How a best-in-class CDN integrates with its customers’ systems
By Frank Orozco, Chief Technology Officer
The pace of business is lightning fast. For any company with an online presence, any disruption in service can mean massive revenue loss. Content delivery networks (CDN) must absorb DDoS attacks and spikes in legitimate traffic with equal ease. Software deployments and security updates must take place without the tiniest service interruption or degradation.
To keep pace with the unrelenting pace of business, the best CDNs will step up their performance and reliability game. At Verizon Digital Media Services, we’ve adopted – and perfected – our continuous integration/continuous delivery (CI/CD) practices to ensure our software is rigorously tested and smoothly deployed. We’ve also built frameworks for scalable security at the edge, which blocks malicious traffic without slowing performance for legitimate users. These investments have put our Edgecast CDN at the cutting edge of the industry.
Today, we’re working toward what we see as the next step for all forward-thinking CDNs: closely integrating these agile, advanced processes with those of our customers. This means allowing customer access to some of our systems and offering customers tools they can use to optimize their performance.
We’ve already accomplished a degree of this on the security side by giving customers the ability to directly update rulesets for our Web Application Firewall (WAF). A WAF functions as a giant filter that blocks potential threats from reaching key servers. Rulesets govern what traffic may pass through and what may not. When one of those rulesets needs updating – either because a new threat has been identified, or because the current system is blocking legitimate users – that update needs to happen as quickly and seamlessly as possible. Our WAF is unique in that it allows us to update dozens of rules at once, rather than proceeding one by one; deploying changes in under five minutes, a dramatic advantage compared to the 45 minutes required by some of our competitors.
To further increase efficiency, we give our customers access to an application programming interface (API) and portal user interface (PUI), which allows them to update rulesets directly, without our intervention. This means our customers can integrate our systems into their own security procedures, so they can respond to threats with speed and agility.
We’ve already begun work on a toolkit that will accomplish something similar for software deployment configuration changes. At Verizon Digital Media Services, we’ve built out an extremely rigorous and highly automated CI/CD process that allows us to safely push complex changes across the network.
Every line of code runs through 40,000 automated tests and undergoes region- and percentage-based canaries before it is deployed to our full network. Other tools let our developers visualize deltas in performance between code currently in production and canaries being deployed, so they can spot potential problems before the code is rolled out on a global scale. These tools have been key to making CI/CD a success for our organization and for minimizing deployment risk.
For example, the following graphic shows a view of a how a canary is affecting the rate of client errors returned. You can see the historical context leading up to the red-dotted line when the change was made, and quickly see that there has been no negative impact from this canary.
It’s our plan to eventually give customers access to most of these same tools via APIs, which we call EdgeControl (watch this video to learn more). EdgeControl enables customers to leverage our carefully-honed processes to verify the quality of their own software CDN configuration. Customers will be able to use our automated tests to test their framework in order to add and manage their own configuration unit tests, then deploy a new configuration as a canary, and see in real-time how it affects their traffic, website performance and behavior.
By integrating our processes into a customer’s CI/CD workflows, they are able to further improve performance and reliability via smoother, less risky deployments.
The content delivery landscape is changing fast. Constant innovation and improvement is the only way for a CDN to run at its best, ensuring the highest possible level of security and performance. At Verizon Digital Media Services, we’re proud of the steps we’re taking to integrate our processes more tightly with our customers’ workflows for both security updates and software deployments, but we’re far from done. We continuously develop new features and deploy improvements to make sure we’re offering the best CDN possible, so our customers never experience any disruption in service.