Hyperforce: the Trust, Innovation, and Customer Success Enabler for Data + AI + CRM
Salesforce Hyperforce is a game-changing unified cloud platform hosted on a public cloud infrastructure that allows our customer organizations to leverage the capabilities of Salesforce's Customer 360 applications on a global scale while helping customers meet their data residency and other compliance needs. It brings enhanced scalability, performance, and data control to businesses, enabling them to unlock new opportunities and deliver exceptional customer experiences.
This blog articulates the details of how Hyperforce evolved and became a trust enabler for organic innovation and customer success for the three key pillars for the future of business namely Data + AI + CRM. At Salesforce, we are helping companies act on insights with AI, unify customer data, and automate in real time. This combination of Data + AI + CRM means your data works smarter. And it all adds up to what we call customer magic. Because customers are at the heart of everything we do.
Fundamentally, while Hyperforce is leveraging the power of public cloud infrastructure for auto-scaling, our 25+ years of learnings and best practices that are incorporated into building Hyperforce with a security-first culture, Zero Trust principles, shift-left mindset, and public cloud-ready architecture have put Hyperforce in this strategic position for Salesforce as an organization.
Hyperforce is architected, designed, and built in-house employing cutting-edge technologies such as Microservices, Docker Containers with Kubernetes orchestration, a managed service-mesh architecture, and other advanced methodologies. Hyperforce instances are composed of code rather than hardware, so that the Salesforce platform and applications can be delivered rapidly and reliably to locations worldwide, giving customers more choice and control over data residency and privacy.
Hyperforce serves as the foundation for a secure and compliant cloud infrastructure platform that adopts a more flexible and dynamic approach by abstracting away the underlying hardware. This enables Salesforce to adapt more swiftly to changing demands, incorporate new technologies without being constrained by physical hardware, and provide a unified runtime environment for all business applications hosted within the ecosystem. It provides a comprehensive set of security measures, including robust access controls, data encryption, and compliance frameworks. These built-in security features safeguard the confidentiality, integrity, and availability of data, instilling confidence in customers that their data remains protected at all times. By capitalizing on the secure-by-default functionality of Hyperforce, the business applications running on top of it will not only benefit from a strong security foundation but also streamline the development and deployment of secure cloud-native services. This adherence to security best practices aligns with Salesforce's commitment to providing trustworthy and reliable solutions for customers.
Last but not least, Hyperforce offers the ability to store data in data centers located across different geographic regions. This helps customers address data residency and compliance requirements, allowing customers to choose where their data is stored to meet regional regulations.
Hyperforce is designed with an emphasis on security, developer agility, and cost to serve. Its architecture strategically embraces the Domain-Driven Design (DDD) methodology with Bounded Contexts that allow shared concepts across the platform and to shape its logical structures. Bounded Contexts allow for the denormalization of the internal data allowing for services to manage their own internal notions and concepts. The implementation of a Bounded Context is called a Functional Domain (FD), following this approach to Domain isolation groups services such that there is strong cohesion (set of strongly related functions) within a Functional Domain and no direct coupling between Functional Domains. Adhering to this architecture pattern provides benefits in terms of minimizing the potential blast radius, enforcing the principle of least privilege, and amplifying scalability. Furthermore, it furnishes developers with a considerable degree of flexibility and agility, enabling the creation of tightly integrated, yet loosely coupled, secure services and applications.
Hyperforce Foundation Domain includes a defined set of capabilities that makes a Hyperforce instance available for deploying functional domains into. It is the bedrock equipped with a suite of services that furnish the essential functionalities for all Functional Domains (FDs). These services encompass DNS service, network security, data security, logging and monitoring, delivery pipelines, and more. Notably, foundation services are universally accessible to all FDs and seamlessly integrated into each Hyperforce Instance.
A Falcon Functional Domain (FD) is a logical boundary around a set of capabilities, features, or services that are built and delivered independently from other Salesforce applications. Each Functional Domain can be thought of as a set of business or technical use case functionalities. FDs help manage scale and blast-radius scope.
Salesforce Hyperforce is built on a foundation of robust security controls, providing high levels of protection for our customer's data and privacy. It employs a multi-layered approach to security, encompassing various measures and practices to safeguard our infrastructure, platform, and services.
The key tenets of Salesforce Hyperforce infrastructure, platform, and application security follow the below principles:
● Zero Trust Architecture: This cybersecurity approach emphasizes the concept of "never trust, always verify.” Following this architecture principle, we have implemented controls such that every access request, regardless of the user's location or device, is treated as potentially untrusted. This approach helps ensure that all users, devices, services, and connections, regardless of their location within or outside the Salesforce trust boundary, undergo authentication, authorization, and continuous validation for security configuration and posture. These stringent measures are implemented to grant and maintain access to applications and data securely.
