Tokyo
Evolution of Edge Services Prasad Kalyanaraman, VP, Edge Services Amazon Web Services
2008: CloudFront AWS launches Amazon CloudFront, an easy-to-use, pay-as-you-go CDN service with 14 PoPs (including Tokyo) using S3 as origin
Rapid iteration on capabilities 2008 2009 2010 2011 2012 2013 2014 CloudFront Service launched with 14 PoPs New Lower Pricing Tiers Access Logging Capability CloudFront Management Console Private Content Streaming Video on Demand Singapore Edge Private Streaming Price Drop HTTPS Support Lower 1-Hour TTLs Access Logs - Streaming NYC Edge Location Enhanced Logs Default Root Object Invalidation Custom Origins Service Level Agreement Jacksonville Edge Paris Edge Location (IAM) Identity & Access Management Price Drop Free Inbound Data Transfer Stockholm Edge Live Streaming Sao Paulo Edge Location Second LA Edge San Jose Edge South Bend Edge 2 nd. NY Edge Large Object Support CloudFront Tops 20K customers Osaka Edge Location Milan Edge Location Lower Minimum Content Expiration Periods Live Streaming FMS 4.5 Geo-blocking tutorial Second Virginia Edge Second Singapore Edge Second Frankfurt Edge Second London Edge Smooth Streaming Dynamic Content Support Multiple Cache Behaviors Multiple Origin Servers Query String Parameters Second Dallas Edge Second Paris Edge Sydney Edge 2 nd Amsterdam Edge Cookie Support Price Classes Enhanced Logs Madrid, Spain Edge Private Content Console Second Tokyo Edge Hayward, CA Edge Third NY Edge Second Hong Kong Edge Lower inter-region pricing Korea Edge Zone Apex Support Custom SSL Support Chennai Edge Mumbai Edge Third VA Edge WOWZA Support Support for HTTP 1.1 Rio de Janeiro& Taipei Edges Smooth Streaming Support SNI Custom SSL & HTTP to HTTPS Redirect Usage Charts EDNS-Client-Subnet Support Free usage tier CloudTrail support CloudFront API Device Detection, Geo Targeting, Host Header Forwarding, & CORS New Melbourne edge Support Advanced SSL Features Wildcard Cookies Support Options Caching Support Monitoring & Alarming Cache Statistics Charts, Popular Objects Report and More Timely Access Logs Reduced regional prices Data transferred from AWS regions to CloudFront now free Directory Path as Origin Name Locations, Browsers, OS and Top Referrers Reports
2010: Route 53
2013: Amazon Elastic Transcoder
Edge Services CloudFront Route 53 Elastic Transcoder
Today We Will Focus on Two Questions How is AWS Different than Traditional Providers? How Do We Do It? What Have We Built that is Different?
Our Tenets Highly Available Fast Performing Scalable Secure Low Cost Easy to Use
Availability & Performance
2008: 14 Edge Locations North America Ashburn, VA Dallas, TX Los Angeles, CA Miami, FL Newark, NJ Palo Alto, CA Seattle, WA St Louis, Mo Europe Amsterdam Dublin Frankfurt London Asia Hong Kong Tokyo
2015: 53 Edge Locations North America Ashburn, VA (3) Atlanta, GA Dallas, TX (2) Hayward, CA Jacksonville, FL Los Angeles, CA (2) Miami, FL New York (3) Newark, NJ Palo Alto, CA San Jose, CA Seattle, WA South Bend, In St Louis, Mo Europe Amsterdam (2) Dublin Frankfurt (3) London (3) Madrid Marseille Milan Paris (2) Stockholm Warsaw South America Sao Paolo Rio de Janeiro Asia Chennai Hong Kong (2) Mumbai Manila Melbourne Osaka Seoul Singapore (2) Sydney Taipei Tokyo (2)
Today: AWS s Edge Network POPs Countries Cities Continents North America South America EMEA APAC AWS Region CloudFront Edge Location
Availability: AWS vs. Traditional Providers Traditional Providers AWS Edge Services Give you 100% SLA this is meaningless. Further it is measured on server side or from backbone networks Server side SLA is diagnostics metric. Customers care about client side availability and performance Restrict the POPs they use depending on cost All POPs available for all customers
How we measure performance & availability Real User Measurements (RUM) Measurements from where your actual user Last Mile Measurements Measurements from ISP s location Data center/back bone measurements Measurements from Data Centers
Availability: Client Side Availability 100.00% Client Availability In Japan 100.00% 99.80% 99.60% 99.56% 99.40% 99.42% 99.20% 99.00% CloudFront "Traditional CDN" Route 53 *Data from Cedexis, Last 30 Days, Availability measured over Japan Regions. 5/28/2015
Performance: CloudFront CDN Latency Milliseconds 180 160 140 120 100 80 60 40 20 Client Performance in Japan - 95 th Percentile - 75 th Percentile --------- Mean - 50 th Percentile - 25 th Percentile - 10 th Percentile 0 CloudFront "Traditional CDN" *Data from Cedexis, Last 30 Days, Response Time Measure of Japan. 5/28/15
Security
Security: AWS vs. Traditional Providers Traditional Providers AWS Edge Services Security is a Premium Service Security is inherent; Everybody gets it SSL Platform Fees No Platform fees. Self-service & Easy to use Charge based on our cost. Always look for ways to lower cost to customers. Multiple options to deliver SSL free of cost (SNI, CloudFront.net)
Security: Advanced SSL & Security Features Performance Improvements for SSL SSL Session Tickets OCSP Stapling Security Enhancements Perfect Forward Secrecy Newer Ciphers These features are enabled automatically and at no extra charge CloudTrail Support Signed Cookies
Scalability
Scalability: AWS vs. Traditional Providers Traditional Providers AWS Edge Services Penalties for bursting traffic Pay only for what you use Commitment required Use resources on-demand Set up or Platform fees Frictionless self-service signup
Edge Services Scalability We are built to handle large scale events like Super Bowl commercials
Edge Services Scalability Scaling events in Japan 11x spike Japanese news site May 2015 6x Spike by Japanese magazine site May 2015
Low Cost
Edge Services Low Cost Traditional Providers AWS Edge Services Need Minimum commitment Pay as you go Set up or Platform fees Pay ONLY for Data Transfer & Requests Penalties for overage or bursting Pay for what you use Premium for Dynamic content Some providers: 1GB=1000MB, 1MB=1000KB, 1KB=1000B Static & Dynamic cost the same 1GB=1024MB, 1MB=1024KB, 1KB=1024B Price per GB is 7% cheaper
Pricing Features and Prices Decreases 2008 2009 2010 2011 2012 2013 2014 CloudFront Service launched with 14 PoPs New Lower Pricing Tiers Access Logging Capability CloudFront Management Console Private Content Streaming Video on Demand Singapore Edge Private Streaming Price Drop HTTPS Support Lower 1-Hour TTLs Access Logs - Streaming NYC Edge Location Enhanced Logs Default Root Object Invalidation Custom Origins Service Level Agreement Jacksonville Edge Paris Edge Location (IAM) Identity & Access Management Price Drop Free Inbound Data Transfer Stockholm Edge Live Streaming Sao Paulo Edge Location Second LA Edge San Jose Edge South Bend Edge 2 nd. NY Edge Large Object Support CloudFront Tops 20K customers Osaka Edge Location Milan Edge Location Lower Minimum Content Expiration Periods Live Streaming FMS 4.5 Geo-blocking tutorial Second Virginia Edge Second Singapore Edge Second Frankfurt Edge Second London Edge Smooth Streaming Dynamic Content Support Multiple Cache Behaviors Multiple Origin Servers Query String Parameters Second Dallas Edge Second Paris Edge Sydney Edge 2 nd Amsterdam Edge Cookie Support Price Classes Enhanced Logs Madrid, Spain Edge Private Content Console Second Tokyo Edge Hayward, CA Edge Third NY Edge Second Hong Kong Edge Lower inter-region pricing Korea Edge Zone Apex Support Custom SSL Support Chennai Edge Mumbai Edge Third VA Edge WOWZA Support Support for HTTP 1.1 Rio de Janeiro& Taipei Edges Smooth Streaming Support SNI Custom SSL & HTTP to HTTPS Redirect Usage Charts EDNS-Client-Subnet Support Free usage tier CloudTrail support CloudFront API Device Detection, Geo Targeting, Host Header Forwarding, & CORS New Melbourne edge Support Advanced SSL Features Wildcard Cookies Support Options Caching Support Monitoring & Alarming Cache Statistics Charts, Popular Objects Report and More Timely Access Logs Reduced regional prices Data transferred from AWS regions to CloudFront now free Directory Path as Origin Name Locations, Browsers, OS and Top Referrers Reports
Easy to Use
Easy to Use: AWS vs. Traditional Providers Traditional Providers AWS Edge Services Contact Sales to get started Self-service sign up Sign contracts No contracts, or commitment Wait for hours to make changes Make changes anytime, anywhere Use APIs or AWS Management console Often times custom code No Custom Code
How Do We Do It
How Do We Do It? 1. We listen to our customers and are focused on their experience 2. We design & build systems for Internet Scale from the getgo 3. We deeply analyze every single customer issue, learn how to improve resiliency of our systems, then we apply those improvements broadly across services 4. We use our services internally to power most critical applications at Amazon 5. Kaizen applied to software engineering
What have we built for customers recently? Today we talk about 5 very specific examples of internal improvements we have done. None of them increased cost for customers (some even reduced their cost!!) : 1. Availability Improvement - Food Taster 2. Availability/Security Improvement - Distribution Signatures 3. Availability/Security Improvement Inline DDoS Mitigation 4. Ease of use CloudFront Reporting & Analytics platform/multi-object Invalidation 5. Low Cost Free AWS origin to CloudFront traffic
Availability: How Do We Do It? Edge Services Food Taster Tool What does it do? Provides extra layer of automated checks before any changes go live (CloudFront and customer) User simulated validation through our data plane How does it improve availability? Prevents unintended/malicious updates to Edge Ensures configuration changes do not affect data plane
Availability/Security: How Do We Do It? Distribution Signatures Every distribution has a unique combination of a shared IP space users When the IP space is attacked, we know which distribution is targeted DDoS attack distribution distribution CloudFront edge location distribution Once identified, we can isolate the DDoS traffic from normal traffic there by protecting the infrastructure and our customers users DDoS attack distribution CloudFront edge location
Availability/Security: How Do We Do It? DDoS Mitigation Protected by custombuilt DDoS mitigation systems and servicebased defences Every packet is inspected & scored using learning algorithms DDoS Attack Users DDoS Mitigation System Edge Location DDoS Mitigation System CloudFront Route 53 CloudFront Route 53 AWS Region Customer s Origin Infrastructure (ELB, EC2, S3, etc). Inline systems engage quickly without impact to availability, throughput and latency
Recent DDoS Attack Amazon Route 53 Response Time May 6, 2015 DNS query flood targeting 34 of our edge locations Peak volume was in top 4% of all DDoS attacks (source: Arbor Networks) Automatically detected and mitigated with no impact to availability Hundreds of DDoS attacks mitigated each year
Easy to Use: How Do We Do It? A rich CloudFront reporting suite Real Time Monitoring via CloudWatch Multi-object invalidation simple for customers and it is cheaper All of these at no additional cost for customers
Operational Metrics via CloudWatch Directly as a result of feedback from JP customers 1-2 Minute visibility for Six Key Metrics Requests, Bytes Downloaded, Bytes Uploaded, 4xx Errors, 5xx Errors & Total Error Rate Choose daily, hourly, 5- min, or 1-min granularity
Integrated CloudWatch Alarming
CloudFront Reporting Suite Rich metrics for more detailed insight Usage Charts Cache Statistics Popular Objects Browser, Operating Systems, Devices, Locations, & Top Referrers
CloudFront Reporting Suite Rich metrics for more detailed insight Usage Charts Cache Statistics Popular Objects Browser, Operating Systems, Devices, Locations, & Top Referrers
CloudFront Reporting Suite Rich metrics for more detailed insight Usage Charts Cache Statistics Popular Objects Browser, Operating Systems, Devices, Locations, & Top Referrers
CloudFront Reporting Suite Rich metrics for more detailed insight Usage Charts Cache Statistics Popular Objects Browser, Operating Systems, Devices, Locations, & Top Referrers
Low Cost: How do we do it? Edge locations connected over our own backbone giving customers better performance and lower cost Lower cost for AWS translates to lower prices for customers No Data Transfer charges from AWS Region to CloudFront No Additional Costs to deliver SSL content (SNI, CloudFront.net) Domain Registration in Route 53 Data transfer bill directly a result of bytes transferred * price No surcharges, No hidden charges, No gimmicks
We use our services internally - Amazon Trusts CloudFront
Critical AWS Services Depend on Route 53 ELB RDS aws.amazon.com Elastic Compute (EC2) CloudFront Amazon S3
Customers Across Many Use Cases Media & Entertainment Gaming News, Weather, Sports, & Social Media Large File Downloads NASA/JPL E-commerce
What Makes Edge Services Unique
What makes Edge Services unique? 1. Inline DDoS mitigation Built based on multiple years of experience defending against attacks from Amazon.com days 2. DDoS mitigation capacity massively scaled network that uses multiple providers across AWS regions and Edge locations 3. Real Time Alarming integrated with CloudWatch an existing AWS service that customers already rely on for monitoring needs (other AWS integration points include Elastic Transcoder, Route 53, Lambda, S3, etc) 4. Free AWS origin to CloudFront traffic Free because we built a scalable backbone connecting regions and POPs 5. Distribution Signatures Leveraged learnings when we built other services such as Route 53 (Shuffle Sharding)
An example of internal scale that lead to innovation for our customers - Metro Sites New CloudFront architecture optimized for large object delivery with large edge storage requirements Higher throughput Larger edge storage In production for AIV AIV Performance Metrics CloudFront vs CDN A (bps) vs CDN B (bps) Zero Error Rate 99.57% +47 +2 Zero Rebuffer Rate 96.07% +84 +27
Examples of capabilities we can build leveraging other AWS Services CloudFront reporting and analytics platform is based on Kinesis. Data from logs can be dropped into Redshift for custom reporting. Route 53 health checking integrated with other AWS services like RDS/ELB/S3 for high availability
As we build new features and services our tenets will remain Highly Fast Available Performing Scalable Secure Low Cost Easy to Use 52
@cloudfront