A modern programming language that makes developers happier.

kotlinlang

My team is running some servers, and our app is moving into some new countries. Those countries (i.e. UK) have customer data laws, where customer data isn't allowed to leave the country, and must be stored in the country.

We have the option of 1. Deploying all of our App servers into each of these regions, or 2. Deploying databases into these regions where the data is stored. My teams server experience is fairly limited, and I wondered if anyone from the community had any thoughts and could weigh in?

You might find the <#C0B8RC352|server> channel a bit more helpful.  All I can say is I share your uncertainty, but it is something I've contemplated.  To me, both options have merit.

Option 1 will likely ensure the lowest latency experience for your customers, but might be more difficult to manage (both from an ops and admin perspective).

Option 2 could be easier for you; you just need to look up the user's data region before accessing the appropriate database.  However, this logic does need to be replicated across every service working with a database containing user data.

Just to add something in case you did not think of it: what happens when a user visits a foreign country?

Regions would be determined not by user, but by organization address. So no matter where you were in the world, you'd still be accessing the same database, not by location of access.

what server provider are you using, or want to use? AWS, GCP, Azure…?

No matter which, in principle you should be able to define a stack using whatever config, and define some $targetRegion variable so the same stack can be deployed into different zones.

Is the data law GDPR, or something more strict? Because I don’t think that GDPR requires data is stored in the same country, but (effectively) only in Europe. A lot of EU companies use AWS Ireland for some reason. Of course things might have changed for the UK since Brexit…

We're using GCP.

Yes we have an automated script that could easily deploy our entire stack in multiple regions. That's not the issue.

Yes, it's GDPR. The company that we're interacting with though is insisting we store the data in the UK. Europe or the UK, either way we have to have multiple regions :disappointed: