Air Gapped

Overview

An air-gapped network is a security measure that ensures complete physical or logical isolation from unsecured networks, particularly the internet. This isolation prevents unauthorized access, data exfiltration, and cyber attacks by creating an impenetrable barrier between sensitive systems and external threats.

Air-gapped environments are commonly deployed in organizations with the highest security requirements, including financial institutions, military installations, government agencies, and critical infrastructure providers where data security and operational integrity are paramount.

Challenges for Software Development and CI/CD

Dependency Management

• No direct access to public repositories (Maven Central, npm, PyPI, Docker Hub)
• All dependencies must be pre-positioned internally
• Manual dependency resolution and version management
• Build tools, frameworks and all their dependencies require internal hosting
• Developers are restricted to internal resources only

Security and Compliance

• Rigorous security scanning and approval processes for external artifacts
• Formal change management for updates and patches
• Strict audit and compliance tracking requirements

Operational Impact

• Reduced development velocity due to dependency access constraints
• Limited ability to experiment with new tools and libraries
• Complex environment synchronization across dev/stage/prod
• Restricted access to external support resources and documentation

Common Implementation Considerations

Key considerations when implementing the JFrog Platform in an air-gapped network.

Deployment

Multi-Instance Deployment

• Two Artifactory instances required: external for security/validation and internal for development
  • The external Artifactory can be a JFrog SaaS site
• External instance acts as security boundary
• Internal instance provides artifacts and tools
• High availability planning needed for both environments

Security Infrastructure

• Artifact scanning and validation pipelines
• Encrypted storage and transfer mechanisms
• Comprehensive audit logging and monitoring
• Incident response procedures

Operational Procedures

Artifact Management & Compliance

• Processes for requesting and approving external dependencies
• Version control and change management procedures
• Regular security updates and vulnerability remediation
• Documentation, approval workflows and compliance reporting

Air-Gapped Deployment Scenarios

Organizations implementing air-gapped environments typically employ one of two primary connectivity models, each with distinct operational characteristics and security implications.

One-Way Connection Scenario →

This scenario allows limited, controlled connectivity from the internal environment to external systems, enabling more automated artifact acquisition while maintaining security boundaries.

No Network Connection Scenario →

In this scenario, the internal and external environments have absolutely no network connectivity between them. This represents the highest level of security isolation but requires the most complex operational procedures.

Air-gapped environments represent the pinnacle of network security but require careful planning, robust processes, and specialized tooling to maintain software development productivity and operational efficiency.

References

• Using Artifactory in an Air Gapped Network
• Law enforcement achieves secured software development with JFrog