Divio improves application availability and creates new service offerings with Cloudflare

Founded in 2006, Divio offers a Platform as a Service (PaaS) solution that makes it easier for developers to deploy and manage hosted applications. Divio is headquartered in Stockholm with satellite offices in Zurich and New York. By helping to manage partnerships and developing efficient and effective automated architectures, Divio helps customers meet and exceed their performance, security, and compliance goals for their cloud-based applications.

Challenge: Automating and simplifying cloud management processes

Divio’s goal is to allow customers to make the most of their cloud investments. Cloud management can be difficult as cloud users need to cope with multiple environments that differ significantly from the on-prem deployments that they are accustomed to. Divio’s smart PaaS is designed to make it as simple as possible by eliminating or streamlining complex processes and focusing on automating tasks and workflows.

However, while Divio had the tools and expertise to manage problems and automate processes within cloud environments, other processes required time-consuming manual efforts or involved unavoidable downtime or delays. For example, provisioning customer SSL certificates and migrating infrastructure between cloud zones were both manual, labor-intensive processes that consumed customer support resources and resulted in downtime.

Automated certificate management improves efficiency and security

Divio manages its customers’ digital certificates, but, previously, this was a complex and time-consuming process. The average customer has many applications and subdomains, so configuring and deploying all the required digital certificates took significant time and effort.

With Cloudflare for SaaS, the certificate management process is automated, taking the burden off of Divio’s team. Handing certificate management off to Cloudflare also provided other benefits for Divio and its customers. According to Jonathan Stoppani, Divio’s CTO, “The advantage that Cloudflare for SaaS gives us is that we are immediately able to take advantage of all of Cloudflare’s features without additional configuration. Once we use Cloudflare for SaaS, we have all of Cloudflare’s application security solutions in front of our applications right away.”

Occasionally, Divio customers will find that their websites are suffering micro-outages that hurt availability and performance. Divio support personnel often find these issues are caused by sudden bursts of requests, web-crawling bots, and similar attacks.

Customers that agree to provision Cloudflare in front of their application often find these issues disappear, improving site performance and customer experience. Since Cloudflare blocks these attacks, it also eliminates the need for Divio personnel to investigate and remediate the issue, freeing them up to assist customers in other ways.

Taking full advantage of cloud flexibility while minimizing downtime

Divio also offers customers the ability to change where their applications are hosted within a cloud provider’s region or across different cloud providers using Cloudshift. For example, a customer might want to shift infrastructure hosted on US-based servers and data locations to European ones to improve network latency and application performance for their customers.

In the past, making a switch required significant coordination between teams and created downtime as DNS record updates propagated. For systems using Cloudflare for SaaS, the DNS records point to Cloudflare, and routing is performed within the Cloudflare network. This enables Divio to completely automate the migration and cloud shift process, making it possible to migrate a customer’s application in minutes and only a few clicks with zero downtime or customer interaction required.

Zero-downtime migrations are a major selling point for Divio’s customers. According to Joel Burch, Divio’s COO, “Customers have asked us how much downtime they’d have when hosting their applications with the Divio platform protected by Cloudflare. It’s really nice to be able to say, ‘zero’ thanks to Cloudflare.”

Jonathan Stoppani has also found the support for zero-downtime migrations changes how customers manage their applications. He says, “If a customer can transition their application to a new cloud infrastructure zone within hours or minutes with zero downtime, they start to use it differently. For example, if they have a trade show in a particular region, they might move their registration platform to that region to decrease latency.”

This flexibility has a dramatic impact on the customer experience. However, it poses no availability, performance, or security risks because the customer’s application can take advantage of Cloudflare network routing and security regardless of its location in the cloud.

Simplifying and securing access to customer applications

To serve its clients, Divio needs to be able to access its customers’ applications and cloud environments to perform any requested changes to container orchestration, service management, and other settings. Since the average customer has five to ten applications across public, private, and hybrid cloud environments that Divio administrators need to access, managing authentication and account security can become complex.

In the past, Divio attempted to manually onboard and offboard each external, customer application onto its own single sign-on (SSO) platform — the same one used to manage access to Divio’s internal apps. Each external and internal app required different configurations, authentication rules, and levels of support. Managing these different processes through the SSO platform made onboarding and offboarding employees and apps increasingly difficult.

Divio deployed Cloudflare’s Zero Trust Network Access (ZTNA) solution (Cloudflare Access) to streamline this manual access configuration process. With Cloudflare Access, Divio admins can now onboard employees and grant access more efficiently by managing and building policies for user groups instead of for individuals. Plus, Divio admins have automated the process of adding users to new applications — both internal and external — based on per-app authentication rules.

Cloudflare Access has not only simplified configuration, but also enabled more consistent security. Previously, Divio admins were limited by the ability of the diverse range of applications that they managed for customers to integrate with Divio’s SSO system. Now, Divio sets all security policies including identity-based checks in the Cloudflare Access dashboard, and all users are required to authenticate via these rules before reaching applications. This unified workflow makes security enforcement more scalable and enhances admin visibility into user activity across applications.

Meeting business needs and compliance requirements

Divio’s customers need cloud infrastructure that offers performance and security, while facilitating their ability to meet compliance requirements. Cloudflare for SaaS and Access enable Divio to more efficiently provide high-quality cloud management services while meeting customers’ security and compliance needs. According to Burch, “Divio wants to be a one-stop shop for cloud management services as well as tools, and features for the application lifecycle through the Divio PaaS. Integrating Cloudflare, with its global network and application security portfolio, is essential to this and enhances our service portfolio Divio customers are benefitting from.”

Related Case Studies
Key Results
  • Offering new integrated application security and acceleration features to clients with Cloudflare for SaaS

  • Streamlining authentication management for customer applications with Cloudflare Access

  • Increasing productivity of support personnel due to blocking of bot-driven attacks

The advantage that Cloudflare for SaaS gives us is that we are immediately able to take advantage of all of Cloudflare's features without additional configuration. Once we use Cloudflare for SaaS, we have all of Cloudflare's application security solutions in front of our clients applications right away.

Jonathan Stoppani

Customers have asked us how much downtime they'd have when hosting their applications with the Divio platform protected by Cloudflare. It's really nice to be able to say, 'zero' thanks to Cloudflare.

Joel Burch