Microsoft Proxy Server 2.0

Microsoft Proxy Server 2.0

By Helen SarianNam TrieuRoy Chau

Nancy TrangXiao Xia Ren

Objectives of the Proxy Server

• Defining the Microsoft Proxy Server 2.0• Benefits• Features• System Requirements• Pricing• Different Sized Network• Configuration of Proxy Server• Proxy Relay• Advantages and Disadvantages of Proxy• Summary

Definition Of Proxy Server 2.0

• Extensible firewall• Content cache server• Provides Internet security• Improves network response time• Offers Web caching• Gateway with firewall-class security

between a LAN and the Internet• Blocks access to undesirable sites.

Purpose of Proxy Server

•

www.microsoft.com/technet

Benefits of Proxy Server

• High Performance Caching• Manageability & Control• Firewall Security

High-Performance Caching

• Accelerates access to the Internet• Offers unbeaten scalability• Fault-Tolerance

Manageability & Control

• Blocks access to undesirable web sites

• Supports centralized management tools

• Many cost saving benefits

Firewall

• Protects internal network while allowing connection to the Internet

• Real-time alerting and logging• Cannot protect against attacks

outside of the firewall and viruses

2 Types of Firewalls2 Types of Firewalls

• Application Level – Proxy Server

• No direct traffic between networks permitted

• Logging and access control

• Network Level – Router

• Route traffic directly, fast and transparent.

Features of MS Proxy Server 2.0

• Real-time Security Alerts• Reverse Proxy• Reverse Hosting• Server Proxying• Improved Performance• Hierarchical Content Caching• FTP and HTTP Cache Support• Web Administration

Real-Time Security Alerts

• Notification of network under attack

• Supports several alerting thresholds

Reverse Proxy

• Places web server behind Proxy server to Publish to the Web

• Web Server can maintain access to internal network services

Reverse Proxy

•

Proxy

ClientDept Connect

By LAN

Web Server

Secure Network

Internet

Reverse Hosting

• Extension of reverse proxy• Allows several web servers behind

MS Proxy Server to publish on the Internet.* Web server can publish independently* Also, can appear as directories in a single large virtual web server.

Server Proxying

• Application Server can be behind Ms Proxy Server for added security.

• Similar to Web Server behind Proxy Server

• Example:MS Exchange Server computer can be placed behind you Proxy Server

Improved Performance

• Offers unbeaten performance for Internet connection

• Proxy Server 2.0 is 40% faster than Proxy Server 1.0

Hierarchical Caching

• Caching across a hierarchical connection of individual Proxy Servers

• Enables distributed deployment to branch offices and departments

FTP and HTTP Cache Support

• You can cache not only HTTP 1.0 objects

• You can also cache HTTP 1.1• FTP Objects• Greater control over the Tim-to –

Live (TTL) setting • As well with MS Proxy Server

version 2.0

Web Administration

• You can administer MS Server locally or remotely

• Via a Web browser for added Management flexibility

• Ease-of-use• You can even create HTML error

pages

System Requirements for MS Proxy Server

• Computer / Processor• Memory• Hard Disk• Display• operating System• Peripherals

Computer /Processor of MS Proxy Server

• 486/33 MHz or Higher• Pentium or Pentium PRO Processor• Intel Pentium 133 MHz

supports up to 300 desktop PCs• Intel Pentium 166 MHz

supports more than 300 desktop PCs also supports DIGITAL Equipment Alpha Processor /AXP

Hardware

• 1 to 300 clients: Pentium 133 with 2 GB of cache and 32 MB of RAM

• 300 to 2,000 clients: Pentium 166 with 2 to 4 GB of cache and 64 MB of RAM

• 2,000 to 3,500 clients: Pentium 200 with 8 to 16 GB of cache and 256 MB of RAM

Memory of MS Proxy Server

• 24 MB of RAM• 32 MB RAM

supporting up to 300 desktop PCs• 64 MB RAM

supporting more than 300 desktop PCs

Hard Disk MS Proxy Server

• 20 MB of available hard disk space minimum

• For caching 100+ MB recommended

Display of MS Proxy Server

• VGA• Super VGA• Video Graphics adapter

– Compatible with Windows NT Server 4.0

Operating System of MS Proxy Server

• Microsoft Windows NT Server version 4.0

• With windows NT Server 4.0 Service Pack 3 or greater

Peripherals

Microsoft Internet Information server 3.0 or greater

MS Proxy Server Pricing

• Microsoft Internet Security & Accelerate Server 2.0 English North America CD– Version: 2.00– Part Number: 621-00135– Environment: Win NT– Media: CD– Estimated Price: $999.00

Pricing Cont..

• Microsoft Internet Security & Accelerate Server 2.0 English Competitive/Version Upgrade North America CD– Version: 2.00– Part Number: 621-00138– Environment: Win NT– Media: CD– Estimated Price: $509.00

Different Sized Networks

• Small Office Network• Medium-Size office Network • Large Enterprise Network

Small Office Network

• Single LAN segment• Connectivity to an ISP• Supports fewer than 300 clients• NIC to the internal network• Modem to the external network

(Internet)• Uses Auto Dial for dialing to the

Internet

Small NetworkInternet

Internet ServiceProvider

ProxyServer

Client Web ServerClient

Small Office Network Security

• Password identification required• User permissions• Protocol definitions• Domain, cache, and packet

filtering

Small Network on LAN

www.3com.com/smallbusiness

Medium Sized Network

• Branch office with several LAN segments• Central office has a single LAN segment• Demand-dial connection from Central

office to the Branch office• Supports fewer than 2000 clients• Auto Dial used for dialing between offices• NIC to local network (branch)• Modem to network in the central office

Large Enterprise Network

• Central location with LAN segments with a backbone LAN

• Branch offices, each with a single LAN segment

• ISP and Dedicated Link connection from central location to an ISP

• Supports over 2000 clients

Auto Dial

• Proxy Servers dialing technique to an ISP for Internet connection

• Uses Windows NT ‘s (Remote Access Service) and Dial Up Networking to connect with an ISP

Advantage of Auto Dial

• Save company Internet charges– Event-Driven (is activated only when

Internet connection is needed– Regulates usage – connect Internet

only during office hours

Dial Up Networking

• Purpose– Connect client to remote networks

• Phonebook entry can store all the required settings to connect a remote network– Personal– Company (public access)

Proxy server configurationProxy server configuration

• Uses Internet Service Manager.• Proxy services

– Caching page• Definition of cache• Types of cache• Application benefits from larger caches

– Routing page– Publishing page– Permission page

Caching PageCaching Page

Cache

• Definition of cache• Types of caches• Applications that benefit from

larger caches

Definition of cache

• A cache is a small, higher speed memory system which stores the most recently used instructions or data from a larger but slower memory system (something more or less temporarily).

• Web pages you request are stored in your browser’s cache directory on your hard disk.

Types of Caches

• Local server caches– Ex. Corporate LAN servers or access provider

servers that cache frequently accessed files.

• A disk cache– Either a reserved area of RAM or a special

hard disk cache where most recently accessed data is stored for fast access.

• Ex. L2 cache memory which is on a separate chip from the microprocessor but faster to access than regular RAM.

A disk cache.A disk cache.

Cont. types …

• Ex. L1 cache memory on the same chip as the microprocessor.

• International, national, regional, organizational and other “macro” caches to which highly popular information can be distributed and periodically updated and from which most users would obtain information.

Applications that benefit from larger caches

• Use of Apple GeoPort Telecom Adatper

• Computationally intensive applications such as 3-D rendering

• Games, particularly 3-D types such as Marathon and Descent

• SoftWindows

Proxy Relay

• Internet Firewall to protect the Intranet

• Intranet Firewall Window• Static Router

Proxy Relay

• Proxy Server must be located on the WAN

• May not be located on the LAN• Problem with a proxy server on a

LAN is that each client must be configured to support the proxy, which will have more administration tasks.

