GRAX is a SaaS Data Value platform that provides backup, recovery, and data archive functionality for customers who need to have ownership of backup data for their Salesforce instances.
Below is an overview of the GRAX ‘stack’, essentially, the technologies that GRAX is built upon to achieve one, cohesive data value solution. It is essential to understand how GRAX utilizes these core technologies, as the major areas of planning, installation, and implementation involve the configuration and management of each of these essential tiers of the GRAX solution (the ‘stack’).
Let's get into the components configured as part of the GRAX package:
The GRAX Data Value Platform consists of a Managed Package that is deployed into your Salesforce instance. This includes things like user Permission Sets, UI Elements, configuration screens, custom objects and business logic required for the client side of the GRAX Application. Some considerations when configuring this include
- Configure IP restrictions in the Salesforce Admin UI to the outbound IP addresses in the AWS VPC.
- Add a Remote Site setting in the Salesforce configuration to allows communication to the GRAX Application endpoint.
- Manage access to the Salesforce environment for GRAX support staff by granting and revoking access using the Salesforce Grant Login Access feature.
The secure container that provides a network isolated single tenant deployment of the GRAX Application. The main AWS components deployed here are:
- Application Load Balancer: load balancer that handles incoming HTTP requests
- Processing Instances: Where backups are scheduled, queries issued against Salesforce, results are downloaded and processed etc. These instances are controlled by an AWS Autoscaling to enhance application up time.
- Aurora Postgres: application db for storing metadata on where to find things, jobs and executions. No customer org data lives here.
- Amazon Elasticsearch: The GRAX Application utilizes Elasticsearch to enable fast and efficient searching of the latest backed up records in the system. It also maintains an index that is used when searching for older versions of records. This data is stored encrypted at rest.
Encrypted storage of keys for database, api access etc. Key rotation etc is automatically handled here.
Logging from the GRAX Application stack are aggregated into a single stream by the Cloudwatch service and shipped to a Papertrail service endpoint.
By default, GRAX ships with an S3 backed object store that is provisioned as part of the GRAX customer account created at deploy time. Often times, customers choose to replace this with an object store that is controlled within their own AWS account.
When deploying your own S3 buckets, the GRAX implementation team will require the S3 Access Key for a bucket you have created, this key will be stored securely in the AWS Secrets Manager.
If you wish to use either Azure or Google Cloud Platform object storage, please contact the GRAX team for details on how this is configured.
NOTE if configuring an object store that is external to AWS you will assume responsibility for the network configuration between the two services. Data in these scenarios will transit across the internet and you may see an increase in latency of the system as a result. It is best practice to locate this object store as close as possible to the deployed AWS runtime that is hosting the GRAX Application. You should also consider the possible ingress data cost implications of using a non-AWS data object store.
Where we provision resources, manage customer deployments and collect anonymous usage stats for the platform.
Logging and search service where we forward runtime logs for GRAX operations and support access.
Exception collection and management for GRAX internal use.
Salesforce Heroku PaaS is the easiest, fully managed way for customers to deploy GRAX into an environment they own. GRAX leverages the Heroku Private Space, a network isolated offering with heightened security and compliance benefits for customers, when deploying the GRAX Data Value Platform in this configuration.
Updated about 10 hours ago