Heroku Private Spaces Now Generally Available

Today Heroku is announcing that Heroku Private Spaces is generally available. Introduced in beta in September, Private Spaces is a new Heroku runtime designed from the ground up to meet the trust and control requirements of the most demanding applications. This new architecture enables Private Spaces to deliver the best of both worlds: the easy and powerful Heroku developer experience, combined with the network and trust controls historically only available in on-premise, behind-the-firewall deployments. Made available as part of Heroku Enterprise, Private Spaces makes cloud-based PaaS ready for the most critical enterprise applications.

Heroku Spaces are designed to fit in seamlessly with the rest of the Heroku experience. A Private Space contains all the familiar elements of a Heroku application, including dynos and add-ons. All the tools for creating and managing applications, such as GitHub integration, Heroku Button, and Metrics, are the same for apps running on traditional Heroku (the “Common Runtime”) and in Private Spaces. Most importantly, creating a Private Space—a private PaaS, dedicated to your organization and its applications—takes just a single click and a couple of minutes; something that can otherwise take even the best organizations many months.

Private Spaces

Complementing the existing Heroku runtime, Private Spaces is an entirely new architecture that provides important new capabilities while retaining full compatibility with existing Heroku apps.

Specific benefits new with Private Spaces include:

Dedicated, private runtime: Each Private Space has a complete dyno runtime dedicated exclusively to the applications running in the space. This ensures the strongest level of isolation for applications, networking and infrastructure resources, in turn enabling production apps to meet stringent security and trust requirements. With Spaces, the developer experience hasn’t changed: deployment, scaling and monitoring are performed in exactly the same way using Heroku Toolbelt or Dashboard.

Private Spaces diagram

Global region availability: Since Private Spaces are discrete, self contained Heroku runtimes, they can be deployed with new kinds of flexibility—including new geographic options. As of GA, Spaces can be deployed in Tokyo, Frankfurt, Oregon and Virginia, offering lower latencies for users and developers in those areas.

Private Spaces regions

Network controls: One of the more powerful new features of Private Spaces is the control it provides over the networking layer, and the ability to restrict inbound access and outbound traffic origination for the applications that run inside it. Using network controls, Heroku applications can now be bound to other applications, VPNs, or even behind the firewall deployments. With the Trusted IP feature, IP ranges that can access your applications can easily be specified. And with Outbound IP management, all the traffic from applications in a Space automatically routes from a set of stable, persistent IP addresses.

Private Spaces settings

Private Data Services: One of the most critical aspects of any app is how it processes and stores sensitive business data. Private Spaces allow data services to be created and managed inside the secure boundary of a Space ensuring that all traffic between dynos and databases flow over the private network. Use the same simple heroku addons:create command to create fully managed Heroku Postgres and Heroku Redis data stores that run inside the Private Space.

Using Private Spaces

Private Spaces appear inside of the Dashboard under a new Spaces tab, which is shown whenever a Heroku Enterprise organization is selected. From this tab, Spaces can be created with a single click, and Spaces settings (such as Trusted IP ranges) can be configured. Spaces can also be managed via the Heroku CLI; for instructions and full list of commands, see the Private Spaces documentation.

Private Spaces and their components, including Private Dynos and Private data services, are metered and billed like other Heroku components. Specific utilization and cost information is displayed within the Dashboard of a Heroku Enterprise organization.

Customer Experience with Private Spaces

We’d like to thank the beta program participants, whose feedback and guidance was essential to creating Private Spaces. With Spaces, KLM Royal Dutch Airlines is looking ahead to providing better user experiences for its global travelers, Moneytree is able to transform personal finance for Japanese users with a new multi-device consumer finance app that runs closer to their users, and Mozilla is excited at the potential for private data services to expand the kinds of information they can store on Heroku.

"We already love Heroku Private Spaces. It builds on the power and flexibility of the service by giving us a higher level of security that our users expect when handling sensitive data," said Jon Buckley, Mozilla Foundation Operations.

Private Spaces, Heroku Enterprise and App Cloud

Introduced last year, App Cloud is salesforce.com’s family of platform and application development technologies. As part of App Cloud, Heroku Enterprise is built out of the box to connect and integrate with the App Cloud services offered by Force.com; Heroku Connect lets applications automatically share data between Force.com and Heroku Postgres, SSO for Heroku lets them share developer and administrative identity, and now Private Spaces let them connect at the network level and create a security perimeter around all of the App Cloud services.

Learn More

Private Spaces are now automatically available to Heroku Enterprise customers. If you’d like more information on Private Spaces and Heroku Enterprise, or are an existing customer with questions on Spaces use and configuration, please contact us. You can learn more about Private Spaces by attending our technical deep dive on February 25th.

Browse the blog archives, subscribe to the full-text feed, or visit the engineering blog.