ESD_Module 6_ESD Capabilities

advertisement
Module 6 - ESD Capabilities and Features
ESD Modules
• Content Targeting
• Advanced Cache Optimization
• NetStorage Ireland
• User Authentication/Access Control
• Secure Content Delivery
• Large File Download Optimization
• Download Receipts
• Download Manager
• Download Analytics
Powering a Better Internet
© 2011 Akamai
Content Targeting
•
Identifies visitors by geographic location, connection speed,
device type, or other attributes
•
Allows content to be targeted in real time at the network edge for
each visitor
•
Methods to achieve content targeting:
•
HTTP Headers
•
EdgeScape
Applications
Identification Attributes
•
•
•
•
•
Browser
Device type
OS type
Connection speed
Precise Geography
•
•
•
•
•
•
•
Powering a Better Internet
Localized content
Customized storefronts
Streamlined navigation
Targeted advertising
Adaptive marketing
Rich end user experiences
Controlled distribution
© 2011 Akamai
Content Targeting Using EdgeScape
User request
1
Customized
content served
4
Data request & response
when needed
AKAMAI NETWORK
CONTENT PROVIDER ENVIRONMENT
IP address
sent
EdgeScape
EdgeScape
Integrated
API
Web
Server
2
3
Geographic and
network codes
sent back
Engine
Local
DB
Powering a Better Internet
5
EdgeScape
Server
Processes
DB
DB
DB
© 2011 Akamai
Content Targeting Using HTTP Headers
User visits Site
Akamai passes a “X-AkamaiEdgescape” header to the
origin
1
2
Akamai edge server
returns customized
content
4
Origin returns customized
content based on user
attributes passed through
header
Akamai Edge Server
Powering a Better Internet
3
Origin Server
© 2011 Akamai
Export Control Using Content Targeting
•
US export laws may require denying content access to certain
embargoed countries such as Iran, Cuba, and North Korea.
•
Content Targeting enables denying access based on end user
location.
•
No additional integration is required to enforce export control
policies.
Powering a Better Internet
© 2011 Akamai
Advanced Cache Optimization
•
Provides a comprehensive set of configurable cache settings that
allow you to specify, at a granular level, how Akamai edge servers
are to cache and serve content
•
Features include:
• Session Rewriting
• Cache Key Customization
• Cookie, Redirect, and Header Handling
Powering a Better Internet
© 2011 Akamai
User Authentication/Access Control
•
Allows you to:
• authenticate users and only allow authorized users to access
software files
• fully control distribution of your content
•
Two primary authentication methodologies:
• Centralized Authorization
• Edge Authorization
Powering a Better Internet
© 2011 Akamai
How Centralized Authorization Works
Akamai Edge Servers
Authentication Server
Maintained by Customer for
authenticating requests
User Request
Auth Request Only
Auth Server
Content
Served or
Denied
Yes/No Response
End Users
Powering a Better Internet
© 2011 Akamai
Edge Authorization
•
Allows Akamai servers to serve or deny content without
forwarding authentication information to content source
•
It can either be:
o Cookie-based or
o URL-based
Powering a Better Internet
© 2011 Akamai
Edge Authorization - Illustration
1. Request for
download URL
Front End Server
2. URL returned
with Auth URL
or Cookie
3. Download
Request
4. Akamai server
validates Auth
URL/Cookie
Akamai Edge Server
Powering a Better Internet
5. Content or
access denied/
served
End User
© 2011 Akamai
How Cookie-based Edge Authorization
Works
•
When edge servers receive a request, they:
1. search for cookie in request.
2. compute MAC based on data in configuration file.
3. Validate result against MAC included in cookie.
4. Verify IP address, expiration time, and access list entries if set in
the cookie value.
•
If above steps are successful, content is served with a 200, OK, else
a 403 is sent.
Powering a Better Internet
© 2011 Akamai
How URL-based Edge Authorization
Works
•
The origin or Akamai edge server adds token to query string of
URL.
•
The Akamai edge server:
1. looks for the authorization token.
2. verifies that it has not expired.
3. re-computes token from expiration in the token and settings
defined in configuration file.
4. compares result with token received in the request.
•
If results match, client is authorized to receive requested
content.
Powering a Better Internet
© 2011 Akamai
SSL Overview
•
SSL uses public and private key pair encryption system.
•
SSL certificate contains common name for site and RSA public key.
•
Public keys allow clients to encrypt information to be sent to the
server.
•
Private key provides ability to decrypt data from the client.
•
SSL certificates must be digitally signed by a certificate authority.
