limelight networks, inc. partner document · arc light policy development tailored implementation...

Limelight Networks, Inc.

Partner Document December 2017

Partner Document

© 2017 Limelight Networks, Inc. | All Rights Reserved 2 of 30 Revised December 1, 2017

Table of Contents

1. Document Information 3 2. Service Usage, Pricing, and Traffic 3

2.1. Service Usage and Pricing 3 2.2. Traffic Spikes 4 2.3. Traffic Shaping 4

3. Services & Products 5 3.1. Content Delivery Services 5

Content Delivery Platforms 5 3.1.1. Content Delivery Activation and Advanced Services 6 3.1.2. Content Delivery Service Information 7 3.1.3.

3.2. Origin Storage Services 9 Storage Retrieval 9 3.2.1. Intelligent Ingest 9 3.2.2. Origin Storage Activation and Advanced Services 9 3.2.3. Origin Storage Add-On Services 9 3.2.4. Origin Storage Service Information 10 3.2.5.

3.3. Video Delivery Services 11 Video Delivery Platforms 11 3.3.1. Video Delivery Add-On Services 12 3.3.2. Video Delivery Activation and Advanced Services 12 3.3.3. Video Delivery Service Information 13 3.3.4.

3.4. Content Delivery Security Services 14 Secure Traffic 14 3.4.1. SSL Certificates 14 3.4.2. Content Delivery Security Activation and Advanced Services 14 3.4.3. Content Delivery Security Service Information 15 3.4.4.

3.5. Cloud Security Services 15 Security Alert, WAF Express, and Web Application Firewall 15 3.5.1. DDoS Attack Interceptor (DAI) Service 15 3.5.2. Cloud Security Activation and Advanced Services 16 3.5.3. Cloud Security Service Information 16 3.5.4.

3.6. Limelight Control 19 4. Activation Services 20 5. Advanced Services 20 Appendix A: Service Definitions for Limelight’s DAI Products 21 Appendix B: Limelight Product & Service Feature Descriptions 23 Appendix C: Acronyms & Terms 27

Partner Document


1. Document Information This Partner Document contains descriptions of all services offered by Limelight, including usage requirements, calculation methodologies for invoicing, and other terms.

Capitalized words without definition used in this Partner Document have the meanings assigned to them in the appendices, the Terms of Service, the applicable Order Form, and/ or the Service Level Agreement (SLA).

Product/ Service names and features in blue text link to descriptions in the Limelight Service and Product Features section of this document.

2. Service Usage, Pricing, and Traffic

2.1. Service Usage and Pricing

Measuring Usage 2.1.1.For Services measured in megabits per second (Mbps), gigabits per second (Gbps), or other bit-per-second unit, Usage is based on the 95th Percentile. Services measured in megabytes (MB), gigabytes (GB), terabytes (TB), or petabytes (PB) are invoiced based on cumulative total of Usage, or the uncompressed equivalent, as measured by Limelight. Other Services are invoiced by measuring Usage in the form of the number of Requests, Queries per Second (QPS), the number of hours consumed, or other unit of measure set forth in the Order Form.

Regional Calculations Limelight measures Customer’s Usage on a regional basis, as further provided in this Partner Document and/or Customer’s Order Form.

Invoicing 2.1.2.This section describes how Limelight invoices for Services, as well as certain Usage requirements and general Service-related information applicable to the purchase and use of Services.

Invoicing for any particular Service begins on the Service Activation Date for that Service. One-Time Fees and Annually Recurring Fees are invoiced in advance, following the Effective Date. Monthly

Recurring Fees are invoiced in advance each Billing Period, irrespective of whether Customer uses or satisfies the Usage Commitment. Usage not otherwise included in the Monthly Recurring Fees and Overages is invoiced in arrears each Billing Period.

Any unused portion of the Usage Commitment, if any, does not carry over to any subsequent Billing Period. If a separate Burstable Rate is not set forth in the applicable Order Form, the Unit Price otherwise stated in

the Order Form applies. Overages are invoiced by multiplying the excess Usage by the applicable Burstable Rate or other applicable Unit Price.

Minimum Commitments are calculated using Usage at the applicable Base Unit Price, without regard to Premium Rates or other Fees.

Customer’s use of the Service means acceptance of delivery of invoices by electronic mail. However,

Limelight reserves the right to use other methods of delivery. An additional form of delivery may be

available upon Customer’s written request.

https://www.limelight.com/terms-of-service/

Partner Document


2.2. Traffic Spikes Traffic Spike means a 5 Minute Data Sample indicating Customer's bandwidth utilization increases by more than 20 percent over Customer's prior usage, as averaged over the immediately preceding three months for the same time of day and the same geographic location. Traffic Spikes are excluded from Service Level Agreements, credits, or remedies, and Limelight reserves the right, at its sole discretion, to use Traffic Shaping and/ or deny, suspend, or terminate Services in the event that Customer’s Traffic creates a Traffic Spike.

Customer must provide Limelight advance notice of a Traffic Spike no less than 48 hours prior to the Traffic Spike; this notice (Spike Notice) will set forth anticipated Usage. Limelight’s acceptance, if any, of a Traffic Spike (Accepted Spike), will be given at its sole discretion, within a reasonable time after Limelight’s receipt of the Spike Notice, and prior to the anticipated Traffic Spike. Accepted Spikes may be included in a Service Level Agreement, but only at Limelight’s sole discretion and upon written notice to Customer.

2.3. Traffic Shaping Traffic Shaping means Limelight’s manipulation and prioritization of Traffic for more efficient use of bandwidth to reduce the impact of that Traffic from affecting other Limelight customers and the Limelight network, including but not limited to throttling, rate limiting, or geographically redistributing of Traffic.

Partner Document


3. Services & Products

3.1. Content Delivery Services

Content Delivery Platforms 3.1.1.Professional Premier Enterprise**

Reporting & Analytics

Basic Premium Premium Control portal

Custom views (sub reports)

Live logs

Control reporting APIs

Content Delivery

Backup origin support

GZIP Pass-through

GZIP at the Edge

HTTP methods: GET, HEAD

HTTP methods: OPTIONS, POST

HTTP methods: PUT, DELETE

HTTP VOD Streaming

HTTP Live Streaming

MP4 Seek

FLV Seek

Last Mile Acceleration

Rate Limiting

Web Site Caching

HTTP Header Manipulation

Web Site and Application Acceleration

Web Site and Application Device Detection

Video Acceleration

Security

SSL Delivery via *.hs.llnwd.net cert

Geo Fencing

MediaVault

CORS Management

IP Access Control

S3 Authentication

Real-Time Messaging Protocol Encrypted (RTMPE)

SWF Verification

SNI SSL slot for Customer Certificate

Configuration & Management

Self-Configuration

Plus Plus SmartPurge/ SmartPurge Plus

Unlimited Hostnames/ Configurations

Enhancements

Traffic Director

Traffic Director Queries

Global set of dedicated VIPs

Managed DNS

ARC Light

Multi-device Media Delivery On Demand (MMD OD)

Multi-device Media Delivery Live (MMD Live)

Add-on Services

DDoS AI

WAF

SSL slots and certificates

Origin Storage

**Enterprise includes a dynamic content acceleration and Web site optimization solution for personalized, complex Web sites and applications delivered to users on any device, anywhere, with virtually instant response times. This feature accelerates personalized content to increase page views and conversion rates, reduce site abandonment, and speed transaction completion. Integrated with the Limelight global Content Delivery Network (CDN), this feature interoperates with and is tailored to the Customer’s existing infrastructure and online application solutions.

Partner Document


Content Delivery Activation and Advanced Services 3.1.2.

Content Delivery Basic Activation Implementation of Limelight Content Delivery or streaming Services and all their components In Scope: Order validation. Configuration. Welcome letter. Kickoff call and solution review. Training. Best

practices. Handoff to support team. Not in Scope: Security services. Web development training. Application development training.

Content Delivery Performance Basic Activation Implementation of dynamic content acceleration for up to 3 fully qualified domains (FQDNs) Scope

Conduct kickoff call Confirm Scope Inspect sites/ headers and determine configuration(s) Review/ Revise proposal Schedule recurring implementation status call Stage configuration(s), test site(s) Document configuration(s) and review/ request feedback Train on testing methodologies, order entry, reporting, purge, best practices, go-live, rollback

procedures Review configuration document Handoff for final end-to-end QA testing Confirm acceptance, schedule go-live date Send confirmation of completion of work (Production Ready) Handoff to account and support teams Create basic runbook Monitor go-live in real-time with engineer ready to assist if go-live is within 2 weeks of Production

Ready

Content Delivery Tailored Performance Activation This Tailored Implementation of Limelight Content Delivery is designed to meet the Customer's specific needs.

Implementation of dynamic content acceleration for up to 3 fully qualified domain names (FQDNs) Scope will be specifically defined in a Statement of Work (SOW) and may include

4 or more hostnames requiring configuration Integration with other Limelight offerings (e.g. Content Delivery, Content Director, Traffic Balancer/

Failover/ Director, Storage, Video, Content Management) Front-end acceleration implementation (if applicable) Real-time monitoring or tap-on-the-shoulder assistance during go-live (if more than two weeks after

Production Ready) Business rules "at the edge" Cache-key manipulation (e.g. by cookie, header, geo, language) Mobile device detection Origin configuration review End-to-end health-check Origin load balancing, failover, geo-targeting, or multiple origin locations Creation of custom views (sub reports) for specific sites, file types, etc. Creation of runbooks, custom how-to guides, and other custom documentation Automated performance/ load testing (e.g. Gomez, Keynote, Catchpoint, SOASTA) Analysis and "matching" of a non-Limelight configuration file/ document Integration or load balancing between Limelight and another Content Delivery Network (CDN) Use of wildcard or RegEx (regular expressions) published hostnames (one configuration matching more

than one FQDN)

Implementation begins when the parties have entered into a SOW.

Partner Document


Custom Rules Customization Implementation of up to 3 rule configuration files 6 hours of planning, testing, and basic documentation If go-live is within 2 weeks of Production Ready, real-time monitoring of go-live with engineer ready to

assist Analysis and “matching” of a non-Limelight configuration file/ document Mobile device detection

Domain Name Implementation Additional or new domain names, including copying an existing configuration 6 hours of planning, testing, and basic documentation Real-time monitoring of go-live with engineer ready to assist

Traffic Director Optimization Implementation of Traffic Director, up to 25 policies and 50 resources

MMD Live Activation Setup and configuration of MMD Live and/ or provisioning of Transmux (TX), Standard Definition (SD), High Definition (HD), or Full High Definition (FHD) slots per Order Form.

ARC Light Policy Development Tailored implementation for one or more ARC Light policies to meet customer-specific needs Scope is specifically defined in a Statement of Work (SOW) and may include access control; URL hashing;

setting or removal of custom headers; logic driven by client IP, region, cookies, or client headers; redirection; origin selection; and cache control settings. Requires scoping.

ARC Light Policy Implementation Customer-specific configuration and implementation of an existing ARC Light policy

Content Delivery Advanced Activation Implementation of Content Delivery service bundles and all of their components Scope: Order validation. Configuration. Welcome letter. Kickoff call and solution review. Training. Best

practices. Handoff to Support. Out of Scope: Security services. Web development training. App development training.

Content Delivery Tailored Activation Implementation of Content Delivery or streaming Services and all their components, plus additional

services Web development and API support Scope is defined in a Statement of Work (SOW) and may include: Custom configurations. Additional services

(not accelerated). API support. Additional training. Project management.

Content Delivery Service Information 3.1.3.

Video Acceleration Available to Content Delivery Enterprise customers with Performance Acceleration Premium and

Performance Basic Implementation

Managed DNS Services are invoiced based on bundles of queries per second (QPS) with 95th Percentile. Managed DNS

Includes Managed DNS Domain, Managed DNS Hostname, and Managed DNS Resource Record Overage charges may apply for Usage in excess of included services.

Add-on services Managed DNS Traffic Director: Managed DNS Traffic Director is an external service not hosted on the

Limelight network; this offering is different from Limelight’s Traffic Director and is invoiced per hostname.

Managed DNS Private Pool with Vanity Name Servers: Set of nameserver hostnames/ IP addresses Managed DNS Gold Support: 24/7 phone support; 24/5 monitored email; 1 business-hour response SLA Managed DNS Platinum Support: 24/7 phone support; 24/7 monitored email; 30-minute response SLA

Partner Document


SmartPurge and SmartPurge Plus SmartPurge and SmartPurge Plus functionalities allow Customers to initiate and complete the removal of

Content from the globally distributed edge servers on the Limelight network, based on a published URL and origin URL or pattern of URLs.

Requests through SmartPurge and SmartPurge Plus result in Content deletion or invalidation from the network cache. A deletion forces a cache fill from an origin if an end user requests that Content subsequent to the purge. An invalidation forces the network to check with the origin for the correct version of Content if an end user requests that Content subsequent to the purge.

Customer is solely responsible for any loss of Content and Service disruptions, including those caused by requests to Customer’s origin, resulting from the use of SmartPurge or SmartPurge Plus.

China Content Delivery China content delivery is intended to delivery Customer content into mainland China only. Traffic Director is required for China content-delivery services to ensure that requests for content

originating within mainland China are directed to China content-delivery services and those originating outside mainland China are directed to Limelight Content Delivery services.

China ICP license is not sold as a stand-alone product. Every Customer configuration for China content delivery must have an equivalent Limelight product configuration, which is subject to its own package and Fees.

Limelight uses commercially reasonable means to deliver Customer's Content from within China but does not guarantee that all Customer Content will be delivered from within China at all times. Without limiting the foregoing, Limelight does not guarantee specific capacity within China and may, at its sole discretion, restrict the bandwidth available to Customers within China.

Limelight reserves the right at its sole discretion to deliver Customer's Content from geographic areas outside of China based on geography and access to local network connectivity for performance and availability.

Customer is solely responsible at all times to ensure that Customer Content complies with all local laws in China, including but not limited to any registration requirements for Web site(s) hosted within China and using a China top-level domain.

Customer will provide Limelight with any documentation or registration information (including origin IP addresses) reasonably requested by Limelight, and Customer acknowledges and agrees that Limelight is not responsible for any actions or inactions by, or on behalf of, any Chinese government entity that filters, blocks, alters, damages, or otherwise prevents delivery of all or any part of Customer's Content.

Limelight may, at its sole discretion, utilize the services of a third party to deliver all or part of Customer Content in China.

Limelight is not liable to Customer for disclosure by Limelight of the originator of any Customer Content upon direct inquiry from any government authority, and in accordance with applicable law.

If a Chinese Internet Content Provider License (ICP License) is required for delivery of Content in/ to China, Customer is solely responsible, including cost and expense, for obtaining the ICP License.

China ICP License Service is subject to the following stipulations: It is a third-party Service and is not covered by the Service Level Agreement (SLA), if any, for any other

China Delivery Service. Depending on license type, obtaining an ICP License may take up to 9 months. Purchase of this Service requires that the Customer execute a separate ICP License Request Form with

the third-party provider. Purchase of this Service does not guarantee that Customer will receive a Chinese Internet Content

Provider License If Customer obtains an ICP License as a result of the purchase of this Service, Customer remains solely

responsible to ensure that Customer Content and use of the Services comply with all local laws, including but not limited to any registration requirements for Web site(s) hosted within China and using a China top-level domain.

China Content Delivery Services: China Deliver: Caching and HTTP delivery of static Web site content China Secure Delivery: Caching and HTTPS delivery of static Web site content China HTTP VOD: HTTP VOD streaming China Live Streaming: Live streaming of FMS (RTMP), HDS, and HLS (HTTP) China Dynamic Delivery: Interactive content acceleration and TCP transport acceleration China Storage: Distributed storage or content origin extension

Partner Document


ChinaCache services included in every bundle: China Portal: Service usage and reporting China Logs: Service usage logs China Purge: Flexible caching rules and content purging abilities China Pre-Cache: Cache pre-load China Geo Blocking: Geo restrictions

China Content Delivery Advanced Services: Content Delivery Basic Activation Security Basic Implementation

China Content Delivery Add-On Services: China Anti-hijack & MediaVault: Anti-hijack based on end user IP address and time token China ICP License: China ICP license acquisition and maintenance to allow customers to deliver content

directly from nodes within China, behind the firewall China ICP License Management: ICP license management for customers who require third-party

assistance within China to obtain ICP licenses China Additional Domains: Additional domain names China Services Configurations: Additional configurations China Customer-provided SSL Certificate: Monthly hosting fee for customers requiring HTTPS services

and providing their own SSL certificate China Catchpoint monitoring: Performance monitoring using the Catchpoint service in China; ten-

minute interval testing across multiple locations in China

3.2. Origin Storage Services

Storage Retrieval 3.2.1.

Intelligent Ingest 3.2.2.

Origin Storage Activation and Advanced Services 3.2.3.Origin Storage Activation Services come in two levels: Basic Activation and Tailored Implementation. Additional Advanced Services, such as Intelligent Ingest, data upload, data export, and reporting are also available.

Origin Storage Basic Activation Implementation of the Limelight Origin Storage service using one of the standard replication strategies Scope includes: Order validation. Configuration. Welcome letter. Kickoff call and solution review. Training.

Best practices. Handoff to support team.

Origin Storage Tailored Implementation A storage solution that meets Customer’s specific needs, inclusive of replicated Content and Customer

configurations Scope is defined in a Statement of Work (SOW) and may include: replication, mutators, custom

configuration, additional service (not accelerated), API support, additional training, project management, data export, data upload

Implementation begins when the parties have entered into a Statement of work (SOW).

Origin Storage Add-On Services 3.2.4.

Third-Party CDN Service Egress Third-Party Content Delivery Network (CDN) Service Egress entitles Customer to access Origin Storage from third-party CDNs (when used in conjunction with the Limelight CDN).

Origin Storage/ Video Platform Data Content Report Identify Limelight storage contents to be surveyed. Generation of report. Report delivered as text file to customer. URLs have a 30-day MediaVault token expiry.

Partner Document


Intelligent Ingest GB GBs retrieved from customer origin and ingested into Limelight Origin Storage. Invoiced monthly based on GBs ingested.

Intelligent Ingest Requests Requests to retrieve content from Customer origin for ingest into Limelight Origin Storage. Invoiced monthly based on number of successful requests processed.

Origin Storage Service Information 3.2.5. Origin Storage supports the following secure upload methods:

Origin Storage Customer Portal (https://storage.limelight.com) Intelligent Ingest FTP-SSL SFTP SCP over SSH Rsync over SSH API (HTTPS) Aspera FASP

TM

Origin Storage also supports FTP and API (HTTP), insecure upload methods, which Customers use at their own risk.

Intelligent Ingest via Manifest Upload requires Origin Storage Tailored Implementation. Intelligent Ingest and Content Delivery are discrete Services, and Limelight invoices these and all other

Services separately, as further described in the Order Form and in this document.

Aspera Upload to Origin Storage The monthly Aspera Platform Fee includes an allotted amount of GBs per month for ingest to the Limelight Origin Storage Service, as set forth in the Order Form. Unit Prices for Overages are as set forth in the applicable Order Form. The Platform Fee also includes access to the standard 300 Mbps Aspera Enterprise client, and Customer may elect, for additional Fees, a faster Aspera Enterprise client. Aspera Fees are in addition to other applicable Unit Price(s) and Fee(s) for the Services.

Third-Party CDN Service Egress For content residing in Origin Storage, third-party Content Delivery Network(s) (CDNs) service enables customers to egress from Limelight Origin Storage to one or more third-party CDN(s) in addition to egress to the Limelight network.

Where Content is retrieved from Limelight Origin Storage for egress to a third-party CDN, Customer must ensure that its third-party CDN service(s) are configured to cache that Content. The minimum requirements of this configuration also must align with the expiry time Limelight provides when the Content is sent to the third-party CDN. If Customer fails to configure cache as required for third-party CDN service, Limelight reserves the right, at its sole discretion, to deny, suspend, or terminate Services.

