Last updated December 03, 2024

The dyno runtime is a central component of Heroku that is responsible for running your app’s dynos. A dyno runtime is responsible for:

• Provisioning dynos (secure, isolated containers for running your app’s code).
• Managing and monitoring the lifecycle of each dyno.
• Adding and removing dynos when the scaling configuration of the app changes.
• Providing proper network configuration so dynos can make network requests to attached add-on services and other external endpoints.
• Receiving web traffic on an application’s domain and routing it to web dynos.
• Capturing log output from each dyno and forwarding it to the application’s log drains.

Heroku has different runtimes, with the main differences being the network topology and level of isolation. See the certifications for these runtimes in the table here.

Common Runtime

The Common Runtime runs and manages dynos in a single multi-tenant network per region. Two regions are available, US and EU. Each dyno is secured with strong firewall rules so even though all dynos run in a single, flat network, they are strongly isolated from each other. See the certifications for this runtime in the table here.

Dynos in the Common Runtime can only receive connections from the routing layer, which is responsible for correctly and securely forwarding inbound web requests to dynos. Only web dynos can receive connections in this way.

Private Spaces Runtime

Heroku has two generations of the Private Spaces Runtime: Cedar and Fir.

Cedar Private Spaces Runtime

The Cedar-generation of the Private Spaces Runtime allows you to create applications in one or more Cedar Private Spaces. Each space has its own network, routing layer, and control plane that aren’t shared with other applications outside the space. See the certifications for this runtime in the table here.

The isolation and network topology of this runtime offers several additional benefits, compared to the Common Runtime:

• You can restrict access to all applications in a space to a set of trusted IP ranges.
• All requests made by apps originate from a set of stable outbound IP addresses allowing you to use IP allowlists to secure access to various backend services such as an on-premise web service gateway.
• Dynos within a space can communicate directly with each other over a private network.
• Dynos within a space can communicate directly over a private network with certain types of add-on resources such as Heroku Postgres and Heroku Key-Value Store (KVS). A database or KVS instance created in a space can’t be accessed directly over the public internet.
• The strong isolation allows applications to meet compliance requirements above and beyond what is possible in the Common Runtime.

Fir Private Spaces Runtime

The Fir-generation of the Private Spaces](private-spaces) Runtime allows you to create applications in one or more Fir Private Spaces. Similar to a Cedar Private Space, a Fir Private Space has its own dedicated networking, routing, and control plane layers that aren’t shared with apps outside of the space.

Fir-generation runtime offers additional benefits compared to Cedar:

• More flexible and smaller minimum dyno sizes and tiers
• Improved dyno boot times
• Improved dyno scale limits
• App builds occur within the app’s space
• ARM-based dynos highly optimized for parallel processing and power efficiency, resulting in better price-to-performance ratios for certain workloads
• Ability to build source code into container images with Cloud Native Buildpacks
• Simplified application observability by integrating with OpenTelemetry directly, a streamlined way to collect and export telemetry data without extensive configuration. Apps in a Fir Private Space support OpenTelemetry’s logs, traces, and metrics signals out of the box.

Choosing a Dyno Runtime For Your App

The runtime for an app is set at creation time. The Common Runtime is the default.

To use the Cedar or Fir Private Spaces Runtime instead, see the Heroku Private Spaces article.

See the Regions article for information about how to set the region for your app.