Cloudflare to power new Microsoft VPN

“A recently-discovered support page on Microsoft’s website details the “Microsoft Edge Secure Network” feature, which provides data encryption and prevents online tracking, courtesy of Cloudflare.“

https://www.xda-developers.com/microsoft-edge-built-in-vpn-p…

Sounds like this may be similar to NET’s existing VPN service, but seems to me like a big deal this will be built in to the default Windows browser.

Paul

31 Likes

Thanks for this Paul. I agree with you when you wrote… seems to me like a big deal this will be built in to the default Windows browser.

This is not even yet an available feature and it’s all over the Internet!

https://support.microsoft.com/en-us/topic/use-the-microsoft-…

I don’t see how MicroSoft isn’t saying that Cloudflare has pole position at least in this. I like to see further confirmation of Peter Offringas’ recent post on Hyperscalers getting out of the way of the more nimble providers of many backbone Saas services (eg: MongoDB, Snowflack, Crowdstrike), the article is posted on softwarestackinvestimg.com and was acknowledged by Saul as ‘brilliant’ here. I believe Cloudflare now to be included in this list (or is this announcement by MS not as big a deal as I believe?).
PeterO
As the independents sold more cloud-based software services, the hyperscalers generated revenue from the underlying storage and compute. While this growth threatened the hyperscaler look-alike products on the surface, the hyperscalers acknowledged that those dedicated product teams also incurred high cost. Their operating margin from some software services might be higher by co-selling an independent’s service than supporting an internal competing team.

I’m looking to add to my now 14% position in Cloudflare😄

Best,

Jason

10 Likes

Thanks for the feedback. I also found this announcement to be very interesting, on a few levels. First, it represents another case where a major Internet software/infrastructure provider chose to partner with Cloudflare to power this capability. If it were straightforward to implement, they presumably would have rolled their own solution. However, given that these users could be located all over the globe, Cloudflare’s network provides inherent advantages in serving this kind of traffic cheaply and efficiently.

Further, the fact that Microsoft partnered with Cloudflare for this is even more intriguing. Of all the hyperscalers, Microsoft has developed the most stand-alone security offerings (identity, endpoint as examples). A partnership with Cloudflare on this feature might portend other collaborative efforts between the two. We know that Cloudflare has publicly positioned themselves against AWS (R2 and egress fees as an example). Microsoft may like that posturing and leverage Cloudflare as a competitive counterweight against AWS. There may be other enterprise network connectivity and zero trust services for which Microsoft and Cloudflare could partner.

These moves also highlight the strength of Cloudflare’s network and the unique position that their fully distributed architecture enables. They just announced having presence in 275 (was 250+ previously) independent locations globally (https://blog.cloudflare.com/new-cities-april-2022-edition/). They refer to these as “cities”, which translate into one or more data centers clustered around large population centers. The purpose is to provide a local onramp to Cloudflare network services with close geographic proximity to the majority of the world’s population.

The important aspect of Cloudflare’s architecture to appreciate is that all servers in every data center run the same set of Cloudflare services in parallel. This is contrasted with the hyperscalers somewhat, where different services may be located in each separate data center (whether one of the large central data centers or the newer “edge” locations). For application hosting, the hyperscaler customer has to designate a particular location or “availability zone”. With Cloudflare’s network, application code runs in every location in parallel. The world is the availability zone. Code and data reside in the network itself.

This total distribution of services is what allows Cloudflare to handle workloads like Microsoft’s Edge Secure Network very efficiently. It also provides performance advantages for applications that need high responsiveness. As Cloudflare adds more data storage solutions (KV, Durable Objects and now R2), new interesting use cases emerge for data distribution as well as supporting richer application features. With Cloudflare for Offices (https://blog.cloudflare.com/cloudflare-for-offices/), the number of location will magnify further. Even for these hyperlocal points of presence, Cloudflare intends to maintain the same run-everywhere architectural pattern.

Granted, some of this is future-facing and requires use cases to evolve, but the architectural advantages are creating a competitive moat for Cloudflare that will be hard for competitors to bridge.

  • Peter Offringa, Software Stack Investing (@StackInvesting)
76 Likes

The link provided in the OP positions Microsoft Edge Secure Network as a rebranded Cloudflare 1.1.1.1 service (which is free to all from Cloudflare), but MS Edge Secure Network appears to be more than that. Cloudflare’s 1.1.1.1 service doesn’t encrypt anything - it’s simply a DNS Resolver. You use it for security, speed and privacy from your ISP.

The MS Edge Secure Network appears to be a rebranded Cloudflare WARP / WARP+ (see https://blog.cloudflare.com/announcing-warp-plus/ for information on that). Hard for me to tell at this point. WARP is free, while WARP+ is a pay-for service that’s faster, but has the same kind of per bandwidth limitations/cost that MS is offering.

First, it represents another case where a major Internet software/infrastructure provider chose to partner with Cloudflare to power this capability. If it were straightforward to implement, they presumably would have rolled their own solution. However, given that these users could be located all over the globe, Cloudflare’s network provides inherent advantages in serving this kind of traffic cheaply and efficiently.

Another possibility is that Microsoft is getting this free, or close to free, from Cloudflare. From Cloudflare’s WARP blog (see link above), Cloudflare is trying to get this widely adopted and making as much of it as they can free. Building WARP directly into Windows removes the install process and reduces setup to be very simple. It’s impossible for us to know at this time whether MS is paying anything to Cloudflare for this service. It could be a small amount. It could even be that Cloudflare told MS they’d provide it for free, but that the money (or some portion) collected from over 1GB usage fees would go to Cloudflare. So, for MS this becomes a security feature for their product that costs them practically nothing.

18 Likes