Akamai CDN with Sitecore Content Management Instance
Introduction
The client that I am working with utilises Akamai as their Content Delivery Network, which sits in front of all their web applications. Due to the availability of such a fantastic CDN, it just makes sense to use as many features as possible that are available from their Akamai contract. The content authors are located all over the Asia Pacific and Japanese region (Australia, Singapore, Philippines, Vietnam, Malaysia, Thailand, Hong Kong, Japan). In this blog post, I will list out every single possible feature that makes the most sense on integrating with Akamai CDN on a Sitecore Content Management / Authoring instance, and explain the reasoning behind it all.
Security Features
One of the best set of features from Akamai is their Security offerings. Akamai puts the security intelligence all the way to the Edge, providing security to the applications 24/7/365.
The Sitecore Content Management instance is firewalled to only allow Akamai Edge servers and a few required internal connections to be routed through, which means there is no direct access by going to Sitecore Content Management directly at all. The list of IP addresses are provided via Akamai Site Shield as a list of ACLs. The address of the origin is therefore hidden away from users altogether.
The workforce has now evolved into a more mobile workforce. All content authors can and will work from anywhere in the world, including their offices, shared office spaces, homes, cafes, internet cafes, or any other internet / wifi hot spots around the world. The traditional VPN setup requires users to setup the VPN connection on their PCs, and it is even harder to setup on mobile or tablet devices. Traffic through VPN tunnel is usually slower, and usually comes with a network latency performance penalty. Enterprise Application Access completely removes the need to setup VPN tunneling. Accessing the Sitecore Content Management Instance requires an authentication to be authorised at the Edge first, before further access is granted to access Sitecore. There is no setup required from any users’ devices, as the authentication interface is all accessed via the web browser.
Performance Features
Akamai CDN provides last mile acceleration all the way to the edge. Application acceleration is what most people usually associate Akamai with. The performances features for Sitecore starts with Akamai Sure Route, which helps reduces the network latency to users. Akamai periodically sends a request to the origin, and updates the fastest network routes when traffic flows in between Edge servers.
The next feature is Adaptive Acceleration, which is part of Akamai ION. HTTP/2, Automatic Server Push by analysing Real User Monitoring data (mPulse) for each URL requests allows for parallel multiplexing download of attached assets, as well as optimised and predicted assets pushed to browser before the browser requests them. Furthermore, all Javascript and CSS requests are also given a further compression by using the Brotli compression format, which can further compress the files 15–25% smaller than GZip for supported browsers.
The most famous feature in the performance suite is definitely Akamai’s ability to cache content at the Edge. Just because Sitecore CMS is meant to be transactional, edge caching should not be ignored. The aim is to cache as much as possible that will not affect the operation of creating and saving content. This includes caching all SPEAK Javascript, CSS, media library, toolbars, ribbons, icons and the static dialogs. The Edge Cache TTL can be set to a very high value as those items will never change, unless a Sitecore upgrade / update is performed. Sitecore Out of the Box has very good browser cache settings already. However, how many times have we all come across with content authors and business users who always uses web applications in Private Mode for no good reason ? The aim is for the Sitecore application to only perform real work, and not busy with serving static assets or images.
Lastly, most web sites are getting quite heavy with images. Images are a great way to inspire visitors. Responsive design also means that images are cropped to different sizes depending on the break point view port size. Akamai Image Manager is a fantastic tool that any type of image transformations (eg. resizing, cropping) can be offload to the Edge, rather than done on Sitecore. Image manipulations on the fly, even though the result is saved on disk in the MediaCache folder, is still processor intensive. The normal image parameters from Sitecore can be ignored between Akamai Image Manager Super Cache and Sitecore, which means the full size, unresized, uncropped is served straight from the database. The cache key of that image can then be set with a very long TTL, and any image manipulation is then offload to the Edge. This results in only one cache key variation serving from Sitecore to Akamai. Furthermore, Akamai Image Manager will serve the most optimised image formats to the browser. Perpetual Quality setting also allows the images to be optimised to the maximum it can be, depending on the complexity of the image, to further reduce file sizes.
Akamai Property Manager Configuration Samples
I will share the individual settings just to show how easy it is to set up Akamai CDN for Sitecore Content Management instance.
mPulse script interferes with any /**/*upload*.aspx URL’s. The script interferes the file upload process and must be excluded.
Respect Sitecore’s browser cacheability settings by default, and just pass that setting straight through to users.
Apply GZip for all text based MIME types.
Enable HTTP/2 and Adaptive Acceleration settings from Akamai Ion Premier.
As the CMS performs various CRUD operations, allowing different type of HTTP Actions is important. Only HTTP GET and POST are enabled by default on Akamai.
WebDAV is required when the Request Method is OPTIONS. Sitecore Publishing Service requests for the Publishing Dashboard uses OPTIONS methods.
Force all requests to use HTTPS only.
Static assets for the web sites that are on disk should be sent to Akamai Netstorage, which is an Object Store like AWS S3 buckets or Azure Blob Storage. It is way too complicated to send Sitecore static assets to Netstorage due to the amount of different folder paths.
Sitecore managed media library URL’s generated from Content Editor and Experience Editor requires an authenticated session. As these URL’s need to be cached at the Edge, the authenticated sessions cannot be part of the cache key. By rewriting the URL before the requests goes to the origin, the authentication session is no longer required.
Summary
In this blog post, I have demonstrated how to utilise Akamai CDN for Sitecore Content Management instance. The theories and settings described can be applied to other CDN’s like Amazon CloudFront or CloudFlare.
