Content Delivery Networks (CDNs)
CDNs help keep Office 365 fast and reliable for end users. Cloud services like Office 365 use CDNs to cache static assets closer to the browsers requesting them to speed up downloads and reduce perceived end user latency. The information in this topic will help you learn about Content Delivery Networks (CDNs) and how they are used by Office 365.
What exactly is a CDN?
A CDN is a geographically distributed network consisting of proxy and file servers in datacenters connected by high-speed backbone networks. CDNs are used to reduce latency and load times for a specified set of files and objects in a web site or service. A CDN may have many thousands of endpoints for optimal servicing of incoming requests from any location.
CDNs are used by most enterprise cloud services. Cloud services like Office 365 have millions of customers downloading a mix of proprietary content (such as emails) and generic content (such as icons) at one time. It's more efficient to put images everyone uses, like icons, as close to the user's computer as possible. It isn't practical for every cloud service to build CDN datacenters that store this generic content in every metropolitan area, or even in every major Internet hub around the world, so some of these CDNs are shared.
How do CDNs make services work faster?
Downloading common objects like icons over and over again can take up network bandwidth that can be better used for downloading important personal content, like email or documents. Because Office 365 uses an architecture that includes CDNs, the icons, scripts, and other generic content can be downloaded from servers closer to client computers, making the downloads faster. This means faster access to your personal content, which is securely stored in Office 365 datacenters.
CDNs help to improve cloud service performance in several ways:
- CDNs shift part of the network and file download burden away from the cloud service, freeing up cloud service resources for serving user content and other services by reducing the need to serve requests for static assets.
- CDNs are purpose built to provide low-latency file access by implementing high performance networks and file servers, and by leveraging updated network protocols such as HTTP/2 with highly efficient compression and request multiplexing.
- CDN networks use many globally distributed endpoints to make content available as close as possible to users.
The Office 365 CDN
The built-in Office 365 Content Delivery Network (CDN) allows Office 365 administrators to provide better performance for their organization's SharePoint Online pages by caching static assets closer to the browsers requesting them, which helps to speed up downloads and reduce latency. The Office 365 CDN uses the HTTP/2 protocol for improved compression and download speeds.
Restrictions for use of the Office 365 CDN:
- The Office 365 CDN is only available to tenants in the Production (worldwide) cloud. Tenants in the US Government, China and Germany clouds do not currently support the Office 365 CDN.
- The Office 365 CDN does not currently support tenants configured with custom or "vanity" domains. If you have added a domain to your tenant using the instructions in the topic Add a domain to Office 365, the Office 365 CDN will return errors when you try to access content from the CDN.
The Office 365 CDN is composed of multiple CDNs that allow you to host static assets in multiple locations, or origins, and serve them from global high-speed networks. Depending on the kind of content you want to host in the Office 365 CDN, you can add public origins, private origins or both.
Private origins within the Office 365 CDN provide private access to user content such as SharePoint Online document libraries, sites and media such as videos. Access to content in private origins is secured with dynamically generated tokens so it can only be accessed by users with permissions to the original document library or storage location. Private origins in the Office 365 CDN can only be used for SharePoint Online content, and you can only access assets through redirection from your SharePoint Online tenant.
The Office 365 CDN service is included as part of your SharePoint Online subscription.
For more information about how to use the Office 365 CDN, see Use the Office 365 content delivery network with SharePoint Online.
Other Microsoft CDNs
Although not a part of the Office 365 CDN, you can use these CDNs in your Office 365 tenant for access to SharePoint development libraries, custom code and other purposes that fall outside the scope of the Office 365 CDN.
You can use the Azure CDN to deploy your own CDN instance for hosting custom web parts, libraries and other resource assets, which allows you to apply access keys to your CDN storage and exert greater control over your CDN configuration. Use of the Azure CDN is not free, and requires an Azure subscription.
For more information on how to configure an Azure CDN instance, see Quickstart: Integrate an Azure storage account with Azure CDN.
