Salesforce Hyperforce public cloud infrastructure and architecture (2025)
/plugin marketplace add JosiahSiegel/claude-plugin-marketplace/plugin install salesforce-master@claude-plugin-marketplaceThis skill inherits all available tools. When active, it can use any tool Claude has access to.
MANDATORY: Always Use Backslashes on Windows for File Paths
When using Edit or Write tools on Windows, you MUST use backslashes (\) in file paths, NOT forward slashes (/).
Examples:
D:/repos/project/file.tsxD:\repos\project\file.tsxThis applies to:
NEVER create new documentation files unless explicitly requested by the user.
Hyperforce is Salesforce's next-generation infrastructure architecture built on public cloud platforms (AWS, Azure, Google Cloud). It represents a complete re-architecture of Salesforce from data center-based infrastructure to cloud-native, containerized microservices.
Key Innovation: Infrastructure as code that can be deployed anywhere, giving customers choice, control, and data residency compliance.
Traditional: Patch and update existing servers Hyperforce: Destroy and recreate servers with each deployment
Old Architecture:
Server ā Patch ā Patch ā Patch ā Configuration Drift
Hyperforce:
Container Image v1 ā Deploy
New Code ā Build Container Image v2 ā Replace v1 with v2
Result: Every deployment is identical, reproducible
Benefits:
Architecture:
Region: US-East (Virginia)
āā Availability Zone A (Data Center 1)
ā āā App Servers (Kubernetes pods)
ā āā Database Primary
ā āā Load Balancer
āā Availability Zone B (Data Center 2)
ā āā App Servers (Kubernetes pods)
ā āā Database Replica
ā āā Load Balancer
āā Availability Zone C (Data Center 3)
āā App Servers (Kubernetes pods)
āā Database Replica
āā Load Balancer
Traffic Distribution: Round-robin across all AZs
Failure Handling: If AZ fails, traffic routes to remaining AZs
RTO (Recovery Time Objective): <5 minutes
RPO (Recovery Point Objective): <30 seconds
Impact on Developers:
Traditional: Perimeter security (firewall protects everything inside) Hyperforce: No implicit trust - verify everything, always
Zero Trust Model:
āā Identity Verification (MFA required for all users by 2025)
āā Device Trust (managed devices only)
āā Network Segmentation (micro-segmentation between services)
āā Least Privilege Access (minimal permissions by default)
āā Continuous Monitoring (real-time threat detection)
āā Encryption Everywhere (TLS 1.3, data at rest encryption)
Code Impact:
// OLD: Assume internal traffic is safe
public without sharing class InternalService {
// No auth checks - trusted network
}
// HYPERFORCE: Always verify, never trust
public with sharing class InternalService {
// Always enforce sharing rules
// Always validate session
// Always check field-level security
public List<Account> getAccounts() {
// WITH SECURITY_ENFORCED prevents data leaks
return [SELECT Id, Name FROM Account WITH SECURITY_ENFORCED];
}
}
2025 Requirements:
Everything defined as code, version-controlled:
# Hyperforce deployment manifest (conceptual)
apiVersion: hyperforce.salesforce.com/v1
kind: SalesforceOrg
metadata:
name: production-org
region: aws-us-east-1
spec:
edition: enterprise
features:
- agentforce
- dataCloud
- einstein
compute:
pods: 50
autoScaling:
min: 10
max: 100
targetCPU: 70%
storage:
size: 500GB
replication: 3
backup:
frequency: hourly
retention: 30days
networking:
privateLink: enabled
ipWhitelist:
- 203.0.113.0/24
Benefits for Developers:
Hyperforce rebuilt from scratch:
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
ā AWS Region (us-east-1) ā
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā¤
ā VPC (Virtual Private Cloud) ā
ā āā Public Subnets (3 AZs) ā
ā ā āā Application Load Balancer (ALB) ā
ā āā Private Subnets (3 AZs) ā
ā ā āā EKS Cluster (Kubernetes) ā
ā ā ā āā Salesforce App Pods (autoscaling) ā
ā ā ā āā Metadata Service Pods ā
ā ā ā āā API Gateway Pods ā
ā ā ā āā Background Job Pods (Batch, Scheduled) ā
ā ā āā RDS Aurora PostgreSQL (multi-AZ) ā
ā ā āā ElastiCache Redis (session storage) ā
ā ā āā S3 Buckets (attachments, documents) ā
ā āā Database Subnets (3 AZs) ā
ā āā Aurora Database Cluster ā
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā¤
ā Additional Services ā
ā āā CloudWatch (monitoring, logs) ā
ā āā CloudTrail (audit logs) ā
ā āā AWS Shield (DDoS protection) ā
ā āā AWS WAF (web application firewall) ā
ā āā KMS (encryption key management) ā
ā āā PrivateLink (secure connectivity) ā
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
AWS Services Used:
Azure Region (East US)
āā Virtual Network (VNet)
ā āā AKS (Azure Kubernetes Service)
ā ā āā Salesforce workloads
ā āā Azure Database for PostgreSQL (Hyperscale)
ā āā Azure Cache for Redis
ā āā Azure Blob Storage
āā Azure Front Door (CDN + Load Balancer)
āā Azure Monitor (logging, metrics)
āā Azure Active Directory (identity)
āā Azure Key Vault (secrets, encryption)
GCP Region (us-central1)
āā VPC Network
ā āā GKE (Google Kubernetes Engine)
ā āā Cloud SQL (PostgreSQL)
ā āā Memorystore (Redis)
ā āā Cloud Storage (GCS)
āā Cloud Load Balancing
āā Cloud Armor (DDoS protection)
āā Cloud Monitoring (Stackdriver)
āā Cloud KMS (encryption)
Available Hyperforce Regions:
Americas:
āā US East (Virginia) - AWS, Azure
āā US West (Oregon) - AWS
āā US Central (Iowa) - GCP
āā Canada (Toronto) - AWS
āā Brazil (SĆ£o Paulo) - AWS
Europe:
āā UK (London) - AWS
āā Germany (Frankfurt) - AWS, Azure
āā France (Paris) - AWS
āā Ireland (Dublin) - AWS
āā Switzerland (Zurich) - AWS
Asia Pacific:
āā Japan (Tokyo) - AWS
āā Australia (Sydney) - AWS
āā Singapore - AWS
āā India (Mumbai) - AWS
āā South Korea (Seoul) - AWS
Middle East:
āā UAE (Dubai) - AWS
What stays in region:
What may leave region:
Code Implication:
// Data residency automatically enforced
// No code changes needed - Hyperforce handles it
// Example: File stored in org's region
ContentVersion cv = new ContentVersion(
Title = 'Customer Contract',
PathOnClient = 'contract.pdf',
VersionData = Blob.valueOf('contract data')
);
insert cv;
// File automatically stored in:
// - AWS S3 in org's region
// - Encrypted at rest (AES-256)
// - Replicated across 3 AZs in region
// - Never leaves region boundary
Hyperforce maintains:
Old Architecture (data center-based):
User (Germany) ā Transatlantic cable ā US Data Center ā Response
Latency: 150-200ms
Hyperforce:
User (Germany) ā Frankfurt Hyperforce Region ā Response
Latency: 10-30ms
Result: 5-10x faster for regional users
Traditional: Fixed capacity, must provision for peak load Hyperforce: Dynamic scaling based on demand
Business Hours (9 AM - 5 PM):
āā High user load
āā Kubernetes scales up pods: 50 ā 150
āā Response times maintained
Off Hours (6 PM - 8 AM):
āā Low user load
āā Kubernetes scales down pods: 150 ā 30
āā Cost savings (pay for what you use)
Black Friday (peak event):
āā Extreme load
āā Kubernetes scales to maximum: 30 ā 500 pods in minutes
āā No downtime, no performance degradation
Governor Limits - No Change:
// Hyperforce does NOT change governor limits
// Limits remain the same as classic Salesforce:
// - 100 SOQL queries per transaction
// - 150 DML statements
// - 6 MB heap size (sync), 12 MB (async)
// But: Infrastructure scales to handle more concurrent users
Salesforce handles migration (no customer action required):
Phase 1: Assessment (Salesforce internal)
āā Analyze org size, customizations
āā Identify any incompatible features
āā Plan migration window
Phase 2: Pre-Migration (Customer notified)
āā Salesforce sends notification (90 days notice)
āā Customer tests in sandbox (migrated first)
āā Customer validates functionality
Phase 3: Migration (Weekend maintenance window)
āā Backup all data
āā Replicate data to Hyperforce
āā Cutover DNS (redirect traffic)
āā Validate migration success
Phase 4: Post-Migration
āā Monitor performance
āā Support customer issues
āā Decommission old infrastructure
Downtime: Typically <2 hours
No Code Changes Required:
// Your Apex code works identically on Hyperforce
public class MyController {
public List<Account> getAccounts() {
return [SELECT Id, Name FROM Account LIMIT 10];
}
}
// No changes needed
// Same APIs, same limits, same behavior
Potential Performance Improvements:
Backward Compatibility: 100% compatible with existing code
Use Sandbox Migration:
1. Salesforce migrates your sandbox first
2. Test all critical functionality:
āā Custom Apex classes
āā Triggers and workflows
āā Integrations (API callouts)
āā Lightning components
āā Reports and dashboards
3. Validate performance:
āā Run load tests
āā Check API response times
āā Verify batch jobs complete
4. Report any issues to Salesforce
5. Production migration scheduled after sandbox validated
Hyperforce exposes infrastructure APIs:
// Query org's Hyperforce region (API 62.0+)
Organization org = [SELECT Id, InstanceName, InfrastructureRegion__c FROM Organization LIMIT 1];
System.debug('Region: ' + org.InfrastructureRegion__c); // 'aws-us-east-1'
// Check if org is on Hyperforce
System.debug('Is Hyperforce: ' + org.IsHyperforce__c); // true
AWS PrivateLink / Azure Private Link:
Traditional: Salesforce API ā Public Internet ā Your API
Security: TLS encryption, but still public internet
Hyperforce PrivateLink: Salesforce API ā Private Network ā Your API
Security: Never touches public internet, lower latency
Setup:
1. Create VPC Endpoint (AWS) or Private Endpoint (Azure)
2. Salesforce provides service endpoint name
3. Configure Named Credential in Salesforce with private endpoint
4. API calls route over private network
Configuration:
// Named Credential uses PrivateLink endpoint
// Setup ā Named Credentials ā External API (PrivateLink)
// URL: https://api.internal.example.com (private endpoint)
// Apex callout
HttpRequest req = new HttpRequest();
req.setEndpoint('callout:ExternalAPIPrivateLink/data');
req.setMethod('GET');
Http http = new Http();
HttpResponse res = http.send(req);
// Callout never leaves private network
// Lower latency, higher security
CloudWatch / Azure Monitor Integration:
Salesforce publishes metrics to your cloud account:
āā API request volume
āā API response times
āā Error rates
āā Governor limit usage
āā Batch job completion times
Benefits:
- Unified monitoring (Salesforce + your apps)
- Custom alerting (CloudWatch Alarms)
- Cost attribution (AWS Cost Explorer)
Expected Enhancements:
Hyperforce represents Salesforce's commitment to modern, cloud-native infrastructure that scales globally while meeting the most stringent compliance and performance requirements.
This skill should be used when the user asks to "create a slash command", "add a command", "write a custom command", "define command arguments", "use command frontmatter", "organize commands", "create command with file references", "interactive command", "use AskUserQuestion in command", or needs guidance on slash command structure, YAML frontmatter fields, dynamic arguments, bash execution in commands, user interaction patterns, or command development best practices for Claude Code.
This skill should be used when the user asks to "create an agent", "add an agent", "write a subagent", "agent frontmatter", "when to use description", "agent examples", "agent tools", "agent colors", "autonomous agent", or needs guidance on agent structure, system prompts, triggering conditions, or agent development best practices for Claude Code plugins.
This skill should be used when the user asks to "create a hook", "add a PreToolUse/PostToolUse/Stop hook", "validate tool use", "implement prompt-based hooks", "use ${CLAUDE_PLUGIN_ROOT}", "set up event-driven automation", "block dangerous commands", or mentions hook events (PreToolUse, PostToolUse, Stop, SubagentStop, SessionStart, SessionEnd, UserPromptSubmit, PreCompact, Notification). Provides comprehensive guidance for creating and implementing Claude Code plugin hooks with focus on advanced prompt-based hooks API.