ESD_Module 1_Akamai Essentials..
Download
Report
Transcript ESD_Module 1_Akamai Essentials..
Module 1 – Akamai Essentials
Objectives
After completing this module, you will be able to:
• describe how the Akamai EdgePlatform works.
• identify products within the Akamai solution portfolio.
• navigate through Akamai EdgeControl.
Powering a Better Internet
© 2011 Akamai
Lesson 1: Introduction to the Akamai Platform
Powering a Better Internet
© 2011 Akamai
Internet Trends
Online Business Industry Trends
• Increased broadband adoption
• Continual growth in online revenue
Technology Trends
• Transition of the Internet from Web 1.0 to Web 2.0
• Evolution of commerce sites from being static to highly dynamic
• Increase in the popularity of media and entertainment downloads
• Greater bandwidth connection in homes
Powering a Better Internet
© 2011 Akamai
Internet Challenges
•
Slow and unreliable downloads and applications
•
Not inherently secure
•
Expensive and hard to provision
Powering a Better Internet
© 2011 Akamai
Internet Bottlenecks
Powering a Better Internet
© 2011 Akamai
The Traditional ‘Do it Yourself’ Solution
Involves:
•
building out bigger and more data centers to handle demand.
•
moving applications and content closer to geographically
dispersed end users
Problems with this approach:
•
High infrastructure costs
•
Idle, under utilized capital assets
•
Need for data replication and synchronization
•
High maintenance costs
Powering a Better Internet
© 2011 Akamai
Akamai’s Solution
Akamai EdgePlatform
World's largest distributed computing platform.
Akamai Solutions
Accelerate web-based applications and dynamic content. Provide fast
and flawless media and software delivery.
Akamai EdgeControl
Manage content, monitor and report traffic patterns, and
troubleshoot content delivery issues.
Powering a Better Internet
© 2011 Akamai
The Akamai EdgePlatform - What is it?
70,000
Servers
1500+
Locations
900+
Networks
660+
Cities
70+
Countries
Typical daily traffic:
100+ billion hits
50+ million streams
1,500+ terabytes delivered
Powering a Better Internet
© 2011 Akamai
Networks - Freeflow
Akamai Server
Customer
Origin
DNS
1) End User types www.xyz.com
Browser queries DNS for
www.xyz.com, which is CNAMEd to
Akamai.
Akamai DNS returns IP address of
an optimal Akamai server to handle
End User’s request.
3
1
2
2) Browser requests HTML from
3) Browser parses HTML and
Akamai server.
requests additional objects from
Akamai servers.
Akamai server assembles HTML
page from cache, contacting
Akamai servers serve objects
Customer Origin only if necessary.
from cache, contacting customer
origin only if necessary.
Akamai server returns HTML to
browser.
Powering a Better Internet
End User
© 2011 Akamai
Networks - ESSL
• The ESSL Network is a separate network; Secure content will
be served over a different map than regular HTTP content
– ESSL GHost regions sit behind a switch/load-balancer that has 1 VIP per
region for each ESSL customer certificate.
– These load balancers accept traffic on ports 80 and 443 but will forward
all transactions to the actual GHost servers on ports 9000 and 9001
respectively.
– ESSL customers are assigned a "slot" number, this slot is assigned a
unique VIP for each ESSL region.
• Key Features
– Dedicated secure servers
– Secure SSL Key Management: KMI
• Benefits
– Computation-intensive SSL handshake is performed on the Edge Server.
– Secure content is retrieved over an already-established secure
connection between Edge Server and origin server.
Powering a Better Internet
© 2011 Akamai
Networks - ESSL (cont.)
Akamai Edge Server
End User
Origin Server
1. Certificate Request & Response
2. SSL Handshake
3. Secure content request & response
4. Secure connection to origin for content retrieval/refresh
Powering a Better Internet
© 2011 Akamai
Networks – ESSL (cont.)
• New SSL certificates are activated by Akamai for all new
ESSL customers
– Obtain a completed SSL certificate form from the customer.
– Submit certificate request to Akamai’s ESSL operations.
– Create and deploy certificate to ESSL network.
• Certificate Signatures
– By default, all certificates provisioned by Akamai are Akamai-signed
(as a subordinate Certificate Authority of BeTrusted)
– Customers may require a third party signature; such as, Verisign
– Once the SSL certificate form is completed by the customer, a Certificate
Signing Request (CSR) should be submitted to ESSL operations.
– ESSL operations will provide a certificate, requiring signature from the
designated third party.
– Once signed, the fully qualified certificate is provided back to Akamai and
deployed to the ESSL network.
Powering a Better Internet
© 2011 Akamai
Freeflow Vs ESSL
• Akamai’s EdgeSuite network will provide SSL object
delivery, but it will do so using the fixed v1 ARL domain
a248.3.akamai.net. Such delivery will use a generic Akamai
certificate.
• The ESSL network provides dedicated servers ensuring that
SSL certificates are properly protected
– Certificate decryption only occurs in memory.
– Physical intrusion detection devices are used to monitor and alert
undesired access; if undesired access occurs, the server will
automatically delete anything in memory.
– Akamai selects only locations where strict access procedures are
practiced.
– Servers are in locked cabinets with motion detecting video cameras.
Powering a Better Internet
© 2011 Akamai
Akamai Server Characteristics
• Akamai servers known as “Edge Servers”.
• Edge servers are configured to meet the needs of Akamai
customers, and as a result must be intimately familiar with
its functionality.
• Edge servers are reverse HTTP proxy servers, running
Akamai proprietary software.
Powering a Better Internet
© 2011 Akamai
Characteristics of Ghost (cont.)
• An Akamai region contains multiple Edge Servers.
• An Edge Server runs a single instance of the reverse HTTP
proxy server software.
• Every Edge Server running on the Internet is a shared
resource and can, in theory, serve content for any and all of
Akamai’s customers.
• Freeflow (non-SSL) Edge Servers listen for HTTP requests
on port 80.
• ESSL Edge Servers listen on port 80 and port 443.
Powering a Better Internet
© 2011 Akamai
Regions and maps
• Akamai servers
grouped into regions
• Top Level Name
Servers (TLNS)
• Map request to the
most optimal region
• Low Level Name
Servers (LLNS)
• Map request to a
specific IP (or set of
IPs) in a region
Powering a Better Internet
© 2011 Akamai
Regions (cont.) and Cache Hierarchy
• Certain servers
designated “parents”
•
•
Akamai Server
May be in same region
Customer
or another region
Origin
Cache Hierarchy
•
•
•
If requested content
is not in cache, forward request to
parent.
Parent either serves from cache
or forwards request to
origin.
Parent then has object in
cache, and can share with
region.
DNS
Akamai
servers in
the same
region
• Inter-Cache Protocol
•
•
Before going to the
origin, GHost makes a
broadcast request to other
Ghosts in the region: "Does anyone have this object?“
If no response from another GHost before a fairly short timeout,
GHost goes forward to the parent or origin.
Powering a Better Internet
End User
© 2011 Akamai
Tracking customer traffic – CP Code
• CP Code = Content Provider Code
•
•
•
•
•
•
Assigned/managed by business services through ECMC.
Typically 1 per website.
More if reporting/billing needs are complex.
Tied to some list of services in the customer’s contract.
Assigned to a request by metadata or in a v1ARL.
One service per CP Code.
Powering a Better Internet
© 2011 Akamai
Origin ACL and CP Codes
• GHost maintains origin access control list
• Origin domains must be added to origin ACL.
• Added automatically to ACL when configured as origin in
configuration manager
• If origin configured manually in override, must also also
add hostname to ACL manually.
• Tools -> Origin Domains in portal
Powering a Better Internet
© 2011 Akamai
Lesson 2: The Akamai Solution Portfolio
Powering a Better Internet
© 2011 Akamai
The Akamai Solution Portfolio
• Advertising Decision Solutions (ADS)
• Dynamic Site Solutions (DSS)
• Digital Asset Solutions (DAS)
• Application Performance Solutions (APS)
• Origin Services
Powering a Better Internet
© 2011 Akamai
Advertising Decision Solution (ADS)
•
A robust behavioral targeting solution that allows enterprises to
increase advertising revenues and results with precise real-time
marketing.
•
ADS categories:
• ADS Predictive Segments
• ADS Descriptive Segments
Powering a Better Internet
© 2011 Akamai
Dynamic Site Solutions (DSS)
•
A group of solutions focused on accelerating dynamic sites with
personalized content and Web 2.0 technologies.
•
Solutions within DSS include:
• Dynamic Site Accelerator (DSA)
• DSA Enterprise
Powering a Better Internet
© 2011 Akamai
Digital Asset Solutions (DAS)
•
A range of solutions to better manage, control, deliver, monetize
and track digital assets leveraging the Internet.
•
Solutions within DAS include:
• Akamai HD Network
• Akamai Media Delivery
• Electronic Software Delivery (ESD)
• Stream Analyzer
Powering a Better Internet
© 2011 Akamai
Application Performance Solutions (APS)
•
A set of solutions that improve business to business and business
to employee applications.
•
Solutions within APS include:
• Web Application Accelerator (WAA)
• IP Application Accelerator
• Site Analyzer
Powering a Better Internet
© 2011 Akamai
Origin Services
•
A set of solutions that improve the availability and responsiveness
of origin servers and provides insights about end users’
geographic location.
•
Commonly used origin products include:
• Global Traffic Management
• Enhanced DNS (EDNS)
• EdgeScape
Powering a Better Internet
© 2011 Akamai
Lesson 3: Akamai EdgeControl
Powering a Better Internet
© 2011 Akamai
Akamai EdgeControl – What is it?
An extranet portal that
allows customers to:
• Control and manage
content
• Monitor and report on
Internet traffic
• Troubleshoot content
delivery issues
Powering a Better Internet
© 2011 Akamai
Akamai EdgeControl - Features
• Intuitive service based navigation
• Summary Views
• Reporting
• Alerting
• Performance and Usage Monitoring
• Training, Troubleshooting, and Support
Powering a Better Internet
© 2011 Akamai
Akamai EdgeControl Tools
• Content Refreshing Tools: Used to refresh cached content on
the Akamai server network.
• Configuration Manager: Used to configure how Akamai edge
servers:
• request content objects from your origin,
• cache or process those objects,
•
serve content to the requesting client.
• Diagnostic Tools: Used to diagnose content delivery problems.
Powering a Better Internet
© 2011 Akamai