User guide for the new version of the Azure Content Delivery Network portal

The Azure Content Delivery Network portal has been redesigned so that function modules are categorized, and a number of new management functions have been added.Selecting the Manage button in the Azure portal currently takes you to the old portal. You can select Access the New Site in the Overview interface to go to the new version of the management portal.

The functions of the new version of the Management Portal are shown below:

Overview of the Azure Content Delivery Network management page

From the Overview page, you can view the basic details for your Content Delivery Network subscription account. You can view key data such as the total number of accelerated domain names, enabled domain names, total traffic for the current month, and peak bandwidth for the current day.You can also view the traffic trend graph and bandwidth trend graph for the current month.

**Number of domain names*:

Statistics on accelerated domain names that were already created under the current Azure subscriptions.

**Accelerated domain names that are already enabled*:

Statistics on accelerated domain names that are currently enabled under the current Azure subscriptions.

**Total traffic for the current month*:

Total traffic in megabytes (MB) that were used by all accelerated domain names under the current Azure subscriptions during the current month.

**Traffic for the current month*:

Details of traffic for each day in the current month under the current Azure subscriptions. If you need more detailed traffic information, you can select Traffic Reports in the left navigation pane to go to the traffic statistics report page.

**Monthly bandwidth*: Details of the peak bandwidth in kilobits per second (Kb/s) for each day in the current month. If you need more detailed bandwidth information, click Bandwidth Reports in the left navigation pane to go to the bandwidth statistics report page.

Domain name management

Select Domain Name Management in the left navigation pane to display a list view of all Content Delivery Network acceleration domain names that were created under the current Azure subscriptions. You can search for the domain name you want to manage from the search box.You can also select various subscriptions in the Azure subscriptions drop-down list to see details of Content Delivery Network acceleration domain names under the various subscriptions.You can also select the corresponding domain name line to perform operations such as Edit Configuration, Cache Rule Configuration, or Access Control Management for the selected domain names.

Accelerated domain name list view

The domain name list view includes:

  • Custom domain names, which are used to access Content Delivery Network-cached content. These domain names must be accompanied by the corresponding ICP record details.
  • Source station addresses, which are the origin domain for content that is cached on the Content Delivery Network.
  • Status, which may be either enabled or disabled (including ICP approval, requires CNAME configuration, disabled, and other non-enabled statuses). ****
  • ICP record information corresponding to domain names.
  • Acceleration type, which includes the acceleration types that are currently supported: website acceleration, download acceleration, HTTP VoD acceleration, “live-streaming media acceleration, “HTTPS acceleration, and image processing acceleration).
  • The Azure Content Delivery Network platform provides CNAMEs, all of which are appended with .mschcdn.com. The domain name provider must map its custom domain name to this CNAME.
  • CNAME status can be Active or Inactive.

[!NOTE] You need to configure the CNAME mapping details for your accelerated domain name after the Content Delivery Network service takes effect (within 60 minutes). You can then map it to the network domain name that is provided by Microsoft.

[!NOTE] Only domain names with an enabled status can use the network service normally.

Properties view

When you select a domain name line, a view of the operations that you can perform to change the domain names appears at the right.From the Properties view, you can edit the source station domain name or host header.

[!NOTE] The value of the host string in the HTTP request header if the host header indicates the return-to-source Content Delivery Network is generally a character string in the form of a domain name. The source station uses this domain name to identify whether it is the same as the domain name that was configured on the source station. Cache rule configuration view

When you select a domain name line, a view of the operations that you can perform to change the domain names appears at the right.The system sets default rules based on the cache rules.You can adjust these settings to your own requirements.User rules are given priority in matching. If there are no hits for user rules, the system default cache rules are implemented item by item.

[!NOTE]

  • No-cache rules are prioritized
  • The cache rules are implemented from top to bottom

Cache rule configuration

You can select Cache rule configuration, and then set the required cache rules for domain names, including:

  • Directory-based configuration:

    Directories must begin with a forward slash (/) (for example, /pic, /doc, or /htdoc/data).The back-end matches all files within the designated directory,** including subdirectories**.

  • File extension-based configuration:

    The back-end matches common file extensions, such as .jpg, .png, .gif, .txt, .m4v, or .mp3.The back-end matches the specified file suffixes within all folders.

  • Full path-based configuration:

    This configuration is used to specify a single file, and it must start with a forward slash (/)(for example, /sites/doc/example.doc).

[!NOTE]

  • If the path that you enter is a forward slash (/), it will match the home page.
  • The character strings that you enter when you configure rules must not include any of the following special characters: {, }, (, ), [, ], ., ?, *, , ^, or $.
  • Entering a time of “0” means that caching is prohibited.

