Akamai's Content Delivery Network (CDN) is a globally distributed platform designed to optimize web performance and ensure content availability. This article describes the steps required to integrate Cequence Unified API Protection (UAP) platform with Akamai to discover and protect traffic that is routed through the Akamai CDN.

Configure new origin server in Akamai

To get started with the integration, you can configure Akamai to send a small percentage of traffic, such as 5%, to the Cequence UAP platform, routing the remaining traffic directly to the respective origin servers. This sampling of traffic can be gradually increased within the Akamai configuration, requiring no configuration changes to Cequence.

You can configure your Akamai property to split traffic between the backend application and the Cequence UAP platform. The Cequence UAP platform analyzes the traffic before passing it on to the backend application.

Configuring the traffic split at the Akamai level involves configuring an Akamai property. Properties and the Akamai Property Manager are discussed in depth in the Akamai documentation. These procedures assume, as a pre-requisite, that you have already configured an Akamai origin to use as a traffic source.

Note: Using "Sample Percentage" with the "Origin Server" behavior may disable the use of the Akamai Content ControlUtility to purge content. Consult Akamai for alternative configurations if this functionality is required.

1. Log in to the Akamai Control Center.
2. Create a new rule.
   1. Navigate to a property configuration.
   2. Click Add New Rule.
3. Define sampling criteria.
   1. In Name, type a name for the rule, such as Cequence Traffic Sampling.
   2. In Criteria, select Sample Percentage, e.g. 5%.
   3. Set the sampling percentage.
4. Define the behaviors for the Cequence origin.
   1. In Behaviors section, select Origin Server, then configure the following settings.
      
      1. In Origin Type, select Your Origin.
      2. In Origin Server Hostname, type the hostname of your Cequence Defender.
      3. In Forward Host Header, select Origin Hostname.
      4. In Cache Key Hostname, select Origin Hostname.
      5. In Origin IP Version, select IPv4-Only.
      6. Enable additional options, particularly GZip compression and True Client IP Headers.
5. Only perform this step when required by your configuration and use case.
   1. In Origin SSL Certificate Verification, set the verification settings that match your requirements.
   2. Enable or disable Use SNI TLS Extension according to your origin server's configuration.
6. Define the ports and TLS versions.
   1. Specify the HTTP and HTTPS ports.
      Typical values are 80 for HTTP and 443 for HTTPS.
   2. If required, set the minimum TLS version.
7. Click Save.

After testing that traffic is being properly routed, activate the configuration in the staging and production environments.

Ensure that both origins are properly configured to handle traffic before deploying these changes.

Configure Application Availability

Application availability must be ensured with the addition of the Cequence UAP platform to the traffic flow between Akamai and the back end.  

Configure a failover to handle the rare event where the Cequence UAP platform becomes unavailable, in order to route traffic directly to the Application Origin.

Such a fail-open scenario can be configured with a failover routing policy configuration. You can create a failover routing policy with either of the following approaches.

• Akamai Traffic Manager products - Global Traffic Management (GTM) or Application Load Balancer (ALB) Cloudlet.
• Cequence UAP Traffic Manager.

The failover routing policy creates a DNS hostname that sets two CNAME records pointing at the Cequence UAP origin as the secondary, while the application origin acts as the primary.

This DNS hostname will be set as the origin hostname for forwarding application traffic to Cequence UAP on the Akamai configuration.