The third-party origin server workflow

You can follow each of the sections in this workflow to add your own third-party origin server to your Ion property.

Before you begin: Understand the request flow

This is optional, but it's recommended. Take a minute to familiarize yourself with the flow of a request involving the ​Akamai​ network.

1. Prepare your edge certificate

The first phase of a request flow involves the end user contacting ​Akamai​ edge servers. To secure this connection with HTTPS, you'll need to prepare your edge certificate.

📘

If you need to use the custom certificate method, you'll need to wait until it completes provisioning before you can set up your Ion property. You'll receive an email once it's ready.

2. Prepare your third-party origin server

There are some prerequisites you need to meet before you can add a third-party origin to your property. Specifically, you need to work with a supported cloud provider to set up storage space to serve as your origin, as well as collect some authentication details. See Third-party origin prerequisites for complete details.

👍

We recommend that you use Cloud Access Manager. It lets you easily protect and manage your third-party cloud provider access keys. You can find more details on it in the link above.

3. Set up your Ion property

Perform these operations to initially set up your property in Property Manager:

  1. Create a new custom Ion property
  2. Define property hostnames
  3. Define property variables (optional)

4. Set up the Origin Server behavior

Now, let's apply some settings in the Property Configuration Settings to set up your third-party origin. We're using the Origin Server behavior in the Default Rule so that your third-party origin serves all requests.

  1. Ensure the Default Rule is selected.

  2. Set Origin Type to Your Origin.

  3. Input the Origin Server Hostname you added to your DNS record when you set up your origin server.

  4. Set the following options, as desired:

  5. Set the Origin SSL Certificate Verification options as follows:

    • Verification Settings. Select Third Party Settings. ​Akamai​ creates a separate certificate authority set for a third-party origin, and manages the certificate for you. You don't have to do anything to upgrade your verification settings.

    • SNI TLS Extension. This only applies if your third-party origin server has been configured to host multiple Standard/Enhanced TLS certificates to support multiple sites. If this is the case, set this to Yes. The Server Name Indication (SNI) header will be sent in the SSL request to the origin. The SNI header value needs to be the same value you have set for the Forward Host Header. Talk to your cloud provider to see if you need to include the SNI header in requests to your origin. Otherwise, set this to No.

  1. Leave the Ports options at their defaults, unless told otherwise by your cloud provider. The standard port for HTTPS traffic is 443.

5. Add the Origin Characteristics behavior

This is where you provide the third-party cloud provider authentication credentials and a few other settings to help optimize delivery. Add this behavior to the Default Rule so that it'll comply with the Origin Server behavior and apply to all requests.

  1. Ensure the Default Rule is selected.

  2. Click Add Behavior.

  3. In the Search available behaviors field, type origin, select Origin Characteristics from the list, and click Insert Behavior.

  4. If your cloud provider has told you that there's a specific geographic region that contains your third-party origin, set Origin Location to the closest region. Otherwise, leave this set to Unknown. ​Akamai​ will still work to optimize delivery based on end-user location.

  5. Set Authentication Method options based on the type of authentication you're using, traditional or Cloud Access Manager:

Authentication type

Amazon Web Services

Interoperability Google Cloud Storage

Use traditional authentication

  1. Set Authentication Method to **Amazon Web Services**.
  2. Set Encrypted Storage to **No**.
  3. Input the **Access Key ID**, **Secret Access Key**, **Region**, and **Endpoint Service** values. You should've gathered these values when you were meeting the [third-party origin prerequisites](doc:third-party-origin-prereqs#amazon-web-services-aws).
  1. Set Authentication Method to **Interoperability Google Cloud Storage**.
  2. Set Encrypted Storage to **No**.
  3. Input the **Access ID** and **Secret** values. You should've gathered these values when you were meeting the [third-party origin prerequisites](doc:third-party-origin-prereqs#interoperability-google-cloud-storage-gcs).

Use Cloud Access Manager

  1. Set Authentication Method to **Amazon Web Services**.
  2. Set Encrypted Storage to **Yes**.
  3. Input the **Name** you set for your Cloud Access Manager access key.
  4. Input the **Region** and **Endpoint Service** values. You should've gathered these values when you were meeting the [third-party origin prerequisites](doc:third-party-origin-prereqs#consider-using-cloud-access-manager) to support Cloud Access Manager.
  1. Set Authentication Method to **Interoperability Google Cloud Storage**.
  2. Set Encrypted Storage to **Yes**.
  3. Input the **Name** you set for your Cloud Access Manager access key.

Related tasks

You need to set up the rules and behaviors that are applied when an end-user request comes in for your website or app. Some of these rules include additional settings you can apply to optimize access to your origin server:


Did this page help you?