Print this page

How to prepare for additional login pools

Knowledge Article Number 000182187
Description

Important: This document is for informational purposes only, and is not part of any legal or otherwise binding agreement. The policies and practices described in this document are subject to change at Salesforce's sole discretion.
 

Notes:

  • This document is for informational purposes only, and is not part of any legal or otherwise binding agreement. The policies and practices described in this document are subject to change at Salesforce's sole discretion.

  • This article was created in April 2014, when login pools were added to our data centers in the Americas.

  • This article was updated in March 2015, to reflect the addition of login pools to the APAC data center.

  • This article was updated in July and September 2015, to reflect the addition of login pools to the data centers in the Americas and EMEA.
     

As an admin of a Salesforce org, you may have end users accessing Salesforce while traveling or working from remote offices. Your organization’s network settings impact their ability to log in from another region of the globe.

 

Note: If you are following our best practices to allow access to all Salesforce IP ranges, it is likely that no action is required. We updated our network IP ranges in the What Salesforce IP ranges should I whitelist? article in April 2015.

 

What are login pools and how will this benefit me?

Login pools process all login requests when end users or inbound-traffic integrations attempt to access the Salesforce app. Upon login, end users and integrations will be sent to the nearest data center to be processed, which then verifies credentials and forwards to the appropriate instance.

 

We’re working to improve your login performance, regardless of which instance you’re logging in from. In the last year, we further improved the resiliency of our infrastructure by adding additional login pools to our AMER and Asia Pacific (APAC) data centers. On November 14, 2015 US Pacific Time, we are adding more login pools to our AMER and EMEA data centers. If your end users are accessing Salesforce from the AMER or EMEA regions, they may authenticate via these new login pools, thus reducing the time it takes to log in.

 

What action do I need to take?

You will need to take action if both of the following criteria apply to you. Otherwise, no action is necessary.

  1. Your end users or inbound traffic integrations use login.salesforce.com to access your production instance.

  2. Your IT department has set up your corporate network settings (ie. proxy settings or firewalls, etc.) to restrict access to only certain Salesforce IP ranges (i.e. whitelisting certain IP addresses or ranges, hard-coding references to certain data centers or instances, etc.). This is not done in the Salesforce app, but in your corporate IT network settings.

 

If your IT department has set up your corporate network settings to restrict access to only certain Salesforce IP ranges, you will need to update your corporate network settings to allow access to all Salesforce data centers.

 

We recommend that you allow access to all of the ranges for every data center, regardless of where your instance resides. The full list of Salesforce IP ranges is available in the What Salesforce IP ranges should I whitelist? article.

 

What if I do not take action?

If you do not update your corporate network settings to allow access to all Salesforce IP ranges, and your end users and integrations reference login.salesforce.com, your end users may not be able to log in and your inbound integrations may stop working starting on November 14, 2015 US Pacific Time.

 

When is this change taking effect?

We’re adding a login pool to our AMER and EMEA data centers on November 14, 2015 US Pacific Time. Please check trust.salesforce.com/trust/maintenance/ for further updates.

 

How can I get more information?

You can also watch the Login Pools - Will This Change Impact My Company? video. For any additional questions, you can reach out to Customer Support by opening a case via the Help & Training portal.

 

Resolution
  1. Why are you adding additional login pools?

    1. To improve the resiliency of our infrastructure, we are adding an additional login pool to our data centers in AMER and EMEA. Adding more login pools enables Salesforce to continue to maintain the high levels of performance and service reliability our customers have come to expect from Salesforce.
       

  2. I allow my service to talk to all Salesforce registered IP ranges and data centers.  I do not currently restrict access by data center or IP range by restricting or whitelisting certain IP ranges. Do I have any action that I need to take?

    1. If you do not currently restrict access by data center or IP range, then no action is required.
       

  3. How can I stay on top of all of these infrastructure changes?

    1. By implementing MyDomains, you will stay ahead of future infrastructure changes. Rather than using login.Salesforce for your login URL, MyDomains allows you to use [mydomain].my.Salesforce, which points directly to the instance your organization resides on.  For more information on MyDomains, check out the What is My Domain Article.
       

  4. What if I do not update my corporate network settings to include access to all of our data centers?

    1. If you do not update your corporate network settings to allow access to all Salesforce data centers, and your end users and integrations reference login.salesforce.com, your end users may not be able to log in and your inbound integrations may stop working starting on November 14, 2015 (US Pacific Time).
       

  5. I currently hard code the IP range to a specific data center. Will that still work after this maintenance is complete?

    1. All login requests will be sent to the nearest data center to be processed before they are forwarded to your instance. If you do not include IP ranges for all of our data centers, for example you have end users traveling to a region where you aren't including the related data center IP ranges, you may prevent your end users or integrations from logging in to the Salesforce application. In this case, your end users may see an error message if you do not add all of the Salesforce IP ranges.
       

  6. Where can I find the full list of our data center IP ranges?

    1. You can find the full list of our data center IP ranges in the What Salesforce IP ranges do I need to whitelist? Article. For security purposes, you will need to login with your Salesforce credentials to view the list of IP ranges.
       

  7. How can I test my corporate network settings to confirm that my organization is prepared for the additional login pools in November 2015?

    1. Regardless of which instance your organization is on, we recommend that you test logging in via one of the instances which reside in our data centers in the Americas or EMEA (EU5 or NA1, NA2...) to ensure that you are allowing network access to the AMER and EMEA data centers.

      1. For example, if your instance is on AP1 and you point your browser to eu5.salesforce.com, you will be directed to a login page to enter your Salesforce credentials. If you have your network settings set up correctly to allow access to the EMEA data centers, the login pool will log you into your Salesforce application and will automatically redirect you to your instance (e.g. ap1.salesforce.com).

      2. If you are unable to login, then it is most likely that your network settings are restricting access to the EMEA data centers. However, check trust.salesforce.com to ensure that there is not a maintenance being performed on that particular instance at that time.

    2. If you would like to do additional testing, you may choose to call at least one IP address in each of the three subsets of the Salesforce IP ranges via a ping test or API request. Please note: For security purposes, you will need to login with your Salesforce credentials to view the list of IP ranges.
       

  8. When will these additional login pools be added?

    1. We allowed our Sandbox instances to access additional login pools in our midwest and east coast data centers on November 2, 2013.

    2. On May 10, 2014, our production instances started leveraging the login pools added to our data centers in the Americas.

    3. On April 11, 2015, our production instances started leveraging login pools added to our Asia Pacific (APAC) data center.

    4. On November 14, 2015, we will add login pools to our data centers in AMER and EMEA.

 

Technical Questions

Are you a System Administrator or IT Department? Review the following questions and answers for more technical information. 

Do I need to make any changes to the 5 IP addresses for mail relay?

We are not adding additional email relay IP addresses at this time. However, you should still double check that you have whitelisted all five of our email relay IP addresses. Please refer to What Salesforce network IP addresses do I need to whitelist? article.
 
Do I need to make changes to my integrations?
 
Do I need to restart integrations after the maintenance?

Yes, you'll need to restart integrations after the maintenance. Restarting ensures that the DNS cache is clear.
 
Do I need to make any changes to the Apex Web Services Generated WSDLs?

No, the Apex Web Services Generated WSDLs do not require any changes.
 
Does a partner WSDL need to be regenerated after the maintenance?

No, a partner WSDL does not need to be regenerated after the maintenance.
 
Do I need to make any changes to the Sender Policy Framework (SPF) records?

No, you don't need to make any changes to the Sender Policy Framework records.
 
Will apps from the AppExchange be impacted by this change?

No, AppExchange apps will be impacted by this change.
 
Impact to Web-to-Leads/Cases (W2X)?

No, there will not be any impact to W2X.
 
Impact to Email-to-Case (E2C)?

No, there will not be any impact to E2C.
 
Impact CTI integrations?

No, this maintenance will not impact CTI integrations.
 
Are OAuth refresh tokens be affected by this maintenance?

No, OAuth refresh tokens will not be affected by this maintenance.
 
Major Revision History
DateDescriptionEditor
April 2014Login pools were added to our North American data centerAndrea Holmes
March 2015Addition of login pools to the APAC data centerAndrea Holmes
July 2015Addition of login pools to the NA and EMEA data centersAndrea Holmes
   

 





promote demote