Salesforce.com has received the authority to operate (ATO) on its new Government Cloud, both for platform-as-a-service (PaaS) and software-as-a-service (SaaS). With the ATO, granted under the Federal Risk and Authorization Management Program (FedRAMP), federal agencies will have one location for all their cloud products and services.
GovCloud is built on Trust and has all the necessary certifications needed to deploy a solution for a Federal Government Agency
But for many Application Developers, when they deploy their application on GovCloud, it fails and there is very little information available about what needs to be done to make your application. Here are some of the key pointers that you need to make sure your application supports to make it GovCloud compatible
- GovCloud requires you to use My Domains.End users and API users will no longer be able to log into salesforce via login.salesforce.com and will be required to login via https://<mydomain>.my.salesforce.com If your application is pushing data into Salesforce then you will need to add settings into your application so that customers can setup their domain name and your application will need to check weather my domains are available or not and then use appropriate option to login into Salesforce.
When connecting to the Govt Cloud, some third-party integrations may produce an SSL version error like :
Login failed: Error code: [SOAP-ENV:Client] Reason: [SSL_ERROR_SSL error:1408F10B:SSL routines:SSL3_GET_RECORD: wrong version number]
Please be sure that the integration is set to use an acceptable instance-specific or My Domain URL as described here. Also for inbound connections to the Govt Cloud, Salesforce support TLSv1, TLSv1.1 and TLSv1.2 using the following encryption options:
- AES256-SHA256 (TLSv1.2 only)
- AES128-SHA256 (TLSv1.2 only)
- DES-CBC3-SHA (aka 3DES)
- You can not deploy un-managed packages on GovCloud even if its the package that you have developed yourself. In order to deploy an un-managed package, you will need to open a ticket with Salesforce support to get your un-managed package certified.
- Call outs (ie: outbound connections) from salesforce require TLS v1.2 AES128-SHA, TLS v1.2 AES256. The Govt Cloud infrastructure also requires TLS 1 or greater (depending on cipher used – see list below); no version of SSL (e.g. SSL3) is supported. Any integration or other API tool that attempts to connect to the instance with SSL will fail and will need to be configured to use TLS instead.
If you require support, please contact us and we will be glad to help.