The document discusses Salesforce's Government Cloud and the implications for ISV partners. Some key points: - The Government Cloud is a dedicated instance for US government customers that meets FedRAMP security requirements. - ISV apps must be security reviewed to be installed. ISVs cannot directly access or provision orgs. - Integrations may need to be tested to work with the Government Cloud's unique authentication endpoints and stricter encryption protocols. - The document provides resources for ISVs on FedRAMP compliance and outlines next steps for ISVs to get a test org and checklist to ensure their apps are compatible.

1. ISVs & the Salesforce Government
Cloud (November 18, 2015)
Is your app ready?
Kelli Anderson
ISV Technical Evangelist
kelli.anderson@salesforce.com

2. Forward Looking Statements
Safe harbor statement under the Private Securities Litigation Reform Act of 1995:
This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties materialize
or if any of the assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results expressed or implied by the
forward-looking statements we make. All statements other than statements of historical fact could be deemed forward-looking, including any
projections of product or service availability, subscriber growth, earnings, revenues, or other financial items and any statements regarding
strategies or plans of management for future operations, statements of belief, any statements concerning new, planned, or upgraded services or
technology developments and customer contracts or use of our services.
The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new functionality
for our service, new products and services, our new business model, our past operating losses, possible fluctuations in our operating results and
rate of growth, interruptions or delays in our Web hosting, breach of our security measures, the outcome of any litigation, risks associated with
completed and any possible mergers and acquisitions, the immature market in which we operate, our relatively limited operating history, our
ability to expand, retain, and motivate our employees and manage our growth, new releases of our service and successful customer deployment,
our limited history reselling non-salesforce.com products, and utilization and selling to larger enterprise customers. Further information on
potential factors that could affect the financial results of salesforce.com, inc. is included in our annual report on Form 10-K for the most recent
fiscal year and in our quarterly report on Form 10-Q for the most recent fiscal quarter. These documents and others containing important
disclosures are available on the SEC Filings section of the Investor Information section of our Web site.
Any unreleased services or features referenced in this or other presentations, press releases or public statements are not currently available and
may not be delivered on time or at all. Customers who purchase our services should make the purchase decisions based upon features that are
currently available. Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements.

3. Agenda
• Introduction to Government Cloud
• FedRAMP Overview
• Application Impact
• Next Steps

4. What is the Salesforce
Government Cloud?

5. It is similar != to the Salesforce you know
• Separate dedicated Instance Group
• Approved US Government customers only
• US federal, state, & local governments
• Government Contactors
• Federally-funded R&D centers
• Supported by approved US citizens
• Tighter security controls
• FedRAMP compliant
​ Unique Features

6. What is FedRAMP?

7. FedRAMP FAQs
Q: What is FedRAMP?
A: Government standardized security program for cloud products & services. “Do once,
use many times.”
Q: Who are the key players?
A: Agencies
Cloud Service Providers (CSP)
Third Party Assessment Organizations (3PAOs)
FedRAMP PMO
Q: Which FedRAMP authorization does Salesforce’s Government Cloud have?
A: Agency Authority to Operate (ATO)
Q: What does that mean?
A: The Government Cloud is a FedRAMP compliant system and is approved for Agency use.
http://www.fedramp.gov

8. ISV Partner FedRAMP FAQs
Q: Can Government Cloud use ISV Partner apps?
A: Yes
Q: Does Salesforce’s FedRAMP compliancy include partner apps?
A: No
Q: Does Salesforce require ISV app to become FedRAMP compliant?
A: No, however your government customers may require that your app is FedRAMP
compliant
http://www.fedramp.gov
Q: How do I become FedRAMP compliant?
A: Review resources at fedramp.gov & contact a 3rd Party Assessment Organization (3PAO)

9. How does the Government
Cloud impact my business?

10. What you need to know
Feature: Impact:
Security Reviewed Apps Only Installs will fail for non security reviewed apps
Access & control restricted ISV cannot provision org
No ‘Login As” functionality
No Debug Logs
Support cases opened via customer org only
‘My Domain’ required +no access via
login.salesforce.com
Test & accommodate unique authentication endpoints
Stricter encryption protocols Test inbound & outbound integrations for compatibility
‘Lock sessions to IP Address’ enabled by default Test & verify your app works as expected

11. Integration Considerations

12. 1. End users cannot login to
login.salesforce.com (Domain required)
2. API clients CAN use login.salesforce.com
1. End users cannot login to
login.salesforce.com (Domain required)
2. API clients CANNOT use login.salesforce.com
(Domain required)(BT setting)
​ Ex, error response:
Commercial Cloud w/MyDomain Login
Policy ​ Government Cloud
Login.salesforce.com permanently disabled
​ MyDomain only access

