Heroku Private Space

What are Private Spaces?

A Private Space, part of Heroku Enterprise, is a network isolated group of apps and data services with a dedicated runtime environment, provisioned to Heroku in a geographic region you specify. With Spaces you can build modern apps with the powerful Heroku developer experience and get enterprise-grade secure network topologies. This enables your Heroku applications to securely connect to on-premise systems on your corporate network and other cloud services, including Salesforce.

How Private Spaces work
See it in action
00:0000:00

Private

Spaces make it simple to bring all the pieces of your architecture together, from on-premise systems to cloud services, including Salesforce, into one managed Private Space that ensures sensitive data and transactions are protected. Postgres EX, Redis EX and Connect EX are unique versions of Heroku’s leading data services that have the additional security factor of being accessible only over a space’s private network.

Power

Within a Space, you can use powerful new primitives to create new types of application architectures. Your app runs in private dynos, smart containers which are all connected to a private network that lets them communicate with each other, so you can compose sophisticated application architectures using small, modular services. Setting up a space is as easy as naming it and clicking a button — in minutes your space is created so your team can stay focused on building great apps.

Performance

Each Space has its own runtime dedicated to only your Heroku apps, ensuring even your highest traffic apps deliver low latency performance for every user. Spaces can be deployed to a geographical region you specify to bring your Heroku apps and services closer to your users, further reducing latency. Apps in spaces run on private dynos — smart containers that fully occupy and get the performance benefit of an entire virtual compute instance.

New features for enhanced network isolation and security

Dedicated isolated runtimes

Provision application infrastructure for your apps.

Dedicated private networks

Setup private, isolated networks for internal services.

Private data services

Keep your data more secure and private in your internal network.

Selectable regions

Run apps in Dublin, Tokyo, Frankfurt, Oregon, Sydney, and Virginia.

Stable outbound IPs

Securely connect apps to third party cloud services and corporate networks.

Trusted IP ranges

Limit app access to users only on trusted networks.

DNS Service Discovery

Use DNS to discover other services over a low-latency private network.

Site-to-Site VPN

Establish secure, site-to-site IPsec VPN connections between Private Spaces and on-prem data centers and 3rd party clouds.

Internal Routing

Build private apps and APIs with endpoints that are only routable within the Private Space and on VPC and VPN peered networks.

Explore the docs

Expanded application architecture possibilities

Private APIs

Create apps and services accessible only from internal networks, such as intranets and internal APIs. Leverage private data storage for enhanced security and privacy.

Run apps in six global regions

Run network-isolated apps in six global regions closer to your users for better application latency and experiences.

New app dev architectures

Enable new app dev architectures using private networking for extensible multi-tier applications.

Better together: Heroku + GCP, on-prem, and AWS

Build secure multi-cloud and hybrid apps that span Heroku and GCP, on-premises, and AWS.

  • Heroku Shield makes HIPAA compliance easier to execute, so now my dev teams can focus on building great apps using a modern app-dev toolset, refer to customer-sensitive data with added confidence, and ultimately provide our customers with an engaging experience that differentiates Align Technology in the marketplace.

    Align Tech Leela Parvathaneni Director of Customer-Facing Applications, Align Technology Read customer story >>
  • Heroku Service Discovery helped us build out additional metrics gathering, which provided greater insight into the services we are running in Heroku Private Spaces. Before Service Discovery was available, this would not have been possible.

    sendwithus Daniel Steuernol Platform Engineer, sendwithus

Heroku Shield Private Spaces is the easiest path to delivering high compliance apps

Heroku Shield is a set of platform services that offer additional security features for building high compliance apps. Use Heroku Shield to build HIPAA or PCI compliant apps for regulated industries. Heroku Shield includes high compliance instances of Private Spaces, Heroku Postgres, Heroku Connect, and Private Dynos. Learn more about Heroku’s compliance programs and certifications by visiting our compliance center.

Build HIPAA & PCI compliant apps with confidence

Heroku Shield Private Spaces enables you to build high compliance, customer-facing apps for regulated industries like healthcare, life sciences, and financial services that require a BAA.

Deploy high compliance apps with a simple Git push

Spin up a HIPAA or PCI compliant environment in minutes, and start deploying your applications with all the ease of the Heroku developer experience using git push heroku master.

Get additional trust controls out of the box

Your app runs in a network isolated Heroku Shield Private Space with additional trust controls for high compliance: keystroke logging for production access auditing, logging at the space level that you control, encryption at rest for ephemeral data, and strict TLS enforcement.

Learn more about Heroku Shield

Learn more about Private Spaces

Please tell us more about your project and we'll be in touch.

Webinars

Cloud Apps with the Trust and Control of On-Premise

Create new opportunities for app engagement while maintaining enterprise control. Learn how fintech start-up Moneytree leverages Heroku Private Spaces.

Heroku Private Spaces in Action

Walk through new architectures that are now possible for enterprise apps in this technical demo of Heroku Private Spaces.