Migrate from Akamai to Azion

A platform migration from Akamai usually starts with an inventory problem. Delivery properties, behaviors, hostnames, Cloudlets, EdgeWorkers, EdgeKV data, security policies, DNS zones, traffic steering rules, storage, and observability streams may be managed across multiple products and operational processes.

For teams using Akamai Ion, App & API Protector, EdgeWorkers, EdgeKV, Cloudlets, Edge DNS, Global Traffic Management, NetStorage, DataStream, mPulse, Prolexic, Image & Video Manager, or related delivery products, Azion provides equivalent capabilities through Applications, Rules Engine, Functions, KV Store, Object Storage, Firewall, Web Application Firewall, DDoS Protection, Bot Manager, Edge DNS, Load Balancer, Data Stream, Edge Pulse, Real-Time Events, and Real-Time Metrics.

The strongest reason to migrate is not simply to replace one vendor with another. It is to consolidate application delivery, compute, storage, security, DNS, and observability into a unified platform designed for globally distributed applications.

How Akamai to Azion Migration Works

Traditional platform migrations often require recreating delivery properties, rebuilding origin behavior, replacing security policies, and changing DNS under pressure. That approach increases operational risk and makes rollback harder.

The Azion migration approach preserves application behavior while moving each Akamai workstream into a unified platform model:

Incremental migration path. Start with one representative Akamai property, validate delivery and security behavior on Azion, and expand only after the migration pattern is proven.
Preserved application behavior. Hostnames, origins, cache rules, redirects, headers, Cloudlets, EdgeWorkers logic, security controls, storage access, DNS, and observability patterns map to Azion Applications, Workloads, Connectors, Rules Engine, Functions, Firewall, Store, and Observe products.
Unified platform model. Instead of operating delivery, compute, security, storage, DNS, and observability as disconnected products, Azion brings these capabilities together with consistent APIs, Console workflows, and deployment patterns.

Feature Mapping

The following table provides a practical mapping of Akamai products and configuration areas to their Azion equivalents. A dash (-) indicates that Azion does not currently offer a direct equivalent.

Akamai Product or Feature	Description	Azion Equivalent
Ion	Web performance, reliability, and user experience optimization at scale.	Applications + Application Accelerator + Cache
API Acceleration	API performance and reliability optimization.	Application Accelerator + Cache
Adaptive Media Delivery	Large-scale online video delivery.	Applications + Cache + Object Storage
Download Delivery	Optimized delivery for large files, software, games, and media assets.	Applications + Cache + Object Storage
Dedicated Delivery	High-volume media delivery with origin offload requirements.	Applications + Cache + Tiered Cache
Image & Video Manager	Image and video optimization for devices and network conditions.	Image Processor
Media Services Live	Live video ingest and delivery workflows.	Applications + Cache + Live ingest best practices
Cloudlets	Predefined policy applications for redirects, load balancing, traffic control, phased releases, and request handling.	Rules Engine for Applications + Functions + Load Balancer + Firewall
Cloud Wrapper	Private caching layer for origin offload and reduced egress.	Tiered Cache + Origin Shield + Cache
EdgeWorkers	JavaScript functions that customize request and response behavior.	Functions for Applications
Akamai Functions	Distributed serverless execution for application and AI workloads.	Functions
EdgeKV	Distributed key-value data for EdgeWorkers applications.	KV Store
API Gateway	API registration, routing, delivery, and protection.	Applications + Rules Engine + Functions + Firewall
App Platform	Managed containerized application deployment.	Orchestrator
Akamai Inference Cloud	Distributed AI inference platform.	AI Inference
App & API Protector	Application and API protection against vulnerabilities, abuse, and distributed threats.	Firewall + Web Application Firewall + DDoS Protection + Bot Manager
Firewall for AI	Protection for LLM and AI-driven applications.	Firewall + AI Inference
API Security	API discovery, monitoring, and protection workflows.	Firewall + Web Application Firewall + Applications
Bot Manager	Bot detection and automated traffic response.	Bot Manager
Account Protector	Protection for account abuse and credential attacks.	Bot Manager + Firewall
Content Protector	Protection against content scraping and abusive automated access.	Bot Manager + Firewall + Rules Engine for Applications
Input Validation Cloudlet	Form and request validation controls.	Firewall + Rules Engine for Firewall
Request Control Cloudlet	Fast access control and request filtering.	Firewall + Rules Engine for Firewall
Cloud Firewall	Network security controls for cloud workloads.	Network Shield + Firewall
Prolexic Solutions	DDoS protection for infrastructure, cloud, hybrid, and on-premises environments.	DDoS Protection + Network Shield
Forward Rewrite Cloudlet	URL rewrite logic for clean and semantic URLs.	Rules Engine for Applications + Functions
Phased Release Cloudlet	Gradual release and rollback control.	Rules Engine for Applications + Applications
API Prioritization Cloudlet	API traffic prioritization.	Rules Engine for Applications + Application Accelerator
Application Load Balancer Cloudlet	Application load balancing for performance and availability.	Load Balancer
Audience Segmentation Cloudlet	Cookie-based segmentation, A/B testing, and session affinity patterns.	Rules Engine for Applications + Applications
Edge Redirector Cloudlet	Centralized redirect management.	Rules Engine for Applications + Applications
NodeBalancers	Layer 4 and Layer 7 load balancing for compute instances.	Load Balancer
DNS Infrastructure	DNS services for provider and enterprise environments.	Edge DNS
Edge DNS	Highly available authoritative DNS.	Edge DNS
Global Traffic Management	Traffic steering for performance optimization and outage avoidance.	Load Balancer + Edge DNS
DNS Manager	DNS record management interface.	Edge DNS
NetStorage	Replicated storage for content delivery.	Object Storage
Object Storage	Durable object storage for data and distribution use cases.	Object Storage
Managed Databases	Managed relational database workloads.	SQL Database
Akamai TrafficPeak	Observability for operations and security visibility.	Real-Time Metrics + Real-Time Events + Data Stream
DataStream	Low-latency data feed to third-party monitoring tools.	Data Stream
mPulse	Real-user monitoring and digital experience analytics.	Edge Pulse + Real-Time Metrics

