How we think about Zero Trust Performance

How we think about Zero Trust Performance
How we think about Zero Trust Performance

Cloudflare has done several deep dives into Zero Trust performance in 2023 alone: one in January, one in March, and one for Speed Week. In each of them, we outline a series of tests we perform and then show that we’re the fastest. While some may think that this is a marketing stunt, it’s not: the tests we devised aren’t necessarily built to make us look the best, our network makes us look the best when we run the tests.

We’ve discussed why performance matters in our blogs before, but the short version is that poor performance is a threat vector: the last thing we want is for your users to turn off Zero Trust to get an experience that is usable for them. Our goal is to improve performance because it helps improve the security of your users, the security of the things that matter most to you, and enables your users to be more productive.

When we run Zero Trust performance tests, we start by measuring end-to-end latency from when a user sends a packet to when the Zero Trust proxy receives, forwards, and inspects the packet, to when the destination website processes the packet and Continue reading

Globally distributed AI and a Constellation update

Globally distributed AI and a Constellation update
Globally distributed AI and a Constellation update

During Cloudflare's 2023 Developer Week, we announced Constellation, a set of APIs that allow everyone to run fast, low-latency inference tasks using pre-trained machine learning/AI models, directly on Cloudflare’s network.

Constellation update

We now have a few thousand accounts onboarded in the Constellation private beta and have been listening to our customer's feedback to evolve and improve the platform. Today, one month after the announcement, we are upgrading Constellation with three new features:

Bigger models
We are increasing the size limit of your models from 10 MB to 50 MB. While still somewhat conservative during the private beta, this new limit opens doors to more pre-trained and optimized models you can use with Constellation.

Tensor caching
When you run a Constellation inference task, you pass multiple tensor objects as inputs, sometimes creating big data payloads. These inputs travel through the wire protocol back and forth when you repeat the same task, even when the input changes from multiple runs are minimal, creating unnecessary network and data parsing overhead.

The client API now supports caching input tensors resulting in even better network latency and faster inference times.

XGBoost runtime
Constellation started with the ONNX runtime, but our vision is to Continue reading

Donning a MASQUE: building a new protocol into Cloudflare WARP

Donning a MASQUE: building a new protocol into Cloudflare WARP
Donning a MASQUE: building a new protocol into Cloudflare WARP

When we originally announced WARP, we knew we were launching a product that was different from other VPNs. Cloudflare has not only hundreds more data centers than your typical VPN provider, but also a unique purview into the adoption of open Internet standards. The confluence of these two factors have led us to today’s announcement: support for MASQUE, a cutting-edge new protocol for the beta version of our consumer WARP iOS app.

MASQUE is a set of mechanisms that extend HTTP/3 and leverage the unique properties of the QUIC transport protocol to efficiently proxy IP and UDP traffic. Most importantly, it will make your Internet browsing experience faster and more stable without sacrificing privacy.

Like many products at Cloudflare, we’re offering this first as a free, consumer offering. Once we’ve had an opportunity to learn from what it’s like to operate MASQUE on mobile devices, at scale, we plan to integrate it into our Zero Trust enterprise product suite.

We’re not saying goodbye to Wireguard

When we first built WARP we chose to go with Wireguard for many reasons – among them, simplicity. This is where Wireguard shines: ~4,000 lines of code that use public-key cryptography to create an encrypted Continue reading

What’s New: Cloud Automation with amazon.aws 6.0.0

When it comes to Amazon Web Services (AWS) infrastructure automation, the latest release of the certified amazon.aws Collection for Red Hat Ansible Automation Platform brings a number of enhancements to improve the overall user experience and speed up the process from development to production.

This blog post goes through changes and highlights what’s new in the 6.0.0 release of this Ansible Content Collection. We have included numerous bug fixes, features, and code quality improvements that further enhance the amazon.aws Collection. Let's go through some of them!

 

Forward-looking Changes

New boto3/botocore Versioning

The amazon.aws Collection has dropped support for botocore<1.25.0 and boto3<1.22.0. Most modules will continue to work with older versions of the AWS Software Development Kit (SDK), however, compatibility with older versions of the AWS SDK is not guaranteed and will not be tested. When using older versions of the AWS SDK, a warning will be displayed by Ansible. Check out the module documentation for the minimum required version for each module. 

