This chapter covers Azure Content Delivery Network (CDN), a service that delivers high-bandwidth content to users globally with low latency and high availability. For the AZ-900 exam, understanding CDN falls under objective 2.3 'Describe core Azure architecture services' and typically appears in 2-3 questions about content delivery, caching, and global distribution. Mastering CDN concepts is essential because Microsoft often tests your ability to recommend the right service for specific scenarios involving static content delivery, media streaming, or web application acceleration.
Jump to a section
Imagine you run a global e-commerce company that ships products from a single central warehouse in Chicago. A customer in Tokyo orders a widget. The widget must travel from Chicago to Tokyo—thousands of miles—crossing oceans and clearing customs. This takes days and costs a fortune in shipping. Now imagine you deploy a network of small local warehouses in major cities worldwide. Each warehouse stocks your most popular items. When the Tokyo customer orders, the order is automatically routed to the nearest warehouse in Tokyo, which ships the widget locally in hours, not days. The central warehouse still exists for rare or custom items, but the local warehouses handle the bulk of requests quickly and cheaply. In Azure, the CDN works exactly like this: your 'central warehouse' is your origin server (e.g., a web app in a single Azure region). The 'local warehouses' are edge servers in dozens of global locations. When a user requests a file (like an image, video, or webpage), the CDN routes the request to the nearest edge server. If that edge server has the file cached, it serves it instantly—no need to travel all the way to the origin. If not, the edge server fetches it from the origin, caches it, and then serves it. The mechanism is not just 'closer is faster'—it actually reduces network hops, avoids congested internet backbones, and can offload traffic from your origin server, reducing costs and improving reliability.
What is Azure CDN and What Business Problem Does It Solve?
Azure Content Delivery Network (CDN) is a global network of servers that caches and delivers content from locations closest to end users. The core business problem it solves is the latency and bandwidth limitations of a single-origin architecture. When all users fetch content from one server (e.g., a web app hosted in West US), users in Asia or Europe experience slow load times due to physical distance, multiple network hops, and congested internet backbones. CDN mitigates this by placing cached copies of static content (images, CSS, JavaScript, videos) at edge nodes around the world. This reduces latency, improves user experience, and offloads traffic from the origin server, lowering costs and increasing scalability.
How Azure CDN Works: Step-by-Step Mechanism
User Request: A user requests a file (e.g., https://cdn.example.com/images/logo.png). The DNS resolves the CDN endpoint to the nearest edge node based on geographic location.
Edge Node Check: The edge node checks its cache for the file. If present and not expired, it serves the file directly (cache hit).
Origin Fetch: If the file is not cached (cache miss), the edge node requests it from the origin server (e.g., a storage account or web app). The origin responds, and the edge node caches the file according to cache-control headers or rules.
Response to User: The edge node serves the file to the user. Subsequent requests from nearby users hit the cache.
Key Components and Features
CDN Profile: A top-level resource that defines the CDN tier (Standard or Premium) and provider (Microsoft, Akamai, or Verizon).
CDN Endpoint: A specific endpoint (e.g., myendpoint.azureedge.net) that points to an origin (storage account, web app, or custom domain).
Origin: The source of the content. Can be an Azure Storage account, Azure Web App, or any publicly accessible HTTP server.
Caching Rules: Control how long content is cached at edge nodes. Can be set globally or per path/extension.
Compression: Edge nodes can compress files (e.g., GZip) before delivery to reduce bandwidth.
Geo-filtering: Restrict or allow access based on country codes.
Custom Domains: Map a custom domain (e.g., cdn.example.com) to the CDN endpoint.
HTTPS: CDN supports HTTPS for secure delivery.
Tiers and Pricing Models
Azure CDN offers three tiers: - Standard Microsoft: Uses Microsoft's global network. Good for general content delivery. Pay-as-you-go based on data transfer out from edge nodes. - Standard Akamai: Uses Akamai's network. Optimized for high-performance scenarios like media streaming. Pricing per GB transferred. - Standard Verizon / Premium Verizon: Verizon's network. Premium adds advanced features like token authentication, custom rules engine, and real-time analytics. Premium is more expensive.
Comparison to On-Premises Equivalent
In an on-premises data center, delivering content globally would require setting up your own CDN infrastructure—purchasing servers in multiple locations, managing DNS, and handling caching logic. This is cost-prohibitive for most organizations. Azure CDN abstracts all that: you simply configure an endpoint and Azure handles the global distribution, caching, and scaling.
Azure Portal and CLI Touchpoints
In the Azure portal, you create a CDN profile (search 'CDN profiles'), then add an endpoint. You can configure caching rules, compression, and geo-filtering under the endpoint settings. Using Azure CLI:
# Create a CDN profile
az cdn profile create --name MyCDNProfile --resource-group MyResourceGroup --sku Standard_Microsoft
# Create a CDN endpoint with a storage account as origin
az cdn endpoint create --name MyEndpoint --profile-name MyCDNProfile --resource-group MyResourceGroup --origin storageaccount.blob.core.windows.net --origin-host-header storageaccount.blob.core.windows.netPowerShell equivalent:
New-AzCdnProfile -Name MyCDNProfile -ResourceGroupName MyResourceGroup -Sku Standard_Microsoft
New-AzCdnEndpoint -Name MyEndpoint -ProfileName MyCDNProfile -ResourceGroupName MyResourceGroup -OriginName storageaccount -OriginHostHeader storageaccount.blob.core.windows.netCreate a CDN Profile
In the Azure portal, navigate to 'CDN profiles' and click 'Create'. Choose a subscription, resource group, and a unique profile name. Select a pricing tier: Standard Microsoft, Standard Akamai, Standard Verizon, or Premium Verizon. For most AZ-900 scenarios, Standard Microsoft is sufficient. The profile is a container for endpoints. Behind the scenes, Azure provisions the necessary infrastructure on the chosen provider's network. This step takes about 1-2 minutes.
Create a CDN Endpoint
Within the CDN profile, click '+ Endpoint'. Provide a name (e.g., 'myendpoint') — this becomes part of the endpoint URL (`myendpoint.azureedge.net`). Choose an origin type: Storage, Web App, or Custom Origin. For a storage account, select the storage account and specify the container or blob path. For a web app, select the app service. Set the origin path (optional) and origin host header. The endpoint will start with HTTP only; you can enable HTTPS later. Azure then configures the edge nodes to fetch content from this origin.
Configure Caching Rules
By default, CDN respects cache-control headers from the origin. You can override caching behavior globally or per path. For example, set a cache expiration of 7 days for images in `/images/*`. In the portal, go to 'Caching rules' under your endpoint. You can add rules like 'If path contains /images, then cache for 604800 seconds (7 days)'. This ensures edge nodes serve cached content without re-fetching from origin, reducing load and latency.
Enable Compression
To reduce bandwidth and speed up delivery, enable compression. In the portal, under 'Compression', toggle 'Enabled' and select file types (e.g., text/plain, text/html, application/javascript). Edge nodes will compress responses before sending to users. This is especially beneficial for text-based content. Note that compression only applies if the file is larger than 1 KB and the origin returns a compressible type.
Map a Custom Domain
To use a custom domain like `cdn.example.com`, add a CNAME record in your DNS provider pointing `cdn.example.com` to `myendpoint.azureedge.net`. Then in the Azure portal, under 'Custom domains', add the domain. Azure validates ownership. You can also enable HTTPS for the custom domain by uploading a certificate or using Azure-managed certificates. This step ensures your CDN endpoint appears as part of your brand.
Scenario 1: Global E-commerce Image Delivery A large e-commerce company hosts product images in Azure Blob Storage. Their web application is in West Europe, but customers are worldwide. Without CDN, a user in Australia experiences 3-second load times for a product page with 20 images. The company creates a CDN endpoint with the storage account as origin. They configure caching rules to cache images for 24 hours. Now, Australian users hit the Sydney edge node, reducing load time to 200ms. The origin server load drops by 80%, and bandwidth costs from storage egress are reduced because CDN serves cached content. The team monitors CDN metrics in Azure Monitor to track cache hit ratios. If they set cache expiration too short (e.g., 1 hour), the edge nodes frequently re-fetch from origin, defeating the purpose. A common mistake is forgetting to enable compression, leading to higher data transfer costs.
