Description

This curriculum spans the technical and operational complexity of a multi-workshop program focused on enterprise CDN deployment, covering architecture, security, performance, and compliance decisions akin to those faced during large-scale internal capability builds or vendor integration projects.

Module 1: CDN Architecture and Network Topology Design

Selecting between multi-CDN and single-CDN strategies based on geographic coverage gaps and SLA variance across providers.
Designing Points of Presence (PoP) placement to balance latency reduction against operational costs in under-served regions.
Implementing anycast routing to optimize client-to-PoP path selection and mitigate DDoS risks.
Integrating private backbone links between PoPs to improve inter-node reliability and reduce third-party transit dependencies.
Evaluating cache hierarchy depth (edge, mid, origin) based on content update frequency and origin offload targets.
Configuring failover routing policies between edge clusters during regional outages or peering disruptions.

Module 2: Content Caching and Cache Control Strategies

Setting TTL values for static assets based on deployment cycles and cache hit ratio targets.
Implementing cache key normalization to prevent cache fragmentation from query string variations.
Using surrogate keys or cache tags to enable bulk invalidation for content bundles or site sections.
Configuring stale-while-revalidate and stale-if-error directives to maintain availability during origin fetch failures.
Managing cache inheritance rules for dynamic content with personalized elements using edge-side includes (ESI).
Monitoring cache hit ratio by content type and adjusting caching policies for low-performing asset categories.

Module 3: Traffic Routing and Request Steering

Deploying DNS-based steering with latency-based routing to direct users to the nearest responsive PoP.
Implementing HTTP redirect steering for clients that bypass DNS resolution (e.g., hard-coded IPs).
Configuring health checks at multiple layers (TCP, HTTP, application-specific probes) to detect PoP degradation.
Using real-user monitoring (RUM) data to adjust routing decisions based on actual client performance metrics.
Managing failover thresholds for origin shielding when all edge locations are degraded or unreachable.
Integrating BGP anycast with DNS steering for hybrid routing control and faster failover during network events.

Module 4: Security and Threat Mitigation at the Edge

Deploying WAF rules at the edge to block OWASP Top 10 attacks before they reach the origin.
Configuring rate limiting policies by endpoint, IP, or API key to prevent credential stuffing and scraping.
Implementing TLS 1.3 with modern cipher suites and enforcing HSTS across all CDN-hosted domains.
Managing certificate lifecycle for custom domains using automated provisioning and renewal workflows.
Using IP reputation lists and geo-blocking to restrict access from high-risk jurisdictions or known botnets.
Enabling DDoS mitigation features such as request scrubbing and SYN flood protection at the edge layer.

Module 5: Performance Optimization and Content Transformation

Enabling automatic image optimization (format conversion, resizing, compression) based on client device capabilities.
Implementing Brotli compression for text-based assets where client support allows.
Configuring HTTP/2 and HTTP/3 support with fallback mechanisms for legacy clients.
Using edge logic to inject performance headers (e.g., preload, preconnect) dynamically.
Applying JavaScript bundling and minification at the edge for legacy applications without build pipelines.
Implementing resource prioritization through critical path CSS inlining for landing pages.

Module 6: Monitoring, Analytics, and Observability

Defining key performance indicators (KPIs) such as time to first byte and cache hit ratio for SLA reporting.
Integrating CDN logs with centralized SIEM or data warehouse platforms for long-term analysis.
Setting up alerting thresholds for error rate spikes, origin fetch latency, or traffic anomalies.
Correlating edge metrics with client-side RUM data to identify last-mile performance bottlenecks.
Using synthetic monitoring to validate CDN behavior across global locations and detect routing misconfigurations.
Generating traffic heatmaps to identify under-cached content or unexpected origin traffic patterns.

Module 7: Governance, Compliance, and Multi-Tenant Operations

Enforcing domain provisioning workflows with role-based access control (RBAC) for enterprise CDN accounts.
Mapping CDN usage to data sovereignty requirements by restricting PoP usage in regulated jurisdictions.
Implementing audit logging for configuration changes to meet SOX or ISO 27001 compliance.
Managing shared infrastructure risks in multi-tenant CDN environments through logical isolation controls.
Documenting change management procedures for DNS CNAME updates and certificate rotations.
Conducting third-party assessments of CDN provider security controls for vendor risk management.

Module 8: Integration with Origin Infrastructure and DevOps Pipelines

Configuring origin shield topology to reduce load on origin servers during cache misses or purges.
Integrating CDN cache purge APIs into CI/CD pipelines for automated cache invalidation post-deployment.
Using signed URLs or tokens to serve time-limited access to private content without origin exposure.
Implementing health checks between CDN and origin to detect backend failures before client impact.
Setting up origin failover clusters with active-passive or active-active configurations behind the CDN.
Instrumenting API gateways to log and monitor CDN-origin request patterns for capacity planning.