Add a configuration

Before you begin

Your contract needs capacity. The properties, locations, and capacities are associated with your contracts. Ensure your contract has capacity by viewing your capacity inventory .
You need a compatible delivery product. View the guidelines for optimizing your property.

Add a Cloud Wrapper configuration

  1. Open the application. Go to > ORIGIN SERVICES > Cloud Wrapper.
  2. Select the Configurations entity.
  3. Click Add Configuration

Here's a short summary. You can find more details below.

  1. General settings. Here you define the configuration Name and provide any necessary Comments.
    • Name. Assign a Name to your configuration. Other areas of the interface and API will display this name.
    • Comments. Add optional Comments to help identify the configuration during later use.
  2. Location settings. Here you define the locations to distribute your Cloud Wrapper capacity. Depending on your workflow, you might want it closer to your origin or your end-users.
  3. Multi CDN settings. This is an optional configuration to reduce your origin egress costs by implementing Cloud Wrapper with your third-party CDN.
    • Properties. Select from the list of properties on your contract.
    • Add CDN. Select which third-party CDN you want to integrate with.
    • Default header. The default header name is Akamai-CDN-Origin-Auth. You can change this name when adding a CDN configuration, depending on your chosen CDN provider.
  4. Finally, you need to review the Summary. All of the settings you've applied for the configuration are revealed, and you use this window to save them.


You can edit an existing configuration to modify settings as necessary. However, it can't be an active configuration.


  1. Assign a Name to your configuration.
  2. Add optional Comments to help identify the configuration during later use.

Contract Selection: Select the Cloud Wrapper Contract you're assigning this configuration to.

Properties Selection: Select the Properties to include in the configuration. The list of available properties are associated with your Cloud Wrapper contracts. Contact your account team if the properties you expect to see aren't listed. You can prepopulate many of these fields by creating a configuration from an analysis report.

Capacity Alerts: Enable capacity alerts to receive emails when the quota usage crosses the specified threshold.


  1. Select the Locations to distribute your Cloud Wrapper capacity. Depending on your workflow, you might want it closer to your origin or your end-users.
  2. Select the Traffic Preference for either Low Latency or Redundancy depending on your expected usage. Not all locations offer traffic choices. Contact your account team for help optimizing your traffic preferences.
  3. Specify the Capacity (TB) of cache space to allocate to your chosen location.
  4. Apply any Usage Notes to help you identify the purpose of this configuration.


This is an optional configuration option to implement Cloud Wrapper with your third-party CDN. Implement this to reduce your origin egress costs.

Toggle the optional Enable Multi CDN switch if you want to allow third-party CDNs to access Cloud Wrapper. When adding or editing a Cloud Wrapper configuration, use the Multi CDN section to manage these settings.

Toggle Enable Multi CDN to allow third-party CDNs to access Cloud Wrapper.

  1. Select the Properties associated with your contract to include in this configuration.
  2. Click Extract Origin Details to extract Origin settings associated with your selected properties.
  3. You can assign an Origin ID to help identify it later.
  4. Click Add CDN to enter the Add CDN configuration window.

The "Add CDN" configuration details window

Select the Name of the CDN provider that you currently use.

  1. Enable Header Based Auth to use Simple Header authentication. Use the Secret to generate the final header described in Authentication for Multi CDN.
    1. Your selected CDN will populate a default Header Name.
    2. Enter an Auth Key Name to use with the Secret provided, and select an expiration date.
    3. Specify the Expiry date for this auth key.
    4. Copy the Secret by clicking the clipboard icon before selecting the Auth Key Name.


You need to create a new auth key prior to key expiration, then delete the old auth key.

  1. Enable IP ACL to specify a list of IP addresses that your CDN generates requests from. Cloud Wrapper will restrict access to only these IP addresses. IP ACL is not a substitute for authentication. To further enhance your origin security, use them in combination with authentication methods such as authentication tokens.


Prevent denial of traffic

You need to maintain the IP/CIDR list in this configuration to ensure it’s up-to-date with your CDN’s list.

Cloud Wrapper can receive traffic from your downstream CDN using both IPv4 and IPv6 addresses. Include both IPv4 and IPv6 CDN addresses in your ACLs.

Denial of traffic will occur if your CDN makes requests from IPs that are not part of the list configured here. View the FAQ for information about setting up auth alerts.

  1. Enable HTTPs Only to accept only HTTPS connections. Both HTTP & HTTPS connections are accepted when disabled.

View and manage individual CDN configurations

You can view and edit existing configurations, temporarily disable individual CDN access, or view origin hostnames.

  • CDN Name. The name of your added CDN.
  • Auth Key1 Expiry. The date your first auth key** expires.
  • Auth Key2 Expiry. The date your second auth key expires.
  • HTTPs Only. Indicates if this CDN connects using HTTPs.
  • CP Code. Displays the associated CP Code, if applicable.
  • Enabled. Indicates if this CDN is enabled. You can change this from the Actions menu.
  • Actions. You can Edit, Disable CDN, View Origin Hostnames, or Remove CDN.

DataStream Logging

You can capture near real-time performance and security information for your Cloud Wrapper configuration by using DataStream.

To enable DataStream logging:

  1. You need to create a DataStream configuration using the DataStream application.
  2. Associate your DataStream configuration with this Cloud Wrapper configuration using the DataStream application.
  3. Use the Cloud Wrapper application to toggle the Enable DataStream Logging option.

See the DataStream User Guide for more details.

Other Settings

  • Soft-Limit Alerts. Enable this to receive alerts when exceeding 85% of bandwidth usage.

Authentication for Multi CDN

Cloud Wrapper uses Simple Header Authentication for secure connections

The default header name is Akamai-CDN-Origin-Auth. You can change this name when adding a CDN configuration depending on your chosen CDN provider.

Default Akamai header format

Akamai-CDN-Origin-Auth: amos=exp={date} ~acl=%2F%2A ~hmac={signature}

Generate a token from your CDN provider to obtain these values

  1. amos: The token name.
  2. exp: The epoch time of token creation. The expiration is based on this time.
  3. acl: This is a URL-Encoded Access List of URLs that gives access to: /*. Use this URL-encoded value: %2F%2A.
  4. signature: The signature is an HMAC-SHA256 hash of the two token fields, expand acl.


You can use a token auth SDK to generate a token.

Example signature generation process

Starting from Control Center, create a shared-secret for each CDN you include in a Multi CDN configuration. The signature generation uses HMAC-SHA256.

  1. Generate a HEX-format shared_secret for the CDN: 77704f5541417a7a73666236
  2. Share the token's data field and shared_secret with the CDN provider:
    Token name: amos
    Secret: 77704f5541417a7a73666236
    acl: %2F%2A
    algorithm: hmac-sha256

At the CDN provider

In this example, assume the current epoch time is: 1591841414

  • The HMAC-SHA256 calculation over the token's fields as follows:
    String-to-sign: exp= 1591841414~acl= %2F%2A
    Signature: HMAC-SHA256(String-to-sign, Hex:Secret ): ea20f092942d08829ecb30e330ba1c78d768515df5efc383ee9ad335149d1a7d

The final example Akamai header

Akamai-CDN-Origin-Auth: amos=exp=1591841414~ acl=%2F%2A~ hmac=ea20f092942d08829ecb30e330ba1c78d768515df5efc383ee9ad335149d1a7d

Token Auth software development kits

Token auth software development kits (SDK) are available to generate tokens. They are available for multiple programming languages, and they account for all required and optional fields. See the README section of these pages for details on how to use that SDK.


View your summarized configuration and assign email addresses to receive notification Emails before clicking Submit.

  • Activate Configuration. You can choose to Activate now, or Activate Later when submitting your configuration.

View your Multi CDN origin hostnames

Use these hostnames as the origin for your third-party CDNs.

You can view the hostnames assigned to each CDN during the configuration process, or from the Cloud Wrapper configuration screen. Do this by accessing the Actions menu and selecting View Multi CDN Origin Hostnames.

The Origin Hostnames list

The Origin Hostnames list displays each CDN in the selected configuration, with the delivery type, location, and origin hostname. Click Download to store a plain-text file locally.


Ensure that your CDN targets the appropriate delivery hostname if you have multiple delivery properties assigned to your Cloud Wrapper configuration.