The "What we are doing" section seems pretty weak. The only substantive thing they say is "we have produced new tools which enable us to more expediently relocate database services from a failed availability zone."<p>How exactly are they planning to deal with the larger Cedar difficulties? Are they going to eliminate their dependence on ELBs? Go multi-region? Developers need to know this to decide whether to continue with Heroku or build their own platform.
One subtle but important reason to use cross-region failover is that the network latency between the regions can prevent many casual or accidental dependencies between instances (if you configure instances in two regions to use the same database server, latency can cause the distant region to perform poorly).<p>This is why it's really hard to get cross region failover to work. Because you really need to make them independent.
> Approximately 30% of our EC2 instances, which were responsible for running applications, databases and supporting infrastructure (including some components specific to the Bamboo stack), went offline<p>Combined with the incident report from amazon, does this mean that 30% of Heroku instances were in a single availability zone? That would be troubling.
One of their suggestions is to have a follower of your DB and fall back to it. When they put the API in read-only mode, would I have been able to promote any followers?
My questions are:<p>- Why aren't they committing to using geographically dispersed AWS instances?<p>- Why aren't they leveraging Salesforce's infrastructure at all?