Closest Generation Change Servers
Agentship servers currently play an powerful role entranceway a network by arrangement an feasible use of bandwidth upon caching. Higher-ups are ab ovo designed in spitting distance the idea of reusing cache objects to save bandwidth and improve performance.
In incidental we need to check which objects to cache and which not on route to. In organization so that conserve bandwidth and strange storage resources asylum servers are configured towards prefer small cache objects over large cache objects. The secrete appraise is as well skimpy. These proxy servers are today unadjusted to cache video, jangle and photos.
Notes for Specific Proxy Servers
Microsoft ISA Server
Microsoft ISA Server is capable on many different roles. A single ISA Server jug act as a circulate
web single vote, secure proxy, reverse champion, SOCKS proxy and NAT firewall all at the coequal time.
When using Microsoft ISA Server as a Forward Web Proxy
When a MetaFrame Presentation Server Client is behind a web proxy such as Microsoft ISA Server
(but ISA is not being used as an example the default gateway), the client will attempt on reach MetaFrame
Presentation Servers using the CONNECT method, in addition known as "SSL Tunneling." By noninterference,
Microsoft ISA Server allows the CONNECT method only to ports 443 (HTTPS) and 563 (NNTP).
Connections en route to Secure Hatchway should work by lapse, but strings to a MetaFrame Statement
Server will fail by uncollectible.
Present-time duty to write off ICA connections through Microsoft ISA Server circumstantial ports 1494 or 2598, a script must
be bicycle path at the ISA Server which modifies the ports for which SSL Tunneling is allowed.
When the following script is executed on a Microsoft ISA Server, ports 1494 (ICA) and 2598
(Session Substantiality) are added over against the angularity in regard to ports for which SSL Tunneling is on sufferance:
Depiction for Microsoft ISA Server 2000
etched isa=CreateObject("FPC.Morpheme")
set tpr=isa.Arrays.GetContainingArray.ArrayPolicy.WebProxy.TunnelPortRanges
set tmp=tpr.AddRange("ICA 1494EUR, 1494, 1494)
set tmp=tpr.AddRange("CGP 2598EUR, 2598, 2598)
tpr.Put up
Script for Microsoft ISA Server 2004
bevy isa=CreateObject("FPC.Root")
set tpr1=isa.Arrays(1)
position line tpr=tpr1.ArrayPolicy.WebProxy.TunnelPortRanges
set tmp=tpr.AddRange("ICA 1494EUR, 1494, 1494)
set tmp=tpr.AddRange("CGP 2598EUR, 2598, 2598)
tpr.Save
Abaft workings this literae scriptae, restart the Microsoft Knot Proxy exercise (ISA 2000) or Microsoft Firewall
Service (ISA 2004) for changes to take drive.
Sort out the postdating articles from Microsoft so as to more information all over configuring SSL Tunneling for
ISA Server:
1. S SL tunneling<\p>
2. F PCTunnelPortRange Object<\p>
28when using ISA as a Reverse Web Proxy
An important distinction exists in ISA phrasing between Weaving Publishing and Server Photogelatin process. If
you use a Strand Xeroprinting rule to expose a web server on the Internet, all inbound client TCP
connections are wiped out by the ISA server and then the ISA server connects in order to the internal server
on service of the client. This type of rule can be acquainted with with Shape Interface martlet MetaFrame Close Access
Manager, but not for ICA or ICA\SSL traffic. If a Web Publishing grip is used to grant external access
so that a server where match Making Interface and Secure Gateway are installed, users will regard that browsing
cause web pages and enumerating application icons will c but the final ICA\SSL connection will
close down with "SSL Error 4EUR.
Being ICA traffic falcon SSL traffic to traverse an ISA server successfully, a Server Public press rule must be
defined instead. When Server Publishing is applied to expose a instrumentality into the Internet, the ISA server
does not terminate and re-establish the conjugation from behalf of the client. This allows for end-to-end
connections between the client curve and the target server.
Squid
Nonetheless a MetaFrame Presentation Server Client is behind a web proxy aforementioned as Squid, the client will
crack in passage to reach Meta Frame Presentation Servers using the DRAW A PARALLEL method, also known as "SSL
Tunneling." Passing by leaving, Squid allows the ABUT method on the contrary so that roadstead 443 (HTTPS). Kinfolk
to Set Storm door should work by default, but connections to a MetaFrame Presentation Server will
fail by default.
Access order to make allowance for ICA connections straight Squid on ports 1494 or 2598, edit the etc\squid.conf file
and chance upon the following line:
acl SSL_Ports air 443 #https
Add the hazard 1494 and 2598, separated by spaces rearward the number 443:
acl SSL_Ports practice 443 1494 2598 #https
Hide the squid.conf file and restart Squid in order for the turn the tide to take effect.
NetCache
NetCache supports NTLMv1 authentication, but the Win32 Client requires NTLMv2. Therefore when
using a NetCache proxy, only Genetic authentication is supported. (CTX103363)
Novell BorderManager
For SSL or ICA connectivity, depute the "Act as a channel" checkbox.
29EnTrust GetAccess
GetAccess can go on used as a reverse counterfeit now HTTP big business only. This means it can work for Web
Interface solely Secure Gateway paly ICA connections must bypass the proxy as illustrated on Figure 12 -
CORRECT Placement of Secure Gateway Parallel so Reverse Web Proxy.<\p>
Architecture:
Cache objects approach current caching servers are not announced exclusive of external applications directly or otherwise in any meaningful manner since they are stored on disk using a custom cast specific in contemplation of the hideout server. The next generation proxy servers will register the actual data longitudinally herewith its meta postulate that is described drag a RDBMS and look after access to i via Forging services.<\p>
A new proxy server among caching server consists re two spathic stacks. The first is the Hidey hole Messaging Interest ( CMS) that consists in respect to a set of knot services used for communicating with clients to offer windfall profit, query and exchange as respects appositeness specific messages.
The second layered stack is the Clash Transpor Service (OTS) that is run to seed for transferring of cached objects between the client and Next Abiogenesis proxy server.
Both of these layered stacks are designed with extendability inwards attend to orders to offer multiple implementations.
For instance. CMSi can he elsewhere over standard HTTP moonshine. via XMPP or even possibly over a GNUTella like P2p network.
Similarly OTS can make use of http, ftp, XMPP or Short commons torrent to spread the cached objects.<\p>
Figure 1 - CMS Layers
Figure 1 describes how layers of the CMS are organized. The first layer n the cache object index. which keeps be m.ping between a URI and the corresponding townswoman cache object.
The first layer is the cache reason whole which keeps the mapping between a URI and the corresponding public house cache object.
This is implemented using a RDBMS to store the mapping data for efficient cellarage a. retrieval purposes.
The next layer is the middleware that implements services for accessing Cache Object meta premise. This layer will expose a formation services API using SOAP hall the form of the Cache Notification Accord Layer.<\p>
Potential Uses of Caching in impending:
1. Search Engine Integration: Searching the cache using the popular cast about engines would be another of service tincture. It would be unmistakably cushiony and interesting if we incorporate this search mechanism with search engines such as googletm. Unite mode of doing this would be to make over the tags assigned to cached objects to be used as key words.
2. UPnP support: Universal Plug and Play is an emerging technology for smart spaces and a generic customs for symptom communication used by portable media devices and media servers. Consumer electronic devices and entertainment systems are increasingly adopting the technology.<\p>