As between Customer and Limelight, Customer must include the appropriate headers required by Customer’s third-party CDN in Customer’s Content object headers, and Limelight will not be liable in connection with Customer’s failure to include appropriate headers.

Partner Document


3.3. Video Delivery Services

Video Delivery Platforms 3.3.1.Professional Premier Enterprise

Key Features

Media Management Console

1 Account, up to 5 users

H.264 transcoding and Flash playback

Mobile H.264 transcoding and HTML playback (iPhone, iPad)

Automatic device detection (Flash/ HTML5)

Multiple bit rates, adaptive streaming delivery

Player language localization

Geo/ Domain viewing restrictions

Video clipper

Advanced player templates

Visual designer for player customization

Player viral sharing tools (embed, email a friend, link, social sharing)

Limelight ad server (pre-roll and post-roll)

Content Delivery Network (CDN)

External publishing – YouTube syndication

Support for closed-caption files

Overview performance metrics

Advanced performance metrics (video, audio, channel reports)

Advanced engagement metrics

Geographic distribution metrics (country, region, city, DMA)

Platform metrics (operating system, device, browser, platform)

Media scheduling

MRSS and iTunes syndication

Third-party ad-network integrations (e.g. Tremor Media)

Third-party ad-server integrations (VAST/VPAID support)

iOS mobile upload app (download from App Store)

Access to mobile SDKs for iOS and Android

FTP ingestion

MRSS content ingestion

Custom metadata properties

Access to advanced Chromeless Player for full customization

Custom encoding

Live Streaming (desktop)

Video Delivery Security Package



Sub-account management (up to 5)

API

Player API access

Content API access (read access)

Callback API

Content API Access (write access)

Analytics API access

Usage

450 GB 1000 GB 2000 GB Video delivery 100 GB 400 GB 500 GB Media hosting

Partner Document


Video Delivery Add-On Services 3.3.2.

Video Delivery Activation and Advanced Services 3.3.3.Video Delivery Basic Activation Services

Implementation for Limelight Video Delivery Professional Platform

Video Delivery Advanced Activation Services Implementation for Limelight Video Delivery Premier Platform and advanced solutions

Video Delivery Tailored Activation Services Implementation for customized Limelight Video Delivery Enterprise Platform and Video MMD Services

Basic Advanced Tailored*

Account creation

Validation

Welcome Letter

Kickoff call and solution review

1 hr 1 hr Training on simple data migration via MRSS or FTP

Custom player development

Custom encoding profiles

Additional training

API support (read)

API support (write)

Additional API support (mobile)

1 hr Control training

Handoff to support team**

*Scope is defined in a Statement of Work (SOW).

**Implementation begins when the parties have entered into a Statement of Work (SOW).

MMD Live Activation Services This activation is for setup and configuration of MMD Live and/or provisioning of Transmux (TX), Standard Definition (SD), High Definition (HD) or Full High Definition (FHD) slots per Order Form.

Professional Premier Enterprise

Custom encoding

Live Streaming (desktop)

Video Delivery Security Package


MMD OD usage premium


MMD Live usage premium

MMD Live SD slot

MMD Live HD slot

MMD Live FHD slot

MMD Live Transmux slot

Additional users

Additional sub-accounts

Widevine DRM

PlayReady DRM annual service

PlayReady DRM playback requests

MMD DRM

Advanced upload via Aspera

Google Analytics integration

Omniture integration

Custom third-party ad-server network integration

Custom player development with ChromelessPlayer

Custom third-party analytics engine integration

TV-Everywhere (Adobe Pass)

Custom CDN integration

Partner Document


Video Delivery Service Information 3.3.4.

Limelight Video Platform (LVP) API Deprecation Policy: Technology moves quickly and from time to time, Limelight deprecates certain API calls. Following a deprecation notice, Limelight uses commercially reasonable efforts to continue to operate the deprecated API for a period of one year after the announcement.

Multi-device Media Delivery On Demand (MMD OD) MMD OD provides delivery of video in multiple formats to various devices from a set of single-format, multi-bitrate media files.

Server-side transmuxing of multi-bitrate files into the same bitrate profiles in other formats to allow for playback on different devices

Transmuxing of MP4 and M4A to HLS, HDS, MSS and MPEG-DASH outputs Transmuxing of ISMV plus manifest to HDS, HLS, MSS and MPEG-DASH. Single playback URL output, to be used by Adaptive Bitrate Streaming (ABS) compatible players that

automatically select the best bitrate for the device

Multi-device Media Delivery-Digital Rights Management (MMD-DRM) DRM may be added to an MMD service to provide licensed access to encrypted Content. Customers can use any one or a combination of Microsoft PlayReady, Google Widevine, or Apple FairPlay

DRMs on Customers’ MMD-delivered Content. To enable Limelight to use Apple FairPlay DRM on a Customer’s MMD-delivered Content, the Customer

must first apply for and receive an Apple FairPlay Streaming Deployment Package from https://developer.apple.com/streaming/fps/.

License Key Accesses are tracked for reporting and billing purposes.

Multi-device Media Delivery Live (MMD Live) MMD Live provides delivery of live video in multiple formats to various devices from a single video source and format. Server-side transcoding of a single higher quality bitrate RTMP stream into lower bitrate profiles to allow

for Adaptive Bitrate Streaming (ABS) to reduce buffer for slower end-user Internet connections. Server-side transmuxing of RTMP streams to HLS, MPEG-DASH, HDS, MSS, and RTMP outputs SmartEmbed video player for standard desktop and mobile browser players. MMD Live is sold by slot, and Limelight reserves the right to deny or disconnect Customer’s ingest or

attempted ingest of video streams with resolutions or bitrates higher than those subscribed for provisioned slots.

MMD Live Standard Definition (SD) Slot Single Standard Definition (SD) ingestion provisioned to accept up to 576p resolution at 1800kbps bitrate (or lower).

MMD Live High Definition (HD) Slot Single High Definition (HD) ingestion provisioned to accept up to 720p resolution at 2400kbps bitrate (or lower).

MMD Live Full High Definition (FHD) Slot Single Full High Definition (FHD) ingestion provisioned to accept up to 1080p resolution at 4000kbps bitrate (or lower).

MMD Live Transmux Slot Multiple bitrate ingestion provisioned to accept up to 16000kbps aggregate bandwidth across up to 8 input bitrates.

https://developer.apple.com/streaming/fps/

Partner Document


3.4. Content Delivery Security Services

Secure Traffic 3.4.1.Content Delivery Secure Traffic Premium

SSL Certificates 3.4.2.SSL Certificates enable customers to securely deliver content via HTTPS using the Limelight Content Delivery Network (CDN).

Secure Delivery Basic Secure SSL delivery using a common name with domain validation. GeoTrust-branded certificate. Also available: up to 4 additional fully qualified domain names.

Secure Delivery Standard Secure SSL delivery using a common name with organization validation. GeoTrust-branded certificate.

Secure Delivery Wildcard Secure SSL delivery using a wildcard SSL certificate. Organization validation. GeoTrust-branded certificate. One wildcard domain.

Secure Delivery Extended Validation Standard Secure SSL delivery using a common name with extended validation. GeoTrust-branded certificate. Up to 4 additional fully qualified domain names.

Secure Delivery SAN Secure SSL delivery using a Subject Alternative Name (SAN) SSL certificate. Organization validation. GeoTrust-branded certificate. Up to 100 fully qualified domain names.

Secure Delivery Wildcard SAN Secure SSL delivery using a wildcard SSL certificate. Organization validation. GeoTrust-branded certificate. Up to 100 wildcard and fully qualified domain names.

Secure Delivery Extended Validation SAN Secure SSL delivery using a Subject Alternative Name (SAN) SSL certificate. Extended validation. GeoTrust-branded certificate. Up to 100 fully qualified domain names.

Global set of Dedicated VIPs (Virtual IP Addresses) Limelight reserves a global set of dedicated VIPs exclusively for Customer traffic. VIPs are generally used to enable customers to serve zero-rated/non-billable traffic to mobile networks, and once reserved, Limelight will not modify any such VIP without prior notice to Customer at least three months in advance.

Dedicated Global SSL Certificate Hosting Dedicated Regional Hosting Dedicated Regional hosting for North America, Europe, Asia Pacific, South America

SNI Global SSL Certificate Hosting

Content Delivery Security Activation and Advanced Services 3.4.3.

Content Delivery Security Basic Implementation Implementation of Limelight Content Delivery Security services or SSL certificates Scope: MediaVault. SWF verification. RTMPE. Rate limiting. Secure traffic delivery. Customer-provided SSL

certificate. Limelight procurement of SSL certificate. Installation and validation of certificate.

Partner Document


Content Delivery Security Service Information 3.4.4.

SSL Certificates SSL certificates come in two different versions:

Limelight-provided SSL certificates: Customer is invoiced an Annually Recurring Fee for each SSL certificate. In addition, a security implementation Fee will be charged for new certificates or for any update to an already purchased certificate.

Customer-provided SSL certificates: Customer is invoiced a Fee for Security Basic Activation for the initial installation of the certificate and for any subsequent updates. As between Limelight and Customer, Customer must obtain a license to use the certificate on a CDN, maintain valid ownership of the domains contained on the certificate, and provide a new certificate to Limelight 30 days prior to the expiration of any existing certificate.

3.5. Cloud Security Services

Security Alert, WAF Express, and Web Application Firewall 3.5.1.Security

Alert WAF

Express Web App Firewall

Globally distributed anycast addresses*

DDoS attack notification and alerts

Per-IP address rate limiting

CAPTCHA support

Basic OWASP 10 rules

Basic WAF portal

Basic IP access and geo access controls

Bad Bot detection and mitigation

Active mitigation of Layer 7 DDoS attacks

24/7 security operations center monitoring

Fully managed white-glove service

Add-on Services

Web application domain

Additional WAF rule sets

Additional WAF SSL certificates

Security Account Manager

*Customers must pass an Enterprise footprint cap check to use anycast VIPs.

