Google Cloud Platform Breakfast Seminar | Stockholm

CATEGORIES

Events

GCP Breakfast Seminar at our Stockholm Office

With proper governance in place, your business is able to shorten the time to market and start consuming next-generation cloud services, such as Machine Learning. A guest speaker from Google will be presenting the business value that can be achieved with GCP’s advanced Machine Learning tools.

Since 2011, Nordcloud, a Google Cloud Premier Partner, has completed more than 1000 successful cloud deployments. Nordcloud has worked with Europe’s largest enterprises, e.g. most of OMXN40, to harvest the full benefits of the public cloud, such as increased security, agility, scalability and reduced costs.

Check the event agenda and register here.

Date

March 26

Location

Nordcloud
Gamla Brogatan 24
111 20 Stockholm

 

Blog

Challenges of virtual workshops

In March 2020 I was supposed to give a full-day training about Google Cloud Platform fundamentals. Unfortunately two days before...

Blog

Meet us at Microsoft Ignite 2019

Explore the latest tools and technology – join Nordcloud at Microsoft Ignite in Orlando on November 4-8!

Blog

SaaS Business Model and Public Cloud are a Winning Combination for ISVs

Our experts have helped many ISVs to leverage cloud technologies to transition their business from that of a traditional software...

Get in Touch

Let’s discuss how we can help with your cloud journey. Our experts are standing by to talk about your migration, modernisation, development and skills challenges.








OnBoard Kubernetes Engine | Helsinki

CATEGORIES

Events

Join Nordcloud at OnBoard Kubernetes Engine – Helsinki on March 21This free-to-attend, one-day event will provide you with industry best practices and tips to accelerate your ability to design solutions using Kubernetes!

OnBoard Kubernetes Engine | Clarion Hotel Jätkäsaari

OnBoard Kubernetes Engine – Helsinki is a free full-day enablement and training event that will give you understanding of containers and Docker, an overview of Kubernetes Engine technology, deploy to Kubernetes Engine and setting up continuous delivery.

OnBoard Kubernetes Engine has been designed for IT Managers, Systems Engineers and Operations professionals, Developers, Solution Architects and modern business leaders who are exploring cloud solutions or are new to Google Cloud Platform. Leveraging the GCP Kubernetes Engine course, the event will provide you with the technical training you need to get started as well as access to tips and tricks, industry best-practice and questions and answers from the Google Cloud team.

Check the event agenda and register here.

Date

March 21

Location

Clarion Hotel
Tyynenmerenkatu 2
Helsinki, Finland

 

Blog

Challenges of virtual workshops

In March 2020 I was supposed to give a full-day training about Google Cloud Platform fundamentals. Unfortunately two days before...

Blog

Meet us at Microsoft Ignite 2019

Explore the latest tools and technology – join Nordcloud at Microsoft Ignite in Orlando on November 4-8!

Blog

SaaS Business Model and Public Cloud are a Winning Combination for ISVs

Our experts have helped many ISVs to leverage cloud technologies to transition their business from that of a traditional software...

Get in Touch

Let’s discuss how we can help with your cloud journey. Our experts are standing by to talk about your migration, modernisation, development and skills challenges.








OnBoard Kubernetes Engine | Oslo

CATEGORIES

Events

Join Nordcloud at OnBoard Kubernetes Engine – Oslo on March 19. This free-to-attend, one-day event will provide you with industry best practices and tips to accelerate your ability to design solutions using Kubernetes!

OnBoard Kubernetes Engine | Gamle Museet

OnBoard Kubernetes Engine – Oslo is a free full-day enablement and training event that will give you understanding of containers and Docker, an overview of Kubernetes Engine technology, deploy to Kubernetes Engine and setting up continuous delivery.

