Edge Security Acceleration (Original DCDN)

Edge Security Acceleration (ESA) provides capabilities for edge acceleration, edge security, and edge computing. ESA adopts an easy-to-use interactive design and accelerates and protects websites, applications, and APIs to improve the performance and experience of access to web applications.

Buy Now Console

Limited Time Offer: Free 1-Month Trial of Pro Edition
Alibaba Cloud [Dynamic Content Delivery Network (DCDN)] Renamed to [Edge Security Acceleration (ESA)] >

Benefits

Why ESA?

  • Simplified access

    You can aggregate configurations by primary domain without the need to repeatedly configure a single subdomain, which simplifies the domain name configurations. ESA supports more than 15 record types, eliminates the need to access a third-party DNS platform, and reduces the domain name and DNS configuration operations by 50%.

  • Ultra-low latency

    ESA reduces the average end-to-end network latency between points of presence (POPs) worldwide to 50 milliseconds. For access based on Anycast networks, the average DNS resolution latency is reduced to 10 milliseconds. The intelligent routing feature monitors and bypasses network congestion in real time, improving web application performance by 30%. The intelligent congestion control algorithm increases the static file download speed by 30%.

  • Security protection for all services

    ESA mitigates DDoS attacks at a level of Tbit/s and protects against HTTP flood attacks of tens of millions of queries per second (QPS). ESA provides the automated protection feature that is powered by multiple AI algorithms, with an accuracy rate of up to 99.9%. ESA efficiently detects access series, operation traces, and resources and handles the related exceptions.

  • Free SSL/TLS certificates

    ESA provides free certificates and automatically renew the certificates before the certificates expire. This frees you from certificate O&M and reduces certificate costs by thousands of CNY per year. ESA supports Mutual Transport Layer Security (mTLS) for both the access side and the back-to-origin links, maximizing the security of access traffic.

  • Access to networks in the Chinese mainland

    ESA reduces the latency of cross-region back-to-origin links based on network optimization technologies, and enables fast access to network resources in the Chinese mainland across the globe, which improves availability of your business and user experience.

  • Serverless deployment

    ESA provides a serverless platform that integrates computing and storage for developers, which can be deployed in 20 milliseconds. ESA supports key-value pair-based storage. You can use edge functions to directly modify the cache. ESA is seamlessly integrated with the Deno and Node.js ecosystems. EdgeStar CLI simplifies code migration and management throughout the lifecycle, accelerating the business progress.

Service Architecture

An upgraded architecture is available. Based on stable network and high-performance POP engines, ESA implements quick access to acceleration, security, and computing. Compared with the previous generation of ESA, the new generation of ESA provides more log services, simplifies user and access management, improves the data analysis capabilities, and offers efficient, secure, and simplified edge cloud services.

Features

Ultra-low latency, Anycast network, and global POPs

ESA monitors global networks in real time, and automatically detects and bypasses real-time network congestion. This improves web application performance by 30%. Based on the intelligent congestion control algorithm, ESA increases the file download speed by 30%, which improves the user experience.

Accelerated network: Alibaba Cloud has more than 3,200 POPs worldwide, provides a bandwidth of 180 Tbit/s, and supports hundreds of millions of concurrent QPS to provide stable acceleration services.

DNS: ESA provides a secure and stable online authoritative DNS service with high-performance resolution in 30 milliseconds.

Load balancing: ESA supports a flexible and highly available load balancing service that can balance loads based on regions, weights, primary/secondary servers, and custom rules.

Intelligent routing: By combining real-time detection of global POPs, optimal routing, and protocol stack optimization technologies, the intelligent routing service can provide faster and more stable network connections, significantly reducing global network latency and request failure rates.

Anycast-based nearby defense, intelligent cleaning, multi-level protection, and isolation of attacks

ESA can mitigate DDoS attacks at a bandwidth of more than 20 Tbit/s, and supports Layer 4 and Layer 7 full-stack access. The Layer 4 proxy supports multiple ports and the TCP and UDP protocols, which improves the configuration and management efficiency by three times. The intelligent protection feature for Layer 7 services can be enabled with a few clicks to protect against various HTTP attacks, including SQL injection, cross-site scripting, and execution of malicious code. ESA also supports bot traffic protection for web pages that are developed based on SDKs and HTML5, native applications, and mini programs.

