SlideShare a Scribd company logo

Don't Get Schooled: Performance and Security Tips from a Leading Education SaaS Company

Download as PPTX, PDF
M
Meghan Weinreich

As the SaaS market continues to swell and become an integral component of business infrastructure, performance and security remains top-of-mind for both SaaS providers and their customers. Underperforming applications and those vulnerable to attacks will inevitably experience a negative impact on revenue, end-user engagement, brand reputation, and customer churn. View this presentation featuring our customer expert from School Loop, a SaaS portal for K-12 schools to communicate internally within schools and externally with students and parents. You will learn: -How School Loop accelerates performance of their application used by 3 million students and parents, even during periods of seasonal or spiky traffic -How to prevent breaches of confidential data and communications via SSL -The benefits of setting up a branded, user friendly custom domain for your customers -How you can ensure uptime against DDoS attacks with the help of Cloudflare

Technology
1 of 23
Don't Get Schooled Performance and Security Tips from a Leading SaaS Education Company
David Kensiski Director of Technical Infrastructure Christian Paulus Head of Product Marketing Speakers
Agenda • SSL for SaaS customer challenges and solution • School Loop case study • Questions & Answers
SYSTEM DDoS Attack Attack traffic impacts availability or performance Data Theft Attempt Compromise of sensitive customer data Bots Prevent malicious bots from abusing site or application Customer Web Performance & Security Challenges 1. Fast across the globe Provide stellar performance for any website, app and API anywhere in the world 2. Rich user experience Optimize engagement, increase conversions, and reduce costs, across mobile and any other screen 3. Spiky and seasonal traffic Keep applications fast, available, and scalable, when it matters most SECURITY PERFORMANCE
© 2017 Cloudflare Inc. All rights reserved. SaaS Provider Unencrypted but Branded Vanity Domain Custom vanity domains without SSL lack performance benefits of SSL and secure data transfer, making them vulnerable to snooping and content being modified or injected before reaching visitors. Challenging In-House Approach SaaS providers who want encrypted branded custom domains can either manually manage SSL lifecycles, resulting in long deployment times and overhead costs, or build a complex automated in-house solution. ✕ http://support.customer.com SSL Encrypted but Unbranded Domain Domains which have SSL enabled through a SaaS provider lack a custom vanity domain, resulting in brand degradation and lower SEO rankings. 🔒 https://customer.saascompany.com SSL 🔒 https://support.customer.com Customer Vanity Domain Branded Customer using SaaS Provider Subdomain Non branded Customer Vanity Domain Branded No SSL SaaS Provider SaaS Provider SaaS Customer Challenges
Challenging In-House Roadmap
Branded Visitor Experiences Full brand recognition for end users through a CNAME’d vanity URL. SaaS Provider Rapid SSL Deployments Cloudflare immediately transmits new certificate requests, propagating them to the edge and bringing HTTPS online in less than 2 minutes on average. Automated Lifecycle Management Cloudflare manages the entire SSL lifecycle for both SaaS providers and end users, requiring no ongoing effort by either party. Customer Branded Domain SSLSSL 1. Purchases SSL certificate from authority 2. Provisions and manages certificate for customer vanity domains 3. Automatically renews certificates for customer vanity domains Secure and Performant Website Secure the transmission of visitor data over HTTPS and offer end users the performance benefits of the HTTP/2 protocol, only available with SSL. 🔒 https://support.customer.com Cloudflare SSL for SaaS
SaaS portal and communications for K12 schools • 3.8 million users • 4,000 schools in 30 states Parents & Students
Plan • Curriculum Groups • Resource management Teach • Digital Classroom • Student Dashboards • Gradebook Communicate • Mobile App • Personal E-mail Newsletter • Multi-lingual Calling • Loop Mail • Websites • 508 Compliance Support • Learning Management Team • Student Tracker • Student Record • Afterschool Professional Integrate • Google • Assessment Systems • OpenLoop API School Loop Capabilities - Highlights
System needs to perform and be available to users Seasonal traffic • Beginning of school year • Grading deadline • End of school year Traffic spikes • 11th hour homework submission Security • Legal responsibility • Ethical responsibility • Contractual responsibility Branded customer domain Business Requirements
System has to be responsive and available Ability to cope with seasonal traffic and spikes Protect against snooping Technical Requirements Protect against DDoS attacks Support custom domains with branded user experience
Life Before Cloudflare Frequent DDOS attacks Log-in redirects to an un-branded, but protected domain http://School-name.k12.ca.us No SSL Branded domain SSL protected Unbranded domain https://School-name-ca.schoolloop.com
Why Cloudflare? Increasing DDOS attacks drove vendor. Criteria were: Price and performance Ease of implementation Reputation of vendor Cloudflare was selected in 2013
DDOS PROTECTION Cloudflare Solution Today Coded API tools to managed DNS, Page Rules, Logs WAF with firewall rules to challenge international traffic Early adopter of Managed CNAME Page Rules SSL for SaaS Argo Smart Routing Expanded usage since 2013:
Cloudflare Solution Details: SSL for SaaS Set Up DB DB Perl Script Three Activities Call the customers’ DNS 1. Validates if Cname is properly set up Call the Cloudflare API 2. HTTP GET -- Status: Have we already enabled the domain for SSL for SaaS? 3. HTTP POST -- turn on SSL for SaaS
Cloudflare Solution Details DDoS / WAF • Enable most WAF rules • Manually disable those that “break” services i.e. our CMS triggers a false positive for cross-site posting Firewall rules • Present CAPTCHA for all non-US traffic Argo Smart Routing • Just throw the switch and it works
How has Cloudflare helped? Outages due to DDoS went to virtually nil SY 2012/13 SY 2016/17 20 0 uptime drops close to 99.9% uptime over 99.995%
Branded and Encrypted Domains with SSL for SaaS https://chavez.husd.us/ https://cvz-haywardusd-ca.schoolloop.com/
Argo Smart Routing
DDoS easy to set up • Migrate and clean up DNS records • Update NS with registrar • Less easy to manage • Early GUI sucked; wrote CFdns API • Wrote cf2tinydns translator to pull CF records for split horizon Cloudflare set up / deployment SSL for SaaS – perl script makes API calls Argo • Just switch on 2 hrs to retrofit DNS API to work for SSL for SaaS 3 hrs to query DB, poll DNS, query CF, post CF and test
Experiences / lessons learned DDoS Argo SSL for SaaS Why would you mitigate your own DDoS? Life got so much simpler with Cloudflare. Just switch it on and monitor the performance gains. Easy set up. School districts can now hand out a paper on the first school day with the right URL / domain. It just works—don’t go through a lot of hassle building it yourself.
Questions & Answers +
Don't Get Schooled: Performance and Security Tips from a Leading Education SaaS Company

Recommended

Microservices: Breaking Apart the Monolith
Microservices: Breaking Apart the Monolith Microservices: Breaking Apart the Monolith
Microservices: Breaking Apart the Monolith Iron.io
 
CIS Compliance Automations Eevidence Collection, Security and Compliance Be...
CIS Compliance Automations Eevidence Collection, Security and Compliance Be...CIS Compliance Automations Eevidence Collection, Security and Compliance Be...
CIS Compliance Automations Eevidence Collection, Security and Compliance Be...Faiza Mehar
 
Palo Alto Networks and AWS: Streamline Your Accreditation with Superior Secur...
Palo Alto Networks and AWS: Streamline Your Accreditation with Superior Secur...Palo Alto Networks and AWS: Streamline Your Accreditation with Superior Secur...
Palo Alto Networks and AWS: Streamline Your Accreditation with Superior Secur...Amazon Web Services
 
Your First Hour on AWS: Building the Foundation for Large Scale AWS Adoption
Your First Hour on AWS: Building the Foundation for Large Scale AWS AdoptionYour First Hour on AWS: Building the Foundation for Large Scale AWS Adoption
Your First Hour on AWS: Building the Foundation for Large Scale AWS AdoptionAmazon Web Services
 
RightScale Webinar: Security and Compliance in the Cloud
RightScale Webinar: Security and Compliance in the CloudRightScale Webinar: Security and Compliance in the Cloud
RightScale Webinar: Security and Compliance in the CloudRightScale
 
AWS OpsWorks for Chef Automate
AWS OpsWorks for Chef AutomateAWS OpsWorks for Chef Automate
AWS OpsWorks for Chef AutomatePolarSeven Pty Ltd
 
[RightScale Webinar] Architecting Databases in the cloud: How RightScale Doe...
[RightScale Webinar] Architecting Databases in the cloud: How RightScale Doe...[RightScale Webinar] Architecting Databases in the cloud: How RightScale Doe...
[RightScale Webinar] Architecting Databases in the cloud: How RightScale Doe...RightScale
 
DevOpsDaysPhoenix - CI/CD Pipelines for CDN
DevOpsDaysPhoenix - CI/CD Pipelines for CDNDevOpsDaysPhoenix - CI/CD Pipelines for CDN
DevOpsDaysPhoenix - CI/CD Pipelines for CDNAkshay Ranganath
 

Recommended

Microservices: Breaking Apart the Monolith
Microservices: Breaking Apart the Monolith Microservices: Breaking Apart the Monolith
Microservices: Breaking Apart the Monolith Iron.io
 
CIS Compliance Automations Eevidence Collection, Security and Compliance Be...
CIS Compliance Automations Eevidence Collection, Security and Compliance Be...CIS Compliance Automations Eevidence Collection, Security and Compliance Be...
CIS Compliance Automations Eevidence Collection, Security and Compliance Be...Faiza Mehar
 
Palo Alto Networks and AWS: Streamline Your Accreditation with Superior Secur...
Palo Alto Networks and AWS: Streamline Your Accreditation with Superior Secur...Palo Alto Networks and AWS: Streamline Your Accreditation with Superior Secur...
Palo Alto Networks and AWS: Streamline Your Accreditation with Superior Secur...Amazon Web Services
 
Your First Hour on AWS: Building the Foundation for Large Scale AWS Adoption
Your First Hour on AWS: Building the Foundation for Large Scale AWS AdoptionYour First Hour on AWS: Building the Foundation for Large Scale AWS Adoption
Your First Hour on AWS: Building the Foundation for Large Scale AWS AdoptionAmazon Web Services
 
