How Edge Cache Works
Edge Cache enables single-sided caching of Internet-based content, including web objects, videos and software updates. Edge Cache requires only one Exinda appliance.
When web objects are downloaded from the Internet or across WANWide Area Network links, Edge Cache stores them at the edge of the network. When subsequent requests come for the same material, the content is quickly delivered from Edge Cache, without the need to download the data again over the WAN. The result is the ability to experience LANLocal area network speeds of WAN objects, and provide users with a better network experience.
Edge Cache also supports HTTPS sites allowing the appliance to be a forward proxy and decrypt content for caching. This is important as more and more applications and services are moving to the cloud. These SaaS-based applications are typically delivered over HTTPS and so to be effective, Edge Cache must support caching this HTTPS traffic.
Edge Cache also offers cache statistics, which provide insight into the amount of repetitive data being off-loaded from the WAN link, how cacheable the network data is, and how frequently the cache is being accessed.
Caching Internet-based Content
To cache web traffic, a client-side Exinda appliance is put in line with the traffic. When a network user visits a URL with cacheable content, Edge Cache first determines if the content is available in its cache. If not, Edge Cache retrieves the content from the URL. Upon retrieving the content, it is stored in the cache with its expiry date as specified on the source website. This assumes that the content is cacheable and falls within the Edge Cache setting parameters, such as size of object and whether or not the URL is blacklisted. The next time a network user visits the same URL, Edge Cache determines that the content is available in the cache and that the content is not stale by looking at the object expiry date. The content is then served to the client from the cache, rather than retrieving from the URL over the WAN.
Edge Cache uses a least recently used (LRU) algorithm for expiring cached data to make room for new objects. This means the most popular and most used content is stored the longest. You also have the ability to manually clear the entire cache if desired.
Edge Cache operates as a transparent proxy since it is running on an inlineIn network terminology, an inline device receives packets and forwards them to their intended destination. Routers, firewalls and switches are examples of inline devices. The inline designation also alerts you the device is critical to network function. If the device goes down, network traffic is affected. device. As a result, your browsers do not need to be configured with an explicit proxy configuration.
Caching Encrypted Internet-based Content
VERSION INFO
As of version 7.0.2, Edge Cache can cache HTTPS content, as well as HTTP content.
When the network user visits an HTTPS URL, if HTTPS caching is not enabled, Edge Cache is unable to determine what is being requested because the traffic is encrypted, including the URL being requested. Even if it could cache the encrypted data, the next request for the same HTTPS URL would not contain the same cached data because the encryption pattern would be different. By enabling HTTPS caching, Edge Cache is able to act as a forward proxy, and retrieve the content from the server, decrypt it, and provide it to the client over an encrypted communication channel. Later requests can then be served from the cache.
To support this feature, you need to upload a trusted certificate to the appliance, which is then used by Edge Cache to sign all dynamically generated site certificates. All client devices must trust this certificate as a signing authority.
To cache encrypted web traffic, the client tries to communicate with the HTTPS web server. The Exinda appliance intercepts, keeping the communication open with the client. Then Edge Cache tries to establish a conversation with the server. Upon receiving the certificate details from the server, Edge Cache extracts the certificate details, constructs a new certificate and signs it using the signing certificate that was loaded and specified in the Edge Cache settings. Edge Cache then presents this new certificate to the client. The client trusts this certificate because the details match its HTTPS URL request as the client has previously been told to trust anything signed by this signing certificate (see below). The communication negotiation between the client and Edge Cache is now complete. The client then requests the specific web object from Edge Cache as if it were the server. Edge Cache then requests the web object from the server over its previously established trusted connection. The server provides the content to Edge Cache, which then stores the content, if applicable. The connection with the server can be closed. Edge Cache then serves the content to the client and the connection with the client can then be closed.
When determining whether the content should be stored in the cache, Edge Cache evaluates whether it is the appropriate size and whether it is white- or black-listed. The whitelist and blacklist can consist of source IPInternet protocol, destination IP, source domain, and destination domain. Note that the domains are resolved using DNSDomain Name Server, so the resulting IP addresses are reverse mapped to determine the domain that is used to configure the Edge Cache engine.
The next time a client requests the same content, the same negotiation happens where the client requests a secure communication channel with the server, the Exinda appliance intercepts and forms a secure communication channel with the server, forges the certificate and establishes a secure communication channel with the client (on behalf of the server). The client then requests the specific web content. Edge Cache determines that the requested content is available in cache and serves it to the client. Edge Cache then closes the communication channels with both the server and the client.
Licensing
The Edge Cache Acceleration feature is a separately licensed component. To see if you are licensed for Edge Cache, go to Configuration > System > Setup > License. You are licensed for Edge Cache, if Max Edge Cache Connections is listed and is greater than 0. For more information refer to Licensing information.
Please contact your local Exinda representative if you wish to enable this feature.
Overview - Configuration & Usage
To use Edge Cache,you'll need to ensure all the required configuration is set.
- Configure the Edge Cache settings, including:
- indicating what size of objects you want to cache
- specifying how long you are willing to let Edge Cache wait for a response from the WAN when fetching objects
- specifying the signing certificate and private key if you plan to cache content from HTTPS sites
- specifying blacklisted sites to not cache, or specifying to only cache whitelisted sites (for HTTPS sites only)
- clearing out the cache, if desired.
NOTE
Before version 7.0.2, Edge Cache requires you to restart the Edge Cache process after making any modifications to the Edge Cache configuration. With 7.0.2 and later, the Edge Cache process automatically restarts when needed.
For more information refer to Edge Cache Configuration.
- You also need to ensure that the DNS server configuration information is set. For more information refer to Configuring DNS.
- For HTTPS caching, you need to ensure that the certificate used for HTTPS caching is trusted by your clients. For more information refer to Preparing & Trusting a Certificate for Encrypted Traffic.
- If you have an upstream proxy in your environment, you can configure it as a proxy peer to ensure that Edge Cache can fetch content from the Internet.
- You can add one or more Edge Cache policies to a virtual circuitlogical definitions that partition a a physical network circuit and used to determine what traffic passes through it and how much in the Optimizer. For more information refer to Creating an Edge Cache Policy in the Optimizer.. Then you can start the Edge Cache process.
- Since the appliance has dynamic disk partitioning, if needed, you can increase the cache storage capacity dynamically. For more information refer to Disk Storage Explained.
Once Edge Cache is configured and started, you can monitor the caching performance.
- You can look at the Edge Cache monitor to determine the reductionmeasures the amount of redundant data that has been removed from the network, increasing capacity ratio or throughput comparing the LAN (cached and non-cached) data to the WAN (non-cached) data. The Edge Cache monitor will also report the requests per second versus the hits per second, where hits are the number of requests that could be satisfied by cached content. These charts can look at long term historical caching or can be as little as the last 5 minutes with 10 second samples. For more information refer to Monitoring edge cache reduction.
- You can also look at the Real Time page to see which conversations are passing through Edge Cache. Conversations with a blue background indicate that the flowthe network traffic between network objects passed through Edge Cache, however, it does not necessarily mean that any of the requests were satisfied by cached content. For more information refer to Monitoring edge cache traffic in real time.