1 / 27

Module 6 - ESD Capabilities and Features

Module 6 - ESD Capabilities and Features. ESD Modules. Content Targeting Advanced Cache Optimization NetStorage Ireland User Authentication/Access Control Secure Content Delivery Large File Download Optimization Download Receipts Download Manager Download Analytics. Content Targeting.

alagan
Download Presentation

Module 6 - ESD Capabilities and Features

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Module 6 - ESD Capabilities and Features

  2. ESD Modules • Content Targeting • Advanced Cache Optimization • NetStorage Ireland • User Authentication/Access Control • Secure Content Delivery • Large File Download Optimization • Download Receipts • Download Manager • Download Analytics

  3. Content Targeting • Identifies visitors by geographic location, connection speed, device type, or other attributes • Allows content to be targeted in real time at the network edge for each visitor • Methods to achieve content targeting: • HTTP Headers • EdgeScape • Applications • Localized content • Customized storefronts • Streamlined navigation • Targeted advertising • Adaptive marketing • Rich end user experiences • Controlled distribution • Identification Attributes • Browser • Device type • OS type • Connection speed • Precise Geography

  4. Content Targeting Using EdgeScape Data request & response when needed User request 1 AKAMAI NETWORK CONTENT PROVIDER ENVIRONMENT IP address sent 4 Customized content served EdgeScape Integrated API EdgeScape Engine EdgeScape Server Processes 2 DB Local DB 5 DB 3 Web Server Geographic and network codes sent back DB

  5. Content Targeting Using HTTP Headers Akamai passes a “X-Akamai-Edgescape” header to the origin User visits Site 1 2 Akamai edge server returns customized content Origin returns customized content based on user attributes passed through header 4 Origin Server Akamai Edge Server 3

  6. Export Control Using Content Targeting • US export laws may require denying content access to certain embargoed countries such as Iran, Cuba, and North Korea. • Content Targeting enables denying access based on end user location. • No additional integration is required to enforce export control policies.

  7. Advanced Cache Optimization • Provides a comprehensive set of configurable cache settings that allow you to specify, at a granular level, how Akamai edge servers are to cache and serve content • Features include: • Session Rewriting • Cache Key Customization • Cookie, Redirect, and Header Handling

  8. User Authentication/Access Control • Allows you to: • authenticate users and only allow authorized users to access software files • fully control distribution of your content • Two primary authentication methodologies: • Centralized Authorization • Edge Authorization

  9. UserRequest ContentServed or Denied Auth Server Auth Request Only Yes/No Response How Centralized Authorization Works Akamai Edge Servers Authentication Server Maintained by Customer for authenticating requests EndUsers

  10. Edge Authorization • Allows Akamai servers to serve or deny content without forwarding authentication information to content source • It can either be: • Cookie-based or • URL-based

  11. Content or access denied/ served Edge Authorization - Illustration Request for download URL Front End Server URL returned with Auth URL or Cookie Download Request Akamai server validates Auth URL/Cookie End User Akamai Edge Server

  12. How Cookie-based Edge Authorization Works • When edge servers receive a request, they: • search for cookie in request. • compute MAC based on data in configuration file. • Validate result against MAC included in cookie. • Verify IP address, expiration time, and access list entries if set in the cookie value. • If above steps are successful, content is served with a 200, OK, else a 403 is sent.

  13. How URL-based Edge Authorization Works • The origin or Akamai edge server adds token to query string of URL. • The Akamai edge server: • looks for the authorization token. • verifies that it has not expired. • re-computes token from expiration in the token and settings defined in configuration file. • compares result with token received in the request. • If results match, client is authorized to receive requested content.

  14. SSL Overview • SSL uses public and private key pair encryption system. • SSL certificate contains common name for site and RSA public key. • Public keys allow clients to encrypt information to be sent to the server. • Private key provides ability to decrypt data from the client. • SSL certificates must be digitally signed by a certificate authority.

  15. Akamai’s Secure Content Delivery Solution • Enables reliable and secure delivery of SSL content to end users • SSL content is delivered over Akamai’s trusted Secure Content Delivery network • An Akamai representative will purchase your SSL certificates • Public key is passed to requesting browsers • Private key is encrypted and secured by Akamai servers. • Key Management Infrastructure (KMI) is used to allow trusted interactions

  16. Key Management Infrastructure Key Agent requests keys for edge server Key Agent running on edge server Key Distribution Center Key Agent verifies itself to KDC KDC gives the edge server ability to decrypt keys KDC generates verification secret and hands it to audit server Secure Edge Server Runs audit against edge server and if successful hands verification secret to Key Agent Audit Server

  17. Large File Download Optimization What is it? A feature that optimizes download performance for files > 100 MB and < maximum file size limit of 10 GB How LFO Works LFO: • breaks files into smaller clusters and caches each cluster separately. • caches only those elements of a file that are needed. • enables edge servers to deliver parts of the file without having to wait to receive the entire file.

  18. When to use LFO? • Akamai defines a file as “large” if it is > 100 MB and recommends using LFO for such files. • For files > 1.8 GB, LFO is a must and you must use NetStorage as the origin. • You can deliver files up to a maximum of 10 GB by enabling LFO.

  19. How LFO Works Akamai NetStorage End Users Origin Server Akamai EdgePlatform

  20. Caveats • Origin server must support use of Range requests and must respond correctly with full set of headers to a request for only the first byte of a file. • Only responses that contain a properly formatted Content-Range header with the instance-length can use LFO. • LFO applies only to files that are cacheable. • Files must not be republished under an existing URL as it risks serving corrupted files to the client.

  21. LFO: File Retrieval Behavior

  22. LFO: Response Requirements • Response to range request for first byte must • have a 206 status code. • be cacheable. • contain a properly formatted Content-Range header with instance-length. • Additionally: • instance-length must be within configured limits. • if configured for consistency verification through ETags, response must contain ETag header and ETag must not be weak. • if configured for consistency verification through Last-Modified time, response must contain Last-Modified header.

  23. Verifying Consistency of Fragments: Important Points • The mechanism illustrated only prevents inconsistency on a given Akamai server. • To ensure two Akamai servers cache and serve the same version of a file, never republish a newer version under its previous name. • If the file changes, some portion of the URI must change as well.

  24. Download Receipts • Enables you to receive notification on specific download events in real time • Sent in real time via HTTP to customer maintained origin servers • Can be triggered on download initiation and/or completion • Include information on: • Client IP address • Download initiation/completion • Cookies • Geographical location • Client Bandwidth • Available to ESD customers at no additional charge

  25. Download Receipts – Sample Metadata

  26. Download Manager • Client software application that helps users download content easily • Available as ActiveX component, Java applet, and JavaScript API • Provides users ability to start, stop, pause and resume downloads • Provides useful information: download initiations, completions • Latest version of Akamai’s Download Manager (DLM 3.0) features: • Customizable user interface • End-to-end integrity checking for 100% certified downloads • Embedded directly in web pages

  27. Download Analytics • Comprehensive analytics and reporting solution to understand how your downloads are performing • Optional module for HTTP Downloads • Provides you with the ability to: • create custom reports • specify data sources • specify qualifying data in reports

More Related