You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/content/docs/reference-architecture/design-guides/extending-cloudflares-benefits-to-saas-providers-end-customers.mdx
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -107,18 +107,18 @@ For enhanced security, rather than exposing your application servers directly to
107
107
108
108
This setup is ideal for SaaS providers that do not need granular load balancing, such as [geo-based traffic steering](/load-balancing/understand-basics/traffic-steering/), across multiple origin servers. It's also well-suited for simple testing and development environments, where [protecting your origin server](/fundamentals/basic-tasks/protect-your-origin-server/) by only allowing requests through the Cloudflare Tunnel is sufficient. However, for distributed applications requiring load balancing at both global and local levels, we recommend using [Cloudflare's Load Balancer](/load-balancing/) with global and local traffic management capabilities.
109
109
110
-
### Global Traffic Management (GTM) & Local Traffic Management (LTM) as custom origin setup
110
+
### Global Traffic Management (GTM) & Private Network Load Balancing as custom origin setup
111
111
112
112
Cloudflare offers a powerful set of load balancing capabilities. These allow you to reliably steer traffic to different origin servers where your SaaS applications are hosted, whether through public hostnames (as described above) or private IP addresses. This setup helps prevent origin overload by distributing traffic across multiple servers and enhances security by only permitting requests through the Cloudflare Tunnel.
113
113
114
-
![Figure 4: Global Traffic Management (GTM) & Local Traffic Management (LTM) as custom origin setup.](~/assets/images/reference-architecture/extending-cloudflares-benefits-to-saas-providers-end-customers/gtm-ltm-custom-origin-setup.svg"Figure 4: Global Traffic Management (GTM) & Local Traffic Management (LTM) as custom origin setup.")
114
+
![Figure 4: Global Traffic Management (GTM) & Private Network Load Balancing as custom origin setup.](~/assets/images/reference-architecture/extending-cloudflares-benefits-to-saas-providers-end-customers/gtm-ltm-custom-origin-setup.svg"Figure 4: Global Traffic Management (GTM) & Private Network Load Balancing as custom origin setup.")
115
115
116
116
1. The custom hostname (`custom.example.com`) is configured as a CNAME record pointing to a Cloudflare [regionalized Load Balancer](/data-localization/how-to/load-balancing/) (`eu-lb.myappexample.com`). This ensures that all processing, including TLS termination, takes place within a specified geographic region. Additionally, the SaaS provider needs to set up the load balancer as the [custom origin](/cloudflare-for-platforms/cloudflare-for-saas/start/advanced-settings/custom-origin/) for the custom hostname.
117
-
2. The regional load balancer is set up with [origin pools](/load-balancing/pools/) to distribute requests across multiple downstream servers. Each pool can be configured to use either [public hostnames](/cloudflare-one/connections/connect-networks/routing-to-tunnel/) with Global Traffic Management (GTM) or [private network](/cloudflare-one/connections/connect-networks/private-net/) addresses with Local Traffic Management (LTM). In the diagram above, we utilize both options:
117
+
2. The regional load balancer is set up with [origin pools](/load-balancing/pools/) to distribute requests across multiple downstream servers. Each pool can be configured to use either [public hostnames](/cloudflare-one/connections/connect-networks/routing-to-tunnel/) with Global Traffic Management (GTM) or [private network](/cloudflare-one/connections/connect-networks/private-net/) addresses with Private Network Load Balancing. In the diagram above, we utilize both options:
118
118
- Origin pool 1 uses the [Cloudflare Tunnel hostname](/cloudflare-one/connections/connect-networks/routing-to-tunnel/dns/) (`<UUID>.cfargotunnel.com`) as the endpoint or origin server for handling those requests.
119
119
When using a public hostname, it is necessary to set the [HTTP host header value](/load-balancing/additional-options/override-http-host-headers/) to match the public hostname configured and exposed by the [Cloudflare Tunnel](/cloudflare-one/connections/connect-networks/). This ensures that the origin server can correctly route the incoming requests.
120
120
- Origin pool 2 uses the private IP address or private network (that is, `10.0.0.5`) within the SaaS provider's internal network, where the SaaS application resides. This pool must be configured to operate within the specified [virtual network](/cloudflare-one/connections/connect-networks/private-net/cloudflared/tunnel-virtual-networks/) to ensure proper routing of requests.
121
-
3. Cloudflare Tunnel exposes both [public hostnames](/cloudflare-one/connections/connect-networks/routing-to-tunnel/) with GTM and [private networks](/cloudflare-one/connections/connect-networks/private-net/) (private IPs) with LTM.
121
+
3. Cloudflare Tunnel exposes both [public hostnames](/cloudflare-one/connections/connect-networks/routing-to-tunnel/) with GTM and [private networks](/cloudflare-one/connections/connect-networks/private-net/) (private IPs) with Private Network Load Balancing.
122
122
123
123
For enhanced granularity in application serving and scalability, it is generally recommended to use private networks rather than public hostnames. Private networks enable Cloudflare to preserve and accurately pass the host header to the origin server. In contrast, when using public hostnames, providers must configure the [header value](/load-balancing/additional-options/override-http-host-headers/) on the load balancer, which is restricted to one public hostname per load balancer endpoint, potentially limiting flexibility.
0 commit comments