1.
© AKAMAI - EDGE 2017
Configs, Configs, Everywhere!
Limor Sinay
Ilia Bromberg
Les Waltman

2.
© AKAMAI - EDGE 2017
Limor Sinay
Manager, Pre-Sales
Commerce East
Ilia Bromberg
Solution Engineer,
Commerce East
Les Waltman
Solution Engineer,
Emerging
Panel Introductions

3.
© AKAMAI - EDGE 2017
WHY ARE YOU
WHERE YOU ARE?

4.
© AKAMAI - EDGE 2017
Options to Consider
1. Consolidate Configurations
2. Using Variables
3. SaaS Provider Option
4. Dev Ops Approach (API/CLI)

5.
© AKAMAI - EDGE 2017
Consolidate Configurations by Cloning Configs
Create a Template/Proto Config
• Could be with excessive
behaviors that may later be
customized or removed
Best Practices
• Establish team rules!
• You might not want everything
• Can’t always use Fast Activate
Cons
• Useful for set it and forget it
sites.
• Simple configurations only
• Still no easy way of maintaining
multiple configs with updates

6.
© AKAMAI - EDGE 2017
Avoid data theft and downtime by extending the
security perimeter outside the data-center and
protect from increasing frequency, scale and
sophistication of web attacks.
Using Variables
* Special thanks to Pierre Lermant

7.
© AKAMAI - EDGE 2017
Avoid data theft and downtime by extending the
security perimeter outside the data-center and
protect from increasing frequency, scale and
sophistication of web attacks.
Example: Hostname section, Production
● This section is different for each configuration
• For the test env., Property Hostname would read tst.mainsitedemo.com
● Everything else (all Variables and Rules) is the exact same for all
environments

8.
© AKAMAI - EDGE 2017
Avoid data theft and downtime by extending the
security perimeter outside the data-center and
protect from increasing frequency, scale and
sophistication of web attacks.
Example: Variable section
Note: you may want to set the PRD_ORIGIN variable to Hidden

9.
© AKAMAI - EDGE 2017
Avoid data theft and downtime by extending the
security perimeter outside the data-center and
protect from increasing frequency, scale and
sophistication of web attacks.
Example: Environment Specific Default rule
We grab first three
characters of
incoming hostname
and set the ENV
variable

10.
© AKAMAI - EDGE 2017
Avoid data theft and downtime by extending the
security perimeter outside the data-center and
protect from increasing frequency, scale and
sophistication of web attacks.
Example: Environment Specific Production child rule
We match the ENV
variable with “www”
and set origin
accordingly

11.
© AKAMAI - EDGE 2017
Avoid data theft and downtime by extending the
security perimeter outside the data-center and
protect from increasing frequency, scale and
sophistication of web attacks.
Example: Override Test rule
Test environment
TTL override

12.
© AKAMAI - EDGE 2017
Variable Configurations - summary
• Useful technique to add UAT / PROD / TST environments
along with WWW
• Requires a consistent naming convention being enforced
throughout organization

13.
© AKAMAI - EDGE 2017
SaaS Provider Option
Automate onboards with SaaS Provider Option
SaaS Dynamic Origin: With the SaaS Provider Option, you can easily
configure a single rule or pattern that allows Akamai to discover the primary
origin data center serving your SaaS application for a particular SaaS
customer.
Reporting: SaaS-specific reports provide data about each of your SaaS
customers and their associated SaaS applications.
APIs: Using programmatic APIs, SaaS providers can
• Register new applications or customers (set up the valid IDs and
readable names for the ID used to define SaaS applications and
customers)
• Configure IP and/or Geo blocking settings

14.
© AKAMAI - EDGE 2017
Configuring SaaS Dynamic Origin
Select the request component to use
when constructing the origin DNS
record.
Options include
Hostname: uses information contained in
the host header.
Path: uses information in the directory
structure (after the hostname).
Query String: uses information contained in
a query string parameter.
Cookie: uses information from a specific
cookie.

15.
© AKAMAI - EDGE 2017
Configuring SaaS Definitions
Select the request component to use
when constructing the SaaS
customer, application, or user
identifier. Options include:
Path: (Default for customer and
application IDs) uses information in the
directory structure (after the hostname).
Hostname: uses information contained in
the host header.
Query String: uses information contained
in a query string parameter.
Cookie: uses information from a specific
cookie.

16.
© AKAMAI - EDGE 2017
DevOps Approaches
• Programmatically control your configurations
• Akamai property configurations can be built or cloned as part of your CI-CD
workflow
• Configurations can be pragmatically removed when no longer required
• Remotely push configs to Staging or Production
• Version Akamai configurations with your versioning
• Tools: Property Manager API or Akamai CLI

17.
© AKAMAI - EDGE 2017
Property Manager API (PAPI)
• Very flexible
• Can do most functions of
• Requires in-depth knowledge of Akamai structure and terminology
(contacts, groups, products, rule trees, etc)
• Can be used to push configurations to Staging and Production
• Performs pragmatic calls, may require coding to create logic to
complete desired calls

18.
© AKAMAI - EDGE 2017
Property Manager API (PAPI) - Example
List Property Versions
Requests
GET /papi/v1/properties/prp_175780/versions?contractId=ctr_1–1TJZFW&groupId=grp_15166
Response
{
"versions": {
"items": [
{
"updatedByUser": "amenai",
"stagingStatus": "ACTIVE",
"propertyVersion": 2,
"note": "updated caching",
"updatedDate": "2017-05-10T19:06:13Z",
"etag": "5891b5b522d5df08",
"productionStatus": "INACTIVE",
"productId": "prd_Alta"
},
{

19.
© AKAMAI - EDGE 2017
Akamai CLI
• Extensible
• Designed to address most common DevOps use cases
• Task oriented, doesn’t require programming logic
• Currently in Beta
• Can be used to push configurations to Staging and Production
• Easy to use
• Low time to value

20.
© AKAMAI - EDGE 2017
Akamai CLI - Example
Modify Origin
Request
$ akamai property modify lw-dsdjoe.waltman.ca --origin joe.joe.com
Response
Modifying property lw-dsdjoe.waltman.ca
... retrieved rules formats: 862.818ms
... searching propertyName for lw-dsdjoe.waltman.ca
... searching hostname for lw-dsdjoe.waltman.ca
... searching edgeHostname for lw-dsdjoe.waltman.ca
Initializing property cache
Init PropertyManager cache (hostnames and property list)
... retrieving list of Group Ids
... retrieving properties from 111 groups
... retrieving property (lw-dsdjoe.waltman.ca) v1
... retrieving: 3247.549ms
... updating property (lw-dsdjoe.waltman.ca) v1
... updating: 7732.674ms
Modify: 2.2295666666666665 mins

21.
© AKAMAI - EDGE 2017
Akamai CLI – The power of Akamai at your keyboard
Join our discussion today at 4:30

22.
© AKAMAI - EDGE 2017
Bonus Technique for the Adventurous Among Us
Using advanced metadata to match on SAN hostname to automatically add
sites to config.
Can be achieved by using
<match:hoit token="**.example.com">
or
<match:tls-ext.server-name> - requires SNI certificate
Pros: very elegant solution, adding a host name to SAN cert auto-magically
adds it to configuration
Cons: requires PS to implement, cert has to be carefully maintained

23.
© AKAMAI - EDGE 2017