Metazoa is a publisher of software products and utilities for Salesforce administrators. These products are available for install on the Salesforce AppExchange website. All our products have passed the Salesforce Security Review. Snapshot Org Management is our flagship product. Monarch Relational Data Migration is another paid offering. We have four other solution centers that are available for free with paid upgrades for additional functionality.
All the Metazoa software products are explicitly designed to protect customer privacy and security. This whitepaper discusses the unique advantages that are inherent in the Metazoa software architecture. This whitepaper also explains the security and privacy polices put in place by Metazoa as a company. All the different Metazoa products have the same security architecture, so they are discussed collectively below.
There are two parts to any Metazoa software product. First, the Metazoa Player is a 64-bit desktop application written in compiled C that implements a security sandbox designed to protect the client computer, the local file system, and private network assets. Second, the Metazoa Document is a binary file which contains all the scripted content, user interfaces, and other graphics associated with the actual application. The Metazoa Player is similar to a Java or .NET virtual machine, and the Metazoa Document is similar to a Java jar file or .NET assembly.
The Metazoa Player was written by an engineering team led by Bill Appleton, and different version of this code base have been in use for 20 years. The multi-platform code base is used to build two separate executable programs, one for Microsoft Windows and the other for Apple Macintosh. Both versions of the Metazoa Player are code signed to prevent tampering with the executable.
The Metazoa Player was carefully written to minimize and abstract contact with the local machine, but also to allow access to certain external web based assets and local desktop files in a sandbox folder. This environment provides an extra layer of security for the customer, their desktop computer, and the local network. The Metazoa Player was designed to be a secure container for potentially untrusted applications.
The Metazoa Document contains the scripted content, user interfaces, and other graphics associated with the actual product. When new and improved versions of a product become available, a new Metazoa Document is downloaded to the Metazoa Player for execution. This provides a simple and secure method of managing application updates. The download process is visible to the customer. The documents are scanned for irregularities, and a sophisticated checksum is used to prevent tampering.
The Metazoa Player is mature and rarely updated. The Metazoa Document is updated at least three times a year to coincide with Salesforce API releases. There may be additional Metazoa Document updates throughout the year to address product enhancements, bug fixes, and performance improvements.
Metazoa maintains a read-only file server at http://www.metazoa.net where the Metazoa Player can be downloaded. When the desktop application is started, the latest Metazoa Document is downloaded from the same location. Physical access to the Metazoa Player and the latest Metazoa Document are controlled through SFTP with a client key on a secure computer. Currently Bill Appleton is the gatekeeper for changes on this server. There are different installation pages for each different Metazoa software product:
Install Paid Products
Install Solution Centers
Microsoft Windows Player
Apple Macintosh Player
When a customer logs into their Salesforce org, the Metazoa client application retrieves a Session ID that is used to communicate with the Data, Metadata, and Tooling API. All communication is conducted directly between the customer’s personal computer and their Salesforce org. Customer credentials are stored in ephemeral RAM memory and discarded when the application terminates. Data and metadata used by the product are stored in a secure folder on the customer’s local hard disk. The customer’s private Salesforce data and metadata are not transmitted, duplicated, or cached on any other server or cloud that is outside of the customer’s environment.
The Metazoa Player is downloaded once from the file server at www.metazoa.net. The Metazoa Player uses HTTP POST over SSL for network communication with the Data, Metadata, and Tooling APIs. This is the same network protocol that the Salesforce HTML web application uses to run in a browser, except Metazoa is communicating with XML instead of HTML documents. The diagram below illustrates this architecture.
The customer doesn’t need to worry about security practices on the Metazoa cloud. Metazoa doesn’t have a cloud. Metazoa uses your Salesforce org for team collaboration and shared data. The customer doesn’t need to worry about the privacy policies in the Metazoa data center. Metazoa doesn’t have a data center. Metazoa uses your Salesforce org and your local drive for data storage.
Because of this, Metazoa has a superior architecture for delivering administrative products on the Salesforce platform. We have the same modern desktop architecture as Slack, Tableau, Salesforce DX and Visual Studio Code. Metazoa software products are both more interactive and more secure than alternative architectures that can potentially expose your administrative credentials and private data to the open Internet.
The Metazoa Player can be run on a Virtual Machine in the cloud or behind a corporate firewall instead of a personal computer. This option allows greater control over the computing environment. All customer data and metadata are stored on the Virtual Machine’s hard disk. All Internet connectivity takes place on the Virtual Machine’s network. During professional service engagements, a Virtual Machine can be used to keep all customer data and metadata inside the customer’s computing environment.
The Metazoa Player has been architected to ensure data privacy. All customer data and metadata remain in the customer’s computing environment. The fact that there is no external cloud or data center helps ensure that privacy regulations such as HIPAA and GDPR are inherently followed. The Metazoa Snapshot product follows the ALCOA principles for GxP. The reports that Snapshot generates are:
Snapshot also conducts metadata deployments and data migrations. These org transformation operations also support GxP principles:
Metazoa products integrate with some external applications and API services. The external applications must be installed on the desktop computer for successful integration using the Command Line interface. These external applications include:
If for any reason a customer is concerned about the security characteristics of these external applications then they should be uninstalled from the desktop computer or laptop.
Metazoa products also integrate with some API services. If for any reason a customer is concerned about the security characteristics of these API services then access can be turned off with the Workspace Manager. This permission prevents Metazoa from calling the given API service.
In the case of OpenAI grounding data is used in some circumstances. Grounding data includes packets of Data and Metadata required for intelligent analysis. The OpenAI API does not store prompts or grounding data for any purpose. In particular, the developer API does not use prompts for training. The Snapshot preferences interface allows the customer to enter their private developer key for OpenAI if desired. The service can also be enabled or disabled in the preferences interface. Find more information below.
All Metazoa software products communicate directly between the customer’s personal computer and their Salesforce org. Metazoa does not have access to any customer data or metadata. All transactions take place with Salesforce API services and are conducted using the SSL protocol. All transactions conform to the Salesforce API security policy. All transactions are further limited by the policies that customers have established for their Salesforce org. All the Metazoa software products available on the AppExchange have passed the Salesforce Security Review. The read-only Metazoa file server is used for the initial download of the Metazoa Player desktop application and after that a Metazoa Document that delivers product updates.
All Metazoa software products communicate directly between the customer’s personal computer and their Salesforce org. Metazoa does not have access to any customer data or metadata. Our Snapshot Org Management product uses the Salesforce License Manager to administer customer access. The other products are licensed to an individual org and the associated sandboxes. Customer information is used solely for product licensing, feature roadmap, and technical support. Personal customer information will never be transferred to a third party or become linked to any database external to Metazoa.