Information for: DEVELOPERS   PARTNERS   SUPPORT

Edge Product Guide

Note

For additional information about Edge, see its product documentation.

Last updated: January 31, 2023

Acquia will provide Edge Security and Performance services only if purchased by Customer, as indicated in the Order.

The following are the prerequisites for using an Edge service:

All Acquia Edge Security and Performance services are Customer-self-managed.

For purposes of this section, “Domain” means a Customer domain configured for use with the Edge service that maps to the IP addresses or CNAME records provided by Acquia. Acquia treats each of the following as a separate Domain:

  • example1.com
  • www.example1.com
  • example3.com

Any subdomains managed as a distinct configuration are considered as distinct domains.

Customer is limited to a total monthly traffic throughput (TB/mo) for a total number of domains/hostname(s), as indicated in the Order. In the event such limit is exceeded, Acquia will notify Customer (email is acceptable) of such excess and, within ten (10) days of such notice, Customer will either (i) execute an Order with Acquia for the applicable number of additional domains/hostnames and TB of traffic per month required and pay all applicable fees or (ii) remove the domains/hostnames necessary to comply with its subscription. Acquia reserves the right to remove domains/hostnames in the event Customer does not comply with the foregoing.

1. Edge CDN

Edge CDN is a performance solution that provides a global content delivery network designed to improve the reliability, offload, and network performance of Customer’s infrastructure, helping Customers scale web applications to meet sudden needs. The Edge CDN service utilizes data centers around the world, except mainland China, to accelerate the delivery of the Customer website content. The specific performance & security measures of Edge CDN include, tiered caching, content optimization & compression, and SSL/TLS. Edge CDN is powered by Akamai, or by Cloudflare, as specified in the Customer Order.

1.1. China CDN

If Customer requires fast website load times within mainland China through the use of mainland China data centers, an optional Edge CDN China CDN service is available. Use of the Edge CDN China service requires the Customer to have or obtain a valid Internet Content Provider (ICP) license from the Chinese government. Without Edge China CDN, all content will be delivered from servers outside of China. The Edge China CDN option is available only for Acquia Edge powered by Cloudflare. It requires Edge CDN or greater.


2. Edge Security

Acquia offers a family of Edge Security solutions to help Customers protect their websites and applications.

2.1 Edge Web Application Firewall (WAF)

Edge WAF is a service that provides a web application firewall (WAF) and distributed denial-of-service (DDOS) protection designed to help mitigate the effects of online threats and optimize legitimate visitor requests for protected websites.

Acquia will provide the Edge WAF service for up to the number of Domains specified in the applicable Order. The Acquia Edge WAF package is powered by Cloudflare and includes Edge CDN.

2.1.1. Edge Rate Limiting Add-on

Edge Rate Limiting is a service that mitigates denial-of-service attacks, brute-force login attempts, and other types of high-volume, abusive behavior targeting the application layer.

With Edge Rate Limiting, Customers can configure request rate thresholds, define responses, and gain insight into specific URLs of Customer websites, web applications, or API endpoints. It provides granular HTTP/HTTPS traffic control as defined by the Customer that complements the Edge Web Application Firewall (WAF) solution.

Edge Rate Limiting requires Edge WAF powered by Cloudflare and is available for use if purchased by Customer, as indicated in the Order.


3. Edge Web Application & API Protection

Edge Web Application & API Protection (WAAP) is designed to improve the security posture of Customer’s protected Domains and API endpoints, and reduce the likelihood and impact of application-level and denial of service attacks by mitigating attacks in the Edge network before they reach Customer’s origin infrastructure.

Edge WAAP includes configurable functionality designed to protect Customer Domains by reducing the risk and impact of attacks at the network and application layers. Edge WAAP provides rate control protections to mitigate the risk of DoS and DDoS attacks, as well as common attack methodologies such as SQL injection, cross-site scripting, and Trojan backdoors. The specific security controls included in Edge WAAP include, “Slow POST” protection, rate controls, network layer controls, and application layer controls. Edge WAAP provides tools that enable the definition and enforcement of the security policies specific to client IP, HTTP method, and other request parameters.

Edge WAAP powered by Akamai includes Edge CDN.


4. Edge Bot Management

Edge Bot Management is available only as part of the Edge Bot Management package, powered by Akamai. The Edge Bot Management package includes Edge WAAP and Edge CDN.

Edge Bot Management is designed to use a number of different detection techniques to: (i) determine if a client making a port 80 HTTP or port 443 HTTPS request on the Edge network is a human or a bot and (ii) categorize bots into known bot categories and unknown detected bot categories. Customer may set policies to apply different response actions to different categories of bot traffic.

The Edge Bot Management package includes the following additional feature entitlements:

  • Client Reputation: Client Reputation is designed to help protect online applications from attacks, improve accuracy, and fight threats. It computes risk scores associated with Customer’s end user clients, and allows Customer to filter malicious end users based on risk scores. Client scores are updated periodically but are neither real-time nor per event.

  • SIEM Integration: SIEM Integration allows Customer to capture event details generated by Akamai security products and incorporate those details into third-party software, such as Customer’s chosen SIEM solutions. Akamai supports a limited set of SIEM connectors, each of which is tested under conditions listed here.

    The SIEM connectors made available through the Akamai Developer site are only samples. Neither Acquia nor Akamai shall be responsible for fixing, modifying, or assisting with the implementation of the connectors. Customers should submit questions concerning the use of a SIEM connector to the Akamai’s SIEM Connectors Community page.


5. Edge Add-ons

Acquia offers a portfolio of optional add-on solutions to help tailor your Edge implementation to your requirements. Add-on solutions are unique to either Acquia Edge powered by Akamai or Acquia Edge powered by Cloudflare.

5.1. Add-ons for Acquia Edge powered by Akamai

The following add-ons are available for Acquia Edge powered by Akamai solutions.

5.1.1. EdgeDNS

Edge DNS is a cloud-based authoritative DNS solution designed to augment or replace a Customer’s existing DNS infrastructure. Edge DNS helps improve DNS resolution times, especially for websites using Acquia Edge powered by Akamai. It also has the scale to absorb large DDoS attacks targeting the DNS infrastructure.

Edge DNS limits the number of zones to 2,000. Edge DNS zones may have up to 25,000 records per zone. A Customer is entitled to 2 billion hits per month across all their zones. Edge DNS may only be used for zones owned by Customer. Delivery of the Service is evidenced by the provisioning of the Customer’s customer portal access credentials.

5.1.2. Image & Video Manager

Image & Video Manager is designed to help Customers with the creation and management of their images and videos. It provides Customers with an interface to call graphical manipulations on images and videos according to a Customer-designed policy. Customer images and videos shall be supplied by Customer on origin web servers, or uploaded to Akamai NetStorage and must be delivered utilizing Akamai Services. This add-on requires Edge CDN or greater.

5.1.3. Edge Redirector Cloudlet

Edge Redirector Cloudlet is designed to assist IT staff and marketing web site owners who manage a high number of URL redirects. Edge Redirector is a redirection tool that provides a simple user interface to quickly and easily manage URL redirect logic using a flexible set of rules and match criteria, while decreasing the time to redirect from the Akamai edge platform, effectively reducing round trips and providing additional origin offload. Unlike DIY or third-party solutions, Edge Redirector takes advantage of the Akamai platform providing additional scale and performance in addition to offload. This add-on requires Edge CDN or greater.

5.1.4. Security Incident & Event Management (SIEM Integration)

SIEM Integration allows Customer to capture event details generated by Akamai security products and incorporate those details into third-party software, such as Customer’s chosen SIEM solutions. Akamai supports a limited set of SIEM connectors, each of which is tested under conditions listed here.

The SIEM connectors made available through the Akamai Developer site are only samples. Neither Acquia nor Akamai shall be responsible for fixing, modifying, or assisting with the implementation of the connectors. Customers should submit questions concerning the use of a SIEM connector to the Akamai’s SIEM Connectors Community page.

SIEM Integration is included as part of the Bot Management package, or is available as an add-on to the WAAP package.

5.2. Add-ons for Acquia Edge powered by Cloudflare

The following add-ons are available for Acquia Edge powered by Cloudflare solutions.

5.2.1. Edge Cache File Limit Increase (1 GB)

The Edge Cache File Limit Increase (1 GB) add-on allows for an increase to the maximum size for files stored in cache. The default configuration for Edge CDN is 2 GB. However, this limit may be increased up to 20 GB total by purchasing the applicable number of Edge Cache File Limit Increase (1 GB) add-ons. Entitlements for this add-on are based on the total size of the cache (GB) per file.

5.2.2. Edge Dedicated SSL Certificate

The Edge Dedicated SSL add-on provides Customers with existing Edge Security and Performance subscriptions with the specified number of dedicated SSL certificates signed by a valid certificate authority for a domain(s) managed through Edge. Entitlements for this add-on are based on the total number of certificates.

5.2.3. Edge Load Balancing

The Edge Load Balancing add-on improves network performance and redundancy by balancing traffic across multiple servers and routing to the closest geolocation. Load balancing distributes traffic across servers that are located at either single or multiple origin locations across the globe to ensure high availability of applications. Additionally, the Edge Load Balancing add-on operates at the DNS level and supports any protocol, from HTTPS to TCP and UDP-based services. Entitlements for this add-on are based on DNS queries, requests, and bandwidth per month, and the number of total origin pools purchased by the Customer for their subscription.

5.2.4. Edge Mutual Transport Layer Security

The Edge Mutual Transport Layer Security (TLS) add-on creates a secure connection between a client, such as an Internet of Things (IoT) device or a mobile app, and its origin. Entitlements for this add-on are based on the total number of devices purchased by the Customer for their subscription.

5.2.5. Edge Workers

Edge Workers allows the Customer to write V8 JavaScript code that is securely run at the network edge. The JavaScript code uses a derivative of the W3C standard Service Workers API running on the Edge servers to perform actions such as route, filter, or respond to HTTP requests that would otherwise need to be run on the Customer origin in the Acquia Platform. Note that Edge Workers does not support the Node.js runtime because the Node is not designed to be a sandbox, which is required to isolate running code from other processes for optimal security at the edge.

Edge Workers is an add-on product that requires Edge CDN or greater, and is available for use if purchased by Customer, as indicated in the Order. Customers are responsible for writing, debugging, and maintaining their own JavaScript code run by Edge Workers. Acquia will not support creation, maintenance, troubleshooting, or any other support activities related to customer, vendor or third-party created code. This includes, but may not be limited to customer, vendor, or third-party created recipes or code templates that can be added to the Workers product. If Customer-created JavaScript is impacting the flow of requests to the Customer application in the Acquia Platform, Customer will be required to disable all JavaScript code run by Edge CDN Workers before Acquia Support can diagnose the issue.


6. Support

The specific support services provided by Acquia are described in the Acquia Support User Guide.

All support for the Edge service is provided by Acquia Support. Customer should not contact any underlying providers directly for technical advisory or troubleshooting support.


7. GDPR Product Notice

GDPR Product notice for Edge products powered by Akamai.

GDPR Product notice for Edge products powered by Cloudflare.

Acquia Inc. reserves the right to change the Products and Services Guide based on prevailing market practices and the evolution of our products. Changes will not result in a degradation in the level of services provided during the period for which fees for such services have been paid.