Sitecore Managed Cloud Standard (MCS) customers who additionally purchase Cloudflare services through Sitecore benefit from the following support commitments in relation to their Cloudflare deployment.
Sitecore has partnered with Cloudflare to extend their security suite to our customers Sitecore Managed Cloud deployment. This article defines the roles and responsibilities of each of the parties involved. RACI= Responsible, Accountable, Consulted, Informed
Cloudflare RACI - Managed Cloud Standard (MCS) – Activation and Termination
| Customer/Partner | Sitecore | |
| Account Creation & Service Activation | C/I | R/A |
| Consumption Reporting | C/I | R/A |
| Termination | A | R |
Cloudflare RACI - Managed Cloud Standard (MCS) – Initial Setup and Onboarding
| Customer/Partner | Sitecore | Cloudflare | |
| Initial WAF (Web Application Firewall) setup and integration with Sitecore CD (Continuous Deployment) role in standard Sitecore topologies | C/I | R/A | I |
| Configure HTTP and HTTPS Listeners | R/A | C/I | I |
| Configure WAF logging to App Insights | R | A | I |
| Configure Cloudflare Dashboard to visualize basic WAF metrics on the customer request | R/A | C/I | I |
| Configure Detection or Prevention mode for the WAF | R | A | I |
| Decide if WAF should be in Detection or Prevention mode based on the evaluation of WAF logging and validation of all Sitecore CD functionality | R/A | C/I | I |
| DNS changes necessary to redirect from your Azure Sitecore CD to the new Public IP | R/A | C/I | I |
| Provide PFX certificates for Sitecore CD role | R/A | C/I | N/A |
Cloudflare RACI - Managed Cloud Standard (MCS) – Ongoing Operations
| Customer/Partner | Sitecore | Cloudflare | |
| Manage WAF settings such as rulesets, policies, and listeners in addition to HTTP/HTTPS | R/A | C/I | I |
| * Configuring or converting rewrite and re-direct rules from other providers using feed files | |||
| * Configuring Egress and Ingress firewall rules including batch create/update | |||
| * Configuring different load balancing algorithms in Cloudflare’s load balancers | |||
| * Configuring/customizing, enabling, disabling WAF rules including batch management | |||
| * Overwriting request headers - including a host header - including batch management |
|||
| Update WAF certificate changes | R/A | C/I | I |
| Assistance with production incidents related to WAF | C/I | R/A | I |
| Advanced troubleshooting Sitecore application challenges related to WAF | C/I | R/A | N/A |
| Onboarding new domains and SSL (Secure Sockets Layer) certificates | R/A | C/I | N/A |
| SIEM (Security Incident Event Management) Log storage + integration with third-party tools | R/A | C/I | I |
| Tabletop drills/ Security Incident Response Plan | R/A | C/I | I |
| Customer specific Network Security Strategy and Governance | R/A | C/I | I |
| Configuring CDN (Content Delivery Network) cache rules | R/A | C/I | I |
| * Procedure for communicating with Cloudflare in the event of DDoS (Distributed Denial of Service) attack that is not handled out of the box | C/I | R/A | R/A |
Note: