Building a Resilient World Wide Web



Similar documents
Life in the Cloud A Service Provider s View. Michael Smith mismith@akamai.com Security Evangelist

How To Understand The Power Of A Content Delivery Network (Cdn)

Making the Internet fast, reliable and secure. DE-CIX Customer Summit Steven Schecter <schecter@akamai.com>

Creating "Origin Pull" on Akamai (1)

Traffic delivery evolution in the Internet ENOG 4 Moscow 23 rd October 2012

Netflix Open Connect Network. PTT Forum December 2012 Flavio Amaral (South America Network Strategy)

Making the Internet Business-Ready

Distributed Systems. 23. Content Delivery Networks (CDN) Paul Krzyzanowski. Rutgers University. Fall 2015

AKAMAI SOLUTION BROCHURE CLOUD SECURITY SOLUTIONS FAST RELIABLE SECURE.

Learning Management Redefined. Acadox Infrastructure & Architecture

Akamai CDN, IPv6 and DNS security. Christian Kaufmann Akamai Technologies DENOG 5 14 th November 2013

Technical Brief. VBrick Rev & DME Interoperability with Cisco Wide Area Application Services (WAAS) and Akamai Connect

Web Application Hosting Cloud Architecture

Measuring the Web: Part I - - Content Delivery Networks. Prof. Anja Feldmann, Ph.D. Dr. Ramin Khalili Georgios Smaragdakis, PhD

BEST PRACTICES FOR IMPROVING EXTERNAL DNS RESILIENCY AND PERFORMANCE

Cloud Security In Your Contingency Plans

Distributed Systems. 25. Content Delivery Networks (CDN) 2014 Paul Krzyzanowski. Rutgers University. Fall 2014

Overview. Tor Circuit Setup (1) Tor Anonymity Network

Service Level Agreement for Windows Azure operated by 21Vianet

From Internet Data Centers to Data Centers in the Cloud

Approaches for DDoS an ISP Perspective.

Web Drive Limited TERMS AND CONDITIONS FOR THE SUPPLY OF SERVER HOSTING

Data to Decisions in a Globally Distributed Computing Environment

Radware ADC-VX Solution. The Agility of Virtual; The Predictability of Physical

Secure Content Delivery Network

Akamai Security Products

AKAMAI WHITE PAPER. Network Function Virtualization

Akamai to Incapsula Migration Guide

AKAMAI WHITE PAPER. Delivering Dynamic Web Content in Cloud Computing Applications: HTTP resource download performance modelling

FusionHub Virtual Appliance

Lab 5 Explicit Proxy Performance, Load Balancing & Redundancy

CLOUD SERVICES FOR EMS

The Importance of High Customer Experience

AAPT Business Content Delivery Network

Keeping Track of 70,000+ Servers: The Akamai Query System

OBSERVEIT DEPLOYMENT SIZING GUIDE

The last 18 months. AutoScale. IaaS. BizTalk Services Hyper-V Disaster Recovery Support. Multi-Factor Auth. Hyper-V Recovery.

How Akamai Maps the Net:

Designing a Cloud Storage System

Fault-Tolerant Computer System Design ECE 695/CS 590. Putting it All Together

CompTIA Cloud+ 9318; 5 Days, Instructor-led

Symantec Endpoint Protection Sizing and Scalability Best Practices White Paper

CompTIA Cloud+ Course Content. Length: 5 Days. Who Should Attend:

THE MASTER LIST OF DNS TERMINOLOGY. First Edition

AKAMAI WHITE PAPER. Accelerate and Protect your E-learning Initiatives using Akamai s Cloud Based Intelligent Platform TM

City of Coral Gables

Secure Content Delivery Network

Web Application Hosting in the AWS Cloud Best Practices

Ignify ecommerce. Item Requirements Notes

Radware ADC-VX Solution. The Agility of Virtual; The Predictability of Physical

Apache HBase. Crazy dances on the elephant back

CDN and Traffic-structure

AppSense Environment Manager. Enterprise Design Guide

Microsoft Exam

ISPS & WEBHOSTS SETUP REQUIREMENTS & SIGNUP FORM LOCAL CLOUD

TÓPICOS AVANÇADOS EM REDES ADVANCED TOPICS IN NETWORKS

WHITE PAPER: BEST PRACTICES. Sizing and Scalability Recommendations for Symantec Endpoint Protection. Symantec Enterprise Security Solutions Group

Experience with some Principles for Building an Internet-Scale Reliable System

Web Application Firewalls: When Are They Useful? OWASP AppSec Europe May The OWASP Foundation

OnApp Cloud. The complete platform for cloud service providers. 114 Cores. 286 Cores / 400 Cores

Akamai CDN, IPv6 and DNS security. Christian Kaufmann Akamai Technologies APNIC th August 2013

Why is Redundancy Important?

The Application Delivery Controller Understanding Next-Generation Load Balancing Appliances

SysAid Cloud Architecture Including Security and Disaster Recovery Plan

How the Software-Defined Data Center Is Transforming End User Computing

Akamai Solutions for Cloud Computing. Accelerate, Scale and Fortify Applications and Platforms Running in the Cloud

DNSSEC and DNS Proxying

High availability on the Catalyst Cloud

COMLINK Cloud Technical Specification Guide DEDICATED SERVER

Diagram 1: Islands of storage across a digital broadcast workflow

Cisco Wide Area Application Services (WAAS) Software Version 4.0

NephOS A Licensed End-to-end IaaS Cloud Software Stack for Enterprise or OEM On-premise Use.

