Leanspace's Secure Deployment Practices - Ensuring ITAR-compatibility | Leanspace

Table of Contents

Leanspace’s Secure Deployment Practices – Ensuring ITAR-compatibility for Satellite Operators

Leanspace’s Secure Deployment Practices – Ensuring ITAR-compatibility for Satellite Operators


In this article, you will receive a transparent view of Leanspace’s development and release process. You will also learn about the deployment practices that are ITAR compatible and the support that you will get on both the DevOps and Customer Support side.

Deployment options to fit multiple use cases, all hosted on AWS

Before we dive into our deployment processes, here is an overview of the Deployment options available.

All of our environments are hosted on AWS. Leanspace now supports models where you own the AWS cluster, and either provide us access to manage the platform for you, via sub-accounts, or we provide the platform as a package deployment. These options give you full control of your platform.

In that way, we place complete control in your hands, with the flexibility to change as you need.

Let’s start with an overview:

Model 1: Managed service on Leanspace AWS Cluster (multi-tenant)

  • Deployed on a shared cluster containing your environment, configurations, and data
  • Regular releases via the Leanspace CI/CD
  • Hosted in the EU-Frankfurt region
  • Leanspace owns the AWS account

Model 2: Managed Service on Leanspace AWS Cluster (dedicated)

  • Isolated cluster containing your environment, configurations, and data
  • The option of receiving regular releases or at your own pace via the Leanspace CI/CD
  • Your choice of region
  • Leanspace owns the AWS account
  • Scope to expand based on your own performance requirements

In this format, you can start with a Managed, Multi-Tenant environment, deployed in AWS. For early-stage satellite operators, this is the perfect entry point to access the Leanspace platform, where the deployment and regular updates are handled for you.

This setup is ideal for a development environment. It gives you the opportunity to kickstart your development early, with the peace of mind that you can upgrade to an ITAR-compatible GovCloud when it suits your needs.

Model 3: Managed Service on Private AWS Cluster

  • Option to choose AWS GovCloud as your region
  • Isolated cluster containing containing your environment, configurations, and data
  • Leanspace Platform is hosted on the sub-account of your organization.
  • You own the AWS account, Leanspace has access to it via a sub-account
  • The option of receiving regular releases or at your own pace.

Model 4: Self-managed on Private AWS Cluster

  • Option to choose AWS GovCloud as your region
  • Isolated cluster containing containing your environment, configurations, and data
  • You own the AWS account
  • Updates are available via a staging environment at your own pace
  • Updates are in the form of a deployment package complete with scripts and code for tests

How Leanspace Prioritizes Security and Quality

Leanspace’s DevOps team helps customer set up their AWS GovCloud account

When starting with Leanspace, several steps follow:

Firstly, Leanspace’s DevOps team will help you set up your AWS GovCloud account. At this point, there is no risk of ITAR-restricted data being shared, as the account is empty. This is to ensure that you have everything you need to manage your environment, including how to deploy new packages from Leanspace.

How the GovCloud-compatible update process works

The Leanspace development environment is where our DevOps team will prepare the next release as per our CI/CD pipeline. The release itself is packaged with our code of tests, along with AWS CloudFormation scripts.

Package Phase: From Multi-tenant to GovCloud

Every week following our multi-tenant release, we package the platform and transfer it as Docker images from the Leanspace ECR repositories to the GovCloud Staging ECR repositories. Leanspace automates this process.

Testing Phase: Validation in Staging

To ensure a seamless transition, we deploy the newly created package into your Staging account, conduct multiple integration tests, and closely monitor system availability. Leanspace automates this process.

Release Process: Production Release

Once a successful deployment is confirmed, we will notify you so you can download the package from your Staging account and deploy it into your Production environment.

Additionally, you should copy the ECR images into Production. you can do so manually or automate the process yourself.

Quality Standards

Following industry best practices, any update that Leanspace delivers must go through its own series of tests to ensure that the release meets high standards. This includes tests such as end-to-end (E2E), and integration.

Deployment Windows

Deployment windows provide you more control over when deployments happen on mission-critical infrastructure.

You can specify these windows with the date and time of every month via a cron expression, for example: 0 0 5 * * specifies that the deployment can happen at 12:00 AM, on the 5th of every month. During this window, all updates from Leanspace will be applied.

Regression Tests

In addition to scheduling deployment times, you also have the ability to test and actively reject a particular update. The Leanspace support team will work quickly with you to make sure that any issues are fixed and your environments can be updated again.

How Changes Are Made (e.g. optimizing cluster size, deployment changes)

Leanspace relies on AWS CloudFormation, which is an Infrastructure as a Code (IaC) based solution. This has benefits both for us and for our customers because it allows us to make changes in a safe, secure, and efficient way. 

For instance, if you’re trying to reduce your costs and you notice that your cluster size is more than you need, you can lower it to fit your needs. Likewise, if you need to change or region, this can be handled within the day thanks to AWS CloudFormation. If you have your own AWS cluster, you can do it yourself, we’ll work with you to adapt subsequent deployments to the desired configuration. This also applies to circumstances where you need to change your region or your domain.


If you are seeking to build ITAR-compliant Mission Operations and Testing software and want to learn more about Leanspace’s cloud deployment options, including AWS GovCloud, feel free to click the button below and talk to Peter Healy, our business development manager who will be delighted to walk you through our deployment options.


Get Leanspace Insights

Sign up for the latest product releases and updates, delivered straight to your inbox each month.


Discover our exciting job vacancies.
We are constantly hiring.
Come and join the Leanspace adventure!



Introducing MPS lite! The intuitive way to plan your Satellite Operations