![The [K]nightly Build](https://i0.wp.com/blog.jaysonknight.com/wp-content/uploads/2017/09/cropped-26f1e054-6d0a-4dbe-b149-bb75f4070a84.png?fit=500%2C292&ssl=1){kind=small}
I’ve been playing around with CloudFlare’s ZeroTrust Architecture as a Service for the past few months, and honestly it’s been one of those “why didn’t I do this sooner to my HomeLab” moments over and over. Implementing ZTA has completely overhauled my architecture, and best of all, CloudFlare offers a ton of features in even just the free tier.
Out of the box it supports EntraID as a SCIM, for free. You also get a CASB solution, DLP controls, and a whole host of other features, all for free. The equivalent Azure service, Global Secure Access, requires access licenses per seat (around $12/month last time I checked) and is nowhere near as lean as the CF offering.
You can also build out your entire SASE solution, again for free, and with minimal software needed. You install cloudflared or Warp Connect (Linux only) on one machine (and a backup of course), distribute the WARP client to devices, ensure Cloudflare’s root CA is trusted, and that’s it. Best of all, this solution can replace your VPN service, without legacy VPN’s bottleneck issues and there’s also no single point of failure when utilizing cloudflared tunnels.
I highly recommend adding Cloudflare to your homelab wherever possible. In addition to the above, you also get huge performance increases in websites you connect to their virtual network. You can also replace your SSH solution, and if you run Virtual Desktop Services (guilty as charged over here), ZeroTrust can also replace the myriad Windows Server instances needed to have a functional VDS solution.
Don’t tell Microsoft, but if you install a WARP Connector on your local LAN + install a WARP Connecter on your Azure VNET, you will have a fully functional site to site VPN without the exorbitant costs associated with setting up a S2S VPN via Azure Virtual Gateways…even the most basic offering in Azure will cost you about $200/month which for a HomeLab is a bit much
Adding Cloudflare to my Homelab has been a no-brainer, and has reduced administrative overhead quite a bit. It’s crazy how much they offer for free, so it really is worth checking out if you have a complex HomeLab like I do, or even if you work on a small cloud-only distributed team and want to move to Zero Trust Architecture. This has been the most fun project I’ve implemented in over a decade, with very little overhead and an easy learning curve. Happy networking! 🤓
