Use the hardware agent to solve the problem of users ' Internet

Source: Internet
Author: User
Tags ad server firewall

I. Demand analysis

A group is a number of enterprises to restructure the establishment of large-scale design consulting enterprises, under more than 10 branches, the number of Internet access. There are many webserver external services, a large number of visits a day. In the past, whether the Squid+iptables under Linux, or Microsoft's isaserver in the provision of Internet proxy access services, the implementation of user authentication can not complete the needs of the proxy Internet needs, these software proxy server can not afford all users of the network access agent services, When the user volume increased, performance will be slow to endure, and the software Proxy Server maintenance is not the software itself out of the problem is the operating system is attacked, in the Trojan, maintenance is quite troublesome, our network department will often be a sudden network terminals by users complained.

After this, and the use of PIX to do NAT Internet program, a start speed can also, can later deteriorate, know reboot machine, this way under the firewall provides effective access control, but many of them are not designed to detect and mask the application layer of the attack of PIX such firewall, Their main function is not designed for user control, only using a border firewall is not enough now 70-80% intrusion temptation is for the Web application port recently, plainly through IE inflow, almost all hacker software is moving to the Web platform, many Trojans will open a big hole in the firewall, Penetrated in. The firewall can not effectively control the communication and provide security, so the effect of the application is not ideal.

After investigation, select hardware Agent equipment, contacted Bluecoat, NetApp and two companies to do the test, the two products become a dazzling web front-end accelerator of the best "miniature", when bluecoat in mainland China without sales and services, so only one. NetApp is a company that started with Web caching (cache) technology, his hardware agents consist primarily of these technologies: TCP multiplexing, load balancing, caching, and SSL acceleration, providing the most comprehensive caching capabilities in configuration and management, improved web security, performance, authentication, streaming media support , logs and reports provide fairly good functionality and graphical display, and the price we can accept, so choose this device to do more in-depth testing.

The test process is as follows:

Enterprise Network Map

Test environment:

1, the entire group of actual users 2000 users, concurrent with 1000 users

2, the main corporate proxy users concentrated in Beijing, other branches of the proxy in the local. But the user network authentication, in the head office Windows2008 AD Server

3, the new equipment to the network as shown above (note must be connected to the network, generally after firewall, and do not map the convenience and Bypass access network)

Test objects include users who access the Internet through proxy servers, protocols that can be used, content filtering, providing log data, using access control lists, restricting and preventing unauthorized users from accessing specific services, using internal databases, LDAP, NTLM, and RADIUS platforms. Support for user and group authentication

Now let's look at the basic configuration of this hardware agent:

Cpu Intel2ghz
Disk drives 6 Block 180GB (SATA interface for RAID0, read and write fastest, most efficient)
Memory 4GB
Network interface 3x10/100/1000 Network card
Operating system Dedicated Security OSNetappRelease5.9 (Unix-like system)

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.