Getting Started With Akamai
Getting Started With Akamai

Getting Started With Akamai

This guide is to teach you the basics of Akamai CDN and get up and running with existing infrastructure wether it be AWS or your own
 
Why Akamai?
Akamai is a global content delivery network (CDN) provider that helps businesses deliver their content faster and more securely to users around the world. You'd use Akamai to improve your website's performance, reduce latency, and protect your online presence from cyber threats.
 
Why use Akamai over something like AWS Cloudfront?
Akamai and Cloudfront are both powerful Content Delivery Networks (CDNs) that optimise website performance. While Cloud front is tightly integrated with AWS services, Akamai often boasts a larger global network and more advanced security features, making it a compelling choice for businesses prioritising performance and security.
 

Overview

Edge DNS Pipeline

  1. When a web client first sends a request it arrives in an Akamai edge node.
  1. Traffic is then checked if its from a bot or real, preventing DDoS for example
  1. The traffic is then prioritised if its verified as a real user and not a web crawler
  1. Traffic is then optimised with whatever scripts you choose, edge caching and specific audio/video optimisations as configured
  1. Any further network requests are then optimised depending on destination, assuming its still within your Akamai service - This also allows you to more safely and easily cutover any old services to new without disruption
 
notion image
 

Certificate Provisioning

Single - Property hostname with a single name
Wildcard - Entire property hostname eg www.*.example.com where * is anything
SAN - (Subject alternative name) Multiple names and alternative names under a single certificate
 
To get a Cert:
  1. Collect info needed for a cert
  1. Create CSR (Cert sign request)
  1. Submit
  1. Validate
  1. Issue Cert
  1. Retrieve cert
  1. Deploy to staging
  1. Deploy to prod
  1. Renew (When needed)
 

Property Manager

Like a config tool used across Akamai services.
You can add business rules in sequence that manage incoming and outgoing traffic. e.g if x route and y parameter, 50% of users get forwarded to z address
The config is executed when the traffic first hits an Akamai edge server
 
Steps to config properties
  1. Get Access as needed via Akamai IAM, ie Users, APIs and Service Account API
  1. Get certificate (See previous)
  1. Config Origin resource (Server(s) to connect to)
  1. Define properties in property manager
    1. Each property has versioning
    2. Activations to different environments
    3. Metadata is readable once properties are activated. These contain rules and hostname info
    4. Errors/warnings shown after activation, shown in the bottom left
  1. Test in staging
 
One activated, the new version will be deployed and the old archived - Making rollbacks much easier
 

Security Configuration

Akamai includes much of the expected stuff like Rate limiting, threat detection, scalability, monitoring and regulatory support
 
The security config sits before even the edge server. Also, security policies have versioning like the properties and deployment management
 
 

Cloudlets

Basically a function that runs after the edge server but before the origin which adds much more customisation ideal for business logic
 
At a basic level, they bring some functionality from the origin forward to make them faster, if you know what you need e.g Forwarding or load balancing, instead of doing them at the origin, if a certain header is present in the HTTP request
 

Caching & Purging

Akamai adds a cache-control header that allows for control.
 
You can also purge these at a network-wide scale, ie after an update to eliminate the long tail
 

Edge Diagnostics

An error code Akamai provides allows for error tracing but only stored for 48 hours.
When Akamai or the server has issues and users get a reference, we can use this to investigate
Simply search the string to see the reason, stack trace and IPs
 
We also have access statistics and monitoring that you can figure out as-needed
 
 

Step By Step Guide

In this guide, we’ll build an Akamai frontend for an apparel store focusing on Performance, Security, Specific location support and handle some debugging
 

Set Up CDN And Propagate to the Edge

  1. Ensure you have these ready to go:
    1. TLS Certificate (Organisation Wildcard SAN Certificate)
    2. Hostname (GoDaddy or Route 52)
    3. Origin Server (A simple S3 static site is fine)
  1. In Akamai, top left, Properties, open Property Manager and Create New
  1. Create a hostname, enter one you retrieved earlier
  1. Add the certificate you created earlier - Akamai will setup its own edge hostname which is what your hostname will point to now - Submit
  1. This will take time to propagate through the edge, you’ll know when the property manager is all green
  1. Scroll down and click Default Rule, add a Behaviour
  1. Search Origin Server and Insert Behaviour
    1. Paste the S3 link under Origin Server Hostname (Exclude the https:// and .index.html)
    2. Add another standard behaviour, search Content Provider Cache, insert and add new
    3. Add another standard behaviour, search Caching and insert
    4. Save
  1. Click Activate at the top then Activate Staging - Then do Production if all went well FYI Staging takes roughly 15 minutes and production about 30 minutes
  1. Test by searching the hostname
 
 

Adding Caching

  1. Create a new Rule, search Offload Origin
  1. Add caching and the rule from No Store to Cache
  1. Set a time maxage, e.g 5 minutes. This will affect the main site
  1. Add a Caching Hostname rule below that and add on for:
      • Javascript/CSS
      • Fonts
      • Images
      • Files
      • Other static
      • HTML etc.
  1. Generally follow defaults for each but tailor to your site, click Save and push to staging and production
      2. notion image
 
 
 

Purge Cache

  1. In Akamai, select Purge Cache and Fast Purge
  1. The first few options are fast to purge and will cause all new users to (at first) hit the origin server and get the latest assets. The Directory and Extension will take much time rebuilding
  1. To purge something very specific, ie a single image
    1. Get the S3 deployed URL of the existing asset (right click, get address)
    2. Paste in the Fast Purge text box with URLs selected
  1. Finally, ensure doing Delete and not just Invalidate for a worry-free purge
 
 

Cloudlet

The normal properties rulesets are executed top-to-bottom but cloudlets give you the control to step outside of that with your own custom business needs
Accordingly, you need to be careful
 
Example Redirect Cloudlet for different countries to different languages:
  1. Open Cloudlet within your chosen domain then Add Rule
  1. Select source url (Same as before, everything except http and index.html)
  1. Click Show Advanced View at the bottom - This allows us to do things like IF / ELSE
  1. Add and AND (Plus in the top right)
  1. Select user location data to get user location, country, is one of and finally Thailand - So when users have Thai internet they’ll be redirected to the Thai site Warning: Make sure you’re not also matching location in some other way for country, otherwise it’ll get stuck in a loop
  1. Save Rule then Activate Version, staging then later, production
      2. notion image
 

Guides and practical notes, training references, and code snippets shared freely for learning and career growth.