Description

This curriculum spans the technical and operational complexity of a multi-phase infrastructure transformation, comparable to designing and securing a global edge platform across distributed teams, integrating networking, security, compliance, and observability at scale.

Module 1: CDN Architecture and Edge Infrastructure Design

Selecting between multi-tier edge topologies and flat architectures based on origin offload requirements and regional traffic patterns.
Configuring Points of Presence (PoPs) with regional cache hierarchies to balance latency and cache hit ratios for dynamic content.
Implementing cache peering strategies between edge nodes to reduce redundant origin fetches during cache misses.
Deciding on edge compute capacity allocation for server-side logic execution versus static content caching.
Integrating BGP routing policies with CDN providers to optimize traffic steering to the closest functional edge node.
Evaluating hardware versus virtualized edge server deployments for consistency in execution environments.

Module 2: Origin Server Integration and Failover Strategies

Designing health check intervals and thresholds for origin servers to prevent false failovers during transient load spikes.
Configuring origin shielding with a reverse proxy layer to reduce direct origin exposure and control request throttling.
Implementing circuit breaker patterns in edge-origin communication to prevent cascading failures during origin outages.
Setting TTL policies for stale content delivery during origin unavailability based on business continuity requirements.
Mapping origin failover workflows with DNS and CDN control plane APIs for automated traffic rerouting.
Validating origin certificate rotation procedures without disrupting active TLS sessions at the edge.

Module 3: Dynamic Content Caching and Cache Invalidation

Defining cache key structures that include query parameters, cookies, or headers based on application semantics.
Implementing selective cache purging using tag-based invalidation for content with interdependencies.
Configuring stale-while-revalidate policies to maintain service availability during origin regeneration of dynamic content.
Choosing between proactive cache warming and reactive caching based on content volatility and traffic predictability.
Enforcing cache partitioning by tenant or region in multi-tenant applications to prevent cross-contamination.
Monitoring cache hit ratio degradation over time and adjusting TTLs in response to content update frequency changes.

Module 4: Server-Side Logic Execution at the Edge

Selecting between JavaScript-based edge compute runtimes (e.g., Cloudflare Workers, AWS Lambda@Edge) based on cold start tolerance.
Managing state in edge functions using distributed key-value stores with regional replication constraints.
Implementing request transformation logic at the edge to normalize headers or rewrite paths before forwarding to origin.
Enforcing execution time and memory limits in edge functions to prevent resource exhaustion under load.
Versioning edge scripts with rollback capabilities to mitigate deployment risks in production environments.
Instrumenting edge function logs with structured fields for correlation across distributed traces.

Module 5: Security and Access Control Integration

Integrating JWT validation at the edge to offload authentication from origin servers for API endpoints.
Configuring IP allow/deny lists at the CDN layer in coordination with corporate firewall policies.
Implementing bot mitigation rules that balance false positives with protection against credential stuffing attacks.
Enforcing TLS 1.3 with specific cipher suites across all edge nodes while maintaining backward compatibility.
Managing certificate lifecycle automation using ACME protocols with private PKI or public CAs.
Applying rate limiting policies at the edge based on client IP, API key, or behavioral fingerprints.

Module 6: Observability and Performance Monitoring

Correlating edge logs with origin server metrics to identify latency bottlenecks in request-response flows.
Deploying synthetic monitoring from multiple PoPs to detect regional performance degradation.
Configuring custom metrics ingestion into centralized observability platforms from edge execution contexts.
Setting alert thresholds on cache miss rate spikes to detect potential cache poisoning or configuration errors.
Sampling and exporting edge transaction traces for compliance with data retention policies.
Validating log redaction rules to prevent PII leakage in edge-generated diagnostic data.

Module 7: Multi-CDN and Traffic Orchestration

Implementing DNS-based load balancing across multiple CDN providers using latency or health-based steering.
Defining failover escalation policies when primary CDN experiences regional degradation.
Normalizing API interactions with heterogeneous CDN control planes using abstraction layers.
Monitoring consistency of cache behavior and header handling across different CDN implementations.
Allocating traffic percentages during canary rollouts of a secondary CDN provider.
Reconciling billing and usage metrics from multiple CDNs for cost attribution by business unit.

Module 8: Compliance, Data Residency, and Governance

Mapping content routing rules to enforce data residency requirements for GDPR or CCPA compliance.
Configuring edge nodes to strip or mask PII from logs based on jurisdiction-specific regulations.
Validating that cached content does not persist beyond mandated data retention periods.
Documenting change management workflows for CDN configuration updates to meet audit requirements.
Implementing role-based access controls for CDN management interfaces aligned with corporate IAM policies.
Conducting periodic reviews of certificate and API key usage to enforce least-privilege access.