know.2nth.ai tech google demo
2nth × Google Cloud · Johannesburg

Africa-south1.
Operational. Production-ready.

The Google Cloud tier of the 2nth.ai stack is live in Johannesburg. Private compute and serverless containers, POPIA-aligned data residency, and a defence-in-depth architecture that keeps public traffic at the Cloudflare edge and business logic behind a closed door. Built for South African clients who need global-grade infrastructure without sending their data offshore.

Region · africa-south1 Residency · POPIA-aligned Compute · live Serverless · live
01 · Private compute · Live

Virtual machines in Johannesburg. Zero public attack surface.

For workloads that need full operating-system control — legacy applications, GPU work, long-running processes — 2nth runs private Compute Engine instances in africa-south1. Every VM comes up without a public IP address. Administrative access goes through Google's identity-aware tunnel, gated by IAM. No exposed SSH ports. No bastion hosts to maintain. No open attack surface for the internet to probe.

What you get

  • Data stays in South Africa. Every byte of disk, memory, and VM state lives in Johannesburg — POPIA residency by default.
  • No public IPs. VMs are unreachable from the public internet; automated scanners don't even see them exist.
  • Identity-based access only. Every session is tied to a named user or service account, logged in Cloud Audit Logs, auditable down to the command.
  • Right-sized billing. Per-second metering from 2 vCPU shared cores up to 224-core machines. Spot VMs cut cost up to 91% for fault-tolerant work.
  • Three independent zones in africa-south1 (a/b/c) — automatic failover without moving the workload out of the country.

Good fit for: ERPNext / Frappe stacks, self-hosted databases, machine-learning training runs, GPU rendering, legacy .NET or Java applications, anything requiring a persistent filesystem or a custom kernel.

02 · Serverless containers · Live

Cloud Run. From zero to millions of requests. Pay only when used.

For anything that speaks HTTP — APIs, webhook handlers, internal tools, batch jobs, AI inference endpoints — 2nth uses Cloud Run. Ship a container, get a global HTTPS URL. When nobody's calling it, it costs nothing. When traffic arrives, it scales from zero to thousands of concurrent requests in seconds.

What you get

  • Pay-per-request billing. Metered down to 100ms of CPU. No idle-instance cost, no provisioned capacity to over-buy.
  • Scale from 0 to 1,000+ instances automatically. Traffic spikes absorbed without an ops page.
  • Global HTTPS included. Every service ships with a TLS-terminated URL. Custom domains supported.
  • Deploy in minutes. From a Docker image to live URL in under 90 seconds. From source code, similar — Buildpacks handle containerisation.
  • Private by default. Authenticated-only endpoints where the policy allows, callable only by identified services (Cloudflare edge, other Cloud Run services, Pub/Sub push).

Good fit for: REST APIs, GraphQL endpoints, OAuth callback handlers, webhook consumers, scheduled batch jobs, AI model inference, internal admin tools, Gmail/Slack/Meta webhook receivers.

03 · Architecture · Defence in depth

Public edge. Private core. One network fabric.

The 2nth stack separates what faces the internet from what holds your business logic. Cloudflare owns the public surface — TLS, DDoS protection, WAF, bot management, rate limiting, caching. Malicious traffic never reaches compute. Google Cloud holds the private core — application servers, databases, file storage, AI inference. No public endpoints, no attack surface.

The request path

User  →  Cloudflare edge  ────→  Private Cloud Run / Compute Engine  ────→  Private data plane
         TLS · DDoS · WAF        Auth-gated business logic          Cloud SQL · BigQuery · GCS
         Rate limit · Cache      af-south1 (Johannesburg)            All inside the VPC
         Auth at the edge        No public IP                       No public access

Why it matters: automated exploits against your application servers aren't just slower — they're impossible. The public internet literally can't see your compute. Every internal request is authenticated by identity; every external request is filtered at the edge. This is the same pattern hyperscalers use for their own control planes, made available to every 2nth project by default.

04 · Coming next

AI-native. Data-rich. Real-time.

Compute and containers are the foundation. The next layer is what makes modern applications actually useful — frontier AI models, sub-second analytics on billions of rows, real-time event streaming, and managed secrets. All running in the same Johannesburg region, under the same defence-in-depth architecture.

Gemini 2.5 — text, vision, multimodal Claude Sonnet & Opus via Model Garden BigQuery — sub-second analytics Pub/Sub — global real-time events Cloud Storage — SA-regional files Secret Manager — auto-rotated creds

Talk to 2nth

If you're a South African business that needs global-grade cloud infrastructure without the data-residency compromises, we'd like to talk. POPIA-aligned, production-ready, already validated in Johannesburg.

2nth.ai →