Edge Security Acceleration (ESA) is a globally distributed edge network platform. With over 3,200 points of presence (POP) worldwide, ESA provides a unified solution for network acceleration, security protection, and edge computing services. It helps industries like gaming, e-commerce, finance, and media overcome high-latency global access, frequent network attacks, and the performance bottlenecks of centralized computing.
Product architecture
ESA is a unified cloud service to manage your network and edge infrastructure. It delivers robust protection and acceleration for internet content, applications, data centers, enterprise networks, and AI workloads.
Global infrastructure
Through its globally distributed core POPs, ESA connects major global cloud service providers, data centers, and carriers. It provides stable interconnected links and uses Anycast routing to further reduce end-to-end latency.
Full-site traffic optimization and protection
ESA optimizes and protects traffic for all websites, applications, and AI services running on the platform at both the network and application layers. For Enterprise plan users, ESA also supports private network interconnection between your on-premises data centers and the ESA edge. To learn more about this service, contact our sales team.
Serverless development platform
Powered by a cloud-native architecture, ESA provides a serverless environment on more than 3,200 POPs. This integrated platform combines compute and storage capabilities, including Edge KV, offering a Node.js-compatible service that enables developers to quickly deploy applications across the ESA global network.
Full-stack security and performance analytics
ESA uses a log collection system to gather and store full-stack logs including DNS, network, and application layer data in compliance with regulations. Its low-latency analytics system processes this data in near real time, enabling you to identify anomalous attacks within minutes.
Why choose ESA
ESA runs on a global infrastructure, including over 10,000 direct connections to internet service providers, more than 3,200 POPs, and over 180 Tbps of bandwidth capacity. This network brings you:
Low-latency access across the globe
ESA uses an Anycast system to direct traffic to a high-performance POP and achieves an average global DNS resolution time of under 30 ms. It also uses an intelligent scheduling system that precisely routes users to the nearest optimal POP. This combination provides a stable, low-latency path with millisecond-level end-to-end latency for a fast user experience.
Multilayer native security protection
ESA provides native DDoS Protection and a native Web Application Firewall (WAF) that use Alibaba Cloud's proprietary machine learning algorithms to inspect every request for threats. Edge DDoS attack mitigation has a global capacity of over 20 Tbps.
Integrated serverless edge capabilities
Unlike centralized deployments, each ESA POP offers a serverless service that integrates computing, storage, and networking. It provides your business with capabilities such as dual-mode deployment using Edge Fuctions or container images, automatic auto-scaling, and Edge KV storage.
Real-time data monitoring and analytics
ESA's logging and analytics system provides up-to-the-second data collection. It integrates multi-dimensional filters and components to help you achieve fine-grained, real-time operational control.
Differences between ESA, DCDN, and CDN
ESA represents an advancement over our Content Delivery Network (CDN) and Dynamic Content Delivery Network (DCDN) products, delivering a new level of performance and security for your site.
A faster experience
Feature | Description | ESA | DCDN | CDN |
Cache-based acceleration | Caches static resources like images, audio/video, and CSS files on POPs. Optimizes routing and transmission for dynamic content, such as API calls and database interactions, to improve access speed and user experience. |
| Accelerates both static and dynamic content. | Accelerates static content. |
ESA provides high-performance, secure DNS services. One-stop access reduces DNS latency and mitigates service abnormalities caused by DNS attacks. | Supported | Not supported | Not supported | |
Network optimization |
| Supported | Not supported | Not supported |
Provides proxy acceleration and protection for Layer 4 (TCP/UDP) scenarios, such as real-time competitive games and interactive audio/video. |
|
| Not supported |
More reliable protection
Feature | Description | ESA | DCDN | CDN |
WAF | Based on WAF 3.0, it identifies malicious traffic signatures to ensure that only legitimate and safe traffic is forwarded to your origin server. | Comprehensive WAF protection, including support for custom protection rules and policies generated from data analytics. | Basic WAF protection. | Not supported |
Defends against large-volume distributed Denial of Service (DDoS) attacks to protect the normal operation of online businesses. | The Entrance, Pro, and Premium plans include basic platform-level DDoS protection, while the Enterprise plan supports up to Tbps-level protection. | Supports up to Tbps-level DDoS attack mitigation. | Not supported | |
Bot management | Identifies and prevents various malicious or automated bots from attacking your website or services. | Supports bot management through SDK integration for H5 pages, native Android apps, and iOS apps. | Basic bot management. | Not supported |
Configures the origin to allow access only from POP IPs, protecting it from malicious access by external IPs. | Supported | Not supported | Not supported | |
Defends against large-scale DNS attacks and provides stable DNS resolution for ultra-high Queries Per Second (QPS). | Supports hundreds of millions of QPS. | Supports tens of millions of QPS. | Not supported |
More flexible computing
Feature | Description | ESA | DCDN | CDN |
Functions and Pages | A serverless service that allows you to support deploying JavaScript code directly on POPs. User requests are processed at the nearest POP, significantly reducing latency and enabling a low-latency computing experience. |
| Supports routine deployment only. | Not supported |
A Key-Value storage service provided at edge. When combined with edge functions, it enables fast data reads from storage on the same POP, allowing you to deploy lightweight BaaS, API gateway services, and more. | Supported | Supported | Not supported | |
A highly elastic and low-maintenance compute resource deployed on edge, centered on containerized applications. Through global deployment and nearest-POP scheduling, it simplifies protocol handling and dramatically reduces response latency. You do not need to purchase servers or worry about application scaling and maintenance, allowing you to focus on application development rather than underlying infrastructure management. | Supported | Not supported | Not supported |
Simpler configuration
Feature | Description | ESA | DCDN | CDN |
Add a website | A streamlined process for adding a website, fully integrating core capabilities like DNS, acceleration, computing, and security. | Accelerates specified domains. | Accelerates specified domains. | |
SSL/TLS certificate management | Lets you issue certificates to clients. It uses a certificate pool model, allowing multiple site domains to share the same certificate, reducing operational complexity. |
| Not supported | Not supported |
Plan management | Features separate management for prepaid plans and value-added services, enabling simple cost control based on business volume and supporting flexible plan upgrades. | Supported | Not supported | Not supported |
Rules | Provides rules with interactive user interface for you to create more fine-grained, personalized configurations. | Supported | Not supported | Not supported |
Traffic control | POPs use the scheduling system and origin probing to distribute request traffic, balance the load across multiple origins, reduce link latency and improve service availability. |
| Simple weight-based and primary/standby configurations. | Simple weight-based and primary/standby configurations. |
Version management | Version management lets you test, deploy, and roll back configuration changes based on custom request rules. | Supported | Not supported | Not supported |
Get started with ESA
Add your website to ESA to experience the acceleration and protection for your business.
Use cases
Global acceleration
For businesses that operate in multiple countries and regions, such as cross-border e-commerce, global games, and international applications, user access latency and network security are core challenges.
Recommended solution: Use ESA's NS setup and implement secure cross-region acceleration.
Edge computing for high-concurrency applications
For scenarios that require quick responses to user requests, such as real-time APIs, online personalized recommendations, and Internet of Things (IoT) data processing, deploying computing logic at POPs close to users can effectively reduce origin latency.
Recommended solution: Use edge functions to accelerate website rendering or deploy applications using edge functions and MCP.
Security protection
If you face frequent DDoS attacks, collapse challenge (CC) attacks, or traffic fraud (click farming) common in finance, gaming, and government sites, you need strong protection to ensure business continuity.
Recommended solution: See traffic abuse prevention. You can also enable origin protection powered by CloudMonitor.