For an example of how the Azure CDN can be used to host SharePoint web parts, see Deploy your SharePoint client-side web part to Azure CDN.
For information about the Azure CDN PowerShell module, see Manage Azure CDN with PowerShell.
Microsoft Ajax CDN
Microsoft's Ajax CDN is a read-only CDN that offers many popular development libraries including jQuery (and all of its other libraries), ASP.NET Ajax, Bootstrap, Knockout.js, and others.
To include these scripts in your project, simply replace any references to these publicly available libraries with references to the CDN address instead of including it in your project itself. For example, use the following code to link to jQuery:
<script src=http://ajax.aspnetcdn.com/ajax/jquery-2.1.1.js> </script>
For more information about how to use the Microsoft Ajax CDN, see Microsoft Ajax CDN.
How does Office 365 use content from a CDN?
Regardless of what CDN you configure for your Office 365 tenant, the basic data retrieval process is the same.
Your client (a browser or Office client application) requests data from Office 365.
Office 365 either returns the data directly to your client or, if the data is part of a set of content hosted by the CDN, redirects your client to the CDN URL.
a. If the data is already cached in a public origin, your client downloads the data directly from the nearest CDN location to your client.
b. If the data is already cached in a private origin, the CDN service checks your Office 365 user account's permissions on the origin. If you have permissions, SharePoint Online dynamically generates a custom URL composed of the path to the asset in the CDN and two access tokens, and returns the custom URL to your client. Your client then downloads the data directly from the nearest CDN location to your client using the custom URL.
If the data isn't cached at the CDN, the CDN node requests the data from Office 365 and then caches the data for a period of time after your client downloads the data.
The CDN figures out the closest datacenter to the user's browser and, using redirection, downloads the requested data from there. CDN redirection is quick, and can save users a lot of download time.
How should I set up my network so that CDNs work best with Office 365?
Minimizing latency between clients on your network and CDN endpoints is the key consideration for ensuring optimal performance. You can use the best practices outlined in Managing Office 365 endpoints to ensure that your network configuration permits client browsers to access the CDN directly rather than routing CDN traffic through central proxies to avoid introducing unnecessary latency.
You can also read Office 365 Network Connectivity Principles to understand the concepts behind optimizing Office 365 network performance.
Is there a list of all the CDNs that Office 365 uses?
The CDNs in use by Office 365 are always subject to change and in many cases there are multiple CDN partners configured in the event one is unavailable. The primary CDNs used by Office 365 are:
|Office 365 CDN||Akamai||Generic assets in public origins, SharePoint user content in private origins||Use the Office 365 content delivery network with SharePoint Online|
|Azure CDN||Microsoft||Custom code, SharePoint Framework solutions||Microsoft Azure CDN|
|Microsoft Ajax CDN (read only)||Microsoft||Common libraries for Ajax, jQuery, ASP.NET, Bootstrap, Knockout.js etc.||Microsoft Ajax CDN|
What performance gains does a CDN provide?
There are many factors involved in measuring specific differences in performance between data downloaded directly from Office 365 and data downloaded from a specific CDN, such as your location relative to your tenant and to the nearest CDN endpoint, the number of assets on a page that are served by the CDN, and transient changes in network latency and bandwidth. However, a simple A/B test can help to show the difference in download time for a specific file.
The following screen shots illustrate the difference in download speed between the native file location in Office 365 and the same file hosted on the Microsoft Ajax Content Delivery Network. These screen shots are from the Network tab in the Internet Explorer 11 developer tools. These screen shots show the latency on the popular library jQuery. To bring up this screen, in Internet Explorer, press F12 and select the Network tab which is symbolized with a Wi-Fi icon.
This screen shot shows the library uploaded to the master page gallery on the SharePoint Online site itself. The time it took to upload the library is 1.51 seconds.
