This is going to be an amazing post, I can feel it!
I would like to share my knowledge and opinion about one of the best things ever happened to web technologies. Note that, I’m going try to explain what Akamai is at the simplest way.
Why is it one of the best things, you might ask. I’m going to explain what its features one by one.
Content Delivery Network
First of all, Akamai is a CDN. So, what is a CDN?
Basically, A CDN is a geographically distributed network of proxy servers and data centres which aims to distribute services with high availability and high performance. CDNs are commonly used today and serve a large portion of the Internet content, including web objects (text, graphics and scripts), downloadable objects (media files, software, documents), applications (e-commerce, portals), live streaming media, on-demand streaming media, and social networks.
There are free CDNs such as Cloudflare, Incapsula(They are free for personal usage) and there are paid CDNs such as Akamai, Amazon CloudFront, Azure CDN. Each of these provide various features. You can take a look about their features here(cdnoverview.com). It is up to businesses which to use based on their requirements.
An origin server is the machine where the actual codes are being served. That means you need to protect it and make sure nothing bad happens to it no matter what happens. Or bad things happen Site Reliability Engineers like me ( ͡° ͜ʖ ͡°).
Akamai is mainly based on edge servers and use them to provide different services.
Imagine you click indonesia.com(server is in Indonesia) and you are living in New York. To reduce the latency3, Akamai will use the nearest edge server to New York. So that your request doesn’t have to go all the way to Indonesian server. Instead, your request hits the Edge Server which caches indonesia.com. This reduces the page loading time.
You will see this term many times in this post.
Let’s get into Akamai’s features.
Net Storage is essentially a cache server with Standard File Transfer Protocol(SFTP). Know that it is different than edge server caching. In edge server caching, Akamai uses edge servers already being used as a hosting server. But in NetStorage feature, you need a another hosting(server).
The server aims for serving different types of objects without actually hitting the origin server. Even the static pages. For example, you are stalking your ex on Facebook, wondering if your ex found someone else or s/he is still alone like you are. You find out that s/he is actually with someone! Nervously, you open their photographs.
While you are viewing their photographs, Akamai serves the actual photographs, CSS, JS with their own servers(remember edge servers). Your requests don’t even hit Facebook servers because Facebook engineers have configured their Akamai property so that the related files are being served over Akamai’s own edge server. This way, there will be a significant respond time decrease.
In addition to the high performance advantage, there is also high availability advantage. By configuring those files in Akamai NetStorage, Facebook pretty much guarantees that their files in NetStorage will be served to end user if something happens to their origin servers.
You can also store your logs in NetStorage.
Everything you can imagine can be served with Akamai NetStorage. Even the error pages to handle each specific error page with a generic one.
Security is one of the most important aspects of a website. Websites are compromised all the time. You may think that your website doesn’t have worthy information to be stolen but this is not the only case. There are many attacks types such as:
- using your server as an email relay for spam,
- serving illegal files through your server,
- using your server as a coin miner,
- SQL injection4 to steal your data,
- XSS5(Cross Site Scripting),
- CSRF6(Cross Site Request Forgery).
There will be another post to explain about OWASP Top 10 Application Security Risks. So security is not something that you can put away.
Akamai has security features which you can configure and benefit from.
One of them is Network List Management. It allows you to create and manage lists you can deploy to the Akamai Network to be used by multiple Akamai products and features. Basically, you can whitelist(allow) or blacklist(block) certain IPs to secure your website.
Second of them is WaF(Web Application Firewall). WaF is a measure which analyses every request and response for all common forms of web traffic. Based on some criterions, it identifies and isolates or blocking abnormal malicious traffic, a WaF effectively prevents threats from reaching the server. WaF can:
- Use adaptive rate controls to protect your servers against DDoS(There is actually an Akamai team monitoring these rates) and other volumetric attacks by monitoring and controlling the rate of requests against applications,
- Enforce whitelist and blacklists,
- Be configured to define Request Limit Violations, Protocol Violations, HTTP Policy Violations and more,
- Show you the real time monitoring about the website hits.
Monitoring and Logging
In addition to all of these, Akamai keeps everything monitored and logged. This is a critical feature since these are the places you need to look when something goes wrong. One can also check the integrity and stability of the website.(More importantly, it is really satisfying to see the real time statistics of your site( ͡° ͜ʖ ͡°))
You can analyse:
- response codes(1xx, 2xx, 3xx, 4xx, 5xx),
- how many request have been responded with edge servers(%x) or how many of them actually hit origin servers(%x),
- user traffic statistics,
- which page is being loaded the most,
You can think of anything and it is being monitored.
We are living in a century where everything is getting abstracted. CDNs are perfect tools from the smallest companies to biggest ones if you don’t want to struggle with the features CDNs giving.
Akamai is the most popular CDN at the moment for many reasons such as stability, customer satisfaction and help, ease of use and many more. The only drawback is for the smallest companies, you need to pay a little too much. But you can contact with their sales team and have a good contract. It is worth investing.
- protecting a network or system from unauthorized access
- In computing, active data is often cached to shorten data access times, reduce latency and improve input/output (I/O). Because almost all application workload is dependent upon I/O operations, caching is used to improve application performance.
- latency = time page loads – time you click, basically
- An SQL injection is a computer attack in which malicious code is embedded in a poorly-designed application and then passed to the backend database. The malicious data then produces database query results or actions that should never have been executed.
- Cross-site Scripting (XSS) refers to client-side code injection attack wherein an attacker can execute malicious scripts (also commonly referred to as a malicious payload) into a legitimate website or web application.
- Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated.