Chapter 1 Overview

• "Netra Proxy Cache Server Features"

• "Monitoring and Managing"

The Netra Proxy Cache Server is a full-featured proxy cache server that you can incorporate seamlessly into your organization's internal network.

Available for the Netra Proxy Cache Server product is the at-cost option of array software, which allows you to create an array of Netra Proxy Cache Servers that provide a single, highly reliable and available proxy cache service.

Netra Proxy Cache Server Features

The Netra Proxy Cache hardware and software implement a proxy cache server with a set of comprehensive features.

Features

Netra Proxy Cache Servers support the following features:

• High-performance CPU with memory and disk amounts chosen for optimum performance in proxying and caching. (Details of the hardware configuration are spelled out in the hardware documentation that accompanies the product.)

• Compatible with the Squid, Harvest, and CERN proxy standards.

• Supports the Inter Cache Protocol (ICP).

• Caches HTTP 1.0, FTP, and Gopher objects. This list includes, among other types, GIF, JPEG, and.exe.

• Supports Secure Sockets Layer (SSL) tunneling.

• Supports persistent HTTP connections, commonly referred to as "keep-alives."

• The cache persists across reboots.

• Configurable cache-object expiration times. The Netra Proxy Cache software ages and deletes a cache object based on attributes specified in its uniform resource locator (URL). The product offers a flexible scheme for cache-object expiration.

• Similar to the preceding point, the software offers a flexible scheme for setting a cache object to non-cacheable, again, based on its URL.

• Supports dynamic parent failover: If Netra Proxy Cache Server has multiple parents and is connected to a parent that fails, the server fails over to the next available parent. Furthermore, the Netra Proxy Cache Server detects when the original parent comes back online.

• Supports conditional retrievals; for example, can retrieve an object if it has been modified in the last day. You can modify the time threshold to suit your needs.

• Caching software imposes no limit on the amount of data cached.

• Enables you to build hierarchies of (or collections of peer) proxy servers. See "Hierarchies".

• Offers a number of auditing features, including hit statistics, detailed user access logs, bandwidth usage statistics, and a number of other proxy- and cache-related statistics.

• Ships with an SNMP MIB and agent, so that you can manage a Netra Proxy Cache Server from an SNMP-conformant management platform, such as Solstice(TM) Domain Manager.

• Offers a variety of filtering features, including blocking and redirecting of HTTP requests based on URL, hostname, or user.

• Shipped with a set of web-based tools for product configuration and monitoring.

Hierarchies

An important feature of Netra Proxy Cache Server is the ability it gives you to create hierarchies of proxy cache servers or, a related feature, create collections of sibling servers. You can create hierarchies simply by pointing proxy cache servers to succeeding proxy cache servers as you proceed toward a firewall. Alternatively, you can take advantage of Netra Proxy Cache software's support for the Inter Cache Protocol (ICP) to build sibling and parent relationships among proxy cache servers.

When you configure a set of Netra Proxy Cache Servers as an array, automatically, those servers become ICP siblings, so that the cache is extended over all of the machines in the Netra Proxy Cache Array.

Figure 1-1 illustrates a simple hierarchy of proxy cache servers.

Figure 1-1 Simple Hierarchy

Referring to Figure 1-1, assume the client browser requests a web object that originated somewhere in the Internet and is, at the moment, not in Netra Proxy Cache Server A's cache. The following sequence ensues:

1. Machine A checks with its parent, machine B.

2. Likewise, B does not have the object in its cache and checks its parent, machine C. If C does not have the object, it goes out through the firewall to the web server to obtain it.

3. Machine C returns the object--obtained from a remote web server or its local cache--to machine B.

4. Machine B returns the object to machine A.

5. Machine A then returns the object to the requesting client.

If the object is cacheable, each proxy stores a copy upon receipt. Note that communication between parent proxies is over TCP connections.

Netra Proxy Cache software also supports a variation of the preceding scenario. This variation is illustrated in Figure 1-2.

Figure 1-2 Multiple Parent Proxies

Referring to Figure 1-2, if a client requests an object of its proxy server, machine A, that is not in A's cache, machine A relays the request to its two parents, machines B and C. If one of the parents has the object, it returns the object to A. If neither has the object, machine A forwards the request to the parent that responds faster, assuming that machine to be less loaded and/or have a better network connection.

If you configure multiple parents, the Netra Proxy Cache software allows you to give greater weight to one or the other, or set up one as the default. When no parent (of multiple parents) has a requested object, the "child" proxy always forwards the request to the default parent.

In addition to supporting hierarchies of parent proxies, the Netra Proxy Cache Server supports sibling proxies. The sibling scenario is illustrated in Figure 1-3.

Figure 1-3 Sibling Proxies

Referring to Figure 1-3, assume a client browser requests an object that is, at the moment, not in Netra Proxy Cache Server A's cache. The following sequence ensues:

1. Machine A checks with its parent, machine B. Machine A has no awareness of machines C and D.

2. Likewise, B does not have the object in its cache. Using ICP over UDP, machine B checks its siblings, machines C and D. If either of those machines has the object, it returns the object to machine B, which returns it to machine A.

If none of B, C, and D have the object, the request is forwarded to B's parent, machine E.

It is important to note that queries among siblings are over the relatively lightweight ICP exchanges, while communication among parents and transfer of web objects occurs over the relatively more resource-intensive TCP connections.

As indicated in Figure 1-3, the siblings (B, C, and D) form a Netra Proxy Cache Array. The establishment of sibling relationships occur automatically when you configure the array.

Note that you can add one or more Netra Proxy Cache Servers to any single proxy server shown in Figure 1-1, Figure 1-2, or Figure 1-3 to form a Netra Proxy Cache Array. For a proxy server that relies on a parent, pointing to single machine is no different from pointing to a Netra Proxy Cache Array. That is, the child proxy requires no additional configuration and needs no awareness that the proxy service is provided by multiple hosts.

Monitoring and Managing

The Netra Proxy Cache Server offers web-based tools that enable you to monitor:

• An individual server

• An array

• The state of the proxy cache service, for an array and a server

There are also web pages that enable you to monitor proxy-cache-related log files. See Chapter 13, Monitoring a Netra Proxy Cache Server," for a description of the monitoring web pages. See Chapter 15, Monitoring Proxy Cache Log Files," for a description of the various types of logs available.

The Netra Proxy Cache product is shipped with Management Information Bases (MIBs) that enable you to use any SNMP-conformant management platform (such as Solstice Domain Manager) to monitor and manage a Netra Proxy Cache Server. The software also supports a set of traps that notify you of critical events, ranging from a down server to a failure report on a server component.

The Netra Proxy Cache MIB is described in detail in Chapter 13, Monitoring a Netra Proxy Cache Server.