Configuration

Previous page
Table of content
Next page
[Previous] [Next]

After you finish installing Proxy Server, most of your settings will already be configured, although you will most likely want to review your configuration or set up additional options not available from the Proxy Server installation program. The following sections deal with all aspects of configuring and administering Proxy Server in Windows 2000 except security, which is covered separately later in the chapter.

Administering Proxy Server

The primary way to administer Proxy Server is by using the Internet Services Manager MMC snap-in, although you can also administer proxy servers from a command prompt. Note that if you're remotely administering the proxy server, the computer you're administering the server from needs to use the same proxy client version number as your proxy server's version number. To use the Internet Services Manager MMC snap-in to manage your proxy server, follow these steps:

  1. Launch the Internet Services Manager snap-in from the Administrative Tools folder on the Programs menu.

  2. Select Internet Information Services in the console tree, and then choose Connect from the File menu.

  3. Enter the name of the proxy server you want to connect to (unless you're logged on to the proxy server locally, in which case click Cancel and skip to the next step).

  4. To configure Web Proxy, WinSock Proxy, or Socks Proxy, right-click the appropriate item in the console tree (Figure 30-10) and choose Properties from the shortcut menu.

    5. click to view at full size.

    Figure 30-10. The Internet Information Services window.

REAL WORLD  Using the Command Line and Scripts
If you often perform the same task on multiple proxy servers on your network, you may want to use the command-line interface, create scripts to automate the administrative chores, or both. A full discussion of scripting Proxy Server is outside the scope of this book. (Consult Proxy Server's Help system for more information on using the command line.) However, a small primer is in order. Proxy Server installs two command-line utilities: the RemoteMsp and the WspProto tools. The RemoteMsp tool allows you to remotely configure a proxy server from a command line or script, while the WspProto tool allows you to add, edit, and delete WinSock Proxy service definitions, also via the command-line interface.

Joining Arrays

To distribute the load of large networks with high-bandwidth connections to the Internet and to provide for fault tolerance, you can create an array of proxy servers. If you have only a single proxy server, you won't have an array, obviously, but when you create a second proxy server, you won't automatically have a proxy array until you explicitly join the servers into one. To join or create a proxy server array, from the console of one of the proxy servers follow these steps:

  1. Open the Internet Information Services MMC snap-in and right-click Web Proxy. Choose Properties from the shortcut menu to open the Web Proxy Service Properties window for that server, as shown in Figure 30-11.

    2. click to view at full size.

    Figure 30-11. The Web Proxy Service Properties window.

  2. Click the Array button and then click Join Array. Type in the name of another proxy server that you want to join into an array with, and click OK.

  3. If the other server isn't already part of an array, you'll be prompted to give the new array a name, as shown in Figure 30-12.

    4. Figure 30-12. The New Array dialog box.

  4. Type in a name for the new array and click OK. Click OK again to return to the main Properties window. Click Apply to effect the changes.

Setting the Client Configuration

You can set the client configuration for clients connecting to your proxy server by opening the Web Proxy Properties window. Here you can decide whether clients use the IP address or the computer name to connect to the server, and whether the Web browser is automatically configured during client setup. You can also modify the automatic browser configuration script. To set the client configuration, follow these steps:

  1. Open the Internet Information Services MMC snap-in and right-click Web Proxy. Choose Properties from the shortcut menu to open the Web Proxy Service Properties window for that server, shown in Figure 30-11 earlier.

  2. Click Client Configuration to open the Client Installation/Configuration dialog box shown in Figure 30-13.

    3. click to view at full size.

    Figure 30-13. The Client Installation/Configuration dialog box.

  3. By default, clients will connect to the server using its name. If necessary, you can change this to connect using the IP address. If you're using arrays, you can use a DNS name that resolves to all of the members of the array, improving fault tolerance and availability. Select the Manual option to allow the Mspclnt.ini file on each client to control connectivity. This can be useful if you're manually performing load balancing through several different IP addresses.

