What's this GHEC with Data Residency and how can I get started?

[jpritchard]

What's this GHEC with Data Residency and how can I get started for my business?

Back on Oct 30th last year, we announced that GitHub's cloud-deployed offering, GitHub Enterprise Cloud, is coming to the globe! Announced first in Europe, conforming to the EU Data Boundary. We recently announced Australia's availability also!

There are compliance and regulatory reasons why customers may have not been able to previously choose GitHub Enterprise Cloud (on github.com). Often these customers choose to use our GitHub Enterprise Server based product to fill that need. However, we know that innovation on a cloud cadence has great appeal, in particularly looking at how GitHub Copilot is enriching developer experiences outside of the IDE and in the web interface.

GHEC with Data Residency is the solution for this need. Like other cloud-delivered solutions, it puts the maintainability and scale on GitHub's shoulders to allow you to focus on your core business, rather than operations. As well as bringing the pace of innovation we know you have come to expect from GitHub whilst conforming to this aforementioned compliance requirements your businesses demands.

To get started, just get in touch with your Account Team who will oversee the creation of a tenant for you to begin your journey!

What happens once I have a GHEC DR tenant? How can I login and setup my team's access?

GHEC with Data Residency is conceptually the same as our Enterprise Managed Users (EMU) variant of GHEC. That is to say that it requires all identities to be corporate managed, coming from your own Identity Provider (IdP) to ensure security.

In addition, we provide subdomain isolation so that your tenant will exist under a subdomain of GHE.com ensuring you can keep access separate from any GitHub.com usage for contributions to Open Source and other projects.

Your "first" admin user, as it's known will have access to an admin account within GHEC with Data Residency which will allow you to configure the integration with your IdP.

Please see the following documentation.

Or this video from our solutions engineering team, to walk you through the setup if using EntraID for example.

The documentation does point out our preference is to use the OIDC integration, as it also allows Conditional Access Policies (CAP), again, further enhancing security. However, only one of these OIDC connections can be in use at a time, so if you have multiple GitHub Enterprise accounts already (with your existing estate) you'll likely need to choose the SAML based integration.

Getting your team set up for success

• If you are a new customer, or aren't looking to migrate data beyond for example utilising git bare clone then now is the time for you to plan your Organisation layout. We recommend keeping these to as few as possible (each team does not need its own organisation). Keeping your Organisations to a reasonable amount also promotes InnerSourcing. One of the benefits of EMU is it has a new repository visibility type, Internal, which you can use to set as the default Org/Repo type to further promote InnerSourcing.

• You'll need to configure your Azure Subscription ID to ensure that any metered products such as GitHub Hosted Runners can be utilised beyond your included usage.

• If you are an existing customer who already utilises GitHub Enterprise in another deployment type. This is also a moment to consider your migration journey. Often a "lighthouse" team will be selected who are keen to try out GHEC with Data Residency's cloud-hosted feature-set and are motivated to share their experiences and learnings with the teams to come.

• GitHub provides migration tooling in the form of the GitHub Enterprise Importer. This tool allows the migration of data from tools such as BitBucket, Azure DevOps, as well as other GitHub deployment types. Whilst we're actively working on improving areas within the migration tooling, it is important to point out that not all data types are migrated by this tool.

• We suggest you evaluate the necessity of migrating information which is currently not supported, and plan for alternatives (such as via API extraction), or accepting that this data will not be able to be carried forward at this time.

• Your GitHub account team will be helping to smooth your path, and we're excited to see your journey into the GitHub constellation!