Description

This curriculum spans the technical and operational rigor of a multi-workshop program focused on securing and optimizing server-side interactions in production CDN environments, comparable to an internal capability build for edge compute governance across distributed systems.

Module 1: Understanding Server-Side Access Architecture in CDNs

Selecting between edge-side includes (ESI) and server-side includes (SSI) based on content personalization requirements and origin server load tolerance.
Configuring DNS resolution paths to ensure server-side requests route through the CDN edge without bypassing caching layers.
Implementing origin shield patterns to reduce direct origin server hits when server-side access triggers dynamic content retrieval.
Evaluating execution context placement—edge compute vs. regional compute—based on data residency and latency SLAs.
Mapping request flow for server-side operations to identify points of failure, including timeouts and circuit breaker thresholds.
Integrating server-side access with existing authentication frameworks such as OAuth 2.0 or JWT validation at the edge.

Module 2: Authentication and Authorization at the Edge

Enforcing token validation on server-side requests using edge compute functions to prevent unauthorized backend access.
Managing short-lived access tokens for server-to-server communication between CDN edge nodes and internal microservices.
Implementing role-based access control (RBAC) policies that propagate from identity providers into edge logic.
Handling token refresh workflows in server-side contexts where user sessions persist across multiple backend calls.
Logging and auditing authentication decisions at the edge for compliance with regulatory frameworks such as GDPR or HIPAA.
Configuring mutual TLS (mTLS) between CDN edge nodes and internal services for server-side request validation.

Module 3: Dynamic Content Assembly Using Server-Side Includes

Designing ESI fragment boundaries to minimize round-trip latency while maintaining cache efficiency.
Handling error conditions in ESI processing, including fallback content strategies and timeout cascades.
Coordinating cache headers across parent and included fragments to prevent stale or inconsistent responses.
Instrumenting ESI performance metrics to identify bottlenecks in fragment retrieval and assembly.
Managing vary headers in ESI contexts to ensure proper cache key differentiation based on user context.
Testing ESI behavior under high concurrency to validate edge node resource limits and memory usage.

Module 4: Secure Backend Communication from CDN Edge

Configuring private network connectivity (e.g., AWS PrivateLink, Azure Private Endpoint) for server-side requests to backend APIs.
Masking internal service endpoints using edge rewrite rules to prevent exposure through server-side access paths.
Implementing request signing for server-side calls to backend systems using HMAC or similar mechanisms.
Rate limiting server-side requests from edge nodes to protect internal services from traffic surges.
Encrypting payloads in transit between edge and backend using TLS 1.3 with enforced cipher suites.
Validating backend response schemas to prevent injection or data leakage via malformed server-side responses.

Module 5: Data Privacy and Compliance in Server-Side Flows

Redacting personally identifiable information (PII) in server-side request logs collected at the edge.
Implementing data residency rules by restricting server-side execution to specific geographic regions.
Applying data minimization principles when forwarding user attributes from edge to backend services.
Enabling audit trails for data access events triggered by server-side operations across distributed systems.
Configuring cookie handling policies to prevent unintended PII transmission in server-side requests.
Responding to data subject access requests (DSARs) by tracing server-side activity linked to individual users.

Module 6: Performance Optimization and Caching Strategies

Setting TTLs for server-side generated responses based on data volatility and origin update frequency.
Using stale-while-revalidate to maintain availability during origin fetches triggered by server-side logic.
Implementing cache key normalization for server-side requests that include query parameters or headers.
Benchmarking cold start impact on server-side functions deployed at the edge.
Pre-warming cache entries for high-traffic server-side access paths during peak load periods.
Monitoring cache hit ratio specifically for server-side generated content to assess efficiency.

Module 7: Observability and Incident Management

Correlating logs across edge, CDN, and backend systems using distributed tracing headers in server-side flows.
Defining SLOs for server-side request latency and error rates with automated alerting thresholds.
Instrumenting custom metrics for server-side function execution duration and memory consumption.
Conducting root cause analysis for server-side timeouts by inspecting backend health and network paths.
Managing log retention policies for server-side access logs in compliance with organizational standards.
Simulating failure modes in server-side dependencies to validate retry and fallback behavior.

Module 8: Governance and Change Control in Production Environments

Requiring peer review and automated testing for changes to server-side logic deployed at the edge.
Enforcing versioning and rollback capabilities for edge compute functions used in server-side access.
Controlling deployment windows for server-side configuration updates to minimize user impact.
Documenting data flow diagrams that include server-side access paths for compliance audits.
Restricting production access to server-side configuration using role-based administrative controls.
Validating configuration drift using infrastructure-as-code tools across staging and production environments.