New features:

• Health status. The Edge DNS System Status page provides a convenient and efficient method to learn about GTM operational issues. Its purpose is to complement Service Incident Notifications available on Akamai Community.
• Alias zone option. The Alias add-on is an optional tool designed to reduce per zone total cost of ownership (TCO) for low-volume domains or zones of DNS information, such as typo domains. This option reduces TCO with a lower per zone fee.
• Service Binding record types. New HTTPS and SVCB DNS resource record types provide clients with information about connections to network services from multiple, alternative locations or endpoints. These new record types also enable alias capability at the domain apex, a long-standing challenge for the Internet.
• ACME shell support. The ACME Shell script includes support for Edge DNS in this release.
• Certbot plugin support. The Edge DNS Certbot Plugin automates the process to complete Let’s Encrypt Domain Validation by creating and removing .txt records using Edge DNS and a DNS–01 Challenge type.
• CLI bulk zone imports. The Akamai CLI DNS provides bulk import capabilities with commands that you can use to submit a set of zones and check the result and status of zones.
• Menu improvements. The Akamai Control Center menu explicitly supports Edge DNS functions.

Application visibility and control (AVC) is now in beta

If your organization is participating in the AVC beta, you can now control access to web applications. You can define default policy behavior, or you can create a policy that is based on risk level, acceptable use policy (AUP) categories, category operations, applications, or specific operations for an application. You assign actions to each area of the AVC policy. As you configure each component, the detailed settings you set take precedence over more general settings. For example, the policy action you apply to an application takes precedence over an action that’s applied to its corresponding category or category operation.

You can also select the users and groups that can access a blocked web application and perform specific operations in the application. AVC supports the following ETP setups:

• ETP DNS. If ETP Proxy is not enabled, you can still control access to applications based on the application’s domain and IP address.
• ETP Secure Web Gateway. If ETP Proxy is enabled and configured as a full web proxy, you can control access to applications based on URLs, domains, IP addresses, and other attributes.

For more information, see the online help. To participate in the beta, contact your Akamai representative.

Known Issues and Limitations

Issue: Depending on the domain that’s used to access Google Gmail, an allow action for Gmail may not override a block action with a user exception to the Web-Based Email category. It also may not override the Very High risk level.

Workaround: There is currently no workaround.

Release Notes:  Ion

New Feature:

s-maxage Support. The s-maxage directive is now available to all Ion customers as part of the Caching behavior in Property Manager. S-maxage is a cache-control directive defined by the Internet Engineering Task Force’s (IETF) that makes it easier to configure caching across shared caches in a single setting.  For organizations that use multiple CDNs, this new capability significantly simplifies cache management. 

This is an opt in feature that enables you to define how long content should be cached starting from the time content is requested by configuring Time To Live (TTL) once across Akamai and any other CDNs and intermediary caches. 

The Caching behavior has a new option called Enhanced RFC support, which allows you to honor the s-maxage directive, and other RFC-supported directives, in Cache-Control response headers from the origin.

Release Notes:  Dynamic Site Accelerator

New Features:

s-maxage Support. The s-maxage directive is now available to all DSA customers as part of the Caching behavior in Property Manager. S-maxage is a cache-control directive defined by the Internet Engineering Task Force’s (IETF) that makes it easier to configure caching across shared caches in a single setting.  For organizations that use multiple CDNs, this new capability significantly simplifies cache management. 

This is an opt in feature that enables you to define how long content should be cached starting from the time content is requested by configuring Time To Live (TTL) once across Akamai and any other CDNs and intermediary caches. 

The Caching behavior has a new option called Enhanced RFC support, which allows you to honor the s-maxage directive, and other RFC-supported directives, in Cache-Control response headers from the origin.

GCP Cloud Interconnects Beta

New features:

• Cloud Interconnects. A new Property Manager behavior that lets you maximize egress discounts for Google Cloud origins. It’s available through the beta channel for Ion Standard, Ion Premier, and DSA.

• New report (Cloud Interconnects) under Traffic reports. It lets you check value confirmation for the utilization of Cloud Interconnects. A new report isn’t yet universally available in the beta phase. Contact dl-cumulus-relations@akamai.com with the following information to set it up:

  • Property Manager account/property name
  • List of CP codes that have Cloud Interconnect enabled
  • List of Google origin server domains (or IP addresses) that have Cloud Interconnect enabled

• If the rule format for a property is set prior to 2020–11–02, update it to the latest version to access Cloud Interconnects. See Freeze a rule tree’s feature set for more information.

