Yes, Ably provides an option with our premium packages to have custom CNAME endpoints.  Customers who want this feature are often interested in our white-label client libraries as well.


Currently, all of our Ably client libraries connect to two endpoints by default:

  • rest.ably.io - this endpoint is used for all REST based requests and is optimised for all standard HTTP-based request types including all REST library requestsAuthentication requests, and Comet and JSONP fallback when WebSockets cannot be used.
  • realtime.ably.io - this endpoint is used all WebSocket and other realtime protocol connections from our client libraries.


Additionally, if an Ably client library is unable to connect to a data centre due to a network partitioning, DNS or routing issue, our client libraries automatically use fallback hosts to work around these types of issues and ensure that the client can still connect to an alternate data centre.  In these cases, the client library will connect to a host name such as a.ably-realtime.com or e.ably-realtime.com.


There are three options we offer to customers in regards to custom CNAME endpoints as follows:


Option 1. Custom Realtime & REST endpoint with shared SAN certificate

 

At any time, we have a minimum of 40+ load balancers globally. As such, the most cost effective way for us to offer a customer a custom CNAME endpoint that supports TLS is to add a SAN entry to our existing SSL certificates. This requires the customer to liaise with our certificate issuer to approve adding your domain to our certificate. Two entries will be added to our certificate such as rest.foo.com and realtime.foo.com, allowing us to serve TLS secured requests to both those endpoints.  The customer will then simply set up CNAME records for rest.foo.com to rest.ably.io and realtime.foo.com to realtime.ably.io.  

With this option, please note that:

  • Our fallback hosts *.ably-realtime.com will still be used in the very rare circumstance where the primary endpoints are not available.  See routing around network or DNS issues for more info.
  • The TLS certificate served will contain SAN entries for the customer's domain, but may also contain other unrelated customers' domain names when the certificate is inspected manually. See https://www.digicert.com/subject-alternative-name.htm for more info on SAN certificates.

Option 2. Custom Realtime, REST and fallback endpoints with shared SAN certificate

 

This option is identical to Option 1, except that when Ably adds SAN entries to our existing SSL certificates, we will additionally add fallback hosts for your domain name as well such as fallback-a.foo.com or fallback-e.com. This ensures that the client libraries, even when routing around network or DNS issues, will always use the customer's domain name for all REST requests and Realtime connections.


With this option, please note that:

  • The TLS certificate served will contain SAN entries for the customer's domain, but may also contain other unrelated customers' domain names when the certificate is inspected manually. See https://www.digicert.com/subject-alternative-name.htm for more info on SAN certificates.
  • This option is more expensive as at least 6 SAN entries are required as opposed to 2 SAN entries for Option 1.

Option 3. Custom Realtime, REST and fallback endpoints with dedicate TLS certificate & load balancers

 

If a customer does not want to use a shared SAN certificate with other customers (i.e. upon inspection of the certificate manually, an end-user may be able to see other Ably customers' domain names in that certificate), then we provide another dedicated option for customers. With this option, it is the responsibility of the customer to provide a certificate, or alternatively assist us to issue a certificate on their behalf, that covers all the endpoints they require.  The certificate is then installed on a new set of load balancers either in specific regions the client wishes to operate in, or globally in all of our data centres.

 

With this option, please note that: 

  • A new set of dedicated load balancers are set up for the customer serving only their certificate.  
  • We support any type of SSL certificate.
  • Clients can choose to have load balancers in every region and data centre we support, or can optionally only use a subset of the regions to reduce costs.
  • This is the most expensive option as dedicated load balancers need to be installed for the customer.

Please get in touch with us if you would like a custom CNAME end-point for your company so that we can create a premium package for you and advise on pricing.