280 likes | 542 Views
Module 6 - ESD Capabilities and Features. ESD Modules. Content Targeting Advanced Cache Optimization NetStorage Ireland User Authentication/Access Control Secure Content Delivery Large File Download Optimization Download Receipts Download Manager Download Analytics. Content Targeting.
E N D
ESD Modules • Content Targeting • Advanced Cache Optimization • NetStorage Ireland • User Authentication/Access Control • Secure Content Delivery • Large File Download Optimization • Download Receipts • Download Manager • Download Analytics
Content Targeting • Identifies visitors by geographic location, connection speed, device type, or other attributes • Allows content to be targeted in real time at the network edge for each visitor • Methods to achieve content targeting: • HTTP Headers • EdgeScape • Applications • Localized content • Customized storefronts • Streamlined navigation • Targeted advertising • Adaptive marketing • Rich end user experiences • Controlled distribution • Identification Attributes • Browser • Device type • OS type • Connection speed • Precise Geography
Content Targeting Using EdgeScape Data request & response when needed User request 1 AKAMAI NETWORK CONTENT PROVIDER ENVIRONMENT IP address sent 4 Customized content served EdgeScape Integrated API EdgeScape Engine EdgeScape Server Processes 2 DB Local DB 5 DB 3 Web Server Geographic and network codes sent back DB
Content Targeting Using HTTP Headers Akamai passes a “X-Akamai-Edgescape” header to the origin User visits Site 1 2 Akamai edge server returns customized content Origin returns customized content based on user attributes passed through header 4 Origin Server Akamai Edge Server 3
Export Control Using Content Targeting • US export laws may require denying content access to certain embargoed countries such as Iran, Cuba, and North Korea. • Content Targeting enables denying access based on end user location. • No additional integration is required to enforce export control policies.
Advanced Cache Optimization • Provides a comprehensive set of configurable cache settings that allow you to specify, at a granular level, how Akamai edge servers are to cache and serve content • Features include: • Session Rewriting • Cache Key Customization • Cookie, Redirect, and Header Handling
User Authentication/Access Control • Allows you to: • authenticate users and only allow authorized users to access software files • fully control distribution of your content • Two primary authentication methodologies: • Centralized Authorization • Edge Authorization
UserRequest ContentServed or Denied Auth Server Auth Request Only Yes/No Response How Centralized Authorization Works Akamai Edge Servers Authentication Server Maintained by Customer for authenticating requests EndUsers
Edge Authorization • Allows Akamai servers to serve or deny content without forwarding authentication information to content source • It can either be: • Cookie-based or • URL-based
Content or access denied/ served Edge Authorization - Illustration Request for download URL Front End Server URL returned with Auth URL or Cookie Download Request Akamai server validates Auth URL/Cookie End User Akamai Edge Server
How Cookie-based Edge Authorization Works • When edge servers receive a request, they: • search for cookie in request. • compute MAC based on data in configuration file. • Validate result against MAC included in cookie. • Verify IP address, expiration time, and access list entries if set in the cookie value. • If above steps are successful, content is served with a 200, OK, else a 403 is sent.
How URL-based Edge Authorization Works • The origin or Akamai edge server adds token to query string of URL. • The Akamai edge server: • looks for the authorization token. • verifies that it has not expired. • re-computes token from expiration in the token and settings defined in configuration file. • compares result with token received in the request. • If results match, client is authorized to receive requested content.
SSL Overview • SSL uses public and private key pair encryption system. • SSL certificate contains common name for site and RSA public key. • Public keys allow clients to encrypt information to be sent to the server. • Private key provides ability to decrypt data from the client. • SSL certificates must be digitally signed by a certificate authority.
Akamai’s Secure Content Delivery Solution • Enables reliable and secure delivery of SSL content to end users • SSL content is delivered over Akamai’s trusted Secure Content Delivery network • An Akamai representative will purchase your SSL certificates • Public key is passed to requesting browsers • Private key is encrypted and secured by Akamai servers. • Key Management Infrastructure (KMI) is used to allow trusted interactions
Key Management Infrastructure Key Agent requests keys for edge server Key Agent running on edge server Key Distribution Center Key Agent verifies itself to KDC KDC gives the edge server ability to decrypt keys KDC generates verification secret and hands it to audit server Secure Edge Server Runs audit against edge server and if successful hands verification secret to Key Agent Audit Server
Large File Download Optimization What is it? A feature that optimizes download performance for files > 100 MB and < maximum file size limit of 10 GB How LFO Works LFO: • breaks files into smaller clusters and caches each cluster separately. • caches only those elements of a file that are needed. • enables edge servers to deliver parts of the file without having to wait to receive the entire file.
When to use LFO? • Akamai defines a file as “large” if it is > 100 MB and recommends using LFO for such files. • For files > 1.8 GB, LFO is a must and you must use NetStorage as the origin. • You can deliver files up to a maximum of 10 GB by enabling LFO.
How LFO Works Akamai NetStorage End Users Origin Server Akamai EdgePlatform
Caveats • Origin server must support use of Range requests and must respond correctly with full set of headers to a request for only the first byte of a file. • Only responses that contain a properly formatted Content-Range header with the instance-length can use LFO. • LFO applies only to files that are cacheable. • Files must not be republished under an existing URL as it risks serving corrupted files to the client.
LFO: Response Requirements • Response to range request for first byte must • have a 206 status code. • be cacheable. • contain a properly formatted Content-Range header with instance-length. • Additionally: • instance-length must be within configured limits. • if configured for consistency verification through ETags, response must contain ETag header and ETag must not be weak. • if configured for consistency verification through Last-Modified time, response must contain Last-Modified header.
Verifying Consistency of Fragments: Important Points • The mechanism illustrated only prevents inconsistency on a given Akamai server. • To ensure two Akamai servers cache and serve the same version of a file, never republish a newer version under its previous name. • If the file changes, some portion of the URI must change as well.
Download Receipts • Enables you to receive notification on specific download events in real time • Sent in real time via HTTP to customer maintained origin servers • Can be triggered on download initiation and/or completion • Include information on: • Client IP address • Download initiation/completion • Cookies • Geographical location • Client Bandwidth • Available to ESD customers at no additional charge
Download Manager • Client software application that helps users download content easily • Available as ActiveX component, Java applet, and JavaScript API • Provides users ability to start, stop, pause and resume downloads • Provides useful information: download initiations, completions • Latest version of Akamai’s Download Manager (DLM 3.0) features: • Customizable user interface • End-to-end integrity checking for 100% certified downloads • Embedded directly in web pages
Download Analytics • Comprehensive analytics and reporting solution to understand how your downloads are performing • Optional module for HTTP Downloads • Provides you with the ability to: • create custom reports • specify data sources • specify qualifying data in reports