Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
This guide is written with RHEL or Amazon Linux 2023 in mind. If you are running a different distribution of Linux, steps may vary.
This guide walks through installing GRAX from scratch natively on a Linux operating system. It configures a service to automatically restart GRAX if it fails, and creates a rsyslog helper service to copy logs from stdout to a log retention file. If you do not have infrastructure set up to run GRAX, see our technical requirements and architecture guides for more information first.
Never set up a publicly accessible copy of the GRAX Application without modifying the ADMIN_PASSWORD in the configuration or removing it entirely.
Before you begin the steps below, many of them require root access. Start by logging in as root or elevating your session to a point where you have sudo capabilities.
To download the GRAX Application, download the proper build from GRAX HQ for your architecture. Builds are only available for Linux running on ARM64 and AMD64 architectures. The following example determines which of the builds to download based on the architecture of a supported machine:
GRAX HQ serves this download in a compressed format, meaning you need to expand it to get the contained binaries:
Mark the resultant files executable for later use:
Create a configuration file with a valid key=value list. The GRAX Application loads configuration values from the environment at time of boot; to use this configuration, the values must be loaded into the execution environment prior to calling the GRAX binary. Normally, this is done via the EnvironmentFile argument of a systemd service configuration. As a result of using such a tool to load the file into the environment, the name and location of this file is arbitrary. We specify a .env file located in the app directory as an example below.
The configuration file includes your server's public domain name (WEB_APP_URL). In some cases, this domain name is of the format https://grax.department.customer.com, but can be decided by your networking team. The app's port is also adjustable via ADDR, but keep in mind that a change here may result in necessary changes in your load balancers, security groups, and/or monitoring.
Generate a secure random value for each of the values marked [GENERATE] below. A length of at least 30 characters each is recommended. You can generate such a value with openssl rand -base64 48 | tr "+/" "-_" | tr -d = in most Linux distributions.
SELFSIGNEDCERT is only required in cases where you wish to terminate TLS at a Load Balancer or gateway, but still encrypt the traffic between the Load Balancer and the GRAX Application. This is not required if you are using custom certificates installed on the machine.
If your disk configuration dictates that GRAX cache data in a location other than your OS-default TMPDIR (usually /tmp), you can override that value by adding TMPDIR=/new/path to the above. For more information, see .
Use systemd to ensure GRAX stays running as a background service.
This service configuration assumes standard file locations on Amazon Linux 2023 and runs GRAX as the standard EC2 user. If you are running on a different distribution or as a different user, adjust the paths and user/group accordingly.
By default, systemd writes the stdout and stderr streams from services to the journal, accessible with journalctl. The journal automatically handles log retention to ensure that disk space does not fill up, but GRAX logs may be co-mingled in the journal with other services making them harder to consume. To separate GRAX logs into a dedicated file, you can use rsyslog to copy the logs from the journal to a file. This can often make integrations with third party monitoring tools or log aggregators easier.
First, create the rsyslog configuration to read grax service output from the journal and write it to /var/log/grax.log:
Next, create a logrotate configuration to rotate the log file daily and keep only 7 days of logs:
The services defined above, and the configurations that control them, need to be started/restarted to operate as intended after the updates:
The services should now be online and logs should be written to /var/log/grax.log shortly.
To proceed with connecting GRAX to Salesforce and your storage platform of choice, start with our .
$ CPU=$(uname -m); case "$CPU" in x86_64) CPU="amd64" ;; aarch64) CPU="arm64" ;; esac
$ curl https://hq.grax.com/api/v2/download/graxinc/grax/main/linux/$CPU -L --output grax.zip
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 67 100 67 0 0 740 0 --:--:-- --:--:-- --:--:-- 797
100 47.5M 0 47.5M 0 0 5738k 0 --:--:-- 0:00:08 --:--:-- 7915k$ unzip grax.zip
Archive: grax.zip
inflating: grax
inflating: graxctl$ chmod +x grax graxctl
[no output expected]$ vim .env
ADDR=:8000
SELFSIGNEDCERT=1
DATABASE_URL=postgres://username:[email protected]:5432/database-name
WEB_APP_URL=https://grax.department.customer.com
SECRET_STORE_BASE=[GENERATE]
ADMIN_PASSWORD=[GENERATE]
GRAX_REGISTRATION_KEY=[FROM https://platform.grax.com OR GRAX SUPPORT]$ cat <<EOT >> /lib/systemd/system/grax.service
[Install]
WantedBy=multi-user.target
[Service]
User=ec2-user
Group=ec2-user
EnvironmentFile=/home/ec2-user/.env
ExecStart=/home/ec2-user/grax
Restart=always
RestartSec=30s
StartLimitInterval=0
StartLimitBurst=0
Type=simple
MemoryHigh=80%
MemoryMax=90%
[Unit]
Description=grax daemon
EOT$ cat <<EOT >> /etc/rsyslog.d/grax.conf
$umask 0000
$FileCreateMode 0644
:programname, isequal, "grax" /var/log/grax.log
& stop
EOT$ cat <<EOT >> /etc/logrotate.d/grax
/var/log/grax.log
{
missingok
daily
copytruncate
rotate 7
}
EOT$ systemctl daemon-reload && systemctl restart rsyslog.service && systemctl enable --now grax.serviceHeroku is a PaaS (Platform as a Service) that allows you to deploy applications without worrying about the underlying infrastructure.
The trial installation includes all of the resources needed to enable GRAX backups and the GRAX datalake.
If you are new to GRAX, we recommend starting with the trial as you can always upgrade and migrate resources and data later.
If you are setting up GRAX for production, we recommend deploying GRAX to Heroku .
To quickly and easily deploy a GRAX trial on Heroku click the "Deploy to Heroku" button below:
This will provision the following resources:
A Heroku dyno with the GRAX Application
A Heroku Postgresql Add-on for GRAX Application state
An S3 Storage Add-on for CRM data
A GRAX Add-on to setup the datalake
The GRAX Application installed on Heroku takes advantage of GRAX's automatic update tools, meaning that it automatically updates to the latest version of GRAX every day. This ensures that you always have the latest features and bug fixes without needing to manually update the application. Short of configuration changes or database maintenance, you should not need to interact with the Heroku application directly.
By default, Heroku applications generate a random URL at which the application will be hosted. This can be discovered by clicking the "Open App" button on the Heroku application's dashboard. If you are interested in setting up a custom domain, this can be accomplished via the Heroku application's "settings" page whenever you'd like.
At a high level, the following are the rules for GRAX network access:
GRAX Application talks to Salesforce
GRAX Application talks to hq.grax.com
GRAX Application talks to Database
GRAX Application talks to Storage
End users talk to GRAX Application's APIs
(Optional) Salesforce talks to GRAX Application
hq.grax.com talks to Salesforce
Best practices suggest exposing your GRAX Application to public traffic via an Application Load Balancer of some form with additional filtering for security. However, GRAX doesn't support API gateways that modify payloads, terminate or modify authentication, enforce third-party schemas/protocols, or filter requests based on path, payload, or parameters. GRAX doesn't guarantee alignment with any published API standard, nor promise stability of the API interface for external use at this time.
The following are descriptions of the rules related to traffic that flows outward from the compute resource running your GRAX Application.
To query, update, or insert information in Salesforce, GRAX uses the public Salesforce REST and Composite APIs (and never uses the Salesforce Bulk API). Allow, at a minimum, at least one static IP for your GRAX Application to communicate out to Salesforce.
This may include allowing , as well as allowing the traffic to leave the VPC or other infrastructure network.
For software updates, telemetry, and license monitoring, GRAX communicates with GRAX HQ. Allow the GRAX Application to access hq.grax.com over HTTPS on port 443. A static IP for this communication isn't currently available. For more information on this communication, see .
For metadata storage, search indexing, and storage optimizations, GRAX uses Postgres. Allow the GRAX Application to access your configured Postgres database.
For longterm storage, GRAX uses blob storage platforms. Allow the GRAX Application to access your chosen blob storage bucket/platform.
The following are descriptions of the rules related to traffic that flows towards the compute resource running your GRAX Application.
End users of GRAX access the GRAX Application via a web browser. This traffic originates from their local IPs unless using a VPN or proxy. To allow your users to use GRAX, allow their IPs to hit the public endpoint for your GRAX Application. If all of your users share a network segment (VPN, corporate network, etc.), allowing that network segment access may be sufficient.
Lightning Web Components and Embedded Pages are all driven by Salesforce-to-GRAX traffic. Salesforce publishes their global IP ranges. Allow, at a minimum, the to access the GRAX Application API.
NOTE: this traffic is optional based on feature usage. If your use case for GRAX doesn't necessitate using LWC or iFrames, Salesforce won't make requests to your GRAX Application.
The following are descriptions of the rules related to traffic that flows entirely independently from the compute resource running your GRAX Application, but which may impact its operation.
GRAX HQ's static egress IPs appear in the Integration User's login history after connecting the app to Salesforce due to the nature of the GRAX OAuth process. Please add 3.232.229.75 to your whitelist/allowlist addresses on the Integration User's profile to allow the GRAX Application to connect to your org. In addition, you need to add the static IP addresses for each of your specific environments to ensure there are no IP restrictions.
First download, install, and run Docker Desktop.
Next, sign into the and get a registration key.
Go to "Backends," then "New," then "GRAX for Docker Desktop," then "Create Key." You can then see a "Registration Key" in your list of backends. This key can only be activated once.
Download , unzip them, and configure it with your registration key.
After 30 seconds, GRAX is running alongside a database and storage service. You can go to the "Backend URL" from , e.g:
You can pause GRAX with:
And resume again with docker-compose up -d.
The following deletes all data in the object storage and database and releases the URL you used to access GRAX on your laptop. This can not be undone.
You can destroy all Docker resources with:
Then, sign into the , go to "Backends," and "Delete" your previously activated backend and registration key.
export GRAX_REGISTRATION_KEY=<Paste from GRAX Platform>curl -L -o docker.zip https://s3.amazonaws.com/grax-public-templates/master/docker/docker.zip
unzip docker.zip
cd docker
echo "GRAX_REGISTRATION_KEY=$GRAX_REGISTRATION_KEY" >> .envdocker-compose up -ddocker-compose stopdocker-compose down
docker rm -f $(docker ps -a -q) || true
docker image rm -f docker-grax || true
docker volume rm $(docker volume ls -q) || true
The following is an architecture example for Azure deployments. This is the architecture that the Azure Terraform module follows when deploying GRAX.
While the GRAX Application interface is the main interface to backing up, protecting, and retaining your data, it's all powered by a single-tenant backend service that depends on an array of infrastructure components to perform successfully.
For a recap of GRAX features, business cases, or deployment options, see our product documentation.
The basic architecture of GRAX is:
Compute
Persistent Blob Storage
Persistent Indexed Storage
External Connectivity
Network Security Management
The specific implementations of these simplistic labels can vary in both substance and complexity depending on deployment path chosen, platform of choice, and restrictions/regulations in place on all involved parties.
The guides in this section help explain the options you have in deploying GRAX, as well as enable your team to design, implement, and support the infrastructure yourself if so required.
Operating outside the scope of these limitations causes issues with data integrity, data loss, contractual agreements, and general service availability:
Only one GRAX Application may be running for a given license.
Only one GRAX Application may be talking to the storage bucket and the Database.
Egress to hq.grax.com must be available at all times.
Storage bucket performance must be on par with documented S3 performance metrics.
GRAX offers subdomains under https://secure.grax.io that you can use with no configuration; see the Networking Requirements for full details.
You can also bring any domain that you own/manage. Salesforce - as well as your end users - communicates with the GRAX service with this domain (and VPN if applicable).
To provide the processing power for your GRAX service, we recommend major cloud providers like AWS or Azure. Only a single GRAX Application may be running at any given time. Violation of this constraint may cause data and service failures. The instance may be ephemeral and doesn't contain meaningful state information. The instance may be containerized. For high availability, we recommend multi-Availability-Zone (or non-AWS equivalent) deployments and auto-replacement policies.
GRAX isn't compatible with "bursting" instances such as AWS's t3 or Azure's B series; Resource usage by the GRAX Application is continuous. Automatic hibernation of instances when CPU usage is high directly counteracts the ability of GRAX to operate at times when your org most needs a backup.
Minimum technical specifications:
x86_64 Linux distribution
4 vCPUs
16 GB RAM
500 GB reserved disk cache (see below)
5+ Gbps network connection
GRAX caches data on disk to prevent excessive network traffic and improve performance. This cache is located under /tmp by default on Linux systems. It must be backed by a persistent storage medium and may not use memory filesystems like tmpfs. To isolate the GRAX cache for ease of persistence, replacement, and maintenance, it's recommended to use a separate disk mounted at /tmp.
If disk configurations dictate a path other than /tmp be used, the TMPDIR environment variable can be used to point to a new path for the cache. This setting can be provided via the GRAX .env file.
The disk holding the GRAX cache must be an SSD (no HDDs) and must meet or exceed published performance targets of AWS's gp2 EBS volumes.
It isn't recommended to persist the GRAX cache between instance replacements.
Minimum m7a.xlarge instance type running an Amazon Linux 2 AMI
Minimum of gp2 EBS volume for cache
Minimum Standard D4s v3 (4 vcpus, 16 GiB memory) instance type running RedHat 8
Minimum Premium SSD with Read/Write Host Caching enabled for cache
Minimum n2-standard-4 instance type running RedHat 8
Minimum of SSD Persistent Disk for cache
For longterm metadata and search index storage, GRAX uses a PostgreSQL relational database. This database only needs to be accessed by the instance and should not be publicly accessible. This database isn't ephemeral and data loss or availability issues halt/crash the GRAX Application. Authentication with the database happens via username/password credentials provided in the connection string. For high availability, we recommend multi-Availability-Zone (or non-AWS equivalent) deployments. The PostgreSQL major version must be at least 14.0. We recommend you snapshot/backup the database daily with a retention of more than a month.
Please note that GRAX does not use SSL with Certificate Verification on Postgres databases; no action is needed regarding Root Certificates or Certificate Authorities as this will not impact the application.
GRAX isn't compatible with "bursting" instances such as AWS's t3 or Azure's B series; Resource usage by the GRAX Application is continuous. Automatic hibernation of instances when CPU usage is high directly counteracts the ability of GRAX to operate at times when your org most needs a backup.
Minimum technical specifications:
2 vCPUs
4 GB RAM
75 GB persistent disk storage
PostgreSQL v14+
Extensions:
uuid-ossp (v1.1+)
pg_stat_statements
Permissions:
The PostgreSQL credentials used in the final setup of your GRAX Application must have total/complete permissions to the database and all data within it. GRAX uses many database primitives to optimize performance and provide reliable service, thus access may be higher than a traditional app.
RDS Aurora PostgreSQL v13+ with minimum instance type db.r8g.xlarge
Graviton instances (g) offer up to 40% savings over comparable Intel based instances on AWS
Azure Database for PostgreSQL Flexible Server v14+
Compute Gen 5
Minimum 4 vCPUs, 20 GiB Memory
75 GB to start
uuid-ossp installed/enabled ()
pg_stat_statements installed/enabled
Cloud SQL for PostgreSQL v14+
Minimum db-n1-highmem-4 instance type
75 GB to start
uuid-ossp installed/enabled (Documentation)
pg_stat_statements installed/enabled
For longterm Salesforce data storage, GRAX supports AWS S3 and the Azure and GCP equivalents. GRAX doesn't support S3 Versioning, Object Lock, or Glacier (nor any equivalent features in other providers). This bucket only needs to be accessed by the instance and should not be publicly accessible. The GRAX service, in maintenance of our proprietary data format, creates and deletes objects from the selected bucket over the lifetime of the app. No data-containing objects are updated in place.
The total amount of data stored in your bucket depends on many factors that produce an unpredictable final size. Thus, we can only suggest that up to 5TB of total storage volume be available/planned in these buckets for the average customer.
Permissions:
The bucket credentials used in the final setup of your GRAX Application must have access to delete, get, update, and create all contents of the bucket. If you choose to use any encryption-at-rest mechanism (AWS KMS), you must also grant permission to use the keys in question and perform encryption operations on all objects in the bucket.
In addition to the above, customers also like to use autoscaling, load balancing, and traffic filtering services for security and reliability. For high-availability and quality-of-service, we recommend an ALB positioned in front of the instance for ingress traffic. For handling of TLS encryption/certs with custom domains, see here. We recommend the use of an autoscaling group with a size of 1 for the sake of auto-replacement and recovery. Additionally, most enterprise cloud teams use ingress and egress filtering (for example a GRAX Application firewall and/or VPC gateway) for all resources. You can find more details about the minimum requirements for networking here.
Applications developed outside of our specified technical standards cannot be guaranteed to perform as expected within our platform environment. Non-conformance to these specifications may result in:
Unpredictable application behavior
Performance degradation
technical support challenges
GRAX-Managed minimum requirements are a VM with 4 vCPUs and 16 GB of RAM, as well as a Postgres database server with dedicated capacity. These minimum requirements support small Salesforce orgs with 20 GB of data.
On AWS a base deploy costs $260.65 / mo for the recommended m8g.xlarge EC2 instance and Aurora Postgres Serverless:
$131.05 / mo (m8g.xlarge)
$129.60 / mo (1.5 Aurora Capacity Units)
Note that Aurora Serverless auto scales and is billed based on consumption.
On Azure a base deploy costs $384 / mo for the recommended Standard_D4s_v3 VM and an GP_Standard_D4s_v3 Azure PostgreSQL Flexible Server:
$138.24 / mo (Standard_D4s_v3)
$246.24 / mo (GP_Standard_D4s_v3)
On Heroku a base deploy costs $700 / mo for the recommended Performance L dyno and Premium 0 Heroku Postgres:
$500 / mo (Performance L dyno)
$200 / mo (Premium 0 Heroku Postgres)
Note that you may also want a Heroku Private Space which adds extra base costs.
Larger Salesforce orgs may need to use a larger VM or database to process data without issues. Therefore your final costs may vary. Please work with your cloud provider or contact for help estimating the cost for the system requirements for your org.
GRAX takes full advantage of the public cloud to support Salesforce orgs of any size and volume: automatic high availability, effortless vertical scaling, and consumption-based pricing.
GRAX proactively monitors the health of your data, alerts you to problems affecting backups. GRAX also provides one-click tools to vertically scale your VM or database when needed for GRAX-managed environments.
The only tradeoff is that your cloud costs may vary over time and are hard to predict.
We highly recommend deploying GRAX with the minimum requirements, starting backups, then reviewing your cost and usage after 30 and 60 days. After this time your Salesforce data will be fully protected and your average cloud costs will be fully understood.
If the cost of resources is deemed too high after this time, you can:
work with your cloud provider to buy reservations at a discount
work with your Salesforce admin to reduce data change volumes
work with GRAX Support to discuss deployment and product optimizations
And of course at any time you can discontinue your use of GRAX and stop all cloud resources and costs.
A pre-configured estimate of the high-level AWS resources necessary for GRAX is available .
All prices set by AWS are subject to change by AWS at any time, see their for more information. GRAX isn't responsible for changes to AWS pricing.
A pre-configured estimate of the high-level Azure resources necessary for GRAX is available .
GRAX Self-Managed supports whatever cloud architecture your company requires for security and compliance reasons. The architecture and related costs are ultimately up to you; we can only offer guidance on minimizing costs.
Never route your storage traffic external to the VPC or cloud provider. Traffic leaving the VPC crosses the NAT Gateway and incurs much higher costs; GRAX reads many Terabytes of data as it so this difference adds up. This includes traffic from an AWS EC2 instance to Azure storage, or any other similar mismatch in infrastructure providers.
Low cache size, in both memory and disk, can lead to extremely frequent read operations from storage and thus drive up overall data transfer. In infrastructures where this incurs cost, this can become very expensive. See our for GRAX hardware to ensure you're operating within safe limits.
Costs that can be determined prior to usage, like the hourly cost of an EC2 instance given a 24x7x52 uptime, are considered static. These sections of the estimate aren't expected to change, regardless of GRAX features used or data processed.
Many networking and storage services in the public cloud bill entirely based on usage. When it comes to GRAX's usage of RDS, S3, and NAT Gateway services, there is no exception. The estimate above includes best-attempt estimations of usage when under a typical app load. GRAX provides no guarantees as to the accuracy, in either direction, of these estimates.
There are many factors that can affect total realized costs:
Usage of specific GRAX features
Total Salesforce org Size
Turnover Rate of Salesforce Records (created + changed per hour)
Number of Files in Salesforce (each file gets downloaded and stored)
This guide is written with the assumption that you're comfortable with the concepts from the Native Linux Installation Guide. Examples below assume an environment that matches the examples in the linked guide; if your environment differs, some commands may not work as written.
The GRAX Application requires several secret values specified in the environment (normally sourced from .env). These include a valid Postgres connection string, an administrator password, and a key base for encryption of the DB-based Secrets Store used for SFDC and storage connection secrets (SECRET_STORE_BASE). Rotation of secrets is mostly external to the GRAX Application, with one exception.
To rotate the connection string used to connect to the Postgres database cluster manually, perform the following steps:
Stop the GRAX services
Update the configuration source/file with your editor of choice:
Start the GRAX services
If you have interest in automating this behavior, the automation needs to preserve or recreate the other necessary values for the configuration.
The SECRET_STORE_BASE is used to encrypt the SFDC and Storage secrets in the database. Changing this value between reboots without proper care results in these secrets being irrecoverable and the GRAX Application being unable to start properly; a manual reset of configuration information in the database is the only recovery option. If this issue occurs, please contact for assistance clearing the configuration.
To properly rotate this value, perform the following steps:
Stop the GRAX services
Update the SECRET_STORE_BASE to the new value with your editor of choice
Update the SECRET_STORE_BASE_PREV to the previous value with your editor of choice
Start the GRAX services
At this point, the GRAX Application reads the configuration secrets with the old key and writes them with the new key on first boot. It is not necessary to remove the SECRET_STORE_BASE_PREV value from the configuration file. If you desire the removal of the old value, you can do so after the GRAX Application has been started successfully for two minutes; stop the services, update the .env, and start the services again.
The GRAX Application must be reachable by end users and Salesforce to provide backup, archive, and restore capabilities. To achieve access without a dependency on resources that may change or be replaced during the lifetime of the app, a registered domain name is utilized. We'll refer to this as the "Application URL"/"URL" below. As GRAX can be installed in many ways, the manner by which this URL is managed varies by environment.
For older GRAX environments that run on Heroku, URLs are decided and managed by Heroku. These URLs include herokuapp in the path. Secure custom URLs may be used on a case-by-case basis via the Heroku management interface. Please contact for assistance if interested.
Disk and Memory Cache Sizes (/tmp + memory sizes)
Cross-Provider Storage Connections (AWS to Azure, etc. traffic bills extra)
Public vs. Private Traffic Routing (exiting VPC may incur NAT costs)
For hosted GRAX applications, GRAX creates URLs via a standard template and handles registering, renewing, and/or destroying it if no longer needed. URLs are registered as subdomains under a GRAX-owned second-level domain. Your URL is provided by a GRAX team member once provisioning is complete and the app is ready for use.
Application URLs for apps both running in AWS and based on GRAX templates must be registered within Route53 and related to a hosted zone. Registering a domain manually in AWS automatically creates a related hosted zone. Registering a new domain within AWS is the recommended path for simplicity, but means that any potential corporate domain registrations won't be used. Check with your network management/IT teams prior to making this decision. If you are interested in utilizing an already-registered URL and a GRAX template, you need to delegate DNS for the new subdomain into Route53 from your registrar.
Self-managed applications built without utilizing a GRAX template may achieve usage of URLs in any reasonable fashion. Equivalent capabilities to Route53 exist in nearly every public cloud. Domains may be registered and handled with your registrar of choice and delegated as required.