Distributed Systems 19. Content Delivery Networks (CDN) Paul Krzyzanowski

bbc Overview Adobe Flash Media Rights Management Server September 2008 Version 1.5

for Lync Interaction Recording

Availability Digest. Prolexic a DDoS Mitigation Service Provider April 2013

DISSECTING VIDEO SERVER SELECTION STRATEGIES IN THE CDN [ICDCS 2011]

Microsoft SharePoint Architectural Models

Content Delivery Networks (CDN) Dr. Yingwu Zhu

RevShield Software Suite Network Security Review

A Guide to WAN Application Delivery for the SME Market

F5 Intelligent DNS Scale. Philippe Bogaerts Senior Field Systems Engineer mailto: Mob.:

An Analysis of Container-based Platforms for NFV

Stingray Traffic Manager Sizing Guide

Symantec Endpoint Protection 11.0 Architecture, Sizing, and Performance Recommendations

THE MASTER LIST OF DNS TERMINOLOGY. v 2.0

Rise of the Machines: An Internet-Wide Analysis of Web Bots in 2014

Mediasite EX server deployment guide

DNS Architecture Case Study: Resiliency and Disaster Recovery

Microsoft SQL Server 2008 R2 Enterprise Edition and Microsoft SharePoint Server 2010

Microsoft Hyper-V Powered by Rackspace & Microsoft Cloud Platform Powered by Rackspace Support Services Terms & Conditions

Why Managed DNS Services

White Paper. Optimizing the video experience for XenApp and XenDesktop deployments with CloudBridge. citrix.com

Achieving Zero Downtime for Apps in SQL Environments

BGP and Traffic Engineering with Akamai. Christian Kaufmann Akamai Technologies MENOG 14

DNS Best Practices. Mike Jager Network Startup Resource Center

Network measurement II. Sebastian Castro NZRS 27 th May 2015 Victoria University

Amazon Web Services Primer. William Strickland COP 6938 Fall 2012 University of Central Florida

How To Set Up A Shared Insight Cache Server On A Pc Or Macbook With A Virtual Environment On A Virtual Computer (For A Virtual) (For Pc Or Ipa) ( For Macbook) (Or Macbook). (For Macbook

Transcription:

Building a Resilient World Wide Web Michael Smith mismith@akamai.com Security Evangelist

Network Services: Simple? Customer Origin End User

The Akamai Platform Edge Delivery of Dynamic Web Sites, Web Applications, Secure Content, Streaming Media

Akamai What is it? The world s largest on-demand, distributed computing platform; it delivers all forms of Web content, video, and applications for over 4,000 customers and 50,000 domains on the Internet. Including: The top Media & Entertainment companies The top online retailers The top antivirus companies The top Internet portals All branches of US Military 15-30% of the world s web traffic Resulting in Daily Traffic of: 21+ million hits per second 6500+ Gbps 1,500,000+ concurrent streams 1+ trillion transactions 110,000+ Servers 1000+ Networks 78 Countries 5-7 NOCC Staff

Everyone Relies on Us to be Resilient Resilience for us means: Resilient Design Make stuff work, anticipating failure Resilient Transport Reliability when the Internet is suboptimum Attack Mitigation Preventing failures induced by attack

Akamai s Philosophy We assume that a significant number of component and system failures occur at all times in the network.

Consequences of the Philosophy Do Understand which rules to break Commodity hardware Third-party Datacenters Smaller regions Spread regions within ISPs Use the public Internet Have a small, dedicatedpurpose OS and application stack Don t Use established computing paradigms More reliable servers Own our own network Larger more reliable clusters Find most reliable datacenters Have dedicated links Use general-purpose COTS technology stack

Core Principles Principle #6: Notice and Quarantine Faults Principle #5: Zoning for Releases Principle #4: Fail-Stop & Restart Principle #3: Distributed Control Principle #2: Software for Message Reliability Principle #1: Ensure Significant Redundancy Philosophy: Assume numerous failures

Redundancy In Server/Buddy Clusters (Regions) Datacenters Cities Countries Continents

System Monitoring Leader Leader Aggregator Throughput (hits, bits) OS Load (CPU, RAM) POP2POP Latency Alert server Client Download Speed Link Availability BGP state NOCC NOCC Akamai Automated Alerts and Responses

DNS Abstraction is Key ;; QUESTION SECTION: ;www.akamai.com. IN A ;; ANSWER SECTION: www.akamai.com. 900 IN CNAME www-main.akamai.com.edgesuite.net. www-main.akamai.com.edgesuite.net. 764 IN CNAME a152.dscb.akamai.net. a152.dscb.akamai.net. 20 IN A 80.67.64.116 a152.dscb.akamai.net. 20 IN A 80.67.64.114

How It Works Secondary Site Akamai Server Origin HTTP/S DNS End User Akamai Net Storage 1. Dynamic DNS maps user to best edge server based on network topology and performance in real-time

How It Works Secondary Site Akamai Server Origin HTTP/S DNS End User Akamai Net Storage 2. A user s connection invokes metadata identifying explicit rulesets: where is the content, how should it be cached, should it be authenticated, performance features, failover options 3. Content is fetched from the origin site if needed

Metadata Capabilities Direct response (302, 404, 403) Deliver cached object IP rate limiting WAF rules Identification, authentication, and authorization Pull data from authoritative origin Failover to DR origin Failover to cloud storage User discrimination

Minimum Site Functionality Large flash crowds Datacenter failure Untrustworthy users Application attackers Scrapers Volumetric attacks

Thank you!

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information