|Sun ONE Web Proxy Server 3.6 SP2 Installation Guide - UNIX Version|
Chapter 1 Before You Install
The following sections discuss the information you need to know before you install Sun ONE Web Proxy Server.
Sun ONE Web Proxy Server 3.6 SP2 for UNIX runs on these platforms:
- Sun (Solaris 2.6 and Solaris 8 operating environment with the Sun recommended patch set)
- HP-UX 11.0 operating system
- IBM AIX 4.3.3
- Other operating systems might be available from Sun or partners of Sun
Hardware and Software Requirements
Sun ONE Web Proxy Server requires specific software and hardware. Before you can install the server, your computer must have the following:
- A CPU with access to a CD-ROM drive running one of the supported UNIX operating systems listed in the previous section.
- A minimum of 32MB RAM; 64MB or more is recommended for machines that will handle heavy traffic
- 100MB hard disk space for the server, plus 5MB hard disk space for log files
- 2GB to 4GB recommended hard disk space for the cache directory (4GB to 8GB for sites with high traffic volume)
- A supported browser:
- A Domain Name Service (DNS) - For more information on DNS, see Making Sure DNS is Running.
Hardware Sizing Recommendations
When choosing the hardware for your proxy server, you should consider the number of incoming connections and the average transaction time of those connections. You probably will not know these numbers until your proxy server has been running for a while. Until then, you can use a typical proxy server setup. Table 1-1 describes the hardware in a typical proxy server setup.
Table 1-1    Typical Proxy Server
Entry-level Proxy Server
Typical Proxy Server
Up to 1,500
Entry to mid-level server
Minimum 32 MB; 64-128 MB for heavy traffic
Server Hard Disk
Minimum 20 MB; 100 MB recommended
2 to 4 GB
5 to 9 GB
A proxy server deployed on a UNIX machine can support approximately 3,000 users.This estimate assumes 300,000 requests per day under standard conditions and depends on the hardware you select.
For a UNIX system, each process uses about 200Kb of RAM for listening and 300-500Kb for working, which means that each process, or concurrent user, uses approximately 1MB of RAM. Concurrent users are generally an order of magnitude less than the total number of users. It is critical that you have enough actual RAM to hold all the processes in memory when they are active.
Table 1-1 shows the minimum amount of RAM you will need for your proxy server. You will generally need more RAM as your user base expands. Table 1-2 shows RAM sizes based on the number of users going through your proxy server. Large deployments should also consider a logging file system or non-volatile RAM to allow the server to perform asynchronous writes to the disk.
Table 1-2    Recommended RAM sizes
Number of users
The speed of the CPU does not affect performance as much as RAM and disk size. The CPU is normally not a bottleneck; however, proxy performance may scale with more or faster CPUs.
When determining the overall cache size, you should budget 1 to 20 MB per user. After deployment, continue to monitor the cache performance for increases in the cache hit ratio, and continue to increase your cache size until the cache hit ratio stops increasing.
When selecting a disk size for your cache, remember that smaller disks hold less but seak faster, while larger disks hold more but seak slower. Both options will demand the same bandwidth.
For the best performance, you should run Sun ONE Web Proxy Server on a dedicated machine.
Other Technical Requirements
Once you have the proper hardware and software necessary to install Sun ONE Web Proxy Server, you should make sure that you meet the following requirements:
- You know the host name and IP address of your server computer.
- Your server has a DNS alias. For information on creating a DNS alias for your server, see Creating a DNS Alias for the Server.
- Your server has a UNIX user account that it can run as. For information on creating a UNIX user account for your server, see Creating a UNIX User Account.
- You have two port numbers - one for the administration server and the other for the proxy server. For information on choosing port numbers for your server, see Choosing Unique Port Numbers.
Making Sure DNS is Running
DNS is the software used by computers on a network to translate standard IP addresses into host names. The software generally retrieves this information from a remote DNS server or a table maintained on the same computer. Without DNS, the proxy cannot connect to any remote hosts.
A fully qualified host name is a name for a specific server in the form machine.subdomain.domain, which is translated into a dotted Internet Protocol (IP) address by DNS. For example, proxy.iplanet.com is the machine proxy in the subdomain iplanet and the domain com.
The IP address is a set of four numbers separated by periods that specifies the actual location of a machine on the Internet or in an internal TCP/IP intranet. Each computer on the network has a unique IP address (sometimes called a dotted quad), but usually that IP address is given a host name for convenience. For example, the host name www.iplanet.com has the IP address 126.96.36.199.
When you install Sun ONE Web Proxy Server, some items on the installation forms require a server host name or an IP address.
To make sure DNS is running on your computer:
- At the , type nslookup and press Enter.
The nslookup program responds by printing the name and address of the DNS server:
Default Server: dns.iplanet.com
If nslookup cannot find an authoritative answer, it prints the names of any servers that might have an authoritative answer:
- To exit nslookup, type .
Creating a DNS Alias for the Server
If your server will run on one machine among many in a network, you or your system administrator should set up a DNS alias (such as proxy). A DNS alias is a a host name that points to another host name. Your machine can have only one real name, but it can have more than one alias. Creating a DNS alias allows you to change the actual host name or IP address of the server machine without having to change the proxy settings for the clients that use the proxy. For information on how to set up an alias, see the system administration manual for your platform.
Creating a UNIX User Account
You need a UNIX user account for the proxy server to run as. Most likely, you'll want the server to have restricted access to your system resources, so you should set up and run the proxy with a nonprivileged system user account.
For instructions on creating a new user account, see your system manual or a UNIX administrator's handbook.
When the proxy server starts and runs, it runs with the UNIX user account you specify during installation. Any child processes of the proxy and all files created by the proxy are created with this account as the owner.
You can use the account with the name nobody, but this might not work on your system. Some machines ship with a user identification (uid) of -2 for the user nobody. A uid less than zero generates an error during installation. Check the /etc/passwd file or the yppasswd database to see if the uid for nobody exists, and then make sure it is greater than zero. Otherwise, create a new user account with a uid greater than zero. As shown in Table , the default user ID for nobody depends on the platform.
It is strongly recommended that you use a dedicated user account for the proxy server.
Because the proxy server is configured through a web-based administration server, you might also want to create another user account for the administration server. You can run the administration server as root, and then start and stop the server when you aren't using it to configure the proxy server.
Choosing Unique Port Numbers
The proxy server uses two port numbers: one for the proxy server itself and another for the administration server. You specify these two port numbers during installation, but you can also change the port numbers after installation. Remember that other iPlanet servers located in the same directory as your proxy server will use the same administration server port.
The port numbers must be unique for each service on a computer. Port numbers for all network-accessible services on your machine are listed in the file . Industry standards for many kinds of ports already exist; for example, the standard HTTP port number is 80; for telnet, the standard port is 23; and for HTTPS, the standard port is 443. There is no standard port number for proxy servers; however, commonly used ports are 8000 and 8080. If you are unsure which port number to use, 8000 or 8080 is probably a good choice.
The administration server is typically run on a random port number above 1024. This makes it harder for unauthorized users to determine where your administration server is.
Before you choose a port number, make sure the port you choose isn't in use.
If you choose a port number less than 1024, you'll have to be logged in as root or superuser to start the proxy. After the proxy is bound to the port, the server changes from root or superuser to the user account you chose to run under. If you choose a port number greater than 1024, you don't have to be root or superuser to start the proxy.