DDoS Attack Interceptor (DAI) Service 3.5.2.Basic Standard Premium

Detection of Layer 3/4 (Network) targeted Distributed DDos Attacks

Access to the DAI portal to view available data about Attack detections and mitigations

24x7 monitoring of the covered shortname/ anycast address for potential DDoS Attacks

“Passive” Mitigation of DDoS Attacks through CDN absorption methods when Attacks are not complex or large enough to be moved to scrubbing

Automatic mitigation by the Security Operations team of DDoS Attacks that occur

Up to 10 domains included per protected shortname

2 Test Failovers annually

Mitigations for DNS-Based, “Active” Mitigation of DDoS Attacks via globally distributed scrubbing centers within Limelight Networks PoPs

On-network scrubbing

Unlimited mitigations per month

DDoS AI Add-On Services DDoS Additional 10 Domains package DDoS Additional 100 Domains package DDoS Unlimited Domains package DDoS SSL Certificate Hosting

Partner Document


Cloud Security Activation and Advanced Services 3.5.3.

Security Alert Activation Configuration of Security Alert notifications

Activation for WAF Express, WAF Basic, and WAF Emergency WAF

Express WAF Basic

Emergency

Configuration & Provisioning

WAF Express Initial configuration and provisioning of WAF

Installation of SSL certificates on CDN Edge and WAF (when required)

Configuration of WAF redirect when origin requests are made

Configuration of direct-to-origin failover mechanism if ever unavailable

WAF Configuration Testing & Validation

Turn-up of configured rule sets

Report-only mode enabled

Block mode enabled

All configuration and provisioning completed within 24 hours of a confirmed order

Security Tailored Implementation Scope of Advanced Services is specifically defined in a Statement of Work (SOW).

Security Basic Implementation Fully Qualified Domain Names (FQDNs) and single wildcard SSL certificates or Customer-provided

certificates. Scope: MediaVault. SWF verification. RTMPE. Secure traffic delivery; Customer-provided SSL certificate and/

or Limelight procurement of SSL certificate. Installation and validation of certificate.

Activation for DAI Basic Emergency

Configuration and provisioning of shortname and HTTP anycast within the DAI protected anycast ranges

Creation of the specialized DAI CNAME and associated DNS entries required for the product to function properly

Validation/ Implementation testing with Customer to move traffic to scrubbing to ensure that website is performing as expected during a scrubbing activation

All configuration and provisioning completed within 24 hours of a confirmed order

Cloud Security Service Information 3.5.4.

WAF Cloud Security: Additional Terms Authorized Users means Customer’s employees who are authorized to utilize the Service and who are

identified to Limelight in writing. Documentation means all specifications, user manuals, and other technical materials relating to the Service,

which may be from a third-party reseller. Limitations: Customer may not permit any person to access and/or use the Service other than the

Authorized Users; introduce software or automated agents or scripts to the Service so as to produce

multiple accounts, generate automated searches, requests, and queries, or to strip or mine data from the

Service; cover or obscure any page or part of the Service via HTML/CSS, scripting, or any other means, if

any; or perform a load test, regression test, or penetration test without Limelight’s prior written approval.

Usernames and Passwords: Limelight will provide each Authorized User a unique username and password to enable such

Authorized User to access the Service pursuant to the Terms of Service. Each Customer is entitled to have up to 10 Authorized Users unless agreed otherwise in writing.

Limelight reserves the right to change or update these usernames and passwords at Limelight’s sole discretion.

Each Authorized User’s username and password may only be used to access the Service during 1 concurrent login session.


Partner Document


Customer acknowledges and agrees that Only Authorized Users are entitled to access the Service with their assigned usernames and

passwords provided by Limelight. Customer will provide to Limelight information and other assistance as necessary to enable

Limelight to establish usernames for Authorized Users and will verify all Authorized User requests for account passwords.

Customer will ensure that each username and password issued to an Authorized User will be used only by that Authorized User.

Customer is responsible for maintaining the confidentiality of all Authorized Users’ usernames and passwords and is solely responsible for all activities that occur under these Authorized Usernames.

Customer will notify Limelight promptly of any actual or suspected unauthorized use of any account, username, or password, as well as any other breach or suspected breach of the Order Form or the Terms of Service.

Limelight reserves the right to terminate any username and password that Limelight reasonably determines may have been used by an unauthorized third party.

Usernames and passwords cannot be shared or used by more than one individual Authorized User but may be reassigned to a new Authorized User who is replacing a former Authorized User who has terminated employment (or otherwise changed job function) and no longer uses the Service.

Additional Customer Responsibilities: In addition to and not in lieu of Customer’s responsibilities under the Terms of Service, Customer shall be solely responsible for supporting and maintaining the availability of its Web site(s), the connectivity of its Web site(s) to the Internet, and all Customer Content, IP addresses, domain names, hyperlinks, databases, applications, and other resources as necessary for Customer to operate and maintain its Web site(s) to meet Customer’s business.

Apps: Customer agrees and acknowledges responsibility when installing or utilizing certain third-party apps. These apps are provided “as is” and governed by their own terms of service and privacy policies as set forth by the third parties that provide them. Limelight does not endorse and is not responsible or liable for the services or features provided by these apps that Customer may choose to install. Customer acknowledges and agrees that Limelight is not responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any apps.

Limelight may modify the Content of Customer’s web site(s) based on the features or apps enabled. For example, Limelight may detect email addresses and replace them with a script in order to keep them from being harvested, or Limelight may insert code to improve page-load performance or enable apps. Customer acknowledges that Limelight may, based on Customer’s settings: Intercept requests determined to be threats and present these requests with a challenge page. Add cookies to Customer’s domain to track visitors, such as those who have successfully passed the

CAPTCHA on a challenge page. Add script to Customer’s pages to, for example, add services, apps, or perform additional performance

tracking. Other changes to increase performance or security of Customer’s Web site(s). Limelight will make it clear whenever a feature will modify Content and, whenever possible, provide

Customer with a mechanism to disable the feature.

Limited Warranty: Without limitation of Section 10 (DISCLAIMER OF WARRANTIES) of the Terms of Service,

during the Term, Limelight warrants that the WAF Cloud Security Service will materially conform to

Limelight’s then current documentation for the Service under normal use and circumstances. If Customer

notifies Limelight of a breach of warranty, Limelight will, at its option, either correct the nonconformity in

the Service or issue Customer a credit or refund of a portion of the Fees paid by Customer for the

nonconforming Service that fairly reflects the diminished value of the nonconforming Service. THE

FOREGOING CONSTITUTES CUSTOMER’S SOLE AND EXCLUSIVE REMEDY FOR ANY BREACH OF WARRANTY.

Security Alert Detection and notification of Distributed Denial of Service (DDoS)

Customer must provide relevant and up-to-date contact information for multiple authorized persons who are immediately available to Limelight in the event of a potential DDoS Attack (Customer Matrix).

If Customer is experiencing a DDoS Attack and Limelight determines, in its reasonable business judgment,

that that the DDoS Attack may cause harm to the Limelight network or Limelight’s other customers,

Limelight at its sole discretion reserves the right to send the Traffic to scrubbing or otherwise mitigate the

DDoS Attack.




Partner Document


DDoS Attack Interceptor (DAI) Assurance DAI services require either the Content Delivery Premier or Content Delivery Enterprise bundle and a

minimum 12-month Term. Additional configuration changes (e.g. updating existing or adding new SSL certificates or adding domains to

be protected) required by the Customer after initial provisioning are charged a Configuration Change Fee per request.

Limelight does not invoice Customer for Traffic that is identified as malicious and ultimately removed during a Mitigation.

DAI is a DDoS attack mitigation service designed to offer DDoS Attack detection and Mitigation so that an applicable Web site remains available. DAI endeavors to protect Customer assets, such as the Web site origin, from being impacted by DDoS Attacks by combining the CDN with globally distributed DDoS detection devices and scrubbing centers.

Inclusions: Incoming DDoS Attack detection and customer notifications, active scrubbing for removal of malicious requests and Traffic (Mitigation), and access to the DAI user interface for real-time attack reporting. Limelight retains the right to modify this DAI description at any time.

Exclusions: A DDoS Attack specifically excludes any distribution denial of service caused by Customer. Service definitions: See the Service Definitions section of Appendix A: Additional Terms for Limelight’s DAI

Products.

Provisions of DAI service: Following DDoS Detection and Alerting Deployment and/or Provisioning, applicable third-party vendor

provides the Service upon Customer’s direction of Traffic to the Limelight DAI Platform. Customer acknowledges that Deployment of the BGP Redirection Service may require configuration that takes several days and that in such instances, any activation of Services on an expedited basis requires deployment of the DNS Redirection Service rather than the BGP-based platform.

The applicable third-party vendor calculates the Customer’s total amount of Clean Traffic by periodically measuring Clean Traffic bandwidth utilization running through the Limelight DAI Platform during each Mitigation Incident to confirm that Customer is within the total, contracted Clean Traffic amount. At the end of a measurement period (Mitigation Incident), the utilization measurements are ordered from highest to lowest, and the top five percent (5%) of the traffic measurements are discarded. The next highest measurement for inbound or outbound traffic is considered the ninety-fifth (95th) percentile Clean Traffic.

In the event of a Mitigation Incident, any traffic directed to the Limelight DAI Platform that is not for a pre-Provisioned domain, protocol, port, or Endpoint will be blocked.

In the event of a Mitigation Incident, Attack Traffic may be mitigated as far “upstream” as possible (including internet network provider access control lists [ACLs]). In such an event, the Customer is not assessed any Clean Traffic Overage Fees related to the volume of the Attack Traffic.

The DAI Service may be Provisioned to protect up to ten (10) ports per domain for standard TCP-based application layer protocols, including: Web (e.g. HTTP, HTTPS), API (e.g. SOAP, XML, REST), Email (e.g. POP/POP3, SMTP, IMAP/IMAP4), Database (e.g. MySQL, MS SQL, Oracle), and Other (e.g. Telnet, SSH, FTP).