OnBoard Kubernetes Engine has been designed for IT Managers, Systems Engineers and Operations professionals, Developers, Solution Architects and modern business leaders who are exploring cloud solutions or are new to Google Cloud Platform. Leveraging the GCP Kubernetes Engine course, the event will provide you with the technical training you need to get started as well as access to tips and tricks, industry best-practice and questions and answers from the Google Cloud team.

Check the event agenda and register here.

Date

March 19

Location

Gamle Museet
Dronningens gate 4, 0152
Oslo, Norway

 

Blog

Challenges of virtual workshops

In March 2020 I was supposed to give a full-day training about Google Cloud Platform fundamentals. Unfortunately two days before...

Blog

Meet us at Microsoft Ignite 2019

Explore the latest tools and technology – join Nordcloud at Microsoft Ignite in Orlando on November 4-8!

Blog

SaaS Business Model and Public Cloud are a Winning Combination for ISVs

Our experts have helped many ISVs to leverage cloud technologies to transition their business from that of a traditional software...

Get in Touch

Let’s discuss how we can help with your cloud journey. Our experts are standing by to talk about your migration, modernisation, development and skills challenges.








Tutorial: Setting up AWS in China

CATEGORIES

BlogTech

For the last few months I was working for a customer that had a requirement: an application in AWS Cloud for his global organization, with users in Europe, USA, India and – China.

Yes, China.

We all know, that there is a AWS region in China, but most of us knows exactly this and nothing more. I was on the same page 3 months ago. Since then, I had a lot of fun working with AWS China regions, and in this blog post, I wanted to share my experiences and the curiosities I faced.

But hey, you might ask – why to write a blog post about some specific AWS region? Well, when you login to AWS console on http://console.aws.amazon.com/ , you will see a number of regions you can switch to:

AWS Country Options

But China is nowhere to be seen. Why? Because… well, yes – this is China.

AWS China consists of two AWS regions: in Beijing, operated by Sinnet, and in Ningxia, operated by NWCD.  And yes, both regions are operated by 3rd parties. Amazon Web Services has created technology collaboration with Chinese companies to comply with China’s regulatory and legal requirements, which they couldn’t do on their own.

Let’s take a look at the map:

AWS China regions

(source – Google Maps)

Region in Beijing (2 Availability zones) is in GA since 2014, in Ningxia (3 availability zones) since 2017. The distance between those regions is approximately 1100km.

AWS vs. AWS China: the main differences

You need to understand one thing about AWS China: it is totally separated from AWS global. And when I say separated, I mean it.

  • AWS China has its own different domain, www.amazonaws.cn
  • AWS China has its own AWS support; separate ticketing system, separate personnel. If you were to ask AWS global support a question about AWS China, you will get answer based on documentation available on www.amazonaws.cn.
  • AWS China regions have no direct connectivity with AWS global – with all consequences – so there is no VPC peering between AWS China and AWS global regions. There is no Private link that could use to reach global region. There is no S3 replication that you could launch between S3 in China and AWS global. In fact, S3 is also separated, so if you were preparing for the AWS exam and learned, that AWS S3 namespace is global… well, it is – but China has its own namespace
  • IAM is unsurprisingly also separated: you can’t use a user in IAM global to login to AWS China region
  • Documentation is separated, not just translated
  • AWS China has no access to global Route53 service – obviously you can resolve DNS entries into IPs maintained in global Route53, but there is no Chinese API to global Route53
  • AWS China can’t be simply connected with AWS global region using AWS managed VPN service because, well, in China, there is no AWS VPN service

This is China

Speaking of AWS services, let’s look at what is available in China:

Looks nice and clean, unlike the dozens of services in AWS global, right?

AWS services in China

Yes, that is correct, not all AWS services are available in AWS China. Check here to find out which are and which are not.

There are several crucial AWS services used by yourself daily in AWS global that you probably can’t imagine working without, and are not available in AWS China, such as:

  • KMS & CloudHSM – no encryption, sorry
  • VPN – only the one you build yourself on EC2 Instance
  • EKS & Fargate – no managed Kubernetes
  • AWS Marketplace – so no shopping there
  • Machine learning
  • Cloudfront or Edge locations
  • AWS Certificate Manager & Secrets Manager

Some quite new services such as EFS, SFx, Macie, Elemental, Neptune are also not available. But hey – there is an AWS Snowmobile in Beijing! 😊

OK, so we now we know the differences in using AWS China. How do you use it, then?

Setting up your AWS China account

In AWS Global, all you need to do is to take your Credit Card, go to http://aws.amazon.com/ and open an account. But not in AWS China.

First, you need a legal entity registered in China to open AWS account in China. This is a blocker for most of the people reading this anyway.

Second, you need to decide, whether you need a full access account or whether internal access account is enough. The difference? Internal access means you are not going to serve anything to the external world – all ports to your EC2 instances are blocked, except 22/ssh and 3389/rdp. Also, there is no access to your S3 buckets via http(s) protocol.

The easy answer would of course be “let’s go with full access”, but alas. In China, to serve content on Internet, you need to have either ICP recordal or ICP license. Long story short, these are permits from the Chinese government that are required to host website or serve service over Internet for non-commercial (ICP recordal) or commercial (ICP license) purposes. You can learn more about obtaining a permit in guides like this one by Kendra Schaefer.

You can face “funny” situations, when trying to download a file from your S3 bucket into your EC2 instance within the same AWS account using wget with internal access… it’s not possible. Access via https is not opened even from your AWS resources. Via API (i.e. via cli → aws s3 cp …) it works just fine, though.

The rest should be simple – just go to www.amazonaws.cn and register new account, and setup a root password, right? Hold on… well, not quite.

You will not get root account in AWS China regions. You will get a user with high privileges (let’s call it admin user) to do everything except things that only root can do (i.e. change support level plan – if you would like to do that, email AWS China support).

OK, so you finally have it – after a bit of waiting, which could be days or weeks, depends on your luck –  your new shiny IAM user. Let’s login!

First impressions

First thing to note: when using AWS China from Europe, the console is quite slow. There are better and worse days, but it is significantly slower than the AWS global console.  Well, it needs to travel through the Great Firewall of China, right? Bandwidth is not great, so for example, downloading some files from repositories in US/EU, you should expect transfers ca 10-50KB/s. Console is a bit faster during China’s night hours, which in Europe means after 4 PM.

Anyway – let’s go further. What is the first thing you do after creating new AWS account? Setup MFA for root, oh sorry, admin user. Another surprise: only virtual MFA is supported. Not a big issue for me, but worth noting.

What is the second thing you do after creating new AWS account? Use it. And use it wise, with IaC, Infrastructure as Code. And there you’ll find another surprise, if you would like to use Cloudformation stacks you’ve created for AWS global. ARNs are different in China, specifically Partition in ARN (2nd field). In AWS global they start with arn:aws:…. and in China it is arn:aws-cn:…. You might think that this is not very important… well, consider your Cloudformation templates that are explicitly using ARNs, i.e. IAM roles/policies, such as

ReadOnlyRole:
  Type: AWS::IAM::Role
  Properties:
    AssumeRolePolicyDocument:
      Statement:
      - Effect: Allow
        Principal:
          AWS: !Sub arn:aws:iam::${IAMAccountId}:root
      Action:
      - sts:AssumeRole
      Condition:
        BoolIfExists:
          aws:MultiFactorAuthPresent: "true"
   ManagedPolicyArns:
   - "arn:aws:iam::aws:policy/job-function/ViewOnlyAccess"
   RoleName: !Sub "${AWS::AccountId}@ReadOnly"

You will need to change those ARNs from aws to aws-cn.

That would be it – now you have your AWS account in one of AWS China regions, and it’s time to use it!

