Appian Government Cloud (AGC) Overview

This content applies solely to Appian Government Cloud, which must be purchased separately from the Appian base platform.

Introduction

Appian Government Cloud (AGC) is an unclassified platform-as-a-service cloud service offering that has a DoD provisional authorization at Impact Level 5 (IL5). This is the highest level of authorization for unclassified information that can be achieved at the US Department of Defense (DoD).

AGC accelerates the timeline to go live because it has already cleared many of the authorization processes to make sure the applications and underlying infrastructure are secure. This means DoD customers can focus on their mission, knowing that Appian has done the heavy lifting by pre-authorizing a significant portion of the system.

What it is

AGC resides in a Virtual Private Cloud (VPC) within AWS GovCloud IL5 utilizing Federal Information Processing Standards (FIPS) validated GovCloud endpoints.

The AGC accreditation boundary consists of management services (powered by SMX Cloud Assured Managed Services) and the customer's Appian instances in AWS GovCloud. It is a three-tier application made up of redundant web servers, application servers, and databases.

The AGC architecture is segmented within separate, non-routable by default VPCs. The AGC customer environments are built in single-tenant VPCs. Clients do not share the VPCs, meta structure accounts (AWS accounts), cloud native compute, storage, databases, or network instances.

AGC runs on AWS GovCloud (US-West) and delivers dedicated, single tenant environments (development, test, and production) to each customer. It follows a private cloud deployment model where cloud services and infrastructure are dedicated solely to a specific organization or agency.

How it works

We provide the Appian platform and the managed services required to meet the requirements of IL5 and class leading service level agreements.

AGC includes the following services:

  • High availability for the production environment.
  • 1 min recovery time objective (RTO) and 15 min recovery point objective (RPO) service levels.
  • Log streaming.
  • 24x7x365 support for priority 1 and 2 cases.
  • Dedicated VPC.

The customer is responsible for the Secure Cloud Computing Architecture (SCCA), which has the following four components:

  • Boundary Cloud Access Point (BCAP).
  • Virtual Datacenter Security Stack (VDSS).
  • Virtual Datacenter Managed Services (VDMS).
  • Trusted Cloud Credential Manager (TCCM).

Appian meets many of the SCCA functional requirements, but there are shared and customer responsibilities that are detailed in the system security plan (SSP).

Combine AGC with your SCCA, identity provider for DoD CAC integration, and your DoD cybersecurity service provider (CSSP), and you're off and running with your Appian development team to deliver on your mission.

Built on top of the Appian Government Cloud management plane (1), each customer gets its own AWS GovCloud account, for which Appian environments (2) are created, (dev/test/prod) each in their own VPC (3). Each VPC is connected through your provided SCCA (4) to the DoD Information Network (DoDIN) (5).

Learn more

To learn more about AGC, see the Appian Government Cloud Security and Availability whitepaper.

Support and questions

If you need assistance, contact our dedicated Appian Government Cloud support team.

For more information about AGC, email agc@appian.com.

Open in Github Built: Fri, Sep 23, 2022 (01:18:20 PM)

On This Page

FEEDBACK