Post on 30-Jan-2016
1
Chapter 6: Proxy Server in Internet and Intranet Designs
Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in Proxy Server Designs Proxy Server Design Optimization
2
Microsoft Proxy Server 2.0 and Microsoft Windows 2000
3
Proxy Server Design Review
Collect requirements and constraints. Consider
Data amount and confidentiality Accessibility to resources Plans for growth Existing proxy server characteristics Availability requirements
4
Proxy Server Design Decisions
Decisions based on requirements Proxy Server characteristics
Persistent or nonpersistent connections Types of Proxy Server clients Connection methods
Dynamic protocols or static routing tables
Multiple connections and proxy servers Network traffic filters
5
Proxy Server Features
Prevents unauthorized access Allows only authorized users Performs Network Address Translation
(NAT) Supports public and private IP
addressing Caches Web content locally Provides Internet connectivity
6
Web Content Caching Example
7
IPX to IP Gateway Designs
Provide Internet connectivity to Internetwork Packet Exchange (IPX)-based networks
Translate IPX packets to IP packets Each proxy server requires
Two interfaces for Internet connectivity security
IPX and IP configured Proxy Server client software on client
computers
8
Placing Proxy Servers in the Design
9
Proxy Server Interface Requirements
At least one network interface Two interfaces for Internet connections Specifications
Persistent or nonpersistent connection IP configuration information for IP networks IPX configuration information for IPX
networks
10
Proxy Server LAT Information
A proxy server uses the local address table (LAT).
Determines whether the address is in the private network.
Allows automatic or manual updating. Downloads the LAT to the client.
11
Proxy Server Client Support
Windows Proxy Server client Microsoft Internet Explorer 5.0 SOCKS Default gateway
12
Proxy Server Support for Client OSs
13
Proxy Server Data Protection
Packet filters Web publishing Domain filters User authentication
14
Protecting Private Networks
Packet filtering Web publishing
15
Packet Filtering Criteria
Direction Protocol ID Local port Remote port Local host IP address Remote host IP address
16
Web Publishing Criteria By default, Proxy Server discards inbound
requests to access Web and FTP servers in the private network.
Web Publishing feature gives Web and FTP access on the private network.
Proxy Server does one of the following if the URL is not on the Web Publishing list: Discards the request Redirects the request to the default Web site Redirects the request to any Web site on the
private network
17
Restricting Internet Access
18
Packet Filtering
Criteria based on IP headers. Use the same process as for filtering
inbound traffic. Specify outbound in the Direction
criteria.
19
Proxy Server Domain Filters
Filter requests based on Single IP address IP address range Fully qualified domain name (FQDN)
Reject or forward all packets.
20
Proxy Server User Authentication
Use the Active Directory directory service or a member server.
Allow or disallow specific users. Combine with filters to restrict
resources.
21
Proxy Server Optimization Techniques
Direction of traffic determines the method used. Web content cache Proxy array Network Load Balancing Round robin DNS
22
Web Content Caching
Active caching (default) Updates content based on a variety of criteria Reduces processor overhead Can increase connection costs
Passive caching Updates the content at client request Eliminates activity when clients are not on the
Internet Can increase traffic and overhead
23
Proxy Arrays
24
Proxy Server Hierarchy
Combining hierarchy and caching improves performance.
Top-level proxy server provides Internet access.
Lower-level servers forward requests.
25
Optimizing Private Network Access Network Load Balancing
Is included in Microsoft Windows 2000 Advanced Server and Microsoft Windows 2000 Datacenter Server
Works on Windows only Balances traffic across all proxy servers Requires additional memory
Round robin DNS Statically load balances traffic Works on all operating systems Improves performance but not availability
26
Chapter Summary
Use Proxy Server to provide IP and IPX Internet connectivity.
Base decisions on the organization’s requirements.
Protect data. Optimize for performance and
availability.