Professional Documents
Culture Documents
Server 2.0
Presentation Outline
One IP address
is visible. LAN
Internet
FTP Proxy
Gopher
HTTP
Traffic IIS
Win NT LAN
Web Server
www.company.com
MS Proxy Server as Web
Cache Server
Web Caching – process of storing Web
content locally to reduce network traffic.
Active and Passive.
Allow internal clients to have full Web
access behind the firewall without
compromising security.
Hierarchical Caching.
Distributed Caching.
Cache Example
Connection
to Internet
Content
Proxy Cached
Internet
Cache Hit!
50% Traffic
Saving
1st client 2nd client
Hierarchical Caching
Example
New York
Internet
Proxy
Boston Los Angeles
Proxy Proxy
Internet
Proxy 1
Proxy 2
Proxy 3
Proxy 4
Client Client Client Client Client Client
WinSock, SOCKS, Web
Proxy
Protocols allow the application clients to
communicate to application servers.
Performs three functions:
Interceptsconnection requests.
Sets up proxy circuit.
SOCKS Proxy.
Allows Unix, Mac and Window client application
that support SOCKS protocol specification.
Handles all TCP/IP traffic through the proxy
server.
Cannot Handle UDP based protocols.
Web Proxy
Web Proxy
Supports any CERN web browser.
Supports HTTP, FTP, SSL and Gopher
protocol.
Enables its caching capabilities.
System Requirements
WinNT Server 4.0 with service pack 3 or later.
IIS – Internet Information Server.
Network interface card.
CPU and disk space:
Intel based: 486/33MHz or higher & 125MB.
RISC based: RISC processor compatible with
WinNT 4.0 & 160MB.
16MB of RAM.
Examples of Capacity
Planning
Examples of Capacity
Planning
Small Office Network.
Medium-Size Office Network with a
Branch Office.
Large Enterprise Network.
Example of Small Office
Network
ISP
Interne
t Modem or ISDN line
Content
Proxy Server
Cached
(Win NT RAS client)
LAN
Proxy
Server
Web Server Mail Server
Array
LAN
Router Modem or ISDN Line
Proxy server
Web Server (Win NT
RAS client)
Web Server
Clients Clients
(Department LAN) Remote Branch Office
Branch Office Network
Characteristic . . .
A central office with several LAN segments.
A branch office with a single LAN segment.
Use of the IP network protocol.
Demand-dial connectivity from the branch office to the
central office.
Dedicated-link connectivity from the central office to an
ISP.
Fewer than 2,000 clients.
Auto Dial feature provides demand-dialing
from remote office to central office.
Branch Office Network
Cont . . .
Proxy-based computer set up at branch:
One NIC to the local network (branch).
One modem to remote network at the central office.
Caching is enabled to minimize demand-dialing
to central office and to reduce long-distance
phone charge.
Active caching should not be used at remote
branch.
Branch Office Network
Cont . . .
Global Security policy:
Administrated at central office.
Central office can also set and override local policy.
Remote branch proxy has no direct Internet
access.
All clients requests are routed upstream to
the proxy array at central office.
Example of Large
Enterprise Network
Internet Router
ISP Proxy Server
Array
Router on T1 line
Corporate
Network Proxy Server
Mail Server Web Server Array
LAN
Router Web Server Router
Web Server
Clients Clients
Department LAN Department LAN
Large Enterprise Network
Characteristic . . .
A central corporate office with many LAN
segments and a backbone LAN.
Several branch offices, each with a single LAN
segment
Use of both IP and IPX network protocols.
Demand-dial connectivity from the branch office to
the central office.
An ISP & Dedicated-link connectivity from the
central office to an ISP.
More than 2,000 clients.
Large Enterprise Network
Cont . . .
Proxy array is used for:
Distributed caching.
Load balancing.
Fault tolerance.
Routing page.
Publishing page.
Service Page Notes
Product release and ID.
Current sessions – current user info.
Shared service:
Security – packet, domain filtering, alerting
and logging.
Array, Auto Dial, and Plug & play.
Configuration:
Clientconfiguration, LAT, server backup
and restore.
Service Page
Current Sessions
Client Installation
Logging Page Notes
Sets logging options for web proxy, WinSock
proxy, and SOCKS proxy.
Provides auditing trail.
Records client, server, connection, and object
information.
Can log to text file or SQL/ODBC database.
Database file requires more resources.
Logging Page
Permissions Page Notes
Grant or deny access to services.
Can provide unlimited access to an
individual user group.
Permission based on protocol via
protocol definition.
For example:
FTP.
FTP Read.
Permission Page
Caching Page Notes
Sets location and size of the disk
cache.
Enable or disable caching.
Can specify how often to update cache.
Increase cache size does not effect the
data already cached.
Delete all cached content by setting
cache size to zero.
Caching Page
Routing Page Notes
Information on directing client requests
for Internet objects.
Direct connection or use proxy.
Can enable backup route.
Can enable routing within proxy array
before routing upstream.
Can also configure web proxy clients.
Routing Page
Publishing Page Notes
Configures publishing requests.
