Component No. 4: Origin Protection

By David Drai  |  Posted 2010-07-23

How to Optimize Website Content Delivery Using Whole-Site Acceleration

A growing number of Websites are delivering a diverse mix of content that includes static (cacheable), dynamic (non-cacheable) and secure data. This trend, plus the increasing adoption of personalization and new browser presentation technologies, has created a vast, unmet need for whole-site delivery that is both unified and adaptable.

Content providers and e-tailers alike have come to understand that the traditional content delivery network (CDN) model is ill-equipped to globally and strategically accelerate content delivery. Content providers and e-tailers also recognize that their Website performance has a critical and tangible impact on their users' experience, customer site loyalty and revenue generation. Whole-site acceleration promises to be an ideal solution to optimize all communications between the origin server and the user. However, there is still some confusion about what constitutes whole-site acceleration.

Traditional CDN model is highly fragmented

Basic CDNs have proven effective at pushing large volumes of static content at scale over a distributed network. Some content providers utilize secondary CDNs to optimize delivery of video. Others are constrained from delivering static content over a CDN because they have Secure Sockets Layer (SSL) content that cannot be split between providers, as the routing decision is done on the Domain Name System (DNS) level when it is still not known if the required content is HTTP or HTTP Secure (HTTPS). Content providers have limited options for acceleration of dynamic, non-cacheable content.

Dynamic Site Acceleration

Dynamic site acceleration

To date, only a few CDNs offer Dynamic Site Acceleration (DSA) to improve the performance of personalized and dynamic content and acceleration of transaction-based Web applications. Acceleration of dynamic content through an improved TCP/IP path is particularly important for financial transactions such as e-commerce (since latency may be perceived as failure by the user). Lowering the latency and improving the performance of a site increases the conversion and site loyalty.

The traditional CDN model does not allow for effective Website integration. HTML code must be changed at the origin to tag and differentiate static from dynamic content. For many sites, this structure changes frequently. Control and visibility are very limited since there is no full-site or real-time reporting, precluding the online business from making informed decisions regarding server load balancing and performance enhancement.

Active management of content performance and cost is rendered impossible with the traditional CDN model. As content providers give greater priority to content monetization, manageability becomes imperative.

Eight Components of Whole-Site Acceleration

Eight components of whole-site acceleration

Whole-site acceleration is a completely integrated system that optimizes and accelerates all content and applications delivered by an origin server to an end customer. Whole-site acceleration puts an end to segregation of content by type since it serves as a proxy for all of the content provider's Web traffic. True whole-site acceleration should comprise all of the following eight components:

Component No. 1: Acceleration of static content

Static content objects that do not change for the user (such as graphics, videos and browser-based Flash applications) are cached at distributed locations for faster delivery.

Component No. 2: Acceleration of dynamic content

DSA speeds delivery of dynamic Websites and Web applications for an enhanced user experience. Acceleration of dynamic content is particularly important for e-commerce, news feeds, PHP, JavaServer Pages (JSP) and machine-to-machine traffic. This acceleration is accomplished through protocol and connection optimization between the origin server and the CDN, plus a reduction in origin server load for much higher efficiency. DSA will typically decrease latency for first byte delivery and the time to deliver an entire object. DSA also reduces the amount of round trips needed from the user to the origin per object. 

Component No. 3: Flexibility of dynamic acceleration mode

Whole-site acceleration offers the flexibility to utilize asymmetric, symmetric or mixed-mode acceleration of dynamic content. With asymmetric acceleration, connection aggregation and protocol optimization occur between the content provider's origin server and a last-mile POP that is close to the user. Symmetric acceleration provides an additional acceleration touch point near the content provider's origin server, enabling faster acceleration and superior congestion control management. The flexibility of choosing acceleration modes enables online businesses to evaluate the costs and benefits of each mode for a given location and service.

Component No. 4: Origin Protection

Component No. 4: Origin protection

Whole-site acceleration provides shielding to the origin servers. Content providers can decide to not publish the IPs of the origins and configure them to accept only connections from the CDN. Thus, all traffic is directed to the CDN servers, not exposing the origin directly to the users. This increases the security of the origin servers and the application-and it provides better protection against cybercrime such as distributed denial of service (DDoS) attacks.

Component No. 5: Integrated central management platform

Integrated whole-site acceleration enables content delivery to be managed from one location (and not from the origin, or deploying on multiple origins). Online businesses can access a unified management platform to determine what should be cached and the duration of the cache. Cache behavior, content TTL and browser headers can be variably controlled based on object type, directory or domain. An integrated platform also enables content providers to establish routing policies such as load balancing between servers to optimize capacity and adjust for geographic activity variances.

Component No. 6: Fast deployment

Getting deployment-ready within hours or even minutes has become even more critical for today's content providers. Whole-site acceleration enables fast integration and implementation with no modification to existing architecture or system outputs.

Component No. 7: SSL Support

Component No. 7: SSL support

Any Website conducting secure transactions-either dynamic or static-must have whole-site acceleration that offers SSL support. As the IP address resolution of a server is done on the DNS level-when it is still unknown whether the content is HTTP or HTTPS-secure traffic cannot be diverted to another IP. Thus, both HTTP and HTTPS traffic must be handled in the same location as, in both cases, the host will resolve to the same IP address. Additionally, the CDN must be able to host and cache private or shared SSL certificates. No changes should be required to the Web architecture to integrate SSL transactions.

Component No. 8: Real-time reports

Since all of the site's traffic passes through the CDN, whole-site acceleration should deliver comprehensive, actionable data in real time. This level of visibility empowers content providers to evaluate and respond quickly to their content's performance. At the same time, logs and historical data provide the visibility of short and long-term trends in Web traffic. An integrated reporting platform gives online businesses the control they need to monitor and adjust performance on a granular level.

Empowerment of online businesses

Whole-site acceleration is poised to be a real game changer for the CDN industry because it puts online businesses in control to a degree never before possible. Real-time, whole-site performance data delivers unprecedented visibility and relevant, actionable metrics. Since online transaction speed is inextricably linked to consumer conversion, whole-site acceleration delivers information that is essential to make informed business decisions.

David Drai is co-founder and Chief Technology Officer of Cotendo. David plays a key role in the creation and development of core technologies at Cotendo. He brings deep expertise to this position, as he is the holder of multiple patents in the areas of content management and network technologies development. David also has experience as the lead technologist for the integration and deployment of new technologies in business-critical customer environments. Prior to co-founding Cotendo, David spent over a decade at Commtouch Software as research and development director in networking programming. At Commtouch, David's achievements included the design and development of the Commtouch Antispam Infrastructure as well as other real-time, software-based services. Other initiatives at Commtouch led by David included user interface development and integration support for large service providers and top customers. David earned a Bachelor's degree in Computer Science from the Technion, Israel Institute of Technology. He can be reached at

Rocket Fuel