Skip to main content

Using Deploy App in your organization

The core idea of Deploy App is to have software to soldiers and other mission-critical user groups. Our goal is to let each Unit have their own service.

Deploy App's Goals​

  1. User units should be able to easily add, manage and revoke users to their own service easily by their own.
  2. User units should be able to easily start using those services they need.
  3. Due to security, centrality is out of question. Each unit should have their own service, even if we would like to gain data from one unit's service to another's or to a centralized collection.
  4. Starting and offering this service to user units should be modern, that is as replicable and easily manageable as possible.
  5. Solution that offers everything above should be an interface. So that we develop the deployment solution and product teams could develop the products shared, among others, with our solution.

Overview for Utilizing​

(image)

  1. Implement an order intake. Minimal setup: An organization email for service order requests.
  2. Implement an order pipeline. Minimal setup: A pipeline and Terraform to create the resource, deploy the base infra and populate their .envs.
  3. Implement a service for sharing the first-login one-time-passes to designated users. Minimal setup: From your organization order intake email, send the link and OTP to the freshly deployed service to the requesté.

Once implemented, you can deploy new services for troops with ease. Say goodbay to updating and configuring servers by hand.

Limitations​

Max Deployment Age - 3 months​

  • For security reasons, we've hard limited a Deploy App deployment's maximum age to 3 months as a conscious security choice.
    • Limited time reduces the data build-up to a single instance.
    • Limited time also limits footholds that could be gained by advanced threats, as it forces us to completely renew the our service continuously.
  • We recommend you to use even shorter deployment ages. As many applications persist their data in your devices, changing your service is a minutes' operation that greatly improves your cyber resilience. Just teach your users to change your Deploy App servers swiftly.
  • In the future, we might support longer service ages given that we can fulfill the above constraints with confidence.

Your MDM should trust certs issued by your Deployment​

  • At Deploy App v1, user identity is based on mTLS certificates. This means that your Deploy App instance issues mTLS certs to each user.
  • If you utilize a MDM, you have to make your MDM to trust the Deploy App instance(s) you would like to use with devices under that MDM's control. See the guide here.