Inside Salesforce Edge: Automating Global Rollback for 1.5 Trillion Requests in 10 Minutes
Summary
Salesforce Edge, the global perimeter platform handling trillions of requests monthly, optimized its rollback process by shifting from an eight-to-twelve-hour global rollback to just ten minutes. This improvement was achieved through a custom blue-green Kubernetes deployment architecture with fully scaled warm standbys and advanced autoscaling logic to ensure seamless capacity. Additionally, connection draining automation was implemented to minimize customer disruption during traffic cutover. Salesforce teams can learn to build highly available, automated rollback mechanisms tailored for large-scale global services.
Takeaways
- Implement blue-green deployments with fully scaled warm standbys for rapid rollback.
- Synchronize autoscaling metrics across active and standby deployments to maintain capacity parity.
- Automate TCP connection draining to minimize disruption during global traffic cutovers.
- Manage global edge services as consolidated perimeters for uniform security enforcement.
- Integrate rollback automation tightly with Kubernetes native constructs for precise control.
By Sanjeev Chhabria, Aditya Kamath, Derek Donaldson, and Sandeep Siroya. In our Engineering Energizers Q&A series, we highlight the engineering minds driving innovation across Salesforce. Today we spotlight Sanjeev Chhabria, Vice President of Engineering, who leads the Salesforce Edge (Trusted Perimeter Platform) team, building and operating global perimeter services that handle 1.5 trillion requests and approximately 23 petabytes of traffic monthly. Explore how the team reduced global rollback time from eight to twelve hours to roughly ten minutes, re-architected Kubernetes deployments and autoscaling for true blue-green operation, and automated traffic cutover and TCP connection draining to preserve four-nines availability during worldwide rollback events. What is your team’s mission as it relates to building and operating Salesforce Edge as a global, high-availability service? Our purpose is to manage Salesforce Edge as the reliable entry point for Salesforce application traffic.