Salesforce Government Cloud: Technical Overview (June 17, 2015)
-
Upload
salesforce-partners -
Category
Technology
-
view
193 -
download
0
Transcript of Salesforce Government Cloud: Technical Overview (June 17, 2015)
Trusted Cloud Computing Andrew Randall Success Architect, Public Sector [email protected]
Safe Harbor Safe harbor statement under the Private Securities Litigation Reform Act of 1995:
This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties materialize or if any of the assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results expressed or implied by the forward-looking statements we make. All statements other than statements of historical fact could be deemed forward-looking, including any projections of product or service availability, subscriber growth, earnings, revenues, or other financial items and any statements regarding strategies or plans of management for future operations, statements of belief, any statements concerning new, planned, or upgraded services or technology developments and customer contracts or use of our services.
The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new functionality for our service, new products and services, our new business model, our past operating losses, possible fluctuations in our operating results and rate of growth, interruptions or delays in our Web hosting, breach of our security measures, the outcome of any litigation, risks associated with completed and any possible mergers and acquisitions, the immature market in which we operate, our relatively limited operating history, our ability to expand, retain, and motivate our employees and manage our growth, new releases of our service and successful customer deployment, our limited history reselling non-salesforce.com products, and utilization and selling to larger enterprise customers. Further information on potential factors that could affect the financial results of salesforce.com, inc. is included in our annual report on Form 10-K for the most recent fiscal year and in our quarterly report on Form 10-Q for the most recent fiscal quarter. These documents and others containing important disclosures are available on the SEC Filings section of the Investor Information section of our Web site.
Any unreleased services or features referenced in this or other presentations, press releases or public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make the purchase decisions based upon features that are currently available. Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements.
• Introduction to Government Cloud • Government Cloud - Unique Technical Aspects • Additional Available Resources
Agenda
Multi-tenancy Innovation is the Core of Our Enterprise Cloud
Trusted Enterprise Security Always on Availability Performance at Scale Application Innovation Continuous Improvements
Single-Tenant vs. Multi-Tenant Architecture
Single tenancy gives each customer a dedicated software stack – and each layer in each stack still requires configuration, monitoring, upgrades, security updates, patches, tuning, and disaster recovery.
On a multi-tenant platform, all applications run in a single logical environment: faster, more secure, more available, automatically upgraded and maintained. Any improvement appears to all customers at once.
Shared infrastructure
Other apps
Server OS
Database App Server
Storage Network
App 1
Server OS
Database App Server
Storage Network
App 2
Server OS
Database App Server
Storage Network
App 3
10 Years of Government Adoption and Success 23 of 23 CFO Act Federal Agencies
45 Out of 50 States
More than 100,000 Success Stories
2005
2014
2007 2008 2009
2011
2012
2013
2010
2006
2015
Government Cloud Success Is Built on Trust
FedRAMP (SaaS & PaaS) Moderate Impact Level
Secure
trust.salesforce.com
Trusted
2.1 Billion Transactions per day
Proven
For U.S. Government customers only
Dedicated databases and supporting pod infrastructure
Secure software access controls to separate customer data
Located in two U.S. production data centers
U.S. Based U.S. Citizens w/ Tier 3 MBI
government cloud
Identical core hardware
Identical core code base
Multitenant infrastructure shared w/ commercial clients
Multitenant infrastructure shared w/ government clients
128-bit or 256-bit (RC4) encryption in transit (TLSv1.0/SSL 3.1)
FIPS 140-2 validated 128-bit or 256-bit AES encryption in transit (TLSv1.2)
128-bit AES Encrypted Custom Fields FIPS 140-2 validated 128-bit AES Encrypted Custom Fields
Worldwide follow the sun support Support provided by US based, US citizens
Backup to tape Backup to disk
ISO 27001, SOC 2, PCI, HIPAA ISO 27001, SOC 2, PCI, HIPAA and FedRAMP
Premiere+ Support not included
Premiere+ Support included
government cloud
• My Domain • Encryption in Transit • Packaging • Application Security – Code Analysis • New Government Cloud Features
Government Cloud - Unique Technical Aspects
• My Domain - Is required for all organizations on Government Cloud • A custom domain name for login and authentication with your Salesforce organization
(https://<mydomain>.my.salesforce.com)
• Unique Aspect - End users and API users are not able to connect via login.salesforce.com or test.salesforce.com. All connections require the use of https://<mydomain>.my.salesforce.com
• Impact - Solutions require the ability to add/update the My Domain as a connection configuration for integrations with Salesforce
My Domain
• Outbound Connections (Call-outs) – • Requires TLSv1.2 with AES128-SHA or AES256-SHA
• Inbound Connections (Call-ins) – • Supports TLSv1, TLSv1.1, and TLSv1.2 using the following encryption
options: • AES256-SHA256 (TLSv1.2 only) • AES256-SHA
• AES128-SHA256 (TLSv1.2 only) • AES128-SHA • DES-CBC3-SHA (aka 3DES)
• No version of SSL (e.g. SSL3) is supported
Certificates and Ciphers Encryption in Transit
Source Destination Package Type Commercial Cloud Government Cloud
Government Cloud Managed ✔ ✔
Unmanaged ✔ ✔
Commercial Cloud Managed ✔ ✔*
Unmanaged ✔ ✖
Future Roadmap State Cross Cloud Compatibility Matrix for Packaging
*Requires completion of the Salesforce Security Review, https://developer.salesforce.com/page/Security_Review
Government Cloud to Commercial Cloud Government Cloud Packaging – Current Process
1. Create Package
government cloud
2. Contact Support
commercial cloud
3. Available for Installation
Government Cloud to Commercial Cloud Government Cloud Packaging – Future Process
1. Create Package
government cloud commercial cloud
2. Available for Installation
Automatically Enabled
Application Security - Code Analysis
• Salesforce Source Code Scanner is not available for the Government Cloud
• http://security.force.com/security/tools/forcecom/scanner
• Alternative Options • Checkmarx - https://www.checkmarx.com/ • WebInspect -
http://www8.hp.com/us/en/software-solutions/webinspect-dynamic-analysis-dast/
• Analytics Cloud • Platform Encryption
GA Commercial Cloud Features coming to the Government Cloud New Government Cloud Features
• Partner Success Community • Public Sector Group -
https://partners.salesforce.com/_ui/core/chatter/groups/GroupProfilePage?g=0F9300000009MIh
• Trust – our public pages on availability, performance, and security • https://trust.salesforce.com
• Vulnerability Assessment and Penetration Test • https://help.salesforce.com/apex/HTViewSolution?urlname=Vulnerability-Assessment-and-Penetration-
Test&language=en_US
• Salesforce Administrator and Developer Training • Trailhead - https://developer.salesforce.com/trailhead
Additional Resources