NetStorage is ​Akamai​​'s secure, cloud-based storage service. It simplifies the management of your content and makes it easy to deliver it over the ​​Akamai​ network. NetStorage also ensures your content is readily accessible by replicating it in multiple locations across the ​​Akamai​ content delivery network.

Do you need an origin certificate?

You're protecting the connection between a requesting client and ​Akamai​ edge servers with a secure certificate for HTTPS. You might think you need to do the same to protect the connection between edge servers and your origin server.

You don't.

You’ll be using NetStorage as your origin server. Connections to it are served over ​Akamai​’s natively secure network via Standard TLS.

Set up NetStorage

There are a few things you need to do to set up NetStorage.

📘

Did you get NetStorage?

When you first worked with ​Akamai​ to get set up, your account team should have added NetStorage to your contract and given you at least one content provider (CP) code for its use.

1. Create your storage group

This is where you'll upload and store your website or app content for delivery.

Get your contractId

A storage group is one of the many objects that you create and manage via your ​Akamai​ contract. To create a new storage group, you need the unique identifier that ​Akamai​ generates for your contract. You can get this value using the list contract operation in the Property Manager API (PAPI).

Create the storage group

Use this operation in the NetStorage Configuration API to create it:

There's more to storage groups

The recipe above gets you up and running with a storage group. It applies default settings for some options and there are other options you can apply. You can use the edit a storage group operation to update it with additional settings.

2. Create your upload account

An upload account gives you access to your storage group so that you can upload content to it. You set up an access method in an upload account based on popular transfer protocols. For this tutorial, we'll be using SecureCopy as the access method.

Generate an SSH key

You'll use a secure shell (SSH) key to validate and protect your connection to NetStorage. An SSH key consists of a pair of files—a private key and a public key. You need to create the pair on the machine you'll be using to transfer your site to NetStorage. We'll call this your local system going forward. The private key stays on your local system, and you need to apply the public key in NetStorage. Whenever you try to access NetStorage, the two keys are compared to each other. If they match, you're in.

1. Open a Terminal Session or Command Prompt on the system you'll use to transfer your site to NetStorage.

2. Run this command to create an SSH key pair for SecureCopy access, using NetStorage-SCP as the file name:

$ ssh-keygen -t rsa -b 2048 -C "NetStorage-SCP" -f /Users/<username>/.ssh/NetStorage-SCP

C:\ ssh-keygen -t rsa -b 2048 -C "NetStorage-SCP" -f C:\Users\<username>\.ssh\NetStorage-SCP

3. You can enter a passphrase (password) for added security and then enter it again to confirm. You can also press Enter twice to skip this.

📘

If you include a passphrase, you'll need to provide it each time you perform an operation to interact with NetStorage.

4. You need to edit your OpenSSH client config to be compatible with NetStorage. Find the file on your local system. Here are some common locations:

   Operating System	Location
   Linux/macOS	Current user. ~/.ssh/config System-wide. /etc/ssh/ssh_config
   Windows	Current user. C:\users\%username%\.ssh\config System-wide. C:\ProgramData\ssh\ssh_config

5. Open the file in a text editor and add the following lines:

   Host *.upload.akamai.com
       HostKeyAlgorithms +ssh-dss
   

Create the upload account

1. You need the full, public SSH key file in your upload account.

   1. Navigate to your .ssh directory:

      • Linux/macOS. /Users/<username>/.ssh/config
      • Windows. C:\Users\<username>\.ssh

   2. Open the NetStorage-SCP.pub file in a text editor.

   3. Copy the entire contents of this file.

2. Use this operation in the NetStorage Configuration API to create the account:

📘

Wait until your upload account is ready

Propagation can take from 1 - 2 hours. Before you continue, wait until you receive the confirmation email for your upload account. You can't actually upload content to NetStorage until it's ready.

There's more to upload accounts

Just like with the storage group, we only covered the basics for this tutorial. There are other configuration settings you can apply, and other access methods you can use to transfer content. Later, you can edit an upload account operation to add more.

3. Upload your content to NetStorage

You've got a storage group set up and an upload account to manage your site content, using Secure Copy as your access method.

Before you begin

There are some things you're going to need for this exercise:

• The NetStorage user name for Secure Copy. This is always sshacs for secure access methods.
• The NetStorage domain name. When you created your storage group, you set a domainPrefix. If you didn't store it, you can run this operation to get it:

Perform the upload

1. Access your local system where the site is stored.

2. Launch a Terminal Session or Command Prompt.

3. Run the command below, using these variable values to start the upload:

   • <private key>. The full path and filename (NetStorage-SCP.pub) to the public key file.
   • <your site>. The full path to the root directory housing your site content. You only need the root directory name, not a file name.
   • <domainPrefix>. The domain name you set for your storage group.

scp -i <private key> -r /<your site>/ sshacs@<domainPrefix>.scp.upload.akamai.com:/

scp -i <private key> -r C:\<your site>\ sshacs@<domainPrefix>.scp.upload.akamai.com:/

This command recursively copies everything in the <your site> directory, and from all subdirectories it may contain.

Other origin server methods

NetStorage offers a relatively simple, one-stop-shop method to host your deliverable content with ​Akamai​. However, we support other origin server configurations, too: