At GitHub Universe ‘24, a new product was revealed—GitHub Enterprise Cloud (GHEC) with data residency to answer customer needs.
In this blog post, we pick apart the product, answering what it is, who it’s for, how it ties into GitHub’s vision, and how to get it.
What is data residency in GitHub Enterprise Cloud?
In a nutshell, the new offering from GitHub is a separately hosted GitHub Enterprise Cloud instance with Enterprise Managed Users (EMUs) in Azure with a region lock.
If you’re not familiar with GitHub Enterprise Managed Users, here’s a quick summary: EMUs allow organizations to centrally manage GitHub accounts via their identity provider, enforcing enterprise-level policies, access controls, and governance, while integrating with SSO and SCIM for automated user provisioning and de-provisioning.
For current subscribers of GitHub Enterprise Cloud, the managed user experience is optional, but for GitHub Enterprise, it will be an integral part of the product, providing an extra firewall between your business and the rest of GitHub.com.
This is the answer many of our customers who are using GitHub Enterprise Server or some other self-hosted product have been waiting for.
The challenges of GitHub
To understand why it took GitHub over 15 years to have a data residency option, we must look at GitHub’s original core vision of “connecting developers with the code of the world together.”
The GitHub Cloud product has been fundamentally designed to aggregate the vast data sets of developers and code into a single set with fluid experiences that respect customer isolation boundaries.
Most products only ever need to access a single set of data to provide functionalities. For example, your Office 365 only needs to access your data and never someone else’s. This makes setting a geo region fairly easy, as the product is the same across all possible geo regions. For GitHub, this does not hold true.
If GitHub had built data residency into its core product, the situation would have been different. The US and EU data centers would have had to be separate products at loggerheads; the US product would need to be able to glue together the global developer directory, while the EU one would need to do the opposite and ensure no data leaks, which would have been a Herculean task!
GHE to the rescue!
GHE addresses these challenges by providing customers with a separately hosted GitHub Enterprise Cloud that has Enterprise Managed Users in Azure with a region lock. This instance is then located within a separate domain from GitHub.com via a global routing layer. For example, if we were to get a GHE instance, it would most likely run under the domain name: eficode.ghe.com.
The risk of mixing contexts with your GitHub handle is no more. GHE improves security by separating user and public accounts. When you provision your users into your GHE instance, they can use those credentials to access only your enterprise’s resources via your identity management system. In other words, your enterprise account will be used exclusively within your GHE context.
Note: To access GitHub.com, you need a separate account.
Bringing your data in
If you already have existing data in GitHub Enterprise Server (GHES) or some other platform, you need to migrate it to GHE. This applies even if you are currently on GitHub Enterprise Cloud as the instances (GHEC and GHE) are in two different environments and as of now there is no automated migration path between them.
For anyone on GHES or other platforms, this will not come as a surprise; moving to the cloud or changing between platforms has always been the plan. However, those on GitHub Enterprise Cloud, expecting a simple switch to change data residency settings, may be daunted by this news, although they needn’t be.
The GitHub Enterprise Importer tool helps you migrate your data into GHE, and Eficode, as a GitHub partner, is highly proficient at helping or directly migrating customers. From our perspective, it’s just an extra step between you and reaping the benefits of GitHub’s cloud offering.
Fine-tuning required
For the time being, GHE will not be a 1:1 carbon copy of GitHub Enterprise Cloud with Enterprise Managed Users. For example, if you were using GHEC and had marketplace workflows, they might not work as you expected. There is also a list of features on the GHE roadmap that are not available yet.
GHE Vadis, GitHub?
As GHE now complements GitHub’s Cloud offering, it’s time to consider the longer-term vision. From its inception, GitHub has been centered around open codes and small teams; how does GHE sit with that agenda?
The masterminds of GitHub declared that “GHE will orbit around the core planet of GitHub.com.” If users want to connect back to the mother planet, they can do so via GitHub Connect, which allows them to leverage the public sphere of GitHub.com. Think of publicly available GitHub Actions and your open-source components as contributors or benefactors.
In summary, the GitHub community will be there for you to connect to if you wish. However, some GHE users may want to opt out or even orbit at arm’s length. This does not differ too much from the current situation where some enterprises isolate themselves from the rest of GitHub.com; however, it can be done more neatly now, answering specific customer requirements.
Come GHEt it!
Sound good? Ready to get on board? Need more information?
Don’t hesitate to reach out to us. We will go over your specific requirements, concerns, and any other topics of interest.
If your mind is already set, but the part about migration sounds daunting, we can help you assess how your migration from your current setup to GHE can be done smoothly. It’s what we do!
GitHub’s road to data residency
Getting yourself onboard GHE has straightforward steps:
- Contact us to get started. Eficode is a GitHub specialized partner, Microsoft Azure Expert, and Microsoft Services Provider (MSP).
- Configure authentication and provisioning with your identity management system.
- Migrate data from another platform (optional).
- Check whether you have some features that work differently or require additional configuration.
- Take advantage of the benefits of the GitHub Enterprise platform!
Published: Oct 18, 2024