Puru Hemnani - ICF Interactive
The session will go over the advantages of CDN in general and Akamai caching in particular. Akamai is one of the most commonly used caching option with AEM and several clients use it. There are several features and akamai tuning options such as Error caching, GeoRouting, ESI, Siteshield, WAF that can help developers and system engineers make the sites faster and secure. Configuring it correctly can also reduce the licensing requirements for AEM as well as infrastructure costs as you can serve much higher amount of traffic with less number of origin servers.
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
CIRCUIT 2015 - Akamai: Caching and Beyond
1. CIRCUIT – An Adobe Developer Event
Presented by ICF Interactive
Akamai: Caching
and Beyond
Puru Hemnani
2. whoami
• Puru Hemnani, Sr. Systems/Cloud
Architect at ICF Cloud Services division
• Former Java/Application Developer
• Experience/Responsibilities
– System/Application Performance Tuning
– DevOps/Automation
– Build systems/Infrastructure for High
availability and Fault tolerance.
3. Scope
• What is it all about
– What are CDNs and why are they important in
today’s day and age
– Overview of Akamai
– Tuning Akamai for caching
– Security
– Mobile Optimization
5. What is CDN
• Content Delivery Network is a large
distributed system of servers deployed in
multiple datacenters across the internet.
• It serves the purpose of delivering content/
data to the end user with lower latency,
high availability and higher performance.
• CDN brings static content closer to users.
• CDNs accelerate dynamic content
• CDN defends and absorb security threats
9. Akamai
• Akamai is one of the most prominent
players in the CDN space and is the global
leader.
• Akamai delivers 30% of all internet traffic.
• Akamai daily traffic often exceeds 25
terabits per second.
• Akamai has more than 175,000 servers in
over 100 countries within over 1300
networks
10. Why Akamai
• Scalability
– Akamai provides unlimited capacity and scale
• Speed
– Lower latency by placing the content close to
end user
• Reduced origin cost
– Reduced origin footprint resulting in efficiency
• Security
– In built protection from DDOS and other types
of cyber attacks.
12. Limitations of AEM for High Traffic Site
• AEM uses java based container for
serving the sites
• Frequently changing content
• Dispatcher cache has several limitations
– Cache invalidations
– No TTLs
– Treatment of query strings
• Extensibility makes it vulnerable to
security threats
13. Tuning Basics
• Understanding your site and content
– Static vs Dynamic content
– Sessions and personalization
– DAM assets vs html content
– Advertising data
– Traffic patterns
– Application layer code stats
– Use of Java scripts for personalization
16. Tuning Akamai: Why
• Akamai provides a vast range of tuning
parameters and configuration options. If
not tuned properly:
– Low origin offload
– Too fresh content
– Poor site performance
– Publishers crashing due to traffic spikes
17. Control TTLs at Origin
• Akamai makes is easy to control cache
objects Time To Live (TTL) settings by use
of HTTP headers
• Enable Honor-CacheControl and Honor-
Expires
• Make use of following headers
– Edge-Control
– Cache-Control
– Expires
18. Control TTLs at Origin
• Using Apache and mod_expires
Edge-Control: cache-maxage=1h
Cache-Control: no-store
Expires: “now”
• In the absence of Edge-Control header,
Cache-Control: max-age=600
ExpiresByType “image/gif” “access plus 1 hour”
19. Use Zero-TTL for Time-sensitive content
• Zero TTL (cache-maxage=0s) causes
edge servers to contact origin for each
request to ensure freshness
• No-Store Header?
• If-Modified-Since requests are less
expensive than GET
• Edge-Control: cache-maxage=0s
20. Query String treatment
• Ignore Query String
• Ignore Query Arguments
• www.example.com/ getfile.asp?
fileID=1234&randomKey=a1b2&sessionID=32Getfi
le.asp
• Ignore Case in cache
• Include Query Strings
21. Error Response TTL (Negative TTL)
• By default, negative responses from origin
are cached for 10 seconds.
• In practice, however 10 seconds error
caching TTL is very low and can
significantly increase the load on origin if
you have recently migrated to a new site
or have several bad links.
• Experiment with TTL of 5-10 mins for error
caching.
22. Edge Side Includes (ESI)
• Edge Side Includes (ESI) make it possible
for edge servers to assemble dynamic
content.
• Because the edge server performs the
assembly, pages that otherwise would
have been entirely uncacheable can now
be partially cached at the edge, reducing
bandwidth costs and eliminating the "least-
common-denominator" cacheability
problem.
24. Why Security
• Security is important, why?
– Cyber attacks becoming common
• According to FBI Director James Comey, “There
are two kinds of big companies in the United
States. There are those who’ve been hacked…and
those who don’t know they’ve been hacked
• Target, Home Depot, Google, Apple iCloud
25. Security is important, why??
• Cost
• A recent survey by the Ponemon Institute showed
the average cost of cyber crime for U.S. retail
stores more than doubled from 2013 to an annual
average of $8.6 million per company in 2014
• Web Application attacks cost these organizations
on an average of 3.1 millions.
27. What can you do about it
• Web Application Firewall (WAF)
– Most companies accept that WAF is an
effective and important tool in fighting the Web
Application attacks, however
– Most organizations have not deployed their
WAF in a manner that allows them to stop
attacks
– Reason?
• WAFs require significant management overhead
as much as three or more FTE assigned just to
properly manage WAF.
31. Security features in Akamai
• Application Layer Security
– ModSecurity rule set
– Akamai Kona Rule Set
– Custom rules
• Network Layer Controls
• Rate Controls
• Slow POST Protection
32. Kona Web Application Firewall by Akamai
• Kona WAF provides always-on and highly-
scalable protection against web
application attacks including SQL
injections, cross-site scripting, and remote
file inclusion - while keeping the
performance high.
• It inspects every HTTP and HTTPS
request, detecting and blocking threats to
web applications before they reach the
data center.