function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
rmolekillarmolekilla 

Amazon EC2: force.com pull IP


Hi,
 
I'm curious how people is configuring group permissions for EC2 instance services to be pulled from salesforce.com apps, since ec2 group permissions require a CIDR ip mask to explicitly grant firewall permissions, and i'm not sure how to obtain if a reliable static ip exists for the salesforce.com side, and how to obtain it 
Best Answer chosen by Admin (Salesforce Developers) 
AishAish

Actually...

 

The purpose of whitelisting an IP address range is to allow for disaster recovery procedures with the Mirrorforce data backup centers and for future expansion.

There is no risk in white listing the specified range of IP addresses as Salesforce.com *OWNS* the range. It is not leased or shared in any way with any other organizations.

Salesforce.com moved from an IP address block sub-allocated by an ISP to a new address block allocated directly to salesforce.com by the American Registry for Internet Numbers (ARIN).

Salesforce.com strives to provide our customers with the best service possible. The MirrorForce data centers installations on the East and West Coast provide near real-time data replication and failover. Direct IP allocations make that possible.

In addition, direct IP allocations provide for:

-ISP Peering: The ability to select diverse peering to avoid congested networks.

-ISP Redundancy: The ability to easily expand beyond two network carriers

-IP Stability: The ability to maintain the same IP addresses with different network carriers.

The IP address spaces are as follows:

204.14.232.0/25 East Coast Data Center (set one)
204.14.233.0/25 East Coast Data Center (set two)
204.14.234.0/25 West Coast Data Center (set one)
204.14.235.0/25 West Coast Data Center (set two)

To clarify, the "0/25" that you see in the ranges does not refer to "0 - 25" or 26 IP addresses. It is network administration nomenclature which refers to the range of IP addresses from "0 - 127", so there is a total of 512 IP addresses.

All Answers

AishAish
You can find the Salesforce.com IP addresses here: https://na6.salesforce.com/help/doc/en/security_test_email_delivery.htm. Also if you use the Amazon Force.com toolkit at: http://wiki.developerforce.com/index.php/Amazon_Toolkit you are just able to leverage EC2 from within Force.com
rmolekillarmolekilla

Hi, thanks for replying
 
 
--> this is email addresses, are you saying that outgoing request from force.com apps to the internet (of which ec2 is a subset) will be using these same ip?
 
 
--> i don't want to use another instance, i have already an instance deployed on ec2! i just want to access the web services deployed there just as any other service running on a regular box. What IPs do i have to allow on the ec2 firewall so force.com can access it?
 
thanks
 
 
Message Edited by rmolekilla on 05-06-2009 12:38 PM
AishAish

Actually...

 

The purpose of whitelisting an IP address range is to allow for disaster recovery procedures with the Mirrorforce data backup centers and for future expansion.

There is no risk in white listing the specified range of IP addresses as Salesforce.com *OWNS* the range. It is not leased or shared in any way with any other organizations.

Salesforce.com moved from an IP address block sub-allocated by an ISP to a new address block allocated directly to salesforce.com by the American Registry for Internet Numbers (ARIN).

Salesforce.com strives to provide our customers with the best service possible. The MirrorForce data centers installations on the East and West Coast provide near real-time data replication and failover. Direct IP allocations make that possible.

In addition, direct IP allocations provide for:

-ISP Peering: The ability to select diverse peering to avoid congested networks.

-ISP Redundancy: The ability to easily expand beyond two network carriers

-IP Stability: The ability to maintain the same IP addresses with different network carriers.

The IP address spaces are as follows:

204.14.232.0/25 East Coast Data Center (set one)
204.14.233.0/25 East Coast Data Center (set two)
204.14.234.0/25 West Coast Data Center (set one)
204.14.235.0/25 West Coast Data Center (set two)

To clarify, the "0/25" that you see in the ranges does not refer to "0 - 25" or 26 IP addresses. It is network administration nomenclature which refers to the range of IP addresses from "0 - 127", so there is a total of 512 IP addresses.

This was selected as the best answer
rmolekillarmolekilla

awesome, thanks!! ..hmm, maybe those should be added in some ec2 faq?