Akamai HTTP Content Delivery Customer Activation Guide

Last updated: 31 May 2006

About Akamai Akamai is the leading global service provider for accelerating content and business processes online. More than 1,200 organizations have formed trusted relationships with Akamai, improving their revenue and reducing costs by maximizing the performance of their online businesses. Leveraging the Akamai EdgePlatform, these organizations gain business advantage today, and have the foundation for the emerging Web solutions of tomorrow. Akamai is "The Trusted Choice for Online Business." For more information, visit www.akamai.com.

Akamai Technologies, Inc. US Headquarters 8 Cambridge Center Cambridge, MA 02142 Tel: 617.444.3000 Fax: 617.444.3001 US Toll free: 877.4AKAMAI (877.425.2624) European Headquarters Heisenbergbogen 2 85609 Dornach Germany Tel: 49 89 94006 ext. 308 Fax: 49 89 94006 - 006 Asia-Pacific Headquarters Akamai Technologies Japan K.K. 15F Tokyo Ginko Kyokai building 1-3-1 Marunouchi, Chiyoda-ku, Tokyo 100-0005 Tel: 81-3-3216-7300 Fax: 81-3-2116-7390

Copyright 2006 Akamai Technologies, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system or translated into any language in any form by any means without the written permission of Akamai Technologies, Inc. While every precaution has been taken in the preparation of this document, Akamai Technologies, Inc. assumes no responsibility for errors, omissions, or for damages resulting from the use of the information herein. The information in these documents is believed to be accurate as of the date of this publication but is subject to change without notice. The information in this document is subject to the confidentiality provisions of the Terms & Conditions governing your use of Akamai services. Akamai, Akamaized, the Akamai wave logo, Delivering a Better Internet, EdgeComputing, EdgeScape, EdgeSuite, FreeFlow, and I.AM.AKAMAI are registered service marks of Akamai Technologies, Inc. EdgeControl, EdgeDiagnostics, SureRoute, and The Trusted Choice for Online Business are Akamai service marks. Other products or corporate names may be trademarks or registered trademarks of other companies and are used only for the explanation and to the owners benefit, without intent to infringe or to imply any endorsement of Akamai or its services by, or relationship between Akamai and, the owners of such marks or to imply that Akamai will continue to offer services compatible with technology offered by such owners.

Akamai HTTP Content Delivery Activation Guide

Contents
Preface .. ................................................................................. 4
Intended Audience ................................................................................................ 4 Document Organization......................................................................................... 4 Related Resources.................................................................................................. 4 Additional Help..................................................................................................... 4

Part 1: Akamai Content Delivery Activation ........................................ 5

How Akamai Content HTTP Delivery Works ........................................................... 5 Activation of Akamai HTTP Content Delivery .......................................................... 6 Step 1: Provide SSL certificate information to Akamai....................................... 6 Step 2: Create origin server hostname(s) .......................................................... 8 Step 3: Activate Akamai edge hostname(s) ....................................................... 9 Step 4: Activate Akamai content delivery configuration ................................... 10 Step 5: Activate and test log delivery ............................................................. 11 Step 6: Activate alerts and scheduled reports (optional) ................................... 12 Step 7: Activate a redirect for top-level domain (if applicable)........................... 12 Step 8: Test Akamai content delivery ............................................................ 13 Step 9: Point website/application to the Akamai network ................................ 16

Part 2: Origin server configuration ................................................... 17

Required changes to origin server configuration....................................................... 17

Part 3: DNS Record Reference ......................................................... 19

Proprietary and Confidential

Akamai HTTP Content Delivery Activation Guide

Chapter 1

Preface
The Akamai HTTP Content Delivery Activation Guide describes how to enable Akamai content delivery service for HTTP/HTTPS content, including a description of each activation step and a reference to DNS records. You should use this guide for generic websites and content hostnames, image hostnames, and hostnames for file downloads. Separate activation guides are available for Akamai streaming content delivery Akamai Dynamic Site Accelerator Akamai Web Application Accelerator

Intended Audience
This document is intended as a reference and checklist for technical personnel of Akamai customers who are responsible for the activation of Akamai HTTP content delivery for their web content.

Document Organization
Part 1 HTTP Content Delivery Activation provides a list of the required steps for enabling content delivery through EdgeSuite and instructions for completing them. Origin Server Configuration describes required changes to the configuration of origin servers in order for them to be compatible with a content delivery network. DNS Record Reference can be used as a record of DNS records for each website delivered from the Akamai network.

Part 2

Part 3

Related Resources
Additional documentation and tools related to the steps described in this Activation Guide are available in the EdgeControl Management Center at https://control.akamai.com.

Additional Help
For additional assistance, contact Akamai support.

Proprietary and Confidential

Akamai HTTP Content Delivery Activation Guide

Chapter 2

Part 1: Akamai Content Delivery Activation

How Akamai Content HTTP Delivery Works

The Akamai network is a distributed server platform for delivery of content and applications. It is composed of thousands of dispersed and dynamically-controlled edge servers that retrieve the content from content providers centralized servers and deliver it to the end users.

Activation of Akamai content delivery consists of: Changing your web environment to direct end-user requests to the Akamai network and to accept content requests from the Akamai edge servers. Creating an Akamai configuration to receive end-user requests for your content, to retrieve content from the origin servers, and to handle content, including caching and advanced processing. Activating monitoring and control systems, such as online reporting, alerts, and log delivery.

Proprietary and Confidential

Akamai HTTP Content Delivery Activation Guide

Activation of Akamai HTTP Content Delivery

As an Akamai customer, you can activate Akamai content delivery by completing the following steps, using the configuration management tools in the Akamai EdgeControl Management Center (control.akamai.com). Where required, you will be assisted by an Akamai implementation specialist. The following is the list of activation steps: 1. Submit SSL certificate information to Akamai (for Secure Content Delivery only) 2. Create origin server hostname(s) 3. Activate Akamai edge hostname(s) 4. Activate Akamai content delivery configuration 5. Activate log delivery 6. Activate alerts and scheduled reports (optional) 7. Create redirect for top-level domain (if necessary) 8. Test content delivery from the Akamai network 9. Point digital property or properties to Akamai These steps are described in detail in the following sections.

Step 1: Submit SSL certificate information to Akamai

NOTE:

Follow this step only if you also purchased the Akamai Secure Content Delivery service, in addition to the HTTP Content Delivery Service.

If you purchased the Akamai Secure Content Delivery service for your HTTPS content, Akamai will activate an SSL certificate for your website or content hostname on the Akamai secure edge servers. You do not need to provide to Akamai your existing SSL certificate. Akamai will create and activate a new SSL certificate. You need to provide to Akamai only the certificate information and your company information by filling out a request form and submitting it to Akamai.

To submit SSL certificate information to Akamai:

The SSL certificate request form is provided to you in your service activation package. If you have not received it or misplaced it, you can request it from Akamai support. Fill out the request form and submit it to Akamai. It typically takes 5-7 business days to create and activate your new SSL certificate after receipt of the certificate information. You will be

Proprietary and Confidential

Akamai HTTP Content Delivery Activation Guide

notified when your new SSL certificate is activated. You can complete other activation steps while the activation of the SSL certificate is being performed.

Proprietary and Confidential

Akamai HTTP Content Delivery Activation Guide

Step 2: Create origin server hostname(s)

In order for the Akamai edge servers to retrieve the original content from your servers and serve it to end-users, you need to set up an origin server hostname that resolves to your content servers. The origin server hostname is specified in your Akamai configuration file and is the exact location where the Akamai edge servers retrieve your content. The standard naming convention for an origin hostname is
origin-<website>

where <website> is the hostname of your content that will be delivered from the Akamai network, for example,
origin-www.example.com for www.example.com origin-media.example.com for media.example.com origin-images.example.com for images.example.com

To create the origin server hostname(s):

Create the DNS record for the origin server hostname on your authoritative name servers, just as you would create any other DNS record. The DNS record for the origin server hostname is typically an A record but could also be CNAME pointing to another record, for example,
origin-www.example.com. IN A 1.2.3.4 origin-www.example.com. IN CNAME loadbalancer.example.com.

If using Akamai Net Storage servers as origin servers

If you are using Akamai Net Storage servers as the origin servers for your content, you do not need to set up an origin server hostname pointing to your own servers. Akamai will provide you the origin server hostname that points to your Akamai Net Storage content hosting account. The DNS record for your Net Storage hostname would typically follow the naming convention of:
AKAMAI_CUSTOMER_NAME.download.akamai.com

Proprietary and Confidential

Akamai HTTP Content Delivery Activation Guide

Step 3: Activate Akamai edge hostname(s)

To deliver any website from the Akamai network, it must be pointed to an Akamai edge hostname. An edge hostname is a hostname on an Akamai domain, activated for each of your websites or applications, that resolves to the Akamai network. For example, if your website is www.example.com, it would point to the Akamai hostname www.example.com.edgesuite.net. www.example.com.edgesuite.net in turn resolves to the individual servers on the Akamai network.

Edge hostnames for non-secure (HTTP) and secure (HTTPS) content

The edge hostnames are different for non-secure (HTTP) and for secure (HTTPS) websites/applications. If your website/application has any secure (HTTPS) content, it is considered secure.
Content type Non-secure (HTTP) Secure (HTTPS) Digital Property www.example.com secure.example.com Edge host name www.example.com.edgesuite.net secure.example.com.edgekey.net

Activating edge hostnames for advanced Akamai services

If you are using the following Akamai services, you cannot activate your Akamai edge hostnames yourself: Secure Content Delivery, Dynamic Site Delivery / Dynamic Site Accelerator, Web Application Accelerator, China CDN Edge host names for these services are created for you by Akamai and provided to you. For all other services, you can activate your Akamai edge hostname(s) yourself.

To activate edge hostnames for basic HTTP content delivery:

1. 2. 3. 4.

Log in to the Akamai management center (control.akamai.com). Navigate to the Edge Hostnames tool. Proceed to create a new edge hostname. Enter and submit the hostname of your website/content/application the exact hostname that you will deliver from the Akamai content delivery network, for example,
www.example.com images.example.com

The activation time is 30-60 minutes. The activated edge hostname will be displayed for your reference.

Proprietary and Confidential

Akamai HTTP Content Delivery Activation Guide

Step 4: Activate Akamai content delivery configuration

In order for Akamai servers to be able to serve your website/application, a configuration file needs to be activated for them on the Akamai server. The configuration file is similar in function to a configuration file on your web servers or application servers. It contains: the hostname of your content/application the origin server hostname Akamai caching settings other performance and functional settings
To activate a configuration file:

1. Log in to the Akamai management center (control.akamai.com). 2. Navigate to the configuration management tool. 3. Proceed to create a new configuration. 4. Follow through the screens and select or enter appropriate settings for your content. The following guides are available to help you in selecting appropriate Akamai content delivery settings: Akamai Content Delivery (EdgeSuite) Integration Guide Time-to-Live in Cache: Methods and Considerations EdgeSuite Handling of Edge-Control & Other HTTP Headers Akamai implementation specialists are also available to assist you and review your configuration settings.

Configuration of advanced features

Some advanced Akamai services and features are not supported by the configuration management tools in the Akamai management center, and cannot be activated or edited directly by you. Configurations for these features and services are be activated for you by an Akamai specialist. If you are working on the initial activation of Akamai content delivery with an Akamai specialist, the specialist will indicate if any of the features that you need cannot be activated directly by you. If you yourself determine that you need a feature that you cannot activate yourself, contact Akamai support.

10

Proprietary and Confidential

Akamai HTTP Content Delivery Activation Guide

Step 5: Activate and test log delivery

You can receive Akamai server logs of all requests for your content in a standard log file format. These logs are aggregated from data from all Akamai servers, sorted by time, and can be delivered with specified frequency to your FTP servers. Log delivery is not enabled by default. If you need Akamai logs, you need to activate log delivery in the Akamai management center, control.akamai.com, by selecting log delivery preferences.
CAUTION:

It is important that log delivery is activated prior to delivering any content from the akamai network, as logs cannot be collected retroactively. It takes 24-48 hours for the log delivery to start from the time when you activate it.

Akamai strongly recommends that you activate log delivery for all of your content even if you do not immediately need the logs. Having Akamai logs delivered to you can help you troubleshoot content and configuration problems.

Using Akamai Net Storage servers for log delivery

If your Akamai services include the Net Storage content hosting, you can have Akamai logs delivered via FTP to your Net Storage account. To do this, specify the Net Storage FTP upload account in the log delivery settings. The Net Storage account information is included in your service activation package. You can also look it up in the Akamai management center (control.akamai.com).

To activate log delivery:

1. Log in to the akamai management center (control.akamai.com). 2. Navigate to the Log Delivery management tool. 3. Choose to begin log delivery or to edit existing log delivery for your Content Provider codes. 4. Specify and submit log delivery options.
Testing of log delivery

Akamai logs are delivered in standard log formats, such as W3C Extended log format. However, if you are currently using your own server logs for reporting or data analysis, you should verify that Akamai logs are fully compatible with your log processing application. After you receive the first log files from Akamai, test them through your regular log processing application or workflow, and adjust them if necessary. You do not need to wait until you begin delivering live content from the Akamai network before you can test the logs. The logs will contain the data from your testing of the Akamai content delivery configuration.

Proprietary and Confidential

11

Akamai HTTP Content Delivery Activation Guide

Step 6: Activate alerts and scheduled reports (optional)

In addition to standard online reports for Akamai content delivery, you can activate scheduled reports and real-time alerts.

To activate alerts and scheduled reports:

1. Log in to the Akamai management center (control.akamai.com). 2. Navigate to the reporting interface 3. Choose appropriate alerts and reports

Step 7: Activate a redirect for top-level domain (if applicable)

You need to perform this step only if you are planning to deliver from the Akamai network a www hostname, that can also be requested with a top-level domain, for example if your content can be downloaded as both
http://www.example.com and http://example.com

The domain name system prevents specifying top-level domains (e.g. example.com, as opposed to www.example.com) as CNAME records. Therefore, it is not possible to resolve these hostnames to the Akamai network with a CNAME to an edge hostname. But because a significant number of your end-users may request your content/application through the top-level domain, you should still direct these requests to the Akamai network. To do this, you should not change the DNS record for the top-level domain to point it to the Akamai network. Doing this can break your content/application and your corporate e-mail. Instead, you should create an HTTP redirect on your origin servers so that requests for any URL with the top-level domain are redirected to the corresponding hostname that will be pointed to the Akamai network through DNS. As a result, end-user requests for http(s)://example.com will still be received by your own origin servers. However, instead of directly serving the content, your servers will redirect the request to http(s)://www.example.com which will be served by the Akamai servers. This ensures that your servers are as much as possible shielded by the Akamai network. Although the request is received initially by your origin servers, the content is served from the Akamai network.

To create a redirect for a top-level domain:

Create an HTTP redirect on each of your web servers or on the load balancer. Requests for http://example.com/URL should be redirected by the origin servers to http://www.example.com/URL

12

Proprietary and Confidential

Akamai HTTP Content Delivery Activation Guide

Step 8: Test Akamai content delivery

You should thoroughly test the delivery of your content/application from the Akamai network before redirecting your production content to Akamai, to make sure that all existing content functionality is preserved. While the purpose of Akamai content delivery is to increase the performance and availability of your content, incorrect configuration settings can break various functions on your site.

Areas of testing

This section describes what you should test in the delivery of your content/application by Akamai. The following sections describe the methods of testing your Akamai configuration before directing your live end-users to the Akamai network. Functional testing If you have existing testing procedures for application and content releases, you should follow them when testing Akamai content delivery. If you do not have existing testing procedures, you should create a simple test plan that verifies that you can: access the site through regular entry pages, such as the homepage view images and download files (Flash, PDF, etc) view pages in normal formatting (application of style sheets) perform critical and common functions on the site, such as search, login, registration, posting recreate functions and transactions that a typical end-user would perform Testing of the Akamai configuration settings You can verify the expected behavior and effectiveness of the Akamai content delivery configuration in two ways: 1. Use the EdgeSuite Booster tool to verify that your pages, images and script files are cached on the Akamai servers. EdgeSuite Booster is a testing plug-in for the MSIE browser. It can be downloaded from the support section in the Akamai management center (control.akamai.com). 2. Use Akamai online reports to confirm that your content is served out of the Akamai server cache at an expected rate, for example, that the number of end-user requests to your origin servers is reduced by 60-80 percent.

Proprietary and Confidential

13

Akamai HTTP Content Delivery Activation Guide

Testing using the production digital property (recommended)

Depending on your content you can complete all testing by using the production digital property, such as www.example.com, by pointing the testers browsers directly to an Akamai edge server. This can be done by changing the hosts file on a local computer to point your website/application hostname(s) to an IP address of an Akamai edge server. The hosts file controls the DNS resolution of the browser and overrides production DNS records. The location of the host file differs depending on the computer platform: Windows NT/2000: /Winnt/System32/drivers/etc/Hosts Windows 98: /Windows/Hosts UNIX/Linux: /etc/hosts Mac: Depends on version. Information can be found at http://kbase.info.apple.com.

You can obtain an Akamai edge server IP address by resolving an Akamai edge hostname using any command-line DNS resolution tool such as nslookup, dig, or any web-based IP lookup tool. For example, if you resolve www.example.com.edgesuite.net, an Akamai edge hostname created by you in step 3 of this guide or provided to you by Akamai, you will obtain the following resolution:
www.example.com.edgesuite.net. IN CNAME a1234.g.akamai.net. a1234.g.akamai.net. 20 IN A 80.67.64.114 a1234.g.akamai.net. 20 IN A 80.67.64.116

The two IP addresses in the resolution are local Akamai servers. You can use either one for your testing.

DO NOT change the production DNS record for your website/application to point it directly to any Akamai IP address. Follow the instructions in the next section of this guide, when you are ready to switch your website/application to the Akamai network after testing.
CAUTION:

Cannot test using the edge hostname directly

Note that you cannot make requests for your content to Akamai using your Akamai edge hostname(s), for example,
www.example.com.edgesuite.net www.example.com.edgekey.net

The edge hostnames are used only to resolve your content to the Akamai network and are not meant to be used to request content.

14

Proprietary and Confidential

Akamai HTTP Content Delivery Activation Guide

Testing using a dedicated test host name (optional and limited)

In addition to modifying a local host file, you can create a non-public test hostname that resolves to the Akamai network and is specified in your Akamai configuration file. The standard naming convention for hostnames is
test-<website>

where <website> is the hostname of the content that will be delivered from the Akamai network, for example, www.example.com. The DNS record for the test hostname is a CNAME pointing to the edge hostname created in Step 3 of the activation, Activate Akamai edge hostname(s):
test-www.example.com. IN CNAME www.example.com.edgesuite.net.

It is NOT recommended that you use a test hostname for the testing of your initial Akamai configuration. You should do all initial testing with your production hostname, by pointing it directly to an Akamai IP address on a local computer. You should use a test hostname if you like to create a separate Akamai configuration for a test environment, where you can test new Akamai settings before implementing them in your production Akamai configuration.
To create a test configuration:

Activate a new Akamai configuration for your test hostname, as if it were a separate site, by repeating the steps in this guide.

Proprietary and Confidential

15

Akamai HTTP Content Delivery Activation Guide

Step 9: Point website/application to the Akamai network

The final step in the activation of Akamai content delivery is to point the production DNS record of the website/application the Akamai network. This is done by changing the existing DNS record to be a CNAME record that points to the Akamai edge hostname. Performing this step begins delivery of your content through EdgeSuite.

