The third-party origin

You can follow each of the sections in this workflow to add your own third-party origin server to your Property Manager property.

Before you begin: Understand the request flow

This is optional, but it's recommended. Take a minute to familiarize yourself with the flow of a request involving the ​Akamai​ network.

1. Prepare your edge certificate

The first phase of a request flow involves the end user contacting ​Akamai​ edge servers. To secure this connection with HTTPS, you'll need to prepare your edge certificate.

πŸ“˜

If you need to use the custom certificate method, you'll need to wait until it completes provisioning before you can set up your Property Manager property. You'll receive an email once it's ready.

2. Meet some prerequisites

Before you can add a third-party origin to your property, you need to work with a supported cloud provider to set up storage space to serve as your origin. You also need to collect some authentication details. See Third-party origin prerequisites for complete details.

πŸ‘

We recommend that you use Cloud Access Manager. It lets you easily protect and manage your third-party cloud provider access information as a key. You can find more details on it in the link above.

3. Set up your Property Manager property

If you haven't yet, perform these operations to initially set up your property in Property Manager:

  1. Create a brand new property
  2. Define a secure property hostname (for delivery via HTTPS)
  3. Define property variables (optional)

4. Set up the Origin Server behavior

Now, let's apply some settings in the Property Configuration Settings to set up your third-party origin. We're using the Origin Server behavior in the Default Rule so that your third-party origin serves all requests.

  1. Ensure the Default Rule is selected.

  2. Set Origin Type to Your Origin.

  3. Input the Origin Server Hostname you added to your DNS record when you set up your origin server.

πŸ“˜

Variable support

This field supports variable expression syntax. Typing "{{" in the option field triggers a list of objects to select. Additional details on this support are available by mousing over this option in the UI. Also see Variables overview.

  1. Set the following options, as desired:

  2. Set the Origin SSL Certificate Verification options as follows:

    • Verification Settings. Select Third Party Settings. ​Akamai​ creates a separate certificate authority set for a third-party origin, and manages the certificate for you. You don't have to do anything to upgrade your verification settings.

    • SNI TLS Extension. This only applies if your third-party origin server has been configured to host multiple Standard/Enhanced TLS certificates to support multiple sites. If this is the case, set this to Yes. The Server Name Indication (SNI) header will be sent in the SSL request to the origin. The SNI header value needs to be the same value you have set for the Forward Host Header. Talk to your cloud provider to see if you need to include the SNI header in requests to your origin. Otherwise, set this to No.

  1. Leave the Ports options at their defaults, unless told otherwise by your cloud provider. The standard port for HTTPS traffic is 443.

5. Add the Origin Characteristics behavior

This is where you provide the third-party cloud provider authentication credentials and a few other settings to help optimize delivery. Add this behavior to the Default Rule so that it'll comply with the Origin Server behavior and apply to all requests.

  1. Ensure the Default Rule is selected.

  2. Click Add Behavior.

  3. In the Search available behaviors field, type origin, select Origin Characteristics from the list, and click Insert Behavior.

  4. If your cloud provider told you that there's a specific geographic region that contains your third-party origin, set Origin Location to the closest region. Otherwise, leave this set to Unknown. ​Akamai​ will still work to optimize delivery based on end-user location.

  5. Set Authentication Method options based on the type of authentication you're using, traditional or Cloud Access Manager:

Authentication type Amazon Web Services Interoperability Google Cloud Storage

Use traditional authentication

  1. Set Authentication Method to Amazon Web Services.
  2. Set Encrypted Storage to No.
  3. Input the Access Key ID, Secret Access Key, Region, and Endpoint Service values. You should've gathered these values when you were meeting the third-party origin prerequisites.
  1. Set Authentication Method to Interoperability Google Cloud Storage.
  2. Set Encrypted Storage to No.
  3. Input the Access ID and Secret values. You should've gathered these values when you were meeting the third-party origin prerequisites.

Use Cloud Access Manager

  1. Set Authentication Method to Amazon Web Services.
  2. Set Encrypted Storage to Yes.
  3. Input the Name you set for your Cloud Access Manager access key.
  4. Input the Region and Endpoint Service values. You should've gathered these values when you were meeting the third-party origin prerequisites to support Cloud Access Manager.
  1. Set Authentication Method to Interoperability Google Cloud Storage.
  2. Set Encrypted Storage to Yes.
  3. Input the Name you set for your Cloud Access Manager access key.

πŸ‘

Are you using Ion?

An Ion property contains specific rules that you can configure to optimize end-user access and use of your origin server:


Did this page help you?