Cloudflare TV

🎂 What Launched Today - Monday, September 25

Presented by Dina Kozlov, Natasha Wissmann
Originally aired on 

Welcome to Cloudflare Birthday Week 2023!

2023 marks Cloudflare’s 13th birthday! Each day this week we will announce new products and host fascinating discussions with guests including product experts, customers, and industry peers.

Tune in all week for more news, announcements, and thought-provoking discussions!

Read the blog posts:

Visit the Birthday Week Hub for every announcement and CFTV episode — check back all week for more!

Birthday Week

Transcript (Beta)

Hello. Welcome everyone to Birthday Week. My name is Dina Kozlov. I'm a product manager here at Cloudflare and I'm here with Natasha.

Natasha, I want to introduce yourself.

Hi, everybody. My name is Natasha. I'm also a product manager here at Cloudflare.

And today we're going to be talking about what we launched today for Birthday Week.

But before we get into all of the exciting announcements, what is Birthday Week?

Birthday Week was actually Cloudflare's first ever innovation week. With our innovation weeks, we like to have a set of announcements around different features and products and technical deep dives and partnerships.

And we've been doing this for many years.

It's been a long running tradition at Cloudflare. And one of my favorite things about Birthday Week is that the whole mission and theme around it is giving back to the Internet.

And so that's exactly what we're going to be doing this week with all of the announcements that we have going out day by day.

So to recap, oh, go ahead. What are the announcements? We're good. It's a great question.

So today we had a number of exciting announcements. We'll deep dive through a few.

The first one, and you can watch a dedicated Cloudflare TV session about it.

We published a report that shows that by moving from on-prem to Cloudflare, you can reduce carbon emissions by up to 96%, which is really significant.

It's really important for any customers that are trying to go green and have goals that they want to hit.

Moving to Cloudflare is one of the easiest ways to do that. Another thing that we launched, and we'll talk about this during our session, is incident alerts and Cloudflare permissions for everyone.

Something else that we launched, we have two features that are going to boost our customers' performance.

So one of them is fast fonts.

Essentially, one of the invisible adders of latency that goes on is fonts.

Essentially, when you want to load a web page, you probably have fonts on that page.

And those assets need to be served from some server. And so we usually go externally to go and fetch those and come back.

And so that does add a bit of latency to the whole request.

And so what we're going to start doing now is serving those fonts directly from Cloudflare Network so that we reduce the need to go externally and boost your performance.

It's available for everyone. And it will come out next week.

So stay tuned for it. The other thing that we are launching today is low latency live streaming beta.

So all of our stream customers, this is incredibly an incredibly important feature if you're looking to live stream sports or gaming.

And so we launched our closed beta some time ago.

Now we have our open beta. And I know we've made a number of improvements since.

One of them is we've very much boosted the performance from the last version.

So if you're a stream customer, you can go ahead and try that out today. The other thing we have is Cloudflare Trace.

When requests go through the Cloudflare Network, there's not much visibility into what happens.

You can have a number of rules.

And let's say there's an issue that's going on, and you want to quickly debug.

You're like, oh, is this rule running? Or what exactly is happening?

Or is there a conflict somewhere? We are now giving customers visibility into exactly what happens.

We're showing them all of the rules and settings that are invoked when that request goes through us.

And so it's really going to help give you the transparency to debug, but also to just ensure that you've set everything up correctly before you put your site into production.

And then if you want a technical deep dive on Cloudflare's network, make sure to read our blog post that we launched.

It highlights how we use machine learning to intelligently route traffic.

And one of our product managers, David Tuber, is going to be having a Cloudflare TV segment later today that also dives into everything that we talked about in the blog post.

So I highly recommend watching the segment.

But today, I want to highlight, we're going to highlight two major announcements, one which is incident alerts.

So Natasha, can you give us a bit of background around this?