The GRAX backend supports TLS encryption by default using a self-signed certificate. This ensures all traffic is encrypted no matter the source (for example from a load balancer or public internet). Optionally, users may want to provide their own certificates for a custom domain. In that case, GRAX supports the following two environment variables:
These environment variables tell GRAX where the custom certificate and key are located. Standard GRAX installs include a /home/grax/.env file where these variables can be added. For example:
Installing TLS certificate files and supplying a key password (if any) is supported on self-managed GRAX, but is a customization you are responsible for in your infrastructure provisioning or OS service management configuration.
The password can be provided to your GRAX Application via a command during setup. It's then encrypted and stored in the GRAX database as other secrets.
If the certificate isn't encrypted (no passphrase), use -pass ''.
After submitting the above command, you can restart GRAX to make it start using the provided password to decrypt the key file.
GRAX looks first for TLS configuration in the secrets store. Then, if not found, on the environment file, under the TLS_CERT_FILE and TLS_KEY_FILE vars
TLS encrypted certificates (using a passphrase) can only be set using the secrets store.
If you require assistance or have any remaining questions after reviewing the above, contact ) with any available details.
The following is an architecture example for AWS deployments. This is the architecture that the AWS Marketplace offering provisions upon deployment.
Whether you design and deploy the infrastructure for GRAX yourself or use GRAX-provided designs/templates, installing GRAX often means running cloud infrastructure within your own environment. This infrastructure isn't accessible or manageable by the GRAX team for the sake of safety, security, and compliance. Automated monitoring policies can help ensure that issues with this infrastructure are noticed quickly and downtime of your app remains low.
TLS_CERT_FILE
TLS_KEY_FILE# .env file containing full paths to the files
TLS_CERT_FILE=/home/grax/certs/grax-example.com.cer
TLS_KEY_FILE=/home/grax/certs/grax-example.com.keyopenssl req -x509 -sha256 -nodes -newkey rsa:4096 -keyout /home/grax/certs/grax-example.com.key -out /home/grax/certs/grax-example.com.cer# Update 'graxctl'
./graxctl update
# The 'graxctl' command is located in the GRAX installation directory, usually under /home/grax
# NOTE: Make sure to change 'passphrase1' to the actual passphrase.
./graxctl secrets -tls -cert 'cert1.pem' -key 'key1.pem' -pass 'passphrase1'graxctl secrets -tls -cert 'cert1.pem' -key 'key1.pem' -pass ''systemctl restart grax.service$ systemctl disable grax.service; systemctl stop grax.service;$ vim .env
[change intended key\'s value to new value and save file]$ systemctl enable grax.service; systemctl start grax.service;$ systemctl disable grax.service; systemctl stop grax.service;$ systemctl enable grax.service; systemctl start grax.service;
The exact observability/monitoring tools and configurations vary based on cloud provider or environment utilized for installing GRAX, but at a high-level we want to monitor major components:
Load Balancer (if applicable)
Instance Usage
GRAX Service
Postgres Database
Overall Health and Replacement
Cost-based alerts for budgeting thresholds and forecasts can be configured separately from the GRAX infrastructure if required. See the documentation for your cloud provider of choice for more information. Automatic restriction of resources based on cost thresholds or budgets may cause interruption to your GRAX service.
Global services (like AWS' S3 or IAM) can be monitored at a per-service level but don't require further custom monitoring individual to your account.
If your infrastructure deployment contains a load balancer for stable connectivity, it must be reachable on a given domain name with a valid certificate and have healthy targets behind it. Thus, monitoring criteria is:
Application domain is registered
Application domain is non-expired
Domain certificate is non-expired
Domain certificate is assigned to ALB
Certificate is installed on instance (if applicable)
Certificate installed on instance is non-expired (if applicable)
Load Balancer is reachable from intended network segment
Targets are healthy (see below for health checks)
The GRAX Application workload can be varied and inconsistent based on Salesforce usage. As such, occasional heavy-load periods and periods with almost no usage are normal. We recommend the following monitoring criteria:
CPU usage should remain below 80% on average (4-8hr roll up)
RAM usage should remain below 80% on average (4-8hr roll up)
Temp directory total size should be at least 500GB
Temp directory free space should be at least 15% of total size
Network usage should remain below 80% on average (4-8hr roll up)
For more information about the required specifications of GRAX hardware, please review the technical requirements document. If utilizing AWS, more documentation on instance and auto-scaling metrics is available here.
Ensuring that the GRAX Application remains running on the instance is foundational to success. it's highly recommended to run GRAX as a service with an auto-restart configuration so that the app boots again in case of a fatal error.
The GRAX service offers an endpoint for an external health check like those by AWS ALB Target Groups. Make a request like the following to check if the app is available:
If the GRAX services is running, the GET request above returns a status of 200. This endpoint is designed for load balancer registration and de-registration, not for instance replacement.
A valid connection to the app database is required for boot and operation of GRAX. Monitoring the GRAX database isn't unlike monitoring any other app database. Monitoring should cover the following:
CPU usage should remain below 80% on average (4-8hr roll up)
RAM usage should remain below 80% on average (4-8hr roll up)
Total disk usage should remain below 80% (if applicable)
More options for monitoring Postgres are available based on platform/vendor including queue depth, IOPs statistics, and network throughput. For more information on how you can monitor these metrics on AWS's RDS, check out:
For similar information pertaining to Azure Postgres, check out:
The monitoring of the major components above, in combination with other standard cloud provider or environment monitors may indicate a problem that requires action to recover from.
Traditional cloud operations best practices apply, and most problems require that an operator review metrics, logs and configuration to understand and resolve the issue.
Some perceived issues require no action but waiting. Examples of this include:
The instance restarted and is performing automatic security updates and service configuration
The GRAX service restarted and is performing an automatic database migration
The Salesforce API is returning 500s indicating a service outage
Other issues require manual review and action. Examples of this include:
The instance CPU, memory or network are at 100%+ utilization, which indicates it should be reconfigured with a larger instance
The instance disk periodically fills up and GRAX crashes, which indicates it should be reconfigured with a disk location and size that meets minimum requirements
GRAX is crashing connecting to the database, which indicates database configuration needs to be updated
Some issues can be fully automated. Examples of this include:
An AWS instance status check indicates a hardware failure, which an AWS autoscaling group can periodically check and automatically replace.
In all cases GRAX is designed to be simple and resilient to problems. After any amount of downtime when it resumes normal operations it will pick up where it left off.
Port: 8000 (default)
Path: /health
Method: GET
Protocol: HTTPS (HTTP1 Only)The GRAX Application is built for longterm, near-infinite retention of your Salesforce object data. To facilitate fast, reliable, and scalable storage of this data, GRAX uses AWS S3 and recommends comparable options across Azure and GCP. To understand more about how GRAX uses this storage, storage growth expectations, why we don't recommend cross-cloud usage, and supported lifecycle processes, see the sections below.
AWS S3
Azure Blob Storage
GCP Cloud Storage
On AWS, GRAX only supports the standard storage class. GRAX won't work with Intelligent Tiers, Glacier, or Outposts.
On Azure, GRAX only supports the standard (GPv2) storage account tier and the access tier must be "Hot." Both Azure Blob Storage and Azure Data Lake (gen2) Storage are supported. Premium storage accounts or containers won't work with GRAX.
On GCP, GRAX only supports standard storage. Nearline, Coldline, or Archive storage plans/containers won't work with GRAX.
Direct access, modification, or removal of data from the GRAX bucket isn't supported. Attempts to rename, remove, or modify blobs within the storage bucket cause data loss and GRAX availability issues. GRAX isn't responsible for partial or complete loss of your backup dataset if this restriction is violated.
In conjunction with the above, we also don't support the following:
Lifecycle rules triggering blob deletion
Lifecycle rules moving blobs to alternative storage tiers/classes
Restoration via blob versioning
For targeted record deletion (like GDPR compliance), see our .
At a minimum, GRAX requires the s3:ListBucket, s3:GetObject, s3:PutObject, and s3:DeleteObject permissions on the bucket. If you're using KMS encryption, GRAX also requires the kms:DescribeKey, kms:Decrypt, kms:Encrypt, kms:GenerateDataKey, and kms:ReEncrypt* permissions on the KMS key resource.
GRAX only supports Storage Account Access Keys for Azure Blob Storage. As such, granular permissions aren't currently available.
At a minimum, GRAX requires the storage.objects.create, storage.objects.delete, storage.objects.get, storage.objects.list, and storage.objects.update permissions on the bucket. The best practice is to use the Storage Object User role, as it grants all necessary permissions (plus a small number of extras) without the ability to modify access controls.
GRAX's primary storage layer consists of compressed blobs in a proprietary format. Based on leading big-data storage practices, our storage layer provides write-optimized and scalable performance useful for data backup.
To facilitate this write-optimized performance, GRAX initially writes data with minimal compression and de-duplication. That data is then processed asynchronously to compress, de-duplicate, and sort the contained records over the hours following initial backup. We'll call this "compaction." This process is transparent to the GRAX user, as access to the data isn't limited during this process.
Compaction produces immutable storage blobs. As data is compacted past the original written state, new blobs are written to represent that data and the source blobs are marked for deletion. 14 days after being marked as such, those non-compacted blobs are deleted from storage as the data within them is represented elsewhere in "better" blobs. This process repeats as your dataset grows, meaning that compaction is a permanent and recurring background process that maintains your dataset.
Also for consideration, the vast majority of load on the GRAX Application occurs in the first few weeks of operation in which you connect GRAX and we capture a snapshot of the entire exposed Salesforce dataset. This means that data can build up temporarily until compaction and then deletion catches up.
With the above process in consideration, we can plot the expected data storage usage on a generalized curve (specific values, units, and time frames depend on your environment):
Data stored in GRAX takes up significantly less space than the same data would take up in Salesforce. Cloud storage is also vastly cheaper than Salesforce storage; most users hardly notice the cost of data-at-rest in a GRAX environment. Here are some breakdowns of real-world costs of data-at-rest in AWS S3.
The calculations below don't include file/binary storage consumed by Attachments, ContentDocuments, or EventLogFiles. Storage Usage for those binary components can currently be assumed to be 1:1 with Salesforce and cost-estimated with published storage rates.
The calculations below only consider data-at-rest rates. All cloud providers bill for data-transfer or data-access operations. Those are considered variable costs based on usage of GRAX features and overall processing load. Our published contains estimates for GET, LIST, PUT, and DELETE requests as well as overall data-transfer expectations.
Average Case:
Production environments, on average, consume a low amount of storage
216 GB consumed by average environment
$4.97 per month at standard S3 data-at-rest rates
For information on how to connect your GRAX Application to a bucket for the first time (or change your existing storage connection), review our .
No. GRAX does not support the premium blob storage tier or API from Microsoft Azure. Use the standard storage tier instead.
With the exception of the parquet folder, these storage locations contain data stored in a proprietary format and are designed to be read/written solely by the connected GRAX Application.
As mentioned , attempts to rename, remove, or modify data within the storage bucket cause data loss and GRAX availability issues. GRAX isn't responsible for partial or complete loss of your backup dataset if this restriction is violated.
No. GRAX does not support versioning in the storage bucket or container. GRAX stores data in a proprietary format that keeps track of all record versions internally. Storage blobs/objects are not updated in place - they're rewritten as a new blob when replaced. The old blobs are then removed once no longer representative of the dataset. Enabling versioning thus has no affect on data safety but keeps these deleted blobs around indefinitely as a "non-current version." This will increase storage consumption and costs significantly beyond the documented expectations.
First, ensure that Versioning is now disabled or suspended indefinitely in the bucket. Next, use provider-specific tools to automatically remove the "non-current versions" for deleted objects from the bucket. AWS S3 supports that can be used to automatically remove old versions of objects, and clean up delete markers left behind. A rule needs to be created to do the following:
Non-current Version Expiration - This removes the non-current versions of objects after a specified number of days. The rule should be configured to remove non-current versions after 1 day.
Remove Expired Object Delete Markers - This removes the delete markers left behind after the non-current versions are removed.
An example of a Lifecycle Rule that will remove non-current versions and delete markers after 1 day is shown below:
These examples are not filtered. They will apply to the entire bucket. If you share your GRAX bucket with other applications or data, these rules may delete non-current versions of storage objects that are not related to GRAX. Proceed with caution.
XML
JSON
GRAX does not natively support S3 bucket replication, nor does the app support failover to a replicated bucket.
While replication is technically possible on any bucket if you set it up yourself, bucket replication introduces unsupported configuration and significant complexity and cost, especially due to S3 Versioning and Delete Marker behavior.
Replicated data is not reliable for failover, is not guaranteed to be consistent or recoverable in the event of failure and offers no immediate operational value in disaster recovery scenarios.
GRAX is designed for you to retain ownership of your sensitive data. For this reason GRAX requires that you bring a storage bucket that you own. However, if circumstances are such that you are unable to provide a bucket, contact to discuss an exception (GRAX-hosted bucket).
GRAX-hosted storage supports backup, archive, and restore on AWS only. It does not support Data Lake or Data Lake House. It does not offer access to the underlying storage account and configuration. It is subject to storage, request, and bandwidth limits and may incur overage fees or require purchasing additional blocks of storage.
In all scenarios, bringing your own storage account is better for data security, cost, and data reuse.
High Estimate:
Published cost estimates contain a very high recommended S3 cap to allow for longterm growth
5 TB total storage space recommendation
$117 per month at standard S3 data-at-rest rates
Largest:
International support organization with high record turnover rate
3+ year relationship with consistent full-org backups
6,000,000,000+ record versions backed up with GRAX
6 TB of total storage consumed
$141 per month at standard S3 data-at-rest rates
grax
Metadata and binary components of Salesforce Files
table
Primary location for object and record backups
internal
Data generated by the GRAX application for its own use
parquet
Parquet files generated by GRAX's feature
<LifecycleConfiguration>
<Rule>
<Expiration>
<ExpiredObjectDeleteMarker>true</ExpiredObjectDeleteMarker>
</Expiration>
<NoncurrentVersionExpiration>
<NoncurrentDays>1</NoncurrentDays>
</NoncurrentVersionExpiration>
</Rule>
</LifecycleConfiguration>{
"Rules": [
{
"Expiration": {
"ExpiredObjectDeleteMarker": true
},
"NoncurrentVersionExpiration": {
"NoncurrentDays": 1
}
}
]
}