The Geiser Zone × Cloudflare
Talk to Cloudflare →
Executive Brief · Platform Value

One network for everything geiserzone.com will ever run.

geiserzone.com already points its DNS at Cloudflare. The whole stack a modern site needs — hosting, storage, app security, Zero Trust access and AI — can be built on that same network instead of farmed out to a handful of SaaS bills. One platform, one control plane, $0 egress, and most of it on free or usage-based pricing.

See the 8 plays → View the 90-day roadmap

Build it all on one network — from day one

The pieces a typical site stitches together from many vendors. With DNS already on Cloudflare, each one is a capability you switch on — not a new contract.
7 capabilities → 1 network
DNSon Cloudflare · today
Hosting & appsPages + Workers
Object storageR2 · $0 egress
App securityWAF + Bot + DDoS
Access / VPNZero Trust
AIWorkers AI + Gateway
EmailRouting + Security
Cloudflare one network · one bill · one control plane
Goal: zero extra infra vendors

Eight things to light up on the zone

DNS is live on Cloudflare today. Each play below is a product you activate on the same account — no new vendor, mostly free or usage-based.
01

Pages + Workers

Host the site & full-stack apps at the edge

The apex isn’t serving anything yet. Deploy the site on Pages and run logic on Workers — Git-push deploys, instant global rollout, no servers to patch.

  • Deploys run in every Cloudflare data center
  • Workers + Durable Objects + D1 for stateful apps
  • Free tier covers a personal / demo zone outright
02

R2 — egress-free storage

$0 egress object storage

S3-compatible object storage that charges $0 egress — the natural origin for media, backups and any data your Workers, AI or analytics read.

  • S3 API; no per-GB egress tax
  • Native origin for Images, Stream & AI retrieval
  • Generous free tier to start
03

WAF + Bot + DDoS

Protect everything the zone serves

The moment the apex serves traffic, it’s a target. Turn on the managed WAF, Bot Management and always-on DDoS at the edge — same network, one toggle.

  • Managed rules + OWASP coverage
  • Bot scoring blocks scrapers & brute force
  • Unmetered DDoS mitigation included
04

Zero Trust (Access + WARP + Gateway)

ZTNA — no VPN

Put any admin panel, staging URL or internal tool behind Access with SSO + device posture — no VPN. Gateway + WARP add DNS/SWG filtering for your own devices.

  • Identity-aware access to private apps
  • Free for the first 50 users
  • Same edge as your web & API security
05

Workers AI + AI Gateway + AutoRAG

Build & govern AI on-network

Run inference on Workers AI, store embeddings in Vectorize, and stand up retrieval over your own content with AutoRAG — with AI Gateway logging, caching and capping spend across any model.

  • Serverless GPU inference at the edge
  • AI Gateway: one pane of glass + cost control
  • AI Crawl Control to manage bots hitting the site
06

Email Routing + Email Security

Custom addresses, no mailbox vendor

No MX is configured today. Add free Email Routing to forward custom @geiserzone.com addresses, with SPF/DKIM/DMARC set correctly — and layer Email Security for phishing/BEC defense.

  • Unlimited forwarding rules, free
  • One-click SPF/DKIM/DMARC alignment
  • Catch spoofing & malicious links inline
07

Stream + Images

Media pipeline, no media SaaS

Host and adaptively deliver video with Stream, and do URL-based resize / crop / format-shifting with Images — both delivered from the CDN already serving the zone.

  • Adaptive streaming + signed URLs
  • Auto AVIF/WebP for fast pages
  • Billed as usage on the same account
08

Observability & analytics

See everything in one place

Privacy-first Web Analytics, Log Explorer / Logpush for querying edge logs, and Zaraz to load third-party scripts server-side — visibility without bolting on another analytics vendor.

  • Web Analytics with no client-side cookie tax
  • Query WAF / HTTP logs in-dashboard
  • Zaraz keeps third-party tags off the browser

90-day build-out roadmap

DNS is already live on Cloudflare. A staged path from “go live” to a fully self-hosted, secured, AI-capable zone — all on one account.
Day one — go live

Serve & secure

  • Point the apex at Pages (it serves nothing today)
  • Universal SSL + HTTPS everywhere
  • Turn on WAF, DDoS & Bot managed rules
  • Web Analytics + Zaraz for traffic visibility
First 30 days — build

Apps, data & AI

  • Workers + D1 + R2 for dynamic features
  • First Workers AI feature behind AI Gateway
  • Email Routing for @geiserzone.com + DMARC
  • Access on any admin / staging URL
First 90 days — all-in

Consolidate on one network

  • Full Zero Trust (WARP + Gateway) for your devices
  • Stream / Images for any media
  • AutoRAG + Vectorize retrieval on your content
  • Log Explorer / Logpush — one set of logs

Where the zone stands today

Evidence-based: the only thing observed at recon was Cloudflare DNS. Everything else is greenfield — nothing is assumed.
FunctionTodayHow it was identifiedOn Cloudflare
DNS Cloudflare active NS: ricardo / savanna.ns.cloudflare.com Cloudflare DNS (already here)
Web hosting / apex Not serving yet apex A/AAAA: none at recon Pages + Workers
App security Not yet activated Zone on Cloudflare DNS only WAF + Bot + DDoS
Object storage None observed Greenfield R2 (egress-free)
Identity / access None observed Greenfield Zero Trust (Access / WARP / Gateway)
AI None observed Greenfield Workers AI + AI Gateway
Email No mail configured MX / SPF: none at recon Email Routing + Email Security
Observability None observed Greenfield Web Analytics + Log Explorer

How we know — observed on geiserzone.com

No assumptions. The only current-state signal is that DNS is on Cloudflare; the apex is not yet serving content and no other vendors were detected. Lookups performed 2026-06-30.
Cloudflare DNS ricardo / savanna.ns.cloudflare.com Apex no A/AAAA — not serving yet Mail no MX / SPF configured No other vendors greenfield zone
LIVE Checking the Cloudflare edge serving this page…