Cloudflare for Offices
blog.cloudflare.comPhysical security of these boxes is really interesting (e.g. as CF holds a lot of SSL certificates the profit of hacking into these boxes is likely a lot higher than looks at first glance)
Interesting - does this mean Cloudflare is becoming an ISP for these offices, and could they potentially spread into residential networks as well?
When I think of Cloudflare workers and such, I think of the public internet. If you have a public web app and you want low latency all around the globe, a worker is a great option.
This is the opposite of that. Are they targeting "inhouse apps" that until now would be self hosted by the organization? Basically cloud apps where the cloud is in your own building? Do they have good firewalls and access control for that, for different businesses in the same building? Can a business in the future install their own one of these?
Or is this just about businesses having access to the full Cloudflare network, just a little bit faster?
> First and foremost, it eliminates the need to rely on the costly, rigid hardware solutions
Instead, you have to depend on "free" (wrapped up in subscription charges), rigid hardware solutions provided only by Cloudflare.
It's an interesting product, and furthers Cloudflare's dominance strategy. It provides real value and at a cost that is invisible.
I don't understand their statement about MPLS and security: "a need for MPLS to make their network operate securely"
Isn't MPLS used for routing and building SDN fabric where you applied a bunch of QoS rules depending of the MPLS tags ?, which as nothing to do with security.
MPLS VPN, I guess
I also noticed the writing was particularly poor. And not just the technical detail... Everything from grammar to general syntax needs tweaking for ease-of-reading.
The switch pictured in the article looks exactly like a Melanox SN2010.
I wonder if they have been able to fit enough CPU, RAM and SSD in there to handle proxy and caching services.
Yeah, could really use some details about the hardware, especially when they mentioned energy efficiency, heat production, and performance in the article, but gave no comparisons to anything for their hardware.
how does this compare to simply using zerotier or tailscale?
Cloudflare Access does Zero Trust, something like Tailscale provides a mesh network with SSO. Tailscale has cool ACL rules, but it's not really the best way to implement true Zero Trust, especially for web applications.
I personally use Tailscale for as its a lot easier to use when you're the only one on the network compared to configuring Access for everything, but CF's zero trust stuff is quite enticing if you're running a business.
> Tailscale has cool ACL rules, but it's not really the best way to implement true Zero Trust, especially for web applications.
authzed.com is a better fit if you need ACLs for your web properties (Tailscale ACLs are super-clean though and I fully intend to copy it for one of my projects).
tailscale and zerotier are software-based solutions.
Cloudflare is rolling out physical lines directly to offices (like ISPs do, for ex https://www.tatacommunications.com/solutions/).