From Development to Deployment - Use Akamai to Facilitate Workflow Automation

Transcript

1. © AKAMAI - EDGE 2017 From Development to Deployment: Use

   Akamai to Facilitate Workflow Automation By Eugene Zhang & Sabrina Burney

2. © AKAMAI - EDGE 2017 Legacy SDLC Plan & Code

   • Build • Unit test • Dev deployment Build & Test • Deploy to Test Envs • Functional and performance testing Release • Deploy to staging • Deploy to production • Update config • Deploy to Akamai staging • Deploy to Akamai production • Purge

3. © AKAMAI - EDGE 2017 Overview Plan & Code Build

   & Test Release Operate Monitor Provision & Deploy Fix/Enhance

4. © AKAMAI - EDGE 2017 Overview Plan & Code Build

   & Test Release Operate Monitor Provision & Deploy Fix/Enhance EAA Phase Release Fast Deployment Traffic Management PAPI/CPS

5. © AKAMAI - EDGE 2017 Development • Fast and Efficient

   • REST APIs for Everything • Akamai CLI • Build into Existing Infrastructure Plan & Code Build & Test Release

6. © AKAMAI - EDGE 2017 Development What components do we

   need to develop an environment? Edge SSL Certificates HTTP/s Delivery Data Center Routing How can we automate development of each component?

7. © AKAMAI - EDGE 2017 Development: Automation Manage Edge SSL

   Certificates • Certificate Provisioning System API (CPS) • Secure Provisioning Service API (SPS) Manage Traffic to Data Centers • Global Traffic Manager API (GTM) Manage Edge HTTP Delivery and Optimizations • Luna Property Manager API (PAPI)

8. © AKAMAI - EDGE 2017 Development: Standard Phases Create Update

   Deploy

9. © AKAMAI - EDGE 2017 Edge SSL Certificates Edge SSL

   Certificates • HTTPs adoption is growing • Guarantee secure delivery from Client to Edge • Quickly provision certificates from trusted Certificate Authorities (CA) HTTP/s Delivery Data Center Routing

10. © AKAMAI - EDGE 2017 Edge SSL Certificates: Life Cycle

    Create New Certificate Update Certificate: Edit or Renew Deploy Certificate

11. © AKAMAI - EDGE 2017 Edge SSL Certificates: Life Cycle

    with APIs Create New Certificate Update Certificate: Edit or Renew Deploy Certificate CPS & SPS API

12. © AKAMAI - EDGE 2017 CPS API: Certificate Management •

    JSON Format • Updates require 2- step process POST /cps/v2/enrollments?contractId=XXXXX { //Certificate type //Common Name & SAN //Organization Information } GET /cps/v2/enrollments/XXXXX { ... //Current SAN list ... } PUT /cps/v2/enrollments/XXXXX { ... //Updated SAN list ... } Create New Certificate Update Current Certificate Step1: Retrieve Update Current Certificate Step2: Submit

13. © AKAMAI - EDGE 2017 SPS API: Certificate Management •

    Form URL Encoded Format • Updates are 1- step process • Create Edge Hostnames Create New Certificate Update Current Certificate POST /config-secure-provisioning- service/v1/sps- requests/?contractId=XXXXX&groupId=XXXXX CnameHostname=XXXXX_&CertificateType=XXXXX_&CommonN ame=XXXXX_&SAN=XXXXX_&OrganizationInformation POST /config-secure-provisioning- service/v1/sps- requests/?contractId=XXXXX&groupId=XXXXX modifySAN=XXXXX POST /config-secure-provisioning- service/v1/secure-edge- hosts/?contractId=XXXXX&groupId=XXXXX CnameHostname=XXXXX Create New Edgekey Hostname

14. © AKAMAI - EDGE 2017 CPS vs SPS API

15. © AKAMAI - EDGE 2017 Traffic Management • Quickly onboard

    new data centers • Support successful and efficient migrations • Always maintain working QA & Production environments Data Center Routing Edge SSL Certificates HTTP/s Delivery

16. © AKAMAI - EDGE 2017 Traffic Management: Life Cycle Create

    New GTM Configuration Load Balancing Deploy GTM changes Failover Traffic Distribution IP Intelligence Update GTM Configuration

17. © AKAMAI - EDGE 2017 Traffic Management: Life Cycle with

    APIs Create New GTM Configuration Load Balancing Deploy GTM changes Failover Traffic Distribution IP Intelligence Update GTM Configuration GTM API

18. © AKAMAI - EDGE 2017 GTM API: Origin Routing Setup

    PUT /config-gtm/v1/domains/test-example.akadns.net HTTP/1.1 { //New Domain test-example.akadns.net } POST /config-gtm/v1/domains/test- example.akadns.net/datacenters { //Datacenters } PUT /config-gtm/v1/domains/test- example.akadns.net/properties/qa1 { //GTM Property for Traffic Distribution, Failover, Load balancing, and Liveness } Create New GTM Domain Assign DataCenters Create New GTM Property

19. © AKAMAI - EDGE 2017 Property Manager • Quickly spin

    up test configurations • Efficiently onboard new properties • Maintain working production environment while testing new logic Data Center Routing Edge SSL Certificates HTTP/s Delivery

20. © AKAMAI - EDGE 2017 Property Manager: Life Cycle Create

    Delivery Configuration Origin Rules Deploy changes Edge SSL Certs CPCode Update Configuration Traffic Routing Hostnames Cache/Compress Custom Rules Security Fast Activation

21. © AKAMAI - EDGE 2017 Property Manager: Life Cycle with

    APIs Create Delivery Configuration Origin Rules Deploy changes CPS API CPCode Update Configuration GTM API Hostnames Cache/Compress Custom Rules Security PAPI Fast Activation

22. © AKAMAI - EDGE 2017 Luna PAPI • Behaviors for

    (almost) everything • 1-step delivery configuration • Fast Deployment "behaviors": [ { "name": "origin" //Origin Rules - use GTM properties here //Origin SSL Pinning - Secure delivery between //Edge and Origin } { "name": "cpCode" //CpCode name and number } { "name": "caching" //Set TTL } { "name": "gzipResponse" //Switch to on/off } { "name": "subCustomer" //IP whitelisting } ]

23. © AKAMAI - EDGE 2017 Development: Code - Build -

    Release - Enhance CPS API Luna PAPI GTM API

24. © AKAMAI - EDGE 2017 Deployment: From Lab to Field

    Speed vs Control Availability and Redundancy No Impact to User Experience

25. © AKAMAI - EDGE 2017 Deployment: Phased Release Cloudlet •

    Service logic built into Edge • Gradually moving traffic over to newly deployed app • Safely expose customers to new experience, functionality, origin • Testing new application without affecting entire customer base • Activate in under one minute

26. © AKAMAI - EDGE 2017 Deployment: Cloudlet Policy PUT /cloudlets/api/v2/policies/<PolicyNumber>/versions/<VersionNumber>

    GET /cloudlets/api/v2/policies/<PolicyNumber>/properties POST /cloudlets/api/v2/policies/<PolicyNumber>/versions/<VersionNumber>/ activations Update Policy Retrieve Policy Activate Policy POST /cloudlets/api/v2/policies?gid=<groupid> Create Policy

27. © AKAMAI - EDGE 2017 Phased Release API

28. © AKAMAI - EDGE 2017 Phased Release API

29. © AKAMAI - EDGE 2017 Phased Release API

30. © AKAMAI - EDGE 2017 Phased Release API

31. © AKAMAI - EDGE 2017 Deployment: Fast Activation Speed •

    10 minutes activation on production network • 3 minutes to activate on staging network Control • Network Safety Checks • Automatic Roll back if error increases • Easy roll back until property is 100% active Automation • Property Manager • PAPI

32. © AKAMAI - EDGE 2017 Fast Deployment Option to choose

    fast or regular (will go away eventually when all activations are fast) Automatically rolls back if unusual # of errors detected. (Not an option on Staging)

33. © AKAMAI - EDGE 2017 Deployment: Fast Purge KEY DIFFERENTIATORS

    BENEFITS Self-Service Management Luna Fast Purge App Open API Better Offload & Performance Longer TTL setting Consistent last mile performance Advantage of dynamic caching 5-second purge request speed Ability to purge by URL, CP code, and Cache Tag Instant Purge & Invalidation

34. © AKAMAI - EDGE 2017 Deployment: Fast Purge /ccu/v3/invalidate/url/network {

    "objects": [ "http://www.example.com/graphics/picture.gif", "http://www.site- example.com/graphics/picture.gif", "http://www.example1.com/documents/brochure. pdf" ]} { "hostname": "www.example.com", "objects": [ "/graphics/picture.gif", "/documents/brochure.pdf" ]} { "httpStatus": 201, "detail": "Request accepted.", "estimatedSeconds": 5, "purgeId": "043f-4af0-843f-aaf0043faaf0", "supportId": "17PY1321286429616716-211907680" } Request Body V3 format Response body

35. © AKAMAI - EDGE 2017 Continuous Testing Key Differentiator: Instant

    Secure Access ▪ Limited on-premise functional testing ▪ External exposure of internal application ▪ Complex testing workflow ▪ Limited APM tools Traditional Dev Environment Testing ▪ Testing during any development stages ▪ Instant access to dev env from anywhere ▪ End-to-end synthetic and real user testing ▪ Does not require network modification ▪ Strong security posture - Directory service integration - 2 factors authentication Continuous Testing with EAA

36. © AKAMAI - EDGE 2017 Continuous Testing

37. © AKAMAI - EDGE 2017