Active-active: multiple regions serving traffic simultaneously. Beyond active-passive failover.
For most orgs: Salesforce's standard infrastructure suffices. Active-active is rare.
When justified:
- Highest availability requirements (99.99%+).
- Latency-sensitive with global users.
- Regulatory requirement for region isolation.
- Highly mission-critical (banking, life-safety).
Implementation:
Multi-org pattern:
- Region A org — serves NA users.
- Region B org — serves EMEA users.
- Region C org — serves APAC users.
- All synchronised via integration backbone.
Identity:
- Single SSO IdP — Okta or Azure AD federating to all orgs.
- Just-in-time provisioning in target org.
Routing:
- DNS-based — traffic routed to closest region.
- Application-level — based on user attribute.
Data sync:
- Real-time replication — changes in one region propagate to others.
- Mulesoft as sync backbone.
- Conflict resolution — last-write-wins, or active-passive per record.
Challenges:
- Eventual consistency — same record may have different state in different regions briefly.
- Conflicting writes — same field updated in two regions.
- Cost — multiple orgs with full licensing.
- Operational complexity — managing N orgs.
Salesforce platform considerations:
- Hyperforce enables multi-region within a single org increasingly.
- Salesforce DR provides failover; full active-active rare in standard offering.
Alternatives to true active-active:
- Active-passive with fast failover — simpler; nearly as available.
- Read replica in another region — reads served locally; writes go to primary.
- Regional caches — accept eventual consistency.
Senior architect insight: active-active is overkill for most orgs. Standard Salesforce HA + good DR meets most requirements.
The senior framing: don't over-engineer availability. Match availability investment to actual SLA needs.
For genuine high availability needs: invest, but recognize the operational cost. Active-active is hard.