← Back
Cloudflare
Cloudflare launches Project Helix to automate Zero Trust configuration setup
Cloudflare WorkersCloudflare · featureplatformapiintegration · blog.cloudflare.com ↗

The Problem: Configuration Complexity Slows Adoption

Cloudflare One is positioned as one of the easiest-to-use Secure Access Service Edge (SASE) platforms, but new deployments traditionally start with a "blank slate" that requires extensive manual configuration. While Cloudflare's underlying technology is powerful—offering DNS protection, network protection, secure web gateway, and zero trust access—customers must manually flip numerous switches to enable advanced capabilities like TLS inspection, DLP, antivirus scanning, and other security features.

This complexity creates friction during deployments. Organizations evaluating the platform must step through multiple configuration wizards individually, understand which settings to enable, and make critical networking decisions (like split tunnel configuration) that can affect existing infrastructure. A typical greenfield deployment could take several hours of manual work, creating risk of human error and inconsistent configurations.

Project Helix: Automating Best Practices

To solve this problem, Cloudflare developed Project Helix, a system that codifies institutional knowledge from Solutions Engineers, Professional Services Engineers, and partners into automated deployment templates. The system captures recommended configurations for:

  • Baseline security protections across DNS, Network, and HTTP protocols
  • TLS inspection and QUIC/HTTP3 security (a Cloudflare exclusive capability)
  • Remote Browser Isolation for high-risk domain categories
  • AI application visibility and controls for managed SaaS access
  • Tenant Control policies to restrict users to their own SaaS instances
  • Traffic optimization for real-time apps like Zoom
  • Captive portal handling for travelers using airline and hotel networks

Technical Implementation

Project Helix uses Terraform templates to programmatically deploy these configurations at scale. Cloudflare then wrapped this capability in a web-based UI hosted on Cloudflare Workers, leveraging Cloudflare Containers to provide a user-friendly interface for non-technical administrators.

The automated approach eliminates hours of manual setup, reduces documentation burden, and ensures consistency across deployments. Rather than requiring customers to navigate dozens of configuration options, they can now apply proven best-practice configurations with a single action.