Stacking CDNs for Improved Performance and Security
I recently worked with a client whose large e-commerce site was hosted with a popular cloud-based commerce solution. Its business was growing rapidly into new geographic markets, and it was not satisfied with the embedded content delivery network (eCDN) that was bundled with the cloud solution. We demonstrated that a stacked content delivery network (CDN) approach -- adding Akamai's Ion solution on top of the eCDN -- could significantly improve performance as well as provide the client with much greater control over its delivery configuration.
This scenario is quite common: many website owners use the CDN that comes bundled with their chosen cloud solution, without realizing that it is possible to greatly improve on the delivery architecture by stacking CDNs -- using your own CDN in front of the cloud provider's. eCDNs are often a compulsory part of the solution, and are designed to deliver better performance and offload for the cloud provider rather than the client -- this means that most configuration is hidden, either completely unavailable or only available through a professional services engagement with the provider.
Using Akamai in front of your eCDN is typically just as simple as using Akamai in front of a traditional origin, with a few simple configuration tweaks to adapt to the stacked CDN architecture. "Doubling up" on CDNs may seem counterintuitive, but the outcome is almost always worth the effort: improved performance, better security posture, and much greater control over the experience you deliver to your customers.
Results
We set up a number of tests to measure the performance impact of stacking CDNs with our e-commerce client. These tests also allowed us to measure the impact of configuration tweaks to ensure we deliver the best user experience possible.
By tuning the configuration and enabling the latest features, we saw a consistent improvement of 100 ms (246%) in Transport Layer Security (TLS) negotiation time, measured using Rigor's market-leading synthetic monitoring solution:
Overall, time to first byte (TTFB) performance was consistently 12% improved with the stacked CDNs, although Akamai's distributed edge network resulted in up to 25% improvement for uncached pages in locations far from the cloud provider's European origin:
Moreover, resource download performance improved and became more consistent. The image below shows a waterfall chart of a page load from the eCDN on the left and Akamai Ion on the right. The page delivered by the eCDN was three seconds slower to render due to delays in delivering static assets.
These performance improvements at the network and resource level led to an overall improvement in all key metrics. Marked improvements were observed in Largest Contentful Paint (17%) which is an important measure for SEO, among others.
Configuration
Using an eCDN as an origin is very similar to using a traditional origin, except we will be fetching content from a CDN server rather than a hosted instance of your application. There are some considerations here: ensuring we can load balance across multiple CDN servers, adapting connection parameters to make the most of the greater bandwidth, and disabling some features that will already be implemented by the eCDN. The vast majority of required changes can be made by our clients within the Control Center web interface, or programmatically with the Akamai command-line interface (CLI).
Akamai's professional services team is experienced in exactly this scenario and can help you quickly get started with a well-established baseline configuration. Further configuration changes that are specific to your website can also be made -- such as automatically preloading web fonts with Adaptive Acceleration, reducing the impact of third-party scripts and costly outages with Script Management, and dynamically optimizing images and video with Image & Video Manager.
Reporting
One of the common surprises with customers that stack CDNs is how much data they can access. Akamai reporting allows customers to get the data they need from their traffic, ranging from high-level offload and status code reporting down to individual log lines from every single request. This level of visibility provides opportunities for further data examination and configuration optimization to deliver the very best experience.
Reporting data can be interrogated through the web interface, extracted through the Akamai Reporting API, streamed to an endpoint using DataStream, or integrated with security information and event management (SIEM) solutions. mPulse is a popular upgrade to Akamai reporting, allowing clients to measure the in-browser performance of every page view.
Security
I mentioned that stacking CDNs could improve security posture; this is because owning the full client-facing CDN configuration is critical to building a strong security solution. Using Akamai's portfolio of web application firewall (WAF) solutions with both default and custom rules, Bot Manager, Client-Side Protection & Compliance, and distributed denial-of-service (DDoS) protection can all be managed through our single Control Center interface. From enabling default protection right through to the Akamai Security Operations Control Center (SOCC) identifying and mitigating attacks in real time, owning your security configuration is critical to ensuring your customers and your data are protected.
A "checkbox" security solution may protect you from simple attacks, but only a comprehensive security solution gives you confidence in the security of your cloud platform.
Stacking CDNs -- using Akamai on top of an eCDN -- is a sensible move to improve performance, upgrade security, and provide more control over your delivery configuration. We have shown significant performance improvements with multiple clients, improving response times and consistency. Using Akamai as the client-facing CDN also enables you to use Akamai edge security solutions and edge compute with EdgeWorkers, as well as integrate with many other Akamai solutions such as Client-Side Protection & Compliance, Bot Manager, and Image & Video Manager.