Proxy Cache Server Features

Netra j implements a full-featured proxy cache server that you can incorporate seamlessly into your organization's internal network. The Netra j proxy cache server includes the following features:

• Compatible with Squid, Harvest, and CERN proxy standards.

• Supports the Inter Cache Protocol (ICP).

• Caches HTTP 1.0, FTP, and Gopher objects. This list includes, among other types, GIF, JPEG, and.exe.

• Supports Secure Sockets Layer (SSL) tunneling.

• Supports persistent HTTP connections, commonly referred to as "keep-alives."

• The cache persists across reboots.

• Provides configurable cache-object expiration times. The proxy cache software ages and deletes a cache object based on attributes specified in its uniform resource locator (URL). The product offers a flexible scheme for cache-object expiration.

• Offers a flexible scheme for setting a cache object to non-cacheable, based on its URL.

• Supports dynamic parent failover: If the proxy cache server has multiple parents and is connected to a parent that fails, the server fails over to the next available parent. Furthermore, the proxy cache server detects when the original parent comes back online.

• Supports conditional retrievals; for example, can retrieve an object if it has been modified in the last day. You can modify the time threshold to suit your needs.

• Caching software imposes no limit on the amount of data cached.

• Enables you to build hierarchies of proxy servers. See "Hierarchies".

• Offers a number of auditing features, including hit statistics, detailed user access logs, bandwidth usage statistics, and a number of other proxy- and cache-related statistics.

• Ships with an SNMP MIB and agent, so that you can manage a Netra j proxy cache server from an SNMP-conformant management platform, such as Solstice(TM) Domain Manager(TM).

• Offers a variety of filtering features, including blocking and redirecting of HTTP requests based on URL, host name, or user.

• Ships with a set of web-based tools for product configuration and monitoring.

Hierarchies

With the Netra j proxy cache server you can create hierarchies of proxy cache servers simply by pointing proxy cache servers to succeeding proxy cache servers as you proceed toward a firewall.

The following figure illustrates a simple hierarchy of proxy cache servers.

Figure 10-1 Simple Hierarchy

Legend:

1. Client browser

2. Netra j proxy cache server A

3. Netra j proxy cache server B

4. Netra j proxy cache server C

5. HTTP Requests/Responses

6. Firewall

7. Internet

Browser (1) points to proxy A. Proxy B is parent to A. Proxy C is parent to B.

In this sample hierarchy, assume the client browser requests a web object that originated somewhere in the Internet and is, at the moment, not in Netra j proxy cache server A's cache. The following sequence ensues:

1. Machine A checks with its parent, machine B.

2. Likewise, B does not have the object in its cache and checks its parent, machine C. If C does not have the object, it goes out through the firewall to the web server to obtain it.

3. Machine C returns the object--obtained from a remote web server or its local cache--to machine B.

4. Machine B returns the object to machine A.

5. Machine A returns the object to the requesting client.

If the object is cacheable, each proxy stores a copy upon receipt. Note that communication between parent proxies is over TCP connections.

Netra j proxy cache software also supports a variation of the preceding scenario. This variation is shown in the following figure.

Figure 10-2 Multiple Parent Proxies

Legend:

1. Client browser

2. Netra j proxy cache server A

3. Netra j proxy cache server B

4. Netra j proxy cache server C

5. Netra j proxy cache server D

6. HTTP Requests/Responses

7. Firewall

8. Internet

Browser (1) points to A. Proxy B and proxy C are parents to A. Proxy D is parent to B and C.

In this example, if a client requests an object of its proxy server, machine A, that is not in A's cache, machine A relays the request to its two parents, machines B and C. If one of the parents has the object, it returns the object to A. If neither has the object, machine A forwards the request to the parent that responds faster, assuming that machine to be less loaded and/or have a better network connection.

If you configure multiple parents, the Netra j proxy cache software enables you to give greater weight to one or the other, or to set up one as the default. When no parent (of multiple parents) has a requested object, the "child" proxy always forwards the request to the default parent.

Monitoring and Managing Proxy Services

The Netra j proxy cache server offers three different types of tools for monitoring the state of proxy-caching services:

• You can monitor proxy cache services through web pages. See "Monitoring a Netra j Proxy Cache Server" for a description of the monitoring web pages.

• You can monitor proxy cache services through web-based log tracing tools. See "Proxy Cache Log Files" for a description of the various types of logs available.

• You can use any SNMP-conformant management platform (such as Solstice Domain Manager) to monitor and manage a Netra j proxy cache server through Management Information Bases (MIBs) included in the Netra j proxy cache software. The software also supports a set of traps that notify you of critical events, ranging from a down server to a failure report on a server component. See "Configuring SNMP Services".