  4. By default, any Web browsers found on client machines are automatically configured when the proxy server client is installed. Clear the Automatically Configure Web Browser During Client Setup check box if you want to require manual configuration of Web browsers.

  5. Click the Properties button in the Browser Automatic Configuration Script box to change the default configuration options that are set by the automatic Web browser configuration.

  6. Click OK to finalize your changes, and then click OK again to apply them and close the Web Proxy Service Properties window.

Configuring Local Addresses

Your local addresses are maintained in the LAT that was created during initial installation. You can change this LAT at any point, using the Internet Information Services MMC snap-in. To configure Proxy Server's local addresses:

  1. Open the Internet Information Services MMC snap-in and right-click Web Proxy. Choose Properties from the shortcut menu to open the Web Proxy Service Properties window for that server, shown in Figure 30-11 earlier.

  2. Click Local Address Table to open the Local Address Table Configuration dialog box shown in Figure 30-14.

    3. click to view at full size.

    Figure 30-14. The Local Address Table Configuration dialog box.

  3. You can add address ranges here manually by typing them into the Edit box and clicking Add, or you can use the Construct Table button to allow Proxy Server to automatically configure what it can. Click Construct Table to open the Construct Local Address Table dialog box shown in Figure 30-15.

    4. click to view at full size.

    Figure 30-15. The Construct Local Address Table dialog box.

  4. By default, the private address ranges are automatically added to the LAT, as well as all addresses recognized from the internal IP routing table. If you elect to allow Proxy Server to use the internal IP routing table, you should specify the network cards it should read from to prevent adding addresses from the external interface. Once you've made your selections, click OK.

  5. A setup message will appear, warning you that the automatically constructed LAT might include external addresses. Click OK to return to the Local Address Table Configuration dialog box shown in Figure 30-14.

  6. The automatically configured LAT that Proxy Server is about to construct appears. Edit this LAT to remove any external addresses from the table or any other errors you encounter. If any local addresses aren't showing, add them in.

  7. Click OK to accept the changes to the LAT, and then click OK again to apply the changes and close the Web Proxy Service Properties window.

Configuring Auto Dial

On smaller networks that connect to the Internet with a dial-up connection, you can decide whether you want the proxy server to use autodialing and how it should occur. This might also be important where you use modems or a modem bank as a backup route to the Internet. To configure autodialing, follow these steps:

  1. Open the Internet Information Services MMC snap-in and right-click Web Proxy. Select Properties from the shortcut menu to open the Web Proxy Service Properties window for that server, shown in Figure 30-11 earlier.

  2. Click the Auto Dial button to open the Microsoft Proxy Auto Dial dialog box shown in Figure 30-16.

    3. click to view at full size.

    Figure 30-16. The Microsoft Proxy Auto Dial dialog box.

  3. By default, autodialing is disabled. You can enable dialing for WinSock Proxy and Socks Proxy, Web Proxy, or both. For Web Proxy, you can set autodialing as the default route to the Internet or use it as a backup route.

  4. Change the hours when autodialing is permitted by highlighting the hours during which you want to disable dialing. Highlighting acts as a toggle based on the status of the first square being highlighted. If the hour in the first square is enabled, the highlighted area will be disabled, and if the hour in the first square is disabled, the highlighted area will be disabled.

  5. Click the Credentials tab to choose the RRAS phone book entry to use for the connection. For more on RRAS and phone book entries, see Chapter 31.

  6. When you've completed your autodial configuration, click OK to return to the Web Proxy Service Properties window. Click OK again to accept the changes and close the window.

Backing Up and Restoring a Proxy Server Configuration

You can (and should) back up your Proxy Server configuration. This will allow you to restore all of your configuration changes should you have to reinstall Proxy Server or recreate the settings on another machine. Restores can be full restores or partial restores that include everything except machine-specific settings.

To back up your Proxy Server configuration, follow these steps:

  1. Open the Internet Information Services MMC snap-in and right-click Web Proxy. Choose Properties from the shortcut menu to open the Web Proxy Service Properties window for that server, shown in Figure 30-11 earlier.

