GCC High Server

What is GCC High?

To meet the unique and evolving requirements of the United States Department of Defense, as well as contractors holding or processing Controlled Unclassified Information (CUI) or subject to International Traffic in Arms Regulations (ITAR), Microsoft offers GCC High and DoD environments.

Microsoft created GCC High to meet the needs of the Department of Defence and Federal contractors that needed to adhere to the rigid cybersecurity and compliance requirements of NIST 800-171, FedRAMP High, and ITAR, or who need to manage CUI.

GCC High is a copy of the government commercial cloud environment but the security compliances are higher with GCC High and there are fewer Microsoft features as these do not meet compliance requirements. The data centers are only located in the United States.

Security Information

Office 365 GCC High and DoD meet the security certifications and accreditations as follows:

• The Federal Risk and Authorization Management Program at FedRAMP High, including those security controls and control enhancements as outlined in the National Institute of Standards and Technology (NIST) Special Publication 800-53.
• Microsoft 365 DoD: The security controls and control enhancements for the United States Department of Defense Cloud Computing Security Requirements Guide (SRG) for information up to Impact Level 5 (L5).

Eligibility Criteria

GCC High is reserved for the Defense Industrial Base (DIB), DoD contractors, and Federal Agencies. Every customer hoping to move to GCC High must first receive validation from Microsoft.

To gain access, there are stringent background checks for employees and any staff member requesting temporary permission. Microsoft 365 staff do not have access to GCC High and DoD environments.

Migrating to/from GCC High

Migrating to GCC high will depend on a number of factors. This could be if your organization needs to handle CUI and if so, the amount of existing CUI that will need to be migrated.

CloudM Migrate Self-Hosted is suitable for this. With an on-premise instance or cluster of CloudM Migrate servers in your source network only licensing information is passed externally to CloudM.

Any data that is migrated will remain in your network, come across a CloudM server, and then out of your network into GCC High. The data stream is encrypted end to end including while on CloudM server drives.

The primary server is the main point of control for the migration processes. The user interface communicates with the primary to start and stop migrations. The primary server allocates individual data items to secondary servers and provides control and load balancing of migrations.

Secondary servers perform the actual migration of data from the source endpoint to the destination endpoint. They are controlled by the primary server. Multiple secondary servers can be incorporated to provide scalability for migrations requiring additional threads to increase throughput or migrate large numbers of items. Secondary servers are installed within the same network as the Primary server, whether that be on a migration farm built within your own network infrastructure or built on Google Cloud Compute, Microsoft Azure, or Amazon EC2.

Communication between primary and secondary servers is not encrypted as they should be built within the same network infrastructure. The communication between primary and secondary servers contains no user data and is only used to provide command and control.

Both primary and secondary servers communicate with the CloudM Migrate Self-Hosted licensing server using HTTPS (TLS 1.2) encryption.

If you are looking to securely migrate to or from GCC high server, contact CloudM today. Our deployment team can guide you through the process whilst ensuring security is at the center of your migration.