Lilly Tech Systems
Intermediate
Best Practices
Security, versioning, cache invalidation, and operational guidelines for running AI content delivery networks at production scale.
Security Guidelines
- Signed URLs: Use time-limited signed URLs for model downloads. Never expose model artifacts on public CDN endpoints without authentication.
- Model integrity: Sign model artifacts with SHA-256 checksums. Verify integrity after CDN download before loading models into inference runtimes.
- Access control: Use CDN-level WAF rules to block unauthorized access patterns. Implement rate limiting on inference endpoints to prevent abuse.
- Encryption: Enable HTTPS-only access for all CDN distributions. Use field-level encryption for sensitive inference inputs and outputs.
Versioning Strategy
Immutable Artifacts
Never overwrite model files. Use versioned paths like /models/v3.2/model.onnx. This ensures cache consistency and enables instant rollback.
Pointer Files
Use a small manifest file that points to the current model version. Update only the manifest to switch versions. CDN caches the manifest with short TTL.
Retention Policy
Keep the last 3-5 model versions on the CDN for rollback capability. Archive older versions to cold storage. Automate cleanup with lifecycle policies.
Monitoring Checklist
| Metric | What to Track | Alert Threshold |
|---|---|---|
| Cache Hit Rate | Percentage of requests served from cache | Below 30% for cacheable endpoints |
| Origin Latency | Time to fetch from origin on cache miss | Above 500ms p99 |
| Edge Latency | Total response time including cache lookup | Above 100ms p99 for cached responses |
| Bandwidth | Data transfer per region per day | Unexpected spikes (2x normal) |
| Error Rate | 4xx and 5xx responses from CDN | Above 1% of total requests |
Congratulations! You have completed the AI CDN & Content Delivery course. Continue your learning with the Hybrid Cloud AI Architecture course to explore spanning AI workloads across on-premises and cloud environments.