If you get the emails that Salesforce sends out to systems administrators, you probably got a baffling email last week with the subject “Action Required: Whitelist All Salesforce IP Ranges to Prepare for Login Pools.”
If you’re a normal person, your reaction was probably “Wait, what?”
First things first: the chances of small and mid-sized nonprofits needing to do anything about this email is very slim. Check with whoever manages your IT and network, they’ll know what this email means and whether you should do anything.
But because the question has come up a couple of times, we figured we’d try to translate. This isn’t really about Salesforce, but it’s a quick peek into the inner workings of the internet for the curious.
Inner workings of the Internet
Many of us don’t even bother with the address bar on our web browsers anymore – we just type in what we want and whatever search engine we use goes out and fetches it. So these days you can type “salesforce” into the top address bar of your browser, and more or less go to the right web site. If you’re old enough to read this blog post, you’re probably old enough to remember when you had to type in “www.salesforce.com” or “login.salesforce.com,” or type in “google.com” and go search for whatever you were looking for. If you deal with web pages at all, you know that you have to find the URL (human readable name) of a web site in order to link to it.
That human readable web address (URL) has some magic behind it. When you type it into your address bar, your computer first talks to your local network, which talks out to the world, to find out how to translate “login.salesforce.com” into a unique IP address. A unique IP address is just a string of numbers tied to a unique computer somewhere, like a telephone number is tied to only your phone. How a request gets from your computer to a global computer to Salesforce servers, back to your computer, is pretty neat, actually, but we’ll trust you to read more on your own.
IP Address assignment in today’s day and age
In the very old days, you got one IP address per human-readable address. Your own organization’s web site probably has only one IP address. For massively busy and distributed (cloud) systems like Salesforce, or Google, what actually happens is that any of hundreds, or thousands, of different IP addresses can actually answer a request for “login.salesforce.com.”
Whitelisting Salesforce.com’s IP Addresses
So Salesforce is just expanding the number of computers that can answer a request for “login.salesforce.com.” This never impacts most people. However, if you are dealing with systems that have to be absolutely sure that “login.salesforce.com” isn’t coming from some evil hacker, you will get a list from Salesforce of what IP addresses are legit, and you’ll whitelist those IP addresses. If you’ve done that, you need to expand your list soon. That’s all this is about.
