Diagnostics and Monitoring Tools for Salesforce — Part 2
Identify security risks and monitor your releases
In Part 1 we covered monitoring and diagnostic tools for development and performance related use cases in a typical Salesforce Application Lifecycle Management (ALM) model. Here in Part 2, we review tools available for security and compliance and for release and maintenance purposes.
Security and compliance use cases
Security is paramount in maintaining your organization. With so many security setting options, how do you know which one is a potential issue and which ones are not conforming to your security policy standards ? Keeping tabs on this can be a daunting task. Wouldn’t it be great to have a one-stop shop to show all potential issues, recommendations, and fixes? Salesforce Security Health Check provides exactly that. It doesn’t stop there. If you have multiple organizations, then you can pull this information using the Tooling API and display information or take actions on your custom monitoring dashboard. How cool is that?
Another important area to monitor is making sure your customer or partner community is not able to access more information than needed. This is where you can use the Guest User Access Report, which gives you an overview of the objects and permissions guest users can access from your public communities.
Vulnerabilities in your code are equally important and should be monitored throughout your development and build process. Static code analysis should be run manually or automatically to identify security vulnerabilities and other code quality issues. To take it one step further, make it a part of your periodic (either monthly or quarterly) maintenance schedule to run a full static code analysis on your code base. Some popular tools available for this are the Force.com code scanner (offered in partnership with Checkmarx), PMD, and Codescan.io. These tools features hundreds of rules for static code analysis.
Important Security Checks:
- Cross Site Scripting (reflected, stored, and DOM-based)
- SOQL/SOSL Injection
- Access Control Issues (Sharing, FLS)
- Cross site request forgery attacks
- Arbitrary redirects
- Overly permissive postMessage targets
Important Code Quality Checks:
- DML statements inside loops
- SOQL/SOSL inside loops
- Hardcoding Trigger.new[0]
- Hardcoding Trigger.old[0]
- Queries with no Where clause or no LIMIT clause
- Not bulkifying Apex methods
What if you want to monitor these important user, security, and performance metrics in real time and also store them for audibility purposes? Salesforce Shield Event Monitoring provides access to 50+ detailed performance, security, and usage data metrics for your Salesforce apps to help you monitor compliance with your security policies, understand user adoption across your apps, and optimize application performance.
Release and maintain use cases
As the application lifecycle transitions to the release and maintain stage, the focus of instrumentation naturally shifts from diagnostics to monitoring. Trust.salesforce.com provides real-time status details on service availability, performance, security, privacy, and compliance. This site includes information for all data centers and is open to the public. You can sign up for email or SMS notifications regarding incidents and maintenance posted to the site. In addition, the My Salesforce Trust Monitor package can help you create a custom list of organizations for monitoring.
A key success metric for Salesforce application release is adoption rate. A good starting point is to install and review the Salesforce Adoption Dashboards. This AppExchange package provides visibility to relevant user login history and adoption of key features. If your organization recently transitioned from Classic to Lightning Experience, the built-in Lightning Usage App includes Lightning usage metrics such as active users in Lightning Experience, number of users switched back to Classic, and most viewed pages.
For Salesforce enterprise customers, it is common to have asynchronous jobs to handle long running tasks. Salesforce provides different monitoring pages for such jobs under the setup section:
- API Usage Notifications — receive email notifications when the number of API requests exceed a threshold
- Apex Flex Queue — view and reorder all batch jobs that have a holding status
- Apex Job Queue — monitor the status of all Apex jobs, and optionally abort jobs that are in progress
- Background Jobs — monitor system background jobs in your organization, such as record sharing access recalculation after changes are made to groups, roles, or territories
- Bulk Data Load Jobs — monitor the progress of current bulk data load jobs and the results of recent jobs
- Outbound Message — track status of outbound messages
- Scheduled Jobs — lists all reporting snapshots, scheduled Apex jobs, and dashboards scheduled to refresh
- Time-based Workflow — view and manage pending time-based workflow actions
Over time, with multiple teams working on your organization, it can accumulate a lot of technical debt, especially if there is a lack of governance. In Salesforce terms, it is the combination of inefficient customizations, integrations, and processes that grow unchecked over time, that lead to a system that lacks scalability, maintainability, usability, and agility. Decluttering your organization can be challenging. That’s where the Salesforce Optimizer app can help. It is a powerful, free, and simple tool that takes a snapshot of your Salesforce organization and looks for potential problems in your implementation. Salesforce Optimizer gives you detailed data on more than 50 metrics covering everything from storage, fields, custom code, custom layouts for objects, reports and dashboards, and much more. For each metric it provides:
- What it found in your organization
- What you should do about it
- Resources to learn more
Here’s an example. Imagine that your Opportunity object has 40+ workflow rules. Many of these may have complex entry criteria. This is where the optimizer report will come to the rescue and show you the issue and a recommendation on how to fix it. In this case, there might be too many workflow rules on objects, which can increase the time to save and load records. The recommendation is to consolidate the workflow rules on an object into a single process with Lightning Process Builder. More than 50 similar metrics can help an administrator to maintain the organization and keep performance high.
We know what you are thinking now: “Wouldn’t it be great to have a tool that monitors the performance of the organization and many of these metrics in real time, so that I can act and prevent issues before they occur?” Yes, we do have a solution. As touched upon in the previous section, Salesforce Real-Time Event Monitoring, built upon the Event Monitoring logs provides near real-time access to key performance, security, and usage data via platform events.
Conclusion
Monitoring and diagnostic tools help you to identify issues before they snowball into bigger problems. Keep this list of tools handy and make them part of your ALM processes. Proactively diagnosing and acting on issues can save you a lot of time, effort, and cost later. Be sure to bookmark the Salesforce Diagnostics and Monitoring Tools Checklist , which documents all the tools we covered in Part 1 and Part 2 of this series.
About the Authors
Mukul Singh is a Success Architect at Salesforce. He focusses on helping large customers with scalable design and architecture on Salesforce platform.
Ivan Yeung works as a Success Architect at Salesforce. He helps innovative customers architect, build, and manage enterprise-scale applications on the Salesforce Platform. He is passionate about applying leading edge technology, such as NLP AI and blockchain, in Salesforce solutions.