Yeah, absolutely. So here at Cloudflare, we're pretty aware that a lot of assets on the Internet, a lot of Internet properties go through Cloudflare and depend on Cloudflare.

And so one thing that's really important to us is to be as stable of a network as possible.

That being said, things happen sometimes, as they do with any network.

And our kind of secondary goal is we just want to be as transparent as possible, right?

So if something's happening to us, we know that it's likely impacting our customers as well.

And we want them to know that, yes, this is a problem. We have figured out that it's a problem.

It is us. We are fixing it. We're fixing it as soon as possible.

But in the meantime, let your end users know that there is a If you get questions from your end users on why can't they access your Internet property, we want you to know, we know.

We want you to have actually an answer for them and say, yes, this is an issue that's getting fixed right now, as opposed to you having to get questions from your end users on why is this broken.

And then you, as the owner of an Internet property, have to go in and look into exactly what is going on on your side.

And is it you, or is it someone that you use, one of your vendors? Is it us? Is it anything else?

Is it an issue with the Internet as a whole? You don't want to have to waste your time investigating what's actually going on.

You want to know.

So previously, and we still have the Cloudflare status page, where as soon as we have an incident with any of our services, right?

So it's not even necessarily Cloudflare as a whole is having a problem.

It could be Cloudflare Stream is having a problem.

It could be Cloudflare Pages is having a problem. It could be something is slow, but not necessarily all the way down.

All of those kinds of situations, we will call incidents for.

Because again, we want you to know what's going on with our network.

We will post all of those incidents to the Cloudflare status page.

So previously, what you would have to do is you would have to make sure that you are constantly checking the Cloudflare status page to see, OK, is it Cloudflare?

Is Cloudflare having an issue? If I'm seeing an issue, is it Cloudflare?

That's not super convenient, right? So you don't want to have to go and check a status page every time something might be happening.

Do you even remember to check the status?

I don't remember to check the status page of every service that I use.

It gets very complicated, and it's a lot of things to remember.

So we also had a API that you could hit, so the status page APIs. You could actually check something every so often to see are there any issues on Cloudflare's side.

APIs aren't super convenient because you have to still check them, right?

It's the same problem as you were having with the status page, where you're the one that has to go in, hit the API, and see if anything's going on.

Or you have to set up some sort of job to check the API every so often to see if anything's going on, which is more work on your side.

It's something that you have to build, which just isn't super convenient, right?

Cloudflare should do it for you. So the purpose of alerts in general is to not have to check anything.

It's instead of you as the customer needs to pull the information from somewhere, we're going to push the information to you.

So with these alerts, we're actually going to tell you as soon as something is happening.

You don't have to remember to check anywhere. You don't have to set up some job that's going to check anything for you.

We're just going to tell you.

That sounds incredible. Even just this last week, there's a service that we use.

And I went on it, and it was down. And I kept refreshing.

And I was like, is it me? And I started pinging people. And they were like, some people were not having the issue.

Some people were. And I was just like, what is going on?

What do I need to do? And then eventually found a status page.

But it would have been so nice to just have been automatically alerted. This thing that you're using is having some issues right now.

Stay tuned. And that way, because otherwise, you start going into a loop where you're like, is this something that we did?

Are others experiencing this as well? Do I need to unplug my router and plug it in again?

Exactly. So that's really so great that we are launching this.

And so when exactly are we going to alert customers? Let's say there's an issue.

Yeah. So we will alert for, or you can choose to set up an alert for absolutely any incident that happens at Cloudflare.

So again, that could be something from a very critical incident where Cloudflare as a whole is having an issue and your end users aren't able to reach your Internet property.

Or it could be something as small as, like I said earlier, maybe pages are going slow.

And we just want you to know that they're going slow.

Maybe it doesn't have a huge impact on your customers, but you can still, in case anyone writes in, you'll still be able to know.

You can also, a lot of our incidents are specific geographies. So you can also see like, I got this alert on this incident.