The second screen shot shows the same file delivered by Microsoft's CDN. This time the latency is around 496 milliseconds. This is a large improvement and shows that a whole second is shaved off the total time to download the object.
Is my data safe?
We take great care to protect the data that runs your business. Data stored in the Office 365 CDN is encrypted both in transit and at rest, and access to data in the Office 365 SharePoint CDN is secured by Office 365 user permissions and token authorization. Requests for data in the Office 365 SharePoint CDN must be referred (redirected) from your Office 365 tenant or an authorization token will not be generated.
To ensure that your data remains secure, we recommend that you never store user content or other sensitive data in a public CDN. Because access to data in a public CDN is anonymous, public CDNs should only be used to host generic content such as web script files, icons, images and other non-sensitive assets.
3rd party CDN providers may have privacy and compliance standards that differ from the commitments outlined by the Office 365 Trust Center. Data cached through the CDN service may not conform to the Microsoft Data Processing Terms (DPT), and may be outside of the Office 365 Trust Center compliance boundaries.
For in-depth information about privacy and data protection for Office 365 CDN providers, visit the following:
- Learn more about Office 365 privacy and data protection at the Microsoft Trust Center
- Learn more about Akamai’s privacy and data protection at the Akamai Privacy Trust Center
- Learn more about Azure privacy and data protection at the Azure Trust Center
How can I secure my network with all these 3rd party services?
Leveraging an extensive set of partner services allows Office 365 to scale and meet availability requirements as well as enhance the user experience when using Office 365. The 3rd party services Office 365 leverages include both certificate revocation lists; such as crl.microsoft.com or sa.symcb.com, and CDNs; such as r3.res.outlook.com. Every CDN FQDN generated by Office 365 is a custom FQDN for Office 365. If you're sent to a FQDN at the request of Office 365 you can be assured that the CDN provider controls the FQDN and the underlying content at that location.
For customers that want to segregate requests destined for a Microsoft or Office 365 datacenter from requests that are destined for a 3rd party, we've written up guidance on Managing Office 365 endpoints.
Is there a list of all the FQDNs that leverage CDNs?
The list of FQDNs and how they leverage CDNs change over time. Refer to our published Office 365 URLs and IP address ranges page to get up to date on the latest FQDNs that leverage CDNs.
You can also use the Office 365 IP Address and URL Web service to request the current Office 365 URLs and IP address ranges formatted as CSV or JSON.
Can I use my own CDN and cache content on my local network?
We're continually looking for new ways to support our customers needs and are currently exploring the use of caching proxy solutions and other on-premises CDN solutions.
Although it is not a part of the Office 365 CDN, you can also use the Azure CDN for hosting custom web parts, libraries and other resource assets, which allows you to apply access keys to your CDN storage and exert greater control over your CDN configuration. Use of the Azure CDN is not free, and requires an Azure subscription. For more information on how to configure an Azure CDN instance, see Quickstart: Integrate an Azure storage account with Azure CDN.
I'm using Azure ExpressRoute for Office 365, does that change things?
Azure ExpressRoute for Office 365 provides a dedicated connection to Office 365 infrastructure that is segregated from the public internet. This means that clients will still need to connect over non-ExpressRoute connections to connect to CDNs and other Microsoft infrastructure that is not explicitly included in the list of services supported by ExpressRoute. For more information about how to route specific traffic such as requests destined for CDNs, refer to Office 365 network traffic management.
Can I use CDNs with SharePoint Server on-premises?
Using CDNs only makes sense in a SharePoint Online context and should be avoided with SharePoint Server. This is because all of the advantages around geographic location do not hold true if the server is located on-premises or geographically close anyway. Additionally, if there is a network connection to the servers where it's hosted, then the site may be used without an Internet connection and therefore cannot retrieve the CDN files. Otherwise, you should use a CDN if there is one available and stable for the library and files you need for your site.
Here's a short link you can use to come back: https://aka.ms/o365cdns
Send feedback about: