Salesforce Hyperforce public cloud infrastructure and architecture (2025)
Explains Salesforce Hyperforce cloud-native architecture, multi-AZ design, zero-trust security, and data residency for developers.
npx claudepluginhub josiahsiegel/claude-plugin-marketplaceThis skill inherits all available tools. When active, it can use any tool Claude has access to.
MANDATORY: Always Use Backslashes on Windows for File Paths
When using Edit or Write tools on Windows, you MUST use backslashes (\) in file paths, NOT forward slashes (/).
Examples:
D:/repos/project/file.tsxD:\repos\project\file.tsxThis applies to:
NEVER create new documentation files unless explicitly requested by the user.
Hyperforce is Salesforce's next-generation infrastructure architecture built on public cloud platforms (AWS, Azure, Google Cloud). It represents a complete re-architecture of Salesforce from data center-based infrastructure to cloud-native, containerized microservices.
Key Innovation: Infrastructure as code that can be deployed anywhere, giving customers choice, control, and data residency compliance.
Traditional: Patch and update existing servers Hyperforce: Destroy and recreate servers with each deployment
Old Architecture:
Server → Patch → Patch → Patch → Configuration Drift
Hyperforce:
Container Image v1 → Deploy
New Code → Build Container Image v2 → Replace v1 with v2
Result: Every deployment is identical, reproducible
Benefits:
Architecture:
Region: US-East (Virginia)
├─ Availability Zone A (Data Center 1)
│ ├─ App Servers (Kubernetes pods)
│ ├─ Database Primary
│ └─ Load Balancer
├─ Availability Zone B (Data Center 2)
│ ├─ App Servers (Kubernetes pods)
│ ├─ Database Replica
│ └─ Load Balancer
└─ Availability Zone C (Data Center 3)
├─ App Servers (Kubernetes pods)
├─ Database Replica
└─ Load Balancer
Traffic Distribution: Round-robin across all AZs
Failure Handling: If AZ fails, traffic routes to remaining AZs
RTO (Recovery Time Objective): <5 minutes
RPO (Recovery Point Objective): <30 seconds
Impact on Developers:
Traditional: Perimeter security (firewall protects everything inside) Hyperforce: No implicit trust - verify everything, always
Zero Trust Model:
├─ Identity Verification (MFA required for all users by 2025)
├─ Device Trust (managed devices only)
├─ Network Segmentation (micro-segmentation between services)
├─ Least Privilege Access (minimal permissions by default)
├─ Continuous Monitoring (real-time threat detection)
└─ Encryption Everywhere (TLS 1.3, data at rest encryption)
Code Impact:
// OLD: Assume internal traffic is safe
public without sharing class InternalService {
// No auth checks - trusted network
}
// HYPERFORCE: Always verify, never trust
public with sharing class InternalService {
// Always enforce sharing rules
// Always validate session
// Always check field-level security
public List<Account> getAccounts() {
// WITH SECURITY_ENFORCED prevents data leaks
return [SELECT Id, Name FROM Account WITH SECURITY_ENFORCED];
}
}
2025 Requirements:
Everything defined as code, version-controlled:
# Hyperforce deployment manifest (conceptual)
apiVersion: hyperforce.salesforce.com/v1
kind: SalesforceOrg
metadata:
name: production-org
region: aws-us-east-1
spec:
edition: enterprise
features:
- agentforce
- dataCloud
- einstein
compute:
pods: 50
autoScaling:
min: 10
max: 100
targetCPU: 70%
storage:
size: 500GB
replication: 3
backup:
frequency: hourly
retention: 30days
networking:
privateLink: enabled
ipWhitelist:
- 203.0.113.0/24
Benefits for Developers:
Hyperforce rebuilt from scratch:
┌────────────────────────────────────────────────────────┐
│ AWS Region (us-east-1) │
├────────────────────────────────────────────────────────┤
│ VPC (Virtual Private Cloud) │
│ ├─ Public Subnets (3 AZs) │
│ │ └─ Application Load Balancer (ALB) │
