Hi! My IT/Security team had the following question:
"Will the Salesforce Edge Network migration change how our data is stored from a location standpoint? I'd imagine our data is currently stored in their US datacenter?"
WarningSalesforce Edge Network Auto Enablement was archived. To reactivate, contact the group owner Zachary Kampel.
Group
Salesforce Edge Network Auto Enablement
I can find the emails for our sandboxes but no email alerting us to a change in production. The checkbox in Prod is still selected that would allow switch to Edge.
My security team needs more time to evaluate so I plan to uncheck the box. But I'd like to confirm this feature remains in a production org even after the switch to edge network.
I just recieved an announcement email related to Winter '24 about edge network but it does not specify any org IDs or names. It generalized info that was already uncovered in the release notes. I have 5 production orgs by the way. There is only one that I'm watching for and plan to delay.
For reference: My past emails that alerted to the change have this subject:
ATTENTION: Salesforce has enabled the Salesforce Edge Network for your Production org
The body includes an org ID.
the email that went out today has this subject:
ATTENTION: Summer ‘23 Major Release introduced the Salesforce Edge Network
the 2nd does not mention an org ID.
While I think I just figured it out, I would appreciate salesforce to confirm.
I found no prior emails in my inbox. Apparently you are not alerted prior to the change. Only the past tense "Has enabled".
4 answers
informing us of a change after it has already occurred would not be advised. That email would not warn as much as inform when the switch already happened.
I checked my orgs and some that have already switched do display a different message.
Also learned that if you opt out you can input a text box reminding yourself why you postponed this change. I like that this screen captures those common reasons for postponement and a custom one.
Is a CDN still required when using Salesforce Files with Salesforce Edge for content delivery for Account Engagement static content?
HI all, I was wondering if the fact that , quoting "When Salesforce Edge is enabled for your org, your data is processed via Amazon Web Services infrastructure, as detailed in the applicable Trust and Compliance Documentation for your services, including any additional subprocessors" means that data currently held and processed in Europe could be stored in some fashion outside Europe when the users are interrogating the CRM from a location outside the EU
thank you
Valentina
3 answers
@Rupert Barrow yes Salesforce Edge is GDPR compliant. Static content (images, JS, CSS) should never include personal data of our customers nor their customers.
being alerted by the here mentioned deferral reason "Your API clients rely on RSA key exchanges in their HTTPS connections instead of Elliptic Curve Diffie Hellman Ephemeral (ECDHE) key exchanges.", I try to understand the impact of the Edge Network on a system that integrates with the Salesforce REST API, and authenticates using OAuth JWT. Namely, I want to formulate requirements for the IT partner hosting this system, so that it would be ready for the Edge Network.
I share my findings so far:
- For the OAuth JWT an RSA keypair is used as suggested here. I could observe that on both a sandbox without Edge, and another sandbox where Edge was auto-enabled already a while ago, the JWT authentication succeeds. So, probably the said deferral reason is not about OAuth JWT.
- I then turned my attention to the connection security, simply by inspecting REST endpoints in my browser, and notice that both on Edge and not yet Edge the connection security is based on ECDHE, only differing in the type of curve I believe. However this probably does not tell much, and probably my browser negotiates the best possible connection security.
now my questions:
- Can anyone confirm that OAuth JWT authentication on the Salesforce REST API based on an RSA keypair is indeed guaranteed to continue working also on the Edge Network?
- Does the "Your API clients rely on RSA key exchanges" deferral reason have to do with the Edge Network offering less/other connection security methods?
- Is there a list of what connection security methods exactly the Edge Network offers?
- Or alternatively, how to inspect all possible connection security methods on the Salesforce REST API resources?
kr,
Sidney
@Salesforce Edge Network Auto Enablement #Security #Integration #Edge Network #JWT Bearer Token Exhcange #Saleforce Administrator
2 answers
Thank you a lot @Steven Lawrance. With you mentioning the TLS cipher suite, I understood what is meant by that opt-out, and more precisely what is meant with key exchanges.
And so I realised I could check the situation of our API client as follows:
- I took the TLS Cipher Suite from the Login History of this API client's user ( this is on an org not yet on the Edge Network)
- I looked up the OpenSSL format
- I ascertained that the API client uses a cipher where the key exchange part is ECDHE
OpenSSL format: ECDHE-RSA-AES256-GCM-SHA384
corresponding general format: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- I took the TLS Cipher Suite from the Login History of this API client's user ( this is on an org not yet on the Edge Network)
I have enabled Salesforce Edge Network in Sandbox org. Wanted to check its possible impact so, what can be the parameters on which testing can be done?
3 answers
To test the possible impact of enabling Salesforce Edge Network in your sandbox org, you can use the following parameters:
- Network latency: You can measure the time it takes for a request to reach the Salesforce server and for a response to return to the client. You can use tools like Ping or Traceroute to measure the network latency before and after enabling Salesforce Edge Network. You should see a reduction in network latency when using Salesforce Edge Network, as your requests are routed to the nearest edge location.
- Page load time: You can measure the time it takes for a web page to load completely in your browser. You can use tools like Lighthouse or WebPageTest to measure the page load time before and after enabling Salesforce Edge Network. You should see an improvement in page load time when using Salesforce Edge Network, as your static resources are cached at the edge location and delivered faster.
- User experience: You can measure user satisfaction and engagement with your Salesforce application. You can use tools like Google Analytics or Pendo to measure the user experience before and after enabling Salesforce Edge Network. You should see an increase in user experience when using Salesforce Edge Network, as your users enjoy a smoother and more consistent network performance.
I hope this helps you.
After Salesforce Edge Network activation in Production we detected some errors creating Attachments and Files from Site Guest User. Do you know if I have to give any permission or if I am missing any configuration?
3 answers
@Melissa Davis sandboxes are enabled at least a couple of weeks before the production org. Admins receive an email when a sandbox is enabled and another when production is enabled.
In other words, we will enable first in sandbox and test it. If all is good, we'll enable for production.
2 answers
Thanks for asking. Enabling the Salesforce Edge Network within the My Domain setup page in a sandbox org first is a good approach, and it can be turned off within the My Domain setup page if done within 7 days of enabling the Salesforce Edge Network. This approach conveniently does not require a Salesforce Support case. The same 7-day grace period exists in production, too.
After 7 days of enabling the Salesforce Edge Network, the Salesforce Edge Network can't be turned off from within the My Domain Setup page. Salesforce Support, however, can help with that, if necessary.
I would like to test Edge first in a sandbox, instead of directly enabling it in production, but all the documentation I have read about Salesforce Edge does not mention this possibility. There is of course the My Domain part of Set up in the sandbox, but it is not clear to me if the checkbox applies to all of my Salesforce orgs (production + sandboxes) or just the sandbox in which I have logged in.
2 answers
Manoj Nambirajan (Dell Technologies) 
Forum Ambassador
@Sander de Jong you need to ensure Mydomain is enabled first which is a pre-requisite. Post which you can look at below option
enter My Domain, and then select My Domain. In the Routing section of the My Domain Settings page, do the following:
- Click Edit and check Use Salesforce Edge Network to enable Salesforce Edge Network. Alternatively, check Enable Salesforce Edge Network during the scheduled feature rollout to have Salesforce enable Salesforce Edge Network for you on Salesforce's schedule.
- Save your changes.