The Workspace ONE UEM and Akamai Integration Workflow diagram highlights the communication and interaction between Workspace ONE UEM and Akamai. Workspace ONE UEM and Akamai Integration currently does not support whitelisting of Akamai Edge Server IP Address. That is, if your end-user devices are a part of a network that allows connections to only servers whose IP addresses are whitelisted, then the integration cannot be implemented.

Workspace ONE UEM and Akamai Integration Workflow Components

AirWatch Origin Server: The AirWatch Origin Server is the file server that is configured for storage of all files to be cached within the Akamai CDN on a pull model.

Content Domain Server : The Content Domain Server is the domain mapping to the configured Akamai Edge Server using the CNAME DNS plus *.edgekey.net.

Akamai Edge Server: The Akamai Edge Server is responsible for caching and distributing files based on the geographic location. The server also authenticates the resources that end users try to access. If the connection to the CDN provider fails, then the content is instead pushed from the AirWatch Device Services server, as it might be if CDN integration was not configured.

Akamai Integration Workflow Diagram

CDNAkamaiNew

Workflow Number

Description
1 Admin uploads apps to the Workspace ONE UEM console.
2 Add the application to the AirWatch Database or the File Storage Server.
3 Copy the application files using the configured UNC path and credentials.
4 Publish the application to the end-user devices.
5 Generate the token URL for the application using HMACSHA256.
6 Send the generated content download URL to the device.
7 Request content from the content server that points to the Akamai Edge server.
8 Forward the request to the edge server with the valid token for expiration.
9 Verify if the content is available in cache. Pull the content from the Origin Server if the content is not in the cache or if the content has changed.
10 If Edge is in the IP whitelist, request for the file is processed. If Edge IP is not in the whitelist, then request for 401/403 is processed.
11 Stream the content to the devices if the token is valid.