Proceedings of the 6th National Conference; INDIACom-2012 Computing For Nation Development, February 23 – 24, 2012 Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi
Efficient Proxy Server Configuration and Management Partha Sarathi Paul1, Sudipta chakraborty2 and Debasish Jana3 1,2 Birla Institute of Technology Mesra, Kolkata 3 TEOCO Software Pvt Ltd, Kolkata 1 2
[email protected],
[email protected],
[email protected] ABSTRACT In today’s multifaceted enterprise scenario, a proxy server has an intricate responsibility to arrange proxy services for a huge enterprise network. Needless to say that it is hard to do the maintenance work effectively and efficiently alongwith the performance tuning work. Many proxy servers lack welldesigned tool for the management of its performance or capability. This is the motivation behind this work to design and implement GUI interfaces to manage the proxy server configuration and management efficiently. We have designed and implemented a visual interface to manage the work of the proxy server for specific IP, IP range as well as for restricted IP. KEYWORDS Proxy server, Web services, Access layer, ACL, XML. INTRODUCTION A proxy server [1][18] acts as an intermediary service provider that allows its clients to connect indirectly to the network to avail its services. While a client requests the proxy to avail a connection, a remote file or some other remote services, the proxy either provides the connection to the specified resource or serves through its cache. Specific alterations to request of the client or response from the server may also be done at the proxy level when the request or response passes through this mediator. Client proxy acts on behalf the client to avail the requested service from the designated remote server. Proxy server in the network plays an essential role where internet client and servers are incompatible or unauthorized to access the internet connection directly. For example, a client may be disallowed to meet the authentication requirements or security credentials to connect to the server directly but may require accessing some services. The system administrator may use the proxy server to disallow or allow with restricted access to certain undesirable sites. Caching [16] is another essential service provided by the proxy server [15] as this enables faster access to regularly visited or accessed web or other servers. Arlitt et al [3] discussed caching and performance issues, using several workload invariants to suggest performance enhancements applicable for Internet Web servers. Caching mechanism provided by the proxy server can serve cached response for repeated requests of same service. Since proxy server acts as an intermediary, all the client computers can access the internet via the IP address of the proxy, thereby,
number of client IPs are not exposed to the other end thus reducing security vulnerabilities at the client machines. Sometimes, enterprise computing needs centralized policies to apply to permit or revoke the access of internet connection across the organization or different groups or roles to have different access levels or permissions. In that case, the client may send the specific request to avail the requested internet service. At the proxy server end, it handles these requested services on behalf of actual internet server without violating enterprise policies as set forth. Number of computers and other devices like mobile phones, PDAs connected to LAN or wireless LAN through WiMax, WiFi etc can get access of internet or other specific server through a single IP address, which is the IP address of proxy server, to maintain and adhere to the enterprise policies. Our paper aims to explore the tradeoffs between traditional configuration management and GUI based access layer management so that the different types of resources on a proxy system can be used in a balanced fashion. The design goal is to reduce the traditional management load on the proxy but maintain the configuration by the use of PRM model which is an extended web service through the network. This goal is achieved by identifying, in service processes, intermediate steps at which separate business model can be used and the final result can be easily produced from the intermediate results. The proxy then offers to choose the required web service for individual business need. Cooper and Zmud [7], Fleischer et al [8], Lin and Yen [9] provided the essential motivation of the change management and adaptability of changing nature of requirements that should be kept in mid for the design philosophy of any software. Our approach is in same line of thinking for reusability as well as adaptability to other platforms. The rest of the paper is organized as follows. Section 2 Architectural foundation. Section 3 Related works on proxy sever configuration management. And Section 4 concentrate on design philosophy and implementation approach. Section 5 describes our web-based PRM model and discusses the implementation logic. Section 6 summarizes our work and concludes the paper. 2. ARCHITECTURAL FOUNDATION Our implementation architecture is based on open source platforms. Tornatzky and Fleischer [6] has talked about technological innovation and we have adopted open source variant of state-of-the-art innovative technologies. We have
Proceedings of the 6th National Conference; INDIACom-2012
implemented using HTML as front end to get the data from front end for specific IP, range of IP, restricted IP. Using JSP / Servlet, we process data at server end, which eventually link with MYSQL database where different tables are generated and data get transferred according to the business rule. Front-end requests are made by HTML and javascript is used for validation, and backend JSP is to fetch the data from MYSQL database. To use webservice, we use SOAP API and servlet to provide the service. For operating systems, we have used Linux. Our implementation architectural configuration is shown in Fig. 1.
Figure 1. Implementation architectural configuration Proxy servers work on the seventh layer (the Application Layer) of the OSI model, thus tending to be application dependent unlike firewalls that work at lower layers. They are also more difficult to install and maintain than firewalls, as proxy functions for each application protocol like HTTP, SMTP, or SOCKS must be configured individually. However, a properly configured proxy server improves network security and performance. Since proxy servers function at the OSI Application layer, their filtering capabilities are relatively intelligent. For example, proxy web servers can check the URL (Uniform Resource Locator) of outgoing requests for Web pages by inspecting HTTP, GET and POST messages. Using this feature, network administrators can bar access to illegal domains but allow access to other sites. Ordinary firewalls, in contrast, cannot see Web domain names inside those messages. Likewise, ordinary routers can filter incoming data traffic by port number or network address, but proxy servers can also filter based on application content inside the messages 3. RELATED WORKS Breslau et al [2] suggested a simple model for web requests to understand certain asymptotic properties of cache performance. Their results indicate that page requests show short-term correlations and other structures and their simple model for an independent request stream following a Zipf-like distribution is sufficient to capture the asymptotic properties observed at web proxies. Wang and Lee [17] emphasized the importance of proxy servers in load balancing and decreasing requests for duplicate file access requests especially in services like FTP and WWW. They incorporated peer-to-peer support in ordinary file transfer and caching mechanism to reduce unnecessary
processing time and storage. Through the location service, hosts requesting file services can dynamically determine if a copy is available and its current location [17]. Feng et al [19] studied Squid, the commonly used proxy caching server and found that a well-designed friendly interface tool was lacking to the management or evaluation of the performance or capability of the proxy server. They facilitated the administrators of the proxy cache server with aid of visual interface. Alonso and Casti [4] discussed service oriented architecture with protocols and composition representing the external specification and the internal implementation of a service. Business protocols define message exchange sequences supported by the service and complement the traditional IDL-like (or, in Web services, WSDL-like) interface definition by specifying constraints on the order in which service operations should be invoked [4]. Dedrick and West [5] emphasized on adoption of opensource platform and that brought our motivation for choosing opensource variants. Open source platform offers many choices of proxy servers e.g. Net Cache, CacheFlow, Netscape Proxy, Squid. Zhicong et al [10] stressed on the fact that in order to make some websites restrict access to the same IP address, two-level proxy server dynamic invocation system that they designed and implemented could be helpful. Their system can realize IP access to the website limited through the first-level proxy server and dynamic invoking the second-level proxy servers. Chang and Wu [11] proposed an architectural solution to integrate the Voice over Internet Protocol (VoIP) service to an existing ERP system to allow users to have real-time communication through the Internet. Zhou et al [12] analyzed the data stream movement of Squid.. Squid offers data stream splicing optimization ad splicing client and server socket, splicing local file cache and client socket, splicing server socket and local file cache. Data stream splicing helps eliminate data copies between user space and kernel space and also reduces translations of user virtual address to physical address thereby reducing mean response time and data transfer overheads and improved throughput of proxy servers. Gao et al [13] presented an algorithm called Window_EVR for the location dependent query (LDQ) proxy to compute the estimated validity region (EVR) for a window query result set. Their simulation results show that LDQ proxy caching significantly reduces both the window query response time and the database servers’ workload while maintaining accuracy at query result set. Narravula et al [14] showed through experimental results to tackle the multi-dependency issue in a data-centric environment efficiently and significantly outperform the existing approaches. Their results demonstrated that the load resilient architecture proposed by them can possibly improve the performance of loaded data-centers by over an order of magnitude. 4. DESIGN PHILOSOPHY AND IMPLEMENTATION APPROACH The proxy process is by nature semi-automated requiring creative tasks prior to a complete automation via a web interface. The process starts with people intensive tasks such as profiling
Efficient Proxy Server Configuration and Management
and understanding the portfolio and ACL segmentation goals that have to be performed off-line and with the help of analysts and consultants interacting with personnel from the service client. After the people intensive tasks are performed, the deployment and continued use of the ACL segmentation model by the service client can be completely automated and supported by an e-service that implements the IF-THEN-ELSE rules underpinning the PRM decision model. The PRM model implementation usually remains valid for years until a major event drives to reclassify the proxy database. Workflow of information in our implementation is shown in Fig. 2.
Figure 2. Workflow of information in our implementation 5. Proxy ACL segmentation & web-based PRM A typical Proxy ACL segmentation procedure includes the following stages: 1. Understanding Proxy ACL segmentation objectives: Each Proxy ACL segmentation task has segmentation objectives (e.g. maximize bandwidth, minimize cost) that serve the user needs. The understanding of user needs and Proxy ACL segmentation objectives is the first step of a Proxy ACL segmentation procedure. 2. Deciding what data should be collected and where it can be collected: Proxy data is available throughout the enterprise and stored in various databases. Some data are valuable for Proxy ACL segmentation whereas some are not. Hence it is necessary to consider what data should be collected and where it can be collected. 3. Integrating and cleaning collected data: The data collected from various databases is frequently inconsistent. Some data may also miss values in certain fields. Hence the collected data needs to be integrated and cleaned. 4. Deciding on the methods and technologies used for segmenting the data: e.g. statistical methods, online analytical processing (OLAP), and data mining, can be used for Proxy ACL segmentation. Each method or
5.
technology has its own advantages and disadvantages. Therefore the selection of the segmentation method is a major consideration for a segmentation operation. Implementing the applications and tools for segmentation: After the Proxy ACL segmentation method has been chosen, the corresponding applications and tools, which implement the chosen segmentation method, will be employed for data segmentation in this stage.
Web services impact on PRM and ACL segmentation In today's competitive business environment, the ability to effectively and efficiently manage the flow of information is a vital competency. Enterprises must be able to integrate their internal business processes horizontally and vertically, and they are increasingly required to support federated business processes and integrate application silos in existing information systems. Web Services, as an emerging form of the service-oriented architecture for distributed computing, have the potential to simplify the integration task and allow companies to “stitch” together many different application components. There are two important reasons driving businesses to use web services: Web services allow independent businesses with heterogeneous IT platforms to connect and collaborate with each other across the Internet. New business partnerships can be constructed dynamically and automatically, since web services ensure complete interoperability between systems. The collection of these services is called a Service Oriented Architecture (SOA). Web services allow disparate systems within an enterprise, e.g. financial systems and CRM systems, to communicate with ease. Web services also make the integration of legacy information systems into new generation information systems become feasible. Legacy systems can be wrapped in a web service facade without changing the way customers access the service. The process of creating an integrated infrastructure for linking disparate systems, applications, and data sources across the corporate enterprise is known as Enterprise Application Integration (EAI). Proxy ACL segmentation process design Figure 2 illustrates the key features of the proposed ACL segmentation process. In the segmentation process, a website acts as the service front-end for the segmentation services provider. To request a specific segmentation function, a business client needs to submit a segmentation requirements file and a sample training dataset in XML format through the website following model. After a successful parsing of the XML input files, the staff of the segmentation service provider will analyze the requirements and the sample dataset, and then configure a suitable web service to fulfill the requested segmentation function according to the user’s requirements.
Proceedings of the 6th National Conference; INDIACom-2012
There are five process roles involved in the designed process. These five process roles are: service client, PRM consultant, database administrator, ACL segmentation specialist, and programmer. Service clients are the business clients who request customized ACL segmentation applications to segment their customers. PRM consultants, database administrators, segmentation specialists, and programmers, are the staff. They are responsible for providing the requested customized segmentation services to clients. The sequence of the designed process to provide a requested customer segmentation application can be described as follows: The process begins with the request of a business client for a customized customer segmentation application to classify his/her customer data. To request a desired segmentation application, the client needs to submit his/her segmentation requirements and a XML file containing his/her sample customer data through the ACL segmentation services website. In the segmentation requirements, the service client may state out how he/she wants to segment his/her customers, which segmentation technique he/she wants to employ to classify his/her customer data, how accurate the segmentation results should be, and so on. Regarding the sample customer dataset, it is used for performing data classification, so that appropriate segmentation algorithms can be identified to construct the requested segmentation application based on the client’s segmentation requirements. When the client submits the sample dataset, he/she also needs to provide a document which contains the description of the attributes in the sample dataset. Once the client submits his/her segmentation requirements to the system, the system will create a document recording the client’s segmentation requirements. PRM consultants in the back-office of the Service Provider will analyze the client’s requirements. The PRM consultants are experts familiar with PRM and ACL segmentation. They can provide professional advice on customer segmentation to service clients. If PRM consultants consider the ACL segmentation requirements are unreasonable or unachievable (e.g. the client requires a data mining algorithm - based segmentation application that can classify his new customer data with 100% accuracy.), they will contact the client to negotiate the requirements, so that they can achieve an agreement on the revised segmentation requirements. ACL process implementation Before the client can use the customized segmentation application, he needs to submit his segmentation requirements and his sample customer data through the customization webpage in the portal. After the user fills in the requirements form in the customization webpage and clicks the submit button to submit his sample customer data, a function will be invoked to upload the data file to the server and to create a document which records the requirements information provided by the user. The creation of the requirements document marks the prelude to the
construction process of the customized segmentation service in the back-office. After successful implementation we got the following xml code which ultimately used by webservice. JSP Page 7 1100.100.100.100a1hqwindowsr12100. 120.34.45a2 hqwindowsr1 6. CONCLUSION AND FUTURE SCOPE We explored the tradeoffs between traditional configuration management and GUI based access layer management to use different types of resources on a proxy system in a balanced fashion. Our goal is to reduce the traditional management load on the proxy but maintain the configuration by the use of PRM model which is an extended web service through the network.We designed and implemented visual interfaces tool on configuration management of proxy server for particular IP, a range of IP, the restricted IPs. We plan to extend this work to implement on proxy server with other access parameters like date, time, shift, host name etc. For operating systems, we have used Linux, however, Windows TM has no problem either. Our architectural framework is adaptable to using ASP.Net with Dot Net framework 4.0 too, In future, we may adapt to smart phone mobile device platform like Android as future implementation. REFERENCES [1] Jussara Almeida and Pei Cao. 1998. Measuring proxy performance with the Wisconsin Proxy benchmark. Comput. Netw. ISDN Syst. 30, 22-23 (November 1998), 2179-2192. [2] L.Breslau, P.Cao, L.Fan, G.Phillips, and S.Shenker, “Web Caching and Zipf-like Distributions: Evidence and Implications,” Technical Report 1371, Computer Sciences Dept, Univ. ofWisconsin-Madison, April 1998. [3] Martin F. Arlitt and Carey L. Williamson. 1996. Web server workload characterization: the search for invariants. In Proceedings of the 1996 ACM SIGMETRICS international conference on Measurement and modeling of