Scenario 2: Video Streaming for an Online Education Platform An online education platform streams pre-recorded videos from Azure Media Services. They need low latency for live streams and reliable delivery for on-demand videos. They use Azure CDN with Akamai tier for high throughput. The CDN caches video chunks at edge nodes. For live streaming, they use a short cache duration (minutes) to keep content fresh. For on-demand, they cache for longer periods. The platform also uses geo-filtering to restrict access to certain countries based on licensing agreements. If the CDN is misconfigured with too long a cache for live streams, viewers see outdated content. Another issue: if the origin is not configured to support byte-range requests, video seeking fails. The team tests with various bitrates to ensure smooth playback.
Scenario 3: Software Download Distribution A software company distributes large installer files (2 GB) from a web app. Without CDN, downloads are slow and the web app server becomes overwhelmed during a major release. They deploy Azure CDN Standard Microsoft with a custom domain. The CDN caches the installer files. During a launch, millions of users download the file; edge nodes handle the load, and the origin server sees minimal traffic. The company also uses CDN's token authentication (Premium Verizon) to secure downloads. A common mistake is not setting appropriate cache-control headers on the origin, causing the CDN to cache the file indefinitely and serve an outdated version when a new release happens. They set cache expiration to match the release cycle (e.g., 1 day before a new version).
Exactly What AZ-900 Tests
Objective 2.3: 'Describe core Azure architecture services' includes CDN. You must understand:
The purpose of CDN: reduce latency, improve load times, offload origin traffic.
How CDN works: edge nodes, caching, origin fetch.
When to use CDN vs. other services (e.g., Azure Front Door, Traffic Manager).
Basic pricing tiers: Standard vs. Premium, and providers (Microsoft, Akamai, Verizon).
Key features: caching rules, compression, custom domains, HTTPS.
Common Wrong Answers and Why Candidates Choose Them
'CDN is used for load balancing web servers.' Wrong. CDN caches static content; it does not distribute traffic across servers. Load balancing is done by Azure Load Balancer or Traffic Manager.
'CDN stores a copy of the entire website.' Wrong. CDN caches only static files that are cacheable; dynamic content is fetched from origin each time.
'CDN provides DDoS protection.' Partially true: some CDN tiers offer basic DDoS protection, but it's not the primary purpose. Azure DDoS Protection is a separate service.
'CDN replaces the need for an origin server.' Wrong. CDN is a caching layer; origin is required for cache misses.
Specific Terms and Values That Appear Verbatim
Edge node: The server closest to the user.
Origin: The source server (e.g., storage account, web app).
Cache hit / cache miss: Terms for whether content was found in cache.
Caching rules: Used to control cache duration.
Compression: Reduces bandwidth.
Geo-filtering: Restricts access by country.
Edge Cases and Tricky Distinctions
CDN vs. Azure Front Door: Front Door is a global load balancer with CDN capabilities; CDN is purely for caching. AZ-900 may ask which to use for a scenario with both static and dynamic content—Front Door can handle both.
CDN vs. Traffic Manager: Traffic Manager is DNS-based load balancing; it does not cache content. CDN caches content.
CDN with dynamic content: CDN can accelerate dynamic content via route optimization, but caching is limited. For full dynamic site acceleration, Premium Verizon or Front Door is better.
Memory Trick: 'CACHE' acronym
Close to user (edge nodes)
Accelerates delivery
Caches static content
HTTP/HTTPS support
Easy to set up
When you see a question about improving load times for static content globally, think 'CDN'. For dynamic content globally, think 'Azure Front Door'.
Azure CDN delivers cached content from edge nodes near users, reducing latency and origin load.
CDN is primarily for static content; dynamic content requires origin fetch or Front Door.
Three providers: Microsoft, Akamai, and Verizon; each has Standard and Premium tiers.
Key features: caching rules, compression, custom domains, HTTPS, geo-filtering.
CDN does not replace an origin server; it caches content from it.
AZ-900 tests your ability to recommend CDN for scenarios involving global static content delivery.
CDN pricing is based on data transfer out from edge nodes; no upfront costs.
These come up on the exam all the time. Here's how to tell them apart.
Azure CDN
Caches static content at edge nodes
No load balancing or routing intelligence
Best for static file delivery (images, videos, scripts)
Supports custom domains and HTTPS
Lower cost than Front Door for pure caching
Azure Front Door
Global load balancer with CDN capabilities
Routes traffic based on latency and health probes
Best for dynamic web applications with global users
Supports SSL offload, URL rewrite, and WAF
More expensive but offers advanced routing
Azure CDN
Caches content at edge
Reduces latency by serving cached content
Works at application layer (HTTP/HTTPS)
Reduces origin load
Pays per GB transferred
Traffic Manager
DNS-based traffic routing only
Does not cache content
Works at DNS layer (no content awareness)
Does not reduce origin load
Pays per million DNS queries
Mistake
CDN can serve dynamic content like database queries.
Correct
CDN primarily caches static content (images, CSS, JS, videos). Dynamic content that changes per user (e.g., personalized pages) is not cached; each request goes to the origin. Some CDN tiers offer dynamic site acceleration, but caching is limited.
Mistake
CDN eliminates the need for an origin server.
Correct
CDN is a caching layer; the origin server is still required to provide content when a cache miss occurs. Without an origin, the CDN cannot serve any content.
Mistake
All CDN tiers are identical in features.
Correct
Standard Microsoft, Akamai, and Verizon tiers have different features and pricing. Premium Verizon offers advanced features like token authentication and custom rules engine. The exam expects you to know that there are different tiers.
Mistake
CDN only works with Azure origins.
Correct
CDN supports custom origins that are publicly accessible over HTTP/HTTPS, not just Azure services. You can point CDN to any web server, including on-premises or other clouds.
Mistake
CDN automatically compresses all files.
Correct
Compression must be enabled and configured. It only applies to certain MIME types and files larger than 1 KB. You must enable it in the CDN endpoint settings.
Azure CDN is a content delivery network that caches static content at edge nodes to reduce latency. Azure Front Door is a global load balancer that routes traffic to the best backend based on latency and health, and it also includes CDN capabilities. For pure static content delivery, CDN is simpler and cheaper. For dynamic web applications requiring global load balancing, SSL offload, and WAF, use Front Door. On the exam, if a scenario mentions 'global load balancing' or 'improve availability of a web app,' think Front Door; if it mentions 'cache images for faster load times,' think CDN.
Yes, Azure CDN can use any publicly accessible HTTP/HTTPS server as an origin, including on-premises servers, AWS, or Google Cloud. You configure the custom origin URL when creating the endpoint. This makes CDN a flexible caching layer for hybrid or multi-cloud environments.
You can enable HTTPS on custom domains, use geo-filtering to restrict access by country, and use token authentication (Premium Verizon) to require a valid token for each request. Additionally, set cache-control headers on the origin to control who can cache content. For sensitive data, consider using Azure Front Door with WAF or Azure Storage with private endpoints.
CDN can cache API responses if they are static and have appropriate cache-control headers. However, most API responses are dynamic and personalized, so caching is not recommended. For dynamic APIs, use Azure Front Door with caching rules or bypass caching entirely. Some CDN tiers offer dynamic site acceleration to optimize routing for dynamic content, but caching is limited.
If the origin does not provide cache-control headers, the default behavior varies by CDN provider. For Standard Microsoft, the default is 7 days for general web delivery. You can override this with caching rules. It's best practice to set explicit cache-control headers on the origin to control caching behavior predictably.
When the origin file is updated, the CDN edge nodes serve the cached version until its TTL expires. To force immediate refresh, you can purge the CDN cache for specific files or all content. This is done via the portal, CLI, or API. For example: `az cdn endpoint purge --content-paths /images/logo.png --profile-name MyProfile --name MyEndpoint --resource-group MyRG`.
CDN endpoints are global, not regional. You create a CDN profile in a specific region (e.g., West US), but the edge nodes are distributed worldwide. The origin can be in any region. The CDN service itself is available in most Azure regions, but the key is the global edge network.
You've just covered Azure Content Delivery Network (CDN) — now see how well it sticks with free AZ-900 practice questions. Full explanations included, no account needed.
Done with this chapter?