Origin Characteristics & Object Delivery
This behavior lets you set characteristics for your origin server to optimize access to it.
Origin Location
Select the appropriate location of the origin server, based on the Origin Type you selected in the Origin Server behavior:
-
NetStorage. Set this to Unknown.
-
Your Origin (for a custom origin). Select the geographical location of your origin server to optimize access to it. Do this to implement what we consider "use case-based provisioning" for this behavior. If you're not sure about your server location, select Unknown.
Authentication Method
Select the appropriate authentication method for use:
Method | Description | Additional options |
---|---|---|
Akamai Origins - Auto, Others - None | This is the default and applies if your origin server doesn't have any external authentication requirements, or if you're using NetStorage as your origin. | N/A |
Interoperability Google Cloud Platform | Select this if you're authenticating with Google Cloud Storage (GCS) as your origin. Support is based on the GCS V4 signing process. Once selected, configure the additional options that are revealed. |
|
Amazon Web Services | Select this if you're authenticating with Amazon Web Services (AWS) cloud provider as your origin. Support is based on the AWS signature version 4 signing process. Once selected, configure the additional options that are revealed. |
|
Additional considerations
Consider these points when using GCS or AWS as your cloud origin provider:
-
You can use Cloud Access Manager. Use it to streamline the client authentication process. See Cloud Access Manager & Object Delivery for complete details.
-
You can check your authentication details in the file you saved when creating your HMAC key. If you didn’t download the file, or if you lost it, you may need to delete the existing HMAC key and add a new one. See Managing HMAC keys in GCS or Managing Access Keys (console) in AWS for details.
-
Use a property with an akamaized hostname. This lets you either retrieve objects from the origin, or for read-only bucket operations. This is because we're currently limited to storing cloud provider access keys in cleartext. This doesn't carry the level of protection you might expect for the transmission of personally identifiable information (PII).
-
Consider using two separate sets of cloud provider access keys. Dedicate one to GET operations and another to POST, PUT, or DELETE operations. For all GET operations, set them up to use a property via Property Manager; for POST, PUT, and DELETE operations, you should use the APIs or SDKs offered by the associated cloud provider.
-
Regularly rotate the cloud provider access keys. This reduces the likelihood of unauthorized diversion of confidential information.
-
Only the "Authorization" header is supported (AWS, only). If you're using query string parameters with this authentication, each query parameter in the incoming client request must be sorted alphabetically, and URL encoded.
Best practices settings applied by default
Akamai automatically applies certain best practices settings when you configure various behaviors in the Default Rule. With the Origin Characteristics behavior, the following settings are automatically applied—you don't need to manually define these via individual behaviors, because we preset them for optimal access and delivery.
Tiered Distribution
This lets Object Delivery retrieve your cached content from another mid-tier of servers that are closer to your origin server, rather than directly from your origin server. For cached content, the feature has significant advantages:
- Reduction in demand for bandwidth at the Origin Server, which is often positive in itself and necessary to upscale applications.
- Improved performance from the reduced time it takes for the product to retrieve content. Tiered Distribution parent servers are generally located close to the production servers that use them.
Disable Tiered Distribution
If you need to disable it, you can add Tiered Distribution as an optional behavior in the same rule and set it to "Off".
Tiered Distribution can't be used with Cloud Wrapper
If you've added the Cloud Wrapper service to your Object Delivery property, you need to disable Tiered Distribution.
Origin Failure
These settings are automatically applied in the background:
-
Origin Unresponsiveness. The following are automatically set as best practices values for this scenario:
- Connection Timeout. Five seconds.
- HTTP Response Timeout. Two minutes.
- Retry logic. Retry once, and serve an error to the requesting client after retry failure.
-
Origin Server Error. The following are automatically set as best practices values for this scenario:
- Retry logic. Retry once, and serve an error to the requesting client after retry failure.
- Object Content Error. An error is served to the requesting client.
Origin Authentication
These settings are automatically applied in the background, based on your selected Origin Type:
- NetStorage as your origin. Akamai Signature Header Verification Authentication is applied by default.
- All other origin types. Origin Authentication is not default applied. You can use the Authentication Method options to apply these for your origin.
Origin Characteristics and Mixed Mode
Origin Characteristics is a "use case-based" behavior that's automatically included in the Default Rule and used to optimize delivery for all requests. However, with Mixed Mode Configuration for Object Delivery, you can include it in another rule and apply different match criteria to have separate requests use different origin characteristics optimizations. For more details, see Mixed Mode & Object Delivery.
Updated about 1 year ago