Configures Reverse proxy and hosting.
Incoming requests:
Discard.
Sent to local web server.
Sent to another web server.
Caching on command.
Client IP address forwarding.
Automatic content discovery
Dynamic proxy routing.
Enterprise Management.
Fine Grained Filtering.
Administrative Control.
Caching on Command
Automatically update and caches
frequently accessed documents.
Documents or entire sites can be
preloaded into the cache, and
administrators can schedule updates of
cached content.
Client IP Address
Forwarding
Sends clients IP address to remote
server if the Proxy is one of a chain of
internal proxies.
Enterprise
Management
Centralize Management.
Support LDAP.
Uses Directory Server to manage users and
password centrally.
Clustered Management.
Manual Configuration Files.
Custom log formats.
Fine Grained Filtering
Access controls for sites, documents,
and protocols.
Content filtering - built-in virus scanning.
Cross - platform generic protocol
support.
Administrative Control
Ensures that users access network
resources safely and productively.
Can specify distinct access controls based
on access type.
Allows administrators to create custom
HTML files to be returned to users when
access is denied.
Netscape Proxy Server
Implementation
Bottleneck locations for implementing
Proxy Server.
Internet Gateway—Forward Proxy.
Branch Office—Forward Proxy.
PC
Firewall
Branch Office—Forward
Proxy
Multiple proxy server allows chaining
proxies together to create a hierarchical
caching system
Proxy chaining allows multiple
Netscape Proxy Servers to cache
content locally setting up a hierarchy of
servers for client access.
Proxy Server at Remote and
Internet
Proxy
Firewall
LAN PC
Internet Gateway—
Reverse Proxy
Proxy Server is placed outside firewall to
represent a content server to external clients.
Expose selected content without exposing
web servers that host it or other elements of
private network.
Multiple reverse proxy servers can be used to
balance the load on an over-taxed web
server.
Reverse Proxy Server
PC
Firewall PC
Architecture
Dual-Homed Reverse Proxy
Host Server Stand-in
Architecture Load Balancing
Screened Host
Screened
Subnetwork
Dual-Homed Host
Architecture
Has two network interfaces, one
connected to an internal LAN and the
other to the Internet.
Incorporates a firewall software
package.
Provides caching, fine-grain filtering and
virus scanning.
Proxy Server with a Dual-Homed
Host Firewall
LAN
Internet Client
Client
Interne
t
Router Client
Proxy
Server
Proxy Server Implemented
Behind a Screening Firewall
LAN
Client
Interne
t
Client
Firewall Proxy
Software Server
Router
Screened Sub-network
Consists of multiple routers sandwiching a
non-secure network that is outside or part of
the firewall solution.
Commonly referred to as a DMZ
(demilitarized zone). Proxy is deployed in
DMZ and is allowed access to both internal
and external networks through routers.
Popular architecture choice for larger
organizations with heavily trafficked
gateways.
Proxy Server in Reverse Mode as
a Stand-in for a Web Server
Client
Interne
t
Interne
t
Firewall
DNS Server Enterprise
Server
Reverse
Proxies
Possible enterprise
implementation
Bottlenecks Central Office LAN BRANCH LAN
OFFICE
Subnet
Client Client
Client Client
Proxy 2
Interne
t
Client
Client
Proxies Proxy 3
Proxy A
Router Router
Configuration
Automatic Client Configuration.
Caching.
Templates.
Filtering.
Server Plug-in Functions.
Automatic Client
Configuration
Enables automatic proxy configuration in
Navigator clients on intranet.
Administered by a Proxy Automatic
Configuration (PAC) file.
PAC allows load balancing across multiple
proxy servers and alteration of proxy
architecture without modifying end user
settings.
Caching
Caches should be approximately 1 GB
per partition and spread across multiple
disk controllers.
Refer to Administrator’s Guide for in-
depth instructions on creating batch
update configurations.
Templates
An object created in Proxy Server’s object
configuration file, obj.conf.
Used to assign unique procedures to
specific URLs.
Can make the server behave differently
depending on the URL the client tries to
retrieve.
Allows customization of how Proxy Server
interacts with clients.
Server Plug-in Functions
Extends capabilities of proxy by using
Netscape Server Plug-in Application
Programming Interface, NSAPI.
Set of functions and header files use to create
functions in the server configuration files.
AuthTrans, PathCheck, NameTrans,DNS, Connect,
Addlog.
Use to create functions that uses a custom
database for access control or create custom
log files with special entries.
Maintenance/Upgrade
Maintenance
Tuning the Servers
Monitoring the Servers
Upgrade
Growth Issues
Licenses
Software Updates
Tuning Servers
Time-outs.
Up-To-Date Checks.
DNS Lookups:
Enable DNS Caching.
Log Only Client IP Addresses.
Disable Reverse DNS.
Avoid ACLs with Client Host Names.
HTTP Keep-Alive.
Monitoring Servers
Analyzing Logs.
Monitoring Performance:
CacheUtilization.
CPU Utilization.
Memory Utilization.
Upgrade
Growth Issues
Isproxy services strategic for business?
Network bandwidth saturated?