Date post: | 19-Aug-2015 |
Category: |
Technology |
Upload: | circuit |
View: | 99 times |
Download: | 0 times |
CIRCUIT – An Adobe Developer Event Presented by ICF Interactive
Akamai: Caching and Beyond
Puru Hemnani
whoami
• Puru Hemnani, Sr. Systems/Cloud Architect at ICF Cloud Services division
• Former Java/Application Developer • Experience/Responsibilities
– System/Application Performance Tuning – DevOps/Automation – Build systems/Infrastructure for High
availability and Fault tolerance.
Scope
• What is it all about – What are CDNs and why are they important in
today’s day and age – Overview of Akamai – Tuning Akamai for caching – Security – Mobile Optimization
What is CDN
• Content Delivery Network is a large distributed system of servers deployed in multiple datacenters across the internet.
• It serves the purpose of delivering content/data to the end user with lower latency, high availability and higher performance.
• CDN brings static content closer to users. • CDNs accelerate dynamic content • CDN defends and absorb security threats
Akamai
• Akamai is one of the most prominent players in the CDN space and is the global leader.
• Akamai delivers 30% of all internet traffic. • Akamai daily traffic often exceeds 25
terabits per second. • Akamai has more than 175,000 servers in
over 100 countries within over 1300 networks
Why Akamai
• Scalability – Akamai provides unlimited capacity and scale
• Speed – Lower latency by placing the content close to
end user • Reduced origin cost
– Reduced origin footprint resulting in efficiency • Security
– In built protection from DDOS and other types of cyber attacks.
Limitations of AEM for High Traffic Site
• AEM uses java based container for serving the sites
• Frequently changing content • Dispatcher cache has several limitations
– Cache invalidations – No TTLs – Treatment of query strings
• Extensibility makes it vulnerable to security threats
Tuning Basics
• Understanding your site and content – Static vs Dynamic content – Sessions and personalization – DAM assets vs html content – Advertising data – Traffic patterns – Application layer code stats – Use of Java scripts for personalization
Tuning Akamai: Why
• Akamai provides a vast range of tuning parameters and configuration options. If not tuned properly: – Low origin offload – Too fresh content – Poor site performance – Publishers crashing due to traffic spikes
Control TTLs at Origin
• Akamai makes is easy to control cache objects Time To Live (TTL) settings by use of HTTP headers
• Enable Honor-CacheControl and Honor-Expires
• Make use of following headers – Edge-Control – Cache-Control – Expires
Control TTLs at Origin
• Using Apache and mod_expires Edge-Control: cache-maxage=1h Cache-Control: no-store Expires: “now”
• In the absence of Edge-Control header, Cache-Control: max-age=600 ExpiresByType “image/gif” “access plus 1 hour”
Use Zero-TTL for Time-sensitive content
• Zero TTL (cache-maxage=0s) causes edge servers to contact origin for each request to ensure freshness
• No-Store Header? • If-Modified-Since requests are less
expensive than GET • Edge-Control: cache-maxage=0s
Query String treatment
• Ignore Query String • Ignore Query Arguments
• www.example.com/ getfile.asp?fileID=1234&randomKey=a1b2&sessionID=32Getfile.asp
• Ignore Case in cache • Include Query Strings
Error Response TTL (Negative TTL)
• By default, negative responses from origin are cached for 10 seconds.
• In practice, however 10 seconds error caching TTL is very low and can significantly increase the load on origin if you have recently migrated to a new site or have several bad links.
• Experiment with TTL of 5-10 mins for error caching.
Edge Side Includes (ESI)
• Edge Side Includes (ESI) make it possible for edge servers to assemble dynamic content.
• Because the edge server performs the assembly, pages that otherwise would have been entirely uncacheable can now be partially cached at the edge, reducing bandwidth costs and eliminating the "least-common-denominator" cacheability problem.
Why Security
• Security is important, why? – Cyber attacks becoming common
• According to FBI Director James Comey, “There are two kinds of big companies in the United States. There are those who’ve been hacked…and those who don’t know they’ve been hacked
• Target, Home Depot, Google, Apple iCloud
Security is important, why??
• Cost
• A recent survey by the Ponemon Institute showed the average cost of cyber crime for U.S. retail stores more than doubled from 2013 to an annual average of $8.6 million per company in 2014
• Web Application attacks cost these organizations on an average of 3.1 millions.
What can you do about it
• Web Application Firewall (WAF) – Most companies accept that WAF is an
effective and important tool in fighting the Web Application attacks, however
– Most organizations have not deployed their WAF in a manner that allows them to stop attacks
– Reason? • WAFs require significant management overhead
as much as three or more FTE assigned just to properly manage WAF.
Security features in Akamai
• Application Layer Security – ModSecurity rule set – Akamai Kona Rule Set – Custom rules
• Network Layer Controls • Rate Controls • Slow POST Protection
Kona Web Application Firewall by Akamai
• Kona WAF provides always-on and highly-scalable protection against web application attacks including SQL injections, cross-site scripting, and remote file inclusion - while keeping the performance high.
• It inspects every HTTP and HTTPS request, detecting and blocking threats to web applications before they reach the data center.
World is going mobile but…
• Challenges – Wireless network problems – Device limitations and inconsistencies – Constant rapid change
Can Akamai help?
• Edge Caching • Mobile Detection and Redirect • Front End Optimization • Adaptive Image Compression • Enhanced Mobile Protocol