Last week I migrated our db away from AWS RDS to a European cloud provider. Everything runs fine and we also have it cheaper!
One of our domains is due for renewal in a couple of months. I'm setting up the transfer to a EU registrar for it next week.
This all takes time and it's not the most important thing for the bottom line, but on the long run I'm sure I'll look back and say it was a great investment.
Which one? I've been using DNSimple for so long, been trying to find something equally developer friendly who is based in Europe but haven't had much success. Used to use Gandi before DNSimple but it's obviously down the drain today.
I've been using DNSimple for ages and I'm looking to switch; not because of geopolitical reasons (I'm American), but they're just damn expensive for the simple dns and domain management stuff I use them for.
I use Scaleway as my registrar, I don't know if i can automate domain registration but I don't have to. They have APIs for managing records if you choose to host DNS there too.
OVH is awful. The UI is slow and buggy, operations often fail and you need slow contact with support.
Worse, closing an OVH account is very hard. Every domain you host there they sign you up to several services, and you need to manually disable each one before they let you close the account. This then often gets stuck, because of the broken UI, and you end up needing to badger support over and over until they'll fix it
But their web UI looks and feels like it was pieced together by hamsters. It doesn't leave me feeling confident in their technical abilities in any way.
This is happening in the US firms too. Yesterday, our CTO asked us to look into multi-cloud solutions. We know it is politically motivated decision with no cost savings or benefit.
We went with Hetzner as we already had good experiences with their VPSes. For this particular db migration, a resonably sized VPS with volumes does the job for us. We don't have planet scale operations so the lowish IOPS is not an issue atm. Also, with this experience at hand, I am confident that we'll manage another migration if need be.
Did the exact same thing for a client who's ops we managed on AWS. I was pretty against ditching RDS and a load balanced setup for hetzners load balancer and 3 instances (2 web, 1 db) but honestly, it's been pretty smooth sailing. The sites faster, and costs dropped massively, saving the client approx €900/mo for a better service.
Afaik Hetzner has a couple of server locations in the USA.
Is it correct to say that Hetzner has to comply to US CLOUD Act and therefore give away any data requested?
The one under US jurisdiction operated by Hetzner US LLC must comply, while the German ones are operating under the GDPR, which has extraterritorial clauses can can deny or challenge the request.
The reality is that if you have any interest, company or employees in the US you can be coerced to do anything the US government wants.
Either legally through courts, or through business influence, or through harassment (e.g. hardcore checks from the IRS).
Sorry, Stripe rejects you now because you are high-risk (you have to explain why you refuse to help in criminal cases, though there is a court requesting you).
You don't like to comply to US requests and protect terrorists ?
Any company opting for building digital sovereign systems should build a redundant and decentralized organization so that in worst case the company can split up its operations geographically to avoid being in the crosshairs of any host countries government.
Absolutely, but imagine, Zuckerberg creates a new company:
"Storm" -> "the European end to end encrypted privacy-conscious messenger app"
Now, an US court, requests data from that project to protect an imminent attack where people are going to die.
He refuses, his company refuses, everybody refuses.
Do you think he can evade US justice even if the company is incorporated in the EU ?
Collaborating is the path of least resistance, and as long as you can claim somewhat "we didn't have any choice, we were coerced" then you are fine. This is also why Apple, Google, Meta, NordVPN, etc, are all collaborating with the infamous FBI DITU group.
do you use FDE on your hetzner instances? I couldn't find a guarantee that they properly dispose of block storage so I ended up developing a utility for this https://github.com/mvelbaum/hetzner-fde-toolkit
One of our domains is due for renewal in a couple of months. I'm setting up the transfer to a EU registrar for it next week.
This all takes time and it's not the most important thing for the bottom line, but on the long run I'm sure I'll look back and say it was a great investment.