Adjustments to the Dynamic Site Accelerator (DSA) property configuration and the Kona Site Defender (KSD) security configuration must follow a deployment process to ensure that the changes are functioning properly prior to pushing the changes to production. This is similar to how code changes must be tested on Acquia Cloud in lower environments before pushing them to production to help mitigate regression and outages.
Spoofing
To properly test configurations, spoofing domains is recommended to ensure that you can test the site processing through Akamai prior to production launches. To spoof, you must modify your local machine to process domains through a localhost override. For information about how to configure a localhost override for spoofing, see How to Setup Localhost Overrides.
To spoof your domain, you must also obtain the IP address of the Akamai Edge
service. This IP address might change. Therefore, Acquia recommends that you
check the IP address prior to each spoof test. To find the IP address, you can
run a dig
command from your terminal. You can find the domain to run the
dig
command in your KSD property configuration with the hostnames
in the Edge Hostname column. The format of the domain is
[name].edgesuite.net or [name].edgekey.net based on the compliance requirements
for PCI/HIPAA.
Example:
After getting the Edge hostname, you can run the dig
command in a terminal
to obtain the IP address that you need to utilize in the localhost override. The
IP address is in the ANSWER SECTION of the output.
$> dig example.edgesuite.net
; <<>> DiG 9.10.6 <<>> example.edgesuite.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55523
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;example.edgesuite.net. IN A
;; ANSWER SECTION:
example.edgesuite.net. 21600 IN CNAME a982.b.akamai.net.
a982.b.akamai.net. 20 IN A 23.40.62.16
a982.b.akamai.net. 20 IN A 23.40.62.33
;; Query time: 146 msec
;; SERVER: 192.168.11.1#53(192.168.11.1)
;; WHEN: Fri Mar 11 06:59:14 EST 2022
;; MSG SIZE rcvd: 107
After obtaining the IP address for the Akamai production instance, use the same
process to obtain the IP address for the Akamai staging instance, by adding
-staging to the domain name. For example, the domain names for the staging
instance are example.edgesuite-staging.net
and example.edgekey-staging.net
.
Deployment and testing
After you make modifications to the property or security configuration, you must first activate them on the Akamai staging instance. After the activation is complete, the system sends an email to notify you that the process is completed and you can proceed with testing. Utilizing the spoofing information provided earlier, you must perform your testing with the -staging domain.
During the testing, you must validate that the changes are functioning properly and confirm that no regressions are introduced. If regressions or functionality is not working properly, you must start a new version of the configuration to make further adjustments. After making the adjustments, proceed with activation and testing again on the staging instance. After the functionality is confirmed, the configuration can be activated on the Akamai production instance. The system sends you a notification on completion of the activation for production. You can then proceed to validate the functionality on your production domains with the spoofing configuration in place.
Testing without spoofing
To test without spoofing, you must utilize a dedicated test domain or subdomain. The test domain can then have DNS configured to point directly to the Akamai -staging domain as a CNAME record. If you utilize an existing custom domain that is configured on the Acquia Cloud staging environment, there is a risk associated with pointing the domain directly to Akamai staging. If the property or security configuration that is activated on Akamai staging is not functioning properly due to invalid modifications, your Acquia Cloud staging domains experience issues. Acquia recommends that you configure an additional staging domain, such as staging-akamai.example.com, to change DNS to Akamai for testing, so that your normal process of validating staging continues even if the Akamai Staging configuration is broken.