Which two options should an Architect recommend to ensure that neither the Salesforce nor the Heroku app is accessible from the public internet?

Universal Containers is developing a Salesforce appthat invokes a Heroku app’s web service, which asynchronously generates customer invoices. The Heroku app is deployed to a Private Space. When an invoice is ready, the Heroku app sends a POST request to the Salesforce REST API .

Which two options should an Architect recommend to ensure that neither the Salesforce nor the Heroku app is accessible from the public internet? Choose 2 answers.
A . Restrict the Private Space’s trusted IP range to Salesforce IP addresses
B . Restrict the Private Space’s trusted IP range to Universal Containers’ VPN
C . Restrict the Salesforce connected app’s login IP ranges to Universal Containers’ VPN
D . Restrict the Salesforce connected app’s login IP ranges to the stable outbound IP addresses of the Private Space

Answer: A,D

Explanation:

This is no VPN connection and a trusted IP range is used to limit the trusted outside application’s IP address And there is document related to this use case: https://devcenterheroku.com/articles/establish-trust-private-space-and-salesforce#salesforce-heroku-apps

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments