Note
For additional information about Edge, see its product documentation.
Last updated: August 14, 2024
Acquia will provide Edge Security and Performance services only if purchased by Customer, as indicated in the Order.
The following are the prerequisites for using an Edge service:
- One or more production domains using Cloud Platform Enterprise or Site Factory
- Enterprise Security Package
All Acquia Edge Security and Performance services are Customer-self-managed.
For purposes of this section, “Domain” means a Customer domain configured for use with the Edge service that maps to the IP addresses or CNAME records provided by Acquia. Acquia treats each of the following as a separate Domain:
example1.com
www.example1.com
example3.com
Any subdomains managed as a distinct configuration are considered as distinct domains.
Customer is limited to a total monthly traffic throughput (TB/mo) for a total number of domains/hostname(s), as indicated in the Order. In the event such limit is exceeded, Acquia will notify Customer (email is acceptable) of such excess and, within ten (10) days of such notice, Customer will either (i) execute an Order with Acquia for the applicable number of additional domains/hostnames and TB of traffic per month required and pay all applicable fees or (ii) remove the domains/hostnames necessary to comply with its subscription. Acquia reserves the right to remove domains/hostnames in the event Customer does not comply with the foregoing.
1. Edge CDN
Edge CDN is a performance solution that provides a global content delivery network designed to improve the reliability, offload, and network performance of Customer’s infrastructure, helping Customers scale web applications to meet sudden needs. The Edge CDN service utilizes data centers around the world, except mainland China, to accelerate the delivery of the Customer website content. The specific performance & security measures of Edge CDN include, tiered caching, content optimization & compression, and SSL/TLS. Edge CDN is powered by Akamai, or by Cloudflare, as specified in the Customer Order.
1.1. China CDN
If the Customer requires fast website load times within mainland China through the use of mainland China data centers, an optional Edge China CDN service is available. Use of the Edge China CDN service requires the Customer to have or obtain a valid Internet Information Service (ICP) license or filing from or with the Chinese telecom regulatory authority and to conclude a direct contract with Acquia’s local CDN partner in China.
Without Edge China CDN, all content will be delivered from servers outside of China. The Edge China CDN option is available for Acquia Edge powered by Akamai or Cloudflare. It requires Edge CDN or greater.
Customer requirements
All customers procuring Edge China CDN are required to meet the following requirements:
- Local Presence: Customer must maintain a local presence in China.
- Local Contacts: Customer must identify and provide contact information for a local company representative.
- Content: Customer agrees that no digital property will include content deemed illegal or inappropriate by the local laws, and if a notification or illegal content is received from local authorities, Acquia and its delivery partners reserve the right to take down the relevant Customer’s digital property from the services in China.
- ICP License: China CDN services can only be delivered if the customer has a valid ICP license or filling covering all Digital Properties and the content complies with the local laws.
- ICP License Procurement & Maintenance: Customer is solely responsible for procuring and maintaining the proper and valid ICP license or filling in lawful ways for all its digital properties in accordance with the local laws. Acquia or its delivery partners will not have any responsibilities to provide any assistance in this regard.
- Contract: In addition to the Customer’s contract with Acquia, Customer must sign an agreement with the properly licensed local CDN provider in China to provide the in-China CDN service. The ICP license or filing of the Customer is one of the conditions that the properly licensed local CDN provider in China will require before it can enter into the contract to provide such in-China CDN to the Customer.
2. Edge Security
Acquia offers a family of Edge Security solutions to help Customers protect their websites and applications.
2.1 Edge Web Application Firewall (WAF)
Edge WAF is a service that provides a web application firewall (WAF) and distributed denial-of-service (DDOS) protection designed to help mitigate the effects of online threats and optimize legitimate visitor requests for protected websites.
Acquia will provide the Edge WAF service for up to the number of Domains specified in the applicable Order. The Acquia Edge WAF package is powered by Cloudflare and includes Edge CDN.
2.1.1. Edge Rate Limiting Add-on
Edge Rate Limiting is a service that mitigates denial-of-service attacks, brute-force login attempts, and other types of high-volume, abusive behavior targeting the application layer.
With Edge Rate Limiting, Customers can configure request rate thresholds, define responses, and gain insight into specific URLs of Customer websites, web applications, or API endpoints. It provides granular HTTP/HTTPS traffic control as defined by the Customer that complements the Edge Web Application Firewall (WAF) solution.
Edge Rate Limiting requires Edge WAF powered by Cloudflare and is available for use if purchased by Customer, as indicated in the Order.
2.1.2. Edge Advanced Rate Limiting Add-on
Edge Advanced Rate Limiting allows Customers to count requests based on a larger set of HTTP request characteristics than standard Edge Rate Limiting.
With Edge Advanced Rate Limiting, Customers can define rule filters using a broad set of HTTP request characteristics, use additional counting characteristics, set a one hour counting period, and leverage a complexity score in the rule’s counting model.
Edge Advanced Rate Limiting requires Edge WAF powered by Cloudflare and is available for use if purchased by Customer, as indicated in the Order.
3. Edge Web Application & API Protection
Edge Web Application & API Protection (WAAP) is designed to improve the security posture of Customer’s protected Domains and API endpoints, and reduce the likelihood and impact of application-level and denial of service attacks by mitigating attacks in the Edge network before they reach Customer’s origin infrastructure.
Edge WAAP includes configurable functionality designed to protect Customer Domains by reducing the risk and impact of attacks at the network and application layers. Edge WAAP provides rate control protections to mitigate the risk of DoS and DDoS attacks, as well as common attack methodologies such as SQL injection, cross-site scripting, and Trojan backdoors. The specific security controls included in Edge WAAP include, “Slow POST” protection, rate controls, network layer controls, and application layer controls. Edge WAAP provides tools that enable the definition and enforcement of the security policies specific to client IP, HTTP method, and other request parameters.
Edge WAAP powered by Akamai includes Edge CDN.
4. Edge Bot Management
Edge Bot Management is available only as part of the Edge Bot Management package, powered by Akamai. The Edge Bot Management package includes Edge WAAP and Edge CDN.
Edge Bot Management is designed to use a number of different detection techniques to: (i) determine if a client making a port 80 HTTP or port 443 HTTPS request on the Edge network is a human or a bot and (ii) categorize bots into known bot categories and unknown detected bot categories. Customer may set policies to apply different response actions to different categories of bot traffic.
The Edge Bot Management package includes the following additional feature entitlements:
- Client Reputation: Client Reputation is designed to help protect online applications from attacks, improve accuracy, and fight threats. It computes risk scores associated with Customer’s end user clients, and allows Customer to filter malicious end users based on risk scores. Client scores are updated periodically but are neither real-time nor per event.
SIEM Integration: SIEM Integration allows Customer to capture event details generated by Akamai security products and incorporate those details into third-party software, such as Customer’s chosen SIEM solutions. Akamai supports a limited set of SIEM connectors, each of which is tested under conditions listed in SIEM Integration.
The SIEM connectors made available through the Akamai Developer site are only samples. Neither Acquia nor Akamai shall be responsible for fixing, modifying, or assisting with the implementation of the connectors. Customers should submit questions concerning the use of a SIEM connector to the Akamai’s SIEM Connectors Community page.
5. Edge Add-ons
Acquia offers a portfolio of optional add-on solutions to help tailor your Edge implementation to your requirements. Add-on solutions are unique to either Acquia Edge powered by Akamai or Acquia Edge powered by Cloudflare.
5.1. Add-ons for Acquia Edge powered by Akamai
The following add-ons are available for Acquia Edge powered by Akamai solutions.
5.1.1. EdgeDNS
Edge DNS is a cloud-based authoritative DNS solution designed to augment or replace a Customer’s existing DNS infrastructure. Edge DNS helps improve DNS resolution times, especially for websites using Acquia Edge powered by Akamai. It also has the scale to absorb large DDoS attacks targeting the DNS infrastructure.
Edge DNS limits the number of zones to 2,000. Edge DNS zones may have up to 25, 000 records per zone. A Customer is entitled to 2 billion hits per month across all their zones. Edge DNS may only be used for zones owned by Customer. Delivery of the Service is evidenced by the provisioning of the Customer’s customer portal access credentials.
5.1.2. Image & Video Manager
Image & Video Manager is designed to help Customers with the creation and management of their images and videos. It provides Customers with an interface to call graphical manipulations on images and videos according to a Customer-designed policy. Customer images and videos shall be supplied by Customer on origin web servers, or uploaded to Akamai NetStorage and must be delivered utilizing Akamai Services. This add-on requires Edge CDN or greater.
5.1.3. Edge Redirector Cloudlet
Edge Redirector Cloudlet is designed to assist IT staff and marketing web site owners who manage a high number of URL redirects. Edge Redirector is a redirection tool that provides a simple user interface to quickly and easily manage URL redirect logic using a flexible set of rules and match criteria, while decreasing the time to redirect from the Akamai edge platform, effectively reducing round trips and providing additional origin offload. Unlike DIY or third-party solutions, Edge Redirector takes advantage of the Akamai platform providing additional scale and performance in addition to offload. This add-on requires Edge CDN or greater.
5.1.4. Security Incident & Event Management (SIEM Integration)
SIEM Integration allows Customer to capture event details generated by Akamai security products and incorporate those details into third-party software, such as Customer’s chosen SIEM solutions. Akamai supports a limited set of SIEM connectors, each of which is tested under conditions listed in SIEM Integration.
The SIEM connectors made available through the Akamai Developer site are only samples. Neither Acquia nor Akamai shall be responsible for fixing, modifying, or assisting with the implementation of the connectors. Customers should submit questions concerning the use of a SIEM connector to the Akamai’s SIEM Connectors Community page.
5.1.5. Acquia Edge - Advanced Bot Management
Edge Advanced Bot Management utilizes various detection techniques to determine whether a client making port 80 HTTP or port 443 HTTPS requests is a bot or human, and identify and categorize bots into known categories. Customers may define and apply policies to implement response actions to bot traffic in different categories. This is an add-on to the Edge Bot Management solution, extending the capabilities to include active bot detections and browser validation, and advanced and challenging actions that enable customers to tailor and customize their bot management policy. Edge Advanced Bot Management is powered by Akamai.
5.2. Add-ons for Acquia Edge powered by Cloudflare
The following add-ons are available for Acquia Edge powered by Cloudflare solutions.
5.2.1. Edge Cache File Limit Increase (1 GB)
The Edge Cache File Limit Increase (1 GB) add-on allows for an increase to the maximum size for files stored in cache. The default configuration for Edge CDN is 2 GB. However, this limit may be increased up to 20 GB total by purchasing the applicable number of Edge Cache File Limit Increase (1 GB) add-ons. Entitlements for this add-on are based on the total size of the cache (GB) per file.
5.2.2. Edge Dedicated SSL Certificate
The Edge Dedicated SSL add-on provides Customers with existing Edge Security and Performance subscriptions with the specified number of dedicated SSL certificates signed by a valid certificate authority for a domain(s) managed through Edge. Entitlements for this add-on are based on the total number of certificates.
5.2.3. Edge Load Balancing
The Edge Load Balancing add-on improves network performance and redundancy by balancing traffic across multiple servers and routing to the closest geolocation. Load balancing distributes traffic across servers that are located at either single or multiple origin locations across the globe to ensure high availability of applications. Additionally, the Edge Load Balancing add-on operates at the DNS level and supports any protocol, from HTTPS to TCP and UDP-based services. Entitlements for this add-on are based on DNS queries, requests, and bandwidth per month, and the number of total origin pools purchased by the Customer for their subscription.
5.2.4. Edge Workers
Edge Workers allows the Customer to write V8 JavaScript code that is securely run at the network edge. The JavaScript code uses a derivative of the W3C standard Service Workers API running on the Edge servers to perform actions such as route, filter, or respond to HTTP requests that would otherwise need to be run on the Customer origin in the Acquia Platform. Note that Edge Workers does not support the Node.js runtime because the Node is not designed to be a sandbox, which is required to isolate running code from other processes for optimal security at the edge.
Edge Workers is an add-on product that requires Edge CDN or greater, and is available for use if purchased by Customer, as indicated in the Order. Customers are responsible for writing, debugging, and maintaining their own JavaScript code run by Edge Workers. Acquia will not support creation, maintenance, troubleshooting, or any other support activities related to customer, vendor or third-party created code. This includes, but may not be limited to customer, vendor, or third-party created recipes or code templates that can be added to the Workers product. If Customer-created JavaScript is impacting the flow of requests to the Customer application in the Acquia Platform, Customer will be required to disable all JavaScript code run by Edge CDN Workers before Acquia Support can diagnose the issue.
6. Support
The specific support services provided by Acquia are described in the Acquia Support User Guide.
All support for the Edge service is provided by Acquia Support. Customer should not contact any underlying providers directly for technical advisory or troubleshooting support.
7. Product Privacy Notice
Product Privacy Notice for Edge products powered by Akamai
.
Product Privacy Notice for Edge products powered by Cloudflare
.
8. Data Portability and Deletion
Upon request made by Customer within 7 days of termination or expiration of the Subscription Services, Acquia will make Customer Data and Customer Applications available to Customer for export or download. At the end of such 7-day period, Acquia will delete or otherwise render inaccessible any Customer Data and Customer Applications, unless legally prohibited. Acquia has no obligation to retain the Customer Data for Customer purposes after this 7-day post termination period.