Customer Metadata Boundary
As part of the Data Localization Suite, the Customer Metadata Boundary (CMB) ensures that any traffic metadata that can identify a customer’s end user (that is, contains the customer’s Account ID) will stay in the EU (European Union) or in the US (United States), depending on the region the customer selects. For example, if a customer selects the EU Customer Metadata Boundary, metadata will only be sent to our core data center located in the European Union.
The following diagram is a high-level example of the flow of how metadata about a customer’s traffic is generated on a Cloudflare data center. Logs are exclusively sent to the EU core data center for Cloudflare customers and their authorized users to access and view.
sequenceDiagram
participant UserEU as End user
participant CloudflarePoP as Closest data center
participant EUCoreDC as Core data center in EU
participant CloudflareSuperAdmin as Admin
UserEU->>CloudflarePoP: Connects
Note right of CloudflarePoP: Customer Logs generated <br> (for example, HTTP requests and Firewall events)
CloudflarePoP-->>EUCoreDC: Forwards encrypted Customer Logs
Note right of EUCoreDC: Authorized users can view Logs & Analytics <br> on the UI or via API
CloudflareSuperAdmin->>EUCoreDC: Authenticated access
EUCoreDC->>CloudflareSuperAdmin: Logs & Analytics
CloudflarePoP->>UserEU: Response
Additionally, customers have the option to configure Logpush to push their Customer Logs to various storage services, SIEMs, and log management providers.
For detailed information about product-specific behavior regarding Metadata Boundary, refer to the Cloudflare product compatibility page.