The DAI Service includes Layer 4 rate limiting protection for HTTPS traffic Provisioned on the Limelight DAI Platform. Customer acknowledges that this Service does not open HTTPS packets for inspection, cleaning, or scrubbing unless the Customer has elected to purchase the HTTPS Packet Inspection service at the application Layer 7 level on a per-domain, per-SSL certificate basis. This optional service requires the Customer to provide Limelight and applicable third-party vendor with a second SSL certificate to be loaded onto the Limelight DAI Platform for the traffic that will be subject to HTTPS packet inspection. If the Customer elects this optional service, the Customer warrants that its provision of the SSL certificate and applicable third-party vendor use thereof does not violate any laws, security policies, or regulations.

Support services are provided by the applicable third-party vendor in English only. Test Failovers must be scheduled forty-eight (48) hours in advance with applicable third-party vendor

customer support. Any Test Failover that exceeds a period of twenty-four (24) hours incurs an additional Test Failover Fee. The applicable third-party vendor, at its sole discretion, has the right to reschedule a Test Failover window as needed and will work with the Customer to schedule a new testing window as appropriate.

Partner Document


Customer responsibilities for DAI services: Customer shall provide to Limelight and applicable third-party vendors all information requested in

connection with the Provisioning Process, including that requested for each Endpoint prior to activation of the Services with respect to that Endpoint and for the DDoS Detection and Alerting services, where applicable.

Customer shall provide Limelight and applicable third-party vendors with information on the Endpoints as requested by the applicable third-party vendor and other information the applicable third-party vendor requires in order to provide the Services, as well as access to the Endpoints in order to perform the Services.

For BGP-based Service, Customer must provide a BGP- and GRE- capable device and properly configure such device.

Customer acknowledges that in order for the applicable third-party vendor to provide the Services, Customer must first redirect traffic for the Endpoint to the Limelight DAI Platform.

Customer acknowledges that operation and performance of the Services involves repeated filtering of traffic to the Endpoint and Customer expressly consents to the same. Customer hereby grants the applicable third-party vendor, for the Term, a non-exclusive, non-transferable, and royalty-free license to access the Endpoint and the internet traffic flowing thereto and any applications contained therein for the sole purpose of performing the Services.

Customer is solely responsible for the direction of all internet traffic for an Endpoint for performance of the Services and redirection from the Limelight DAI Platform once a Mitigation Incident has ceased with Customer taking into account TTLs. Customer’s failure to redirect Traffic for an Endpoint away from the Limelight DAI Platform once a Mitigation Incident has ceased shall, if applicable, cause the Customer to incur additional Mitigation Incident Fees and, if applicable, Clean Traffic Overage Fees.

During a Mitigation Incident, Customer will have access to a technical contact that speaks English with a degree of proficiency sufficient to enable Customer to interact with the applicable third-party vendor’s support team.

Customer must route all Traffic for an Endpoint to Limelight DAI Platform during a Mitigation Incident.

Additional terms for Limelight’s DAI Secure Delivery Basic, Standard, and Premium products DAI will not prevent or eliminate every DDoS Attack. Customer must provide relevant and up-to-date contact information for multiple authorized persons who

are immediately available to Limelight in the event of a potential DDoS Attack (Customer Matrix). During any DDoS Attack or Mitigation, no warranty in any SLA between the parties for service degradations

(performance, availability, or otherwise) applies, regardless of whether Customer has made a Request for Mitigation.

All Usage Fees and other Fees apply for increases in Traffic if Customer does not request a Mitigation. If Customer is experiencing a DDoS Attack and Limelight determines, in its reasonable business judgment,

that that the DDoS Attack may cause harm to the Limelight network or Limelight’s other customers, Limelight, in its sole discretion, reserves the right to send the Traffic to scrubbing or otherwise mitigate the DDoS Attack.

If Limelight has not otherwise addressed a DDoS Attack, Customer must request Limelight to move to Mitigation (Request for Mitigation).

Once a Request for Mitigation is made, Limelight will use its reasonable business judgment to determine how to execute a Mitigation of the DDoS Attack.

Additional terms for Limelight’s DAI Secure Delivery Basic and Premium products: In the event of a suspected attack, Limelight reserves the right, at its sole discretion, to place Customer

traffic into Mitigation without first contacting the Customer, unless the Customer has requested otherwise at the time the applicable DAI service is ordered.

3.6. Limelight Control Control portal: https://control.llnw.com Terms of Service: https://www.limelight.com/terms-of-service/

https://control.llnw.com/


Partner Document


4. Activation Services Customer agrees that Limelight will begin Activation Services no later than 30 calendar days from the date of full execution

of the applicable Order Form. Activation Services will be completed no later than 60 calendar days from the date of full execution of the applicable Order

Form. Customer requests outside this timeframe or outside the scope of Activation Services require a separately executed Order

Form for additional Services.

5. Advanced Services Advanced Services includes a set number of hours of Customer Support and access to an Advanced Services team member.

Access is during normal business hours, in one time zone elected by Customer. Limelight Customer Support provides coverage all other times.

An Advanced Services team member may provide Services onsite at Customer’s location provided Limelight and Customer agree in writing in advance. Customer bears the cost of all travel expenses in connection with Services provided onsite at Customer location unless Customer and Limelight otherwise agree in writing.

At its discretion, Limelight Customer Support escalates issues to the Advanced Services team. Support hours are consumed by project plan or Rapid Reaction, as elected by Customer. Project plans will have a written Scope, mutually agreed in advance of work. Rapid Reaction utilizes hours at Limelight’s discretion for a faster response. All hours are tracked in 15-minute increments, and reports are available upon request.

5.1. Advanced Services Tiers Advanced Services support is available in Bronze, Silver, and Gold packages.

Bronze Silver Gold

10 20 40 Consulting hours per month

Access to Advanced Services team member

Advanced Services and line manager contacts and escalation path

Virtual monthly business review conducted by an Advanced Services Delivery Manager (ASDM)

ASDM oversight and management of Advanced Services

SLAs are not included. Unused hours expire at the end of each month. Certain customers may qualify for the Basic tier of Advanced Services.

5.2. Advanced Services Add-On Services

Advanced Services: 10 Hours Consulting Services 5.2.1.Ten (10) hours of consulting services, one time. Hours are consumed by project plan. Unused hours expire at the end of 30 days.

5.3. Analytics The Advanced Services team works with EdgeQuery

TM resources to coordinate the design, implementation, and ongoing

access to EdgeQuery services.

EdgeQueryTM (EQ) Custom Query Implementation 5.3.1.Tailored implementation of an EQ query/ API reporting solution to meet specific customer needs. Requires scoping.

EdgeQueryTM (EQ) Custom Query Data Storage & Retrieval 5.3.2.EQ custom query/ API reporting, ongoing data storage and retrieval. Requires scoping.

Partner Document


Appendix A: Service Definitions for Limelight’s DAI Products The terminology defined in this section applies only to DDoS AI products.

Terminology Definition Attack Attack Incident Attack Traffic

An incident in which malicious traffic (e.g. DDoS) is directed at an Endpoint that has been placed by Customer on the Limelight DDoS Attack Interceptor Platform. The determination as to whether traffic is Attack Traffic is determined solely by applicable third-party vendor. An Attack Incident is measured in seventy two (72) hour increments or portion thereof.

BGP Redirection Service DAI Service(s)

The Limelight DDoS Attack Interceptor Platform, on-demand, Customer-activated, cloud-based service that “cleans” or “scrubs” certain malicious Attack Traffic from the Clean Traffic, directed at the Endpoint and, where applicable, any supplemental services

Clean Traffic The ninety-fifth (95th) percentile peak Mbps of legitimate (non-malicious) traffic going in to or out of the Limelight DDoS Attack Interceptor Platform, which is processed by the DAI Service during a Mitigation Incident

Clean Traffic Overage Fee The fee, calculated on a per Mbps basis, which applies in the event that the Clean Traffic during a Mitigation Incident exceeds the amount of Clean Traffic for which Customer has contracted

Configuration Change Fee The fee that applies to any Configuration Change that is not performed on an expedited or emergency basis

Configuration Changes Customer-requested changes to the Limelight DDoS Attack Interceptor Platform configuration, such as additions, deletions, and/or updates related to IP addresses, domain names, ports, and protocols

DDoS Detection and Alerting A service that accepts NetFlow management data from Customer routers for the purpose of monitoring and alerting Customer of suspicious traffic based on parameters established during the initial Provisioning Process

DDoS Detection and Alerting Deployment

Initial setup of DDoS Detection and Alerting Services for Customer

DDoS Detection and Alerting Deployment Consultation

A consultation regarding setup of DDoS Detection and Alerting Services

DNS Redirection Service DAI Service(s)

The Limelight DDoS Attack Interceptor Platform, on-demand, Customer-activated (via a DNS change), cloud-based service that “cleans” or “scrubs” certain malicious Attack Traffic from Clean Traffic, directed at the Endpoint and, where applicable, any associated supplemental services

Emergency Configuration Change Fee

The fee that applies to a Configuration Change that, in response to a Customer request for emergency or expedited Provision, is performed within four (4) hours of applicable third-party vendor’s approval of Customer request

Emergency Deployment Fee The fee that applies to initial DDoS Detection and Alerting Deployment performed within four (4) hours of applicable third-party vendor’s approval of Customer request

Endpoint(s) The part of the Customer’s infrastructure for which Customer has activated the DDOS AI by directing traffic to the Endpoint onto the Limelight DDoS Attack Interceptor Platform

Limelight DAI Platform The applicable third-party vendor network to which Customer must direct traffic for an Endpoint in order to access DAI Services

Mitigation Incident An event wherein Customer has directed internet-based traffic for an Endpoint to the Limelight DDoS Attack Interceptor Platform for the purpose of mitigating a DDoS Attack

Mitigation Incident Fee The fee, if applicable, assessed in the event of a Mitigation Incident that applies for every period of seventy two (72) consecutive hours or a fraction thereof

NetFlow A method of examining incoming packets to determine whether traffic is legitimate or potentially Attack Traffic

Premium Deployment for DDoS Detection and Alerting Deployment

A service that includes Customer infrastructure evaluation and provisioning for DDoS Detection and Alerting Deployment

Provision(ing) To provision by Deployment or to make a Configuration Change and/or the process related to the DDoS Detection and Alerting Service

Provisioning Process Limelight’s process for Deployment and Configuration Changes and/or the process related to the DDoS Detection and Alerting service

Partner Document Appendix A: Service Definitions for Limelight’s DAI Products


Terminology Definition Router/ GRE Termination Point

The termination point that GRE tunnels terminates to on the Limelight DDoS Attack Interceptor Platform

Test Failover An event in which Customer sends up to 200 Mbps of traffic to the Limelight Networks DDoS Attack Interceptor Platform over a twenty-four (24) hour period for the purpose of testing connectivity between the Endpoints and the Limelight DDoS Attack Interceptor Platform

Test Failover Fee The fee charged for each Test Failover period of twenty-four (24) hours or fraction thereof

Partner Document


Appendix B: Limelight Product & Service Feature Descriptions Feature Description 24X7 Security Operations Center Monitoring

Daily threat intelligence monitoring, vulnerability and threat analysis, full threat simulation and regression testing

Access Control Allows for multiple service levels for different types of users (e.g. different site experiences for non-member, paid member, unpaid member)

Activation Services Activation Services provide dedicated resources to help customers implement key Limelight services, such as Origin Storage, Video Delivery, Web Acceleration, Security, and Content Delivery. Limelight Activation Services consist of consulting packages designed to help customers maximize the use of the Limelight Orchestrate Platform. From fine-tuning configuration settings to live training to workflow integration, customers can deploy their content quicker into the market with assurances that their CDN and Limelight Services configurations are optimal for their specific requirements.

Active Mitigation of Layer 7 DDoS Attacks

Multiple defenses deployed to protect Web applications, including good-bot/bad-bot detection, IP rate limiting, IP access control, and CAPTCHA challenges

Advanced Services A suite of specialized consulting services designed to help customers better configure and provision individual services, deliver live events, and integrate services into their existing workflows

ARC Light Custom rules executed by the Limelight Content Delivery Network (CDN) server handling user requests that make real-time modifications to speed connections to content, offloading complex data manipulations from the application infrastructure.

Backup Origin Support Configuration to automatically redirect to a secondary origin upon failure of the primary

Bad-Bot Detection and Mitigation

Incoming requests for content are challenged and fingerprinted to determine if the request was generated by bot/ scriptor human user

Basic OWASP 10 Rules Origin is shielded by the CDN and traffic filtering by the WAF, which covers the OWASP Top Ten

Basic tier of Advanced Services

For qualified customers, this bundle includes 5 hours of Advanced Services consulting per month and access to an Advanced Services team member.

CAPTCHA Support Protect Web sites against bots and scripts by requiring human logic

Chromeless Player The Chromeless player is a Limelight Video Delivery player with no user-exposed controls. This allows developers to customize the aesthetics through Flash integration and define the way the user interacts with the video. The Chromeless player is intended for experienced Web programmers that want to design their own video player on top of the Limelight Video Delivery backend. The same Player APIs that are available using the Player Builder are also available for use with the Chromeless player.

Content Delivery Content Delivery provides 24/7 online distribution (content residing on a user’s computer or other device and content streamed in real-time) to broadband and mobile Internet audiences of digital content libraries, including video, music, games, and software. This platform supports streaming media delivery workflows, including industry-standard media servers, protocols, and delivery formats.

Control Limelight Control is the Web-based portal and APIs that Limelight customers use to manage and configure their Limelight services and view activity, traffic, and other reports related to their use of Limelight services

Cookie-Based Authentication

URL authentication information is normally passed to MediaVault via URL query terms, which are appended to each protected URL. For HTTP requests, MediaVault can switch to using a cookie (instead of the URL terms) after the first request from a given user. The cookie is then read on each subsequent request, authentication is performed using the cookie data, and the cookie is updated with new expiration information as needed on each response.

Cross Origin Resource Management (CORS)

Allow multiple content sources while restricting sharing to designated origins

Custom Views (Sub Reports)

A Custom View is a filtered view of report data in Control. For a given account, a Custom View limits the displayed data based on whether or not the hostname or content URL matches a pre-defined pattern (URL restriction). A typical use case for Custom Views is to analyze traffic for specific content within an account. Custom Views are available to filter traffic for the following reports: Overview, Daily, Hourly, Hour of Day, Day of Week, Geography, CDN Efficiency, URL Reports, File Reports, URL Prefixes, User Agents, and Published Hosts. Custom Views can be applied either to Published URLs or Origin URLs, and may match any portion of the URL using a Regex pattern. Limelight creates Custom Views on request.

Partner Document Appendix B: Limelight Product & Service Feature Descriptions


Feature Description DDoS Attack Interceptor

Detection, notification, and mitigation of DDoS attacks against Web sites and applications

DDoS Attack Notification and Alerts

When an attack is detected, Customers are alerted via an email so they can take appropriate measures to defend valuable assets.

Dedicated VIPs The dedicated virtual IP address(es) assigned to the Customer for use with Limelight products and services

Deep Link Prevention Deep-linking is the practice whereby a user obtains access to a URL that points to content and passes the URL to someone else not authorized to access the content (for example, someone who has not paid for your services). MediaVault ’s built-in URL protection ensures deep-link denial.

Device Detection Using Device Detection, Content Delivery can redirect requests at the CDN edge to ensure that the correct content is accessed for each device a Web application supports. Analysis of the user agent and the speed and type of connection being used enables context-specific content to be delivered to each user, and information about each request being made can be sent forward to the Web application infrastructure for dynamic content selection and delivery for every device.

Dynamic Content Content that must be generated at the time of request due to its nature, being timely, personalized, or unique, depending on the parameters used to request it. Dynamic content is always created and served by a content origin or application server, such as a Web server interfacing with a database or a content-management system.

EdgeQueryTM

(EQ) Limelight’s data collection engine powered by an edge-based computing platform. EdgeQuery provides near-real-time aggregated data for many of the reports in Limelight Control and is also accessible to customers via REST API.

FairPlay DRM Limelight Video Delivery offers a fully integrated and seamless Apple FairPlay DRM solution to protect the delivery of high-quality content on a variety of devices. FairPlay's DRM provides the capability to license, securely distribute, and protect playback of multimedia content on a variety of Apple products. To enable Limelight to use Apple FairPlay DRM on a Customer’s MMD-delivered content, the Customer must first apply for and receive an Apple FairPlay Streaming Deployment Package from https://developer.apple.com/streaming/fps/.

FLV Seek Support for jumping to a specific point within a Flash video file

Fully Managed White Glove Service

Limelight security experts assist in the setup and configuration of the WAF and its associated rules

Geo Fencing Control access based on geolocation

GET, HEAD, OPTIONS, POST

HTTP verbs (methods) supported by the CDN edge

Globally Distributed Anycast Addresses

Ensure large attacks are distributed to multiple Limelight POP locations rather than a single POP for improved mitigation

Google Analytics Plugin

Allows you to integrate a Limelight Video Delivery player with an existing third analytics engine, such as Google Analytics

GZIP at the Edge Object compression at the CDN edge, enabling clients supporting compression to receive a compressed object

GZIP Pass-through Configuration options to request and cache compressed objects when requesting them from content origins

HTTP Header Manipulation

Customizing HTTP request and response headers to control content caching and improve analytics

HTTP VOD Streaming Configuration options for delivering HTTP VOD services, where the Customer’s infrastructure is acting as the content origin

Intelligent Ingest

Automatically migrates content from slower storage to Limelight Origin Storage Services using one or both of these modes: Load On Demand (upload automated based on audience requests) or Manifest Upload (upload automated based on a list of content)

Intelligent Ingest GB The number of successful uploads to Limelight Origin Storage completed using Limelight's unique Intelligent Ingest capability, measured in 1K units

Intelligent Ingest Requests

The number of gigabytes ingested to Limelight Origin Storage using Limelight's unique Intelligent Ingest capability

IP Access Control Customers can specify lists of IP addresses that should be whitelisted (allowed) and/ or blacklisted (denied) for specific Content Delivery configuration

Last-Mile Acceleration Accelerate content delivery between the client and the CDN edge through a variety of techniques including TCP optimizations, compression, and persistent connections

https://developer.apple.com/streaming/fps/



Feature Description Live Logs Let you view your data as quickly as possible after it is available from the Limelight edge servers that deliver your content.

Live Logs are available via FTP only. Live Logs data is received on a continuous basis, with most servers reporting hourly. Each edge server that delivers content generates a corresponding Live Logs file in the FTP folder. As new information is received from each edge server, the data specific to the Customer account is extracted, and the corresponding Live Logs file for the account is updated shortly thereafter.

Live Streaming Streaming Media that is delivered live over the Internet. Live Streaming requires a form of source media (e.g. a video camera, an audio interface, screen capture software), an encoder to digitize the content, a media publisher, and a CDN to distribute and deliver the content.

Load On Demand One of two Intelligent Ingest upload methods. Content is automatically uploaded to Customers’ Limelight Origin Storage account based on user requests. Customers have full control of which requests are "matched" (selected for automatic ingest using Intelligent Ingest) and can set the maximum number of threads and maximum bandwidth Limelight uses to pull content from their origin. (This protects customers’ origin). Self-service is available in Control after adding the product , and a quota for Intelligent Ingest can be set to contain costs.

Managed DNS Limelight offers Managed DNS Services specifically designed to extend Web site performance and reliability, the ideal complement to a CDN. Managed DNS Services offer global footprints and use advanced load balancing and routing techniques to minimize latency, maximize availability, and contain costs. DNS configurations are managed directly through a customer portal, allowing for easily deployment of changes.

Manifest Upload One of two Intelligent Ingest upload methods. Customers provide a manifest of URLs that Limelight uses to automatically upload content to Origin Storage on their behalf, using Intelligent Ingest. Advanced Services required for configuration and implementation.

MediaVault A high-performance URL-authentication service that secures your content from unauthorized viewing through the following capabilities: Deep Link Prevention, Content and URL Authentication (MediaVault maximizes authentication performance by using tokens to avoid three-way handshakes to avoid latency), and Cookie-Based Authentication.

