We’ve been using Google App Engine at Pulse since 2010, back when we had only one backend engineer. In that time, App Engine has served us very well. There are many things Google App Engine does very well; the most obvious advantage is saving us lots of Ops work and letting us stay focused on our application. Over the last two years, it has grown with us both in terms of scale (from 200k users, to 15M+) and in terms of features.

As I’m writing this post (from Google I/O 2012), I’m happy to report that App Engine continues to grow with us. This year, Google’s App Engine team has announced that they are fixing our number one wish list item! They have also started addressing several other important concerns. For some context, here is Pulse’s App Engine wish list as of about a month ago.

1. SSL support for custom domains
2. Faster bulk import & export of datastore data
3. Faster datastore snapshotting
4. Tunable memcache eviction policies & capacity
5. Improved support for searching / browsing / downloading high volume application logs
6. Faster (diff-based) deployment for large applications
7. Support for naked domains (without www. in front)
8. Unlimited developer accounts per application

Barb Darrow from GigaOm published part of this list earlier this week (before I/O started). Check out the article Google App Engine: What developers want at Google I/O to see more common wish list items from other developers.

As of yesterday, (with the release of SDK version 1.7.0), SSL for custom domains is now officially supported either via SNI for $9/month or via a custom IP for $99/month. This means that you can now host a domain like www.pulse.me on App Engine and support https throughout your site. Previously it had only been possible to use http with your domain, and any secure transactions had to be routed to the less appealing xxxxx.appspot.com domain. This meant you had to break the user’s flow or use some complicated hacks to hide the domain switching. Now it is finally possible to present a seamless, secure experience without ever leaving your custom domain.

There were many other great features released with 1.7.0 (see the link above). As for the rest of our wish list, here’s how it stands now!

1. SSL support for custom domains
   – Supported now!
2. Faster bulk import & export of datastore data
   – Update 2: App Engine Datastore: How to Efficiently Export Your Data
3. Faster datastore snapshotting
   – Update 3: The internal settings for map reduce-based snapshotting have been increased to use 256 shards. It’s actually pretty fast now! Still hoping for incremental backups in the future.
4. Tunable memcache eviction policies & capacity
   – I hear that we will soon be able to segment applications and control capacity. Eviction policy controls are likely to take longer.
5. Improved support for searching / browsing / downloading high volume application logs
   – It was announced that this is coming very soon!!
6. Faster (diff-based) deployment for large applications
   – Update 4: This is supporting and working for us now!
7. Support for naked domains (without www. in front)
   – Pending. No ETA.
8. Unlimited developer accounts per application
   – This is now supported for premier accounts!

Let me know in the comments if you have any questions about these or want to share some of your wish list items. I’m always happy to discuss App Engine issues with other developers.

Update: Just now, at the second Google I/O keynote, Urs Hölzle has announced Google’s push into the IaaS space with Google Compute Engine. It should be interesting to see if this offers serious competition to Amazon’s EC2 for future Pulse systems and features. 771886 cores available to the demo Genome app was pretty impressive! I’ll post here and/or at eng.pulse.me when we get a chance to try it out!

In order to support SSL for a simple Tornado server on EC2, a certificate is required. This process seems harder than it should be, so I thought I’d share the process that recently worked for me.

There are several tradeoffs to consider:

• Certificate Authority (CA) Reputation (‘Self Sign’ – VeriSign)
• Price (Free – $3000/year)
• Domain Coverage: (Single, Multi, Wildcard)

After considering these options and reading about other people’s experiences, I concluded that GoDaddy is the least expensive, reasonably well respected CA. At GoDaddy the wildcard option is 15 times as expensive as the standard single domain certificate (with discount), so it’s a better deal to buy single domain certs even if you need a few.

Steps I took:

1. Search Google for GoDaddy SSL deal.
2. Login to GoDaddy and buy a single domain certificate for $12.99/year.
3. Go to ‘My Account’, click SSL Certificates. Activate your purchased token. Wait a few minutes.
4. Configure your cert. Choose “Third party server”. Provide a Certificate Signing Request (CSR) for your domain (see below).
5. Download the cert. Use the cert along with your .key file from the CSR generation process to setup SSL on your server(s).

Continue Reading »