● End-to-End Encryption: To secure data-in-transit, Salesforce provides robust security measures to protect data both over the public internet and within the Salesforce trust boundary. Data-in-transit over the public internet is secured using TLS1.2 or higher connections, providing a strong layer of encryption for data traveling across public networks. Within the Salesforce trust boundary, data-in-transit benefits from an even higher level of security through the adoption of mutual TLS (mTLS) connections by implementing the Service Mesh architecture.
● Infrastructure As Code (IaC): This principle advocates for the use of code and scripting languages to automate the provisioning, configuration, and management of infrastructure resources. IaC treats infrastructure as if it were software, allowing these tasks to be defined and managed through code instead of manually setting up servers, networks, and other components. The deployment of workloads into the production environment and their configuration are completely automated using CI/CD pipelines, which eliminates the need for manual intervention.
● Immutable Deployments: This software deployment strategy ensures that the application and its associated infrastructure are treated as immutable entities that never change once deployed. Instead of updating or modifying existing components, the strategy involves creating new instances of the application and infrastructure with each update or change. Adopting this strategy defends against any configuration drifts, privilege escalations, and unauthorized lateral movements within the production environment.
● Just-in-Time Access (JIT): This security practice enables granting users, processes, applications, and systems an appropriate level of access for a limited amount of time, as needed to complete necessary tasks. Access is granted on a "need-to-know" basis and is strictly limited to only the necessary resources for a specific task or function. This time-bound, least-privilege-based access helps reduce the risk of unauthorized access to sensitive data.
● Elasticity: The elasticity offered by the public cloud empowers to dynamically access compute capacity based on specific needs, enabling unparalleled flexibility and efficiency. With Hyperforce, resource deployment in the public cloud becomes a seamless and rapid process, further enhancing the benefits of elasticity. Moreover, by harnessing cutting-edge technologies such as Docker containers orchestrated by Kubernetes, the level of elasticity reaches new heights, delivering an exceptional and uninterrupted experience to our valued customers.
● Observability: To help ensure optimal performance, Salesforce employs a sophisticated READS metrics system that continuously tracks essential health indicators, including request rate, errors, availability, duration, and saturation. By meticulously monitoring these READS metrics, we can proactively address any issues, maintain system reliability, and continuously improve the performance of services and customer-facing applications hosted on Hyperforce.
Aligned with the NIST (National Institute of Standards and Technology) framework, the cybersecurity controls offered by Hyperforce from the Foundation Domain to other FDs like Core, Data Cloud, and others encompass various categories, including access control, network security, data protection, threat detection, incident response, and more. These controls are carefully designed and implemented to address specific security objectives and mitigate potential risks.
The 3 Availability Zone (3AZ) architecture of Salesforce Hyperforce is a fundamental design principle aimed at enhancing the reliability, availability, and resilience of the platform. Availability Zones are distinct, physically separated data centers within a specific geographic region, each equipped with its own power, cooling, and networking infrastructure. The 3AZ architecture deploys these zones strategically to ensure redundancy and fault tolerance, providing a high level of service availability even in the face of unexpected failures or geographic incidents. All the services that are securely hosted on the Hyperforce platform, adhere to the same rigorous design and deployment principles applied to other services within Hyperforce. This approach helps ensure consistent availability and resilience across all services hosted on the platform, further reinforcing the robustness and reliability of the Salesforce services.
Hyperforce delivers data residency benefits by providing customers with local data storage and processing options, which can help them comply with local regulations. This can be a major advantage for businesses that operate in multiple countries and need to comply with different data privacy laws.
Localized performance is another Hyperforce benefit. With Hyperforce, customers can co-locate their Salesforce apps alongside their other apps, which can improve performance and reduce latency. This is especially beneficial for businesses that have a large number of users in a particular region.
One of the greatest examples of rapid innovation and going from idea to product within a matter of 3 months by Salesforce was by offering Einstein Generative AI Solutions by leveraging the strength of Hyperforce.
Hyperforce-hosted Einstein 1 platform makes generative AI accessible to our customers at scale. Our secure platform connects customers' data with the power of large language models (LLMs) to create relevant, customized output. Einstein works with a variety of LLMs, and Salesforce partners with AI leaders to ensure data security. We create, test, and improve prompt templates to provide consistently high-quality results.
Trust is our top priority at Salesforce, and our generative AI applications are no different. The Einstein Trust Layer secures generative AI at Salesforce by seamlessly integrating data and privacy controls into the end-user experience. It's a sequence of gateways and retrieval systems that ground your prompts in customer data while mitigating risk. Learn how the Einstein Trust Layer safely supercharges your data with generative AI.
Conclusion: Hyperforce is the foundational unified cloud platform hosted on the public cloud that is built with security and enabling Salesforce to innovate, and offer solutions based on the latest and greatest technologies rapidly without compromising on security and compliance to make sure our customer data and privacy is protected at all times.