Key concepts and terms

There are several key concepts and terms that you may come across when interacting with Cloud Access Manager.

Access key. Long-term credentials for Amazon Web Services (AWS) or Google Cloud Storage users that you use to sign and authenticate requests to these cloud providers. An access key consists of an access key identifier and a secret access key. When you create an access key with your cloud provider, you create the access key identifier and secret access key as a set.

Access key identifier. An alphanumeric string linked to your Google Cloud Storage or AWS account. Edge servers use this identifier to compute the authentication signature passed in requests to cloud providers.

Secret access key. A base64-encoded string linked to a specific access key identifier. Edge servers use this secret to compute the authentication signature for your requests as part of the authentication process.

Origin characteristics. A behavior that lets you set characteristics for your origin server to apply optimizations to your property. It lets you select a cloud provider as your origin and refer to the access key that you want to use to authenticate requests to this cloud provider.

Deployment network. The type of secure network where you want to deploy your access keys.

• PCI-compliant. An enhanced security network that provides a rich set of TLS and HTTPS functionality architected for sites and content with high-assurance security requirements, such as PCI compliance, using customer branded certificates. Also, with this network type, you can choose whether you want your properties to serve traffic on the China CDN or Russia CDN, or to not use either. If you don't have a Standard TLS certificate, this network also supports serving HTTP traffic. You can use access keys deployed to this network only with property configurations whose security option is set to Enhanced TLS. For more information on how the enhanced secure network delivers content, see Enhanced TLS in Serve content over HTTPS.

📘

To use this deployment network with your access keys, your contract needs to support serving traffic with Enhanced TLS certificates. Also, you must provision an Enhanced TLS certificate for your hostnames in the Certificate Provision System and select that certificate when adding these hostnames to your property. See Serve content over HTTPS.

• PCI-noncompliant:A standard secure network that provides a rich set of TLS and HTTPS functionality architected to provide high-performance, and massively scalable delivery of media assets and website content using customer branded certificates supporting SNI compatible devices and serving secure PCI-noncompliant HTTPS traffic. Also, with this network type, you can choose whether you want to serve traffic on ​Akamai​'s China CDN. By default, the PCI-noncompliant network allows properties to serve traffic on the Russia CDN. You can use access keys deployed to this network with property configurations whose security option is set to Standard TLS ready or Enhanced TLS. Enabling an access key on the PCI-noncompliant network for an enhanced TLS property means that your keys are used by edge servers on the standard secure network. For more information on how the standard secure network delivers content, see Standard TLS in Serve content over HTTPS.