Cloudflare for Offices (opens in new tab)

(blog.cloudflare.com)

39 pointsgeostyx4y ago14 comments

14 comments

Physical security of these boxes is really interesting (e.g. as CF holds a lot of SSL certificates the profit of hacking into these boxes is likely a lot higher than looks at first glance)

kylehotchkiss4y ago

Interesting - does this mean Cloudflare is becoming an ISP for these offices, and could they potentially spread into residential networks as well?

losvedir4y ago

When I think of Cloudflare workers and such, I think of the public internet. If you have a public web app and you want low latency all around the globe, a worker is a great option.

This is the opposite of that. Are they targeting "inhouse apps" that until now would be self hosted by the organization? Basically cloud apps where the cloud is in your own building? Do they have good firewalls and access control for that, for different businesses in the same building? Can a business in the future install their own one of these?

Or is this just about businesses having access to the full Cloudflare network, just a little bit faster?

jiveturkey4y ago

> First and foremost, it eliminates the need to rely on the costly, rigid hardware solutions

Instead, you have to depend on "free" (wrapped up in subscription charges), rigid hardware solutions provided only by Cloudflare.

It's an interesting product, and furthers Cloudflare's dominance strategy. It provides real value and at a cost that is invisible.

glecedric4y ago

I don't understand their statement about MPLS and security: "a need for MPLS to make their network operate securely"

Isn't MPLS used for routing and building SDN fabric where you applied a bunch of QoS rules depending of the MPLS tags ?, which as nothing to do with security.

j16sdiz4y ago

MPLS VPN, I guess

https://en.m.wikipedia.org/wiki/MPLS_VPN

touringa4y ago

I also noticed the writing was particularly poor. And not just the technical detail... Everything from grammar to general syntax needs tweaking for ease-of-reading.

NetworkGuyJT4y ago

The switch pictured in the article looks exactly like a Melanox SN2010.

NetworkGuyJT4y ago

I wonder if they have been able to fit enough CPU, RAM and SSD in there to handle proxy and caching services.

jshier4y ago

Yeah, could really use some details about the hardware, especially when they mentioned energy efficiency, heat production, and performance in the article, but gave no comparisons to anything for their hardware.

2Gkashmiri4y ago

how does this compare to simply using zerotier or tailscale?

DenseComet4y ago

Cloudflare Access does Zero Trust, something like Tailscale provides a mesh network with SSO. Tailscale has cool ACL rules, but it's not really the best way to implement true Zero Trust, especially for web applications.

I personally use Tailscale for as its a lot easier to use when you're the only one on the network compared to configuring Access for everything, but CF's zero trust stuff is quite enticing if you're running a business.

ignoramous4y ago

> Tailscale has cool ACL rules, but it's not really the best way to implement true Zero Trust, especially for web applications.

authzed.com is a better fit if you need ACLs for your web properties (Tailscale ACLs are super-clean though and I fully intend to copy it for one of my projects).

ignoramous4y ago

tailscale and zerotier are software-based solutions.

Cloudflare is rolling out physical lines directly to offices (like ISPs do, for ex https://www.tatacommunications.com/solutions/).

j / k navigate · click thread line to collapse

14 comments

wizzard04y ago

Physical security of these boxes is really interesting (e.g. as CF holds a lot of SSL certificates the profit of hacking into these boxes is likely a lot higher than looks at first glance)

kylehotchkiss4y ago

Interesting - does this mean Cloudflare is becoming an ISP for these offices, and could they potentially spread into residential networks as well?

losvedir4y ago

When I think of Cloudflare workers and such, I think of the public internet. If you have a public web app and you want low latency all around the globe, a worker is a great option.

Or is this just about businesses having access to the full Cloudflare network, just a little bit faster?

jiveturkey4y ago

> First and foremost, it eliminates the need to rely on the costly, rigid hardware solutions

Instead, you have to depend on "free" (wrapped up in subscription charges), rigid hardware solutions provided only by Cloudflare.

It's an interesting product, and furthers Cloudflare's dominance strategy. It provides real value and at a cost that is invisible.

glecedric4y ago

I don't understand their statement about MPLS and security: "a need for MPLS to make their network operate securely"

Isn't MPLS used for routing and building SDN fabric where you applied a bunch of QoS rules depending of the MPLS tags ?, which as nothing to do with security.

j16sdiz4y ago

MPLS VPN, I guess

https://en.m.wikipedia.org/wiki/MPLS_VPN

touringa4y ago

I also noticed the writing was particularly poor. And not just the technical detail... Everything from grammar to general syntax needs tweaking for ease-of-reading.

NetworkGuyJT4y ago

The switch pictured in the article looks exactly like a Melanox SN2010.

NetworkGuyJT4y ago

I wonder if they have been able to fit enough CPU, RAM and SSD in there to handle proxy and caching services.

jshier4y ago

2Gkashmiri4y ago

how does this compare to simply using zerotier or tailscale?

DenseComet4y ago

ignoramous4y ago

> Tailscale has cool ACL rules, but it's not really the best way to implement true Zero Trust, especially for web applications.

authzed.com is a better fit if you need ACLs for your web properties (Tailscale ACLs are super-clean though and I fully intend to copy it for one of my projects).

ignoramous4y ago

tailscale and zerotier are software-based solutions.

Cloudflare is rolling out physical lines directly to offices (like ISPs do, for ex https://www.tatacommunications.com/solutions/).

j / k navigate · click thread line to collapse