RightScale Webinar: Security and Compliance in the Cloud
RightScale Webinar: Security and Compliance in the CloudRightScale Webinar: Security and Compliance in the Cloud
RightScale Webinar: Security and Compliance in the CloudRightScale
 
AWS OpsWorks for Chef Automate
AWS OpsWorks for Chef AutomateAWS OpsWorks for Chef Automate
AWS OpsWorks for Chef AutomatePolarSeven Pty Ltd
 
[RightScale Webinar] Architecting Databases in the cloud: How RightScale Doe...
[RightScale Webinar] Architecting Databases in the cloud: How RightScale Doe...[RightScale Webinar] Architecting Databases in the cloud: How RightScale Doe...
[RightScale Webinar] Architecting Databases in the cloud: How RightScale Doe...RightScale
 
DevOpsDaysPhoenix - CI/CD Pipelines for CDN
DevOpsDaysPhoenix - CI/CD Pipelines for CDNDevOpsDaysPhoenix - CI/CD Pipelines for CDN
DevOpsDaysPhoenix - CI/CD Pipelines for CDNAkshay Ranganath
 
AWS CloudFormation Automation, TrafficScript, and Serverless architecture wit...
AWS CloudFormation Automation, TrafficScript, and Serverless architecture wit...AWS CloudFormation Automation, TrafficScript, and Serverless architecture wit...
AWS CloudFormation Automation, TrafficScript, and Serverless architecture wit...PolarSeven Pty Ltd
 
Austin CSS Slalom Presentation
Austin CSS Slalom PresentationAustin CSS Slalom Presentation
Austin CSS Slalom PresentationAlert Logic
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeAlert Logic
 
Introduction to WAF and Network Application Security
Introduction to WAF and Network Application SecurityIntroduction to WAF and Network Application Security
Introduction to WAF and Network Application SecurityAlibaba Cloud
 
Securing APIs
Securing APIsSecuring APIs
Securing APIsWSO2
 
AWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the CloudAWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the CloudAmazon Web Services
 
Deploy a DoD Secure Cloud Computing Architecture Environment in AWS | AWS Pub...
Deploy a DoD Secure Cloud Computing Architecture Environment in AWS | AWS Pub...Deploy a DoD Secure Cloud Computing Architecture Environment in AWS | AWS Pub...
Deploy a DoD Secure Cloud Computing Architecture Environment in AWS | AWS Pub...Amazon Web Services
 
Protección y acceso a tu información y aplicaciones en Azure y O365 – Barracuda
Protección y acceso a tu información y aplicaciones en Azure y O365 – BarracudaProtección y acceso a tu información y aplicaciones en Azure y O365 – Barracuda
Protección y acceso a tu información y aplicaciones en Azure y O365 – BarracudaPlain Concepts
 
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Amazon Web Services
 
Recipes for a successful production cloudfoundry deployment - CF Summit 2014
Recipes for a successful production cloudfoundry deployment - CF Summit 2014Recipes for a successful production cloudfoundry deployment - CF Summit 2014
Recipes for a successful production cloudfoundry deployment - CF Summit 2014Vinícius Carvalho
 
Army's Cyber Defense Operations: Building the Right Solutions for the Data Su...
Army's Cyber Defense Operations: Building the Right Solutions for the Data Su...Army's Cyber Defense Operations: Building the Right Solutions for the Data Su...
Army's Cyber Defense Operations: Building the Right Solutions for the Data Su...Amazon Web Services
 
Security on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupSecurity on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupCloudHesive
 
Serverless
ServerlessServerless
ServerlessStanimir Todorov
 
Putting it All Together: Securing Systems at Cloud Scale
Putting it All Together: Securing Systems at Cloud ScalePutting it All Together: Securing Systems at Cloud Scale
Putting it All Together: Securing Systems at Cloud ScaleAmazon Web Services
 
Sitecore JSS at scale
Sitecore JSS at scaleSitecore JSS at scale
Sitecore JSS at scaleJonathan BOBO
 
WSO2Con US 2013 - Connected Business - making it happen
WSO2Con US 2013 - Connected Business - making it happenWSO2Con US 2013 - Connected Business - making it happen
WSO2Con US 2013 - Connected Business - making it happenWSO2
 
Monitoring Your AWS Cloud Infrastructure
Monitoring Your AWS Cloud InfrastructureMonitoring Your AWS Cloud Infrastructure
Monitoring Your AWS Cloud InfrastructureNewvewm
 
Performance Optimization of Cloud Based Applications by Peter Smith, ACL
Performance Optimization of Cloud Based Applications by Peter Smith, ACLPerformance Optimization of Cloud Based Applications by Peter Smith, ACL
Performance Optimization of Cloud Based Applications by Peter Smith, ACLTriNimbus
 
Routing in the cloud
Routing in the cloudRouting in the cloud
Routing in the cloudUdaiappa Ramachandran
 
Build Secure Cloud Solution using F5 BIG-IP on AWS
Build Secure Cloud Solution using F5 BIG-IP on AWSBuild Secure Cloud Solution using F5 BIG-IP on AWS
Build Secure Cloud Solution using F5 BIG-IP on AWSLahav Savir
 
SSL for SaaS Providers
SSL for SaaS ProvidersSSL for SaaS Providers
SSL for SaaS ProvidersCloudflare
 
The Network Fabric for Your Digital Transformation
The Network Fabric for Your Digital TransformationThe Network Fabric for Your Digital Transformation
The Network Fabric for Your Digital TransformationAmazon Web Services
 

More Related Content

What's hot

AWS CloudFormation Automation, TrafficScript, and Serverless architecture wit...
AWS CloudFormation Automation, TrafficScript, and Serverless architecture wit...AWS CloudFormation Automation, TrafficScript, and Serverless architecture wit...
AWS CloudFormation Automation, TrafficScript, and Serverless architecture wit...PolarSeven Pty Ltd
 
Austin CSS Slalom Presentation
Austin CSS Slalom PresentationAustin CSS Slalom Presentation
Austin CSS Slalom PresentationAlert Logic
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeAlert Logic
 
Introduction to WAF and Network Application Security
Introduction to WAF and Network Application SecurityIntroduction to WAF and Network Application Security
Introduction to WAF and Network Application SecurityAlibaba Cloud
 
Securing APIs
Securing APIsSecuring APIs
Securing APIsWSO2
 
AWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the CloudAWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the CloudAmazon Web Services
 
Deploy a DoD Secure Cloud Computing Architecture Environment in AWS | AWS Pub...
Deploy a DoD Secure Cloud Computing Architecture Environment in AWS | AWS Pub...Deploy a DoD Secure Cloud Computing Architecture Environment in AWS | AWS Pub...
Deploy a DoD Secure Cloud Computing Architecture Environment in AWS | AWS Pub...Amazon Web Services
 
Protección y acceso a tu información y aplicaciones en Azure y O365 – Barracuda
Protección y acceso a tu información y aplicaciones en Azure y O365 – BarracudaProtección y acceso a tu información y aplicaciones en Azure y O365 – Barracuda
Protección y acceso a tu información y aplicaciones en Azure y O365 – BarracudaPlain Concepts
 
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Amazon Web Services
 
Recipes for a successful production cloudfoundry deployment - CF Summit 2014
Recipes for a successful production cloudfoundry deployment - CF Summit 2014Recipes for a successful production cloudfoundry deployment - CF Summit 2014
Recipes for a successful production cloudfoundry deployment - CF Summit 2014Vinícius Carvalho
 
Army's Cyber Defense Operations: Building the Right Solutions for the Data Su...
Army's Cyber Defense Operations: Building the Right Solutions for the Data Su...Army's Cyber Defense Operations: Building the Right Solutions for the Data Su...
Army's Cyber Defense Operations: Building the Right Solutions for the Data Su...Amazon Web Services
 
Security on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupSecurity on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupCloudHesive
 
Putting it All Together: Securing Systems at Cloud Scale
Putting it All Together: Securing Systems at Cloud ScalePutting it All Together: Securing Systems at Cloud Scale
Putting it All Together: Securing Systems at Cloud ScaleAmazon Web Services
 
Sitecore JSS at scale
Sitecore JSS at scaleSitecore JSS at scale
Sitecore JSS at scaleJonathan BOBO
 
WSO2Con US 2013 - Connected Business - making it happen
WSO2Con US 2013 - Connected Business - making it happenWSO2Con US 2013 - Connected Business - making it happen
WSO2Con US 2013 - Connected Business - making it happenWSO2
 
Monitoring Your AWS Cloud Infrastructure
Monitoring Your AWS Cloud InfrastructureMonitoring Your AWS Cloud Infrastructure
Monitoring Your AWS Cloud InfrastructureNewvewm
 
Performance Optimization of Cloud Based Applications by Peter Smith, ACL
Performance Optimization of Cloud Based Applications by Peter Smith, ACLPerformance Optimization of Cloud Based Applications by Peter Smith, ACL
Performance Optimization of Cloud Based Applications by Peter Smith, ACLTriNimbus
 
Build Secure Cloud Solution using F5 BIG-IP on AWS
Build Secure Cloud Solution using F5 BIG-IP on AWSBuild Secure Cloud Solution using F5 BIG-IP on AWS
Build Secure Cloud Solution using F5 BIG-IP on AWSLahav Savir
 

What's hot (20)

AWS CloudFormation Automation, TrafficScript, and Serverless architecture wit...
AWS CloudFormation Automation, TrafficScript, and Serverless architecture wit...AWS CloudFormation Automation, TrafficScript, and Serverless architecture wit...
AWS CloudFormation Automation, TrafficScript, and Serverless architecture wit...
 
Austin CSS Slalom Presentation
Austin CSS Slalom PresentationAustin CSS Slalom Presentation
Austin CSS Slalom Presentation
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 
Introduction to WAF and Network Application Security
Introduction to WAF and Network Application SecurityIntroduction to WAF and Network Application Security
Introduction to WAF and Network Application Security
 
Securing APIs
Securing APIsSecuring APIs
Securing APIs
 
AWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the CloudAWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the Cloud
 
Deploy a DoD Secure Cloud Computing Architecture Environment in AWS | AWS Pub...
Deploy a DoD Secure Cloud Computing Architecture Environment in AWS | AWS Pub...Deploy a DoD Secure Cloud Computing Architecture Environment in AWS | AWS Pub...
Deploy a DoD Secure Cloud Computing Architecture Environment in AWS | AWS Pub...
 
Protección y acceso a tu información y aplicaciones en Azure y O365 – Barracuda
Protección y acceso a tu información y aplicaciones en Azure y O365 – BarracudaProtección y acceso a tu información y aplicaciones en Azure y O365 – Barracuda
Protección y acceso a tu información y aplicaciones en Azure y O365 – Barracuda
 
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
 
Recipes for a successful production cloudfoundry deployment - CF Summit 2014
Recipes for a successful production cloudfoundry deployment - CF Summit 2014Recipes for a successful production cloudfoundry deployment - CF Summit 2014
Recipes for a successful production cloudfoundry deployment - CF Summit 2014
 
Army's Cyber Defense Operations: Building the Right Solutions for the Data Su...
Army's Cyber Defense Operations: Building the Right Solutions for the Data Su...Army's Cyber Defense Operations: Building the Right Solutions for the Data Su...
Army's Cyber Defense Operations: Building the Right Solutions for the Data Su...
 
Security on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupSecurity on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition Meetup
 
Serverless
ServerlessServerless
Serverless
 
Putting it All Together: Securing Systems at Cloud Scale
Putting it All Together: Securing Systems at Cloud ScalePutting it All Together: Securing Systems at Cloud Scale
Putting it All Together: Securing Systems at Cloud Scale
 
Sitecore JSS at scale
Sitecore JSS at scaleSitecore JSS at scale
Sitecore JSS at scale
 
WSO2Con US 2013 - Connected Business - making it happen
WSO2Con US 2013 - Connected Business - making it happenWSO2Con US 2013 - Connected Business - making it happen
WSO2Con US 2013 - Connected Business - making it happen
 
Monitoring Your AWS Cloud Infrastructure
Monitoring Your AWS Cloud InfrastructureMonitoring Your AWS Cloud Infrastructure
Monitoring Your AWS Cloud Infrastructure
 
Performance Optimization of Cloud Based Applications by Peter Smith, ACL
Performance Optimization of Cloud Based Applications by Peter Smith, ACLPerformance Optimization of Cloud Based Applications by Peter Smith, ACL
Performance Optimization of Cloud Based Applications by Peter Smith, ACL
 
Routing in the cloud
Routing in the cloudRouting in the cloud
Routing in the cloud
 
Build Secure Cloud Solution using F5 BIG-IP on AWS
Build Secure Cloud Solution using F5 BIG-IP on AWSBuild Secure Cloud Solution using F5 BIG-IP on AWS
Build Secure Cloud Solution using F5 BIG-IP on AWS
 

Similar to Don't Get Schooled: Performance and Security Tips from a Leading Education SaaS Company

SSL for SaaS Providers
SSL for SaaS ProvidersSSL for SaaS Providers
SSL for SaaS ProvidersCloudflare
 
The Network Fabric for Your Digital Transformation
The Network Fabric for Your Digital TransformationThe Network Fabric for Your Digital Transformation
The Network Fabric for Your Digital TransformationAmazon Web Services
 
Scaling to millions of users with Amazon CloudFront - April 2017 AWS Online T...
Scaling to millions of users with Amazon CloudFront - April 2017 AWS Online T...Scaling to millions of users with Amazon CloudFront - April 2017 AWS Online T...
Scaling to millions of users with Amazon CloudFront - April 2017 AWS Online T...Amazon Web Services
 
Migration Recipes for Success - AWS Summit Cape Town 2017
Migration Recipes for Success - AWS Summit Cape Town 2017 Migration Recipes for Success - AWS Summit Cape Town 2017
Migration Recipes for Success - AWS Summit Cape Town 2017 Amazon Web Services
 
What’s New at Cloudflare: New Product Launches
What’s New at Cloudflare: New Product LaunchesWhat’s New at Cloudflare: New Product Launches
What’s New at Cloudflare: New Product LaunchesCloudflare
 
Building multi tenant highly secured applications on .net for any cloud - dem...
Building multi tenant highly secured applications on .net for any cloud - dem...Building multi tenant highly secured applications on .net for any cloud - dem...
Building multi tenant highly secured applications on .net for any cloud - dem...kanimozhin
 
Techcello hp-arch workshop
Techcello hp-arch workshopTechcello hp-arch workshop
Techcello hp-arch workshopkanimozhin
 
Can Your Mobile Infrastructure Survive 1 Million Concurrent Users?
Can Your Mobile Infrastructure Survive 1 Million Concurrent Users?Can Your Mobile Infrastructure Survive 1 Million Concurrent Users?
Can Your Mobile Infrastructure Survive 1 Million Concurrent Users?TechWell
 
Bp101-Can Domino Be Hacked
Bp101-Can Domino Be HackedBp101-Can Domino Be Hacked
Bp101-Can Domino Be HackedHoward Greenberg
 
RapidScale Product Training
RapidScale Product TrainingRapidScale Product Training
RapidScale Product TrainingRapidScale
 
Dynamic Content Acceleration: Lightning Fast Web Apps with Amazon CloudFront ...
Dynamic Content Acceleration: Lightning Fast Web Apps with Amazon CloudFront ...Dynamic Content Acceleration: Lightning Fast Web Apps with Amazon CloudFront ...
Dynamic Content Acceleration: Lightning Fast Web Apps with Amazon CloudFront ...Amazon Web Services
 
Cloudera training: secure your Cloudera cluster
Cloudera training: secure your Cloudera clusterCloudera training: secure your Cloudera cluster
Cloudera training: secure your Cloudera clusterCloudera, Inc.
 
Open Standards Enabling Digital Transformation
Open Standards Enabling Digital TransformationOpen Standards Enabling Digital Transformation
Open Standards Enabling Digital TransformationSolace
 
Meeting Archive: A Simple Step to Gain 33% Performance Improvements in Reques...
Meeting Archive: A Simple Step to Gain 33% Performance Improvements in Reques...Meeting Archive: A Simple Step to Gain 33% Performance Improvements in Reques...
Meeting Archive: A Simple Step to Gain 33% Performance Improvements in Reques...Meghan Weinreich
 
Risc and velostrata 2 28 2018 lessons_in_cloud_migration
Risc and velostrata 2 28 2018 lessons_in_cloud_migrationRisc and velostrata 2 28 2018 lessons_in_cloud_migration
Risc and velostrata 2 28 2018 lessons_in_cloud_migrationRISC Networks
 
Evaluating the Cloud
Evaluating the CloudEvaluating the Cloud
Evaluating the CloudSociusPartner
 
Building Multi-tenant, Configurable, High Quality Applications on .NET for an...
Building Multi-tenant, Configurable, High Quality Applications on .NET for an...Building Multi-tenant, Configurable, High Quality Applications on .NET for an...
Building Multi-tenant, Configurable, High Quality Applications on .NET for an...Techcello
 

Similar to Don't Get Schooled: Performance and Security Tips from a Leading Education SaaS Company (20)

SSL for SaaS Providers
SSL for SaaS ProvidersSSL for SaaS Providers
SSL for SaaS Providers
 
The Network Fabric for Your Digital Transformation
The Network Fabric for Your Digital TransformationThe Network Fabric for Your Digital Transformation
The Network Fabric for Your Digital Transformation
 
Scaling to millions of users with Amazon CloudFront - April 2017 AWS Online T...
Scaling to millions of users with Amazon CloudFront - April 2017 AWS Online T...Scaling to millions of users with Amazon CloudFront - April 2017 AWS Online T...
Scaling to millions of users with Amazon CloudFront - April 2017 AWS Online T...
 
SD-WAN - comSpark 2019
SD-WAN - comSpark 2019SD-WAN - comSpark 2019
SD-WAN - comSpark 2019
 
Migration Recipes for Success - AWS Summit Cape Town 2017
Migration Recipes for Success - AWS Summit Cape Town 2017 Migration Recipes for Success - AWS Summit Cape Town 2017
Migration Recipes for Success - AWS Summit Cape Town 2017
 
What’s New at Cloudflare: New Product Launches
What’s New at Cloudflare: New Product LaunchesWhat’s New at Cloudflare: New Product Launches
What’s New at Cloudflare: New Product Launches
 
F5 TLS & SSL Practices
F5 TLS & SSL PracticesF5 TLS & SSL Practices
F5 TLS & SSL Practices
 
Building multi tenant highly secured applications on .net for any cloud - dem...
Building multi tenant highly secured applications on .net for any cloud - dem...Building multi tenant highly secured applications on .net for any cloud - dem...
Building multi tenant highly secured applications on .net for any cloud - dem...
 
Techcello hp-arch workshop
Techcello hp-arch workshopTechcello hp-arch workshop
Techcello hp-arch workshop
 
Can Your Mobile Infrastructure Survive 1 Million Concurrent Users?
Can Your Mobile Infrastructure Survive 1 Million Concurrent Users?Can Your Mobile Infrastructure Survive 1 Million Concurrent Users?
Can Your Mobile Infrastructure Survive 1 Million Concurrent Users?
 
Bp101-Can Domino Be Hacked
Bp101-Can Domino Be HackedBp101-Can Domino Be Hacked
Bp101-Can Domino Be Hacked
 
RapidScale Product Training
RapidScale Product TrainingRapidScale Product Training
RapidScale Product Training
 
Dynamic Content Acceleration: Lightning Fast Web Apps with Amazon CloudFront ...
Dynamic Content Acceleration: Lightning Fast Web Apps with Amazon CloudFront ...Dynamic Content Acceleration: Lightning Fast Web Apps with Amazon CloudFront ...
Dynamic Content Acceleration: Lightning Fast Web Apps with Amazon CloudFront ...
 
Cloudera training: secure your Cloudera cluster
Cloudera training: secure your Cloudera clusterCloudera training: secure your Cloudera cluster
Cloudera training: secure your Cloudera cluster
 
Open Standards Enabling Digital Transformation
Open Standards Enabling Digital TransformationOpen Standards Enabling Digital Transformation
Open Standards Enabling Digital Transformation
 
Back to Front Vision for Mithi's Collaboration Environment
Back to Front Vision for Mithi's Collaboration Environment Back to Front Vision for Mithi's Collaboration Environment
Back to Front Vision for Mithi's Collaboration Environment
 
Meeting Archive: A Simple Step to Gain 33% Performance Improvements in Reques...
Meeting Archive: A Simple Step to Gain 33% Performance Improvements in Reques...Meeting Archive: A Simple Step to Gain 33% Performance Improvements in Reques...
Meeting Archive: A Simple Step to Gain 33% Performance Improvements in Reques...
 
Risc and velostrata 2 28 2018 lessons_in_cloud_migration
Risc and velostrata 2 28 2018 lessons_in_cloud_migrationRisc and velostrata 2 28 2018 lessons_in_cloud_migration
Risc and velostrata 2 28 2018 lessons_in_cloud_migration
 
Evaluating the Cloud
Evaluating the CloudEvaluating the Cloud
Evaluating the Cloud
 
Building Multi-tenant, Configurable, High Quality Applications on .NET for an...
Building Multi-tenant, Configurable, High Quality Applications on .NET for an...Building Multi-tenant, Configurable, High Quality Applications on .NET for an...
Building Multi-tenant, Configurable, High Quality Applications on .NET for an...
 

More from Meghan Weinreich

What's Inside Cloudflare Mobile SDK
What's Inside Cloudflare Mobile SDKWhat's Inside Cloudflare Mobile SDK
What's Inside Cloudflare Mobile SDKMeghan Weinreich
 
Introducing Cloudflare Workers
Introducing Cloudflare WorkersIntroducing Cloudflare Workers
Introducing Cloudflare WorkersMeghan Weinreich
 
Securing Internal Applications with Cloudflare Access - April 2018
Securing Internal Applications with Cloudflare Access - April 2018Securing Internal Applications with Cloudflare Access - April 2018
Securing Internal Applications with Cloudflare Access - April 2018Meghan Weinreich
 
How India’s Largest Eyewear Retailer Prepares to Scale their Ecommerce Platfo...
How India’s Largest Eyewear Retailer Prepares to Scale their Ecommerce Platfo...How India’s Largest Eyewear Retailer Prepares to Scale their Ecommerce Platfo...
How India’s Largest Eyewear Retailer Prepares to Scale their Ecommerce Platfo...Meghan Weinreich
 
Optimizing Speed & Security of Oracle Commerce Sites Using Cloudflare
Optimizing Speed & Security of Oracle Commerce Sites Using CloudflareOptimizing Speed & Security of Oracle Commerce Sites Using Cloudflare
Optimizing Speed & Security of Oracle Commerce Sites Using CloudflareMeghan Weinreich
 

More from Meghan Weinreich (6)

What's Inside Cloudflare Mobile SDK
What's Inside Cloudflare Mobile SDKWhat's Inside Cloudflare Mobile SDK
What's Inside Cloudflare Mobile SDK
 
Introducing Cloudflare Workers
Introducing Cloudflare WorkersIntroducing Cloudflare Workers
Introducing Cloudflare Workers
 
Securing Internal Applications with Cloudflare Access - April 2018
Securing Internal Applications with Cloudflare Access - April 2018Securing Internal Applications with Cloudflare Access - April 2018
Securing Internal Applications with Cloudflare Access - April 2018
 
How India’s Largest Eyewear Retailer Prepares to Scale their Ecommerce Platfo...
How India’s Largest Eyewear Retailer Prepares to Scale their Ecommerce Platfo...How India’s Largest Eyewear Retailer Prepares to Scale their Ecommerce Platfo...
How India’s Largest Eyewear Retailer Prepares to Scale their Ecommerce Platfo...
 
Cloudflare Access
Cloudflare AccessCloudflare Access
Cloudflare Access
 
Optimizing Speed & Security of Oracle Commerce Sites Using Cloudflare
Optimizing Speed & Security of Oracle Commerce Sites Using CloudflareOptimizing Speed & Security of Oracle Commerce Sites Using Cloudflare
Optimizing Speed & Security of Oracle Commerce Sites Using Cloudflare
 

Recently uploaded

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 

Recently uploaded (20)

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 

Don't Get Schooled: Performance and Security Tips from a Leading Education SaaS Company