  2. Click the Server Backup button and type the name of the folder to save the configuration to. The default is <msproot>\config. The filename will be in the form Msp<date>.mpc.

  3. Click OK to save the configuration, and then click OK to close the Web Proxy Service Properties window.

To restore an earlier Proxy Server configuration, follow these steps:

  1. Open the Internet Information Services MMC snap-in and right-click Web Proxy. Choose Properties from the shortcut menu to open the Web Proxy Service Properties window for that server, shown earlier in Figure 30-11.

  2. Click the Server Restore button to open the dialog box shown in Figure 30-17.

  3. Select a full or partial restore. A partial restore will restore all configuration settings except those that are computer specific.

    4. click to view at full size.

    Figure 30-17. The Restore Configuration dialog box.

  4. Type in the filename to restore, or use the Browse button to locate a saved configuration. The default extension for a saved configuration is .MPC.

  5. Click OK, and the configuration is restored without further confirmation. Click OK again to close the Web Proxy Service Properties window.

Configuring Web Proxy

In addition to the general, shared, service-related parameters that you can configure for Proxy Server, you can also configure specific parameters for Web Proxy, including caching, routing, Web publishing, and logging, the subjects of the next several sections.

Web Proxy Caching

Proxy Server can cache remote pages that are frequently accessed to reduce bandwidth demand on the Internet connection and improve the perceived speed to the client. By default, caching is enabled. To configure caching, follow these steps:

  1. Open the Internet Information Services MMC snap-in and right-click Web Proxy. Choose Properties from the shortcut menu to open the Web Proxy Service Properties window for that server.

  2. Click the Caching tab.

  3. Select your configurations and click OK to accept the changes and close the window, or simply apply the changes and leave the window open for further configuration changes.

The available caching options are as follows:

  • Enable Caching Enabled by default. You can control the behavior of the caching as well. Choices are

    • Updates Are More Important Checks are done for updates more frequently.

    • Equal Importance Balanced behavior.

    • Fewer Network Accesses Are More Important Proxy Server will keep cached items alive longer, increasing the number of cache hits.

  • Enable Active Caching Enabled by default. You can control the behavior as well. Choices are

    • Faster User Response Is More Important More prefetching of expected pages is performed.

    • Equal Importance Balanced behavior.

    • Fewer Network Accesses Are More Important Proxy Server will be less inclined to proactively prefetch pages to reduce the amount of network bandwidth used.

  • Cache Size You can use any local NTFS drive for caching. Click this button to change the size and location of proxy server cache files.

  • Advanced Gives you the ability to fine-tune the specific settings of the proxy server. If you think you need to fiddle with this—and you think you know why you're doing it—have fun.

Routing

Web Proxy can be directly connected to the Internet, or it can route Internet requests to another proxy server or an array of proxy servers, providing an additional layer of isolation and management. To configure routing on Web Proxy, follow these steps:

  1. Open the Internet Information Services MMC snap-in and right-click Web Proxy. Choose Properties from the shortcut menu to open the Web Proxy Service Properties window for that server.

  2. Click the Routing tab, as shown in Figure 30-18.

  3. Make your configurations and click OK to accept the changes and close the window, or simply apply the changes and leave the window open for further configuration changes.

    4. click to view at full size.

    Figure 30-18. The Routing tab of the Web Proxy Service Properties window.

The available settings on the Routing tab are as follows:

  • Use This Http Via Header Alias For The Local Server Enabled by default. The name of the server. This name is appended to the Http Via header for all proxied requests.

  • Upstream Routing Select either a direct connection to the Internet (the default) or choose to use another Web Proxy or array.

  • Enable Backup Route Possible only when the Use Web Proxy Or Array option is selected for Upstream Routing. This designates an alternate route to the Internet should the primary Web Proxy or proxy array be unavailable.

  • Routing Within Array Available only when this proxy server is part of an array. Enabled by default when part of an array. Client requests are routed within the array for cached objects. Or when a member is unavailable, other array members can service the request, distributing the load and caching across the array.

