Architecting Multi-Org Solutions

Developers

Safe Harbor

Safe harbor statement under the Private Securities Litigation Reform Act of 1995:

This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties materialize or if

any of the assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results expressed or implied by the forward-

looking statements we make. All statements other than statements of historical fact could be deemed forward-looking, including any projections of

product or service availability, subscriber growth, earnings, revenues, or other financial items and any statements regarding strategies or plans of

management for future operations, statements of belief, any statements concerning new, planned, or upgraded services or technology developments

and customer contracts or use of our services.

The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new functionality for our

service, new products and services, our new business model, our past operating losses, possible fluctuations in our operating results and rate of growth,

interruptions or delays in our Web hosting, breach of our security measures, the outcome of intellectual property and other l itigation, risks associated

with possible mergers and acquisitions, the immature market in which we operate, our relatively limited operating history, our ability to expand, retain,

and motivate our employees and manage our growth, new releases of our service and successful customer deployment, our limited history reselling

non-salesforce.com products, and utilization and selling to larger enterprise customers. Further information on potential factors that could affect the

financial results of salesforce.com, inc. is included in our annual report on Form 10-Q for the most recent fiscal quarter ended July 31, 2012. This

documents and others containing important disclosures are available on the SEC Filings section of the Investor Information section of our Web site.

Any unreleased services or features referenced in this or other presentations, press releases or public statements are not currently available and may

not be delivered on time or at all. Customers who purchase our services should make the purchase decisions based upon features that are currently

available. Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements.

Rajesh Madhawarayan

Technical Solution Architect

Richard Vanhook

Senior Technical Solution Architect

Informal Poll

Who currently works in a Multi-Org environment?

Who’s an Architect?

Administrator?

IT Manager or Exec?

Company has less than $500 mil revenue?

Over $500 mil?

Over $5 billion?

Agenda

• Ingredients

• Share

• Cross Org Data

• Integrate

• Login

• Just-in-Time (JIT) Provisioning

Multi-Org Ingredients

Login

Hub & Spoke Share

Integrate

Agenda

• Ingredients

• Share

• Cross Org Data

• Integrate

• Login

• Just-in-Time (JIT) Provisioning

Sharing Data Across Orgs

Hub Hub

(1) Hub Broadcast (2) Spoke Aggregation

Salesforce to Salesforce (S2S)

• Replicates data from one org to another

• Native to Force.com, data never leaves the platform

• Originally designed to share data with partners (and still is)

• Practical, cheap option to enable sharing across multiple orgs

• No external middleware required

Moving data from one

org to another – how

do we do that?

Easy, use

Salesforce to

Salesforce.

Bad Architect!

It’s not that simple!

Salesforce to Salesforce (S2S)

• S2S is not for sharing data to an entity external to salesforce.com

platform

• Not a ‘true’ middleware substitute – It wont perform translations,

transformations and validations. You still have to do them in Apex

• Does not enrich data from 3rd party sources

• Not a replacement for serious ETL use cases

• S2S does not have an SLA. So latency must be accounted in your

architecture for transferring & sharing parent – child records

Spoke Hub

Account Object

Name Phone

Acme (800) 123-4567

4 1 3 2

After

Insert

Trigger

S2S

Config

S2S

Connec-

tion

S2S

Config Data

Account Object

Name Phone

Acme (800) 123-4567

Hub

Demo: Hub Broadcast

Spoke Hub

Name

Richard

User Shadow User Shadow

4 2 3 5

S2S

Config

S2S

Connec-

tion

S2S

Config Data

Name

Richard

User Object

1

After

Insert

Trigger

Name

Richard

Hub

Demo: Spoke Aggregation

S2S replicates data

What if I don’t want to replicate data?

Agenda

• Ingredients

• Share

• Cross Org Data

• Integrate

• Login

• Just-in-Time (JIT) Provisioning

Cross Org Data (XOrg)

• Share data across orgs without replicating data!

• One org designated Hub; Spokes are invited (similar to S2S)

• Spokes contain “proxy” objects created from Hub “sync”

• Proxy objects (Foo__y) can be queried or referenced in Apex

• Pilot Spring ’13, GA Summer ’13 (Safe Harbor)

• Notable limitations: Custom Objects only; Unsupported field

types: Currency, Geolocation (beta), Lookup Relationship, Picklist, Picklist (Multi-

Select), Text Area (Encrypted), Text Area (Long), Text Area (Rich)

Demo: Cross Org Data

Agenda

• Ingredients

• Share

• Cross Org Data

• Integrate

• Login

• Just-in-Time (JIT) Provisioning

External System Integration

Most common issue: do you

integrate with the Hub or each

individual Spoke?

Considerations

Maintenance

Data Stewardship

Hub Data

Data

Not talking about “how” you integrate (the APIs, tools, etc)

External System Integration

Hub REST API

Lead

Demo: External System Integration

Agenda

• Ingredients

• Share

• Cross Org Data

• Integrate

• Login

• Just-in-Time (JIT) Provisioning

Login through Single Sign-On (SSO)

Term Definition

Identity Provider (IdP) Server that authenticates user and generates the

SAML assertion

Assertion XML elements in a SAML token that contain user

credentials

Service Provider (SP) System that trusts the IdP user information and

provides access to the Service

My Domain Custom URL for an org

Federation ID Org unique user identifier

Single Sign-On (SSO)

Hub

IdP

Federation ID:

john.smith

SP

Reminder: IdP = Identity Provider, SP = Service Provider

Federation ID:

john.smith

Demo: Multi-Org SSO

That was simple…

You set up the Hub, Spokes and then

create users in each org

How many of you think setting

up Multi-Org SSO was simple?

How about?

Create the user once in Hub, then

automatically create in Spokes

Agenda

• Ingredients

• Share

• Cross Org Data

• Integrate

• Login

• Just-in-Time (JIT) Provisioning

Just-in-Time (JIT) Provisioning (Winter ‘13 GA)

• Enable “Service Provider SAML Attributes”

• Users can now be created on the fly (“lazy load”)

• JIT existed prior to Winter ‘13, but not across orgs

• User fields are mapped accordingly

Demo: Multi-Org JIT Provisioning

Agenda

• Ingredients

• Share

• Cross Org Data

• Integrate

• Login

• Just-in-Time (JIT) Provisioning

More at #DF12

Building an Enterprise MDM Strategy

Thursday 10:30am Moscone Center West 2007

Single or Multi-Org: What's Right for My Deployment?

Thursday 10:30am Moscone Center West 3024

Driving Multi-Org Collaboration with S2S

Thursday 11:30am Moscone Center West 3006/3008

Rajesh Madhawarayan

Technical Solution Architect

Richard Vanhook

Senior Technical Solution Architect