GRAX requires network accessibility (domain and certificate), compute resources, a PostgresSQL database, and a storage bucket at a bare-minimum.
Your GRAX service must either be reachable publicly via a registered domain name with a valid certificate or via a Salesforce-configured VPN connection to your private network. This domain can be any domain that you own/manage. Salesforce - as well as your end-users - will communicate with the GRAX service with this domain (and VPN if applicable).
To provide the processing power for your GRAX service, we recommend major cloud providers like AWS or Azure. Only a single GRAX instance may be running at any given time. Violation of this constraint may cause data and service failures. The instance may be ephemeral and does not contain meaningful state information. The instance may be containerized. For high availability, we recommend multi-Availability-Zone (or non-AWS equivalent) deployments and auto-replacement policies.
Minimum technical specifications:
- x86_64 Linux distribution (recommended: Amazon Linux 2 on AWS)
- 4 vCPUs
- 16 GB RAM
- 500 GB disk storage (ephemeral, but recommended lifetime of at least a day for caching)
- 5 Gbps network connection
For longterm metadata and search index storage, GRAX utilizes a PostgresSQL relational database. This database only needs to be accessed by the instance and should not be publicly accessible. This database is not ephemeral and dataloss or availability issues will halt/crash the GRAX application. Authentication with the database will happen via username/password credentials provided in the connection string. For high availability, we recommend multi-Availability-Zone (or non-AWS equivalent) deployments. The PostgresSQL major version must be at least
13.0. We recommend you snapshot/backup the database daily with a retention of more than a month.
Minimum technical specifications:
- 2 vCPUs
- 4 GB RAM
- 75 GB persistent disk storage
- PostgresSQL v13+
The PostgresSQL credentials used in the final setup of your GRAX app must have total/complete permissions to the database and all data within it. GRAX utilizes many database primitives to optimize performance and provide reliable service, thus access may be higher than a traditional application.
For longterm Salesforce data storage, GRAX supports AWS S3 and the Azure and GCP equivalents. GRAX does not support S3 Versioning, Object Lock, or Glacier (nor any equivalent functionality in other providers). This bucket only needs to be accessed by the instance and should not be publicly accessible. The GRAX service, in maintenance of our proprietary data format, will create and delete objects from the selected bucket over the lifetime of the application. No data-containing objects are updated in place.
The total amount of data stored in your bucket depends on many factors that produce an unpredictable final size. Thus, we can only suggest that up to 5TB of total storage volume be available/planned in these buckets for the average customer.
The bucket credentials used in the final setup of your GRAX app must have access to delete, get, update, and create all contents of the bucket. If you choose to use any encryption-at-rest mechanism (AWS KMS), you must also grant permission to utilize the keys in question and perform crytographic operations on all objects in the bucket.
In addition to the above, customers also like to utilize autoscaling, loadbalancing, and traffic filtering services for security and reliability. For high-availability and quality-of-service, we recommend an ALB positioned in front of the instance for ingress traffic. We recommend the use of an autoscaling group with a size of
1 for the sake of auto-replacement and recovery. Additionally, most enterprise cloud teams will use ingress and egress filtering (e.g. a web application firewall and/or VPC gateway) for all resources. You can find more details about the minimum requirements for networking here.
If you have an ALB or other monitoring service that needs a health check endpoint, a
200 response from
/health on port 8000 is expected if the application is healthy.
Updated 6 days ago