Upload
cloudflare
View
1.323
Download
0
Embed Size (px)
Citation preview
SSL for SaaS ProvidersFully managed HTTPS for custom vanity domains
// Agenda
• Housekeeping (2 Min.)• Cloudflare Overview (5 Min.)• SSL for SaaS Overview (10 Min.)• SSL for SaaS Product Demo (10 Min.)• Q&A Session (10 Min.)
Patrick DonahueSecurity Engineering Product Lead
Cloudflare
Brady GentileProduct Marketing
Cloudflare
Speakers
Housekeeping
● Stay to the end to get presentation slides and recording
● Ask questions in the “Questions” chat box in ReadyTalk
● We’ll triage all questions at the end of the presentation
● All attendees are muted
116Data centers globally
Cloudflare’s Global Anycast Network
2xSpeeds up each request by
10%Internet requests
everyday
5MRequests/second
6M+ websites, apps, & APIs in 150+ countries2.5B monthly active visitors generating 1.3 trillion page views
DDoS ProtectionCloudflare’s 10 Tbps global Anycast network of 116 data centers across 57 countries is 10x bigger than the largest distributed attack ever recorded.
WAFOur web application firewall benefits from the collective intelligence of our entire network.
SSLHTTPS is a must-have for modern websites, and Cloudflare makes it easy to configure SSL.
Secure RegistrarRegistering your domain through Cloudflare is the most secure way to protect your trademark from domain hijacking.
Dedicated SSL CertificatesWith a few clicks within the Cloudflare dashboard, you can easily and quickly issue new certificates, securely generate private keys and more.
Rate LimitingRate Limiting gives you granular controls to detect bad traffic, customized rulesets to ensure that your legitimate visitors are not impacted, and insights to improve your security posture as attacks evolve.
“Thanks to the great support we received from the Cloudflare team, especially during our peak weeks in May, we’ve felt more secure that the sites would keep running smooth regardless of amounts of traffic—and they have.”
Wouter van Vilet, Project DeveloperEurovision Song Contest at EBU/EUROVISION
CDNMoving content physically closer to visitors with our CDN.
Website OptimizationCloudflare lets you automatically enable the latest in web technologies.
DNSCloudflare is one of the fastest managed DNS providers in the world.
SSLModern SSL isn’t just for security—it can actually improve the performance of your website.
Dedicated SSL CertificatesWith a few clicks within the Cloudflare dashboard, you can easily and quickly issue new certificates, securely generate private keys and more.
Load BalancingCloudflare Load Balancing provides load balancing, geo-steering, monitoring and failover for your Internet facing infrastructure enhancing service availability.
“We were looking for a solution that would supercharge our website, load site content at lightning-fast speed no matter visitors’ location, shield us from web threats, and help us optimize our front and back-end systems.”
Amanda Kleha, GMOnline Business Unit
Argo Smart RoutingArgo improves performance by routing visitors through the least congested and most reliable paths using Cloudflare's private network.
© 2017 Cloudflare Inc. All rights reserved.
SaaS Provider
Challenges with serving branded domains
Unencrypted but Branded Vanity DomainCustom vanity domains without SSL lack performance benefits of SSL and secure data transfer, making them vulnerable to snooping and content being modified or
injected before reaching visitors.
Challenging In-House ApproachSaaS providers who recognize the benefits of
encrypted branded custom domains can either manually manage SSL lifecycles, resulting in long deployment times and overhead costs, or build a
complex automated in-house solution.
✕ http://support.customer.com
SSL
Encrypted but Unbranded DomainDomains which have SSL enabled through a SaaS
provider lack a custom vanity domain, resulting in brand degradation and lower SEO rankings.
https://customer.saascompany.com
SSL
https://support.customer.com
CustomerVanity Domain
Branded
Customer using SaaS Provider
Subdomain
Non branded
CustomerVanity Domain
BrandedNo SSL
SaaS Provider
SaaS Provider
© 2017 Cloudflare Inc. All rights reserved.
