/VS-logo-2020-197x60.png?width=136&height=60&name=VS-logo-2020-197x60.png "Varnish Software"){kind=logo}
Although it’s not a traditional cybersecurity method, origin shielding lets you protect your origin server(s) from overload, ensuring high availability, performance uptime, and the ability to continue serving web and video traffic even when you experience a CDN outage. As we’ve seen with recent Fastly and Akamai CDN downtime events, the ability to create resilience and operate even in outage situations is a lifesaver.
An origin shield acts as a kind of security in several ways. First, it can mitigate the effects of both malicious and non-malicious traffic overloads and DDoS attacks. Second, it guards your business against the worst effects of unplanned downtime.
What is an origin shield?
An origin shield is an extra caching layer between your origin server(s) and your CDN edge servers. One of the worst things you can experience in delivering content is a total server outage with no redundancy or backup. Usually, this shouldn’t happen, but in high-traffic events where unheard-of peaks are hit, you need to have measures in place to protect your origin at all costs.
At a basic level, origin shields deliver this extra caching layer to provide extra protection and performance. But what does an origin shield do in a more complex setup, for example, with multiple CDNs? Essentially, then too, the origin-protect technology kicks into gear to ensure optimal performance within the multi-CDN arrangement. That is, sometimes a CDN has a “bad day” and other CDNs within the multi-CDN setup can be relied on to shield underperforming servers.
How does an origin shield work?
Fundamentally, an origin shield reduces the number of calls to your origin server by designating a proxy/cache point of presence (PoP) as the “collection point” for incoming requests that are not already in cache. Instead of being overwhelmed by hundreds or millions of incoming individual requests, your origin server receives only the request from the designated PoP, which then caches and serves the content itself. This increases your cache-hit efficiency and lets you serve content faster and more efficiently, and keeps your site running smoothly (no downtime at origin).
The same principle is at work in the multi-CDN case. One of the caching PoPs you’ve set up will be the primary CDN within the multi-CDN configuration and will continue to send a single request to the origin for content not in cache. This PoP then shares that content with the other CDNs in the configuration.
When should origin shielding be used?
Origin shielding is never a bad idea because you never want to leave the user experience to chance. But origin shielding is essential in certain high-performance use cases in which users are expecting a certain level of service and in which multi-CDN setups are the norm. For example, live video streaming, video on demand (VoD), and applications like gaming updates (large, time-consuming files to update).
What benefits does origin shielding offer?
- Continue to serve web and video content in the event of an outage
- Protection for the origin against traffic overloads, maintaining high availability and redundancy in your setup
- Reduction of risk from and protection against intentional DDoS and unintentional DDoS-like attacks
- Enjoy an extra layer of security at no additional cost or effort
- Enhance content delivery performance -- faster and more reliable, thanks to better cache efficiency
- Resilience for secure, high-performance for both single and multi-CDN setups