Web Publishing

Proxy Server allows servers downstream from the proxy server to publish to the Internet, using either reverse proxying or reverse hosting. Any computer on the internal network can be allowed to publish to the Internet with all incoming and outgoing requests being filtered by Proxy Server. Requests can be redirected to specific internal servers (reverse proxying), or Proxy Server can maintain a list of internal servers that are permitted to publish to the Internet, listen to requests for those servers, and respond for them. To enable Web publishing, follow these steps:

  1. Open the Internet Information Services MMC snap-in and right-click Web Proxy. Choose Properties from the shortcut menu to open the Web Proxy Service Properties window for that server.

  2. Click the Publishing tab, as shown in Figure 30-19.

    3. click to view at full size.

    Figure 30-19. The Publishing tab of the Web Proxy Service Properties window.

  3. Make your configuration selections and click OK to accept the changes and close the window, or simply apply the changes and leave the window open for further configuration changes.

By default, Web publishing is disabled. But when it is enabled, the following incoming Web server requests can be used:

  • Discarded Unless mapped, incoming requests go to the bit bucket.

  • Sent To The Local Web Server Unless mapped, incoming requests go to the Web server on the local machine.

  • Sent To Another Web Server Unless mapped, incoming requests go to the specified Web server.

  • Except For Those Listed Below Allows you to set up explicit mappings to different servers and route requests for the requested server to its mapped server.

Logging

By default, Proxy Server logs a variety of information about the use of Web Proxy. You can configure the logging to use standard files or to go to a database for more detailed analysis, as well as configure the level of detail stored. To configure logging for Web Proxy, follow these steps:

  1. Open the Internet Information Services MMC snap-in and right-click Web Proxy. Choose Properties from the shortcut menu to open the Web Proxy Service Properties window for that server.

  2. Click the Logging tab, as shown in Figure 30-20.

    3. click to view at full size.

    Figure 30-20. The Logging tab of the Web Proxy Service Properties window.

  3. Make your configuration selections and click OK to accept the changes and close the window, or click Apply to simply apply the changes and leave the window open for further configuration changes. The available settings are as follows:

    • Enable Logging Using Regular or verbose format. Controls how much detail is logged.

    • Log To File Change the settings for file logging. Options are

      • Automatically Open New Log Daily, weekly, or monthly.

      • Limit Number Of Old Log Files To Set the number of log files to save.

      • Stop Service If Disk Is Full Stop the proxy service if the disk becomes full and you can't continue logging.

      • Log File Directory Location of log files.

    • Log To SQL/ODBC Database Allows connection to any SQL or ODBC data source. Options are

      • ODBC Data Source Name (DSN) The ODBC connection name.

      • Table The table in the data source to store the log information.

      • User Name The user name used to connect to the data source.

      • Password The password to use to connect to the data source.

Configuring WinSock Proxy

In addition to the general, shared, service-related parameters that you can configure for Proxy Server, you can also configure specific parameters for WinSock Proxy, including adding or editing the protocols that WinSock supports. You can also configure logging for WinSock Proxy and enable access control.

Configuring Protocols

Proxy Server comes with a variety of preconfigured protocols that are supported through the WinSock service. These include some 31 different protocols, including AOL, Finger, FTP, IMAP4, POP3, and RealAudio. You can edit the existing definitions, add additional ones, or remove ones you don't want to support on your network. To configure the protocols, follow these steps:

  1. Open the Internet Information Services MMC snap-in and right-click WinSock Proxy. Choose Properties from the shortcut menu to open the WinSock Proxy Service Properties window for that server.

  2. Click the Protocols tab, as shown in Figure 30-21.

    3. click to view at full size.

    Figure 30-21. The Protocols tab of the WinSock Proxy Service Properties window.

  3. To add a protocol, click the Add button to open the dialog box shown in Figure 30-22. Here you can define the settings for your new protocol, including the port, type of connection (TCP or UDP), the direction (Inbound or Outbound), and the range of ports that the protocol can spawn off to (port ranges for subsequent connections). When you have selected all your settings, click OK to return to the main WinSock Proxy Service Properties window.

    4. Figure 30-22. The Protocol Definition dialog box.

  4. To edit a protocol, highlight it and click Edit. A dialog box similar to Figure 30-22 opens, but now you'll see the existing settings as defined for the protocol. Make the necessary changes, and then click OK to return to the main WinSock Proxy Service Properties window.

CAUTION
Do not edit any of the well-defined protocols that are shipped with Proxy Server unless you know a great deal about TCP/IP and you know why you're changing any given protocol.

  1. To remove a protocol that you don't want to support on your network through the proxy server, highlight the protocol and click Remove.

  2. To load a previously saved list of protocols and their settings, click the Load button. Select the .WPC file that contains your protocol settings. The file is a pure ASCII file and can be viewed or edited with NotePad or another pure ASCII editor. Loading a .WPC file will replace your current list of protocols.

  3. To save your current protocol settings, click the Save button and then name the file. The current list of protocols will be saved with a .WPC extension. This file is a pure ASCII file and can be edited with NotePad or another ASCII editor.

  4. Once you've completed your protocol settings, click the Apply button to effect the changes and continue modifying the WinSock Proxy settings, or click OK to implement the changes and close the window.

Logging

By default, Proxy Server logs a variety of information about the use of WinSock Proxy. You can configure the logging to use standard files or to go to a database for more detailed analysis, as well as to configure the level of detail stored. Configuring logging for the WinSock Proxy service is very similar to configuring logging for the Web Proxy. To configure logging for the WinSock Proxy service, follow these steps:

  1. Open the Internet Information Services MMC snap-in and right-click WinSock Proxy. Choose Properties from the shortcut menu to open the WinSock Proxy Service Properties window for that server. Click the Logging tab, as shown in Figure 30-23.

    2. click to view at full size.

    Figure 30-23. The Logging tab of the WinSock Proxy Service Properties window.

  2. Make your configuration selections and click OK to accept the changes and close the window, or click Apply to simply apply the changes and leave the window open for further configuration changes.

The following settings are available:

  • Enable Logging Using Regular or verbose format. Controls how much detail is logged.

  • Log To File Change the settings for file logging. Options include

    • Automatically Open New Log Daily, weekly, or monthly.

    • Limit Number Of Old Log Files To Set the number of log files to save.

    • Stop Service If Disk Full Stop the proxy service if the disk becomes full and you can't continue logging.

    • Log File Directory Location of log files.

  • Log To SQL/ODBC Database Allows connection to any SQL or ODBC data source. Options include

    • ODBC Data Source Name (DSN) The ODBC connection name.

    • Table The table in the data source to store the log information.

    • User Name The user name used to connect to the data source.

    • Password The password used to connect to the data source.

REAL WORLD  Performance Monitoring
When you install Proxy Server on your Windows 2000 Server, it installs a preconfigured performance monitoring chart for use with the System Monitor MMC snap-in, as shown in Figure 30-24. You can use this chart to monitor the overall health and success of Proxy Server. For more on performance monitoring, see Chapter 32, "Monitoring and Tuning."

click to view at full size.

Figure 30-24. The Proxy Server Performance window.


Previous page
Table of content
Next page
Microsoft Windows 2000 Server Administrator's Companion, Vol. 1
Microsoft Windows 2000 Server Administrators Companion (IT-Administrators Companion)
ISBN: 1572318198
EAN: 2147483647
Year: 2000
Pages: 366
Authors: Charlie Russel, Sharon Crawford
BUY ON AMAZON
OpenSSH: A Survival Guide for Secure Shell Handling (Version 1.0)
Inside Network Security Assessment: Guarding Your IT Infrastructure
Lotus Notes and Domino 6 Development (2nd Edition)
Mastering Delphi 7
After Effects and Photoshop: Animation and Production Effects for DV and Film, Second Edition
AutoCAD 2005 and AutoCAD LT 2005. No Experience Required
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy