CIRCUIT – An Adobe Developer Event Presented by ICF Interactive

Akamai: Caching and Beyond

Puru Hemnani

whoami

•  Puru Hemnani, Sr. Systems/Cloud Architect at ICF Cloud Services division

•  Former Java/Application Developer •  Experience/Responsibilities

– System/Application Performance Tuning – DevOps/Automation – Build systems/Infrastructure for High

availability and Fault tolerance.

Scope

•  What is it all about – What are CDNs and why are they important in

today’s day and age – Overview of Akamai – Tuning Akamai for caching – Security – Mobile Optimization

Content Delivery

Networks (CDN)

What is CDN

•  Content Delivery Network is a large distributed system of servers deployed in multiple datacenters across the internet.

•  It serves the purpose of delivering content/data to the end user with lower latency, high availability and higher performance.

•  CDN brings static content closer to users. •  CDNs accelerate dynamic content •  CDN defends and absorb security threats

Without CDN

With CDN

CDN Providers…

Akamai

•  Akamai is one of the most prominent players in the CDN space and is the global leader.

•  Akamai delivers 30% of all internet traffic. •  Akamai daily traffic often exceeds 25

terabits per second. •  Akamai has more than 175,000 servers in

over 100 countries within over 1300 networks

Why Akamai

•  Scalability – Akamai provides unlimited capacity and scale

•  Speed – Lower latency by placing the content close to

end user •  Reduced origin cost

– Reduced origin footprint resulting in efficiency •  Security

–  In built protection from DDOS and other types of cyber attacks.

Some traffic stats

Limitations of AEM for High Traffic Site

•  AEM uses java based container for serving the sites

•  Frequently changing content •  Dispatcher cache has several limitations

– Cache invalidations – No TTLs – Treatment of query strings

•  Extensibility makes it vulnerable to security threats

Tuning Basics

•  Understanding your site and content – Static vs Dynamic content – Sessions and personalization – DAM assets vs html content – Advertising data – Traffic patterns – Application layer code stats – Use of Java scripts for personalization

WebPageTest can help

WebPageTest Summary

Tuning Akamai: Why

•  Akamai provides a vast range of tuning parameters and configuration options. If not tuned properly: – Low origin offload – Too fresh content – Poor site performance – Publishers crashing due to traffic spikes

Control TTLs at Origin

•  Akamai makes is easy to control cache objects Time To Live (TTL) settings by use of HTTP headers

•  Enable Honor-CacheControl and Honor-Expires

•  Make use of following headers – Edge-Control – Cache-Control – Expires

Control TTLs at Origin

•  Using Apache and mod_expires Edge-Control: cache-maxage=1h Cache-Control: no-store Expires: “now”

•  In the absence of Edge-Control header, Cache-Control: max-age=600 ExpiresByType “image/gif” “access plus 1 hour”

Use Zero-TTL for Time-sensitive content

•  Zero TTL (cache-maxage=0s) causes edge servers to contact origin for each request to ensure freshness

•  No-Store Header? •  If-Modified-Since requests are less

expensive than GET •  Edge-Control: cache-maxage=0s

Query String treatment

•  Ignore Query String •  Ignore Query Arguments

•  www.example.com/ getfile.asp?fileID=1234&randomKey=a1b2&sessionID=32Getfile.asp

•  Ignore Case in cache •  Include Query Strings

Error Response TTL (Negative TTL)

•  By default, negative responses from origin are cached for 10 seconds.

•  In practice, however 10 seconds error caching TTL is very low and can significantly increase the load on origin if you have recently migrated to a new site or have several bad links.

•  Experiment with TTL of 5-10 mins for error caching.

Edge Side Includes (ESI)

•  Edge Side Includes (ESI) make it possible for edge servers to assemble dynamic content.

•  Because the edge server performs the assembly, pages that otherwise would have been entirely uncacheable can now be partially cached at the edge, reducing bandwidth costs and eliminating the "least-common-denominator" cacheability problem.

Security

Why Security

•  Security is important, why? – Cyber attacks becoming common

•  According to FBI Director James Comey, “There are two kinds of big companies in the United States. There are those who’ve been hacked…and those who don’t know they’ve been hacked

•  Target, Home Depot, Google, Apple iCloud

Security is important, why??

•  Cost

•  A recent survey by the Ponemon Institute showed the average cost of cyber crime for U.S. retail stores more than doubled from 2013 to an annual average of $8.6 million per company in 2014

•  Web Application attacks cost these organizations on an average of 3.1 millions.

Security Cost breakdown..

What can you do about it

•  Web Application Firewall (WAF) – Most companies accept that WAF is an

effective and important tool in fighting the Web Application attacks, however

– Most organizations have not deployed their WAF in a manner that allows them to stop attacks

– Reason? •  WAFs require significant management overhead

as much as three or more FTE assigned just to properly manage WAF.

Manage WAF - Cost

Options…

•  Mod Security (Open Source) •  Cloudflare •  Incapsula •  Kona WAF by Akamai

How it helps!

Security features in Akamai

•  Application Layer Security – ModSecurity rule set – Akamai Kona Rule Set – Custom rules

•  Network Layer Controls •  Rate Controls •  Slow POST Protection

Kona Web Application Firewall by Akamai

•  Kona WAF provides always-on and highly-scalable protection against web application attacks including SQL injections, cross-site scripting, and remote file inclusion - while keeping the performance high.

•  It inspects every HTTP and HTTPS request, detecting and blocking threats to web applications before they reach the data center.

Mobile Optimization

Why Mobile Experience is important

World is going mobile but…

•  Challenges – Wireless network problems – Device limitations and inconsistencies – Constant rapid change

Can Akamai help?

•  Edge Caching •  Mobile Detection and Redirect •  Front End Optimization •  Adaptive Image Compression •  Enhanced Mobile Protocol

Mobile Redirects

Advantage of Edge redirects

Async JavaScript

Backend Latency

Q & A

Questions?

Email: phemnani@icfi.com