Geekly Articles each Day
📜 ⬆️ ⬇️

Whether it is necessary to move to a hosting in Russia, or Fault tolerance on 242-FZ



Some time ago, a Failover conference was held in Moscow, which was devoted to such an important issue as ensuring the resiliency of online services. A day before the audience 19 speakers spoke, telling a lot of interesting things for developers, testers and operators. We decided that such useful materials should not “gather dust” in the archive and should become the property of an even wider public. And we will start with the speech of Sergey Ryzhikov, entitled “Do I need to move to hosting in Russia, or Fault tolerance for 242-FZ.”

The theme sounds pretty weird. Let's argue about what is at stake. I noticed that when the conversation about transferring hosting to Russia comes, many people start to talk emotionally. Like a doctor who treats his child and cannot make rational decisions. Therefore, first of all I urge you not to give in to emotions and to look at what is happening as far as possible. Around the world today there is a tendency when all states begin to regulate the Internet in its most diverse manifestations. Why is this done and is there anything unusual in it? When does the need to regulate anything ever arise?

When a phenomenon becomes important for people and the state, there is a need for regulation. This is done in order to avoid negative consequences that can have a serious impact on the economy, society, and people's lives. And the importance of the same Internet today is difficult to overestimate. Let's assume that TCP / IP has somehow ceased to function. Your company will be able to continue its activities? Can you do something without an email? Hardly.
')
The activities of government agencies and businesses depend on the functioning of the Internet, which has gradually become an absolutely indispensable component. And there are people, I stress, not only in our country who are responsible for regulating this most important channel of communication.

I will cite as an example such a topic as crimes related to the Internet. Over the past 10 years, I have repeatedly communicated with the various state policing agencies themselves. I watched their evolution, from a complete inability to do something, even when they were provided with all the data up to IP addresses, to a serious adequate response, ability to make a decision and find intruders.

We all - both companies and individuals - are counting on the protection of the state, and it should be able to do this in various fields, including on the web. But regulating the Internet is quite problematic, and the state is constantly trying to figure out how to do it. Surprisingly, in normal conditions, citizens react poorly to regulation on the Internet, but at the same time they easily agree to this after acts of terrorism or large scandals with the loss of personal information. After all, such things clearly show people the scale of what can happen to them.

How is this in the world?


I will give a few examples. Once again, let us discuss this topic calmly and rationally, without considering ourselves as residents of a particular country.

Great Chinese Firewall. It originated in 2003, was blocked by Twitter, Facebook, Instagram, Google+, YouTube, etc. There is an excellent lecture on the website www.ted.com - “ Behind the Great China Firewall ”. From it you can find out how the Chinese live in these conditions, about the national equivalents of all social services, how this internal ecosystem is regulated and works. But such a situation, as in China, is possible with the existence of differences in ideologies.

Germany. Very conservative society. On the one hand, everything is easy, nobody forbids anything, but the law obliges to place servers in countries that comply with the European standard for storing personal data. And these include Canada, Switzerland, Argentina, Guernsey and the Isle of Man (who among you knows about Guernsey without the help of Google?).

In the US, most of the restrictions were introduced after September 11. The president has almost unlimited powers; since 2002, special services have gained access to telephone conversations, electronic correspondence and much more. The law contains very vague wording: "If there is reason to believe that it can be a threat to state security." This can often be interpreted in such a way that no order is needed to request the data stored on the servers. This is such a large-scale phenomenon that large companies simply make access to IMAP for special services.

Law 242-FZ


And what about Russia? Let's remember how the first law appeared, expanding the powers of Roskomnadzor. Everyone feared that many sites would be closed with its introduction, but this did not happen. Why then took the law? Officials from Roskomnadzor emphasized that the law was aimed at building relationships with a number of companies, so that there was some kind of legislative framework that would ensure the legitimacy of certain requirements. And this approach is used throughout the world. That is, the law is always the negotiating position of the state in dialogue with business.

So, from September 1, 2015, we will have to store personal data in Russia. The law contains limitations and exceptions that regulate the procedure for dealing with various data formats. And, of course, there are many unclear formulations. It is not very clear what “personal data” is. Someone will say that this information allows you to uniquely identify. But in the modern world a variety of things can be used to identify people.

For example, in German law there is a very interesting point that data intended for different tasks should be processed separately. This means that it is impossible to use the information collected with the help of one service for any tasks within another service. Let's say you can't use the SMS you sent to determine your location. And such things must be formulated as accurately and unambiguously as possible so that they cannot be bypassed or interpreted in favor of some side.

