Alibaba Cloud CDN uses globally distributed edge nodes to accelerate and secure content delivery for enterprises and public service sectors. Alibaba Cloud CDN is an all-in-one content delivery service for a variety of sectors, such as public service, finance, media, retail, and transportation.

Secure acceleration for enterprises and public service sectors

Compared with standard Alibaba Cloud CDN and Dynamic Route for CDN (DCDN), secure acceleration for enterprises and public service sectors provides more security features. Therefore, the overall price of this feature is higher than that of standard Alibaba Cloud CDN and DCDN. If your services involve finance, public service, media, retail, or transportation and you want to learn more about secure acceleration for enterprises and public service sectors, click Consult the secure acceleration solution to submit an application.

Note

Scenarios

Scenario Event
Public service
  • Public service websites and applications must withstand large numbers of concurrent requests in cases of public emergencies.
  • If attackers tamper with the content of the websites, the credibility of public service sectors may be compromised.
Finance
  • The business is complex and must comply with regulatory requirements.
  • Information, transactions, and data must be protected.
  • Node services and origin servers must maintain high availability.
  • Cross-border requests are required.
TV broadcasting and media
  • If attackers tamper with the media content, the credibility of the media may be compromised.
  • Malicious behaviors such as crawling and hotlinking may lead to data or content leakage.
Enterprise Office automation (OA) and enterprise resource planning (ERP) systems have slow access performance, which affects work efficiency.

Benefits

  • DCDN: DCDN can identify dynamic and static content. Static content is cached on edge nodes. The delivery of dynamic content is accelerated by using an intelligent scheduling system.
    • Intelligence and efficiency: Intelligent scheduling and protocol optimization accelerate content delivery and reduce costs.
    • Professional services: Standard services such as real-time monitoring and monthly reports, emergency response, and major event protection reinforce the security of your business.
  • Edge security: Alibaba Cloud CDN protects your business from attacks, tampering, and overloading based on more than 2,800 globally distributed edge nodes.
    • Application layer security: Edge nodes are integrated with Web Application Firewall (WAF) to protect your business from Open Web Application Security Project (OWASP)-identified threats and HTTP flood attacks. This facilitates traffic management and reduces loads on origin servers.
    • Network layer security: Edge nodes can intelligently detect DDoS attacks and interact with Anti-DDoS Pro to mitigate DDoS attacks.
    • Data link layer security: Alibaba Cloud CDN provides independent nodes to ensure that resources deployed on these nodes are isolated. The ShangMi (SM) cipher suite is used to secure data transfer. Alibaba Cloud CDN also checks node consistency to ensure that your business is tamper-resistant.
    • Edge availability: Alibaba Cloud CDN allows you to specify secondary origin servers to ensure the availability of origin servers. In addition, Alibaba Cloud CDN supports failover, monitoring, alerting, and the offline mode to further ensure origin server availability.
    • Compliance: Alibaba Cloud has obtained 97 certificates of compliance and Alibaba Cloud CDN has obtained 47 certificates of compliance, including Level 3 Classified Protection of Cybersecurity, Level 4 Classified Protection of Cybersecurity for Alibaba Finance Cloud, Trusted Cloud, ISO27001, and PCI DSS.

Features

The following table describes the features of secure acceleration for enterprises and public service sectors.

Billable item Billing rule Setting
Business mode Supports data transfer plans that can be used to offset data transfer fees. For more information about the specifications and pricing of data transfer plans, contact Alibaba Cloud customer service. Select one
Supports the pay-as-you-go billing method based on the following metering methods: pay-by-95th-percentile, average daily peak bandwidth per month, and pay-by-data-transfer per hour. You are charged for data transfer and bandwidth resources. Value-added services do not charge additional fees. For more information, contact Alibaba Cloud customer service.
Content delivery acceleration Delivery acceleration for static content: accelerates the delivery of static content, including small image files, large files, audio files, and video files. Select one
DCDN: accelerates the delivery of dynamic content by using an optimal route selected by the intelligent scheduling system. This improves user experience and ensures the stability of your services.
Value-added services: support HTTPS and QUIC requests for static content, HTTPS, HTTP, and QUIC requests for dynamic content, and real-time log delivery. Enabled
Application layer protection Access control: supports hotlink protection based on the Referer header, URL authentication, IP whitelists and blacklists, and user-agent (UA) whitelists and blacklists. Enabled
HTTPS: supports SSL certificate management, HTTP/2, force redirect, Transport Layer Security (TLS) version control, HTTP Strict Transport Security (HSTS), keyless solutions, and the SM cipher suite. Enabled
WAF: supports WAF Pro Edition and Business Edition. WAF can protect your services from common attacks identified by OWASP and data leakage, and ensure the security and availability of your services. Enabled
Rate limiting: uses an exclusive rate limiting engine and blocks malicious requests based on default or custom policies. This ensures the stability of your services and prevents HTTP flood attacks. Enabled
Bot traffic management: supports crawler whitelists, threat intelligence, and AI protection. This feature detects advanced crawlers, and minimizes the impacts of crawlers and automation tools. Enabled
Region blacklist: allows you to configure a region blacklist to block requests from IP addresses in specific regions. This improves the security of your services. Enabled
Network layer protection Sandbox-free: If your websites is under HTTP flood attacks, Alibaba Cloud CDN mitigates the HTTP flood attacks without using sandboxes. This solution protects your services without degrading the performance of Alibaba Cloud CDN. Enabled
DDoS mitigation: Alibaba Cloud CDN is integrated with Anti-DDoS Pro to identify and mitigate DDoS attacks by using automatic traffic scheduling. We recommend that you use DDoS mitigation together with exclusive resource plans. Enabled
IP blacklists: You can configure blacklists to temporarily or permanently block up to millions of IP addresses. Enabled
Exclusive feature Exclusive resources: Exclusive resources are provided to enterprises and public service sectors. These resources are isolated from those of other users to ensure service stability. Enabled
Service reports: Alibaba Cloud CDN provides comprehensive and periodic service reports about traffic, bandwidth, back-to-origin traffic and bandwidth, the number of requests, cache hit ratios, HTTP status codes, and statistics collected by region. Enabled
SM cipher suite: Alibaba Cloud CDN supports the SM cipher suite, which is based on the BabaSSL standard. Enabled
Offline mode: If an origin server fails, edge nodes can respond to requests with cached content. This ensures the availability of your service. Enabled
Tamper-proof: prevents attackers from tampering with the content during content delivery. Enabled
Origin protection: queries the IP addresses of CDN edge nodes during back-to-origin routing. Then, you can add the IP addresses to the whitelist on the origin server or origin server firewall to reinforce protection. Enabled
IPv6: supports the IPv6 feature and addresses IPv6 performance issues. Enabled
Unified resource management solution: provides a unified resource management solution for complex organization structure. This facilitates resource management for large companies. Enabled
Certificates of compliance: Level 3 Classified Protection of Cybersecurity 2.0, ISO27000, PCI DSS, Trusted Cloud, and GDPR. Enabled
Value-added service Exclusive resource plans: provide exclusive IP addresses. This ensures the independence and stability of your service. Optional
Exclusive services: support platform services, after-sales services, and major event services. Optional

Security settings

References