Anti-DDoS: Anti-DDoS mitigates DDoS attacks at the network layer and ensures the security of origin servers and edge services while accelerating networks. The total DDoS mitigation bandwidth exceeds 20 Tbit/s worldwide.

Web Application Firewall (WAF): WAF effectively defends against various types of OWASP and common web attacks, prevents website asset leaks, and ensures the security and availability of website services.

Bot management: The bot management service intelligently distinguishes normal requests from malicious bot requests based on client fingerprint identification, AI-assisted protection, cloud collaborative defense intelligence, crawler behavior analysis, and custom rules. This service detects and blocks malicious bot traffic in real time.

Rate limiting: ESA provides an exclusive rate limiting engine to block malicious requests based on default or custom policies, improve the security of your business, and protect your website from HTTP flood attacks.

Serverless functions and image computing capabilities that improve performance

The serverless mode allows you to access and schedule traffic by using the nearest POP. This mode implements ultra-low latency and automatically scales the computing capacity. You do not need to manage the infrastructure of the underlying servers, such as the CPU, memory, network, and operating system. This eliminates the need to accumulate servers in advance and reduces extra costs.

EdgeRoutine: EdgeRoutine allows developers to write JavaScript code, deploy and execute JavaScript code on edge POPs of Alibaba Cloud. EdgeRoutine supports ES6 syntax and standard Web Service Worker API. EdgeRoutine also supports globally consistent storage of key-value pairs, and is compatible with Deno and Node.js ecosystems.

Waiting room: A traffic surge may overload the origin server, which causes performance degradation or even service interruptions. Users can be navigated to customized waiting rooms to ensure that the user experience is not affected and prevent the origin server from being overloaded.

Multi-dimension based data analysis that improves issue location and O&M efficiency

ESA records request logs and summarizes the logs when ESA processes requests that pass through POPs of ESA. The data analysis feature of ESA helps you comprehensively understand the traffic and status of your server.

Account analysis: ESA can record instant logs, offline logs, and real-time logs and quickly locate attack sources, troubleshoot system issues, and debug or test network connections of your server based on log analysis. This helps resolve major issues such as failure to quickly locate attack sources, insufficient data, and inefficient troubleshooting.

Traffic analysis: ESA provides the traffic analysis feature that can analyze Layer 7 access log data. This feature can visualize and display traffic analysis results based on multiple dimensions and provides panoramas of traffic and security trends. This helps you analyze attacks, user behaviors, and cache hit ratios.

Alibaba Cloud has obtained multiple international certifications and is acknowledged by authoritative organizations

Alibaba Cloud has obtained multiple international certifications, including ISO 27018, ISO 27701, ISO 29151, ISO 9001, ISO 20000, BS 10012, Cloud Security Alliance Security, Trust, Assurance, and Risk (CSA STAR), and Service Organization Controls (SOC), and is acknowledged by multiple authoritative organizations.

● In the Worldwide Commercial Content Delivery Network Services 2022 Vendor Assessment report, IDC MarketScape rated Alibaba Cloud as a major player, with the third largest market share in the world. Alibaba Cloud is the only Chinese major player in the report.
● Alibaba Cloud is listed as a representative vendor in the Market Guide for Cloud Web Application and API Protection report issued by Gartner.
● Alibaba Cloud ranked top 1 in the China Cloud Web Application Firewall Market Share, 2022 report of IDC.
● Alibaba Cloud is the only vendor with full scores in the China WAAP Vendor Technology Capability Assessment report of IDC.
● Alibaba Cloud was listed in the Now Tech: Web Application Firewalls, Q2 2022 report of Forrester.

Documentation

Getting Started

ESA Getting Started

API

API Documentation

User Guide

Learn how to use ESA

FAQs

Answers to FAQs about ESA
phone Contact Us