13. How to fix API access?
Commercial Cloud w/login policy Government Cloud
Authorization
https://login.salesforce.com/services/
oauth2/authorize
https://”domain”.my.salesforce.com/
services/oauth2/authorize
Token Request
https://login.salesforce.com/services/
oauth2/token
https://”domain”.my.salesforce.com/
services/oauth2/token
Token Revoke
https://login.salesforce.com/services/
oauth2/revoke
https://”domain”.my.salesforce.com/
services/oauth2/revoke
​ Accommodate unique endpoints

14. ​ POST /services/oauth2/token?
grant_type=password&client_id=3MVG98SW_UPr.JFj2I.rSR
jYnNEtlzwFa4RcfjI2OEGd_.swKhirPe8Xm_rycLR5aEf.lH9elLc
k1aSGCVcpj&client_secret=247486851595712023&userna
me=kelli.anderson@domain.com&password=partnerp1
HTTP/1.1
Host: login.salesforce.com
​ Cache-Control: no-cache
​ Postman-Token: 431873dd-496b-edda-e3de-ded3af5a31f9
​ Content-Type: multipart/form-data; boundary=----
WebKitFormBoundary7MA4YWxkTrZu0gW
​ POST /services/oauth2/token?
grant_type=password&client_id=3MVG9NEgrsZAHtHT9EOPIo
Vfd0n7z.gnbxqhY_vWE3l9ujs079YNaBs.pSlNMqVe6akhD_ztu0
HlCTYpJwZR&client_secret=5275577314241050685&userna
me=kelli.anderson@govcloud.test&password=partnerp12Wv
mAacyHfoquWX1HGcr8atCUL HTTP/1.1
Host: “mydomain”.my.salesforce.com
​ Cache-Control: no-cache
​ Postman-Token: 48adccf7-b020-a623-257e-bdd9f38eaf3e
​ Content-Type: multipart/form-data; boundary=----
WebKitFormBoundary7MA4YWxkTrZu0gW
Commercial Cloud w/Login Policy ​ Government Cloud
Rest Example: UN/PW OAuth Flow – Initial Post

15. ​ {"id":"https://login.salesforce.com/id/
00D37000000KqfaEAC/00537000000F12DAAS",
​ "issued_at":"1438620304269",
​ "token_type":"Bearer",
​ "instance_url":"https://’mydomain’.my.salesforce.com",
​
"signature":"Jd0cAzzbLY5TFdlcjfQcuZuc612ukmHPvU59U
COmXwU=",
​ "access_token":"00D37000000Kqfa!
ARIAQG74lVzeHaM8sk9opwMcSaRNcJfwiyUtH2_gseykqv
_KI.
2tbv8rqI3eBXnhVUcz2pIUQu5H8jyvZDJNrYRZajif_DIg"}
​ {"id":"https://login.salesforce.com/id/
00Dt0000000GywHEAS/005t0000000DvS4AAK",
​ "issued_at":"1438620092541",
​ "token_type":"Bearer",
​ "instance_url":"https://’mydomain’.my.salesforce.com",
​
“signature":"EaTD6UHMnvQDbEDK0KhzPDHg2aR26WGY0
xAFVWytkIA=",
​ "access_token":"00Dt0000000GywH!
AQIAQOTKcmFlVlZ9BQt8pCtDFs_1cXrl6AUB0gmjzTlw5hT
XF2I83rTiP0FP72_e.AW.eke4qEAFDeI0hnRWJGbbp7l1fV
Wc"}
Commercial Cloud w/Login Policy Government Cloud
Ex: OAuth Response – Same Response Data

16. Encryption in Transit
Outbound Connections Inbound Connections
Required
Encryption:
TLS v1.2 Required TLS v1.0, TLS v1.1, TLS v1.2
Error Message:
‘Login failed: Error code: [SOAP-ENV:Client] Reason: [SSL_ERROR_SSL error:
1408F10B:SSL routines:SSL3_GET_RECORD: wrong version number]’
Solution: Upgrade server endpoints to support correct TLS version

17. What should I do next?

18. Get the Checklist!
p.force.com/publicsector --> Resources Tab

19. Get a Test Org & Test your app!
Log a case in Partner Community to get 30 Day Trial Gov’t Cloud Org

20. What’s your
Strategy?

21. thank y u