Maybe it's just for China.

And that doesn't actually impact any of my end users, but we'll still post an alert for it.

So anything that has an impact on Cloudflare's network, we're going to let you know.

Got it. And I guess with that, two questions. First is what are all the knobs?

It sounds like there's a few different ones on choosing which alerts you want to receive.

And then within the notice, what is all of the information that we're going to provide to customers?

Yeah, absolutely. So the knobs that we have, maybe you don't want to get alerted on pages, right?

Maybe you're a customer that doesn't use Cloudflare pages.

Maybe you're a customer that doesn't use Cloudflare stream.

Maybe you don't use the Cloudflare- You set it up once, but like you're not actually using it.

So it's not- Right. Or like none of your traffic is going through there.

So actually if Cloudflare, whatever service is having an incident, you don't care.

So that's one of the knobs, right? You can choose to either be alerted on anything, or you can choose the very specific Cloudflare services that actually impact you, that you want to be alerted on.

Yeah. So you don't have to be alerted on everything.

You don't have to get inundated with millions of alerts all of the time.

Not that you would. We don't have that many incidents, but still you don't have to get alerted on things that you don't care about.

That's one of them. The other one is that Cloudflare classifies all of our alerts as sort of like critical, important, or minor.

So there's a different classification of how big the incident is.

And you can choose which type of alerts you want to be alerted on for that.

So maybe you don't care if it's a minor incident.

Maybe it's not actually that important to you if something's going slow, but it is really important to you if something is going down.

And so you can set up an alert just for critical things. Or you can set up an alert just for minor things if you really wanted to.

Or you can set up an alert for everything.

So you can choose the kind of things that you want to get alerted on. It's not really a one-size-fits-all deal.

Got it. And within the notice, did we say what incident we're having, who all is impacted?

Great question. So we say the same exact thing that we say on the status page.

We say this is as much information as we know about the incident right now.

Sometimes we are still investigating. We're still seeing what's going on and what the exact cause is.

So we don't have as much information as we would like.

And so we post the service that is impacted. If we can, we post the geography that is impacted.

It's not always a geographical incident.

Sometimes it's all over the world. Sometimes it's only in a very specific place.

As much information as we have, we'll post. So whatever you see on the status page is going to be a part of the alert itself.

So then, again, if you have an Internet property on Cloudflare, what you probably want to do is you get this alert and you go, OK, great.

Is my traffic impacted? That's what we all want to know.

Great. You're having an incident. Do I care? Should I care? Do my end users care?

And so what you can do is you can go onto the analytics page and you can see exactly what's happening to your traffic.

You can see if there's errors. You can see if there's anything kind of funky going on.

And you can investigate specifically for your Internet properties what's happening, should you care.

Got it. And as the incident goes from identified, resolving, monitoring, do we send an update for every stage?

We will indeed. So it's not just there's an incident and then we leave you wondering what exactly is happening with it.

What ended up happening with it?

Right. Did that ever get solved? Yeah. We will post every time we post an update to the status page, which we do on a regular cadence.

We will post, we'll send that same alert out to you so you can see, OK, we identified an incident.

We figured out what the root cause is.

We've resolved it. You'll get a different alert for each of those.

Got it. That's perfect. That sounds great. And so how can customers receive alerts?

Is it just email? It is not just email. I don't know about you, Dina.

I do not check all of my emails all of the time. I'm not at my email inbox refreshing all the time and checking.

I have off hours. And so we have three different ways that customers can receive alerts depending on your Cloudflare plan.

So everyone receives emails. If you are a free user, you have a free account, free zone, you can receive emails for all of these incidents.

If you have any sort of paid plan, so you're paying for a Cloudflare service or you are paying for a Internet property that's on a higher plan, any of those will get webhooks.

So webhooks are super cool. Basically, we will send a payload to any potential destination you want to receive a payload at.

So that could be Slack. If your company uses Slack to monitor things, you can send a webhook into Slack.

If your company uses GChat, if they use Microsoft Teams, if you want to send a webhook to service now, you can do that.

If you want to send a webhook into any sort of service that kicks off an automated process, you can do that as well.

If you want to send a webhook into one of your own internal APIs and you actually want to do something with that webhook without any human intervention, you can do that too.

So webhooks are super awesome.

They're super flexible. You can kind of do whatever you want with them.

And again, if you are a paying customer, you can get webhooks and you can configure those to go wherever you want.

The last option, we actually allow pager duty as well.

So enterprise customers get pager duty integrations. So it will directly send an alert to pager duty, which maybe you just want critical incidents to go into pager duty.

Maybe only the really big ones. And you want someone to actually get paged in the middle of the night if something's happening.

So you can do that as well. Nice. Yeah, that makes sense. I know. So I work in the SSL team.

And so we take our own SSL alerts and we have a webhook that goes to our SSL alerts, gchat channel.

And so there it's so nice because in the middle of the workday you're working and so automatically it shows up and you don't miss in on the whole team has visibility.

So highly recommend to take advantage of webhooks and all other methods.

But aside from that, are there any other alerts that you'd like to highlight or any recent improvements that we made?

Yeah, absolutely.

We have 56 types of available alerts today. I remember the first. That's crazy.

Right? We've come a long way since 2019. So there's a lot of different things that you can configure for.

If you use the Cloudflare firewall, you can configure alerts for your firewall.

If there's a spike in your firewall events, if you are any customer, actually free paid enterprise, whatever, we have passive origin monitoring where we will monitor errors from your origin and say, okay, we're getting too many errors from your origin.

We think that there's something wrong.

You should probably check it out. That's not something we can do anything about because it is your origin, but you should go check it out.

And then a lot of our individual products have alerts as well.

So like Deana was just saying, SSL has alerts.

So we'll alert you if your cert is going to expire. Script monitoring is a product that has lots of alerts.

So you can see if there's new JavaScript on your page.

Origin error. Origin error rate. Yep. So a little bit more complicated than passive origin monitoring.

We do a lot of math to see if there's a ton of errors at your origin.

There's a lot of different options while you go in to configure your incident alert, your new notification on the notifications tab on the Cloudflare dashboard.

You can also see all of the other alerts that you have access to and see if you want to set any of those up as well.

Nice. So make sure to check that out. Very important feature. I know a lot of customers are going to be excited about this and even internal teams.

We use Cloudflare as well.

And so the other thing that we launched today is a thing called account permissions and roles.

It's something that was previously only available to enterprise customers.

And today, one of our gifts back to our customers was to make it available on all Cloudflare plans, even the free one.

And so with that, Natasha, why don't you tell us a little bit more about what a Cloudflare role is?

Yeah, absolutely. So when you're giving, if you own a Cloudflare account for your company, maybe you've got a small business, you want to add more users to that account, right?

You want your employees to be able to go onto your Cloudflare account and do something.

But especially if you have a larger business, you don't always want every employee to be able to do the same things.

So there's certain roles that you might have at your company that different individuals should have access to.

What you don't want to do is you don't want to have to go through and say, here's every single button you could press on Cloudflare's dashboard.

And here is the permission that is associated with that button.

And for this new user that I'm adding to my Cloudflare account, I have to go through hundreds of permissions and see what they actually need.

No, that's, that would be a management nightmare.

And you know, you're going to miss one permission and not be able to do something.

And it's going to be very, very confusing. So instead we have this concept of roles and a role is a group of permissions.

So a group of permissions that's commonly grouped together so you can do something.

That way you don't have to go through and add everything individually.

Right. With the amount of Cloudflare features and products that are growing every single day, that it just does not scale.

But what are some examples of roles that we have within the Cloudflare dashboard or ecosystem?

Yeah, absolutely. So we have some kind of more generic roles.

So administrator is probably one of the more popular roles that we have.

So administrator is someone that can do pretty much everything on the Cloudflare dashboard.

You have access to all of the products.

You can see all of the things. The only thing that you can't do is manage the people on the account.

So we have a super special role called super administrator in which you can, again, do everything on the account, access all the products, see all the things, but you can also manage who belongs to the account.

Then we have more specific roles for I'm actually doing a certain action.

So one of our more popular ones is analytics.

So if you want the users at your company to be able to go into your Cloudflare account and view what's going on, maybe they just received an alert and they want to go see whether that alert is impacting them.

They want to go to their analytics page.

You can have a role just for analytics. They can go in and they can see everything on the analytics page.

They can see what's going on, but they won't be able to see any sensitive information like your DNS records.

They won't be able to edit anything. No one can accidentally turn off your firewall or anything like that.

So it's a way to lock down those permissions and just have it viewed specifically.

And then a lot of our products have very specific permission sets as well.

So you can get a pages administrator if you just want to work on pages.

You can get a firewall administrator if you just want to be able to edit the firewall and not edit any other products.

So you can lock things down pretty far.

And why do we even have roles? Why are they so important? Yeah. So like I said, it's really about grouping all of these permissions together, not having to know what each permission is.

And then we did find that a lot of these groupings were really common.

So a lot of our customers have roles where they actually want users to only have access to the analytics page, or they only want users to have access to pages or any of our other products.

So customers kept doing the same thing over and over again.

And we said, all right, that's a lot of work for you guys.

Let's group people together. Yeah. And from just a security standpoint, it's so important as well of just being able to lock down that access.

And especially, like you said, I know we talked to customers there.

They usually have someone who's dedicated to DNS, and that person is very separate than the person dedicated to SSL and WAF.

And so they really need to make sure that they separate those permissions.

Even within Cloudflare, like I mentioned, it's very common for every team to use Cloudflare services.

And so I know we have, for example, an SSL team, we have our own account.

And thankfully, I do not have write permissions.

I should not have those. I can go, I can go take a look. I can get that visibility, but I need to know that I don't have access to accidentally mess something up.

And so it's really good to have that in place. And so I know that we have users, but we also have tokens.

What is the difference between the two?

And when would you use one rather than the other? Absolutely. So the majority of us, when we go to a website, we are a user on the website, right?

I am using my device. I am hitting a UI. I'm actually viewing information. When I do that, if I am signed into Cloudflare, Cloudflare can say, this is Natasha at Cloudflare, and she is doing these actions.

So as my user, you can tell what I'm doing.

And then when I go to do something, you can check my permissions on that account.

And you can say, this user has access to this thing. It's by your email, right?

For Cloudflare login. Yeah, for Cloudflare and for I think most companies.

Email or username or whatever companies call it these days. Single sign on.

Single sign on. Yes. So the other option is if I'm trying to do a lot of things at once, a lot of times I won't actually go onto a UI.

I won't go onto the website itself.

Instead, I'll hit the APIs directly. So if I'm trying to update firewall permissions across all of the Internet properties that I have, I might do that via API because that's just a lot easier to do API.

I can do it in bulk. To hit one of the Cloudflare APIs, you need an API token.

So I can create that token on the dashboard, and I can, again, assign it a role.

So I can say, this token, I only want to be used for viewing analytics.

That way, if I go in to view something, I can use that token.

I can know I'm not accidentally making a mistake because that's one of the issues with bulk updating things, right?

Is I'm doing it in bulk.

If I make a mistake, I'm making a very big mistake. So like with users, you can assign roles to tokens as well.

That's great. And so I know something that we recently launched is domain sculpturals.

So can you tell us a bit more about what that is?

And I guess how is it different from the world before? Yeah, absolutely. So when you create a Cloudflare account, you can have a lot of different domains, a lot of different Internet properties on your Cloudflare account.

