thanks for joining us today on expert corner where we get a chance to sit down and talk to salesforce product managers and experts and learn more about their products so today i'm joined by iman bracadarian and he is the product manager for private connect private connect is a tool that lets you build declarative connections between salesforce and aws super excited to get a little bit deeper into private connect learn about the state of the internet today see a demo and hear about the roadmap for private connect because we will be talking about roadmap please remember to make all purchasing decisions based on currently available technologies let's dive in hi iman i'm so excited for you to join us here today thank you so much thanks so much for having me i'm really excited to chat more about this i think this is going to be a really fun conversation and you know there's some of these topics that we've been talking about that i'm really excited to bring to admins because they are so important for the work that admins are doing and i know you've been really thinking big picture about the implication of some of the work you're doing um in the state of the internet state of security today and then how that relates to us so let's talk a little bit about that let's talk in this kind of big picture thinking and i know admins are encountering a lot out in the world today at companies as consumers with the state of internet and security and i know you have a lot of thoughts and insight on that you want to start kick us off by sharing with us on that yeah yeah definitely uh the state of the internet today especially in terms of security is you know high impact across the board i mean you see on the news today security breach at this company or that company uh all the time and it's becoming a bigger and bigger issue for these companies that have their services exposed on the public internet and that's really the reason why right you're you're having your service you're having it exposed on the public internet some bad actors can see into that and they can try to hit your service as much as they can sometimes they get lucky you know it's just a matter of time and so the issue with that is it's extremely costly for a lot of these companies that get you know compromised they have damage control repairs lawsuits and fines and it's just becoming more prevalent so a lot of like like actually here's a funny stat uh the ddos attacks which is like a bunch of services just overloading a service that you have online like an attacker they can shut down your service because you just have so many malicious uh requests coming in and in there's been like a 150 percent increase compared to last year in those attacks alone and in terms of normal data breaches that's up 33 compared to last year so you're noticing these trends are becoming more and more prevalent and so what businesses are doing now is they're looking for alternative ways to expose their services not to the public internet so one route is they're trying to go down the private internet path and that's awesome that companies are doing that but the issue there is that it's extremely expensive to set up it's not a simple task you got to get a lot of times companies hire partners to implement this and then the partners have to maintain this it's just you got to get network engineers on there's just a lot of things you have to deal with so it's unfortunate that it's a complicated process um but that's why i'm excited about what we talk a lot about today which is private connect which is a partnership salesforce and amazon have been working on for some time to to bring private connectivity between salesforce and public clouds or cloud providers through the private internet uh to the point and click tell me a little bit so that's not a term that we talk about a time is private internet and i think it'd be really helpful for admins to have some um kind of foundation here if that's not something they've encountered before tell me a little bit about what that means when you say private internet yeah so a lot of if you're a user and you go to your chrome browser or whatever browser you don't want to show any biases here but if you go to some of these endpoints you just a web page really just shows up and a lot of that ease of access that we experience as consumers that's really a great benefit because everything is able to be set up and you can connect to these services and get data back and forth but like i mentioned earlier that's the public internet site all these endpoints anyone can look at anyone can access um and so that's why you're kind of setting yourself up for malicious actors to take advantage of that so when we talk about private internet it's really hiding your services behind a protected network so that only the services you authorize or you want to access it can't access it so it's kind of like behind a firewall per se so you can't just go on chrome or internet explorer safari and just type in that endpoint and get data you'll you'll just get bounced back on it but the issue is there's a lot of complexity that comes with that it's not just a quick transition over you know there's a lot more that's involved but that's more about like what the private internet means right awesome thank you for that clarification um so you talked about how there's that complexity that's in play to engage with it to to build solutions on the private internet and often there's been really high you know barriers to entry to to build solutions that use the private uh private internet right like you said engaging um extensive partners maybe more advanced solutions like that and they're more complex i know you're really excited about some of the tools you've been working on to make this more accessible and more available for companies where this is a use case that they need to pursue or a solution they need to pursue can you tell me a little bit about that yeah definitely uh if you're already a salesforce customer you know how awesome it is to get the salesforce security out of the box right you don't have to build all that stuff ground up and when you're outside of these big company ecosystems you gotta it's up to you to deal with that stuff so already customers know about salesforce security practices and all that you get for free now with private connect we've partnered with amazon it's been an awesome initiative that we've spent a lot of time getting out the door but now you get that same salesforce security package up on the private internet side too and just like how you've interacted with a lot of setup pages if you're an admin and salesforce we've exposed a new simple just point and click setup page to get your private connection set up no network engineers no not not all this complexity we were spending all this time on the call talking about that an admin could just set it up we love a declarative ui here yeah we love you point-and-click point-and-click places to build solutions because you know we do have a ton of security-minded admins um often for our customer companies admins are one of the the people in it or in their organization that helps implement security strategy and helps ensure they're staying compliant with security policy and so i know i'm sure there's a lot of admins listening we're gonna be very excited about this um what are some i know you've been working quite a bit with admins you know security-minded admins out in the space at our customer companies and you've seen some of the use cases where private connect has really made a lot of sense for them can you tell me more i always love hearing about what our product teams learn from these admin interviews and from customer pilots and things like that so can you tell me a little bit about the use cases that you've seen come up most often for private connect definitely and in fact instead of just telling you i'd love to show you i actually have a that's awesome a couple slides that just showcase at a high level how private connect plugs into hopefully a lot of these use cases admins that watch this so today we have partnered with amazon to provide bi-directional connectivity between a customer services and aws and their world in salesforce now we plan on expanding this to other cloud providers as well but for the time being uh the supported cloud provider is amazon so that's for the purposes of this demo that's what we'll be showcasing some of the great features and use cases in the amazon world so like i talked about before it's really these two worlds apart there's the salesforce world there's the amazon world and the real question becomes how do you link them together so a couple use cases that a lot of admins are going to be excited about is a lot of times the amazon customer has shared services like document management systems in amazon right and on the right side you'll see the salesforce order but there is the question is once again between them how do we bridge the two this would be impacted by private connect or you have an amazon s3 bucket to send uh store some files or an amazon dynamodb on the amazon side how do we tie that to salesforce maybe you have your customer data center and you're connecting that to amazon through aws direct connect now the question becomes how do you then connect that customer vpc in amazon with salesforce or you might be using heroku private spaces as an instance one of an example of a private link partner uh and the question is how do we connect that to salesforce so what we've done at a high level is salesforce is going to be managing the connections between the two we're really taking all the complexity previously with setting up a private connection and we're handling that ourselves so what we've done is you'll have a salesforce org on the right here and you'll have your aws service on the left now what we've done is we've deployed our own salesforce managed transit vpc in the middle deployed in the same region as your aws service and basically just think about it like a person in the middle dealing with those connections so you have a private connection uh between our sales force managed transit vpc and salesforce through a vpn like connection and you're going to get layer 3 encryption and all the same best sales for security practices that you know and love and then between our salesforce managed transit vpc and your amazon service you have a handshake using a feature called amazon private link which is a features that's existed for some time that allows amazon services to connect with one another over the private internet so end to end your connections are never going over the public internet and this person in the middle is which is the salesforce managed transit vpc is providing that connection so now how it looks is all the same slides we were showing before there's just this element in the middle that provides that connectivity and this is what previously would have felt or or been you know maybe quite an undertaking right like managing connections like this and it likely for a lot of our customers would mean enlisting the help of like we talked about an si or at least working with a developer partner and what is so exciting and one of the reasons we're today is that this is something that is now the domain of the salesforce admin because you've built this declarative ui for admins to manage these connections and to create you know create this connection to aws it's super exciting and i think for our admins as we see more and more of these tools like this become declarative then their scope widens at what they can manage for our customers and what they can implement and build for our customers and of course our goal is always to decrease tech debt right so we're not taking on you know expanding our code base and taking on kind of additional technical complexities or tech debt so that's always no matter what the skill set is for our customers we're always advocating for using declarative solutions first because you know your long-term planning and management is going to thank you for it absolutely yeah no need for custom solutions anymore uh this is just a single one-stop shop that all uh salesforce enterprise owners can benefit from this is super exciting can we take a sneak peek at the the ui kind of what i know our admins love to you know set up we always try to really make sure we're showing them like they're real real like what are they gonna experience when they're clicking into this part where do they find this in salesforce so what admins will now see in the setup page if you go in the quick find you'll see a new private connect setup page so if you click that open um i'll now talk about the different components to this page and what they mean to you so if you drop down this aws regions section at the top of the page you'll see the currently deployed regions that we support with private connect and aws and currently we've deployed into u.s east 1 and u.s west 2 for uh aws customers now what is the information in this table this is the information pertinent to that sales force managed transit dpc that that person in the middle that's managing those connections and so this information is critical to create that link so as you can see here you can create an inbound connection this is from the perspective of salesforce meaning from amazon it's coming inbound the request into salesforce and then you have outbound connections here which is from salesforce we're sending a request out to amazon so if we want to show you know what does it take to create an inbound connection what does that really mean so with an inbound connection what's going to be involved here is that let's say my amazon service is in us west 2. so if i'm in the role of an aws admin i can confirm by clicking this top right and i can see yes this is for us west 2.
