The best way to stay out of danger is to keep far away from where danger lurks. But in the internet age, the global network means risk to your systems is from everywhere, at all times.
With estimates that worldwide damage from cybercrime will exceed 6 trillion dollars by 2021, many companies choose, or are required by regulations to isolate their most sensitive systems to avoid any type of security breach. Financial services, oil and gas, government, industrial manufacturing, military, and healthcare rely on air-gapped networks to keep their data safe.
For these highly secure on-prem systems, the JFrog DevOps Platform offers a secure air gap distribution solution, now available as part of a self-hosted Enterprise+ plan. Using the signed release bundles of JFrog Distribution, operations teams can safely transfer traceable software releases between disconnected networks.
Delivering Immutable Releases to Air Gap Environments
An air-gapped network of devices can communicate with each other, but cannot communicate with any devices outside of the air gap. This assures that the only things running within these systems have been deliberately installed. As such, installs on an air-gapped system should require verification of secure credentials and an immutable record of provenance.
A JFrog Distribution release bundle provides both, by exporting Artifactory all release artifacts and metadata as a bill of materials, and by signing the bundle with a GPG encryption key. These complete, unchanging export bundles can be transferred by hand from a globally connected system to an isolated network while maintaining enforcement of credentials and full Artifactory traceability.
The JFrog Air Gap Distribution solution requires an Enterprise+ deployment on the development network, where Artifactory enables your staged production of software releases. Another Artifactory or Edge Node deployment must be installed on a machine in the air-gapped network.Using JFrog Distribution, an authorized operator can export a release bundle from Artifactory to an archive file (ZIP file), and download and copy it to an external device such as a USB flash drive. The operator can then import the bundle from that device to the target air-gapped JFrog Platform or Artifactory Edge instance.
Exporting & Importing of Release Bundle Workflow
Distributing release bundles involves the following steps:
- Create and sign a release bundle.
- Export the release bundle as an archive (ZIP file) from JFrog Distribution.
- Download the release bundle.
- Copy the archive to an external device, such as a portable hard drive or USB flash drive.
- Import the archive to the Artifactory node on the air-gapped network.
Importing and exporting your release bundles can be performed using either of these methods:
- Directly from the Distribution page in the WebUI
- Using a set of dedicated export and import REST API commands
Meeting Your Security Concerns
The ability to deliver trusted releases without impacting your isolated environment is paramount to your organization’s security. JFrog Air Gap Distribution provides peace of mind by delivering your software updates without using a network connection keeping your line of defense intact.
See how JFrog Enterprise+ (self-hosted) can help overcome your air gap environment challenges. Check out the JFrog Platform for yourself!