1

Chapter 6: Proxy Server in Internet and Intranet Designs

Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in Proxy Server Designs Proxy Server Design Optimization

2

Microsoft Proxy Server 2.0 and Microsoft Windows 2000

3

Proxy Server Design Review

Collect requirements and constraints. Consider

Data amount and confidentiality Accessibility to resources Plans for growth Existing proxy server characteristics Availability requirements

4

Proxy Server Design Decisions

Decisions based on requirements Proxy Server characteristics

Persistent or nonpersistent connections Types of Proxy Server clients Connection methods

Dynamic protocols or static routing tables

Multiple connections and proxy servers Network traffic filters

5

Proxy Server Features

Prevents unauthorized access Allows only authorized users Performs Network Address Translation

(NAT) Supports public and private IP

addressing Caches Web content locally Provides Internet connectivity

6

Web Content Caching Example

7

IPX to IP Gateway Designs

Provide Internet connectivity to Internetwork Packet Exchange (IPX)-based networks

Translate IPX packets to IP packets Each proxy server requires

Two interfaces for Internet connectivity security

IPX and IP configured Proxy Server client software on client

computers

8

Placing Proxy Servers in the Design

9

Proxy Server Interface Requirements

At least one network interface Two interfaces for Internet connections Specifications

Persistent or nonpersistent connection IP configuration information for IP networks IPX configuration information for IPX

networks

10

Proxy Server LAT Information

A proxy server uses the local address table (LAT).

Determines whether the address is in the private network.

Allows automatic or manual updating. Downloads the LAT to the client.

11

Proxy Server Client Support

Windows Proxy Server client Microsoft Internet Explorer 5.0 SOCKS Default gateway

12

Proxy Server Support for Client OSs

13

Proxy Server Data Protection

Packet filters Web publishing Domain filters User authentication

14

Protecting Private Networks

Packet filtering Web publishing

15

Packet Filtering Criteria

Direction Protocol ID Local port Remote port Local host IP address Remote host IP address

16

Web Publishing Criteria By default, Proxy Server discards inbound

requests to access Web and FTP servers in the private network.

Web Publishing feature gives Web and FTP access on the private network.

Proxy Server does one of the following if the URL is not on the Web Publishing list: Discards the request Redirects the request to the default Web site Redirects the request to any Web site on the

private network

17

Restricting Internet Access

18

Packet Filtering

Criteria based on IP headers. Use the same process as for filtering

inbound traffic. Specify outbound in the Direction

criteria.

19

Proxy Server Domain Filters

Filter requests based on Single IP address IP address range Fully qualified domain name (FQDN)

Reject or forward all packets.

20

Proxy Server User Authentication

Use the Active Directory directory service or a member server.

Allow or disallow specific users. Combine with filters to restrict

resources.

21

Proxy Server Optimization Techniques

Direction of traffic determines the method used. Web content cache Proxy array Network Load Balancing Round robin DNS

22

Web Content Caching

Active caching (default) Updates content based on a variety of criteria Reduces processor overhead Can increase connection costs

Passive caching Updates the content at client request Eliminates activity when clients are not on the

Internet Can increase traffic and overhead

23

Proxy Arrays

24

Proxy Server Hierarchy

Combining hierarchy and caching improves performance.

Top-level proxy server provides Internet access.

Lower-level servers forward requests.

25

Optimizing Private Network Access Network Load Balancing

Is included in Microsoft Windows 2000 Advanced Server and Microsoft Windows 2000 Datacenter Server

Works on Windows only Balances traffic across all proxy servers Requires additional memory

Round robin DNS Statically load balances traffic Works on all operating systems Improves performance but not availability

26

Chapter Summary

Use Proxy Server to provide IP and IPX Internet connectivity.

Base decisions on the organization’s requirements.

Protect data. Optimize for performance and

availability.