Migrating from VPN to Access
Cloudflare has transitioned from using traditional VPNs to a zero-trust architecture for remote work. They have migrated services one by one, focusing on high priority ones first and moving them to Access, their zero-trust access proxy. Some services that did not run over HTTP or other Access-supported protocols required the use of VPN, but support for SSH over Access has allowed them to replace the VPN as a protection layer for source control systems. They have also used Spectrum, their DDoS protection and performance product, to protect their VPN endpoints against DDoS and improve performance for VPN users. As of 2020, new employees no longer get a VPN account by default, indicating the company's progress towards completely adopting zero-trust architecture.
Company
Cloudflare
Date published
March 28, 2020
Author(s)
Achiel van der Mandele
Word count
759
Hacker News points
None found.
Language
English