New Python Support Policy

On July 30, 2022, AWS announced that the AWS Command Line Interface (AWS CLI) v1 and AWS SDK for Python (boto3 and Continue reading

Tips for building a home lab to prep for network certifications

Hands-on experience with network hardware and software can solidify certification-test concepts or let you practice skills that may be part of a cert exam, and the process can be helped along by use of a home lab. But how do you go about building one?Start by identifying your learning goals and figuring out the hardware and software they’ll require. If you’re focused on applications, server environments, automation, or identity management, a server for hosting virtual environments may suffice. But if you’re interested in networking at Layers 1, 2 and 3, you’ll need some physical networking hardware such as routers, switches, or hardware firewalls. This is especially true if you’re seeking vendor certification on specific devices.To read this article in full, please click here

Tips for building a home lab to prep for network certifications

Hands-on experience with network hardware and software can solidify certification-test concepts or let you practice skills that may be part of a cert exam, and the process can be helped along by use of a home lab. But how do you go about building one?Start by identifying your learning goals and figuring out the hardware and software they’ll require. If you’re focused on applications, server environments, automation, or identity management, a server for hosting virtual environments may suffice. But if you’re interested in networking at Layers 1, 2 and 3, you’ll need some physical networking hardware such as routers, switches, or hardware firewalls. This is especially true if you’re seeking vendor certification on specific devices.To read this article in full, please click here

Summer Break 2023

Long story short: it’s time for another summer break, as people reporting my bloopers – THANK YOU!!! – know only too well. I plan to be back in early autumn rolling out tons of new content.

I’ll do my best to reply to support requests (it will take longer than usual), and probably won’t be able to resist publishing a few lightweight netlab-related blog posts. If you get bored there’s still over 400 hours of existing content, over 100 podcast episodes, and thousands of blog posts.

In the meantime, get away from work, turn off the Internet, and enjoy a few days in your favorite spot with your loved ones!

Summer Break 2023

Long story short: it’s time for another summer break, as people reporting my bloopers – THANK YOU!!! – know only too well. I plan to be back in early autumn rolling out tons of new content.

I’ll do my best to reply to support requests (it will take longer than usual), and probably won’t be able to resist publishing a few lightweight netlab-related blog posts. If you get bored there’s still over 400 hours of existing content, over 100 podcast episodes, and thousands of blog posts.

In the meantime, get away from work, turn off the Internet, and enjoy a few days in your favorite spot with your loved ones!

What’s New with Cloud Automation with amazon.aws 6.0.0

What's New with Cloud Automation with amazon.aws 6.0.0

When it comes to Amazon Web Services (AWS) infrastructure automation, the latest release of the certified amazon.aws Collection for Red Hat Ansible Automation Platform brings a number of enhancements to improve the overall user experience and speed up the process from development to production.

This blog post goes through changes and highlights what's new in the 6.0.0 release of this Ansible Content Collection. We have included numerous bug fixes, features, and code quality improvements that further enhance the amazon.aws Collection. Let's go through some of them!

Forward-looking Changes

New boto3/botocore Versioning

The amazon.aws Collection has dropped support for botocore<1.25.0 and boto3<1.22.0. Most modules will continue to work with older versions of the AWS Software Development Kit (SDK), however, compatibility with older versions of the AWS SDK is not guaranteed and will not be tested. When using older versions of the AWS SDK, a warning will be displayed by Ansible. Check out the module documentation for the minimum required version for each module. 

New Python Support Policy

On July 30, 2022, AWS announced that the AWS Command Line Interface (AWS Continue reading

Case study: Calico helps Upwork migrate legacy system to Kubernetes on AWS and enforce zero-trust security

Upwork is a freelancing platform that connects a global base of clients to freelancers via job postings. Since going public on the New York Stock Exchange in 2019, the company has become one of the leading freelance platforms worldwide and was named on Time’s list of the 100 Most Influential Companies of 2022.

Upwork’s platform team was running containerized workloads on Consul and Spring Cloud, which required service owners to manually switch to a new code library each time Upwork’s platform team had a new release, and vice versa. This manual switching happened as often as every two months, which was inefficient for a company with over 800 microservices. Also, service owners were not adopting new libraries immediately and could not add upstream and downstream dependencies as needed without going through a review process. Combined, these problems meant that service owners and the cloud engineering and InfoSec teams lacked visibility, were highly susceptible to zero-day attacks and had a slow incident mitigation response.

To solve these problems, Upwork needed to adopt a distributed architecture from the application layer to the network layer. To do this, they required Kubernetes. The switch to Kubernetes meant Upwork’s containers needed to adhere to cloud-native Continue reading

HPE announces a cloud service for large language models

Hewlett Packard Enterprise (HPE) is offering support for demanding AI applications with a new cloud-based service underpinned by the company’s supercomputers.The initial service is designed specifically to facilitate large language models (LLM), but the company says it plans to roll out similar AI services for domain- and industry-specific applications in climate modeling, healthcare and life sciences, financial services, manufacturing, and transportation.All of these will fall under HPE’s GreenLake portfolio, but unlike the rest of GreenLake services, these will be hosted entirely in the cloud. The other services run either entirely on customer premises or in a hybrid on-prem/cloud environment.To read this article in full, please click here

Cisco is buying network monitoring, analysis firm Accedian Networks

Looking to improve network visibility, Cisco plans to buy Accedian Networks, makers of software for monitoring and analyzing network performance.Founded 2004, Accecian sells Skylight, a platform that diagnoses problems and recommends remediation to fix them. The package is aimed at mobile backhaul, data-center services, service providers, and cloud-connectivity customers.The company, which competes with players including IBM, SolarWinds, Progress, NetScout, and Kentik, is already a Cisco business partner. Cisco offers Skylight for near-real-time network performance monitoring, analytics, and assurance within its Cisco Crosswork Network Automation platform for service providers.To read this article in full, please click here

Cloudflare Snippets is now available in alpha

Cloudflare Snippets is now available in alpha

Today we are excited to announce that Cloudflare Snippets is available in alpha. In the coming weeks we will be opening access to our waiting list.