Efficient Proxy Server Configuration and Management
[4]
[5]
[6] [7]
[8]
[9]
[10]
[11]
[12]
[13]
[14]
computer systems (SIGMETRICS '96), Blaine D. Gaither (Ed.). ACM, New York, NY, USA, 126-137. G. Alonso and F. Casati, “Web Services and ServiceOriented Architectures”, In Proceedings of the 21st International Conference on Data Engineering, 2005 (ICDE 2005) J. Dedrick and J. West, “An Exploratory Study into Open Source Platform Adoption,” Proceedings of the 37th Annual Hawai‘i International Conference on System Sciences, Waikoloa, Hawaii (Jan. 2004). Tornatzky, L. G. and Fleischer, M., The Processes of Technological Innovation, Lexington Books, Mass., 1990. Cooper R. B., and Zmud R. W., “Information technology implementation research: a technological diffusion approach,” Management Science, Vol. 36, 1990, pp. 123140. Fleischer, M., Wiarda, E., and Rocco, D., “The Context for Change: Organization, Technology and Environment,” In The processes of technological innovation, Tornatzky, Louis G. and Fleischer, Mitchell (Eds.), Lexington, Mass.: Lexington Books, 1990, pp. 151-175. Lin R, Yen D C. “Customer relationship management: an analysis framework and implementation strategies”. Journal of Computer Information Systems, No. 4, 2001, pp . 82-97. Qian Zhicong, Luo Delin, Gao Qinquan, Chen Haiping, He Jialong, and Wu Shunxiang. 2009. Design and Implementation of Two-Level Proxy Server Dynamic Invocation System. In Proceedings of the 2009 International Conference on Information Management, Innovation Management and Industrial Engineering Volume 03 (ICIII '09), Vol. 3. IEEE Computer Society, Washington, DC, USA, 555-558. ChingChen Chang and Quincy Wu. 2008. Design and Architecture of a Portable User Agent in SIP Collaboration Systems. In Proceedings of the 2008 Third International Conference on Internet and Web Applications and Services (ICIW '08). IEEE Computer Society, Washington, DC, USA, 273-278. Jingli Zhou, Jifeng Yu, and Hongtao Xia. 2006. Data Stream Splicing for Web Proxy Cache Optimization. In Proceedings of the Japan-China Joint Workshop on Frontier of Computer Science and Technology (FCST '06). IEEE Computer Society, Washington, DC, USA, 5459. Xing Gao, John Sustersic, and Ali R. Hurson. 2006. Window Query Processing with Proxy Cache. In Proceedings of the 7th International Conference on Mobile Data Management (MDM '06). IEEE Computer Society, Washington, DC, USA, pp. 39 S. Narravula, P. Balaji, K. Vaidyanathan, H.-W. Jin, and D. K. Panda. 2005. Architecture for caching responses with multiple dynamic dependencies in multi-tier datacenters over InfiniBand. In Proceedings of the Fifth IEEE International Symposium on Cluster Computing and the
[15]
[16]
[17]
[18]
[19]
Grid - Volume 01 (CCGRID '05), Vol. 1. IEEE Computer Society, Washington, DC, USA, 374-381. Keqiu Li and Hong Shen. 2004. Optimal Placement of Web Proxies for Tree Networks. In Proceedings of the 2004 IEEE International Conference on e-Technology, eCommerce and e-Service (EEE'04) (EEE '04). IEEE Computer Society, Washington, DC, USA, 479-486. B. Shen. 2003. Meta-caching and meta-transcoding for server-side service proxy. In Proceedings of the 2003 International Conference on Multimedia and Expo Volume 2 (ICME '03), Vol. 2. IEEE Computer Society, Washington, DC, USA, 457-460. Jenq-Haur Wang and Tzao-Lin Lee. 2002. Peer-to-Peer Support for File Transfer and Caching Mechanism. In Proceedings of the Third IEEE Pacific Rim Conference on Multimedia: Advances in Multimedia Information Processing (PCM '02), Yung-Chang Chen, Long-Wen Chang, and Chiou-Ting Hsu (Eds.). Springer-Verlag, London, UK, UK, 944-951. Wikipedia article on Proxy Server, http://en.wikipedia.org/wiki/Proxy_server, Accessed in December 2011 S. Feng, J. Zhang and B, Zeng, “Design of the Visualized Assistant for the Management of Proxy Server”, In Proceedings of 2010 Third International Symposium on Electronic Commerce and Security, pp 204-208.