so for us west 2 this is the service name of the salesforce managed transit vpc so if i copy this if i go into amazon i can go to our vpc dashboards page and what i want to do is i want to allow or authorize my service to call into the salesforce managed transit service right so what i'll do is i'll create an endpoint inside my aws console i'll find the salesforce managed transit service and i found it here and then i just start to select which vpc which virtual private cloud service do i want this to be associated with that is sending traffic into salesforce so i can choose that i can choose whatever security groups that i've defined in amazon and a tag i can set a name and a value so i can easily see this in the list view so after i've created that amazon returns me a vpc endpoint id this is now what i can pass back to salesforce so now in my inbound connection i'll select right now we have a sales source to amazon private link inbound admin blog it can be the name here's where you put in your endpoint id that we copied from amazon you specify your region in this case us west 2 and you want to provision the connection now so you can see right here the status is impending acceptance and so what that means is let's go back to the slides here we are creating an inbound connection from amazon into salesforce so we have we're now provisioning that private link to the salesforce managed transit vpc and so it is currently going through a pending acceptance stage when we want to update the status of this inbound connection we can sync to get the most up-to-date status and that connection is now in a ready state to start sending traffic yeah now there's gonna be a little more work on the amazon side to actually route this traffic through the private link which will involve route 53 and your salesforce my domain but at a high level that's really what's involved in the inbound connection so that's awesome i appreciate that demo we love we love seeing demos and we love really seeing what that truly point-and-click experience is of doing something that i know when i was an admin i can't imagine having the tools to build something like this um so this is super exciting for having experience now we've talked a lot about this connection that you've been working on with amazon and how to create connections with amazon um i know you've got a roadmap here and this is a product that you know you're going to continue to be working on can you share any kind of sneak peek into the road map with our admin audience so definitely in our roadmap this release we have some exciting announcements one customers can experience a new ui detail page for the embedded outbound and what i just showed is a single setup page where you manage both but not only do you get these ui detail page but inside of inbound connections we're now going to expose the source ip that this connection is coming from and why that's important to admins is for a long time now salesforce has provided access control security access control to select which ip addresses can call into your salesforce org and so now that we're exposing that in for private connections you can leverage that same control in these existing salesforce ip address range uh features so network access you can choose which orgs can actually what ips can call into your org or login ip ranges so a certain profile can only log into certain ranges so now private connect will be able to be supported in that family of control on top of that we are planning to right now we're only supported in the u.s for private connect with amazon partnership but we're looking forward to globally rolling out to all the different regions as well and so we'll be piggybacking off of the salesforce hyperforce initiative which if people aren't aware of is having these sales force data centers moving into public cloud which is really cool uh on top of that a lot of customers are saying this is an awesome feature when are we going to bring that into salesforce connect salesforce connect is a way to uh virtualize your data from a third-party provider into salesforce so with odata for instance how do they make private connections and also supporting this in sandbox and scratch orgs so these these are a couple things on our roadmap that we're excited just a couple of things that's an awesome roadmap i think uh you know our admins that are going to be getting hands-on with this or starting to think about where this fits in with their three-month six-month months planning um i think that's some pretty exciting roadmap items there for them so that's awesome really great room out there well it's so before we wrap up is there anything else that we didn't talk about today i know there's so much to be excited about with this tool coming for admins um and we're gonna be making sure to share you know links to how to get started and get hands-on in the blog for this video but is there anything else you want to share with admins about you know about this tool or about how they should maybe be thinking about this security feature a lot of customers love to know about compliance they want to know is this compliant you mentioned it's private internet so yes it absolutely is we got sock 2 compliance iso compliance pci we have a hipaa baa document you can go and review high trust is just to name a few there's even more compliance certifications we've gotten for the product so from a security standpoint it's not just us saying that this is uh compliant so that's absolutely a prerequisite for a lot of customers before they decide to move forward with this awesome and that's so important to know and again we'll be making sure to share for the blog for this video like any relevant links and things that iman has been mentioning um so don't worry if you were trying to go through and pause the video and like jot down all the the search that uh was mentioning we'll have all that information linked for you so you can reference it happy to share that there's a lot of video demos we can share with the as well we didn't have as much time to talk about the details but when you're actually ready to get your hands on with this you can take a look at those for further steps awesome well thank you so much this has been really illustrative and super educational um for me and i hope for our audience as well and i know i'm excited to start getting hands-on with private connect and very excited for the roadmap so thank you so much for joining us today iman and we can't wait to have you on again soon definitely thanks so much again i appreciate it and that's all for today's expert corner thank you so much for joining us for today's session and make sure to subscribe to our youtube channel salesforce admins so you never miss an episode like this and you can always find this and other content specifically for you our salesforce admins at admin.salesforce.com see you next time [Music]
2021-04-19