Summary: Explains what Content Delivery Networks are and how Office 365 leverages them. Using Content Delivery Networks (CDNs) helps keep Office 365 fast and reliable for end users. With CDNs, cloud services like Office 365 quickly download generic content, like icons, to your users’ browser when they’re using the service through a web client.
How should I set up my network so that CDNs work best with Office 365?
If you’re planning the network connectivity for your Office 365 setup, it’s helpful to understand how CDNs work. It is also important to understand that you can’t filter connectivity to the CDNs by IP address. We provide a best effort list of IPs for the services within Office 365, such as Exchange Online. You can find that list on our Office 365 endpoints page as well as information on Office 365 network traffic management.
How do CDNs make services work faster?
Downloading common things like icons over and over again can take up network bandwidth that can be better used for downloading important personal content, like email or documents. Because Office 365 uses an architecture that includes CDNs, the icons, scripts, and other generic content can be downloaded from servers closer to client computers, making the downloads faster. This means faster access to your personal content, which is securely stored in Office 365 datacenters.
What exactly is a CDN?
CDNs are used by most enterprise cloud services. Cloud services like Office 365 have millions of customers downloading a mix of proprietary content (such as emails) and generic content (such as icons) at one time. It’s more efficient to put images everyone uses, like icons, as close to the user’s computer as possible. Yet, it isn’t practical for every cloud service to build CDN datacenters that store this generic content in every metropolitan area, or even in every major Internet hub around the world, so some of these CDNs are shared.
CDNs can be private or public. Private CDNs are owned and operated by a single company, and only that company’s applications and services can use it. Public CDNs are run by companies who lease usage to multiple companies. Depending on where you’re located, it might be most efficient for Office 365 to download generic images for you from a CDN that Office 365 owns and runs, a public CDN, or a combination of the two. Regardless of what type of CDN is used, the steps to retrieve the data are the same.
Your client requests data from Office 365.
Office 365 either returns the data directly to your client or directs your client to a CDN.
If the data is already cached at the CDN, your client downloads the data directly from the nearest CDNlocation to your client on the internet.
If the data isn't cached at the CDN, the CDN node requests the data from Office 365 and then cache's the data for a period of time after your client downloads the data.
The CDNs pull the files and images from the nearest Office 365 datacenter and in turn, your client pulls the files and images from the nearest CDN. When users are accessing a cloud service, like reading email in Outlook Web App, the user’s browser attempts to retrieve the files and images from the Office 365 datacenter. Instead of spending the time and bandwidth delivering the files, Office 365 redirects the browser to the CDN. The CDN figures out the closest datacenter to the user’s browser and, using redirection, downloads the generic images from there. Using this CDN redirection is quick, and it saves users a lot of download time.
Is there a list of all the FQDNs that leverage CDNs?
The list of FQDNs and how they leverage CDNs change over time, refer to our published Office 365 endpoints page to get up to date on the latest FQDNs that leverage CDNs.
Is there a list of all the CDNs that Office 365 uses?
The CDNs in use by Office 365 are always subject to change and in many cases there are multiple CDN partners configured in the event one is unavaible. The two most common CDNs in use are Akamai and Microsoft Azure. Both of these CDN solutions have a global reach enhancing the reach of the service to more corners of the world. The content that is stored there includes general Office 365 scripts, files, and images. For example, when you logon to portal.office.com, the images are pulled from the nearest CDN to speed up the page load times. Other examples include Office 365 ProPlus storing the installation bits on a CDN to speed up the amount of time it takes to download the latest version of Office. There is also some proprietary content that is stored on CDNs such as the video files for Office 365 Video. Once you upload the videos, the files are encrypted and then stored in their encrypted format with Azure Media Services. When the Office 365video player reprieves the video it is first cached to the nearest CDN before being downloaded to speed up the amount of time it takes to download the video.
Can I use my own CDN and cache content on my local network?
We're continually looking for new ways to support our customers needs and are currently exploring the use of caching proxy solutions and other on-premises CDN solutions.
Is my data safe?
We take great care to help ensure that we protect the data that runs your business. The items stored at our content delivery network partners is either encrypted; such as with Office 365 Video, or not customer specific; such as the Office 365 ProPlus installation files. Head on over to the Office 365 Trust Center to learn more about our in-depth efforts to protect your data and your privacy.
How can I secure my network with all these 3rd party services?
Leveraging an extensive set of partner services allows Office 365 to scale and meet availability requirements as well as enhance the user experience when using Office 365. The 3rd party services Office 365 leverages include both certificate revocation lists; such as crl.microsoft.com or sa.symcb.com, and CDNs; such as r3.res.outlook.com. Every CDN FQDN Office 365 uses is a custom FQDN for Office 365, if you're sent to a FQDN at the request of Office 365 you can be assured that we control the FQDN and the underlying content at that location.
For customers that still want to segregate requests destined for a Microsoft or Office 365 datacenter from requests that are destined for a 3rd party, this can be done by reviewing the FQDNs listed in the Office 365 endpoint article, routing the 3rd party requests through a different outbound network device as described in Office 365 network traffic management, and perform ongoing monitoring of the Office 365 endpoints changes to ensure client computers can route properly to new endpoints. Routing in this manner allows some or all traffic to and from our 3rd party partners to route through a device that performs more robust traffic inspection or protection without submitting alll Office 365 traffic to a more rigorous standard.
I'm using Azure ExpressRoute for Office 365, does that change things?
Azure ExpressRoute for Office 365 provides a dedicated connection to Office 365 infrastructure that is segregated from the public internet. This means that clients will still need to connect over non-ExpressRoute connections to connect to CDNs and other Microsoft infrastructure that is not explicitly included in the list of services supported by ExpressRoute. For more information about how to route specific traffic such as requests destined for CDNs, refer to Office 365 network traffic management.