Heroku Private Spaces

Your own private Heroku, delivered as a service.

What are Private Spaces?

A Private Space, part of Heroku Enterprise, is a network isolated group of apps and data services with a dedicated runtime environment, provisioned to Heroku in a geographic region you specify. With Spaces you can build modern apps with the powerful Heroku developer experience and get enterprise-grade secure network topologies. This enables your Heroku applications to securely connect to on-premise systems on your corporate network and other cloud services, including Salesforce.

How Private Spaces work

See it in action

Private

Spaces make it simple to bring all the pieces of your architecture together, from on-premise systems to cloud services, including Salesforce, into one managed Private Space that ensures sensitive data and transactions are protected. Postgres EX, Redis EX and Connect EX are unique versions of Heroku’s leading data services that have the additional security factor of being accessible only over a space’s private network.

Power

Within a Space, you can use powerful new primitives to create new types of application architectures. Your app runs in private dynos, smart containers which are all connected to a private network that lets them communicate with each other, so you can compose sophisticated application architectures using small, modular services. Setting up a space is as easy as naming it and clicking a button — in minutes your space is created so your team can stay focused on building great apps.

Performance

Each Space has its own runtime dedicated to only your Heroku apps, ensuring even your highest traffic apps deliver low latency performance for every user. Spaces can be deployed to a geographical region you specify to bring your Heroku apps and services closer to your users, further reducing latency. Apps in spaces run on private dynos — smart containers that fully occupy and get the performance benefit of an entire virtual compute instance.

New features for enhanced network isolation and security

Dedicated isolated runtimes

Provision application infrastructure for your apps.

Dedicated private networks

Setup private, isolated networks for internal services.

Private data services

Keep your data more secure and private in your internal network.

Selectable regions

Run apps in Dublin, Frankfurt, London, Montreal, Mumbai, Oregon, Singapore, Sydney, Tokyo, and Virginia.

DNS Service Discovery

Use DNS to discover other services over a low-latency private network.

Heroku Postgres via PrivateLink

Seamlessly and securely connect your Heroku Postgres databases to resources in your Amazon VPC(s).

Stable outbound IPs

Securely connect apps to third party cloud services and corporate networks.

Trusted IP ranges

Limit app access to users only on trusted networks.

Site-to-Site VPN

Establish secure, site-to-site IPsec VPN connections between Private Spaces and on-prem data centers and 3rd party clouds.

Internal Routing

Build private apps and APIs with endpoints that are only routable within the Private Space and on VPC and VPN peered networks.

Access data via PrivateLink

Build sophisticated app architectures that integrate Heroku Postgres, Heroku Key-Value Store, and Apache Kafka on Heroku with resources running on one or more Amazon VPCs.

Access data via mutual TLS

Heroku Postgres can be seamlessly and securely integrated with resources running in public clouds or private data centers.

View Heroku Private Spaces Docs

Expanded application architecture possibilities

Private APIs

Create apps and services accessible only from internal networks, such as intranets and internal APIs. Leverage private data storage for enhanced security and privacy.

Run apps in ten global regions

Run network-isolated apps in ten global regions closer to your users for better application latency and experiences.

New app dev architectures

Enable new app dev architectures using private networking for extensible multi-tier applications.

Build secure multi-cloud and hybrid apps that span Heroku and GCP, on-premises, and AWS.

Heroku Shield Private Spaces is the easiest path to delivering high compliance apps

Heroku Shield is a set of platform services that offer additional security features for building high compliance apps. Use Heroku Shield to build HIPAA or PCI compliant apps for regulated industries. Heroku Shield includes high compliance instances of Private Spaces, Heroku Postgres, Heroku Connect, and Private Dynos. Learn more about Heroku’s compliance programs and certifications by visiting our compliance center.

Build HIPAA & PCI compliant apps with confidence

Heroku Shield Private Spaces enables you to build high compliance, customer-facing apps for regulated industries like healthcare, life sciences, and financial services that require a BAA.

Deploy high compliance apps with a simple Git push

Spin up a HIPAA or PCI compliant environment in minutes, and start deploying your applications with all the ease of the Heroku developer experience using git push heroku main.

Get additional trust controls out of the box

Your app runs in a network isolated Heroku Shield Private Space with additional trust controls for high compliance: keystroke logging for production access auditing, logging at the space level that you control, encryption at rest for ephemeral data, and strict TLS enforcement.

Explore Heroku Shield

Learn more about Private Spaces

Please tell us more about your project and we’ll be in touch.

First name(Required)

Last name(Required)

Email(Required)

Phone number

Company(Required)

Country/Region(Required)

Send us a message (255 characters max)(Required)

Phone

This field is for validation purposes and should be left unchanged.

Submitting this form signifies that you have read and agree to the Terms of Service, the Salesforce Japan Privacy Statement (if applicable), and our Privacy Policy.