**Cache configuration order*:

The system matches each item consecutively on the basis of the order of configuration. The rule that is configured first is given the highest priority level. *After a rule is matched, subsequent rules are *no longer matched.

**Custom templates*:

Use Apply a custom template to quickly create cache configuration rules.The previous diagram shows a rule that is created after you go to Apply a custom template and then select Common files.You can edit the automatically created rules as required.

**Prohibiting cache setup*:

If you select the Set to caching prohibited option, the accelerated domain name is not cached.

Access control management

You can use access control management to set up and configure referer blacklists and whitelists, and thereby implement an anti-theft chain.

After you enable the anti-theft chain, you can edit the external link rules.Each rule is made up of a path and a file name(for example, /*.png means all png files in the root directory).

Each rule is made up of a path and a file name(for example, /*.png means all png files in the root directory).

  • If you set up a blacklist, access is denied if the referrer is in the blacklist, but is otherwise permitted.
  • If you set up a whitelist, access is permitted only if the referrer is one of the domain names in the whitelist.

When you select Submit and wait for the operation to finish, the interface shows whether the operation was successful.If you select Submit and the close button, the dialog box closes immediately.The next time you open the dialog box, it displays the status of the last operation.

Enable HTTPS (customer-supplied certificates)

Select the domain name that you want to enable HTTPS services for, select HTTPS (customer-supplied certificates) from the interface on the right. Then select “Enable” to bind a certificate. Select a downloaded certificate from the drop-down list box beneath the uploaded certificates. Select Confirm.If there are no compliant certificates, select “Certificate Management” in Security Management. Then upload the certificate from Certificate Management.

  • Certificate deployment: After you bind a domain name, the system will notify you that “The certificate is currently being deployed and will generally take effect within 2-4 hours. Please contact us if deployment is not completed within 24 hours. ”

  • After the domain name has been successfully bound, the system will notify you that “The certificate has been successfully bound. You can access the accelerated domain name via HTTPS,” and you will be able to view details of the certificate.The “HTTPS status (customer-supplied certificate)” for the domain name will also change to “Active.”

    • Select the domain name to view details of the certificate.

    • The “HTTPS status (customer-supplied certificate)” for the domain name will change to “Active.”

  • Replacing a certificate: If you have already enabled the HTTPS customer-supplied certificate service, you can replace the certificate for the corresponding domain name in Domain Name Management.

    • Select the domain name that you want to replace the certificate for, go to HTTPS (customer-supplied certificate), and replace the certificate:

    • Select the certificate that you want to replace and select Save.

Monitoring and analysis

Traffic bandwidth

Select the custom accelerated domain name (individual domain names or all of them) and time range that you want to view Then click Refresh. The interface displays traffic and bandwidth statistics reports that meet the conditions you specified. For data format details and implications, refer to the explanations on the actual interface page.

Traffic statistics reports have the following functions:

  • If you have multiple Azure subscriptions, you can check traffic statistics for individual subscriptions, as well as return-to-source traffic statistics.
  • If you have Azure subscriptions with multiple accelerated domain names, you can view individual accelerated domain name traffic (and return-to-source traffic) statistics results and summaries of all accelerated domain name traffic (and return-to-source traffic).
  • The highest level of precision for queries is accurate to the minute.
  • Traffic statistics provide multiple time-range types for queries. You can query traffic statistics for the last 24 hours, the last seven days, and the previous month.You can also check traffic and return-to-source traffic for a specific time period, which cannot exceed 60 days.

Bandwidth statistics reports have the following functions:

  • If you have multiple Azure subscriptions, you can check bandwidth statistics for individual subscriptions, as well as return-to-source bandwidth statistics.
  • If you have Azure subscriptions with multiple accelerated domain names, you can view individual accelerated domain name bandwidth (and return-to-source traffic) statistics results and summaries of all accelerated domain name bandwidth (and return-to-source traffic) information.
  • The highest level of precision for queries is accurate to the minute.
  • Bandwidth statistics display the time at which peak bandwidth levels occur.
  • Bandwidth statistics provide flexible time range options for queries. You can query bandwidth statistics for the last 24 hours and the previous month.You can also check bandwidth statistics for a specific time period, which cannot exceed 60 days.

Log analysis

Log analysis provides customers who have enabled the log download function with the ability to view access data, status code analysis, hit rate data, regional distribution, and operator distribution.

