As the SaaS market continues to swell and become an integral component of business infrastructure, performance and security remains top-of-mind for both SaaS providers and their customers. Underperforming applications and those vulnerable to attacks will inevitably experience a negative impact on revenue, end-user engagement, brand reputation, and customer churn.
View this presentation featuring our customer expert from School Loop, a SaaS portal for K-12 schools to communicate internally within schools and externally with students and parents. You will learn:
-How School Loop accelerates performance of their application used by 3 million students and parents, even during periods of seasonal or spiky traffic
-How to prevent breaches of confidential data and communications via SSL
-The benefits of setting up a branded, user friendly custom domain for your customers
-How you can ensure uptime against DDoS attacks with the help of Cloudflare
3. Agenda
• SSL for SaaS customer challenges and solution
• School Loop case study
• Questions & Answers
4. SYSTEM
DDoS Attack
Attack traffic impacts
availability or performance
Data Theft Attempt
Compromise of sensitive
customer data
Bots
Prevent malicious bots from
abusing site or application
Customer Web Performance & Security Challenges
1. Fast across the globe
Provide stellar performance for any
website, app and API anywhere in the
world
2. Rich user experience
Optimize engagement, increase
conversions, and reduce costs, across
mobile and any other screen
3. Spiky and seasonal traffic
Keep applications fast, available, and
scalable, when it matters most
SECURITY PERFORMANCE
7. Branded Visitor Experiences
Full brand recognition for end users through
a CNAME’d vanity URL.
SaaS
Provider
Rapid SSL Deployments
Cloudflare immediately transmits new
certificate requests, propagating them to the
edge and bringing HTTPS online in less
than 2 minutes on average.
Automated Lifecycle Management
Cloudflare manages the entire SSL lifecycle for both SaaS
providers and end users, requiring no ongoing effort by
either party.
Customer Branded
Domain
SSLSSL
1. Purchases
SSL certificate
from authority
2. Provisions and
manages certificate
for customer vanity
domains
3. Automatically
renews certificates
for customer vanity
domains
Secure and Performant Website
Secure the transmission of visitor data over HTTPS
and offer end users the performance benefits of the
HTTP/2 protocol, only available with SSL.
🔒 https://support.customer.com
Cloudflare SSL for SaaS
9. Plan
• Curriculum Groups
• Resource management
Teach
• Digital Classroom
• Student Dashboards
• Gradebook
Communicate
• Mobile App
• Personal E-mail Newsletter
• Multi-lingual Calling
• Loop Mail
• Websites
• 508 Compliance
Support
• Learning Management Team
• Student Tracker
• Student Record
• Afterschool Professional
Integrate
• Google
• Assessment Systems
• OpenLoop API
School Loop Capabilities - Highlights
10. System needs to perform
and be available to users
Seasonal traffic
• Beginning of school year
• Grading deadline
• End of school year
Traffic spikes
• 11th hour homework submission
Security
• Legal responsibility
• Ethical responsibility
• Contractual responsibility
Branded customer domain
Business Requirements
11. System has to be responsive
and available
Ability to cope with seasonal
traffic and spikes
Protect against snooping
Technical Requirements
Protect against DDoS attacks
Support custom domains with
branded user experience
12. Life Before Cloudflare
Frequent DDOS attacks
Log-in redirects to an un-branded,
but protected domain
http://School-name.k12.ca.us
No SSL Branded domain
SSL
protected
Unbranded domain
https://School-name-ca.schoolloop.com
13. Why Cloudflare?
Increasing DDOS attacks drove vendor. Criteria were:
Price and performance
Ease of implementation
Reputation of vendor
Cloudflare was selected in 2013
14. DDOS PROTECTION
Cloudflare Solution Today
Coded API tools to managed
DNS, Page Rules, Logs
WAF with firewall rules to challenge
international traffic
Early adopter of Managed CNAME
Page Rules
SSL for SaaS
Argo Smart Routing
Expanded usage since 2013:
15. Cloudflare Solution Details: SSL for SaaS Set Up
DB
DB
Perl
Script
Three Activities
Call the customers’ DNS
1. Validates if Cname is properly set up
Call the Cloudflare API
2. HTTP GET -- Status: Have we already
enabled the domain for SSL for SaaS?
3. HTTP POST -- turn on SSL for SaaS
16. Cloudflare Solution Details
DDoS / WAF
• Enable most WAF rules
• Manually disable those that “break” services
i.e. our CMS triggers a false positive for cross-site posting
Firewall rules
• Present CAPTCHA for all non-US traffic
Argo Smart Routing
• Just throw the switch and it works
17. How has Cloudflare helped?
Outages due to DDoS
went to virtually nil
SY 2012/13 SY 2016/17
20
0
uptime drops close
to 99.9%
uptime over
99.995%
18. Branded and Encrypted Domains with SSL for SaaS
https://chavez.husd.us/
https://cvz-haywardusd-ca.schoolloop.com/
20. DDoS easy to set up
• Migrate and clean up DNS records
• Update NS with registrar
• Less easy to manage
• Early GUI sucked; wrote CFdns API
• Wrote cf2tinydns translator to pull
CF records for split horizon
Cloudflare set up / deployment
SSL for SaaS – perl script makes API calls
Argo
• Just switch on
2 hrs
to retrofit DNS API
to work for SSL for SaaS
3 hrs
to query DB, poll DNS,
query CF, post CF and test
21. Experiences / lessons learned
DDoS
Argo
SSL for SaaS
Why would you mitigate your
own DDoS? Life got so much
simpler with Cloudflare.
Just switch it on and monitor
the performance gains.
Easy set up. School districts can now
hand out a paper on the first school day
with the right URL / domain. It just
works—don’t go through a lot of hassle
building it yourself.