Proxy Relay cont…

• If proxy server is already installed on LAN, it is better to move it to WAN– Enable Automatic Proxy Forwarding,

meaning Internet Firewall will automatically forward all Web proxy requests

Installing a proxy on the WAN

• To install the proxy server on the WAN port, first configure the Internet Firewall’s intranet settings to allow LAN users to access the proxy.

1. Install the proxy server– Install and configure using a valid IP

address– Proxy server connect to a hub that is

connected to the WAN port on the Internet Firewall

Installing cont….

• Configure the Web Proxy Relay– Click Advanced, and then select the

Proxy Relay tab– Configure the Web proxy relay

• Web traffic is directed to the proxy without reconfiguring all the Web browsers on the LAN

Proxy Relay Window

http://support.3com.com/infodelit

Installing the Internet Firewall

1. Connect the Ethernet port labeled LAN on the back of the Internet Firewall to the network segment that will be protected against unauthorized access.

2. Connect the Ethernet port labeled WAN on the back of the Internet Firewall to the rest of the network.

Internet Firewall to protect the Intranet

http://support.3com.com/infodelit

Installing Firewall…

• Connect the power adapter to an AC power outlet and then connect it to the power port on the back of the Internet Firewall

• Click Advanced, select the Intranet tab• Using the inclusive method

– Include IP addresses of the machines which are connected to the Intranet Firewall’s LAN port

Installing Firewall…

• Using the exclusive method– Specify the IP addresses of the machines

connected to the Internet Firewall’s WAN port

• You can enter these addresses individually or as a range– Ex. 51 IP addresses from 192.168.23.50 to

192.168.23.100

• Click Update to send the configuration data to the Internet Firewall

Intranet Firewall Window

http://support.3com.com/infodelit

Static Routers

• If the LAN has internal routers, you must specify their addresses and network information

• Click Advanced, select the Static Routes tab

• Static Routes Window Boxes and Controls– LAN

• IP address and Subnet on the Internet Firewall’s LAN port

Static Routers…

• DMZ/WAN– IP addresses of the DMZ

• Add Route– Type the destination network of the router in

the Dest. Network box– IP address of the router as it appears on

Internet Firewall’s subnet in the Gateway box– Select LAN or WAN that the router is connected

to

• Click Update

Static Router

http://support.3com.com/infodelit

Network Settings

http://support.3com.com/infodelit

Advantages of Proxy Server

• Previously accessed pages will load much faster

• Improved security on the Internet• Protects the internal network from being

identified by the public.– Giving the network two identities:

• One for internal use• One for external use

• The cache can serve all users

Cont. Advantages…

• Proxy servers make better use of Internet bandwidth.– If you have limited bandwidth – Extremely high Internet traffic– You would benefit by using a proxy

server.

Disadvantages of the Proxy Server

• Unless some one has accessed a page before you it will not load faster

• Some forms might not be processed.• Proxy servers aren’t very helpful when

you have content that doesn’t lend itself to be cached– Ex. Common Gateway Interface Scripts

Cont. Disadvantages…

• A proxy server makes the audio and video stream less efficient

• The movements are jerkier and the sound and lip movements are skewed– Because it can only store repeatable

information.

The reasons for using Proxy servers

• Greatly reduce the amount of traffic on the internet due to the fact when a popular page is requested– It doesn’t need to be loaded from the

source every time.– The first time is requested it is cached

and every page is loaded from the proxy server.

Summary

• A proxy server intercepts all requests to the Web server to see if it can fulfill the requests by returning a locally stored copy of the requested information. If not, the proxy– Completes the request to the server– Returns the requested information to

the user– Saves it locally to fulfill future requests

Summary cont…

• Proxy Server can minimize employees in accessing non-related work sites

• Caching in different networks can minimize direct dialing to avoid long-distance phone charges.

• Firewall will prevent hackers attempts to the server