Content Delivery Infrastructure Updates #6


Akamai Raises The Bar of Vulnerability Management

Akamai has written the blueprint on threat mitigation and InfoSec, at least according to its blog post about the Akamai Intelligent Platform. The Platform is actually comprised of a globally distributed network of 216,000 servers and supports Akamai’s CDN and cloud security. Built from scratch with security in mind, the Platform relies on a customized and streamlined variant of Linux that removes any extraneous functionalities, which dramatically reduces its vulnerabilities. Each Edge server is also configured to be a bastion host in order to bolster security.

The Platform’s spare design also makes it difficult to apply patches, should the need ever arise. If a critical vulnerability is found, patches are developed according to quality assurance protocols and tested rigorously before being installed.

That being said, Akamai is brandishing the many other layers of defense against vulnerabilities that circumscribe the need for patching SLAs. Its first line of defense is a meticulous Vulnerability Management Process. The guidelines stipulate that Akamai continuously operate a parser that tracks daily CVEs and publicly available patches to stay abreast of new vulnerabilities and fixes. Security risks are evaluated based on potential damage and potential assailants, and those deemed critical or high risks are directed into the Incident Management Process which ensures that the proper attention is given to them. Moderate to low risks are evaluated and patched on a regular timeframe. Finally, Akamai adheres to Federal Risk and Authorization Management Program guidelines.

The second line of defense is a group of rules and backup health checks, such as the Web Application Firewall, the Forcefield port-hardening solution, and audit servers on the CDN that monitor server processes.

The final line of defense is Akamai’s Network Operations Command Center, which handles reports of anomalous or threatening activity 24/7. The NOCC is empowered to immediately suspend or wipe a server should the need arise.

Pinterest and Varnish VCL Make 50 Billion Pins Per Month Possible

Varnish Software has garnered favorable attention for its instrumental role in Pinterest’s day to day operations. Pinterest, a bookmarking application, boasts 100 million active users who generate 50 billion pins per month, 180,000 requests per second, and 10 million unique user actions per minute. In order to support the swarm of activity and traffic, Pinterest has leveraged Varnish VCL to create a resilient and scalable CDN.

Varnish is an open-source HTTP accelerator for websites that delivers quickly: ““Put in front of application server, it is super simple, therefore it is also 200 to 1000 times faster. So every time you move data from caching layer to application server, Varnish will supply the data in 30-40 microseconds as opposed to typical cache which is 10 to 20 milliseconds,” says Varnish founder Per Buer. It uses Varnish Configuration Language (VCL), a straightforward domain-specific language “ used to define request handling and document caching policies for the Varnish HTTP accelerator”.

While it may seem unnecessary and tiresome to pick up a new proprietary language, Varnish contends that VCL is designed using basic, straightforward syntax so as to be intuitive and easy to control. It is also very strict and rigid; VCL is not interpretive or reliant upon “if” statements or loops and does  not cache anything until all the caching rules have been satisfied. It can manipulate HTTPs, override TTLs, strip cookies, and rewrite URL’s.

What makes VCL convenient is the fact that it can be updated or altered without shutting down or requiring a system restart. In addition, it can run concurrently alongside other VCLs, allowing users to alternate seamlessly between them.

Verizon (Edgecast) and Airtel Create Partnership

Verizon has announced a partnership with Bharti Airtel and its intentions to leverage Airtel’s digital infrastructure in order to establish points of presence in Mumbai, Chennai, Bangalore, and New Delhi. In expanding and creating new points of presence, Verizon Digital Media Services will be able to transmit content and media to its enterprise customers from closer proximities, and process and respond to requests in shorter time.

“We are expanding our content delivery network in strategic markets that our customers care about, and we have found a long-term partner in Airtel Business,” Rob Peters, who is Chief Technology Officer of Verizon Digital Media Services commented. “The launch of these strategic PoPs marks the beginning of a strong partnership between Verizon and Airtel Business and further cements our commitment to providing consumers in India, one of the fastest-growing markets for digital media consumption, with exceptional services and quality.”

According to Airtel’s press release, Verizon has seen marked network performance improvements since installing the PoPs, reducing the amount of time its servers need to process requests, respond and deliver results.

“India is fast emerging as a large regional IP Hub and we are excited to enable Verizon Digital Media Services to provide best-in-class digital services in India. This collaboration ensures superior user experiences and seamlessly handles traffic spikes as connected devices, subscribers and content size continue to grow. We are delighted by the positive results seen in a very short time and we are confident that in the long term, Indian mobile Internet users are going to immensely benefit from this partnership,” said Ajay Chitkara, Director of Bharti Airtel.

Thus far, Verizon Digital Media Services has launched 3,000 points of presence across North and South America, Europe, Australia, and Asia.

How Not To Stream The Olympics

Channel Seven in Australia has incurred a withering hail of criticism for its botched broadcast of the Olympics, specifically the swarm of bugs in its digital streaming system. The network has exclusive Olympic broadcasting rights in Australia, and shows the Olympics on three digital channels as well as via live streaming online. It also offers a $20 premium package that promises access to 36 channels, comprehensive Olympic coverage, in additional to other furbelows such as on-demand replays on both its app and its website.

However, it has failed to deliver on its promises according to users who have complained of long loading times, crashes, inconsistent service, and even lack of color commentary. As more subscribers have called for their money back, Channel Seven has acknowledged the issue and promised to resolve it expeditiously. It attributed the glitches to unprecedented streaming traffic related to the Summer Games and other issues that its streaming partners were working to address. A network spokesperson informed the Sydney Morning Herald that “Our streaming partners – Olympic Broadcasting Services in Rio and [content delivery service] Akamai – have assured us they are doing everything they can to avoid a repeat of any problems.”

AWC Introduces Transit VPC Solutions to Support Complex Network Connectivity

Amazon Web Services has developed the Transit VPC Solution, which leverages a network construct known as the transit VPC to connect multiple VPCs to a core VPC that functions as the global network transit hub, simplifying network management and topology and reducing the amount of network connections needed. The transit VPC can be used in various scenarios including private networking, shared connectivity, and cross-account AWS usage. The solution is also completely virtual and does not require a physical colocation transit hub or network gear.

This allows AWS customers to create as many VPCs as they want to varying degrees of complexity regardless of geography. Transit VPCs can act as a global network transit center that ties together geographically remote networks in a hub-and-spokes configuration.

Scroll to Top