What is the Best CDN Model? A Closer Look At Akamai, CloudFront And Incapsula

The CDN market is quite diverse, encompassing dozens of players serving a wide variety of industries and geographies. As the market evolves, it is constantly churning out new CDN approaches and business models to meet diverse client needs.


This article discusses traditional CDN, dedicated CDN and security CDN approaches, as epitomized by Akamai, Amazon CloudFront and Incapsula, respectively. We’ll look at the evolution of the different models, their advantages and disadvantages, and the ideal type of customer for each approach.

Screenshot 2015-07-07 03.21.47


 Akamai, the Traditional CDN



Source: https://www.behance.net/gallery/6605177/Akamai-Luna-Control-Center

Traditional CDNs focus on website acceleration, the most “conventional” of CDN offerings. This type of acceleration is achieved via a combination of caching and proxy delivery, which minimizes the geographical distance between the visitor and the hosting server, resulting in improved browsing experience and better overall responsiveness. The services are mostly characterized by their highly-scattered networks, with hundreds of PoPs (points of presence) deployed around the globe.

To better understand traditional CDNs it’s important to remember that the industry was born in the late 90’s. Due to slower network connections and last mile issues, physical distance from the web server heavily impacted performance. At that time, when “every mile” counted, delivering content from a nearby server could significantly boost performance—hence the scattered network infrastructure.

Twenty years later, with connectivity being what it is today, most CDN providers avoid maintaining vast networks of data centers. This not only due to the cost of ownership, but also because such an architecture limits their capacity to introduce new technologies, while offering only marginal speed improvements in today’s high-speed Internet environment.

Yet, with their first mover advantage and established brand identity, traditional CDNs are still going strong. A prime example of this is Akamai, the granddaddy of all CDNs, which operates a massive network comprising hundreds of “compact” PoPs spread across the world. For context, both CloudFront and Incapsula operate networks of just a few dozen “mega” PoPs, positioned in key locations that provide maximum coverage (37 for CloudFront and 25 for Incapsula).

Another important difference between these providers is their approach to content caching. Again, in accordance with its time of inception, Akamai is mainly built to deliver static content (think corporate and news websites 10 years ago). Consequently, Akamai’s caching options are optimized for delivery of large static files, such as software downloads and video streaming.

While being effective at what it does, Akamai is not as efficient in dealing with dynamically-generated content—the type often found on modern script-generated websites, SaaS (software as a service) and other highly-personalized web applications.

This also stands in contrast to its competitors, who rely on intelligent caching methods to provide a more comprehensive solution, optimized for dynamic content delivery. Incapsula, for instance, utilizes advanced traffic profiling algorithms to auto-identify and cache dynamically-generated content, while other CDN providers tackle the issue with manual optimization options.

That said, when acceleration is the main priority, or video streaming support is a must, Akamai is a good bet if you’ve got the budget. Its traditional approach is also highly suited to the Facebooks and Twitters of the world, who have to deal with abnormally huge amounts of traffic and can support the platform with in-house development and security teams.

CloudFront, the Dedicated CDN


Source: https://marc.cortinasval.cat/blog/tag/cloudfront-en/

An alternative CDN model, driven by the consolidation of hosting and development industries, is the dedicated CDN. Using this approach, a CDN platform is tailored to fit a specific popular use case.

The best examples of this approach are the dedicated CDN services offered by leading cloud computing providers, such as Amazon Web Services (AWS) and Microsoft Azure, who provide content delivery services optimized for their particular computing environments.

Given that AWS dominates the cloud computing industry with a 30% market share, it is hardly surprising that Amazon CloudFront is the frontrunner among cloud CDN providers. As you would expect, what it offers is a dedicated CDN solution specifically geared towards AWS clients that seamlessly integrates with other AWS products (e.g., Amazon EC2, Amazon ELB), all for an extremely reasonable price.

