Last week I had some interesting discussions around payload delivery and CDNs. I realize how easily people can misunderstand some features or functionality, thinking that it is normal or making the wrong assumption.
In this context, I will write 3 posts about Azure CDNs, focusing on what is available, what we can do and what we cannot do.
I was involved in many discussions when people assumed that different features are available on Azure CDN and were ready to change the current architecture based on that wrong assumptions. Let’s take a look on some features or functionality that we don’t have on Azure CDNs, but many times we are assuming that we have them.
SAS Support for Blob Storage
The most common functionality that people think that is available on Azure CDN is Shared Access Signature for Blob Storage. Shared Access Signature (SAS) is one of the most used and powerful feature of Blob Storage. On Azure CDN we have the ability to cache a blob storage using the full
URL including the URL.
Maybe because of this, people have the impression that Azure CDN will take into consideration the SAS validity and once the SAS will expire it will also invalidate the cache.
The reality that in this moment Azure CDN treats an URL to an Azure Blob that has a SAS like just another URL. If the content can be accessed, then it will copy the payload and replicate to the CDNs. The content will be removed from the CDN nodes only in the moment when the TTL value on CDN expires, that doesn’t has any connection with SAS.
HTTPS for Custom DNS Domains
Even if Azure CDN has support for custom DNS and also has support for HTTPS, it doesn’t mean that you can use HTTPS using your own domain name. Sounds strange, but sometimes can be confusing when you have two features supported, but the combination between them is not supported.
This means that if you need HTTPS than you will need to use Azure CDN DNS. The good news is that this is a feature that on Azure Voice is most voted for CDNs and very soon we will have support for it.
HTTPS Client Certificates
When you are using Azure CDNs it is important to remember that even if there is support for HTTPS, there is no support in this moment for client certificates. You are allowed to use only SSL certificates provided by the CDN.
This is why we don’t have support yet for client certificates on custom DNS domains for Azure CDNs, but things will be much better very soon.
HTTP/2
The new protocol of the internet, if we can call it in this way is not yet supported. In general, this is not a blocker, except if you have a complex web application where you want to minimize the number of requests that are done by the client browser.
For this situations, working with Azure CDN might be not so simple, but there are work arounds.
Fallback to custom URI
Some CDNs providers, give us the possibility to specify an URI that can be used as a fallback when the content is no found in the original location. It is useful when you are working with an application where availability time is critical and you need to be able to provide a valid location for all content.
Of course, with a little of imagination you can resolve this problem pretty simple. Putting between Azure CDN and your content Azure Traffic, that would allow you to specify a fallback list of URIs.
Access logs of CDNs are raw data
Many people are requesting that they want to have access to raw data of logs, similar with the one from Azure Storage. This might be an useful feature, but in the same time I have some concerns related to it.
The main scope of an CDN is to cache and serve content that is requested often from a location that is near as possible to the client. It is used for cased when the RPS (requests per second) is very high. Generating a file with raw data, could be expensive and to end up with logs that are big. Processing such files might be expensive.
It is important to remember that a part of this features are already planned by Azure team and near future we might find them in Azure CDN. Also, don’t forget that an out-of-the-box solution is hard to find and with a little of imagination we can find a solution for it.
In this context, I will write 3 posts about Azure CDNs, focusing on what is available, what we can do and what we cannot do.
- Azure CDN – Available features and functionality
- Azure CDN – Things that are not available
- Azure CDN – Solutions for things that are not available
I was involved in many discussions when people assumed that different features are available on Azure CDN and were ready to change the current architecture based on that wrong assumptions. Let’s take a look on some features or functionality that we don’t have on Azure CDNs, but many times we are assuming that we have them.
SAS Support for Blob Storage
The most common functionality that people think that is available on Azure CDN is Shared Access Signature for Blob Storage. Shared Access Signature (SAS) is one of the most used and powerful feature of Blob Storage. On Azure CDN we have the ability to cache a blob storage using the full
URL including the URL.
Maybe because of this, people have the impression that Azure CDN will take into consideration the SAS validity and once the SAS will expire it will also invalidate the cache.
The reality that in this moment Azure CDN treats an URL to an Azure Blob that has a SAS like just another URL. If the content can be accessed, then it will copy the payload and replicate to the CDNs. The content will be removed from the CDN nodes only in the moment when the TTL value on CDN expires, that doesn’t has any connection with SAS.
HTTPS for Custom DNS Domains
Even if Azure CDN has support for custom DNS and also has support for HTTPS, it doesn’t mean that you can use HTTPS using your own domain name. Sounds strange, but sometimes can be confusing when you have two features supported, but the combination between them is not supported.
This means that if you need HTTPS than you will need to use Azure CDN DNS. The good news is that this is a feature that on Azure Voice is most voted for CDNs and very soon we will have support for it.
HTTPS Client Certificates
When you are using Azure CDNs it is important to remember that even if there is support for HTTPS, there is no support in this moment for client certificates. You are allowed to use only SSL certificates provided by the CDN.
This is why we don’t have support yet for client certificates on custom DNS domains for Azure CDNs, but things will be much better very soon.
HTTP/2
The new protocol of the internet, if we can call it in this way is not yet supported. In general, this is not a blocker, except if you have a complex web application where you want to minimize the number of requests that are done by the client browser.
For this situations, working with Azure CDN might be not so simple, but there are work arounds.
Fallback to custom URI
Some CDNs providers, give us the possibility to specify an URI that can be used as a fallback when the content is no found in the original location. It is useful when you are working with an application where availability time is critical and you need to be able to provide a valid location for all content.
Of course, with a little of imagination you can resolve this problem pretty simple. Putting between Azure CDN and your content Azure Traffic, that would allow you to specify a fallback list of URIs.
Access logs of CDNs are raw data
Many people are requesting that they want to have access to raw data of logs, similar with the one from Azure Storage. This might be an useful feature, but in the same time I have some concerns related to it.
The main scope of an CDN is to cache and serve content that is requested often from a location that is near as possible to the client. It is used for cased when the RPS (requests per second) is very high. Generating a file with raw data, could be expensive and to end up with logs that are big. Processing such files might be expensive.
It is important to remember that a part of this features are already planned by Azure team and near future we might find them in Azure CDN. Also, don’t forget that an out-of-the-box solution is hard to find and with a little of imagination we can find a solution for it.
Comments
Post a Comment