MMD Live Multi-Device Media Delivery Live enables you to input a live stream, configure video slots via the Limelight user interface, and receive a URL or video player for delivery worldwide to desktop and mobile devices

MMD OD Multi-Device Media Delivery On Demand allows customers to stream on-demand media in multiple bitrates with real-time transmuxing to multiple formats

MP4 Seek Support for jumping to a specific point within an MP4 video file

Origin Storage Limelight Origin Storage is a high-performance, secure cloud solution that enables Customers to replicate, move, and store data in the locations that provide optimal content-delivery performance. Using Limelight's high-speed global network and regional ingest locations, Origin Storage provides industry-standard file transfer protocols and simple Web services to globally store and deliver data 24/7.

Performance Acceleration Premium

Enables acceleration features for Web site and application acceleration and video acceleration using the Limelight private network, combining connection management, request, and response pipeline optimization and WAN acceleration to provide high performance, low latency content delivery

Per IP Address Rate Limiting

Control the maximum number of requests per second from a single IP address

Player Customization Limelight Video Delivery provides a suite of APIs and tools that allow Customers to control and customize the player to create their own unique viewing experiences. Player customization is designed for users of varying technical ability. The player designer allows non-tech users to easily customize the player.

PlayReady DRM Limelight Video Delivery offers a fully integrated and seamless Microsoft PlayReady DRM solution to protect the delivery of high-quality content on a variety of devices. PlayReady's multi-platform DRM provides the capability to license, securely distribute, and protect playback of multimedia content on a variety of consumer devices and IP-connected entertainment platforms.

PUT An HTTP method. The PUT method requests that the enclosed entity be stored under the supplied Request-URI.

Rate Limiting Content with high abandon rates, such as video and social media, can be rate limited, capping the data transfer rate allocated to each delivery. If a viewer stops watching a video early, Customers have only delivered the portion viewed, keeping the network clear of congestion, and Customers pay only for what the user viewed.

Redirection Processes that result in an alternative hostname or URL being provided by the Limelight CDN to an end user for an object that has been requested by that end user

Reporting API The Reporting API lets Customers programmatically access the data behind the reports in Limelight Control. Customers can use the Reporting API to integrate this data with other systems.



Feature Description Security Alert Provides globally distributed anycast addresses to ensure attacks are distributed across multiple POPs, as well as DDoS attack

detection and alert notifications

Small Web Format (SWF) Verification

Authorizing which files can connect for playback

SmartEmbed Customers use the SmartEmbed feature in Control to obtain the HTML needed to embed a player on a Web page

SmartPurge Enables Customers to instantly remove incorrect or outdated content from cache. SmartPurge, Limelight’s revolutionary content-invalidation system, immediately renders selected content globally inaccessible—regardless of other services or configurations. SmartPurge prevents audiences from accessing files even as these files are being physically removed from the global network. Real-time purge with instant global content invalidation, deletion, and purge verification, including purging by content tag and dry-run capabilities.

SmartPurge Plus Provides higher purge queue priority and additional API features, such as unlimited callbacks

Storage Retrieval Service for transfer of content out of Limelight Origin Storage to Limelight Content Delivery Network edge servers

Traffic Balancer Traffic Balancer provides a highly redundant, highly scalable nameserver platform to apply business logic to customer traffic. The Traffic Balancer platform combines a global nameserver footprint combined with a powerful management console to allow Customers to quickly manage business policies to dynamically route nameserver requests to designated resource destinations.

Traffic Director A global traffic router that directs traffic based on end-user IP address, nameserver geographic location, or BGP autonomous system number.

Video Acceleration A specific set of configuration options in the Content Delivery Service designed to accelerate the delivery of dynamic manifest files and very small video chunks

WAF Complete WAF Complete includes Security Alert and WAF Express features and adds active mitigation of Layer 7 DDoS attacks, including good bot/bad bot detection, and enhanced WAF protection with custom rules per Web application. Web Application Firewall protection is complemented with a 24x7 security operations center monitoring and access to dashboards displaying rules, states, and request handling.

WAF Express WAF Express includes Security Alert features and additional security capabilities by enabling per-IP address rate limiting from a single IP address, and basic OWASP Top Ten Web Application Firewall filtering rules.

Web Site Caching Caching all Web site content, including small and large objects

Welcome Letter A letter provided to Limelight customers at service turn-up that describes the services that have been turned up for a given company and provides additional details such as the origin name, origin. id, username, and password to log in to specific sites, etc.

Web Site and Application Acceleration

Ensures that personalized, complex Web sites and applications are delivered to users on any device, anywhere, providing near-instant response times by optimizing and accelerating the delivery of dynamically generated Web site and application content and data. Web Site and Application Acceleration is a set of features integrated with Limelight Networks’ global Content Delivery Network and is designed to interoperate with Customer’s existing infrastructure and online application solutions.

Widevine DRM Limelight’s Video Delivery offers a fully integrated and seamless Google Widevine DRM solution to protect the delivery of high-quality content on a variety of devices. Widevine’s multi-platform DRM provides the capability to license, securely distribute, and protect playback of multimedia content on a variety of consumer devices and IP-connected entertainment platforms.

Partner Document


Appendix C: Acronyms & Terms Acronym/ Term Definition 5 Minute Data Sample(s)

Limelight’s measurement in megabits per second (Mbps), or other bits-per-second unit, of Customer’s total Traffic, or the uncompressed equivalent, every 5 minutes for each service connection

95th Percentile or 95/5 Every 5 minutes, Limelight's bandwidth monitoring measures Customer's Usage for each service connection from each applicable Point of Presence (POP) in a Region to determine Customer’s Usage for that Region. The highest 5 percent (5%) of the measured Usage rates in each Region will be discarded, and the next highest remaining data point will be the 95th Percentile Rate for that Region.

ABR Adaptive Bitrate (Streaming)

ABS Adaptive Bitrate Streaming

Accepted Spike Limelight’s acceptance of Customer Spike Notice

Adaptive Bitrate Streaming

Performance management practice for streaming media over networks

Annually Recurring Fee(s)

A Fee or Fees for Services invoiced one time per calendar year

API Application Program Interface

Application Program Interface

A set of protocols, tools, and routines that indicates how software components interact

Average Bit Rate The average of 5 Minute Data Samples in a Billing Period

Base Unit Price The Unit Price applied to all Traffic Usage globally, prior to the addition of any Premium Rates

BGP Border Gateway Protocol

Billing Period A monthly interval of time corresponding to each invoice issued for Customer’s Usage of the Services, unless otherwise designated in an Order Form. The first and last Billing Period may be an interval less than one month.

Border Gateway Protocol

A standardized exterior gateway protocol designed to exchange routing and reachability information among autonomous systems on the Internet

Burstable Rate The Unit Price for Overages

CDN Content Delivery Network

CNAME A type of resource record in the Domain Name System (DNS) used to specify that a domain name is an alias for another domain, the canonical domain. All information, including subdomains, IP addresses, etc., is defined by the canonical domain.

Content Delivery Network

A system of computers containing copies of data, placed at various points in a network so as to maximize bandwidth for access to the data from clients throughout the network. A client accesses a copy of the data near to the client, as opposed to all clients accessing the same central server to avoid bottleneck near that server.

Customer A person or organization that utilizes Limelight products and/ or Services

Customer Matrix A customer-provided list of resource information Limelight uses to contact Customer personnel for multiple purposes

Customer Portal The Limelight customer control and self-service center portal, sometimes referred to as Control. A Web-based user interface for uploading files, creating directories and subdirectories, viewing geographic file locations, etc.

DAI DDoS Attack Interceptor

DASH Dynamic Adaptive Streaming over HTTP

DDoS Distributed Denial of Service (Attack)

DDoS Attack Mitigation

Service designed to offer DDoS attack detection and mitigation so that Customer Web site remains available

DDoS Attack Any malicious attempt to make a server or a network resource unavailable to users, usually by, but not limited to, temporarily interrupting or suspending the services of a host connected to the Internet

Digital Rights Management

A generic term for access-control technologies that can be used by hardware manufacturers, publishers, copyright holders, and individuals to try to impose limitations on the usage of digital content and devices

Direct Memory Access A feature of computer systems that allows certain hardware subsystems to access main system memory independent of the central processing unit

DMA Direct Memory Access

DNS Domain Name Server

Domain Name Server A hierarchical naming system for computers, services, and any resource connected to the Internet or a private network. It translates domain names meaningful to humans into the numerical (binary) identifiers networking equipment uses to locate and access these devices worldwide

DRM Digital Rights Management

Dynamic Adaptive Streaming over HTTP

A standards-based implementation of HTTP Adaptive Bitrate Streaming (ABR)

Edge The CDN edge is the point of contact between CDN servers and the user. Strategically placed edge servers decrease the load and free up capacity

Partner Document Appendix C: Acronyms & Terms


Acronym/ Term Definition EQ EdgeQuery

TM

Fee(s) Sum(s) to be invoiced by Limelight and paid by Customer

FHD Full High Definition

File Transfer Protocol Standard network protocol used for the transfer of computer files from a server to a client using the client–server model on a computer network

Flash Video A file format used to deliver digital video content over the Internet

FLV Flash Video

FQDN Fully Qualified Domain Name

FMS Flash Media Server

FTP File Transfer Protocol

Full High Definition A resolution of 1920x1080 pixels in a 16:9 aspect ratio, developed as an HD television transmission and storage format..

Fully Qualified Domain Name

The complete domain name for a specific computer or host that includes the hostname and the domain name

Gb Gigabits

GB Gigabyte. A unit of measure for memory or hard-disk storage capacity

Gbps Gigabits per second. A measure of data transfer rate, equal to 1,000,000,000 bits per second or 125,000,000 bytes per second

Generic Routing Encapsulation

A protocol that encapsulates packets to route other protocols over IP networks

GRE Generic Routing Encapsulation

GZIP A file format and software application used to compress and decompress files

H.264 Video quality standard for video compression

HD High Definition

HDS HTTP Dynamic Streaming

High Definition The HD resolution of 1280x720 pixels stems from high-definition television where it originally used 60 frames per second.