Migration Strategy

The migration is organized around Azion’s product categories, with DNS and traffic management treated as a controlled cutover workstream:

Build: migrate Akamai properties, origins, cache behavior, Cloudlets, EdgeWorkers, Image & Video Manager, API acceleration, media, and download delivery patterns.
Secure: migrate hostnames, certificates, App & API Protector policies, WAF rules, bot controls, Prolexic assumptions, access control, and DDoS workflows.
Store: migrate NetStorage, Object Storage, EdgeKV, and managed database dependencies to Azion storage services.
Observe: migrate TrafficPeak, DataStream, mPulse, dashboards, events, alerting, and external log destinations.
DNS and traffic management: migrate Edge DNS, DNS Manager, Global Traffic Management, and load balancing rules only after delivery and security behavior is validated.

Build

The Build category covers application deployment, property migration, request and response logic, compute, routing, cache, media, image optimization, API acceleration, and origin protection. Start here to recreate the behavior users see before moving security, storage, DNS, and observability layers.

1. Project Setup on Azion

The first step brings one Akamai property into Azion in a controlled way. If your team uses Akamai Property Manager, EdgeWorkers, Cloudlets, and CLI/API activation workflows, the migration pattern is familiar: define configuration, deploy, validate behavior, and move traffic when ready.

Azion follows a similar workflow but consolidates application delivery, Functions, rules, security, and observability in the same platform context.

Key Differences

Aspect	Akamai	Azion
Primary delivery resource	Property	Application + Workload
Hostname routing	Property hostnames and edge hostnames	Workloads and custom domains
Origin configuration	Origin server behaviors	Connectors
Request logic	Property rules, behaviors, Cloudlets, EdgeWorkers	Rules Engine + Functions
Observability	TrafficPeak, DataStream, mPulse, reports	Real-Time Metrics, Real-Time Events, Data Stream, Edge Pulse

Connect Your Repository

Open Azion Console.
Click + Create > Import from GitHub.
Authorize the Azion GitHub App.
Select the repository you want to migrate.

Configure Your Build

Azion auto-detects your framework and configures build settings. Override the detected preset in azion.config.js when needed:

import { defineConfig } from 'azion'

export default defineConfig({
name: 'my-akamai-migration',
preset: 'nextjs', // Override auto-detection if needed
})

Deploy and Verify

Deploy from the Azion Console or CLI. Your temporary Azion URL follows this pattern:

https://xxxxxxxxxx.map.azionedge.net/

Validate the deployment before moving production hostnames:

curl -I https://xxxxxxxxxx.map.azionedge.net/
curl https://xxxxxxxxxx.map.azionedge.net/health

Reference documentation

2. Converting Property and Build Configuration

An Akamai migration can look complete when the first request returns 200, but fail later when cache behavior, redirect logic, origin routing, headers, or security enforcement differs from the original property. Review active property versions and product dependencies before treating the migration as a simple DNS change.

CLI Quick Reference

Task	Akamai Workflow	Azion CLI
Install	Akamai CLI package and product CLIs	`curl -fsSL https://cli.azion.app/install.sh \| bash`
Login	Akamai API credentials and CLI authentication	`azion login`
Local dev	EdgeWorkers sandbox or local application tooling	`azion dev`
Deploy	Property activation, EdgeWorkers activation, or CI/CD pipeline	`azion deploy`
View logs	DataStream, reporting, or product dashboards	`azion logs`
Purge	Akamai purge by URL, CP code, cache tag, or API	`azion purge`

Configuration Inventory

Before recreating the property in Azion, inventory:

Active Akamai properties and property versions.
Property hostnames, edge hostnames, certificates, and DNS records.
Origin servers, failover settings, health checks, and shielding patterns.
Cache keys, TTLs, stale behavior, CP codes, cache tags, and purge workflows.
Property rules, behaviors, variables, match criteria, and advanced metadata.
Cloudlets, policies, match rules, and activation dependencies.
EdgeWorkers bundles, EdgeKV namespaces, and runtime configuration.
App & API Protector policies, bot controls, API protections, and Prolexic assumptions.
Edge DNS zones, DNS Manager records, and Global Traffic Management policies.
DataStream streams, TrafficPeak dashboards, mPulse tags, alerts, and external monitoring dependencies.

Reference documentation

3. Migrating Ion and Delivery Properties to Applications

Akamai Ion properties deliver websites, applications, APIs, and mobile traffic through hostnames, origins, property rules, cache behavior, and performance optimizations. Azion Applications provide equivalent delivery capabilities with integrated Rules Engine, Cache, Functions, Connectors, and Workloads.

Key Differences

Aspect	Akamai Ion and Property Manager	Azion Applications
Delivery resource	Property and property version	Application
Hostnames	Property hostnames and edge hostname	Workloads and custom domains
Origins	Origin server behavior	Connectors
Behavior logic	Rules, behaviors, variables, Cloudlets, EdgeWorkers	Rules Engine and Functions
Cache control	Property cache behaviors, CP codes, cache tags	Cache Settings, Advanced Cache Key, Rules Engine, Real-Time Purge

Configuration Steps

Access Azion Console.
Navigate to Build > Applications.
Click Add Application.
Configure your Main Settings.
Create Connectors for each Akamai origin server.
Configure Cache Settings and Rules Engine.
Add custom domains through Workloads when ready for cutover.

curl -X POST 'https://api.azionapi.net/v4/workspace/applications' --header 'Authorization: Token YOUR_TOKEN' --header 'Content-Type: application/json' --data '{
  "name": "akamai-property-migration",
  "origins": [
    {
      "name": "origin-main",
      "addresses": [
        {
          "address": "origin.example.com",
          "weight": 1
        }
      ]
    }
  ],
  "cache_settings": {
    "default_ttl": 3600
  }
}'

Application Configuration Example

import { defineConfig } from 'azion'

export default defineConfig({
name: 'akamai-property-migration',
applications: [{
  name: 'main-app',
  origins: [{
    name: 'primary-origin',
    type: 'http',
    addresses: [{
      address: 'origin.example.com',
      weight: 1
    }]
  }],
  cache: {
    ttl: 3600,
    staleWhileRevalidate: 300
  },
  rules: {
    request: [{
      name: 'API routes bypass cache',
      criteria: [{
        variable: 'uri',
        operator: 'starts_with',
        argument: '/api/'
      }],
      behavior: {
        bypassCache: true,
        setOrigin: 'primary-origin'
      }
    }]
  }
}]
})

Reference documentation

4. Migrating Rules, Behaviors, Cloudlets, and Headers

Akamai properties often contain business-critical logic in property rules, behaviors, variables, Cloudlets, and EdgeWorkers. Migrate simple logic to Rules Engine and reserve Functions for behavior that needs code, external lookups, custom algorithms, or signed token validation.

Key Differences

Aspect	Akamai	Azion
Simple redirects	Edge Redirector Cloudlet, property behaviors, EdgeWorkers	Rules Engine redirect behavior
URL rewrites	Forward Rewrite Cloudlet or property rules	Rules Engine + Functions
Header changes	Modify Incoming Request Header and Modify Outgoing Response Header behaviors	Rules Engine request/response behavior
Traffic segmentation	Audience Segmentation Cloudlet	Rules Engine criteria and Functions
Complex logic	EdgeWorkers or advanced property rules	Functions

Redirect Migration Example

# Akamai-style intent
If the request path matches ^/old/(.*)$, redirect permanently to /new/{capture}.

# Azion Rules Engine
Criteria: ${uri} matches ^/old/(.*)$
Behavior: Redirect To (301): /new/%{capture[1]}

Security Header Migration Example

import type { AzionConfig } from 'azion/config';

const config: AzionConfig = {
applications: [{
  name: 'my-app',
  rules: {
    response: [{
      name: 'Security Headers',
      active: true,
      criteria: [{
        variable: 'uri',
        conditional: 'if',
        operator: 'starts_with',
        argument: '/'
      }],
      behavior: {
        addResponseHeader: [
          'X-Frame-Options: SAMEORIGIN',
          'X-Content-Type-Options: nosniff'
        ]
      }
    }]
  }
}]
};

export default config;

Cloudlet Migration Checklist

Convert Edge Redirector rules to Rules Engine redirect behaviors.
Convert Forward Rewrite logic to Rules Engine or Functions when path reconstruction requires code.
Convert Audience Segmentation criteria to cookie, header, path, and device criteria in Rules Engine.
Convert Phased Release policies to Rules Engine, Functions, and controlled workload routing.
Convert Application Load Balancer Cloudlet behavior to Connectors and Load Balancer.
Convert API Prioritization patterns to Rules Engine, Application Accelerator, and cache policies.

Reference documentation

5. Migrating EdgeWorkers and Akamai Functions to Functions

EdgeWorkers execute JavaScript to customize requests and responses. Azion Functions provide distributed JavaScript execution for request handling, API orchestration, personalization, redirects, authentication, and integration logic.

Key Differences

Aspect	Akamai EdgeWorkers	Azion Functions
Deployment unit	EdgeWorker ID and version	Function and Function Instance
Runtime model	Akamai EdgeWorkers JavaScript runtime	Azion JavaScript runtime
Function signature	Event handlers such as `onClientRequest` and `onClientResponse`	`export default { async fetch(request) {} }`
Configuration data	EdgeKV, property variables, product-specific APIs	KV Store, Object Storage, Variables
Association	Property behavior	Rules Engine behavior and Function Instance

Update Function Signature

// Before: Akamai EdgeWorkers style
export function onClientRequest(request) {
const path = request.path;
request.setHeader('x-migration-source', 'akamai');
}

// After: Azion Functions
export default {
async fetch(request) {
  const url = new URL(request.url);
  const headers = new Headers(request.headers);
  headers.set('x-migration-source', 'azion');

  return fetch(new Request(url, {
    method: request.method,
    headers,
    body: request.body
  }));
}
};

Update Configuration Access

// Before: Akamai configuration access varies by EdgeWorkers implementation
const apiToken = 'read-from-property-variable-or-secure-store';

// After: Azion Functions
const apiToken = Azion.env.get('API_TOKEN');

Migration Guidance

Code Area	Migration Guidance
Request parsing	Use the standard `Request` and `URL` APIs.
Response creation	Use the standard `Response` API.
Headers	Use `request.headers` and response headers.
Environment values	Use `Azion.env.get()`.
Key-value data	Use `Azion.KV`.
External services	Use `fetch()`.

Reference documentation

6. Migrating Load Balancing, Origin Failover, and Cloud Wrapper

Akamai origin configuration can include multiple origin servers, Cloud Wrapper, Origin Shield-like patterns, health checks, failover, and Global Traffic Management dependencies. Azion uses Connectors, Load Balancer, Origin Shield, Tiered Cache, and Rules Engine to recreate origin routing and origin protection behavior.