Note Log analysis is based on the log download function. Even if you use the log analysis functions, you need to go to Log download in Automatic Service Tools to enable the log download function for the domain name.See Log download to find out how to enable the log download function.

The data in log downloads and log analyses is valid from the time that log downloading was enabled. You cannot view data from before this time.Logs generally have a 12-hour delay. You should be able to see log analysis data 12 hours after you enable the log download function.

In Queries and Analysis, select “Custom domain name” and the “Time” for the log analysis results that you want to view.The time period defaults to the last 24 hours. Because there is a 12-hour delay, the data displayed will be for the last 12-24 hours.

Log analysis provides the following functions:

  • Access statistics: View the number of requests and the regional distribution for a particular domain name within a specific time period.
  • Status code statistics: View status code analysis by request and traffic for a particular domain name within a specific time period, for example the ratios of 2XX, 3XX, 4XX, and 5XX.

  • Hit rate data: View the ratio of hit rates and returns to source by requests and traffic for a particular domain name within a specific time period.

  • Regional distribution: View the top 10 regions by request and traffic, as well as their share of the totals, for a particular domain name within a specific time period.

  • Operator distribution: View the top 10 operators by request and traffic, as well as their share of the totals, for a particular domain name within a specific time period.

Content management

Cache refresh

Select Cache Refresh in the lower-left navigation pane to perform a manual refresh of the specified files or directories.

Cache-refresh list view

In the Query Previous Data view at the right of the Cache-refresh list view, select the domain name, time range, and status that you want to check. Then click Refresh. The interface displays cache-refresh records that match the conditions you entered.

The cache-refresh list view includes:

  • Custom domain names, the URLs that you use to access Content Delivery Network cache content
  • Status (common statuses: successful, failed, or refreshing)
  • Submission time

If you successfully submitted the cache-refresh rules, the status bar shows the word Successful.If you did not successfully submit them, check to ensure that the cache-refresh rules were correct.If there are any problems, re-create and re-submit the cache-refresh rules.

Submit cache refresh

Select Submit cache refresh button to configure cache-refresh rules for individual files or for all files within a directory.

Submit file refresh

This task includes the following steps:

  1. Select File refresh.
  2. Select Add.
  3. Select the domain name that you want to configure from the list of domain names. Then enter the corresponding file path.
  4. Select Add to continue adding new rules, or select x to delete the corresponding file.
  5. Select Submit.

The newly created file-cache rules are displayed in the cache-refresh list view.

[!NOTE] Until the accelerated domain name has passed the ICP verification process, it is not possible to perform a file refresh operation, and the accelerated domain name drop-down list appears as empty.Wait until it has passed back-end verification.

Submit directory refresh

This task includes the following steps:

  1. Select File refresh.
  2. Select Add.
  3. Select the domain name that you want to configure from the list of domain names. Then enter the corresponding file path.
  4. Select “Add” to continue adding new rules, or select “x” to delete the corresponding directory path.
  5. Select Submit.

The newly created directory cache rules then appear in the Cache refresh list view.

Preloading

Preloading means caching the content of a designated URL from the source station to the network nodes. It eliminates the waiting time when you access the resource for the first time.Preloading is generally used in scenarios that involve the delivery of large files, where it can effectively improve your access experience.

Preload list view

In the “Query Previous Data” view on the right side of the Preload view, select the domain name, time range, and status that you want to check. Select Refresh. The interface displays preload records that match the conditions you entered.

The content preload list view includes:

  • Custom domain names, the URLs that you use to access Content Delivery Network cache content
  • Status (common statuses: successful, failed, or in progress)
  • Submission time

If you successfully submitted the pr-cache rules, the status bar shows the word Successful.If you did not successfully submit the rules, check to ensure that the pre-cache rules are correct.If there are any problems, re-create and re-submit the pre-cache rules.

Submit preloading

Select Submit Cache Refresh to configure pre-caching for individual or multiple files.

This task includes the following steps:

  1. In the Submit Preload view, select Add.
  2. Select the domain name that you want to configure from the list of custom domain names. Then enter the corresponding file path.
  3. Select Add to continue adding new rules, or select x to delete the corresponding directory path.
  4. Select Submit.

The newly created precache loading rules are displayed in the precache loading list view.

Self-service tools

Service check

After you have created a Content Delivery Network service endpoint, you can perform some basic checks in the Service Check view.We strongly recommend that you perform service checks before you carry out CNAME operations.

As shown in the preceding image, select the domain name to be checked, provide a resource that the source station can access, and then select Check.