And not all of those Internet properties are created equally, should I say.

So you might have different uses for all of those different Internet properties.

So I know on a lot of our internal use cases that we have, we have one domain for staging and one domain for production.

And I am allowed to go into the staging domain. And I should be. And if I screw something up in there, it's not a big deal, right?

Because that's not actually serving any traffic to our end users.

Our production domain is a lot more important.

It is a lot more dangerous. And so our roles are actually pretty locked down for that one.

What I don't want to do is I don't want to have to make two different accounts and then manage all of the users on two different accounts and figure out what to do for everyone on two different accounts.

That's just doubling all of my work.

Instead, I want to have one account. And I want to be able to say, OK, here are the users that can access this Internet property on this account, this domain, the staging one.

And then here are these far smaller group of users that can access the production domain.

I can actually go in and update something over there.

So again, the issue that we're solving here is that not everyone at your company needs to access all of the domains on your account.

And you want them to not be able to access them.

So another use case that we have is if you're a consulting company and you have a lot of different Internet properties, a lot of different domains on your account, but you have different users that are accessing different domains.

So maybe whatever the end users that you have are that are actually maintaining their individual Internet properties, you just want to give them access to their domain.

You don't want them to have access to all of the other domains for all of your other customers because they should only have access to their stuff.

So that's another thing you can do with domain scope tools. Nice.

And I know that was actually one of our top feature requests for years. So it's very exciting when we launched it.

And with that, is it possible to have multiple roles?

Am I confined to one? You are not confined to one. You can have multiple.

So if you want one of your end users to have access to analytics and audit logs, right?

So those are two view only products. You can't go in and edit any data in either of those products.

You can do that. You can say this user has two different roles.

They have analytics and they have audit logs viewer. And they can do both things without needing to be an administrator and get access to everything.

Nice. And I know even one of the ways that, for example, let's say an action is made erroneously for some reason.

One way that you can always go back and do exactly what happened is within the audit logs.

It's going to tell you exactly who made the change, what time it was made, what service was impacted.

So highly recommend using that.

But other than that, do you have any other recommendations for our customers?

Biggest recommendation is when you're adding users to your account, adding various employees, keep their access locked down as much as possible, right?

If someone can't go in, doesn't have permissions to go in and edit DNS records, they're not going to accidentally edit DNS records.

So when you're adding someone to your account, think about what actions are they going to have to take and what's the best role scoped for them.

So that's our number one recommendation at Cloudflare is be as safe as possible.

Dina, for our viewers watching, if they're interested, how can they stay involved in birthday week?

Yes. So first thing is Cloudflare TV.

So I hope you all enjoyed today's segment. Like I said, there's a few other ones that are airing today.

I highly recommend watching those to get a bit of a deeper dive into some of the other products and features that we launched.

But aside from that, make sure to read our blog post. We have so many exciting announcements.

One of the things that I love about the blog post is it's not just about a product or feature, but we take you back to the beginning of, OK, we make sure that you learn something new.

We make you understand what the problem is and how you can best deploy something for your own application to make sure that it's the fastest, most secure, most reliable.

You can also follow along on social media.

So on Twitter, we're going to be tweeting out everything that we're going to be posting and also on Discord.

And finally, play around with some of the features and products.

And a lot of them are coming out in beta. So make sure to provide us feedback.

We take it very seriously. We're going to make sure that we take it back to the team and iterate it and build an even better product for you all before it goes out to GA.

But thank you all for watching. I'm happy birthday week and really excited for what the rest of the week brings.

Thank you.

Happy birthday.

Looking forward to all the announcements to come. Thank you.

Thumbnail image for video "Birthday Week"

Birthday Week
2023 marks Cloudflare’s 13th birthday! Each day this week we will announce new products and host fascinating discussions with guests including product experts, customers, and industry peers. Be sure to head to the Birthday Week Hub for every blog...
Watch more episodes