Key Differences

Aspect	Akamai	Azion
Origin resource	Origin server behavior	Connector
Load balancing	Application Load Balancer Cloudlet, NodeBalancers, GTM patterns	Load Balancer and Rules Engine
Health checks	Product-specific health checks	Connector health checks
Origin protection	Cloud Wrapper and caching hierarchy	Tiered Cache and Origin Shield
Failover	Property rules, GTM, or product configuration	Load Balancer and Rules Engine

Configuration Steps

Access Azion Console.
Go to Products menu > Connectors.
Create a Connector for each origin server.
Configure health checks.
Configure origin weights and failover behavior.
Enable Tiered Cache or Origin Shield when origin offload is required.
Associate Connectors with your Application rules.

curl -X POST 'https://api.azionapi.net/v4/workspace/connectors' --header 'Authorization: Token YOUR_TOKEN' --header 'Content-Type: application/json' --data '{
  "name": "origin-pool",
  "type": "http",
  "attributes": {
    "addresses": [
      {
        "address": "origin1.example.com",
        "active": true,
        "modules": {
          "load_balancer": {
            "weight": 3,
            "method": "round_robin"
          }
        }
      },
      {
        "address": "origin2.example.com",
        "active": true,
        "modules": {
          "load_balancer": {
            "weight": 1,
            "method": "round_robin"
          }
        }
      }
    ]
  }
}'

Reference documentation

7. Migrating Cache Configuration and Purge

Caching configuration determines how content is stored, revalidated, and purged. Akamai cache behavior often combines property behaviors, CP codes, cache tags, advanced metadata, Cloud Wrapper, and purge APIs. Azion provides Cache Settings, Advanced Cache Key, Rules Engine, Tiered Cache, Origin Shield, and Real-Time Purge.

Key Differences

Aspect	Akamai Cache	Azion Cache
Cache policy	Property cache behaviors and advanced metadata	Cache Settings and Rules Engine
Cache key	Property behavior and advanced metadata	Advanced Cache Key
Origin offload	Cloud Wrapper and cache hierarchy	Tiered Cache and Origin Shield
Purge	URL, CP code, cache tag, or API purge	URL, Cache Key, and Wildcard purge
Stale content	Property cache behavior	Stale-while-revalidate settings

Configuration Steps

Access Azion Console.
Edit your Application.
Navigate to Cache Settings.
Configure default cache TTL.
Enable Tiered Cache when origin load reduction is required.
Add custom cache rules through Rules Engine.
Validate purge workflows before production cutover.

curl -X PATCH 'https://api.azion.com/v4/workspace/applications/{application_id}/cache_settings/{cache_setting_id}' --header 'Authorization: Token YOUR_TOKEN' --header 'Content-Type: application/json' --data '{
  "name": "default-cache",
  "browser_cache": {
    "ttl": 3600
  },
  "modules": {
    "cache": {
      "ttl": 86400
    },
    "tiered_cache": {
      "enabled": true
    }
  }
}'

Akamai Purge to Azion Purge

# After: Azion purge by URL
curl -X POST 'https://api.azion.com/v4/workspace/purge/url' --header 'Authorization: Token YOUR_TOKEN' --header 'Content-Type: application/json' --data '{
  "items": ["https://www.example.com/images/logo.png"],
  "layer": "cache"
}'

# After: Azion purge by wildcard
curl -X POST 'https://api.azion.com/v4/workspace/purge/wildcard' --header 'Authorization: Token YOUR_TOKEN' --header 'Content-Type: application/json' --data '{
  "items": ["https://www.example.com/images/*"],
  "layer": "cache"
}'

Reference documentation

8. Migrating Image, Media, and Download Delivery

Akamai Image & Video Manager, Adaptive Media Delivery, Download Delivery, and Media Services Live are used for bandwidth-heavy and media-rich workloads. Migrate each pattern based on the traffic model: cacheable media, image transformation, live streaming, video-on-demand, or large file delivery.

Capability Mapping

Akamai Capability	Azion Migration Path
Image & Video Manager	Image Processor + Applications
Adaptive Media Delivery	Applications + Cache + Object Storage
Download Delivery	Applications + Cache + Object Storage
Dedicated Delivery	Applications + Cache + Tiered Cache
Media Services Live	Applications + Cache + live ingest best practices
Cloud Wrapper for media	Tiered Cache + Origin Shield

Image URL Format Comparison

# Akamai image transformation patterns vary by implementation
https://www.example.com/image.jpg?width=400&quality=85

# Azion Image Processor
https://www.example.com/image.jpg?ims=400x400

Transformation Parameters

Syntax	Description	Example
`?ims=WxH`	Resize to width x height	`?ims=400x300`
`?ims=Wx`	Resize to width with automatic height	`?ims=400x`
`?ims=xH`	Resize to height with automatic width	`?ims=x300`
`?ims=WxH:fill`	Crop to exact dimensions	`?ims=400x300:fill`
`?ims=WxH:fit`	Fit within dimensions	`?ims=400x300:fit`

Reference documentation

9. Migrating API Gateway, API Acceleration, and AI Inference Patterns

Akamai API Gateway and API Acceleration patterns can be recreated with Applications, Rules Engine, Functions, Cache, Firewall, and Application Accelerator. AI inference workloads can combine AI Inference, Functions, Cache, Real-Time Events, and Data Stream depending on whether the goal is inference execution, traffic control, observability, or response caching.

Key Differences

Aspect	Akamai	Azion
API routing	API Gateway and property rules	Applications + Rules Engine
API logic	EdgeWorkers, Akamai Functions, or upstream services	Functions
API protection	App & API Protector and API Security	Firewall + WAF + Bot Manager
API acceleration	API Acceleration	Application Accelerator + Cache
AI execution	Akamai Inference Cloud or external providers	AI Inference or external AI APIs called from Functions

Function Integration Example

export default {
async fetch(request) {
  const url = new URL(request.url);

  if (url.pathname.startsWith('/api/')) {
    const response = await fetch('https://api-origin.example.com' + url.pathname, {
      method: request.method,
      headers: {
        'Authorization': 'Bearer ' + Azion.env.get('API_TOKEN')
      },
      body: request.body
    });

    return response;
  }

  return fetch(request);
}
};

Reference documentation

Secure

The Secure category covers hostnames, certificates, firewall rules, WAF, bot controls, DDoS protection, network controls, DNS, and traffic steering. Plan these migrations as controlled cutovers because they affect how users reach your application and how traffic is protected in production.