GCP Cloud Interconnects Beta

New features:

• Cloud Interconnects. A new Property Manager behavior that lets you maximize egress discounts for Google Cloud origins. It’s available through the beta channel for Ion Standard, Ion Premier, and DSA.

• New report (Cloud Interconnects) under Traffic reports. It lets you check value confirmation for the utilization of Cloud Interconnects. A new report isn’t yet universally available in the beta phase. Contact dl-cumulus-relations@akamai.com with the following information to set it up:

  • Property Manager account/property name 
  • List of CP codes that have Cloud Interconnect enabled
  • List of Google origin server domains (or IP addresses) that have Cloud Interconnect enabled

• If the rule format for a property is set prior to 2020–11–02, update it to the latest version to access Cloud Interconnects. See Freeze a rule tree’s feature set for more information.

Mac OS 11 (Big Sur) Support for ETP Client

Apple has announced the general availability of macOS Big Sur (version 11.0) across its platforms starting November 12, 2020.

Akamai has been working closely in the Apple Developer Network to validate the ETP Client with various Apple Developer builds. As a result, the ETP Client 3.2.1 will install in macOS Big Sur-based environments. However, full qualification is only possible once the production release of macOS Big Sur is made available.

Following Apple’s announcement today, Akamai will undertake a final round of testing on macOS Big Sur to ensure that ETP Client 3.2.1 is fully qualified. Once the testing is complete, Akamai will update appropriate Client release notes to reflect this.

ETP Clients below 3.2.1 will not support Big Sur. Customers using ETP Client who wish to run macOS Big Sur must upgrade to corresponding supported Client versions when they have been fully qualified.

See macOS Big Sur for more information.

Mac OS 11 (Big Sur) Support for EAA Client

Apple has announced the general availability of macOS Big Sur (version 11.0) across its platforms starting November 12, 2020.

Akamai has been working closely in the Apple Developer Network to validate the EAA Client with various Apple Developer builds. As a result, the EAA Client 2.1.2 will install in macOS Big Sur-based environments. However, full qualification is only possible once the production release of macOS Big Sur is made available.

Following Apple’s announcement today, Akamai will undertake a final round of testing on macOS Big Sur to ensure that EAA Client 2.1.2 is fully qualified. Once the testing is complete, Akamai will update appropriate Client release notes to reflect this.

EAA Client versions below 2.1.2 will not support Big Sur. Customers using EAA Client who wish to run macOS Big Sur must upgrade to corresponding supported Client versions when they have been fully qualified.

See macOS Big Sur for more information.

Enterprise Threat Protector (ETP) now includes these features and enhancements:

Custom Headers. In a policy, you can now configure custom headers to control access to software as a service (SaaS) applications. You can use this feature to require that users access only your organization’s account of the application. To use this feature, your organization must be licensed for ETP Advanced Threat and configure ETP Proxy as a full web proxy. For more information, see the online help.

Block Unscannable Files. You can enable the Block Unscannable Files option in a policy to block files that cannot be scanned by ETP Proxy as part of inline payload analysis. These files include encrypted or password protected files. If this option is disabled, these files are not scanned by ETP Proxy.

Custom List Updates. Custom lists now include these changes:

• If the block action is assigned to a custom list, you can select the users and groups that are exceptions to the block action. This means that selected users and groups can access a blocked website from the list after they successfully authenticate. To select users and groups for the exception, the policy must be enabled for authentication and have an associated identity provider.
• After you create a custom list, you can no longer modify the category that’s assigned to the list.

New Name for ETP Client Setting in Policy. The “Enable ETP Client as Proxy” setting is now called “Overwrite Device Proxy Settings.”

Identity Provider Deployment. In the new Enterprise Center user interface, you can now deploy an identity provider (IdP) within the IdP configuration. A new button now appears beside the deployment status when the IdP is ready for deployment. This button also appears if there is a failure that requires you to redeploy the IdP.

New feature:

• Reports for Enhanced Proxy Detection (EPD) with GeoGuard. The Media Delivery Reports component in Akamai Control Center now offers the Proxy Protection tab in Historical reports. Use it to monitor how often EPD was applied to requests that were routed through a proxy. We’ve worked with our partner, GeoGuard to establish several “categories” of proxy for this detection (“Anonymous VPN,” “TOR Exit Nodes,” etc.). The reports show you how often a selected action (allow, deny, or redirect) was applied, either for all proxy requests or per individual, GeoGuard proxy category. The reports also show proxy-related request data per individual CP code, so you can review results data per individual property configuration. You can also filter data based on traffic specifics, including secure delivery, non-secure delivery, live content, video on demand content, HLS, and DASH formats. See the Media Delivery Reports User Guide for more details.