Skip to main content

Azure CDN – Things that are not available (yet)

Last week I had some interesting discussions around payload delivery and CDNs. I realize how easily people can misunderstand some features or functionality, thinking that it is normal or making the wrong assumption.
In this context, I will write 3 posts about Azure CDNs, focusing on what is available, what we can do and what we cannot do.


I was involved in many discussions when people assumed that different features are available on Azure CDN and were ready to change the current architecture based on that wrong assumptions. Let’s take a look on some features or functionality that we don’t have on Azure CDNs, but many times we are assuming that we have them.

SAS Support for Blob Storage 
The most common functionality that people think that is available on Azure CDN is Shared Access Signature for Blob Storage. Shared Access Signature (SAS) is one of the most used and powerful feature of Blob Storage. On Azure CDN we have the ability to cache a blob storage using the full
URL including the URL.
Maybe because of this, people have the impression that Azure CDN will take into consideration the SAS validity and once the SAS will expire it will also invalidate the cache.
The reality that in this moment Azure CDN treats an URL to an Azure Blob that has a SAS like just another URL. If the content can be accessed, then it will copy the payload and replicate to the CDNs. The content will be removed from the CDN nodes only in the moment when the TTL value on CDN expires, that doesn’t has any connection with SAS.



HTTPS for Custom DNS Domains
Even if Azure CDN has support for custom DNS and also has support for HTTPS, it doesn’t mean that you can use HTTPS using your own domain name. Sounds strange, but sometimes can be confusing when you have two features supported, but the combination between them is not supported.
This means that if you need HTTPS than you will need to use Azure CDN DNS. The good news is that this is a feature that on Azure Voice is most voted for CDNs and very soon we will have support for it.

HTTPS Client Certificates
When you are using Azure CDNs it is important to remember that even if there is support for HTTPS, there is no support in this moment for client certificates. You are allowed to use only SSL certificates provided by the CDN.
This is why we don’t have support yet for client certificates on custom DNS domains for Azure CDNs, but things will be much better very soon.

HTTP/2
The new protocol of the internet, if we can call it in this way is not yet supported. In general, this is not a blocker, except if you have a complex web application where you want to minimize the number of requests that are done by the client browser.
For this situations, working with Azure CDN might be not so simple, but there are work arounds.

Fallback to custom URI
Some CDNs providers, give us the possibility to specify an URI that can be used as a fallback when the content is no found in the original location. It is useful when you are working with an application where availability time is critical and you need to be able to provide a valid location for all content.
Of course, with a little of imagination you can resolve this problem pretty simple. Putting between Azure CDN and your content Azure Traffic, that would allow you to specify a fallback list of URIs.

Access logs of CDNs are raw data
Many people are requesting that they want to have access to raw data of logs, similar with the one from Azure Storage. This might be an useful feature, but in the same time I have some concerns related to it.
The main scope of an CDN is to cache and serve content that is requested often from a location that is near as possible to the client. It is used for cased when the RPS (requests per second) is very high. Generating a file with raw data, could be expensive and to end up with logs that are big. Processing such files might be expensive.

It is important to remember that a part of this features are already planned by Azure team and near future we might find them in Azure CDN. Also, don’t forget that an out-of-the-box solution is hard to find and with a little of imagination we can find a solution for it.

Comments

Popular posts from this blog

Windows Docker Containers can make WIN32 API calls, use COM and ASP.NET WebForms

After the last post , I received two interesting questions related to Docker and Windows. People were interested if we do Win32 API calls from a Docker container and if there is support for COM. WIN32 Support To test calls to WIN32 API, let’s try to populate SYSTEM_INFO class. [StructLayout(LayoutKind.Sequential)] public struct SYSTEM_INFO { public uint dwOemId; public uint dwPageSize; public uint lpMinimumApplicationAddress; public uint lpMaximumApplicationAddress; public uint dwActiveProcessorMask; public uint dwNumberOfProcessors; public uint dwProcessorType; public uint dwAllocationGranularity; public uint dwProcessorLevel; public uint dwProcessorRevision; } ... [DllImport("kernel32")] static extern void GetSystemInfo(ref SYSTEM_INFO pSI); ... SYSTEM_INFO pSI = new SYSTEM_INFO(

ADO.NET provider with invariant name 'System.Data.SqlClient' could not be loaded

Today blog post will be started with the following error when running DB tests on the CI machine: threw exception: System.InvalidOperationException: The Entity Framework provider type 'System.Data.Entity.SqlServer.SqlProviderServices, EntityFramework.SqlServer' registered in the application config file for the ADO.NET provider with invariant name 'System.Data.SqlClient' could not be loaded. Make sure that the assembly-qualified name is used and that the assembly is available to the running application. See http://go.microsoft.com/fwlink/?LinkId=260882 for more information. at System.Data.Entity.Infrastructure.DependencyResolution.ProviderServicesFactory.GetInstance(String providerTypeName, String providerInvariantName) This error happened only on the Continuous Integration machine. On the devs machines, everything has fine. The classic problem – on my machine it’s working. The CI has the following configuration: TeamCity .NET 4.51 EF 6.0.2 VS2013 It see

Navigating Cloud Strategy after Azure Central US Region Outage

 Looking back, July 19, 2024, was challenging for customers using Microsoft Azure or Windows machines. Two major outages affected customers using CrowdStrike Falcon or Microsoft Azure computation resources in the Central US. These two outages affected many people and put many businesses on pause for a few hours or even days. The overlap of these two issues was a nightmare for travellers. In addition to blue screens in the airport terminals, they could not get additional information from the airport website, airline personnel, or the support line because they were affected by the outage in the Central US region or the CrowdStrike outage.   But what happened in reality? A faulty CrowdStrike update affected Windows computers globally, from airports and healthcare to small businesses, affecting over 8.5m computers. Even if the Falson Sensor software defect was identified and a fix deployed shortly after, the recovery took longer. In parallel with CrowdStrike, Microsoft provided a too