Cloudflare Snippets is now available in alpha

What are Snippets?

Over the past two years we have released a number of new rules products such as Transform Rules, Cache Rules, Origin Rules, Config Rules and Redirect Rules. These new products give more control to customers on how we process their traffic as it flows through our global network. The feedback on these products so far has been overwhelmingly positive. However, our customers still occasionally need the ability to do more than the out-of-the-box functionality allows. Not just adding an HTTP header - but performing some advanced calculation to create the output.

For these cases, Cloudflare Snippets comes to the rescue. Snippets are small pieces of user created JavaScript that are run by Cloudflare before your website, API or application is served to the user. If you're familiar with Cloudflare Workers, our robust developer platform, then you'll find Snippets to be a familiar addition. For those who are not, Snippets are designed to be easily created, tested, and deployed. Providing you with the ability to deploy your custom JavaScript Snippet to Continue reading

Part 2: Rethinking cache purge with a new architecture

Part 2: Rethinking cache purge with a new architecture
Part 2: Rethinking cache purge with a new architecture

In Part 1: Rethinking Cache Purge, Fast and Scalable Global Cache Invalidation, we outlined the importance of cache invalidation and the difficulties of purging caches, how our existing purge system was designed and performed, and we gave a high level overview of what we wanted our new Cache Purge system to look like.

It’s been a while since we published the first blog post and it’s time for an update on what we’ve been working on. In this post we’ll be talking about some of the architecture improvements we’ve made so far and what we’re working on now.

Cache Purge end to end

We touched on the high level design of what we called the “coreless” purge system in part 1, but let’s dive deeper into what that design encompasses by following a purge request from end to end:

Part 2: Rethinking cache purge with a new architecture

Step 1: Request received locally

An API request to Cloudflare is routed to the nearest Cloudflare data center and passed to an API Gateway worker. This worker looks at the request URL to see which service it should be sent to and forwards the request to the appropriate upstream backend. Most endpoints of the Cloudflare API are currently handled by Continue reading

Spotlight on Zero Trust: We’re fastest and here’s the proof

Spotlight on Zero Trust: We're fastest and here's the proof
Spotlight on Zero Trust: We're fastest and here's the proof

In January and in March we posted blogs outlining how Cloudflare performed against others in Zero Trust. The conclusion in both cases was that Cloudflare was faster than Zscaler and Netskope in a variety of Zero Trust scenarios. For Speed Week, we’re bringing back these tests and upping the ante: we’re testing more providers against more public Internet endpoints in more regions than we have in the past.

For these tests, we tested three Zero Trust scenarios: Secure Web Gateway (SWG), Zero Trust Network Access (ZTNA), and Remote Browser Isolation (RBI). We tested against three competitors: Zscaler, Netskope, and Palo Alto Networks. We tested these scenarios from 12 regions around the world, up from the four we’d previously tested with. The results are that Cloudflare is the fastest Secure Web Gateway in 42% of testing scenarios, the most of any provider. Cloudflare is 46% faster than Zscaler, 56% faster than Netskope, and 10% faster than Palo Alto for ZTNA, and 64% faster than Zscaler for RBI scenarios.

In this blog, we’ll provide a refresher on why performance matters, do a deep dive on how we’re faster for each scenario, and we’ll talk about how we measured performance for each product.

Continue reading

It’s never been easier to migrate thanks to Cloudflare’s new Migration Hub

It's never been easier to migrate thanks to Cloudflare's new Migration Hub
It's never been easier to migrate thanks to Cloudflare's new Migration Hub

We understand the pain points associated with CDN migrations. That's why in late 2021 we introduced Turpentine, a project to  the process of translating the old Varnish Configuration Language (VCL) into Cloudflare Workers with just a push of a button. After nearly two years of testing and user feedback, we’ve tailored the migration processes for different user groups.

Today, we are thrilled to relaunch Turpentine, and introduce Cloudflare's new Migration Hub. The Migration Hub serves as a one-stop-shop for all migration needs, featuring brand-new migration guides that bring transparency and simplicity to the process.

We also know that a large number of customers aren't comfortable doing migrations themselves. Years of built up business logic makes unpacking and translating CDN configurations between different vendors difficult and locks businesses into subpar products and services. To help these customers we have established a Professional Services group to ensure smooth migrations for customers transitioning to Cloudflare’s first-class products. Going forward, we plan to continue to invest resources in Turpentine to ensure that moving to any part of Cloudflare is easy and you have the help you need.

Why choose Cloudflare?

Cloudflare has gained immense popularity among businesses seeking to improve website performance, security, Continue reading

1 229 230 231 232 233 3,795