Challenging In-House Roadmap
HTTP-onlyCNAMEs
Manuallyupload
certificates
Manually manage
certificate renewals
Build and train customer contact
team
Custom API integration (e.g.,
using Let’s Encrypt )
Time
EngineeringEffort
Automated Path
Manual Path
As # of websites
grows
Global certificate distribution
network, protection from attack
Manual outreach efforts to customers
in advance of expiration
Advanced challenges
Securely handle and dynamically load encryption keys
Ongoing code maintenance
and continued support efforts
Cloudflare Path Easy Cloudflare API / UI integration
© 2017 Cloudflare Inc. All rights reserved.
Branded Visitor ExperiencesFull brand recognition for end users through a CNAME’d vanity URL.
SaaS Provider
Rapid SSL DeploymentsCloudflare immediately transmits new
certificate requests, propagating them to the edge and bringing HTTPS online in less than 2
minutes on average.
Automated Lifecycle ManagementCloudflare manages the entire SSL lifecycle for both SaaS providers and end users, requiring no ongoing effort by either party.
Cloudflare SSL for SaaS
Customer Branded Domain
SSLSSL
1. Purchases SSL certificate from authority
2. Provisions and manages certificate for customer vanity domains
3. Automatically renews certificates for customer vanity domains
Secure and Performant WebsiteSecure the transmission of visitor data over HTTPS and offer end users the performance benefits of the HTTP/2 protocol, only available with SSL.
https://support.customer.com
// SSL for SaaS Product Demo
Configure Using Cloudflare Dashboard
Configure Using Cloudflare Dashboard
Configure Using Cloudflare Dashboard
Configure Using Cloudflare API
$ curl -X POST "https://api.cloudflare.com/client/v4/zones/[zoneid]/custom_hostnames" -H "X-Auth-Email: [email]” -H: “X-Auth-Key: [key]” -H "Content-Type: application/json"\
--data '{ hostname:"support.customer.com", ssl: { "method": "http", "type": "dv" }}’
HTTP/1.1 201 Created{ id: "0d89c70d-ad9f-4843-b99f-6cc0252067e9", hostname:"support.customer.com", ssl: { id: "3d54c70d-0a96-1209-e6ba-821c70a505a1", method: "http", type: "dv" status: "initializing"}
Initializing
Pending Validation
Pending Issuance
Pending Deployment
Active
Demo link
// Summary of Benefits
Benefits of SSL for SaaS for End Customers
Increased Performance Browsers must connect over
TLS in order to advertise support for (and use)
HTTP/2 and SPDY. With Cloudflare, these
connections are terminated close to browsers, resulting
in lower latency.
No effort requiredWith many providers,
customers are on their own acquiring and uploading SSL
certificates (and renewing when the certificate expires). With Cloudflare, there are no
additional steps besides pointing their custom domain
to the SaaS provider.
Security and Privacy Without HTTPS, website
operators have no guarantee that content is
not being modified en route to visitors. HTTPS allows SaaS providers to
protect the privacy of their users.
Improved SEO
Since August 2014, Google has given an SEO boost to sites
that use HTTPS. Another factor in
SEO (and conversions) is page load performance.
Easy and fast customer onboarding
No additional work is required by your
customers. Once the customer points their
domain to you, Cloudflare handles the rest in 60-90
seconds.
Benefits of SSL for SaaS for SaaS Providers
Reduced risk related to private key handling
Asking customers for their private keys can be risky,
especially when these keys are used to issue wildcard certificates. Strict controls must be implemented to
handle keys securely.
Branded customer experiences
Your customers have come to expect SSL for their custom domains,
and look for this capability when selecting
a SaaS provider.
Protection of your shared infrastructure Attackers may not know
(or care) they’re DDoS’ing your infrastructure that
supports customers other than the target of their
attack. Cloudflare protects your origin
servers while reducing bandwidth costs.
// Resources
● Industry Solution Information: Cloudflare for SaaS Providers https://www.cloudflare/com/saas/
● Technical Blog Posting: Introducing SSL for SaaS: A Brief Technical Overview https://blog.cloudflare.com/introducing-ssl-for-saas/
● White Paper: A SaaS Provider Survival Guide: Performance, Security, and Encryption Essentials for Online Applications https://www.cloudflare.com/media/pdf/ssl-saas-white-paper.pdf
// Q&A