HLS HTTP Live Streaming

Hostname A label assigned to a device connected to a computer network used to identify the device in various forms of electronic communication such as the Web or e-mail.

HTML Hypertext Markup Language

HTTP Hypertext Transfer Protocol

HTTP Dynamic Streaming

Adobe's implementation of HTTP Adaptive Bitrate Streaming (ABR) and was developed by Adobe as an HTTP alternative to their RTMP streaming protocol. Like RTMP, HDS allows for adaptive streaming to any Flash-enabled device. Because HDS is an HTTP-based protocol it overcomes many of the drawbacks of RTMP, including behind firewall support and the capability to cache the content closer to the end-viewer, providing better performance.

HTTP Header Name/ value pairs that appear in both HTTP requests and responses and define the operating parameters of an HTTP transaction. The headers are transmitted after the request or response line, the first line of a message.

HTTP Live Streaming Apple's implementation of HTTP Adaptive Bitrate Streaming (ABR), and like traditional streaming protocols, facilitates adaptive bitrate delivery.

HTTPS A combination of the Hypertext Transfer Protocol with the SSL/TLS protocol to provide encryption and secure identification of the server. HTTPS connections are often used for payment or other transactions requiring added security.

Hypertext Markup Language

Set of markup symbols or codes inserted in a file intended for display on a Web page that drive the layout of a Web page's words and images for the end user

Hypertext Transfer Protocol

The protocol used to communicate between Web servers and Web-browser software clients on the Web.

ICP Internet Content Provider

Internet Content Provider License (ICP License)

An ICP (Internet Content Provider) license is a state-issued registration number that allows Customers to host their Web site on a mainland Chinese server. All sites hosted on a server in the Chinese mainland must, by law, apply for and receive one of these licenses before their site goes live.

Ingest The process of capturing, transferring, or otherwise importing different types of content (video, audio, image media, etc.)

IPv4 The fourth version of the Internet Protocol (IP), the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet

IPv6 The sixth version of the Internet Protocol (IP), the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet

IP Address Internet Protocol Address

Internet Protocol Address

An identifying sequence of numbers assigned to each computer or device connected to a network

iOS A mobile operating system created and developed by Apple, Inc. exclusively for its hardware

Kilobit A common unit of data measurement equal to 1024 bits. A kilobit is usually referred to in the context of Bitrate per unit of time, such as kilobits per second (Kbps).

Last Mile The final leg of delivering connectivity from a communications provider to an end user

License Key Access A license key is what a video player uses to decrypt encrypted content to allow playback. Each time a player requests a license key is considered one License Key Access.



Acronym/ Term Definition Managed DNS Domain Names

The administrative portion of a DNS hierarchy

Managed DNS Hostname

Any hostname or domain name being managed with the Managed DNS service

Managed DNS Resource Record

The manner of storing particular data concerning a DNS zone or host (e.g., ARecord, AAAA Record, and CNAME)

Mb Megabits

MB Megabytes

Mbps Megabits per second. A measure of data transfer rate, equal to 1,000,000 bits per second or 125,000 bytes per second

Media RSS An RSS extension that adds several enhancements to RSS enclosures and is used for syndicating multimedia files (audio, video, image) in RSS feeds

Metered Pricing Reduced Origin Storage pricing for peak GBs at rest stored during the Billing Period. Additional charge for egress out of storage (GBs retrieved from storage).

Microsoft Smooth Streaming

Microsoft's implementation of HTTP Adaptive Bitrate Streaming (ABR). By dynamically monitoring local bandwidth and CPU performance, Smooth Streaming provides an uninterrupted streaming experience by switching video quality in real-time. Smooth Streaming is used primarily to power Microsoft technologies, such as the Silverlight player and the Xbox console.

Minimum Commitment

Customer’s commitment for the duration of the Term to purchase the minimum quantity of Services at the corresponding Unit Prices and Fees as set forth in the Order Form. The Minimum Commitment may include Monthly Recurring Fees, One-Time Fees, Annually Recurring Fees, and any other minimum quantity of Services as set forth in the Order Form. That portion of the Minimum Commitment that relates to Usage is sometimes referred to as the Usage Commitment. Any portion of the Minimum Commitment expressed in United States Dollars or other approved currency is sometimes referred to as a Purchase Commitment.

Minimum Monthly Commitment

Customer’s commitment to purchase the monthly minimum quantity of Services and to pay the Monthly Recurring Fees each Billing Period, as set forth in the Order Form

Mitigation Active scrubbing for removal of malicious requests and Traffic

Monthly Recurring Fee(s)

Fee(s) for Services incurred each calendar month and invoiced on a per-Billing Period basis during the Term

MP4 A digital multimedia format commonly used to store video and audio

MPEG-DASH Dynamic Adaptive Streaming over HTTP (DASH)

MRSS Media RSS

MSS Microsoft Smooth Streaming

One-Time Fee(s) Fee(s) invoiced one time during the Term

Order Form Order form for Limelight services

Overages Usage in excess of a Usage Commitment

OWASP TOP Ten A list of the 10 most dangerous current Web application security flaws, along with effective methods of dealing with those flaws

PB Petabytes

Platform Fee(s) Fixed Fee(s) for accessing the applicable Service each Billing Period

Point of Presence (POP)

A facility or server within the Limelight network used to provide Services to Customers

POP Point of Presence

Premium Rate A Unit Price in addition to, and not in lieu of, the otherwise applicable Unit Price(s) or Fee(s)

Purchase Commitment

Any portion of the Minimum Commitment expressed in Unites States Dollars or other approved currency

QPS Queries Per Second, measured by the 95th Percentile

Query A DNS Request made by a computer or networked device to retrieve an IP address or other resource information from a domain

Real Time Messaging Protocol

Initially a proprietary protocol developed by Macromedia for streaming audio, video and data over the Internet, between a Flash player and a server. Macromedia is now owned by Adobe, which has released an incomplete version of the specification of the protocol for public use.

Real Time Messaging Protocol Encrypted

RTMP encrypted using Adobe's own security mechanism. While the details of the implementation are proprietary, the mechanism uses industry-standard cryptography primitives.

Region A discrete geographical area within which Points of Presence reside. Not every country in a Region contains a Point of Presence. Points of Presence may be added to, or removed from, a Region at Limelight’s sole discretion and at any time, by providing notice to Customer.

Regional Hosting Hosting for a specific Region

Request An inquiry to a server to take action either received by the Limelight network or issued by the Limelight network to an origin, regardless of the incidence or type of response

Rich Site Summary Uses a family of standard Web-feed formats to publish frequently updated information

RSS Rich Site Summary

RTMP Real Time Messaging Protocol

RTMPE Real Time Messaging Protocol Encrypted

SAN Subject Alternative Name



Acronym/ Term Definition Scope A type of project plan signed by Limelight and the Customer to ensure both parties agree on the same terms under which

Limelight will deliver certain services to the Customer

SD Standard Definition

SDK Software Development Kit

Secure Sockets Layer A cryptographic protocol designed to provide communications security over a computer network. SSL and its successor - Transport Layer Security (TLS)

Service Activation Date

The date Limelight makes the applicable Services on an Order Form available to Customer or otherwise begins to perform the Services

Service Level Agreement

Contract between Limelight and Customer that defines the expected levels of service

SLA Service Level Agreement

Small Web Format An Adobe Flash file format used for multimedia, vector graphics and ActionScript. SWF files can contain animations or applets of varying degrees of interactivity and function. SWF files may also be used for programs, commonly browser games, using ActionScript. Originally an abbreviation for ShockWave Flash.

Software Development Kit

Set of software development tools that allows for the creation of applications for a certain software package, software framework, hardware platform, computer system, video game console, operating system, or similar development platform

SOW Statement of Work

Spike Notice An official notice from Customer to Limelight giving advance notice of an anticipated Usage from an anticipated Traffic Spike

SSL Secure Sockets Layer

Standard Definition A television system that uses a resolution that is not considered to be either high-definition television (720p, 1080i, 1080p, 1440p, 4K UHDTV, and 8K UHD) or enhanced-definition television (EDTV 480p)

Statement of Work A contractual agreement between Limelight and Customer defining specific activities, deliverables, and timelines

SWF Small Web Format

TB Terabytes. A unit of measurement for hard-disk storage capacity.

TCP Transmission Control Protocol

Term The duration of the contractual commitment of Customer to Limelight for Services, as specified in the Order Form

Time to Live A mechanism that limits the lifespan of data

TLS Transport Layer Security

Traffic Content sent or received by or on behalf of Customer utilizing the Services

Transcoding The process of changing the encoding format of a multimedia file. Unlike transmuxing, transcoding may significantly alter the original content.

Transmission Control Protocol

Provides reliable, ordered delivery of a stream of bytes from a program on one computer to another program on another computer.

Transmuxing Transmuxing (Transcode-Multiplexing) is the process of changing the file format of a multimedia file while retaining some or all of the original content. The result is a file with a different container format but essentially the same audio or video streams.

TTL Time to Live

TX Tranmuxing

Uniform Resource Locator (URL)

The address of a resource (such as a Web site) on the Internet that consists of a communications protocol, then the name or address of a computer on a network(s), and may also include additional locating information, like a hostname, or filename

Transport Layer Security

Cryptographic protocol that provide security for communication over a computer network

Unit Price The per-unit Fee for Usage of a Service

URL Uniform Resource Locator

Usage The amount of Customer’s utilization of a particular Service

Usage Commitment That portion of the Minimum Commitment that relates to Usage

Video Ad Serving Template

A universal specification for serving video ads

Video On Demand Systems that allow users to choose content to watch at any time

Video Player-Ad Interface Definition

Establishes a common interface between video players and ad units

VAST Video Ad Serving Template

VOD Video On Demand

VPAID Video Player-Ad Interface Definition

WAN Wide area network

Wide Area Network A network that extends over a large geographical distance

limelight networks, inc. partner document · arc light policy development tailored implementation...

Documents