New features:

• Health status. The GTM System Status page provides a convenient and efficient method to learn about GTM operational issues. Its purpose is to complement Service Incident Notifications available on Akamai Community.
• Service Binding record types. New HTTPS and SVCB DNS resource record types provide clients with key information about connections to network services from multiple, alternative locations or endpoints. These new record types also enable alias capability at the domain apex, a long-standing challenge for the Internet.
• Menu improvements. The Akamai Control Center menu explicitly supports Global Traffic Management functions.

Secure DNS Forwarder is now generally available with Security Connector 2.7.0

In addition to functioning as a DNS sinkhole, Security Connector can now act as a DNS forwarder that directs traffic to Enterprise Threat Protector (ETP) for resolution. Secure DNS Forwarder detects the internal client IP address and the internal hostname of the client machine. It also protects connections to ETP with DNS over TLS (DoT).

In the Security Connector console, a new menu is now available for DNS Forwarder. You can:

• View traffic statistics about connections that are directed from DNS Forwarder to ETP.
• View the health status of DNS Forwarder
• Enable or disable DNS Forwarder. By default, DNS Forwarder is enabled.
• Temporarily enable query and response logging in your enterprise for Akamai to investigate and troubleshoot an issue.
• Change the DNS Forwarder port. By default, DNS Forwarder uses outbound TCP port 443. However, you can choose to use outbound TCP port 853.
• Configure a local DNS server. If your organization’s corporate DNS server is not recursive and is used for internal domains only, you can configure it as a local DNS server for DNS Forwarder. This configuration sets the DNS server that you configured in the Security Connector setup as a fallback server in case ETP is not reachable. If you apply a local DNS server configuration, you can then set the Security Connector DNS name server to use the ETP DNS server IP addresses.

ETP also now includes new reporting dimensions to show the internal client IP address and the internal hostname of the user’s machine.

Note the following:

• When you upgrade Security Connector, the virtual machine will temporarily hop to version 2.6.9 before it upgrades to version 2.7.0. This upgrade process also restarts your virtual machine twice. Make sure you do not interrupt this upgrade process. If you find that Security Connector is stuck on version 2.6.9, contact Akamai Support.
• If you intend to use DNS Forwarder, the virtual machine requires 4 GB of RAM and can be increased to 8 GB. If you don’t intend to use Security Connector as a DNS Forwarder, 2 GB of RAM is enough for the Security Connector virtual machine.

For more information about this update, see the online help or the Security Connector Setup and Configuration Guide.

New features:

• Health status. The Edge DNS System Status page provides a convenient and efficient method to learn about GTM operational issues. Its purpose is to complement Service Incident Notifications available on Akamai Community.
• Alias zone option. The Alias add-on is an optional tool designed to reduce per zone total cost of ownership (TCO) for low-volume domains or zones of DNS information, such as typo domains. This option reduces TCO with a lower per zone fee.
• Service Binding record types. New HTTPS and SVCB DNS resource record types provide clients with information about connections to network services from multiple, alternative locations or endpoints. These new record types also enable alias capability at the domain apex, a long-standing challenge for the Internet.
• ACME shell support. The ACME Shell script includes support for Edge DNS in this release.
• Certbot plugin support. The Edge DNS Certbot Plugin automates the process to complete Let’s Encrypt Domain Validation by creating and removing .txt records using Edge DNS and a DNS–01 Challenge type.
• CLI bulk zone imports. The Akamai CLI DNS provides bulk import capabilities with commands that you can use to submit a set of zones and check the result and status of zones.
• Menu improvements. The Akamai Control Center menu explicitly supports Edge DNS functions.

Application visibility and control (AVC) is now in beta

If your organization is participating in the AVC beta, you can now control access to web applications. You can define default policy behavior, or you can create a policy that is based on risk level, acceptable use policy (AUP) categories, category operations, applications, or specific operations for an application. You assign actions to each area of the AVC policy. As you configure each component, the detailed settings you set take precedence over more general settings. For example, the policy action you apply to an application takes precedence over an action that’s applied to its corresponding category or category operation.

You can also select the users and groups that can access a blocked web application and perform specific operations in the application. AVC supports the following ETP setups:

• ETP DNS. If ETP Proxy is not enabled, you can still control access to applications based on the application’s domain and IP address.
• ETP Secure Web Gateway. If ETP Proxy is enabled and configured as a full web proxy, you can control access to applications based on URLs, domains, IP addresses, and other attributes.

For more information, see the online help. To participate in the beta, contact your Akamai representative.

Known Issues and Limitations

Issue: Depending on the domain that’s used to access Google Gmail, an allow action for Gmail may not override a block action with a user exception to the Web-Based Email category. It also may not override the Very High risk level.

Workaround: There is currently no workaround.

Release Notes:  Ion

New Feature:

s-maxage Support. The s-maxage directive is now available to all Ion customers as part of the Caching behavior in Property Manager. S-maxage is a cache-control directive defined by the Internet Engineering Task Force’s (IETF) that makes it easier to configure caching across shared caches in a single setting.  For organizations that use multiple CDNs, this new capability significantly simplifies cache management. 

This is an opt in feature that enables you to define how long content should be cached starting from the time content is requested by configuring Time To Live (TTL) once across Akamai and any other CDNs and intermediary caches. 

The Caching behavior has a new option called Enhanced RFC support, which allows you to honor the s-maxage directive, and other RFC-supported directives, in Cache-Control response headers from the origin.

Release Notes:  Dynamic Site Accelerator

New Features:

s-maxage Support. The s-maxage directive is now available to all DSA customers as part of the Caching behavior in Property Manager. S-maxage is a cache-control directive defined by the Internet Engineering Task Force’s (IETF) that makes it easier to configure caching across shared caches in a single setting.  For organizations that use multiple CDNs, this new capability significantly simplifies cache management. 

This is an opt in feature that enables you to define how long content should be cached starting from the time content is requested by configuring Time To Live (TTL) once across Akamai and any other CDNs and intermediary caches. 

The Caching behavior has a new option called Enhanced RFC support, which allows you to honor the s-maxage directive, and other RFC-supported directives, in Cache-Control response headers from the origin.

GCP Cloud Interconnects Beta

New features:

• Cloud Interconnects. A new Property Manager behavior that lets you maximize egress discounts for Google Cloud origins. It’s available through the beta channel for Ion Standard, Ion Premier, and DSA.

• New report (Cloud Interconnects) under Traffic reports. It lets you check value confirmation for the utilization of Cloud Interconnects. A new report isn’t yet universally available in the beta phase. Contact dl-cumulus-relations@akamai.com with the following information to set it up:

  • Property Manager account/property name
  • List of CP codes that have Cloud Interconnect enabled
  • List of Google origin server domains (or IP addresses) that have Cloud Interconnect enabled

• If the rule format for a property is set prior to 2020–11–02, update it to the latest version to access Cloud Interconnects. See Freeze a rule tree’s feature set for more information.

GCP Cloud Interconnects Beta

New features:

• Cloud Interconnects. A new Property Manager behavior that lets you maximize egress discounts for Google Cloud origins. It’s available through the beta channel for Ion Standard, Ion Premier, and DSA.

• New report (Cloud Interconnects) under Traffic reports. It lets you check value confirmation for the utilization of Cloud Interconnects. A new report isn’t yet universally available in the beta phase. Contact dl-cumulus-relations@akamai.com with the following information to set it up:

  • Property Manager account/property name 
  • List of CP codes that have Cloud Interconnect enabled
  • List of Google origin server domains (or IP addresses) that have Cloud Interconnect enabled

• If the rule format for a property is set prior to 2020–11–02, update it to the latest version to access Cloud Interconnects. See Freeze a rule tree’s feature set for more information.

Mac OS 11 (Big Sur) Support for ETP Client

Apple has announced the general availability of macOS Big Sur (version 11.0) across its platforms starting November 12, 2020.

Akamai has been working closely in the Apple Developer Network to validate the ETP Client with various Apple Developer builds. As a result, the ETP Client 3.2.1 will install in macOS Big Sur-based environments. However, full qualification is only possible once the production release of macOS Big Sur is made available.

Following Apple’s announcement today, Akamai will undertake a final round of testing on macOS Big Sur to ensure that ETP Client 3.2.1 is fully qualified. Once the testing is complete, Akamai will update appropriate Client release notes to reflect this.

ETP Clients below 3.2.1 will not support Big Sur. Customers using ETP Client who wish to run macOS Big Sur must upgrade to corresponding supported Client versions when they have been fully qualified.

See macOS Big Sur for more information.

Mac OS 11 (Big Sur) Support for EAA Client

Apple has announced the general availability of macOS Big Sur (version 11.0) across its platforms starting November 12, 2020.

Akamai has been working closely in the Apple Developer Network to validate the EAA Client with various Apple Developer builds. As a result, the EAA Client 2.1.2 will install in macOS Big Sur-based environments. However, full qualification is only possible once the production release of macOS Big Sur is made available.

Following Apple’s announcement today, Akamai will undertake a final round of testing on macOS Big Sur to ensure that EAA Client 2.1.2 is fully qualified. Once the testing is complete, Akamai will update appropriate Client release notes to reflect this.

EAA Client versions below 2.1.2 will not support Big Sur. Customers using EAA Client who wish to run macOS Big Sur must upgrade to corresponding supported Client versions when they have been fully qualified.

See macOS Big Sur for more information.