  1. Source station normal indicates that the resource provided can be accessed.
  2. Content Delivery Network deployment complete indicates that the network services corresponding to the domain name have been deployed.
  3. Content Delivery Network cache normal indicates that the content that was accessed via the source station is consistent with the content that was accessed via Content Delivery Network. (The following HTTP headers are compared: HTTP Status Code, Last Modified Time, and Content Length.)

[!NOTE] Using the service check function does not guarantee that there are no anomalies in any of the network edge servers where the domain name is located.

Log download

Select Log Download in the left navigation pane to set Content Delivery Network raw log download parameters for specific domain names.

Log download view To download logs, first provide an Azure storage account that is used to save Content Delivery Network logs. To set up this action, select Settings.

Download settings view

In Settings, as shown on the right side of the following image, you can set the storage account and the domain name that you want to download logs for. You can also verify the accessibility of the storage account.After the setup is complete, the system automatically saves the logs that it finds to the designated storage account. You can delete the storage account to cancel log downloads.

Log format details Logs are saved in blob format with a container called cdn-access-logs.Every blob consists of a .csv file that is compressed with GZip.The meaning of each column in the log is given in the following list:

  • c-ip: Client IP address
  • timestamp: Access time
  • cs-method: HTTP request actions, such as GET/HEAD
  • cs-uri-stem: Requested URI
  • http-ver: HTTP protocol version number
  • sc-status: HTTP status code
  • sc-bytes: Number of bytes sent to the client by the server
  • c-referer: Client-side referrer URI
  • c-user-agent: Client user agent identification
  • rs-duration (ms): Time taken to complete the request (in milliseconds)
  • hit-miss: Content Delivery Network cache hit and miss identification
  • s-ip: IP address of the Content Delivery Network edge node that generated the log

[!NOTE] If the Content Delivery Network log does not contain content for a particular column, the corresponding record (for example, the c-referrer record) is marked with a dash (-).Also, depending on the edge node log configuration, the rs-duration, hit-miss, and s-ip columns might also be empty.

[!NOTE] After a website has been accelerated by the Content Delivery Network, the majority of its access records come from network edge nodes.When the network returns to the source, it enters the originating IP address in HTTP header X-Forwarded-For. The source station’s web server can edit the log to configure the information.If you need to find out the originating IP address of the client, refer to the following information.

If we take NGINX as an example, you can add the following information to the configuration file:

log_format logCDN '$remote_addr forwarded for $http_x_forwarded_for - $remote_user [$time_local] ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent"';

access_log /var/log/nginx/access.log logCDN;

Security Management

Key management

Select Key Management in the left navigation pane to generate, create, or delete access keys that are required by the Azure Content Delivery Network API interface.

Existing key list view

This view displays all of your keys.

The key list view includes:

  • ID: the ID of the key
  • Name: the user-friendly name for the key
  • Permissions. Read-only or read-write.
  • Status: including active, canceled, deleting, deleted, and creating

Key details

Select a key to view details of the key. You can also make changes to the key (for example, to update, disable, enable, or delete the key).

Create a key

Create a new key.

  • Name: the user-friendly name for the key
  • Read-only or read-write permissions

Certificate management

Certificate Management is for customers who have enabled HTTPS services and have customer-supplied certificates.From Certificate Management, you can upload and delete certificates.You can also bind a domain name to a certificate.

  • Upload a certificate: Select “Certificate management,” and select “Add SSL certificate”. Then enter the certificate name so you can identify the certificate.You need to enable the HTTPS service’s domain name certificate to upload. The certificate must be in PEM format and only the RSA PKCS8 encoding format is currently supported for private keys.See the preceding section on “Certificates” for specifics concerning certificate format conversion.

    Note: After you have uploaded the certificate, you need to go to the “Domain Name Management” interface or directly to “Certificate Management”. Bind the certificate to the domain name before the certificate can be deployed.

  • Bind a domain name to a certificate: You can bind the domain name and certificate in either “Certificate Management” or “Domain Name Management.”

    • You can directly select the domain name you want to bind when you upload the certificate in “Certificate Management.”
    • You can also bind the domain name after you have uploaded the certificate by selecting the certificate on the management page and selecting “Edit bindings” -> “Add bound domain name.”
  • Delete a certificate: You can delete a certificate by deleting it from Certificate Management.Select the certificate you want to delete and then press Delete in the window on the right.

    Note If a certificate has a bound domain name, you must unbind the certificate and the domain name before you can delete the certificate. Otherwise, you will be notified that this step must be performed first.You can unbind the certificate and domain name either by replacing the certificate for the domain name or by directly deleting the domain name.See the section on replacing certificates for details on how to replace a certificate.