlands and I doubt they would consider one if it messed with their Irish sandwitch.
> This might have been more important when the first location was chosen than it is now, and latencies in Europe are mostly pretty minimal anyway.
From experience I can tell you that there is plenty of latency to go around in Europe. Part of that is Amazon's dubious choice of location and part of it is their network. Cloudping easily gives you latencies comparable to east coast - west coast ping times when testing from various European location to AWS Ireland.
Unlike popular entertainment would have you believe, Europe in not a country and neither is it the size of a postage stamp. You'd also be advised to consider that previously Ireland was Amazon's closest location to Russia and that in itself is a pretty big country.
Amusingly enough Amazon's Irish location is almost exactly like putting your datacenter in North Dakota as notax quipped.
Just look at this map:
What's not obvious is why Ireland was Amazon's first choice and not Amsterdam which is the premier location with AMS-IX.
In other words I was referring to Amazon's odd first choice in my first message. Sorry if that was unclear.
Logical locations for first batch of EU DCs: Amsterdam, Frankfurt.
Odd locations: Dublin, Frankfurt.
Even starting with London and LINX would have made far more sense than Dublin. Choosing Dublin as your first DC, is like putting your first US DC in some place like North Dakota.
So if youve already got dub and you want to cover more of the map fra makes a lot of sense.
Aye and there-in lies the rub. Frankfurt is a fine second choice and even an excellent first choice. But of all the excellent choices available, why does dubious Dublin have the honor of first choice in AWS EU locations?
It just does not make any sense. Not only it is bad for Amazon, it's very detrimential to AWS users. Given a choice between Dublin and any other major IX location in Europe, I doubt anybody would have chosen Dublin. AWS users just put up with it since they had no choice.
erik_sub 19 hours ago | link [dead]
They are fairly equal. According to self-published statistics AMS-IX is nominally bigger in peak traffic and number of members.
Sources: https://ams-ix.net/ https://www.de-cix.net/about/statistics/
I have many servers in Germany and I am able to offer 4 TB / month per VM at no extra cost.
I'm getting 165 ms from San Francisco to AWS Frankfurt eu-central-1.
Don't see them here or the subforum, yet
1 - The forum post has been updated and now includes a "/16" IP address range for the new Region.
2 - Please consider taking the time to report suspected AWS abuse using the form at http://portal.aws.amazon.com/gp/aws/html-forms-controller/co... .
Some people there will destroy your servers with insane spidering rates.
iptables conntrack helps but there are just too many and eventually the firewall takes more resources than the rest of the services you are providing
Do you deal with generic webpage crawlers that way, or targeted API abuse? Because the first ones can be smoothly shaved away with the help of Cloudflare, for instance.
Can anybody think of any reason for that?
(Maybe it's just me, it's the only missing piece that would stop me from migrating from eu-west-1 to eu-central-1.)
Does anybody know if there are significant differences between Ireland and Germany, concerning things like privacy and copyright protection? Perhaps there are same laws in EU, which are just enforced less in one country?
Yes. Irish data protection law is not as strong as other countries. And the government only care about jobs, and promoting the "smart economy". If big tech companies get annoyed at data protection law, they can tell the government that they'd pull out unless things quiet down. The Irish government don't want to "destroy jobs".
Is there an up to date german side to this story?