Application Telemetry

Continuous Secure Monitoring for GRAX

Overview

  • Each time the GRAX application boots, it connects to the GRAX Control Plane for licensing and telemetry checkins.
  • Each time a GRAX processing job (backup, archive, restore, search indexing, history streams) runs, job status and progress information is sent to the GRAX Control Plane.
  • At least hourly, the GRAX application reports general application statistics to the GRAX Control Plane.
  • (Non-telemetry) When a GRAX instance boots for the first time, it downloads the GRAX executable from the GRAX Control Plane.
  • (Non-telemetry) Each time a user establishes a Salesforce SSO or OAuth session, the GRAX Control Plane facilitates the token handling.
  • (Non-telemetry) Each time the GRAX application needs to send an email, it uses the GRAX Control Plane to facilitate.

Network Considerations

The network considerations to allow this required functionality are simple. Egress to hq.grax.com (3.232.229.75) is required at all times from the application. Without this access, the application will not boot or run. This is not configurable. For more information about overall GRAX networking, see the GRAX Networking page.

Data Security

GRAX takes security of customer data seriously. As such, none of your Salesforce data ever leaves the application environment. A breakdown of collected data follows:

  1. Names of Salesforce objects (Standard and Custom) covered by backup and archive operations.
  2. Number of records for Salesforce objects (Standard and Custom) covered by backup and archive operations.
  3. GRAX backup/archive/restore configurations (schedule, start time, etc) and statuses.
  4. Size, performance, and internal metrics for the proprietary GRAX storage layer in your storage bucket.
  5. Size and performance metrics for the attached postgres database.
  6. Total data size sent and received to/from Salesforce.
  7. Feature enablement status (feature flags, feature access levels)
  8. Structured application logging (optional)

No sensitive, classified, or restricted data or PII is included in telemetry communications. The content of backed up records is not inspected for telemetry, nor is it made available to any GRAX engineers.

All data is encrypted with HTTPS and TLS 1.2+ while in flight, and encrypted on disk when at rest. Access to the telemetry dataset is restricted within the GRAX team to only engineers whose roles require access.