Skip to main content
How To

Search

How to onboard a new app/domain for Managed CDN

© 2024 Cequence Security. All Rights Reserved.

How to onboard a new app/domain for Managed CDN

  • Updated on
  • ~ minute read
Download PDF
  1. Customer Request: The following information needs to be provided for each domain:
    • Domain name
    • Origin IP (PIP) or FQDN
    • Is this domain already onboarded to Cequence
    • Does this application need an SSL cert
  2. Defender mapping: If the domain requested is not already onboarded to Cequence, then Support should do the Defender mapping and then file a CLOPS ticket with subject “Estee: Defender Mapping” and then move onto step 3: Managed CDN mapping
  3. Managed CDN mapping: If the domain is already onboarded to Cequence, then Support creates a CLOPS ticket with the following:
    • Subject - Estee: Managed CDN New Domain Onboarding
    • Body - has details for domain name, Origin and Merge Request for Defender mapping
  4. 1st Pipeline: SaaS Ops runs the pipeline for Managed CDN as well as merges Defender Mapping if needed. SaaS Ops will provide Support with AWS CloudFront distribution FQDN and SSL Domain Validation entry CSV, through the CLOPS ticket.
    Note: Domain Validation must be done within 48 hours
  5. 1st customer touch point: Support sends AWS CloudFront distribution FQDN and SSL Domain Validation entry CSV with the following steps outlined for the customer
    1. Please add the entries in the attached CSV file to your DNS for Certificate Validation - The entries are only valid for 72 hours.
    2. Once you have completed these tasks, please confirm to us so that we can add the validated certificate to the CDN.
    3. We will resend a confirmation once we are able to attach the validated SSL certificate to the CDN.
    4. On receiving the confirmation, please add a CNAME to the domain, <replace with customer domain onboarded>, in your DNS with the record <replace with SaaS Ops provided AWS CloudFront distribution FQDN>
    5. Once you have made the DNS change, traffic will flow through Cequence Managed CDN+WAF service and Bot Defense.
  6. 2nd Pipeline: Once customer confirms addition of DNS entries for Certificate Validation, Support updates CLOPS ticket asking SaaS Ops to run the pipeline for Managed CDN again
    1. After the second pipeline run you need to confirm that the cdn entries in cloudfront have the proper ssl certificate and the proper alt name set.
  7. Changes ready for test: SaaS Ops confirms that the pipeline run is completed through CLOPS ticket
  8. Validation: Support validates using curl commands through AWS CloudFront to ensure valid cert and end-to-end traffic flow through defenders.  
    1. curl -v <YourCloudFrontDistro> -H "Host: <customer-domain>" 
    2. Do not use the -k flag on the curl as this will bypass confirming the proper ssl certificate was assigned to the cloudfront distro.
  9. 2nd customer touch point: Support sends confirmation to customer that we are ready to cutover
  10. Customer changes: Customer modifies DNS to point domain name to AWS CloudFront distribution FQDN
  11. Customer testing: Customer validates end-to-end traffic flow
  12. Support testing: Support verifies traffic in dashboard and closes case
NOTE: Every new domain onboarding request will have a separate AWS CloudFront distribution. If you combine multiple domain onboarding requests into a single CLOPS ticket, there will be multiple Domain Validation CSVs and AWS CloudFront distribution FQDNs that will be provided. Care needs to be taken that you are providing the right entries for each domain to the customer. 
Was this article helpful?
Japanese (Japan)