×
Community Blog How Hard Is It To Do Cross-Border Networking? - Friday Blog, Week 52

How Hard Is It To Do Cross-Border Networking? - Friday Blog, Week 52

ICP licenses? Cross-border networking? CDNs? Accessing foreign websites? How do you do all this in China? Learn the basics in today's blog post.

By: Jeremy Pedersen

Doing Business In China: How Hard Could It Be?

Answer: Hard.

There are numerous legal and technical hurdles to overcome when trying to enter the Chinese market. Creating a legal entity, hiring employees, managing payroll and taxes: virtually every one of these processes works differently in China than in most of the rest of the world.

I'm not a lawyer or account, so I can't offer you any advice on hiring your first employee or renting that first office, but I can tell you a thing or two about what it takes to create a website that works in China, reach Chinese users, and integrate IT systems inside China with those outside the country.

Ok, let's jump in!

Setting Up A Website Or Accelerating An Existing One

One of the first hurdles you will face is the ICP Licensing (or Filing) process. China requires every public-facing web service to apply for an "Internet Content Provider" or "ICP" number, typically called a 备案号 ("Bei An Hao") in Chinese.

The process is involved and can be overwhelming for newbies: requirements differ based on the Chinese province or city in which you register your site.

Regardless of where you register, you will need to provide:

  1. Your domain name.
  2. Information about the content and layout of your site.
  3. Registration information for your Chinese entity (company).
  4. Contact details for one or more responsible persons who will be maintaining the site.
  5. Information about the hosting provider that will host the site.
  6. A working Mainland Chinese mobile phone number.

All this information is first passed to your hosting provider (or CDN provider, if you are simply accelerating an existing site hosted outside China). They review it, then pass it to China's Ministry of Industry and Information Technology (MIIT). If approved, you are issued an ICP filing number (which must be displayed on your website). This process typically takes about 20 days.

Because the process is complex and lengthy, Alibaba Cloud offers an ICP filing service to help you through the process, end-to-end.

Are There Different "Types" Of ICP?

Yes, there are two types of ICP:

  • ICP Filing (备案 - Bei An)
  • ICP License (备案证 - Bei An Zheng)

The ICP "Filing" allows you to run a non-commercial site, while the ICP "License" (sometimes called an "ICP Commercial License") allows you to run a commercial website (defined as any site offering goods or services).

In most cases, if you are planning to sell things or accept payments, you need the ICP License, which takes a bit longer and has stricter requirements.

We have a breakdown of the ICP filing / licensing process in the Alibaba Cloud documentation for those who want to know more.

Who Needs An ICP License?

Essentially, you need an ICP filing (or license) for any public, web-facing service you deploy in Mainland China.

This includes:

  • Websites hosted outside Mainland China but accelerated inside Mainland China using a CDN service.
  • Websites hosted inside Mainland China.
  • Web backends or other web-facing services used by Android apps, games, etc... (if the endpoint is inside Mainland China).

You do not need an ICP license if:

  • You are deploying an internal service in Mainland China which will only be used by your employees, and which is accessed from your company network or via a VPN.
  • You are using a leased line, proxy, or some other method to accelerate a service hosted outside Mainland China, but only for your own, internal users (i.e. the service is not available to the public).

Are There Any "Workarounds"?

There is one: host or accelerate your services from Hong Kong.

Hong Kong does not require ICP licenses or filings to set up websites or other web services. This gives you several options if you are just getting started in the Chinese marketplace, and want a fast and easy way to make your website a little bit faster for users on the Mainland.

You can do one of a few things:

  1. Use Alibaba Cloud's CDN service (or a third-party CDN with edge nodes in Hong Kong) to accelerate your site.
  2. Directly host your site in Hong Kong.
  3. Use a tool like Alibaba Cloud's Global Accelerator to create an endpoint (called an "acceleration area") in Hong Kong, and direct traffic from your Mainland China users to that endpoint.

These can all help to accelerate things for Mainland China users without the need for an ICP filing or ICP license.

Accelerating Non-Public Services

What about cases where you need to accelerate systems hosted outside Mainland China, but your target users are your own employees or contractors, rather than the general public?

In this case, you have a few different options for accelerating access. Let's look at a couple of possible scenarios.

Scenario 1: Cross-border Private Networking

You have employees in Mainland China that need access to overseas systems and services from the office or via company VPN:

map_1_drawio

We can enable all of these people to connect using a combination of different tools:

  • Express Connect, to connect our China-based data center or IT systems to Alibaba Cloud via a leased line.
  • VPN Gateway, to allow both IPsec and SSL VPN connections to Alibaba Cloud, for remote workers or branch offices in China.
  • Smart Access Gateway (SAG), for branch offices or remote sites where you want to have an "automatic" hardware-based VPN solution that can be managed remotely.
  • Cloud Enterprise Network (CEN) to connect all those other tools together, and route their traffic to one or more VPC network groups.
  • A third-party reverse proxy outside Mainland China (running on Alibaba Cloud ECS), to forward traffic to the Internet outside China

This enables you to build an architecture like the one below:

cross_border_cen_arch

This gives us almost total flexibility in creating cross-border multinational private networks!

Depending on our needs, we could also vastly simplify the architecture, limiting ourselves to a VPN Gateway + a VPC in China, a CEN cross-border connection, and a reverse proxy in a VPC outside China. This gives us simple, reliable, "straight line" access to foreign web services from within China.

Of course, you need to be in compliance with local Chinese laws and regulations when you do this. Make sure you know what is (and is NOT) OK when using a setup like this.

Woah, I Need Something Simpler!

Maybe you only need to accelerate a single, public-facing web service that is located outside China? In that case, you can simply use Global Accelerator (GA).

Global Accelerator allows you to map a public IP address or domain name outside China (say, in Europe or the US) onto an "acceleration endpoint" nearer to your end-users.

For instance, to accelerate an application for users in Mainland China, you could use a GA endpoint in Hong Kong (if you are not planning to file for an ICP filing/license) or an endpoint within Mainland China (if you have an ICP filing/license).

A standard use-case looks like this (borrowed from the GA documentation):

ga_arch

This is a simpler alternative to the CEN-based architecture because it doesn't require creating your own reverse proxy or setting up VPN Gateways and Express Connect lines. However, because the acceleration endpoint is public, you do need an ICP filing or license, if that endpoint is deployed in Mainland China. This is the key drawback of GA.

Wrapping Up

You now have a good idea of what is required to run web services in China, as well as how you can accelerate cross-border connections into and out of China using a combination of Alibaba Cloud network services.

That's it for this week...see you next Friday!

I've Got A Question!

Great! Reach out to me at jierui.pjr@alibabacloud.com and I'll do my best to answer in a future Friday Q&A blog.

You can also follow the Alibaba Cloud Academy LinkedIn Page. We'll re-post these blogs there each Friday.

Not a LinkedIn person? We're also on Twitter and YouTube.

2 0 0
Share on

JDP

71 posts | 120 followers

You may also like

Comments

HankGu March 18, 2022 at 8:27 am

Thanks Jeremy for the nice write-up, just to add two points1) GA supports whitelisting (configurable via Support engineer at this moment), which can limit the GA endpoint access to certain IPs.2) In Hong Kong and Singapore region, Alibaba Cloud offers EIP Pro, which favorites the connectivity from Mainland China.

JDP March 25, 2022 at 8:28 am

Thanks for the clarification!

JDP

71 posts | 120 followers

Related Products

  • CEN

    A global network for rapidly building a distributed business system and hybrid cloud to help users create a network with enterprise level-scalability and the communication capabilities of a cloud network

    Learn More
  • VPN Gateway

    VPN Gateway is an Internet-based service that establishes a connection between a VPC and your on-premise data center.

    Learn More
  • Smart Access Gateway

    SmartAG provides an end-to-end cloud deployment solution for connecting hardware and software to Alibaba Cloud.

    Learn More
  • China Gateway Solution

    Power your progress in China by working with the NO.1 cloud provider of this dynamic market.

    Learn More