AWS for Industries

Application Deployment Strategies on Amazon Web Services in China

Background

Since 2008, the automotive industry in mainland China has been the world’s largest in terms of automobile unit production. Following the economic reforms of the 1980s, most global automakers operate in China through joint ventures. These global automakers, using cloud services like Amazon Web Services (AWS) outside of China, face the challenge of developing a uniform and streamlined application deployment strategy within China that aligns with the rest of the world (RoW) and complies with Chinese regulations. To address this issue, AWS global automotive customers must develop a strategy that includes assessing the technical feasibility of deploying applications in China, considering the availability of AWS services, operations and compliance.

This blog post provides an overview of the operation model of Amazon Web Services China regions and describes different application deployment strategies that customers can use in China.

Operation model of Amazon Web Services China regions

AWS has a global network of data centers and infrastructure. The Amazon Web Services regions in mainland China are isolated and operated separately from other AWS regions. The Amazon Web Services China (Beijing) Region and Amazon Web Services China (Ningxia) Region are the two Amazon Web Services regions located within mainland China. To provide the best experience for customers in China and to comply with China’s legal and regulatory requirements, AWS has collaborated with local partners in China with proper telecom licenses to deliver cloud services. The service operator and provider for the Beijing Region is Beijing Sinnet Technology Co., Ltd. (Sinnet), and the service operator and provider for the Ningxia Region is Ningxia Western Cloud Data Technology Co., Ltd. (NWCD). These local partners operate and provide services of Amazon Web Services China regions to local customers, while AWS provides its industry-leading technology, guidance, and expertise to NWCD and Sinnet.

Customers who wish to use resources in Amazon Web Services China regions are required to create an Amazon Web Services China account. An Amazon Web Services China account is distinct and separate from any AWS account that customers may have in AWS regions outside of mainland China. Chinese customers’ data is stored in infrastructures that are physically located in mainland China, controlled by Sinnet or NWCD. Both Amazon Web Services China regions have three Availability Zones and have completed validation of their respective standard compliance capabilities through independent third-party assessments. These include the multi-level protection scheme MLPS Level III Assessment (with the MLPS certificate issued by the Public Security Bureau), as well as TRUCS Certification, ISO series Certification, and TISAX Certification, among others. For the latest information about the certification status of the Amazon Web Services China Regions, visit Amazon Web Services China Compliance and check detailed compliance information about Beijing Region and Ningxia Region.

Although the Amazon Web Services China Regions require a separate login, customers enjoy similar console experience to that of other AWS regions. Developers can use similar APIs, SDKs, and CLIs that are found in other AWS regions, allowing code to be written once and deployed globally. Local operations support via AWS Support and AWS Professional Services are also available to all customers using Amazon Web Services China regions.

The Amazon Web Services China team provides customers with local partner engagement, collaborating with thousands of AWS Partners in China, from consulting and technology partners, to System Integrators (SIs) and Independent Software Vendors (ISVs), who provide both global solutions and local industry vertical solutions. Amazon Web Services Marketplace China operated by NWCD, now offers more than 150 software products across several categories such as operating system, security, network infrastructure, big data, and business analytics.

Customers, including those in the automotive industry, have successfully implemented applications using AWS services in the Amazon Web Services China regions, establishing cloud-native solutions, connected vehicle platforms, and data lakes, as highlighted in our customer success stories.

Application strategy options in China

A customer’s application strategy in China may vary based on their business requirements, including non-functional requirements such as data residency, latency, disaster recovery objectives and compliance to Chinese regulations. Cybersecurity Law (CSL), Data Security Law (DSL) and Personal information protection Law (PIPL) are the three major laws of China’s cybersecurity and data protection legal regime. The following section details examples of approaches customers can consider when designing and deploying their applications in the China regions.

Option 1 – Fully cloud-agnostic approach through containerization

A fully cloud-agnostic approach is commonly associated with containerizing applications relying less on AWS services across all regions, including China. The containerized solution can be deployed on AWS for the RoW and operated in any environment, whether cloud-based or on-premises, within China. Containerization provides a lightweight encapsulation of any application by packaging the software code with just the operating system (OS) libraries and dependencies required to run the code, creating a single lightweight container that runs consistently on any infrastructure. However, not all applications benefit from containerization. For instance, databases and many third-party Business Intelligence (BI) and analytics reporting tools do not support containerization. The major drawback of a fully-containerized approach is that applications cannot take advantage of managed, purpose-built AWS services, such as AWS IoT services, AWS storage services, and AWS Analytics services.

Option 2 – Separate solutions for China and RoW

Separate solutions can be devised for applications: one for RoW that fully harnesses AWS services, and another for China, employing a customized solution specific to the China region. This customized solution can be deployed on Amazon Web Services in the China region, aligning with the customer’s local strategy, local partners and available go-to-market offerings by ISVs. However, creating a separate solution for China may not be ideal for a customer managing a global application. This strategy could lead to overhead due to the need for additional resources for development, management, and support. Additionally, establishing separate regional teams for each solution could increase operational complexity and costs.

Option 3 – Unified global solution for China and RoW

Customers may consider using the same solution for China and RoW, which can help ensure a more uniform and standardized core application solution for both regions. Deploying the application on Amazon Web Services China regions entails the customer’s strategic use of services, with an emphasis on services and features available in China. This approach leverages AWS benefits while providing a strategy to navigate limited-availability of specific AWS services in China regions. Refer to the regional table for China region that outlines the services and features available in China.

In cases where a required AWS service is not available in China regions, the strategy is to identify an equivalent service that serves the same function and can seamlessly integrate with the overall solution. For example, if Amazon Textract (providing Optical Character Recognition (OCR)) is not available in China regions, an alternative solution like AI Solution Kit in China regions, could be used so the overall solution remains intact. For specialized AI/ML services such as Amazon Rekognition or Amazon Lookout services that are not currently available in China regions, a viable substitute may involve developing custom ML models trained using Amazon SageMaker.

Such architectural adaptation is facilitated by designing and architecting solutions in a modular manner, decoupling components so that individual elements can be replaced or swapped with local solutions without disrupting the entire solution. This approach helps enable a more seamless adaptation to regional variations in service availability, and encourages the exploration of hybrid architectures. In such architectures, specific components of the global solution can be integrated with locally available partner solutions available in the China regions.

Option 4 – One central solution on AWS in Global region

Web applications hosted in a single AWS Region selected by the customer can be accessed worldwide, but latency issues can negatively affect performance and the user experience. Applications that do not have a data residency requirement in China and are not latency sensitive can use a central solution deployed in the global region (e.g., Americas, Europe, Asia-pacific excluding China) and application users in China can be routed to access the global solution using reverse proxies.

To enable cross-border connectivity and establish a low latency link between either the Amazon Web Services China (Beijing) Region and Amazon Web Services China (Ningxia) Region, and another global AWS Region, we recommend a third-party AWS Marketplace solution that relies on AWS Direct Connect partners. Through Direct Connect connections, reverse proxy servers route users in China to appropriate resources in global region with low latency. By adopting this solution, customers may, on their own, choose to connect two Amazon Virtual Private Clouds (VPCs) between Amazon Web Services China regions and global regions using a partner-offered hosted connection for their internal use. For example, China Telecom and China Unicom, both AWS Direct Connect partners, offer this solution through AWS Marketplace. Considering overall Chinese customer experience and the requirements of current and future regulations in China, it is recommended to deploy workloads targeted at Chinese end users within Amazon Web Services China regions.

Conclusion

Amazon Web Services has laid a solid foundation for business continuity in China with robust infrastructure, collaboration with local operating partners, an extensive partner network, and a broad range of global connectivity options inside and outside of China. The preferred strategy for application deployment in China is often a unified solution that maintains a standard application core for both RoW and China (as described in Option 3). This approach ensures consistency, makes full use of AWS’s services where available and minimizes the complexities of managing separate systems, thereby reducing operational overhead. To learn more about Amazon Web Services China, review Amazon Web Services in China (amazonaws.cn) or contact your AWS team for tailored support in developing an effective application strategy in China.

Chandana Keswarkar

Chandana Keswarkar

Chandana Keswarkar is a Senior Solutions Architect at AWS, who specializes in guiding automotive customers through their digital transformation journeys by using cloud technology. She helps organizations develop and refine their platform and product architectures and make well-informed design decisions. In her free time, she enjoys traveling, reading, and practicing yoga.