Customer Metadata Boundary
As part of the Data Localization Suite, the Customer Metadata Boundary (CMB) ensures that any traffic metadata that can identify a customer’s end user (that is, contains the customer’s Account ID) will stay in the EU
(European Union) or in the US
(United States), depending on the region the customer selects. For example, if a customer selects the EU
Customer Metadata Boundary, metadata will only be sent to our core data center located in the European Union.
Customer traffic metadata flow
The following diagram is a high-level example of the flow of how metadata about a customer’s traffic is generated on a Cloudflare data center. Logs are exclusively sent to the EU core data center for Cloudflare customers and their authorized users to access and view.
sequenceDiagram participant UserEU as End user participant CloudflarePoP as Closest data center participant EUCoreDC as Core data center in EU participant CloudflareSuperAdmin as Admin UserEU->>CloudflarePoP: Connects Note right of CloudflarePoP: Customer Logs generated <br> (for example, HTTP requests and Firewall events) CloudflarePoP-->>EUCoreDC: Forwards encrypted Customer Logs Note right of EUCoreDC: Authorized users can view Logs & Analytics <br> on the UI or via API CloudflareSuperAdmin->>EUCoreDC: Authenticated access EUCoreDC->>CloudflareSuperAdmin: Logs & Analytics CloudflarePoP->>UserEU: Response
Log management
Additionally, customers have the option to configure Logpush to push their Customer Logs to various storage services, SIEMs, and log management providers.
Product specific-behavior
For detailed information about product-specific behavior regarding Metadata Boundary, refer to the Cloudflare product compatibility page.