Sitecore Managed Cloud Premium (MCP) customers who additionally purchase Cloudflare services through Sitecore benefit from the following support commitments in relation to their Cloudflare deployment.
Sitecore has partnered with Cloudflare to extend their security suite to our customers Sitecore Managed Cloud deployment. This article defines the roles and responsibilities of each of the parties involved.
Cloudflare RACI - Managed Cloud Premium – Activation and Termination
| Customer/Partner | Sitecore | |
| Account Creation and Service Activation | C/I | R/A |
| Consumption Reporting | C/I | R/A |
| Termination | A | R |
Cloudflare RACI - Managed Cloud Premium – Initial Setup and Onboarding
| Customer/Partner | Sitecore | |
| Initial AG + WAF (Web Application Firewall) setup and integration with Sitecore CD (Continuous Deployment) role in standard Sitecore topologies | C/I | R/A |
| Configure basic HTTP and HTTPS Listeners | C/I | R/A |
| Configure WAF logging to App Insights | C/I | R/A |
| Configure Cloudflare Dashboard to visualize basic WAF metrics on the customer request | C/I | R/A |
| Configure AG + WAF diagnostic setting to OMS | C/I | R/A |
| Configure Prevention mode for the WAF on the initial setup | C/I | R/A |
| Configure default WAF settings such as rulesets, policies on the initial setup | C/I | R/A |
| Update Sitecore CD availability test to AG | C/I | R/A |
| DNS changes necessary to redirect from your Azure Sitecore CD to the new Public IP | R/A | C/I |
| Troubleshooting Sitecore application challenges related to WAF | R/A | C/I |
| Provide PFX certificates for Sitecore CD role | R/A | C/I |
Cloudflare RACI - Managed Cloud Premium – Ongoing Operations
| Customer/Partner | Sitecore | |
| Manage WAF settings such as rulesets, policies, and listeners in addition to HTTP/HTTPS | R/A | C/I |
| Decide if WAF should be in Detection or Prevention mode based on the evaluation of WAF logging and validation of all Sitecore CD functionality | ||
| Troubleshooting Sitecore application challenges related to WAF | ||
| * Configuring or converting rewrite and re-direct rules from other providers using feed files | ||
| * Configuring Egress and Ingress firewall rules including batch create/update | ||
| * Configuring different load balancing algorithms in Cloudflare’s load balancers | ||
| * Configuring/customizing, enabling, disabling WAF rules including batch management | ||
| * Overwriting request headers including a host header including batch management | ||
| Adjust WAF scale units according to capacity and needs | R | A |
| Update WAF certificate changes | C/I | R/A |
| Assistance with production incidents related to WAF | C/I | R/A |
| Troubleshooting Sitecore application challenges related to WAF | C/I | R/A |
| Onboarding new domains and SSL (Secure Sockets Layer) certificates | C/I | R/A |
| SIEM Log storage + integration with third-party tools | R/A | C/I |
| Tabletop drills/ Security Incident Response Plan | R/A | C/I |
| Customer specific Network Security Strategy and Governance | R/A | C/I |
| Configuring CDN (Content Delivery Network) cache rules | R/A | C/I |
| * Procedure for communicating with Cloudflare in the event of DDoS (Distributed Denial of Service) attack that is not handled out of the box | R/A | C/I |
| * Automating load balancer backend pool management as part of CI/CD process | R/A | C/I * |
| * Automating deployment and management of items 1 to 8 from the above list through Azure DevOps pipelines | R/A | C/I * |
Notes: