Embed Size (px)
Citation preview
ISVs & the Salesforce Government Cloud (November 18, 2015) Is your app ready?
Kelli Anderson ISV Technical Evangelist
Forward Looking Statements Safe harbor statement under the Private Securities Litigation Reform Act of 1995:
This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties materialize or if any of the assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results expressed or implied by the forward-looking statements we make. All statements other than statements of historical fact could be deemed forward-looking, including any projections of product or service availability, subscriber growth, earnings, revenues, or other financial items and any statements regarding strategies or plans of management for future operations, statements of belief, any statements concerning new, planned, or upgraded services or technology developments and customer contracts or use of our services.
The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new functionality for our service, new products and services, our new business model, our past operating losses, possible fluctuations in our operating results and rate of growth, interruptions or delays in our Web hosting, breach of our security measures, the outcome of any litigation, risks associated with completed and any possible mergers and acquisitions, the immature market in which we operate, our relatively limited operating history, our ability to expand, retain, and motivate our employees and manage our growth, new releases of our service and successful customer deployment, our limited history reselling non-salesforce.com products, and utilization and selling to larger enterprise customers. Further information on potential factors that could affect the financial results of salesforce.com, inc. is included in our annual report on Form 10-K for the most recent fiscal year and in our quarterly report on Form 10-Q for the most recent fiscal quarter. These documents and others containing important disclosures are available on the SEC Filings section of the Investor Information section of our Web site.
Any unreleased services or features referenced in this or other presentations, press releases or public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make the purchase decisions based upon features that are currently available. Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements.
Agenda
• Introduction to Government Cloud
• FedRAMP Overview
• Application Impact
• Next Steps
What is the Salesforce Government Cloud?
It is similar != to the Salesforce you know
• Separate dedicated Instance Group
• Approved US Government customers only • US federal, state, & local governments
• Government Contactors
• Federally-funded R&D centers
• Supported by approved US citizens
• Tighter security controls
• FedRAMP compliant
Unique Features
What is FedRAMP?
FedRAMP FAQs Q: What is FedRAMP?
A: Government standardized security program for cloud products & services. “Do once, use many times.”
Q: Who are the key players?
A: Agencies
Cloud Service Providers (CSP)
Third Party Assessment Organizations (3PAOs)
FedRAMP PMO
Q: Which FedRAMP authorization does Salesforce’s Government Cloud have?
A: Agency Authority to Operate (ATO)
Q: What does that mean?
A: The Government Cloud is a FedRAMP compliant system and is approved for Agency use.
http://www.fedramp.gov
ISV Partner FedRAMP FAQs Q: Can Government Cloud use ISV Partner apps?
A: Yes
Q: Does Salesforce’s FedRAMP compliancy include partner apps?
A: No
Q: Does Salesforce require ISV app to become FedRAMP compliant?
A: No, however your government customers may require that your app is FedRAMP compliant
http://www.fedramp.gov
Q: How do I become FedRAMP compliant?
A: Review resources at fedramp.gov & contact a 3rd Party Assessment Organization (3PAO)
How does the Government Cloud impact my business?
What you need to know
Feature: Impact: Security Reviewed Apps Only Installs will fail for non security reviewed apps
Access & control restricted
ISV cannot provision org No ‘Login As” functionality No Debug Logs Support cases opened via customer org only
‘My Domain’ required +no access via login.salesforce.com
Test & accommodate unique authentication endpoints
Stricter encryption protocols Test inbound & outbound integrations for compatibility
‘Lock sessions to IP Address’ enabled by default Test & verify your app works as expected
Integration Considerations
1. End users cannot login to login.salesforce.com (Domain required)
2. API clients CAN use login.salesforce.com
1. End users cannot login to login.salesforce.com (Domain required)
2. API clients CANNOT use login.salesforce.com (Domain required)(BT setting)
Ex, error response:
Commercial Cloud w/MyDomain Login Policy Government Cloud
Login.salesforce.com permanently disabled MyDomain only access
How to fix API access?
Commercial Cloud w/login policy Government Cloud
Authorization https://login.salesforce.com/services/oauth2/authorize
https://”domain”.my.salesforce.com/services/oauth2/authorize
Token Request https://login.salesforce.com/services/oauth2/token
https://”domain”.my.salesforce.com/services/oauth2/token
Token Revoke https://login.salesforce.com/services/oauth2/revoke
https://”domain”.my.salesforce.com/services/oauth2/revoke
Accommodate unique endpoints
POST /services/oauth2/token?grant_type=password&client_id=3MVG98SW_UPr.JFj2I.rSRjYnNEtlzwFa4RcfjI2OEGd_.swKhirPe8Xm_rycLR5aEf.lH9elLck1aSGCVcpj&client_secret=247486851595712023&[email protected]&password=partnerp1 HTTP/1.1
Host: login.salesforce.com Cache-Control: no-cache
Postman-Token: 431873dd-496b-edda-e3de-ded3af5a31f9
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW
POST /services/oauth2/token?grant_type=password&client_id=3MVG9NEgrsZAHtHT9EOPIoVfd0n7z.gnbxqhY_vWE3l9ujs079YNaBs.pSlNMqVe6akhD_ztu0HlCTYpJwZR&client_secret=5275577314241050685&[email protected]&password=partnerp12WvmAacyHfoquWX1HGcr8atCUL HTTP/1.1
Host: “mydomain”.my.salesforce.com Cache-Control: no-cache
Postman-Token: 48adccf7-b020-a623-257e-bdd9f38eaf3e
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW
Commercial Cloud w/Login Policy Government Cloud
Rest Example: UN/PW OAuth Flow – Initial Post
{"id":"https://login.salesforce.com/id/00D37000000KqfaEAC/00537000000F12DAAS",
"issued_at":"1438620304269",
"token_type":"Bearer",
"instance_url":"https://’mydomain’.my.salesforce.com",
"signature":"Jd0cAzzbLY5TFdlcjfQcuZuc612ukmHPvU59UCOmXwU=",
"access_token":"00D37000000Kqfa!ARIAQG74lVzeHaM8sk9opwMcSaRNcJfwiyUtH2_gseykqv_KI.2tbv8rqI3eBXnhVUcz2pIUQu5H8jyvZDJNrYRZajif_DIg"}
{"id":"https://login.salesforce.com/id/00Dt0000000GywHEAS/005t0000000DvS4AAK",
"issued_at":"1438620092541",
"token_type":"Bearer",
"instance_url":"https://’mydomain’.my.salesforce.com",
“signature":"EaTD6UHMnvQDbEDK0KhzPDHg2aR26WGY0xAFVWytkIA=",
"access_token":"00Dt0000000GywH!AQIAQOTKcmFlVlZ9BQt8pCtDFs_1cXrl6AUB0gmjzTlw5hTXF2I83rTiP0FP72_e.AW.eke4qEAFDeI0hnRWJGbbp7l1fVWc"}
Commercial Cloud w/Login Policy Government Cloud
Ex: OAuth Response – Same Response Data
Encryption in Transit
Outbound Connections Inbound Connections
Required Encryption: TLS v1.2 Required TLS v1.0, TLS v1.1, TLS v1.2
Error Message: ‘Login failed: Error code: [SOAP-ENV:Client] Reason: [SSL_ERROR_SSL error:1408F10B:SSL routines:SSL3_GET_RECORD: wrong version number]’
Solution: Upgrade server endpoints to support correct TLS version
What should I do next?
Get the Checklist! p.force.com/publicsector --> Resources Tab
Get a Test Org & Test your app! Log a case in Partner Community to get 30 Day Trial Gov’t Cloud Org
What’s your Strategy?
thank y u
