Cloudflare TV

⚡️ What Launched Today - Thursday, June 22

Presented by Sam Marsh, Shruti Nejad, Celso Martinho
Originally aired on 

Welcome to Cloudflare Speed Week 2023!

Speed Week 2023 is a week-long series of new product announcements and events, from June 19 to 23, that are dedicated to demonstrating the performance and speed related impact of our products and how they enhance customer experience.

Tune in all week for more news, announcements, and thought-provoking discussions!

Read the blog post:

Visit the Speed Week Hub for every announcement and CFTV episode — check back all week for more!

Speed Week

Transcript (Beta)

Hello, everybody. Welcome back to Cloudflare TV. It is day four of Speed Week.

Today we announced a total of eight blogs, four focused on Zero Trust, including support for a brand new protocol in Warp, and also digital experience monitoring, which we'll get into in just a moment.

Also covering posts on AI, a good post from Alex Krivett on how websites are using performance techniques potentially incorrectly, an update on network performance, and even a post how we benchmark UI, the Cloudflare UI itself, and also a really interesting post on Constellation.

I'm pleased to say I'm joined today by three of the authors of those blogs, and we'll get through some questions and answers as always to find out more.

So let's start with Shruti, who's going to talk to us about digital experience monitoring.

So Shruti, can you start off as usual by introducing yourself, what it is you do at Cloudflare, and give us an overview of what it is you're announcing today?

Awesome. Let's do it. I'm Shruti. I'm a product manager here on the Zero Trust team, specifically working on the DEX product.

And so today, I'm going to be announcing the beta release of our digital experience monitoring product for all of our Cloudflare 1 customers.

So it's part of Zero Trust, and it's designed to improve IT and network teams' visibility into their end-user connectivity and performance issues.

So with today's announcement, we're going to be opening up this tool to each of our customers, but we are just getting started, and we want a lot of feedback to help us continue to improve this experience.

Can't wait to talk more about it. Perfect. So who does this help?

Who is digital experience monitoring for, and what is the main problem it solves?

Great question. So this is primarily targeted towards our IT and network administrators here.

So it's going to help them monitor user application and network availability and performance through a single pane of glass.

So that's going to be the best part for them.

We have two core features that we're going to be releasing.

We have two features, one called synthetic application monitoring and one called fleet status.

So with synthetic application monitoring, you can now monitor the performance and availability of your public and private applications that you and your team use every single day.

So alongside its user -friendly setup, we're pulling these really powerful insights from the Cloudflare network that we have.

So with synthetic application monitoring, you can track things like response time averages and paint a realistic picture of your application's performance for your users worldwide.

It's not just another static data point.

Over time, this is going to be the most actionable intelligence for you to help you understand and optimize your users' digital experience.

So that's synthetic application monitoring.

We're very excited to see how people respond to this.

With fleet status, our second feature, you can now better understand the state of your warp and roll devices.

So customers wanted to understand their device fleet using the data that Cloudflare could gather.

So we built this to provide real-time insights into the status of your client devices, connection, their mode, their location on a global and per-device level basis.

So with these insights, administrators can proactively ensure connectivity, make sure they're addressed with any issues, and leading to a lot of minimal disruption and maximal productivity for your teams.

So it's not just about presenting data. We're really empowering our administrators here with that actionable insights that they need when they need it the most.

Cool. Perfect. Yeah, that sounds like a lot. Sounds interesting.

If I'm a user or if I'm a person interested in this, how can I kind of start playing around with it?

How can I get my hands in it? And how can I learn more?

Well, fortunately, it's really easy. So if you're an existing Cloudflare 1 user, all you need to do is log in to your Cloudflare dashboard, go into Zero Trust and check out the new DEX beta section.

There's no activation needed. If you're new to Cloudflare 1, go ahead and sign up for our free plan, which provides DEX for up to 50 users at no cost.

And for our enterprise plan users, you'll be enabled to have 10 synthetic application tests as a part of your existing subscription.

If you want to learn more, highly recommend you check out our blog post that we just released today.

If you want to dive a little bit more into seeing how fleet status and synthetic application monitoring can help you solve your problems.

Perfect. Cool. Very exciting. Thank you. Thank you for the overview. Next up, we've got Celso.

Welcome to Cloudflare TV. I think you're a veteran. Can you start off by introducing yourself to the audience again, what your role is at Cloudflare and what you are talking today, what you are announcing today?


My name is Celso Martinho. I'm an engineering director based in the Lisbon office in Portugal.

I've been with the company for about three years and I have a couple of projects, running a couple of projects at Cloudflare, one of them being Constellation.

Constellation allows you to run fast, low latency inference tasks using pre-trained machine learning models on top of Cloudflare.

We've announced the Constellation on Developer Week a few weeks ago.

And today we're announcing a few upgrades to Constellation.

And we're going to allow developers to use bigger models with our engine.

We have a few API changes that really affect performance in a good way.

And we're also supporting a new machine learning runtime called SG Boost.

So exciting news for Constellation. Nice, nice. So at a high level, what are some of the kind of use cases we've seen so far, or if there are any common use cases for Constellation?

I know we only launched this, what, four or five weeks ago?

Yeah. So machine learning and AI is a big definition. A lot of things can go into these terms.

But for the number of tasks doing inference in the cloud, especially in a cloud like Cloudflare, which has like 300 data centers across the globe, we're at a maximum of 50 milliseconds from anyone connected to the Internet, can be very advantage.

So I'd say Constellation is ideal to do inference tasks on things like image or audio classification, anomaly detection in data, especially time series data, text translation, summarization, similarity analysis.

That's also very common for a lot of use cases. Some NLP sentiment analysis, speech recognition.

So these are examples of how you can use Constellation APIs if you have an application or a product or some worker script that requires you to do machine learning.

The cool thing about Constellation is that you can start doing this in a matter of minutes because there's two options here.

Either you can pre-train your own model.

That will probably take you a little bit longer.

And then you can bring your model to Cloudflare and use it with Constellation.

Or you can just go to our catalog of pre-approved curated models, pick one that works for your use case and start using it in a matter of minutes.

So it's very efficient for a lot of cases.

Nice. And in terms of what's new, like I said, we only announced this about four or five weeks ago in developer week.

And I think there's already some improvements we want to talk about.

So can you kind of give the audience and our viewers to what they are that we've announced in the blog today?

Yeah. So Constellation is a new product and our focus right now is listening to customers and developers.

We have a few thousand accounts enabled in the private beta and we've been learning and trying to improve based on that feedback.

So the three things we're announcing today is the result of listening to our developers and customers.

So number one thing we're doing is increasing the limit for the models you can use with Constellation.

The limit we had when we launched on developer week was 10 megabytes and we're now increasing to 15 megabytes.

So that opens doors to a lot of other models that can do more complex, sophisticated tasks that just wasn't possible to do under the 10 megabyte limit.

That's one thing. Second thing is we're now supporting tensor caching. So I don't want to go too technical on this session, but by doing tensor caching we're basically improving the latency of using Constellation because you don't need to travel as much data back and forth using the client API.

We'll just cache the tensors that are common to the multiple inference tasks that you need to do.

And the third thing is we're now supporting a new runtime.

So Constellation was built under the premise that we will be supporting multiple machine learning runtimes because you have models that are suitable for a certain runtime depending on the use case.

We started by supporting ONNX, which is one of the most common, more popular machine learning runtimes out there.

And today we're enabling SGBoost. SGBoost is also very popular.

It's known to be very fast and very accurate in terms of results.

And I think developers will love it because there's a number of models they can start using with Constellation now that they weren't able to do with the first version.

Nice. Nice. I mean, that sounds like a lot. I'm still getting my head around AI.

I think a lot of people still are at the low, low level. So if people want to get involved in this, people want to start using this, or people who kind of wanted to but couldn't until these announcements were made now want to come back and have a look again, where can they go and find out more?

How do they get started and start using Constellation?

So start with the blog posts. There's lots of information in the blog posts and links from there.

The developer documentation website also has a lot of information about Constellation and how it works and how the API works.

And finally, if you want to get into the waiting list, into the wait list for the private beta, just go to the dash, click on the workers tab, and then Constellation under that, and press the button to go to the wait list.

We're enabling accounts as fast as we can.

And we, again, we want to learn and listen to customers and developers and incorporate their feedback into our roadmap.

Shipping to learn, the best possible way. Thank you very much for that.

That was eye-opening. Final one of the day, sad to say. Honor, welcome to Cloudflare TV.

Could you start again, usual format, introduce yourself, what it is you do at Cloudflare, and what is it your blog post is talking about today?


Hello. I'm Honor, and I'm the engineering manager for our network engineering team in the United States.

So today's blog post is another update about our network's performance.

We constantly provide updates about the network performance and the improvements that we are doing for our users.

And today's post contains information on the current state of our network's performance and benchmarking against the competition, basically.

We also provide insight into the process and tools that we are using to make sure that we are improving our performance for performance of the network for our users.

So in terms of performance, I think the first question, whenever we do any of these competitive analyses, right, is making sure that how we're testing is sound.

So could you give us like a higher level of how we've come to these conclusions and what the methodologies are that we've been using to say that we're the fastest network and these charts and impressive graphs?

Sure. Yeah. And basically, we use real user measurements in order to provide those measurements.

And for that, we fetch a small file from Cloudflare, as well as the competitors, and measure few key performance indicators for the performance, right?

And these metrics are generally TCP connection time, time to first byte, and time to last byte.

These are the main metrics that we are measuring.

Okay. And what are the headlines for those who haven't read the blog yet, only came out a few hours ago?

What are the headlines? What are the key takeaways?

And how are we performing versus those competitors? Sure. And one of the ways that we measure our performance and how fast we are is checking the number of networks where we are the fastest provider compared to the other networks.

And currently, Cloudflare is the fastest across 56% of the networks around the world.

And by network, what we mean is the AS number and the country payers that we are making those measurements across.

For historical change that we've done, you can go to our blog and see the change in the last year.

Yeah. Because we try and do a post every innovation week, right?

So you should be able to find a good few of these now highlighting, like you say, an improvement, which is interesting, I guess, to show how much of the map, which is in the blog, turns orange with each passing quarter.

The world just turns a little bit more orange from the performance perspective.

So I guess I'm kind of answering my own question there. But if I'm interested in learning more about Cloudflare's performance versus other networks or the CDNs or the providers, where's the best place for me to go and get the latest information on that?

Yeah. And the best place for that is our blog.

So you can tune into our blog and we will keep posting about the improvements regularly during these speed weeks, innovation weeks that we do.


Lovely. Thank you very much. And yeah, I highly recommend reading the blog. It's got a lot of really interesting graphics in there, and they're already kind of blowing up on social media, which is always nice to see being shared.


That actually brings us to the end of today's session. Thanks, everyone, for joining and answering those questions.

A very diverse set of subjects, as always, for these innovation weeks, which is nice.

For the audience, don't forget to join tomorrow, which is going to be our last live session on speed week, sad to say.

Until then, I hope you have a pleasant rest of the day, and I will see you tomorrow.

Thanks, everybody. Thank you. The About You fashion platform has become the number one fashion platform in Europe in the generation Y and Z.

It has been tremendously successful because we have built the technology stack from a commerce perspective, then decided to also make it available to leading fashion brands such as Marco Polo, Tom Taylor, The Founded, and many others.

Yeah, and that's how scale was born. What we see in the market is that the attack vectors are becoming increasingly more scaled, distributed, and complex as a whole.

We decided to bring on Cloudflare to ultimately have the best possible security tech stack in place to protect our brands and retailers.

We use the Cloudflare bot management, rate limiting, and WAF as an extra layer of protection for our customers by tackling the major cyber threats that we see in the market.

DDoS attacks, credential stuffing, and scalping bots. What we see with a scalping bot here is that they're targeting high-end products and then buying them up within a few seconds.

That leaves the customer dissatisfied. They will turn away and purchase somewhere else the product and thereby we have lost the customer.

Generally before it could take maybe up to half an hour for a security engineer to handle DDoS attacks.

Now we are seeing that Cloudflare could help us to stop that in an automatic way.

Cloudflare helps us to bring the site performance to the best and ultimately therefore create even more revenue with our clients.

Cloudflare Access allows you to securely expose your internal applications and services, enforce user access policies, and log per application activity all without a VPN.

This video will show you how to enable Cloudflare Access, configure an identity provider, build access policies, and enable access app launch.

Before enabling access, you need to create an account and add a domain to Cloudflare.

If you have a Cloudflare account, sign in, navigate to the access app, and then click enable access.

For this demo, Cloudflare Access is already enabled, so let's move on to the next step, configuring an identity provider.

Depending on your subscription plan, Access supports integration with all major identity providers, or IDPs, that support OIDC or SAML.

To configure an IDP, click the add button in the login methods card, then select an identity provider.

For the purposes of this demo, we're going to choose Azure AD.

Follow the provider specific setup instructions to retrieve the application ID and application secret, along with the directory ID.

Toggle support groups to on if you want to give Cloudflare Access to read specific SAML attributes about the users in your tenant of Azure AD.

Enter the required fields, then click save. If you'd like to test the configuration after saving, click the test button.

Cloudflare Access policies allow you to protect an entire website or resource by defining specific users or groups to deny, allow, or ignore.

For the purposes of this demo, we're going to create a policy to protect a generic internal resource,

To set up your policy, click create access policy.

Let's call this application internal wiki.

As you can see here, policies can apply to an entire site, a specific path, apex domain, subdomain, or all subdomains using a wildcard policy.

Session duration determines the length of time an authenticated user can access your application without having to log in again.

This can range from 30 minutes to one month.

Let's choose 24 hours. For the purposes of this demo, let's call the policy just me.

You can choose to allow, deny, bypass, or choose non-identity. Non -identity policies enforce authentication flows that don't require an identity provider IDP login, such as service tokens.

You can choose to include users by an email address, emails ending in a certain domain, access groups, which are policies defined within the access app in the Cloudflare dashboard, IP ranges, so you can lock down a resource to a specific location or whitelist a location, or your existing Azure groups.

Large businesses with complex Azure groupings tend to choose this option.

For this demo, let's use an email address. After finalizing the policy parameters, click save.

To test this policy, let's open an incognito window and navigate to the resource, resource on

Cloudflare has inserted a login screen that forces me to authenticate.

Let's choose Azure AD, log in with the Microsoft username and password, and click sign in.

After a successful authentication, I'm directed to the resource.

This process works well for an individual resource or application, but what if you have a large number of resources or applications?

That's where access app launch comes in handy.

Access app launch serves as a single dashboard for your users to view and launch their allowed applications.

Our test domain already has access app launch enabled, but to enable this feature, click the create app launch portal button, which usually shows here.

In the edit access app launch dialog that appears, select a rule type from the include drop-down list.

You have the option to include the same types of users or groups that you do when creating policies.

You also have the option to exclude or require certain users or groups by clicking these buttons.

After configuring your rule, click save.

After saving the policy, users can access the app launch portal at the URL listed on the access app launch card.

If you or your users navigate to that portal and authenticate, you'll see every application that you or your user is allowed to view based on the Cloudflare access policies you've configured.

Now you're ready to get started with Cloudflare access.

In this demo, you've seen how to configure an identity provider, build access policies, and enable access app launch.

To learn more about how Cloudflare can help you protect your users and network, visit teams backslash access.

you MindBody specifically focused on the health and wellness space and was built by people who were passionate about health and wellness.

We serve health and wellness businesses all over the world.

We allow our customers to spend more time focusing on the parts of their business that they love and less time worrying about scheduling software and payroll and other day-to-day administrative work.

We want to protect customers from attacks that could hurt their business and their brand.

At MindBody, we're passionate about ensuring that our customers' data is secure.

When we first approached Cloudflare, we had a lot of different tools in our security stack, and there was a lot of management overhead associated with all that kind of complexity.

I think at one point we had four different WAFs, a separate tool for bot management, and two CDNs, and we basically managed to consolidate all of that into using just Cloudflare without losing any of the functionality or any of the protections that we had in place.

It was the kind of tool I could hand to junior analysts or senior engineers and they would all know how to manage it pretty quickly.

With our old environment, we were constantly fighting botnets and attempts to scrape our inventory, credential stuffing attacks.

When we moved to Cloudflare, we were able to mitigate a lot of these kinds of attacks much easier and more consistently.

Using Cloudflare bot management, we see a lot fewer false positives with actual valid end users using our application and being flagged as a bot.

We've gone from dealing with several per day to only a few per week. With the Cloudflare access solution, we are able to provide Zero Trust access to sensitive internal applications to contractors and third-party vendors.

It puts our internal applications behind strong authentication protocols and allows us to ensure that only authorized users are able to even see the service.

The health and wellness industry is only going to grow.

I think mind-body is going to be part of that rising tide that floats all boats.

Cloudflare will help us scale and grow and secure all those services as the industry expands.

The biggest IT priorities in the state of Arizona really are focusing on modernization of legacy applications and technologies and bringing together and delivering better digital services to our citizens.

As a government entity, we face a tremendous amount of cyber interest from around the world.

We have to guard our systems against a lot of different things.

We're running a program that we're calling the Statewide Cyber Readiness Program, essentially providing cyber protections to all of our local government entities, including cities, counties, K-12 school districts, trying to help them up-level themselves to prevent cyber attacks across the entire state.

Most of the organizations that we work with, especially talking about some of the smaller entities, don't have dedicated full-time cybersecurity professionals or IT staff.

One of the things we looked at is what is the ease of deployment for these tools, and Cloudflare stands out above a lot of the others, especially in that it doesn't require any sort of deployment in your environment.

It's all just a quick DNS change, and usually we've seen with onboarding and deployment within half an hour to a couple of hours at the very most for some of our more complicated entities.

We're getting very high-powered, very technical cybersecurity detections and protections with this platform with essentially little to no effort to deploy them.

With the Arizona Cyber Readiness Program, we were able to get access to all the feature sets with Cloudflare, including the web application firewall, bot management, rate limiting, caching, while the website stays online.

Maricopa County is the fourth-largest county in the United States.

We're about half the population of Arizona, and we're the second-largest voting district, next only to LA County.

Leading up to the 2020 general election, I was really concerned about implementing as many possible security controls as we could to protect our systems.

With Cloudflare, if we need to block an attack, it is trivial.

Within 60 seconds, I can block an attacking IP. I see Cloudflare as a critical partner in everything we're trying to do across the state.

An attack against one of us is an attack against all of us, and the only way that we can be truly successful is by looking out for each other.

Cloudflare is going to be an integral part of that.

As part of our readiness program, we're going to be right at the edge, guarding and watching all the traffic that's coming through to hit all of those services, and so it's going to be providing, you know, critical front-end work to make sure that our citizens are protected.

Thumbnail image for video "Speed Week"

Speed Week
Relive Cloudflare's Speed Week with episodes showcasing how we keep everything fast, from lightning quick configuration updates and code deploys, to logs you don’t have to wait for, to ludicrously fast cache purges and real time analytics.
Watch more episodes