Feeds

THE GERMANS ARE CLOUDING: New AWS cloud region spotted

eu-central-1.amazonaws.com, aka, your new Amazon Frankfurt bitbarn

Internet Security Threat Report 2014

Amazon looks set to open a data center in Germany, allowing European developers to access Bezos & Co's rentable computer tech with lower latencies.

Evidence first gathered by a manager at a Berlin-based startup and subsequently verified by El Reg indicates that Amazon's next cloud computing data center may be in Frankfurt, Germany. The cloud giant's other European facility is in Ireland.

The new center will give customers in central and Eastern Europe a more responsive lower-latency option when renting AWS resources.

It's also worth noting that Germany has some of the strictest information privacy legislation in Europe, and its citizens, partly due to the troubled history of the country, have a healthy skepticism for anything that looks remotely like mass data gathering by the NSA et al. And, following the revelations by NSA leaker Edward Snowden, there's great concern over who exactly can access their data.

"Keeping data in their own country was most important to German ICT decision-makers (32 per cent of respondents agreeing), followed by the UK (24 per cent) and France (23 per cent)," a recent survey found.

However, given Uncle Sam's determination to delve into data centers operated by American companies – such as Amazon – it is foolish to assume a Germany-based AWS bit barn will be impenetrable to US g-men, whether they have a warrant or not.

Data centers take such a long time to build, though, that Amazon is likely to have been planning the German site, and securing electricity contracts and so on, far in advance of the Snowden revelations.

Amazon has set up the endpoints for all major cloud services in a region named ec2.eu-central-1.amazonaws.com, according to an investigation by Nils Jünemann, veep of operations at Berlin-based startup Bitplaces. Jünemann showed that scanning a block of IP addresses owned by Amazon.com Inc revealed running systems that identified themselves as eu-central-1 servers.

A traceroute performed by him indicated that the new data center will be somewhere near ffm – Frankfurt am Main in Germany.

$ traceroute ec2.eu-central-1.amazonaws.com
traceroute to ec2.eu-central-1.amazonaws.com (54.239.54.4), 30 hops max, 60 byte packets
1 vl500.dcata-b16.as6724.net (85.214.1.22) 2.426 ms 2.410 ms 2.390 ms
2 be16.432.core-b2.as6724.net (85.214.0.156) 0.342 ms 0.340 ms 0.327 ms
3 xe-1-2-0.core-b30.as6724.net (85.214.0.69) 1.283 ms 1.291 ms 1.278 ms
4 bei-b2-link.telia.net (213.248.88.89) 1.265 ms 1.253 ms 1.239 ms
5 ffm-bb2-link.telia.net (80.91.254.228) 19.178 ms
6 ffm-b10-link.telia.net (213.155.134.137) 19.094 ms
7 a100row-ic-306996-ffm-b10.c.telia.net (62.115.46.130) 18.829 ms 18.818 ms 18.807 ms
8 54.239.4.164 (54.239.4.164) 20.768 ms 54.239.4.166 (54.239.4.166) 20.774 ms 54.239.4.168 (54.239.4.168) 19.758 ms

He published his findings on Friday, and by Sunday reported that "Amazon has removed the DNS records for all hosts in the network 53.239.54.0/24 used by eu-central-1 api endpoints."

However, he found that some hosts were still up and, with some OpenSSL and grep magic, found a system that identified itself as dynamodb.eu-central-1.amazonaws using an Amazon SSL certificate.

We've also verified this as well:

If this data center does materialize then Amazon will be faced with the uneasy proposition of battling industrial action from its German warehouse workers with one hand, while keeping its in-country data center admins happy with the other.

“We’re constantly getting feedback from customers on where they would like the next Amazon Region and have a long list of target countries we are looking at," a spokesperson for Amazon told The Register in the past hour.

"We're always re-evaluating and reprioritizing that list and Germany is one of the many countries that we are currently looking at. In the fullness of time you can expect Amazon Regions in multiple major countries around the world.” ®

Internet Security Threat Report 2014

More from The Register

next story
Docker's app containers are coming to Windows Server, says Microsoft
MS chases app deployment speeds already enjoyed by Linux devs
IBM storage revenues sink: 'We are disappointed,' says CEO
Time to put the storage biz up for sale?
'Hmm, why CAN'T I run a water pipe through that rack of media servers?'
Leaving Las Vegas for Armenia kludging and Dubai dune bashing
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
Windows 10: Forget Cloudobile, put Security and Privacy First
But - dammit - It would be insane to say 'don't collect, because NSA'
Symantec backs out of Backup Exec: Plans to can appliance in Jan
Will still provide support to existing customers
VMware's tool to harden virtual networks: a spreadsheet
NSX security guide lands in intriguing format
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.