Of course, the major downside is that CloudFront is only compatible with AWS-hosted web sites and web applications where other CDNs, including Akamai and Incapsula, are infrastructure-agnostic solutions.

Consequently, Amazon CloudFront is not a viable option for a multitude of enterprises that adopt the best practice of operating in hybrid hosting environments—using either multiple cloud providers or a mix of cloud and on-premise equipment to achieve elasticity and mitigate the risk of having all their eggs in the same hosting basket.

Accordingly, if your organization requires a “pure-play” CDN and your entire network infrastructure resides within AWS, Amazon CloudFront is ideal. If not, Amazon CloudFront (or any other Cloud CDN for that matter) is unfortunately not an option.


Incapsula, the Security CDN


Source: https://www.incapsula.com/demo/

Out of the three CDN archetypes, the Security CDN is probably best suited to represent the future direction of content delivery. The idea here is to leverage CDN native characteristics to provide an integrated solution that combines content delivery with security and availability solutions. Not only does this approach extend traditional CDN functionality, it also simplifies IT operations in enterprises and reduces costs.

This concept emerged as a response to the proliferation of sophisticated web threats, which drew attention to the CDN’s potential as a deployment platform for website security, including web application firewalls (WAF) and traffic filtering services. On top of that, the CDN’s massive infrastructure, with its highly resilient mega-PoPs, is a “natural” remedy to the growing threat of denial of service (DDoS) attacks, as it offers cost effective on-demand scalability.

With the advantage of hindsight, security CDNs are now able to address the gaps in the existing market. One example of this is Incapsula, which now emerges as one of the most prominent examples of the security CDN model.

Incapsula was established by security veterans with the goal to provide affordable cloud-based WAF services, on top of the CDN platform. In recent years, however, Incapsula has also become one of the major players in the DDoS protection industry, after mitigating some of the highest-profile attacks.

Today, with 1.25TBps of network capacity and award winning traffic filtering solutions, Incapsula’s efficient DDoS protection service is used by an array of customers including cool kids like Trello and Moz and more seasoned companies like GE, Siemens and Newsweek.

Interestingly, with the recent introduction of load balancing and failover solutions, the company looks poised to make another power-play by extending its CDN offering to include a suite of high availability (HA) services. Similarly, CloudFront can also be integrated with Amazon Elastic Load Balancing (ELB) services. With that, those companies might be signaling the next CDN evolution—one which turns it into the IT equivalent of a Swiss army knife, good for multitude of DevOps and NetOps tasks.

Those future developments aside, the agility of the security CDN model is already evidenced by the fact that traditional CDN providers are imitating it. In Akamai’s case, this led to an acquisition of DDoS mitigation firm Prolexic for $370M. More than a year later, however, with both services still not fully integrated, it may take more than this investment to compensate for the lack of in-house specialization.

Buyers’ Choice in a Buyer’s Market

Choosing the right CDN solution depends on your company’s business priorities and requirements. All three CDN providers we have examined offer effective solutions for particular use cases.

Naturally, some are a better fit for your business than others and, of course, price is always a consideration. When it comes to price, Amazon CloudFront is by far the least expensive of the three, making it almost a “no-brainer” for AWS-only environments, while Akamai is by far the most expensive, with a price tag of over $10K/month (and upwards), which can be a non-starter for most small to medium-sized enterprises.

In terms of value for money, Incapsula offers the most cost-effective and comprehensive solution that fits most IT scenarios. In fact, that’s the one service that may end up saving you money, as it allows you to replace several on-premise appliances. On the flip side, there are cheaper options to be found, for those interested in conventional acceleration features.

In the end, given the applicability of each CDN approach, our advice is for you to choose the solution that best suits your own situation, your specific hosting infrastructure and your budget. One thing is certain, with new companies entering the race, CDN is a buyer’s market and you should definitely keep in mind when selecting your next provider.

[ttjad keyword=”cloud-storage-drive”]

Leave a Reply