Description
To guarantee data collection in the best conditions, we provide the ability to send hits to our servers with a CNAME from one of your subdomains. While the CNAME redirection can be detected by advanced adbockers and some browser.
By using a custom domain, you keep your hits, while keeping our SLAs, you can even have server-side first-party cookies.
Note
To find out more about the Custom Domain Data Collection (CDDC), please reach out to our support teams.Creation
Strategy
There are several ways to configure your custom domain to site mapping with several implications.
Here is a list of possible configurations to identify the best architecture:
Case |
Site |
Data collection |
Cookie deposit |
Cookie |
CDDC |
Analysis |
1 |
www.site.com | data.site.com | data.site.com | 1st | ✔ | Same domain: no blocking |
2 |
test.site.com | data.site.com | data.site.com | 1st | ✔ | Same domain: no blocking |
3 |
www.sitea.com | data.site.com | data.site.com | 3rd | ✔ | Different domain but not associated to analytics. Can be blocked because it's 3rd. |
4 |
www.siteb.com | data.siteb.com | data.siteb.com | 1st | ✔ | Same domain: no blocking |
5 |
www.sitec.com | xiti.com | xiti.com | 3rd | ✘ | Analytics associated domain, and 3rd party. Cookies and hits can be blocked. |
Explanation
Best case scenarii: #1, #2 and #4.1 CDDC per domain, but please note cross-site analysis will only work between case #1 and #2.
Process
Piano-managed certificate (recommended)
The first option is the Piano-managed certificate, which allows you to create the custom domains in a matter of clicks. Once you've chosen your sub-domain, you can redirect your DNS to the alias provided.
The certificate supplied by Piano will then be renewed before it expires, with no action required on your part.
Existing domains using custom certificates can also be migrated from the side menu by clicking on the domain.
Bring your own certificate (invoiced)
Setting up a custom domain to suit your need, can only be done after reaching out your Key Account Manager or Customer Success Manager.
Once the project is all validated with our teams, you can set your custom domain through a 9 steps process:
1. You: pick/create your site subdomain
2. You: give our consultant the CSR information
3. AT: validates the CSR information
4. You: buy a SSL certificate with the CSR information (no wild-card)
5. AT: imports the certificate in Data Collection Portal
6. You: setup a client-side DNS redirection (CNAME)
7. AT: checks DNS and collection status in Data Collection Portal
8. AT: manually checks CDDC is ready
9. AT: notifies you that the CDDC is ready
Certificate Signing Request (CSR)
Here is all the information required to generate your CSR.
Information |
Example |
Details |
E-mail address |
support@piano.com |
Email address linked to the collection domain. As the email address will be used to send SSL certificate expiration notifications, we recommend the email address be a technical one, and generic instead of personal so that alerts can be correctly distributed. You may enter several email addresses, separating each one with a comma. Admins and Delegates are added to this list. |
Common name |
collect.piano-analytics.com |
The collection domain. Wildcards (*) are not authorised. |
Organization |
PIANO ANALYTICS |
Name of the company covered by the SSL certificate linked to the collection domain. |
Organizational unit |
Technical Department |
Name of the technical department associated with the certificate. (optional) |
Locality |
MERIGNAC |
City where company is located. |
State |
GIRONDE |
Province/region where company is located. |
Country |
FR |
Select the country where the company is located. |
Security
CSR and private key managementPiano Analytics takes responsibility in generating the CSR and the certificate's private key to ensure its security.
This way, Piano Analytics will be the only owner of the private key which will not be shared to the customer to ensure the certificate associated to the CDDC is not used in any other purpose.
Approved certificates
Piano Analytics does not allow wildcard certificates (*) to make sure the certificate can only be used for the concerned CDDC.
CSRs generated are based on RSA encryption with a 2048 bits private key. EEC certificates are not supported by the CDDC setup.
The CDDC is compatible with all browsers supporting SNI.
Validity of the certificate
Be careful, Safari no longer allow certificates for bigger period than a year generated after September 1st 2020.
Please make sure your certificates do not exceed this period to avoid any potential trafic loss (hit not sent).
Also, note that the minimum period for a valid certificate is currently 9 months.
Certificate's authority
It's up to the customer to choose a known certification authority and a type of certificate matching its own security requirements.
List
Once you set up at least one custom domain, you will find a new item for it in the interface.
It shows you the main information to monitor and identify your CDDCs:
- Collection domain
- Status
- Expiration date
If you click on this item you will get the overview of all its configuration and associated sites.
Overview
The custom domain overview shows you all technical details about its setup:
- Status
- Expiration date
- Alias
- DNS Record
- Email(s) to reach for certificate renewal
Tagging
Update the collection domain
You can manually edit the file to change its collection parameters accordingly.
Piano Analytics SDK
These elements needs changed through Javascript methods: https://developers.atinternet-solutions.com/piano-analytics/data-collection/sdks/javascript#basic-configuration
collectDomain: subdomain.domain.com
cookieDomain: .domain.com
Cookie deposit
Visitor identification cookies
Browsers like Safari and Firefox now require cookies to be first party (deposited on the current domain), server-side (deposited by a server) and secure (https).
Security
Please check with your IT teams that any sensitive cookie is deposited on the parent domain used for the CDDC.Piano Analytics does not store or exploit cookies that are not generated by its servers or tags.
To avoid the transmission of these sensitive cookies to our servers, please use them only on a specific domain (with subdomain), or use another parent domain than the one used for the custom domain data collection.