Consequences of ambiguity and understatement of laws


It is necessary to understand that no serious market participant will agree to work on hacked schemes. The basic rule of all Western companies: "We will comply with the laws of the country, so as not to risk business." But for IT-specialists, it is typical to argue in the key “We will outsmart everyone” For example, let's take the Russian IP, we will make a tunnel and will not transfer any data. How do you guess that they, in fact, are not in Russia? But the state structures compensate for the lack of their own competence by attracting specialists from outside. For example, enter into contracts with companies that do analysis, transcript or some other things.

The second way to circumvent the law is “We will place part of the data in Russia and then transfer it to the“ western ”cloud”. This scheme has not yet received distribution, and large companies prefer not to risk it. In any case, in my opinion this is a temporary solution.

I also want to touch on another aspect that generally goes beyond the law, this is a matter of integrity with customers. We, as IT specialists, traditionally trust in Western IT companies. Customers now began to ask questions about where we store personal data, where our servers are located. Everyone decides for himself - to lie or not. But customers will not tolerate if you do not fulfill the law. It should also be remembered that the degree of your compliance with this law may be reflected in the loss of personal data. If they are stolen from your overseas server and published, you will fall under the distribution for violating the law.

Moving "Bitrix24"


Every time when it comes to this, we are asked one question: “What will you do? You are sitting at Amazon, where will you go? ”More than 70 thousand companies are actively working with the Bitrix24 system every day. We have two data centers in the USA, in the Amazon, they serve North and South America and provide fault tolerance. We also have two servers in Ireland, they serve Europe, Ukraine, Russia, Kazakhstan and Belarus.

We used a simplified architecture, we are actively using the Amazon balancer. In case of failure of one data center, we switch to the second. Data centers operate in master-master mode, they are interchangeable. Cloud files are located in several data centers, bases are in two, web sites are scaled.

For example, in the USA, depending on the load, a cluster can contain 25-40 machines each, in Europe - up to 75, not counting the auxiliary group. This is not much, given that our customers are companies. And to conduct an aggressive pricing policy allows us precisely competent scaling. We pay exactly for the amount of resources that are necessary for the work of our clients at the moment. Therefore, we cannot move to physical equipment and pay a fixed amount, it will destroy our financial model. We will have to either raise prices, or redo something. Therefore, we decided to use two data centers in Russia. Our position - we do not violate the law and do not cheat our customers.

How we chose the provider


We needed providers with at least two data centers so that we could repeat the scheme used today. And we made our balancer before the start of the search for data centers.

It was necessary to decide on what we will be located - on physical equipment or on a virtual system? The last option is closer to us, since we are using it now, in this case, handling is much higher. Even if we switch to hardware, we still deploy our virtual infrastructure from above. Based on this, it was decided to look for a provider capable of providing a virtual layer that is understandable and reliable. We also needed cloud file storage, but with them in Russia is not very good.

What else was critically important?


We are one of the largest Amazon customers in Russia. Unfortunately, we have to migrate, since Amazon has not yet decided to deploy the Russian version of the service. This is their position: “We will not break the law of any country. If legislation changes, we either comply with it, or we leave. ” But we must pay tribute to them, they help us in every way possible to migrate.

So, Amazon has disappeared, as well as all serious players on the market, with the exception of those not represented in Russia. I had to repeatedly adjust the list of requirements. For example, we initially set the condition that the virtualizer must be non-commercial, but almost all use VMware, occasionally there is Xen. There was another requirement that sounded like this: "The company should not be investment." Why? Because if the investment runs out, then the business will end. There were plenty of such examples.

The following criterion: the company must be of medium size, which allows you to maintain the necessary degree of flexibility in making decisions. And this should be its main business focus. We met great providers who, as it turned out, make money on a completely different basis. It was important for us to understand, because the move is hectic, expensive and I want to do it as rarely as possible. We are demanding, capricious customers, but still there are those who have satisfied all our needs. A short list was formed, from which, as a result, a partner was chosen, which we will not name yet.


How are we moving



Once again, I’ll emphasize that we will be divided into regions within the project: domain.com, Brazil, Spain will be located in American data centers (because it is more focused on South America), in Ireland - Germany and Ukraine, and Russia will move the Russian partners.

Thanks for attention! If you have questions, welcome to comments.

Source: https://habr.com/ru/post/259573/

More articles:


All Articles