Powering a Better Internet
© 2011 Akamai
Akamai’s Secure Content Delivery
Solution
•
Enables reliable and secure delivery of SSL content to end users
•
SSL content is delivered over Akamai’s trusted Secure Content
Delivery network
•
An Akamai representative will purchase your SSL certificates
•
Public key is passed to requesting browsers
•
Private key is encrypted and secured by Akamai servers.
•
Key Management Infrastructure (KMI) is used to allow trusted
interactions
Powering a Better Internet
© 2011 Akamai
Key Management Infrastructure
Key Agent running
on edge server
1. Key Agent requests
keys for edge server
Key Distribution
Center
4. Key Agent verifies itself to KDC
5. KDC gives the edge server
ability to decrypt keys
2. KDC generates verification
secret and hands it to audit
server
Secure Edge
Server
3. Runs audit against edge
server and if successful
hands verification secret
to Key Agent
Audit Server
Powering a Better Internet
© 2011 Akamai
Large File Download Optimization
What is it?
A feature that optimizes download performance for files > 100 MB and <
maximum file size limit of 10 GB
How LFO Works
LFO:
1. breaks files into smaller clusters and caches each cluster separately.
2. caches only those elements of a file that are needed.
3. enables edge servers to deliver parts of the file without having to
wait to receive the entire file.
Powering a Better Internet
© 2011 Akamai
When to use LFO?
•
Akamai defines a file as “large” if it is > 100 MB and recommends
using LFO for such files.
•
For files > 1.8 GB, LFO is a must and you must use NetStorage as
the origin.
•
You can deliver files up to a maximum of 10 GB by enabling LFO.
Powering a Better Internet
© 2011 Akamai
How LFO Works
Akamai
NetStorage
End
Users
Origin Server
Akamai
EdgePlatform
Powering a Better Internet
© 2011 Akamai
Caveats
• Origin server must support use of Range requests and must respond
correctly with full set of headers to a request for only the first byte
of a file.
• Only responses that contain a properly formatted Content-Range
header with the instance-length can use LFO.
• LFO applies only to files that are cacheable.
• Files must not be republished under an existing URL as it risks
serving corrupted files to the client.
Powering a Better Internet
© 2011 Akamai
LFO: File Retrieval Behavior
Type of Request
Akamai Edge Server Behavior
Non-range request for an
object not in in cache
Fetches the entire file through a series
of consecutive range requests and
caches each range response separately
Range request for an object
not in cache
Fetches and saves only the fragments
needed to satisfy the range request
Range request for an object
that is partially cached
Determines which fragments the
requested range falls into, and fetches
and caches only the fragments it
doesn't yet hold
Non-range request for an
Fetches and caches all fragments it
object that is already partially doesn't have
cached
Powering a Better Internet
© 2011 Akamai
LFO: Response Requirements
•
Response to range request for first byte must
• have a 206 status code.
• be cacheable.
• contain a properly formatted Content-Range header with instancelength.
•
Additionally:
• instance-length must be within configured limits.
• if configured for consistency verification through ETags, response
must contain ETag header and ETag must not be weak.
• if configured for consistency verification through Last-Modified
time, response must contain Last-Modified header.
Powering a Better Internet
© 2011 Akamai
Verifying Consistency of Fragments:
Important Points
•
The mechanism illustrated only prevents inconsistency on a given
Akamai server.
•
To ensure two Akamai servers cache and serve the same version of a
file, never republish a newer version under its previous name.
• If the file changes, some portion of the URI must change as well.
Powering a Better Internet
© 2011 Akamai
Download Receipts
•
Enables you to receive notification on specific download events in real
time
•
Sent in real time via HTTP to customer maintained origin servers
•
Can be triggered on download initiation and/or completion
•
Include information on:
• Client IP address
• Download initiation/completion
• Cookies
• Geographical location
• Client Bandwidth
•
Available to ESD customers at no additional charge
Powering a Better Internet
© 2011 Akamai
Download Receipts – Sample Metadata
Powering a Better Internet
© 2011 Akamai
Download Manager
•
Client software application that helps users download content easily
•
Available as ActiveX component, Java applet, and JavaScript API
•
Provides users ability to start, stop, pause and resume downloads
•
Provides useful information: download initiations, completions
•
Latest version of Akamai’s Download Manager (DLM 3.0) features:
• Customizable user interface
• End-to-end integrity checking for 100% certified downloads
• Embedded directly in web pages
Powering a Better Internet
© 2011 Akamai
Download Analytics
•
Comprehensive analytics and reporting solution to understand how
your downloads are performing
•
Optional module for HTTP Downloads
•
Provides you with the ability to:
• create custom reports
• specify data sources
• specify qualifying data in reports
Powering a Better Internet
© 2011 Akamai
Download