Privileged access to infrastructure with Cloudflare

Extend zero trust controls to sensitive infrastructure resources

Cloudflare simplifies access, authentication, authorization, and auditing for infrastructure targets (SSH, RDP) — without disrupting developer workflows.

Talk to an expert Read the solution brief

THE CLOUDFLARE DIFFERENCE

Reduce risks

Prevent SSH key leaks and mitigate RDP vulnerabilities that can leave sensitive infrastructure exposed.

Streamline operations

Avoid the complexity of legacy privileged access management (PAM) or DIY solutions, with a simple, granular policy editor and audit logging built in.

Support developer workflows

Implement Zero Trust controls that don’t disrupt developer, DevOps, or site reliability engineering (SRE) teams’ native workflows.

Consolidate tools

Achieve secure developer access to infrastructure and broader VPN replacement through the same Zero Trust Network Access (ZTNA) service.

HOW IT WORKS

Converging privileged infrastructure access with ZTNA

Cloudflare is natively rebuilding acquired technology¹ from BastionZero into the existing ZTNA service to simplify operations for secure infrastructure access.

Create zero trust access policies for target machines and specify ports, protocols, and user connection context (e.g., root or ec2-user).
Maintain developer agility by fitting into their existing SSH workflows — no special CLIs or commands. Authenticate using identity and device context.
Provide browser-based RDP access for contractors and unmanaged devices through a high-performance proxy. No more Guacamole.
Support compliance auditing requirements by providing clear visibility and logging every end-user SSH command.

Ready to streamline infrastructure access management?

WHY CLOUDFLARE

Cloudflare’s connectivity cloud strengthens security while simplifying operations

Cloudflare’s unified platform of cloud-native security and connectivity services is the ideal foundation for application, Internet, and infrastructure access:

Simpler implementation

Add new target resources and users quickly with unified management, flexible on-ramps, and intuitive automation through API and Terraform.

End user experience

Deliver consistent, low-latency performance everywhere, with security services designed to run in all Cloudflare data centers.

Agile architecture

Enhance your SASE implementation more efficiently with one control plane and composable, cloud-native services that you can deploy in any order.

Converged protection

Consolidate existing point solutions for public and private traffic, and accelerate your efforts to modernize security and networking.

Resources

Slide 1 of 3

Blog

Understand how Cloudflare’s short-lived SSH certificates help bring zero trust principles to infrastructure.

Read blog

Blog

Learn about Cloudflare’s high-performance RDP proxy that provides clientless infrastructure access for unmanaged devices.

Read blog

Documentation

See how to configure target resources (like SSH or RDP servers), access policies, command logging, and more.

Read technical docs

Blog

Understand how Cloudflare’s short-lived SSH certificates help bring zero trust principles to infrastructure.

Read blog

Blog

Learn about Cloudflare’s high-performance RDP proxy that provides clientless infrastructure access for unmanaged devices.

Read blog

Documentation

See how to configure target resources (like SSH or RDP servers), access policies, command logging, and more.

Read technical docs

Blog

Understand how Cloudflare’s short-lived SSH certificates help bring zero trust principles to infrastructure.

Read blog

Blog

Learn about Cloudflare’s high-performance RDP proxy that provides clientless infrastructure access for unmanaged devices.

Read blog

Documentation

See how to configure target resources (like SSH or RDP servers), access policies, command logging, and more.

Read technical docs