Salesforce Architecture - gettectonic.com
Private Connectivity Between Salesforce and On-Premise Network
19Jul

Private Connectivity Between Salesforce and On-Premise Network

Salesforce is an AWS Partner and a trusted global leader in customer relationship management (CRM). Hyperforce is the next-generation Salesforce architecture, built on Amazon Web Services (AWS). Private Connectivity Between Salesforce and On-Premise Network explained. When business applications developed on Hyperforce are integrated with on-premises systems, traffic in both directions will flow over the internet. For customers in heavily regulated industries such as the public sector and financial services, programmatic access of the Salesforce APIs hosted on Hyperforce from on-premises systems is required to traverse a private connection. Conversely, accessing on-premises systems from business applications running in Hyperforce is required to use a private connection. In this insight, AWS describes how AWS Direct Connect and AWS Transit Gateway can be used in conjunction with Salesforce Private Connect to facilitate the private, bidirectional exchange of organizational data. Architectural overview How to use AWS Direct Connect to establish a dedicated, managed, and reliable connection to Hyperforce. The approach used a public virtual interface to facilitate connectivity to public Hyperforce endpoints. The approach in this insight demonstrates the use of a private or transit virtual interface to establish a dedicated, private connection to Hyperforce using Salesforce Private Connect. Approach AWS Direct Connect is set up between the on-premises network and a virtual private cloud (VPC) residing inside a customer’s AWS account to provide connectivity from the on-premises network to AWS. The exchange of data between the customer VPC and Salesforce’s transit VPC is facilitated through the Salesforce Private Connect feature, based on AWS PrivateLink technology. AWS PrivateLink allows consumers to securely access a service located in a service provider’s VPC as if it were located in the consumer’s VPC. Using Salesforce Private Connect, traffic is routed through a fully managed network connection between your Salesforce organization and your VPC instead of over the internet. The following table shows the definitions of inbound and outbound connections in the context of Salesforce Private Connect: Direction Inbound Outbound Description Traffic that flows into Salesforce Traffic that flows out of Salesforce Use cases AWS to Salesforce Salesforce to AWS On-premises network to Salesforce Salesforce to on-premises network Inbound and Outbound This pattern can only be adopted for Salesforce services supported by Salesforce Private Connect, such as Experience Cloud, Financial Services Cloud, Health Cloud, Platform Cloud, Sales Cloud, and Service Cloud. Check the latest Salesforce documentation for the specific Salesforce services that are supported. Furthermore, this architecture is only applicable to the inbound and outbound exchange of data and does not pertain to the access of the Salesforce UI. The following diagram shows the end-to-end solution of how private connectivity is facilitated bidirectionally. In this example, on-premises servers located on the 10.0.1.0/26 network are required to privately exchange data with applications running on the Hyperforce platform. Figure 1: Using AWS Direct Connect and Salesforce Private Connect to establish private, bidirectional connectivity Prerequisites for Private Connectivity Between Salesforce and On-Premise Network In order to implement this solution, the following prerequisites are required on both the Salesforce and AWS side. Salesforce Refer to Salesforce documentation for detailed requirements on migrating your Salesforce organization to Hyperforce. AWS Network flow between on-premises data center and Salesforce API The following figure shows how both inbound and outbound traffic flows through the architecture. Figure 2: Network flow between on-premises data center and Salesforce Inbound Outbound Considerations for Private Connectivity Between Salesforce and On-Premise Network Before you set up the private, bidirectional exchange of organizational data with AWS Direct Connect, AWS Transit Gateway, and Salesforce Private Connect, review these considerations. Resiliency We recommend that you set up multiple AWS Direct Connect connections to provide resilient communication paths to the AWS Region, especially if the traffic between your on-premises resources and Hyperforce is business-critical. Refer to the AWS documentation on how to achieve high and maximum resiliency for your AWS Direct Connect deployments. For inbound traffic flow, we recommend that the VPC endpoint is configured across Availability Zones for high availability. Configure customer DNS records for the Salesforce API with IP addresses associated with the VPC endpoint and implement the DNS failover or load-balancing mechanism on the customer side. For outbound traffic flow, we recommend that you configure your Network Load Balancer with two or more Availability Zones for high availability. Security For inbound traffic flow, source IP addresses used by the incoming connection are displayed in the Salesforce Private Connect inbound configuration. We recommend that these IP ranges be used in Salesforce configurations that permit the enforcement of source IP. Refer to the Salesforce documentation Restrict Access to Trusted IP Ranges for a Connected App to learn how you can use these IP ranges can to control access to the Salesforce APIs. You access Salesforce APIs using an encrypted TLS connection. AWS Direct Connect also offers a number of additional data in transit encryption options, including support for private IP VPNs over AWS Direct Connect and MAC security. An IP virtual private network (VPN) encrypts end-to-end traffic using an IPsec VPN tunnel, while MAC Security (MACsec) provides point-to-point encryption between devices. For outbound traffic flow, we recommend that you configure TLS listeners on your Network Load Balancers to ensure that traffic to the Network Load Balancer is encrypted. Cost optimization If your use case is to solely facilitate access to Salesforce, you can use a virtual private gateway and a private VIF instead to optimize deployment costs. However, if you plan to implement a hub-spoke network transit hub interconnecting multiple VPCs, we recommend the use of a transit gateway and a transit VIF for a more scalable approach. Refer to the Amazon Virtual Private Cloud Connectivity Options whitepaper and AWS Direct Connect Quotas for the pros and cons of each approach. Conclusion Salesforce and AWS continue to innovate together to provide multiple connectivity approaches to meet customer requirements. This post demonstrated how AWS Direct Connect can be used in conjunction with Salesforce Private Connect to secure end-to-end exchanges of data in industries where the use of the internet is not an option. Like Related Posts Salesforce OEM AppExchange Expanding its reach beyond CRM, Salesforce.com has launched a new service called AppExchange OEM Edition, aimed at non-CRM service providers. Read more The Salesforce Story In Marc Benioff’s own words