AWS China: the essential checklist

  • Service API endpoints are different – so for example instead of ec2.amazonaws.com there is ec2.amazonaws.com.cn, but there are inconsistencies – i.e. when configuring IAM trust policy, ec2.amazonaws.com.cn exists, but there is no vpc-flow-logs.amazonaws.com.cn – instead, there is vpc-flow-logs.amazonaws.com
  • Speaking of endpoints – those are the supported VPC endpoints
    • Codebuild
    • DynamoDB
    • ECS / ECS-AGENT / ECS-TELEMETRY
    • S3
    • SNS
    • but no EC2 VPC endpoint, believe it or not…
  • Switching IAM roles in AWS Console is not available – get used to URLs that you copy and paste in the browser: https://signin.amazonaws.cn/switchrole?account=account_id_number&roleName=role_name&displayName=text_to_display
  • Usually, when there’s a service, it’s compatible with AWS global service. But not always: for example there is AWS config, but ConfigurationAggregator is not available. Good luck with gathering logs from all Regions/Accounts… as a good practice – always test a service in AWS China to make sure all features you require are there
  • No AWS Organizations in AWS China, but consolidated billing is there
  • There is an access from AWS China EC2 instance to global API endpoints (via https & Internet)
  • You won’t be able to copy AMI from AWS global region
  • Some EC2 instance types are not available in China – like t3, c5, m5
  • Although you can’t use AWS managed VPN, you are allowed to use VPN on EC2 instance to establish an encrypted tunnel between AWS China and AWS global region, as long as this VPN is used only for your internal use… But this may be a topic for a blog post of its own 😊

Apart of that… it simply works 😊 It’s AWS after all, right?

Blog

Challenges of virtual workshops

In March 2020 I was supposed to give a full-day training about Google Cloud Platform fundamentals. Unfortunately two days before...

Blog

All at sea in cloud migration? These 7 considerations might just save you

1) We moved all our Servers into the cloud, nothing appears to have changed, where’s the benefit? The cloud won’t...

Blog

Stop murdering “Agile”, and be agile instead

“Agile Macabre” on techcamp.hamburg, Apr-2020 I’ve been leading projects since 2002, becoming a full-blown agilist around 2011. Not so long...

Get in Touch

Let’s discuss how we can help with your cloud journey. Our experts are standing by to talk about your migration, modernisation, development and skills challenges.








Financial Times recognises Nordcloud as one of Europe’s fastest-growing companies 2019

CATEGORIES

BlogInsightsNews

Europe’s Fastest Growing Companies by Financial Times and Statista is a list of the top 1000 companies in Europe that have achieved the highest percentage growth in revenues between 2014 and 2017.

This is the third year in a row the FT1000 has been published. According to the Financial Times, this years ranking shows that technology remains king. The listing evaluated 1000 different growth companies in 27 European countries from 37 different industry verticals.

 

“To be part of this prestigious list is evidence of our strong growth focus and wide-ranging expertise in powering up our customer´s cloud journey,” says CEO, Jan Kritz.

“Over the past 3 years, we have expanded to 10 European countries and our expert team has grown by over 1000% to current level of 420. And our growth continues.

Our software, our focus in an agile way of working and our skilled cloud experts are key to us in delivering the best possible outcome for our clients, on their digital journey

 

The complete FT1000 list of Europe´s fastest growing companies can be found here. More FAQ´s about FT1000 can be found here.

Blog

Challenges of virtual workshops

In March 2020 I was supposed to give a full-day training about Google Cloud Platform fundamentals. Unfortunately two days before...

Blog

All at sea in cloud migration? These 7 considerations might just save you

1) We moved all our Servers into the cloud, nothing appears to have changed, where’s the benefit? The cloud won’t...

Blog

Getting started with ARO – Application deployment

This is the fourth blog post in a four-part series aimed at helping IT experts understand how they can leverage...

Get in Touch

Let’s discuss how we can help with your cloud journey. Our experts are standing by to talk about your migration, modernisation, development and skills challenges.