  • 1. Don't Get Schooled Performance and Security Tips from a Leading SaaS Education Company
  • 2. David Kensiski Director of Technical Infrastructure Christian Paulus Head of Product Marketing Speakers
  • 3. Agenda • SSL for SaaS customer challenges and solution • School Loop case study • Questions & Answers
  • 4. SYSTEM DDoS Attack Attack traffic impacts availability or performance Data Theft Attempt Compromise of sensitive customer data Bots Prevent malicious bots from abusing site or application Customer Web Performance & Security Challenges 1. Fast across the globe Provide stellar performance for any website, app and API anywhere in the world 2. Rich user experience Optimize engagement, increase conversions, and reduce costs, across mobile and any other screen 3. Spiky and seasonal traffic Keep applications fast, available, and scalable, when it matters most SECURITY PERFORMANCE
  • 5. © 2017 Cloudflare Inc. All rights reserved. SaaS Provider Unencrypted but Branded Vanity Domain Custom vanity domains without SSL lack performance benefits of SSL and secure data transfer, making them vulnerable to snooping and content being modified or injected before reaching visitors. Challenging In-House Approach SaaS providers who want encrypted branded custom domains can either manually manage SSL lifecycles, resulting in long deployment times and overhead costs, or build a complex automated in-house solution. ✕ http://support.customer.com SSL Encrypted but Unbranded Domain Domains which have SSL enabled through a SaaS provider lack a custom vanity domain, resulting in brand degradation and lower SEO rankings. 🔒 https://customer.saascompany.com SSL 🔒 https://support.customer.com Customer Vanity Domain Branded Customer using SaaS Provider Subdomain Non branded Customer Vanity Domain Branded No SSL SaaS Provider SaaS Provider SaaS Customer Challenges
  • 7. Branded Visitor Experiences Full brand recognition for end users through a CNAME’d vanity URL. SaaS Provider Rapid SSL Deployments Cloudflare immediately transmits new certificate requests, propagating them to the edge and bringing HTTPS online in less than 2 minutes on average. Automated Lifecycle Management Cloudflare manages the entire SSL lifecycle for both SaaS providers and end users, requiring no ongoing effort by either party. Customer Branded Domain SSLSSL 1. Purchases SSL certificate from authority 2. Provisions and manages certificate for customer vanity domains 3. Automatically renews certificates for customer vanity domains Secure and Performant Website Secure the transmission of visitor data over HTTPS and offer end users the performance benefits of the HTTP/2 protocol, only available with SSL. 🔒 https://support.customer.com Cloudflare SSL for SaaS
  • 8. SaaS portal and communications for K12 schools • 3.8 million users • 4,000 schools in 30 states Parents & Students
  • 9. Plan • Curriculum Groups • Resource management Teach • Digital Classroom • Student Dashboards • Gradebook Communicate • Mobile App • Personal E-mail Newsletter • Multi-lingual Calling • Loop Mail • Websites • 508 Compliance Support • Learning Management Team • Student Tracker • Student Record • Afterschool Professional Integrate • Google • Assessment Systems • OpenLoop API School Loop Capabilities - Highlights
  • 10. System needs to perform and be available to users Seasonal traffic • Beginning of school year • Grading deadline • End of school year Traffic spikes • 11th hour homework submission Security • Legal responsibility • Ethical responsibility • Contractual responsibility Branded customer domain Business Requirements
  • 11. System has to be responsive and available Ability to cope with seasonal traffic and spikes Protect against snooping Technical Requirements Protect against DDoS attacks Support custom domains with branded user experience
  • 12. Life Before Cloudflare Frequent DDOS attacks Log-in redirects to an un-branded, but protected domain http://School-name.k12.ca.us No SSL Branded domain SSL protected Unbranded domain https://School-name-ca.schoolloop.com
  • 13. Why Cloudflare? Increasing DDOS attacks drove vendor. Criteria were: Price and performance Ease of implementation Reputation of vendor Cloudflare was selected in 2013
  • 14. DDOS PROTECTION Cloudflare Solution Today Coded API tools to managed DNS, Page Rules, Logs WAF with firewall rules to challenge international traffic Early adopter of Managed CNAME Page Rules SSL for SaaS Argo Smart Routing Expanded usage since 2013:
  • 15. Cloudflare Solution Details: SSL for SaaS Set Up DB DB Perl Script Three Activities Call the customers’ DNS 1. Validates if Cname is properly set up Call the Cloudflare API 2. HTTP GET -- Status: Have we already enabled the domain for SSL for SaaS? 3. HTTP POST -- turn on SSL for SaaS
  • 16. Cloudflare Solution Details DDoS / WAF • Enable most WAF rules • Manually disable those that “break” services i.e. our CMS triggers a false positive for cross-site posting Firewall rules • Present CAPTCHA for all non-US traffic Argo Smart Routing • Just throw the switch and it works
  • 17. How has Cloudflare helped? Outages due to DDoS went to virtually nil SY 2012/13 SY 2016/17 20 0 uptime drops close to 99.9% uptime over 99.995%
  • 18. Branded and Encrypted Domains with SSL for SaaS https://chavez.husd.us/ https://cvz-haywardusd-ca.schoolloop.com/
  • 20. DDoS easy to set up • Migrate and clean up DNS records • Update NS with registrar • Less easy to manage • Early GUI sucked; wrote CFdns API • Wrote cf2tinydns translator to pull CF records for split horizon Cloudflare set up / deployment SSL for SaaS – perl script makes API calls Argo • Just switch on 2 hrs to retrofit DNS API to work for SSL for SaaS 3 hrs to query DB, poll DNS, query CF, post CF and test
  • 21. Experiences / lessons learned DDoS Argo SSL for SaaS Why would you mitigate your own DDoS? Life got so much simpler with Cloudflare. Just switch it on and monitor the performance gains. Easy set up. School districts can now hand out a paper on the first school day with the right URL / domain. It just works—don’t go through a lot of hassle building it yourself.