Read More
July 19, 2024in Hyperforce
Cloud First
09Jun

A Salesforce Architect’s Thoughts on User Experience

The intersection of Salesforce User Experience (UX) Design and Architecture in the Salesforce ecosystem is making traction. As User Experience Designer and Strategy Designer certifications were launched by Salesforce, architects are increasingly venturing into UX to create comprehensive and well thought out solutions. This collaboration, emphasizing the importance of user experience, has the potential to increase project success through efficient, scalable, and sustainable designs, particularly for Certified Technical Architects (CTAs). User Interaction and Adoption are important considerations for architects, requiring a focus on understanding user interactions to guide effective decisions. The method of creating a user story, showing what the user needs to accomplish, assists the designers in creating solutions that are user friendly By mapping the user journey and data flow through process and journey mapping, architects gain insights into necessary objects, relationships, and high-touchpoint objects influencing Large Data Volumes (LDV). Understanding user expectations informs architects about necessary record ownership changes, conversions, security, and data visibility requirements. Salesforce UX Certifications The recent emphasis on UX design in Salesforce, marked by certifications like Strategy Designer and User Experience Designer, has prompted useful discussions within the Salesforce architect community. Personal experience completing these certifications underscores the importance of architects embracing UX design, especially on the path to becoming a Certified Technical Architect. The incorporation of journey mapping into solution design, as discovered through creating process and journey maps from CTA scenarios, has proven invaluable. The synergy between architects and UX designers manifests as they collaborate to seamlessly integrate visual and technical elements. Thus resulting in cohesive, user-friendly solutions. Despite distinct areas of expertise, both roles converge on considering user needs, business requirements, and personas, fostering pivotal collaboration that ensures functional and aesthetically pleasing systems. A user-centric approach is crucial for architects in solving problems and ensuring holistic solutions. Process mapping facilitates identifying record ownership changes, conversions, security, and data visibility requirements. Higher Probability of Success is achieved by considering the users’ interactions. Building solutions that prioritize simplicity, reducing project complexity and enhancing user understanding. Performance, Scalability, and Usage must be factored into architectural considerations. Architects need to understand system usage, scalability needs, and performance to create efficient systems capable of handling increased usage. Additionally, architects should prioritize efficiency by identifying large data volume objects and designing for scalability. Return on Investment (ROI) through Sustainability is a key factor for project success. Architects should consider both adoption and sustainable design, ensuring long-term value. ROI-driven decisions should permeate the design process. Minimizing potential rework and supporting evolving technology and business requirements. Salesforce UX in Design Process Incorporating user experience design early in the design process enhances project success by avoiding costly redesigns and ensuring the final product meets user needs. Architects must prioritize sustainability. Then they can create designs that maximize ROI and provide long-term value to the organization. User experience design is integral for architects. While providing a framework for understanding user interactions and optimizing the Salesforce solutions the arcitects design and build. Embracing UX design and collaborating effectively, architects can create systems that are not only functional and efficient but also intuitive and enjoyable to use. When designing custom Salesforce solutions, the architect should always consider the end user. At Tectonic, our entire team of Salesforce consultants focus on delivering an application that meets everyone’s expectations. Contact us today. Like1 Related Posts Salesforce OEM AppExchange Expanding its reach beyond CRM, Salesforce.com has launched a new service called AppExchange OEM Edition, aimed at non-CRM service providers. Read more The Salesforce Story In Marc Benioff’s own words How did salesforce.com grow from a start up in a rented apartment into the world’s Read more Salesforce Jigsaw Salesforce.com, a prominent figure in cloud computing, has finalized a deal to acquire Jigsaw, a wiki-style business contact database, for Read more Health Cloud Brings Healthcare Transformation Following swiftly after last week’s successful launch of Financial Services Cloud, Salesforce has announced the second installment in its series Read more

Read More
June 9, 2020in Salesforce, Salesforce Development Services, Salesforce Managed Services, Salesforce Manufacturing Automotive Energy, Salesforce Public Sector Solutions

Subscribe to our mailing list. Join our mail list to receive our newsletter

We'll keep you up to date with our latest news, insights, free resources, and much more.
Don't worry, we won't spam you.
gettectonic.com