Making the DNS change to point your website/application to Akamai

To point your website/application, e.g. www.example.com, to the Akamai network, you should change the DNS record for www. example.com from
www.example.com. IN A x.x.x.x (where x.x.x.x is the IP address of your origin servers)

To
Non-secure (HTTP) site/application: www.example.com. IN CNAME www.example.com.edgesuite.net.

Secure (HTTPS) site/application: www.example.com. IN CNAME www.example.com.edgekey.net.

www.example.com.edgesuite.net

and www.example.com.edgekey.net is the Akamai edge hostname for your website/application. Refer to Step 3 of the activation, Activate Akamai edge hostname(s), to determine the exact edge hostname. The DNS record should be changed on all of your authoritative name servers. The time it takes for the DNS change to become active depends on the TTL on the existing DNS record for your site. It is commonly set to 1 day, which means that it would take up to one day for all of you end-users to begin being directed to the Akamai network To shorten the cut-over to the Akamai network, you can reduce the DNS TTL in advance of the change and increase it to the normal TTL after the change. You can switch your website/application to the Akamai network at any time after completing the activation steps and testing. No additional activation or monitoring is required by Akamai.

If you notice a problem after switching your content to Akamai:

If you notice any unexpected behaviors on your website/application after switching it to the Akamai network: 1. Roll back the DNS change to point the website/application back to your servers 2. Report the problem to Akamai This will allow you and Akamai to identify the problem in a controlled environment without affecting live end-users.

16

Proprietary and Confidential

Akamai HTTP Content Delivery Activation Guide

Chapter 3

Part 2: Origin server configuration

Required changes to origin server configuration

Delivery of content through the Akamai content delivery network introduces an additional layer in your infrastructure. As a result, it may require some changes to the configuration of your origin web servers, application servers, or load-balancer in order for them to be compatible with a content delivery network.

Load-balancing based on client IP addresses

If you are using a load balancer to distribute content request among multiple servers, you should change its configuration if it uses any of the following load balancing algorithms: Any algorithm based on client IP addresses Any algorithm based on least used connections to specific servers These methods of load balancing are not compatible with content delivery networks. Other methods of load balancing compatible with content delivery networks are: Random load distribution Round-robin distribution

Session stickiness (affinity) based on client IP addresses

If you are using session stickiness (affinity) that requires that all requests in an end-users session are mapped to the same origin server, you should change the method of maintaining session stickiness if it relies on: Client IP addresses URL re-writing These methods are not compatible with content delivery networks. Other methods that are compatible with content delivery networks are: Cookie-based session stickiness Alternatively, you can replicate session data across all servers and not use session stickiness at all.

Proprietary and Confidential

17

Akamai HTTP Content Delivery Activation Guide

Access control lists based on client IP addresses

If you are restricting access to your content by using an access control list (ACL), based on client IP addresses, you must turn it off before attempting to deliver the site from the Akamai network. Because Akamai servers mask the real client IP addresses from your origin servers, the existing ACL will no longer work and may deny all requests for your content. If you still need to maintain a client IP ACL, you can activate the same ACL in the Akamai configuration.

18

Proprietary and Confidential

Akamai HTTP Content Delivery Activation Guide

Chapter 4

Part 3: DNS Record Reference

This section provides examples of DNS records required to deliver a website/application from the Akamai content delivery network. Replace <example> with the actual hostname(s) of your content to determine the exact DNS records that should be created.
Example 1: non-secure www site Origin server host name Akamai edge host name Production host name
origin-www.example.com IN A <IP of origin servers> www.example.com.edgesuite.net. www.example.com. IN CNAME www.example.com.edgesuite.net.

Example 2: secure www site Origin server host name Akamai edge host name Production host name
origin-www.example.com IN A <IP of origin servers> www.example.com.edgekey.net. www.example.com. IN CNAME www.example.com.edgekey.net.

Example 3: non-secure image host name Origin server host name Akamai edge host name Production host name
origin-images.example.com IN A <IP of origin servers> images.example.com.edgesuite.net. images.example.com. IN CNAME images.example.com.edgesuite.net.

Proprietary and Confidential

19