1. Migrating Hostnames, Custom Domains, and TLS

Hostname migration is one of the most sensitive parts of an Akamai-to-Azion migration. It affects users, SEO, brand trust, certificate coverage, and production availability. Plan hostname migration as a controlled cutover, not as a last-minute DNS change.

Migration Strategies

Strategy	Best For	DNS Control
CNAME	Quick subdomain migration	Keep your current DNS provider
Nameserver	Full DNS control and apex domains	Transfer DNS to Azion

Create the Certificate

Create your SSL/TLS certificate before pointing your hostname to Azion. This ensures users can access the application securely over HTTPS when the domain starts resolving to the new infrastructure.

Azion provides free Let’s Encrypt certificates with automatic renewal.

Configure the Domain

Create a workload in Azion Console and associate your custom domain. See Workloads Documentation.

Point the Domain to Azion

Point the subdomain to the Azion-generated domain:

www CNAME xxxxxxxxxx.map.azionedge.net

This keeps your current DNS provider while routing traffic through Azion.

Configure your domain to use Azion DNS nameservers:

ns1.aziondns.net
ns2.aziondns.com
ns3.aziondns.org

This gives Azion full DNS control, required for apex domains.

Verify Propagation

dig www.yourdomain.com CNAME +short
curl -I https://www.yourdomain.com/

Reference documentation

2. Migrating App & API Protector to Web Application Firewall

App & API Protector protects applications and APIs against malicious traffic, vulnerabilities, automated abuse, and distributed attacks. Migrating WAF rules requires careful mapping of match conditions, managed protections, tuning, exceptions, API paths, and enforcement modes.

Key Differences

Aspect	Akamai App & API Protector	Azion WAF and Firewall
Managed protection	Managed rules and protections	WAF Rule Sets
Custom logic	Match targets, custom rules, and policy settings	Rules Engine for Firewall
Actions	Alert, deny, challenge, or product-specific actions	Allow, deny, drop, redirect, custom HTML, hold connection
Tuning	Policy tuning and exceptions	Learning and Blocking modes, sensitivity settings, allowed rules
Association	Security policy and protected hostname	Firewall associated with workloads

Migration Steps

Access Azion Console.
Go to Products menu > Firewall.
Select or create a Firewall instance.
Navigate to WAF.
Enable the desired managed rule sets.
Configure sensitivity per rule set.
Create custom rules in Rules Engine.
Associate the Firewall with your workload.

curl -X POST 'https://api.azion.com/v4/workspace/wafs' --header 'Accept: application/json' --header 'Authorization: Token [TOKEN]' --header 'Content-Type: application/json' --data '{
  "active": true,
  "name": "Akamai Migration WAF",
  "product_version": "1.0",
  "engine_settings": {
    "engine_version": "2021-Q3",
    "type": "score",
    "attributes": {
      "rulesets": [1],
      "thresholds": [
        { "threat": "sql_injection", "sensitivity": "medium" }
      ]
    }
  }
}'

Rule Migration Example

# Akamai-style intent
Block requests to /admin unless the client IP is in an approved network.

# Azion criteria
Variable: ${uri}
Operator: matches
Argument: /admin

AND

Variable: ${remote_addr}
Operator: does not match
Argument: 10.0.0.0/8

Behavior: Deny (403)

Reference documentation

3. Migrating Bot, Account, and Content Protection

Akamai Bot Manager, Account Protector, and Content Protector address automated abuse, credential attacks, scraping, and abusive access patterns. Azion Bot Manager provides detection and response controls, and Bot Manager Lite is available through Marketplace for simpler use cases.

Key Differences

Aspect	Akamai	Azion Bot Manager
Detection	Bot, account, and content protection signals	Machine learning, behavioral analysis, fingerprinting, reputation intelligence
Actions	Allow, deny, challenge, or product-specific actions	Allow, deny, drop, redirect, custom HTML, random delay, hold connection
Rule integration	Security policy controls	Firewall Rules Engine
Lightweight option	Product-specific configuration	Bot Manager Lite from Marketplace

Custom Bot Rules

Criteria: ${user_agent} contains "BadBot"
Behavior: Deny (403)

Criteria: ${user_agent} contains "Googlebot"
Behavior: Allow

Verification

curl -A "BadBot/1.0" https://yourdomain.com/
curl -A "Mozilla/5.0" https://yourdomain.com/

Reference documentation

4. Migrating Prolexic and DDoS Protection

DDoS protection guards against volumetric attacks, protocol attacks, and application-layer floods. Azion provides automatic DDoS protection and Network Shield capabilities for network-layer controls.

Key Differences

Aspect	Akamai Prolexic and DDoS Products	Azion DDoS Protection
Activation	Product and traffic steering configuration	Automatic protection with configurable security controls
Layer coverage	Network and application-layer mitigation	L3, L4, and L7 protection patterns
Customization	Prolexic and security policy controls	Firewall, Network Shield, Rules Engine
Visibility	Akamai security dashboards and logs	Real-Time Metrics, Real-Time Events, Data Stream

Migration Steps

Document current Prolexic assumptions, protected prefixes, routing model, support processes, and escalation paths.
Confirm the Azion workload, Firewall, and Network Shield configuration.
Recreate application-layer controls using Rules Engine for Firewall.
Validate observability through Real-Time Metrics, Real-Time Events, and Data Stream.
Keep rollback and escalation procedures ready during the cutover window.

Reference documentation

5. Migrating Access Control, Input Validation, and Request Control

Input Validation Cloudlet, Request Control Cloudlet, and related Akamai policy logic often enforce route protection, form validation, header checks, method control, and allowlists. Recreate simple rules with Firewall Rules Engine and reserve Functions for dynamic or external validation.

Key Differences

Aspect	Akamai	Azion
Request filtering	Request Control Cloudlet or policy rules	Firewall Rules Engine
Input validation	Input Validation Cloudlet	Firewall Rules Engine + Functions
Route protection	Property and security rules	Firewall rules associated with workloads
Dynamic checks	EdgeWorkers or product-specific controls	Functions for Firewall

Firewall-Based Control Example

curl -X POST 'https://api.azionapi.net/v4/workspace/firewalls/{firewall_id}/request_rules' --header 'Authorization: Token YOUR_TOKEN' --header 'Content-Type: application/json' --data '{
  "name": "Protect API Admin Routes",
  "criteria": [[{"variable": "${uri}", "operator": "starts_with", "argument": "/api/admin"}]],
  "behaviors": [
    {"type": "deny", "attributes": {"status_code": 403}}
  ]
}'

Reference documentation

6. Migrating Edge DNS and Global Traffic Management

Akamai Edge DNS, DNS Manager, and Global Traffic Management control authoritative DNS and traffic steering. Migrate DNS after the target Azion Applications, Workloads, certificates, and security policies are ready.

Key Differences

Aspect	Akamai	Azion
Authoritative DNS	Edge DNS and DNS Manager	Edge DNS
Traffic steering	Global Traffic Management	Load Balancer + Edge DNS
Application routing	DNS records and GTM properties	Workloads, Edge DNS, Load Balancer
Validation	DNS tools, GTM tests, reporting	DNS tools, Real-Time Metrics, Real-Time Events

DNS Migration Checklist

Export current zones, records, TTLs, DNSSEC settings, and traffic steering rules.
Recreate the zone in Azion Edge DNS.
Lower TTLs before the cutover window.
Validate records with dig and application checks.
Move nameservers or CNAME records only after Applications and Workloads are ready.
Monitor Real-Time Metrics, Real-Time Events, and origin health after the switch.

Reference documentation

Store

The Store category covers data services. Migrate object, key-value, and relational data with attention to consistency, access patterns, object naming, permissions, and application compatibility.

1. Migrating NetStorage and Object Storage to Object Storage

NetStorage and object storage services power images, documents, static assets, media files, downloads, uploads, and generated content. Azion Object Storage is S3-compatible and can be used as an origin for Applications.

Key Differences

Aspect	Akamai NetStorage or Object Storage	Azion Object Storage
Protocol	NetStorage APIs or S3-compatible workflows depending on product	S3 standard
Endpoint	Akamai storage endpoint	`s3.us-east-005.azionstorage.net`
Delivery path	Akamai delivery property	Applications + Connectors
Object management	Product-specific tools or S3-compatible tools	S3-compatible tools, API, CLI, Runtime API
End-user delivery	Delivery property	Application with Object Storage Connector

Update Configuration

import { S3Client } from '@aws-sdk/client-s3';

const client = new S3Client({
region: 'us-east-005',
endpoint: 'https://s3.us-east-005.azionstorage.net',
credentials: {
  accessKeyId: Azion.env.get('AZION_ACCESS_KEY'),
  secretAccessKey: Azion.env.get('AZION_SECRET_KEY')
}
});

Migrate Data with S3-Compatible Tools

Use tools such as s3cmd, rclone, or AWS CLI to move objects when the source supports S3-compatible access. For NetStorage-specific workflows, export to a local or intermediate bucket before importing to Azion Object Storage.

Task	Command Pattern
List buckets	`s3cmd ls`
Upload object	`s3cmd put file.png s3://my-bucket/`
Download object	`s3cmd get s3://my-bucket/file.png`
Sync buckets	`s3cmd sync s3://source-bucket/ s3://dest-bucket/`

Reference documentation

2. Migrating EdgeKV to KV Store

EdgeKV is commonly used with EdgeWorkers for configuration, feature flags, personalization, authorization metadata, and lightweight state. Azion KV Store provides distributed key-value storage accessible from Functions.

Key Differences

Aspect	Akamai EdgeKV	Azion KV Store
Data model	Namespaces, groups, and items	Namespaces with key-value pairs
Access pattern	EdgeWorkers access	Functions through `Azion.KV`
Common use cases	Config, flags, session metadata	Config, flags, session metadata, lightweight state
Migration focus	Export, transform, import, and validate reads	Namespace creation, key import, and Function updates

API Comparison

// Before: Akamai EdgeKV-style pseudocode
const value = await edgeKv.getText({ namespace: 'config', group: 'features', item: 'checkout' });

// After: Azion KV Store
const kv = await Azion.KV.open('config');
const value = await kv.get('features:checkout');
await kv.put('features:checkout', 'enabled');

Create a KV Store Namespace

Access Azion Console.
Go to Store > KV Store.
Create a namespace for the migrated data.
Import or recreate keys using your migration script.
Update Functions to use the namespace name.

curl -X POST 'https://api.azionapi.net/v4/workspace/kv/namespaces' --header 'Authorization: Token YOUR_TOKEN' --header 'Content-Type: application/json' --data '{
  "name": "akamai-migration-kv"
}'

Migration Checklist

Export namespaces, groups, items, metadata, and expiration rules from Akamai.
Decide how EdgeKV group and item naming maps to Azion keys.
Preserve key prefixes and naming conventions where possible.
Document default behavior for missing keys.
Validate value encoding, JSON serialization, and binary data handling.
Test read and write paths before moving production traffic.

Reference documentation

3. Migrating Managed Databases to SQL Database

Akamai managed database workloads, including workloads inherited from Linode environments, can be evaluated for migration to Azion SQL Database when the application needs a relational database close to application logic.

Key Differences

Aspect	Akamai Managed Databases	Azion SQL Database
Data model	MySQL or PostgreSQL depending on source service	SQL database service
Application access	Application or service connection string	Functions and application integrations
Migration focus	Export schema, data, users, and connection settings	Create database, import data, validate queries
Operational validation	Backups, replicas, connection limits, query behavior	Database lifecycle, query behavior, Functions integration

Migration Checklist

Export schema, data, indexes, users, and extension requirements from the source database.
Create the target SQL Database database.
Import data and validate row counts.
Update application connection settings or Functions integrations.
Run application-level read and write tests before cutover.

Reference documentation

Observe

The Observe category covers metrics, events, real-user monitoring, logs, and external streaming destinations. Migrating observability ensures you keep production visibility, troubleshooting capability, and compliance reporting after cutover.

1. Migrating TrafficPeak and Reporting to Real-Time Metrics

Akamai TrafficPeak and reporting workflows provide operations and security visibility. Azion Real-Time Metrics provides dashboards and GraphQL access for requests, bandwidth, status codes, latency, cache, and origin behavior.

Key Differences

Aspect	Akamai TrafficPeak and Reports	Azion Real-Time Metrics
Scope	Traffic, operations, and security reporting	Application, workload, cache, performance, and traffic metrics
Access method	Akamai UI and APIs	Console and GraphQL API
Use cases	Traffic trends, security visibility, operations	Traffic trends, latency, cache hit ratio, errors, origin behavior
Migration focus	Dashboard and alert parity	Dashboard, filters, GraphQL queries, Grafana if needed

Available Metrics

Azion Real-Time Metrics tracks:

Request metrics: total requests, requests by status code, requests by HTTP method.
Performance metrics: response time, upstream header time, origin response time.
Bandwidth metrics: data transferred and data saved by cache.
Cache metrics: hit ratio, miss ratio, expired objects.
Error metrics: 4xx errors, 5xx errors, origin errors.

Access Real-Time Metrics

Access Azion Console.
Go to Products menu > Real-Time Metrics.
Select your application or workload.
Configure the time range and filters.
Export or recreate dashboards if needed.

query HttpMetricsQuery {
httpMetrics(
  limit: 10,
  filter: {
    tsRange: {begin: "2024-01-01T00:00:00", end: "2024-01-02T00:00:00"}
  }
  aggregate: {sum: requests}
  groupBy: [ts]
) {
  ts
  sum
}
}

Reference documentation

2. Migrating DataStream to Data Stream

Akamai DataStream exports logs to downstream destinations. Azion Data Stream exports logs continuously to external destinations for long-term storage, analytics, SIEM, and operational monitoring.

Key Differences

Aspect	Akamai DataStream	Azion Data Stream
Delivery model	Log streaming to configured endpoints	Push to external destinations
Format	Stream and destination-specific formats	JSON and customizable templates
Destinations	External logging and storage services	S3, Azure Blob, Datadog, Splunk, Kafka, BigQuery, Elasticsearch, HTTP endpoints, and more
Source selection	Akamai property or product logs	Applications, WAF, Functions, and other event sources

Configure Data Stream

Access Azion Console.
Go to Products menu > Data Stream.
Click + Stream.
Configure the source, such as Applications or WAF.
Select or create a template for the log format.
Choose a destination.
Configure destination credentials.
Activate the stream.

curl -X POST 'https://api.azion.com/v4/workspace/stream/streams' --header 'Authorization: Token YOUR_TOKEN' --header 'Content-Type: application/json' --data '{
  "name": "Akamai Migration Log Stream",
  "source": {
    "type": "applications"
  },
  "template_id": 12345,
  "endpoint": {
    "type": "s3",
    "name": "my-s3-endpoint",
    "bucket": "my-logs-bucket",
    "region": "us-east-1",
    "access_key": "YOUR_ACCESS_KEY",
    "secret_key": "YOUR_SECRET_KEY"
  },
  "active": true
}'

Supported Destinations

Data Stream supports multiple destination patterns:

Cloud Storage: Amazon S3, Azure Blob Storage, Azion Object Storage.
Monitoring: Datadog, Splunk, Elasticsearch, Azure Monitor.
Streaming: AWS Kinesis Data Firehose, Apache Kafka.
Analytics: Google BigQuery.
Security: IBM QRadar.
Custom: HTTP Webhook, Standard HTTP/HTTPS POST.

Reference documentation

3. Migrating mPulse to Edge Pulse

Akamai mPulse provides real-user monitoring and digital experience analytics. Azion Edge Pulse collects navigation data and real-user performance signals through a JavaScript tag and makes the data available for analysis through Observe products.

Key Differences

Aspect	Akamai mPulse	Azion Edge Pulse
Collection model	Real-user monitoring tag	Edge Pulse JavaScript tag
Use cases	User experience, latency, availability, performance analytics	Navigation data, availability, latency, throughput, user access quality
Analysis	mPulse dashboards and exports	Edge Pulse, Real-Time Events, Real-Time Metrics, Data Stream
Migration focus	Beacon placement, dashboards, alert logic	Tag placement, data validation, dashboard and event analysis

Migration Checklist

Identify every page template, tag manager rule, or application shell where mPulse is installed.
Document the metrics, dimensions, dashboards, and alerts your team uses.
Add the Edge Pulse JavaScript tag to representative pages.
Validate navigation data in Real-Time Events.
Recreate dashboards and alerts using Real-Time Metrics, Real-Time Events, Data Stream, or Grafana.

Reference documentation

4. Migrating Investigation Workflows to Real-Time Events

Log data is essential for debugging, security analysis, incident response, and compliance. Real-Time Events provides immediate log access through Console or GraphQL API for troubleshooting and investigation.

Key Differences

Aspect	Akamai Investigation Workflows	Azion Real-Time Events
Access method	Akamai product dashboards, reports, and logs	Console and GraphQL API
Data model	Akamai product log fields	HTTP, WAF, DNS, Functions, image, Edge Pulse, and other event datasets
Querying	Product-specific filters	Console filters and GraphQL
Use cases	Debugging and security investigation	Debugging, security investigation, compliance evidence

Access Real-Time Events

Access Azion Console.
Go to Products menu > Real-Time Events.
Select the dataset, such as HTTP Requests or WAF.
Configure the time range and filters.
Click Search to query logs.
Click a row to inspect event details.

query HttpEvents {
workloadEvents(
  limit: 100,
  filter: {
    tsRange: {begin: "2024-01-01T00:00:00", end: "2024-01-01T01:00:00"}
  }
) {
  ts
  remoteAddress
  requestUri
  status
  upstreamResponseTime
}
}

Reference documentation

Troubleshooting

Common Issues

Issue	Likely Cause	Solution
Application responds differently from Akamai	Property rules, behaviors, cache key, or origin selection were not fully mapped	Compare the active Akamai property version with Azion Rules Engine and Connector configuration
EdgeWorkers code fails	Akamai runtime APIs remain in the code	Rewrite platform APIs using Azion Functions and Runtime APIs
Cloudlet logic missing	Cloudlet policies were not converted to Rules Engine, Load Balancer, or Functions	Inventory each Cloudlet policy and map it to the appropriate Azion behavior
Environment variables not found	Variables were not configured on the Function instance	Confirm variables exist and code uses `Azion.env.get()`
Redirects not working	Cloudlet or property match rules were converted to an incorrect regex	Test capture groups and verify Rules Engine criteria
Headers missing	Property header behavior was not migrated	Add request or response rules, or use a Function for dynamic headers
Cache hit ratio drops	Cache key, TTL, CP code, cache tag, or Cloud Wrapper behavior changed	Review Cache Settings, Advanced Cache Key, Tiered Cache, and Origin Shield
EdgeKV data missing	EdgeKV export or import was incomplete	Re-export keys, validate namespace mapping, and check value encoding
Object Storage access denied	S3 credentials or endpoint are incorrect	Verify credentials and use `s3.us-east-005.azionstorage.net`
Logs missing in destination	Data Stream source, template, or endpoint is misconfigured	Validate stream status, destination credentials, and selected variables
Certificate not active	Domain ownership or certificate association is incomplete	Confirm certificate status and workload association before DNS cutover
DNS traffic not moving	TTLs, CNAMEs, nameservers, or GTM replacement rules are incomplete	Validate records with `dig`, confirm workload association, and monitor traffic after the switch

Key Advantages After Migration

Migrating from Akamai to Azion is strongest when the team treats the first cutover as a repeatable migration pattern. The immediate goal is continuity: users keep reaching the same domains, critical routes continue working, security controls remain active, and observability is ready before traffic moves.

The larger value comes after migration, when teams operate delivery, compute, storage, security, DNS, traffic management, and observability in one platform model.

Area	Advantage after migration	What it means in practice
Migration strategy	Incremental migration path	Teams can migrate one Akamai property at a time and validate each layer independently.
Platform model	Unified application platform	Build, Secure, Store, and Observe capabilities are managed through a connected platform model.
Build	Modern application deployment	Applications can be deployed from GitHub or CLI with Azion configuration.
Build	Rules-based application control	Rules Engine can manage redirects, headers, cache behavior, routing, segmentation, and request/response logic.
Build	Distributed function execution	Functions can replace EdgeWorkers and Akamai Functions logic for authentication, personalization, APIs, and integrations.
Build	Integrated cache and origin protection	Cache, Tiered Cache, Origin Shield, and Application Accelerator reduce origin dependency.
Build	Image and media optimization	Image Processor, Cache, and Object Storage support image, media, and download delivery patterns.
Secure	Controlled domain and TLS cutover	Workloads, Edge DNS, and Certificate Manager can be prepared before switching production traffic.
Secure	Integrated application security	WAF, Bot Manager, Network Shield, DDoS Protection, and Firewall rules can protect workloads together.
DNS	Integrated traffic management	Edge DNS and Load Balancer can replace DNS management and traffic steering patterns.
Store	S3-compatible Object Storage	NetStorage and object storage workflows can be migrated using familiar S3-compatible tools when available.
Store	KV for low-latency application data	EdgeKV use cases can be migrated to KV Store for configuration, flags, metadata, and lightweight state.
Observe	Real-time metrics for production visibility	Real-Time Metrics replaces reporting-style views with dashboards and GraphQL access.
Observe	Real-time events for investigation	Real-Time Events provides detailed logs for requests, functions, WAF, DNS, image processing, Edge Pulse, and other datasets.
Observe	Data streaming to external tools	Data Stream sends logs to external destinations for SIEM, analytics, storage, and compliance workflows.

With Azion, teams can build and run applications on globally distributed infrastructure while combining compute, delivery, storage, security, DNS, and observability capabilities in one environment. This reduces the fragmentation that often appears when modern applications depend on many separate services and configuration patterns.

Next Steps

After your migration is complete:

Review Real-Time Metrics to monitor application performance.
Set up Real-Time Events for production visibility.
Configure Web Application Firewall for production security.
Review the individual feature guides for advanced configuration.

Get Started with a Small Property

The best way to begin is not with the most complex Akamai property in your portfolio. Start with a property that is meaningful enough to validate the migration path, but small enough to move quickly and safely.

Choose a property that includes representative pieces of your architecture: one or two hostnames, a few origins, cache rules, redirects, headers, maybe one Cloudlet or EdgeWorker, and one logging destination. Use that property to validate the workflow, document the process, and identify internal patterns your team can reuse.

From there, expand gradually. Migrate more complex property rules. Move additional EdgeWorkers. Bring over storage and key-value data. Add observability. Review security rules. Then prepare production cutovers with greater confidence.

Recommended Next Steps

Need Help?

Get help from the Azion Support team, or join our Discord community to see how others are using Azion.