│ ├─ Private Subnets (3 AZs) │
│ │ ├─ EKS Cluster (Kubernetes) │
│ │ │ ├─ Salesforce App Pods (autoscaling) │
│ │ │ ├─ Metadata Service Pods │
│ │ │ ├─ API Gateway Pods │
│ │ │ └─ Background Job Pods (Batch, Scheduled) │
│ │ ├─ RDS Aurora PostgreSQL (multi-AZ) │
│ │ ├─ ElastiCache Redis (session storage) │
│ │ └─ S3 Buckets (attachments, documents) │
│ └─ Database Subnets (3 AZs) │
│ └─ Aurora Database Cluster │
├────────────────────────────────────────────────────────┤
│ Additional Services │
│ ├─ CloudWatch (monitoring, logs) │
│ ├─ CloudTrail (audit logs) │
│ ├─ AWS Shield (DDoS protection) │
│ ├─ AWS WAF (web application firewall) │
│ ├─ KMS (encryption key management) │
│ └─ PrivateLink (secure connectivity) │
└────────────────────────────────────────────────────────┘
AWS Services Used:
Azure Region (East US)
├─ Virtual Network (VNet)
│ ├─ AKS (Azure Kubernetes Service)
│ │ └─ Salesforce workloads
│ ├─ Azure Database for PostgreSQL (Hyperscale)
│ ├─ Azure Cache for Redis
│ └─ Azure Blob Storage
├─ Azure Front Door (CDN + Load Balancer)
├─ Azure Monitor (logging, metrics)
├─ Azure Active Directory (identity)
└─ Azure Key Vault (secrets, encryption)
GCP Region (us-central1)
├─ VPC Network
│ ├─ GKE (Google Kubernetes Engine)
│ ├─ Cloud SQL (PostgreSQL)
│ ├─ Memorystore (Redis)
│ └─ Cloud Storage (GCS)
├─ Cloud Load Balancing
├─ Cloud Armor (DDoS protection)
├─ Cloud Monitoring (Stackdriver)
└─ Cloud KMS (encryption)
Available Hyperforce Regions:
Americas:
├─ US East (Virginia) - AWS, Azure
├─ US West (Oregon) - AWS
├─ US Central (Iowa) - GCP
├─ Canada (Toronto) - AWS
└─ Brazil (São Paulo) - AWS
Europe:
├─ UK (London) - AWS
├─ Germany (Frankfurt) - AWS, Azure
├─ France (Paris) - AWS
├─ Ireland (Dublin) - AWS
└─ Switzerland (Zurich) - AWS
Asia Pacific:
├─ Japan (Tokyo) - AWS
├─ Australia (Sydney) - AWS
├─ Singapore - AWS
├─ India (Mumbai) - AWS
└─ South Korea (Seoul) - AWS
Middle East:
└─ UAE (Dubai) - AWS
What stays in region:
What may leave region:
Code Implication:
// Data residency automatically enforced
// No code changes needed - Hyperforce handles it
// Example: File stored in org's region
ContentVersion cv = new ContentVersion(
Title = 'Customer Contract',
PathOnClient = 'contract.pdf',
VersionData = Blob.valueOf('contract data')
);
insert cv;
// File automatically stored in:
// - AWS S3 in org's region
// - Encrypted at rest (AES-256)
// - Replicated across 3 AZs in region
// - Never leaves region boundary
Hyperforce maintains:
Old Architecture (data center-based):
User (Germany) → Transatlantic cable → US Data Center → Response
Latency: 150-200ms
Hyperforce:
User (Germany) → Frankfurt Hyperforce Region → Response
Latency: 10-30ms
Result: 5-10x faster for regional users
Traditional: Fixed capacity, must provision for peak load Hyperforce: Dynamic scaling based on demand
Business Hours (9 AM - 5 PM):
├─ High user load
├─ Kubernetes scales up pods: 50 → 150
└─ Response times maintained
Off Hours (6 PM - 8 AM):
├─ Low user load
├─ Kubernetes scales down pods: 150 → 30
└─ Cost savings (pay for what you use)
Black Friday (peak event):
├─ Extreme load
├─ Kubernetes scales to maximum: 30 → 500 pods in minutes
└─ No downtime, no performance degradation
Governor Limits - No Change:
// Hyperforce does NOT change governor limits
// Limits remain the same as classic Salesforce:
// - 100 SOQL queries per transaction
// - 150 DML statements
// - 6 MB heap size (sync), 12 MB (async)
// But: Infrastructure scales to handle more concurrent users
Salesforce handles migration (no customer action required):
Phase 1: Assessment (Salesforce internal)
├─ Analyze org size, customizations
├─ Identify any incompatible features
└─ Plan migration window
Phase 2: Pre-Migration (Customer notified)
├─ Salesforce sends notification (90 days notice)
├─ Customer tests in sandbox (migrated first)
└─ Customer validates functionality
Phase 3: Migration (Weekend maintenance window)
├─ Backup all data
├─ Replicate data to Hyperforce
├─ Cutover DNS (redirect traffic)
└─ Validate migration success
Phase 4: Post-Migration
├─ Monitor performance
├─ Support customer issues
└─ Decommission old infrastructure
Downtime: Typically <2 hours
No Code Changes Required:
// Your Apex code works identically on Hyperforce
public class MyController {
public List<Account> getAccounts() {
return [SELECT Id, Name FROM Account LIMIT 10];
}
}
// No changes needed
// Same APIs, same limits, same behavior
Potential Performance Improvements:
Backward Compatibility: 100% compatible with existing code
Use Sandbox Migration:
1. Salesforce migrates your sandbox first
2. Test all critical functionality:
├─ Custom Apex classes
├─ Triggers and workflows
├─ Integrations (API callouts)
├─ Lightning components
└─ Reports and dashboards
3. Validate performance:
├─ Run load tests
├─ Check API response times
└─ Verify batch jobs complete
4. Report any issues to Salesforce
5. Production migration scheduled after sandbox validated
Hyperforce exposes infrastructure APIs:
// Query org's Hyperforce region (API 62.0+)
Organization org = [SELECT Id, InstanceName, InfrastructureRegion__c FROM Organization LIMIT 1];
System.debug('Region: ' + org.InfrastructureRegion__c); // 'aws-us-east-1'
// Check if org is on Hyperforce
System.debug('Is Hyperforce: ' + org.IsHyperforce__c); // true
AWS PrivateLink / Azure Private Link:
Traditional: Salesforce API → Public Internet → Your API
Security: TLS encryption, but still public internet
Hyperforce PrivateLink: Salesforce API → Private Network → Your API
Security: Never touches public internet, lower latency
Setup:
1. Create VPC Endpoint (AWS) or Private Endpoint (Azure)
2. Salesforce provides service endpoint name
3. Configure Named Credential in Salesforce with private endpoint
4. API calls route over private network
Configuration:
// Named Credential uses PrivateLink endpoint
// Setup → Named Credentials → External API (PrivateLink)
// URL: https://api.internal.example.com (private endpoint)
// Apex callout
HttpRequest req = new HttpRequest();
req.setEndpoint('callout:ExternalAPIPrivateLink/data');
req.setMethod('GET');
Http http = new Http();
HttpResponse res = http.send(req);
// Callout never leaves private network
// Lower latency, higher security
CloudWatch / Azure Monitor Integration:
Salesforce publishes metrics to your cloud account:
├─ API request volume
├─ API response times
├─ Error rates
├─ Governor limit usage
└─ Batch job completion times
Benefits:
- Unified monitoring (Salesforce + your apps)
- Custom alerting (CloudWatch Alarms)
- Cost attribution (AWS Cost Explorer)
Expected Enhancements:
Hyperforce represents Salesforce's commitment to modern, cloud-native infrastructure that scales globally while meeting the most stringent compliance and performance requirements.
Activates when the user asks about AI prompts, needs prompt templates, wants to search for prompts, or mentions prompts.chat. Use for discovering, retrieving, and improving prompts.
Search, retrieve, and install Agent Skills from the prompts.chat registry using MCP tools. Use when the user asks to find skills, browse skill catalogs, install a skill for Claude, or extend Claude's capabilities with reusable AI agent components.
Creating algorithmic art using p5.js with seeded randomness and interactive parameter exploration. Use this when users request creating art using code, generative art, algorithmic art, flow fields, or particle systems. Create original algorithmic art rather than copying existing artists' work to avoid copyright violations.