Magnolia blossoms with Fastly secure delivery

Delivering excellent digital experiences across brands, markets and channels is big business. How big exactly? The global Digital Experience Platform (DXP) market size was $12.23 billion in 2022 and is expected to grow to $27.17 billion by 2028 (according to Absolute Reports).

It’s a crowded market with many major players. But Magnolia captures customers with a unique offering: one platform that meets enterprises’ real-world needs by:

• Consolidating all content in one central hub, allowing reuse across channels and preventing duplication.


• Connecting any data source, application, or channel through easy integrations – today and in the future.


• Letting enterprises create digital experiences in a unified authoring interface with a seamless workflow regardless of content source.

Magnolia’s platform helps enterprises speed up digital delivery and create fully integrated customer experiences.

In 2021, Magnolia expanded its offering by providing its application as a platform as a service (PaaS), making operations easier and enhancing content delivery and security.

CDN challenge: a change in philosophy

For over 20 years, Magnolia has been providing its application for customers to host on-premises, and later as a managed service in the cloud. While customers were able to leverage a CDN of their choice with Magnolia’s cloud solution, it did not include an embedded CDN.

Over the years, customers kept asking for a platform that made it easier to manage infrastructure deployments and experience delivery, including an embedded CDN to take care of topics like domain certificates, DDoS mitigation, scaling, stability, caching and WAFs.

As the demand increased, Magnolia’s PaaS team decided to embed a CDN that would extend and enhance Magnolia’s capabilities – embracing topics like spike handling, caching and WAF.

So the search was on for a ground-breaking collaborator. Magnolia needed a CDN vendor that would meet customer demands while fitting smoothly with its service model.

CDN checklist

Once other competitors were eliminated, Fastly found itself in a two-horse evaluation race with Cloudflare.

Magnolia’s future CDN needed to complement Magnolia’s PaaS offering, which was entirely hosted in the cloud – using AWS, Azure, Tencent, and Mironet. The Magnolia application itself was written in Java and Go.

Magnolia’s CDN checklist included the following must-haves:

• API-first CDN to allow easy integrations and configurations


• Ability to handle 100 terabytes (TB) of traffic per month


• CDN technology that complements Magnolia’s business model

While customers were still free to bring their own CDN, Magnolia's plan was to embed the CDN into its platform as a service and resell it. To provide real value, Magnolia was determined to make the CDN better than any solution the customer may already be using. It was crucial for the team to work with a CDN vendor that would allow them to approach this project with confidence.

All told, the business relationship between Fastly and Magnolia had to be simple, scalable, easily contractible and without a big fork which might affect tailoring, maintainability and support.

After a close-run competition, Fastly took a clear first place. As well as ticking all the technical boxes, it impressed in terms of business requirements, support, availability and consultancy. But one specific part of the puzzle remained: implementing a Web Application Firewall (WAF) that would satisfy an increasingly security-conscious clientele.

Security: the next piece of the puzzle

Serving clients in verticals like banking and finance means that Magnolia’s platform has always been strong on security. Including a WAF as part of Magnolia’s PaaS offering was to become an additional differentiator.

Plans to bring security into the cloud context in an automated, consistent package for customers gained much more impetus once the Fastly CDN was in place. In other words, Magnolia wanted the whole package.

The company first started with Fastly’s legacy WAF but eventually migrated to the Fastly Next-Gen WAF, running the solution at the edge. From the get-go, Magnolia had been impressed with the WAF’s performance and reliably running it in full-blocking mode for most of its customers. The Fastly Next-Gen WAF is blocking traffic like SQL injections and OWASP Top 10 attacks (such as cryptographic failures, security misconfiguration, security monitoring and logging features, and server-side request forgery).

Magnolia's must-haves for a WAF were OWASP Top 10 standard protection and DDoS mitigation. But the Fastly Next-Gen WAF has also delivered:

• fewer false positives


• excellent reports and integration options with Slack (allowing easy notifications)


• automated certificate management every 3 months with Let’s Encrypt, mitigating human error

Magnolia was also impressed with the level of support:

“If we need help urgently I can contact Fastly Next-Gen WAF experts directly.”
Teresa Miyar, Senior Software Architect, Magnolia.

The future: consolidating the user experience

Magnolia doesn’t give its customers direct access to the Fastly Next-Gen WAF. Rather, it integrates the customers’ API and exposes key WAF statistics and dashboards in its platform’s cockpit UI.

As security becomes even more of a priority for all types of customers, the ultimate endgame will be keeping this complex but essential practice as simple and accessible as possible. In practical terms, this will result in an intuitive SIEM (Security Information and Event Management) dashboard displaying detailed statistics and vulnerabilities relating to the CDN, application, infrastructure and network, going beyond standard security monitoring.

As Magnolia continues its mission to help enterprises deliver digital experiences without trade-offs, the Fastly CDN and Next-Gen WAF complement its platform perfectly.