In addition to the Parallel Works SaaS platform, we offer a solution for the US Government: the Parallel Works High-Security Platform (PWHSP). Hosted in AWS GovCloud, the PWHSP is compliant with Federal Risk and Authorization Management Program (FedRAMP) standards.
Features and Services
The PWHSP includes the same major features of the PW platform. Some features and services have been modified for security compliance, which are detailed in this section.
At present, the PWHSP only supports connecting to on-premises clusters with an Authority to Operate (ATO) and deploying compute resources on AWS. We will be adding support for Microsoft Azure and Google Cloud Platform compute resources in the future. All AWS options are available on the PWHSP, but screenshots and page sections that mention other cloud service providers can be disregarded until further notice.
The PWHSP does not support SSH access from your personal computer to cloud resources. All of your work with compute resources must be conducted in your user workspace on the platform.
On the PWHSP, users are required to have MFA enabled on their account or use an authentication method which ensures MFA, e.g. CAC, an OIDC provider with MFA.
For users using the password authentication method, we support adding a YubiKey 5 FIPS model. YubiKeys plug into your computer via USB-A or USB-C and require physical touch after you enter your password. These YubiKeys are provisioned and issued by Parallel Works.
Common Access Cards (CAC) are the standard form of identification for government employees, personnel, and service members. If you use a CAC, your administrator will register your CAC with your PWHSP account before you access the PWHSP for the first time. You’ll need your CAC PIN in addition to your CAC.
OpenID Connect can use either a YubiKey or a CAC for second-step validation. With OpenID connect, the PWHSP login page is provided by the government instead of Parallel Works. The YubiKey in this case will be provisioned and issued by the government.
FIPS 140-2 Compliance
The PWHSP can only be accessed through port 443. Port 80 is open for redirect to port 443 only. All data is encrypted at rest and in transit using validated FIPS 140-2 cryptographic modules.