cloudflare · ranbel · Sep 19, 2024 · Sep 9, 2024 · Sep 10, 2024 · Sep 10, 2024
@@ -86,7 +86,7 @@
 /access/ssh/ /cloudflare-one/connections/connect-networks/use-cases/ssh/ 301
 /cloudflare-one/tutorials/ssh/ /cloudflare-one/connections/connect-networks/use-cases/ssh/ 301
 /cloudflare-one/tutorials/ssh-browser/ /cloudflare-one/connections/connect-networks/use-cases/ssh/ 301
-/access/ssh/short-live-cert-server/ /cloudflare-one/identity/users/short-lived-certificates/ 301
+/access/ssh/short-live-cert-server/ /cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/ 301
 /access/ssh/ssh-guide/ /cloudflare-one/connections/connect-networks/use-cases/ssh/ 301
 
 # ai
@@ -1522,6 +1522,7 @@
 /cloudflare-one/analytics/access/ /cloudflare-one/insights/analytics/access/ 301
 /cloudflare-one/analytics/gateway/ /cloudflare-one/insights/analytics/gateway/ 301
 /cloudflare-one/analytics/users/ /cloudflare-one/insights/logs/users/ 301
+/cloudflare-one/applications/non-http/arbitrary-tcp/ /cloudflare-one/applications/non-http/cloudflared-authentication/arbitrary-tcp/ 301
 /cloudflare-one/connections/connect-apps/configuration/ /cloudflare-one/connections/connect-networks/configure-tunnels/ 301
 /cloudflare-one/connections/connect-apps/install-and-setup/setup/ /cloudflare-one/connections/connect-networks/get-started/ 301
 /cloudflare-one/connections/connect-apps/run-tunnel/deploy-cloudflared-replicas/ /cloudflare-one/connections/connect-networks/deploy-tunnels/deploy-cloudflared-replicas/ 301
@@ -1607,6 +1608,7 @@
 /cloudflare-one/identity/login-page/ /cloudflare-one/applications/login-page/ 301
 /cloudflare-one/applications/custom-pages/ /cloudflare-one/applications/ 301
 /cloudflare-one/identity/service-auth/service-tokens/ /cloudflare-one/identity/service-tokens/ 301
+/cloudflare-one/identity/users/short-lived-certificates/ /cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/ 301
 /cloudflare-one/identity/users/validating-json/ /cloudflare-one/identity/authorization-cookie/validating-json/ 301
 /cloudflare-one/policies/lists/ /cloudflare-one/policies/gateway/lists 301
 /cloudflare-one/policies/zero-trust/ /cloudflare-one/policies/access/ 301
@@ -1653,7 +1655,7 @@
 /cloudflare-one/tutorials/secure-dns-network/ /cloudflare-one/connections/connect-devices/agentless/dns/locations/ 301
 /cloudflare-one/tutorials/share-new-site/ /cloudflare-one/connections/connect-networks/get-started/ 301
 /cloudflare-one/tutorials/single-command/ /cloudflare-one/connections/connect-networks/get-started/ 301
-/cloudflare-one/tutorials/ssh-cert-bastion/ /cloudflare-one/identity/users/short-lived-certificates/ 301
+/cloudflare-one/tutorials/ssh-cert-bastion/ /cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/ 301
 /cloudflare-one/tutorials/ssh-service-token/ /cloudflare-one/identity/service-tokens/ 301
 /cloudflare-one/tutorials/smb/ /cloudflare-one/connections/connect-networks/use-cases/smb/ 301
 /cloudflare-one/tutorials/split-tunnel/ /cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/ 301

@@ -24,6 +24,7 @@ This page lists the default account limits for rules, applications, fields, and
 | Rules count per application | 1,000 |
 | Rules count per group       | 1,000 |
 | Domains per application     | 5     |
+| Infrastructure targets      | 300   |
 
 ## Gateway
 
@@ -75,5 +76,6 @@ This page lists the default account limits for rules, applications, fields, and
 | mTLS certificates name | 350             |
 | Service token name     | 350             |
 | IdP name               | 350             |
+| Target name            | 255             |
 | Application URL        | 63              |
 | Team domain            | 63              |
@@ -0,0 +1,26 @@
+---
+pcx_content_type: how-to
+title: Browser-rendered terminal
+sidebar:
+  order: 3
+
+---
+
+Cloudflare can render certain non-web applications in your browser without the need for client software or end-user configuration changes. Cloudflare currently supports rendering a terminal for SSH and VNC connections in a user's browser.
+
+:::note
+You can only enable browser rendering on domains and subdomains, not for specific paths.
+:::
+
+## Enable browser rendering
+
+To enable browser rendering:
+
+1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Access** > **Applications**.
+2. Locate the SSH or VNC application you created when [connecting the server to Cloudflare](/cloudflare-one/connections/connect-networks/use-cases/ssh/). Select **Configure**.
+3. In the **Policies** tab, ensure that only **Allow** or **Block** policies are present. **Bypass** and **Service Auth** are not supported for browser-rendered applications.
+4. In the **Settings** tab, scroll down to **Additional settings**.
+5. For **Browser rendering**, choose *SSH* or *VNC*.
+6. Select **Save application**.
+
+When users authenticate and visit the URL of the application, Cloudflare will render a terminal in their browser.
@@ -0,0 +1,23 @@
+---
+pcx_content_type: how-to
+title: Enable automatic cloudflared authentication
+sidebar:
+  order: 2
+
+---
+
+When users connect to an Access application through `cloudflared`, the browser prompts them to allow access by displaying this page:
+
+![Access request prompt page displayed after logging in with cloudflared.](~/assets/images/cloudflare-one/applications/non-http/access-screen.png)
+
+Automatic `cloudflared` authentication allows users to skip this login page if they already have an active IdP session.
+
+To enable automatic `cloudflared` authentication:
+
+1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Access** > **Applications**.
+2. Locate your application and select **Configure**.
+3. In the **Settings** tab, scroll down to **Additional settings**.
+4. Turn on **Enable automatic cloudflared authentication**.
+5. Select **Save application**.
+
+This option will still prompt a browser window in the background, but authentication will now happen automatically.
@@ -1,9 +1,9 @@
 ---
 pcx_content_type: how-to
-title: Connect using cloudflared
+title: cloudflared authentication (legacy)
 sidebar:
-  order: 11
-
+  order: 4
+tableOfContents: false
 ---
 
 With Cloudflare Zero Trust, users can connect to non-HTTP applications via a public hostname without installing the WARP client. This method requires you to onboard a domain to Cloudflare and install `cloudflared` on both the server and the user's device.
@@ -12,33 +12,14 @@ Users log in to the application by running a `cloudflared access` command in the
 
 :::note
 
-Automated services should only authenticate with `cloudflared` if they cannot use a [service token](/cloudflare-one/identity/service-tokens/). Cloudflared authentication relies on WebSockets to establish a connection. WebSockets have a known limitation where persistent connections may close unexpectedly. We recommend either a [Service Auth policy](/cloudflare-one/policies/access/#service-auth) or using [Warp to Tunnel routing](/cloudflare-one/applications/non-http/) in these instances. 
+Automated services should only authenticate with `cloudflared` if they cannot use a [service token](/cloudflare-one/identity/service-tokens/). Cloudflared authentication relies on WebSockets to establish a connection. WebSockets have a known limitation where persistent connections may close unexpectedly. We recommend either a [Service Auth policy](/cloudflare-one/policies/access/#service-auth) or using [Warp to Tunnel routing](/cloudflare-one/applications/non-http/) in these instances.
 :::
 
-## Setup
-
 For examples of how to connect to Access applications with `cloudflared`, refer to these tutorials:
 
 * [Connect through Access using a CLI](/cloudflare-one/tutorials/cli/)
 * [Connect through Access using kubectl](/cloudflare-one/tutorials/kubectl/)
 * [Connect over SSH with cloudflared](/cloudflare-one/connections/connect-networks/use-cases/ssh/#connect-to-ssh-server-with-cloudflared-access)
 * [Connect over RDP with cloudflared](/cloudflare-one/connections/connect-networks/use-cases/rdp/#connect-to-rdp-server-with-cloudflared-access)
 * [Connect over SMB with cloudflared](/cloudflare-one/connections/connect-networks/use-cases/smb/)
-
-## Automatic `cloudflared` authentication
-
-When users connect to an Access application through `cloudflared`, the browser prompts them to allow access by displaying this page:
-
-![Access request prompt page displayed after logging in with cloudflared.](~/assets/images/cloudflare-one/applications/non-http/access-screen.png)
-
-Automatic `cloudflared` authentication allows users to skip this login page if they already have an active IdP session.
-
-To enable automatic `cloudflared` authentication:
-
-1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Access** > **Applications**.
-2. Locate your application and select **Configure**.
-3. In the **Settings** tab, scroll down to **Additional settings**.
-4. Turn on **Enable automatic cloudflared authentication**.
-5. Select **Save application**.
-
-This option will still prompt a browser window in the background, but authentication will now happen automatically.
+* [Connect over arbitrary TCP with cloudflared](src/content/docs/cloudflare-one/applications/non-http/cloudflared-authentication/arbitrary-tcp.mdx)
@@ -1,44 +1,46 @@
 ---
-pcx_content_type: how-to
-title: Add non-HTTP applications
+pcx_content_type: concept
+title: Non-HTTP applications
 sidebar:
-  order: 2
+  order: 1
 
 ---
 
-You can secure non-HTTP applications by [connecting your private network](/cloudflare-one/connections/connect-networks/private-net/) to Cloudflare. Users reach the application by installing the Cloudflare WARP client on their device and enrolling in your Zero Trust organization. Remote devices will be able to connect to your applications as if they were on your private network. By default, all devices enrolled in your organization can access the application unless you build policies to allow or block specific users.
+Cloudflare offers both client-based and clientless ways to grant secure access to non-HTTP applications.
 
-## Setup
+:::note
+Non-HTTP applications require [connecting your private network](/cloudflare-one/connections/connect-networks/private-net/) to Cloudflare. For more details, refer to our [Replace your VPN](/learning-paths/replace-vpn/connect-private-network/) implementation guide.
+:::
 
-For a comprehensive overview of how to connect a private network, refer to our implementation guide:
+## WARP client
 
-* [Replace your VPN](/learning-paths/replace-vpn/connect-private-network/)
+Users can connect by installing the Cloudflare WARP client on their device and enrolling in your Zero Trust organization. Remote devices connect to your applications as if they were on your private network. By default, all devices enrolled in your organization can access the application unless you build policies to allow or block specific users.
 
-To connect to an application over a specific protocol, refer to these tutorials:
+If you would like to define how users access specific infrastructure servers within your network, create an infrastructure application in [Access for Infrastructure](/cloudflare-one/applications/non-http/infrastructure-apps/). Access for Infrastructure provides an additional layer of control and visibility over how users access non-HTTP applications, including:
+- Define fine-grained policies to govern who has access to specific servers and exactly how a user may access that server.
+- Eliminate SSH keys by using short-lived certificates to authenticate users.
+- Export SSH command logs to a storage service or SIEM solution using [Logpush](/logs/about/).
 
-* [Connect over SSH with WARP to Tunnel](/cloudflare-one/connections/connect-networks/use-cases/ssh/#connect-to-ssh-server-with-warp-to-tunnel)
-* [Connect over SMB with WARP to Tunnel](/cloudflare-one/connections/connect-networks/use-cases/smb/#connect-to-smb-server-with-warp-to-tunnel)
-* [Connect over RDP with WARP to Tunnel](/cloudflare-one/connections/connect-networks/use-cases/rdp/#connect-to-rdp-server-with-warp-to-tunnel)
+## Clientless access
 
-## Enable browser rendering
+Clientless access methods are suited for organizations that cannot deploy the WARP client or need to support third-party contractors where installing a client is not possible. Clientless access requires onboarding a domain to Cloudflare and configuring a public hostname in order to make the server reachable. Command logging is not supported, and user email prefixes must match their username on the server.
 
-Cloudflare can render certain non-web applications in your browser without the need for client software or end-user configuration changes. Cloudflare currently supports rendering a terminal for SSH and VNC connections in a user's browser.
-
-:::note
+### Browser-based terminal
 
+Cloudflare's [browser-based terminal](/cloudflare-one/applications/non-http/browser-rendering/) allows users to connect over SSH and VNC without any configuration. When users visit the public hostname URL (for example, `https://ssh.example.com`) and log in with their Access credentials, Cloudflare will render a terminal in their browser.
 
-You can only enable browser rendering on domains and subdomains, not for specific paths.
-
+### cloudflared authentication (legacy)
 
+:::note
+Not recommended for new deployments.
 :::
 
-To enable browser rendering:
+Users can log in to the application by installing `cloudflared` on their device and running a hostname-specific command in their terminal. For more information, refer to [cloudflared authentication](/cloudflare-one/applications/non-http/cloudflared-authentication/).
 
-1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Access** > **Applications**.
-2. Locate the SSH or VNC application you created when [connecting the server to Cloudflare](/cloudflare-one/connections/connect-networks/use-cases/ssh/). Select **Configure**.
-3. In the **Policies** tab, ensure that only **Allow** or **Block** policies are present. **Bypass** and **Service Auth** are not supported for browser-rendered applications.
-4. In the **Settings** tab, scroll down to **Additional settings**.
-5. For **Browser rendering**, choose *SSH* or *VNC*.
-6. Select **Save application**.
+## Related resources
+
+To connect to an application over a specific protocol, refer to these tutorials:
 
-When users authenticate and visit the URL of the application, Cloudflare will render a terminal in their browser.
+* [SSH](/cloudflare-one/connections/connect-networks/use-cases/ssh/)
+* [SMB](/cloudflare-one/connections/connect-networks/use-cases/smb/)
+* [RDP](/cloudflare-one/connections/connect-networks/use-cases/rdp/)