Blue Coat Systems. Client Manager Redundancy for ProxyClient Deployments



Similar documents
Blue Coat Systems. PacketShaper Redundant Setup

Blue Coat Systems. Reference Guide. WCCP Reference Guide. For SGOS

ProxySG 510/810 Series. Hard Disk Drive Installation

Blue Coat Systems Cloud Security Service Overview. Blue Coat Cloud Security Service (ThreatPulse)

Blue Coat Security First Steps Transparent Proxy Deployments

Blue Coat Security First Steps. Solution for HTTP Object Caching

Blue Coat Security First Steps Solution for Controlling HTTPS

Blue Coat Security First Steps Solution for Deploying an Explicit Proxy

Decrypt Inbound SSL Traffic for Passive Security Device (D-H)

SNMP Monitoring with Cacti

Using PacketShaper to Control Bring Your Own Device Traffic

Blue Coat Systems. Reference Guide. WCCP Reference Guide. For SGOS 5.3

Blue Coat Security First Steps Solution for Streaming Media

Blue Coat Systems ProxySG Appliance

Blue Coat Security First Steps Solution for Controlling Web Applications

Blue Coat Systems ProxySG Appliance

Initial Configuration Guide

Blue Coat Systems SG Appliance

SolarWinds Technical Reference

Blue Coat Systems. Reference Guide. SSL Proxy. For SGOS 5.5.x and later

Blue Coat Security First Steps Solution for Recording and Reporting Employee Web Activity

Reverse Proxy with SSL - ProxySG Technical Brief

Blue Coat Systems Reporter 9.x

AKIPS Network Monitor User Manual (DRAFT) Version 15.x. AKIPS Pty Ltd

WAN OPTIMIZATION FOR MICROSOFT SHAREPOINT BPOS

SolarWinds Technical Reference

ProxySG TechBrief Implementing a Reverse Proxy

Blue Coat ICS PROTECTION Scanner Station Version

Blue Coat Systems ProxySG Appliance

Blue Coat Security First Steps Solution for Integrating Authentication Using LDAP

Blue Coat Security First Steps Solution for Integrating Authentication

SOLARWINDS ORION. Patch Manager Evaluation Guide for ConfigMgr 2012

Remote Firewall Deployment

A TECHNICAL REVIEW OF CACHING TECHNOLOGIES

Web Application Classification Feature

Configuring and Integrating JMX

How To - Configure Virtual Host using FQDN How To Configure Virtual Host using FQDN

Contact Information. Document Number: Document Revision: SSL Proxy Deployment Guide SGOS 5.1.4

MailMarshal SMTP in a Load Balanced Array of Servers Technical White Paper September 29, 2003

DameWare Server. Administrator Guide

ProxySG ICAP Integration

SECURE WEB GATEWAY DEPLOYMENT METHODOLOGIES

HTTPS HTTP. ProxySG Web Server. Client. ProxySG TechBrief Reverse Proxy with SSL. 1 Technical Brief

ProxySG TechBrief Downloading & Configuring Web Filter

SolarWinds Scalability Engine Guidelines for SolarWinds Products Technical Reference

Deploying the SSL Proxy

SolarWinds Migrating SolarWinds NPM Technical Reference

Implementing Exception Pages

SolarWinds Technical Reference

axsguard Gatekeeper Internet Redundancy How To v1.2

Dell One Identity Cloud Access Manager How To Deploy Cloud Access Manager in a Virtual Private Cloud

Secure Web Gateway 11.7 Upgrade Release Notes

SolarWinds. Packet Analysis Sensor Deployment Guide

Migrating Cirrus. Revised 7/19/2007

Web Security Firewall Setup. Administrator Guide

Configuring WMI on Windows Vista and Windows Server 2008 for Application Performance Monitor

Using SolarWinds Log and Event Manager (LEM) Filters and Alerts

Dell One Identity Cloud Access Manager How to Configure for High Availability

Reverse Proxy Deployment Guide

IWA AUTHENTICATION FUNDAMENTALS AND DEPLOYMENT GUIDELINES

Blue Coat Data Loss Prevention Appliance Administrator s Guide. Model DLP700/DLP1700/DLP2700 Release 8.0

Blue Coat ProxySG Authentication Guide. SGOS 6.5.x

Downloading and Configuring WebFilter

NEXT GENERATION SECURE WEB GATEWAY: THE CORNERSTONE OF YOUR SECURITY ARCHITECTURE

Dell One Identity Cloud Access Manager How to Configure vworkspace Integration

Blue Coat Systems K9 Web Protection

Configuring and Implementing A10

Blue Coat Systems. Reference Guide. SSL Proxy. For SGOS 5.3.1

Symantec Enterprise Vault Technical Note

Application Note: GateManager Internet requirement and port settings

Proxy Forwarding Access Method

SolarWinds Orion Integrated Virtual Infrastructure Monitor Supplement

Internet Redundancy How To. Version 8.0.0

Blue Coat Systems SG Appliance

PANO MANAGER CONNECTOR FOR SCVMM& HYPER-V

Using SolarWinds Orion for Cisco Assessments

Copyright 2015 SolarWinds Worldwide, LLC. All rights reserved worldwide. No part of this document may be reproduced by any means nor modified,

Symantec Mail Security for Microsoft Exchange Management Pack Integration Guide

Blue Coat Systems ProxySG Appliance

Blue Coat Systems SG Appliance

WAN Optimization for Microsoft SharePoint BPOS >

Overview of WebMux Load Balancer and Live Communications Server 2005

Proxy Forwarding Access Method

Content Analysis System Guide

Resonate Central Dispatch

SolarWinds Technical Reference

SolarWinds Technical Reference

IDENTIKEY Appliance Administrator Guide

AKIPS Network Monitor Installation, Configuration & Upgrade Guide Version 15. AKIPS Pty Ltd

SNMP Critical Resource Monitoring

The Art of High Availability

SolarWinds Technical Reference

Configuring and Integrating Oracle

Symantec Endpoint Protection 11.0 Architecture, Sizing, and Performance Recommendations

VIRTUALIZED SECURITY: THE NEXT GENERATION OF CONSOLIDATION

EMC Data Domain Management Center

Web Application Hosting Cloud Architecture

Symantec Security Information Manager 4.8 Release Notes

Transcription:

Blue Coat Systems Client Manager Redundancy for ProxyClient Deployments

Copyright 1999-2013 Blue Coat Systems, Inc. All rights reserved worldwide. No part of this document may be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the written consent of Blue Coat Systems, Inc. All right, title and interest in and to the Software and documentation are and shall remain the exclusive property of Blue Coat Systems, Inc. and its licensors. ProxyAV, ProxyOne, CacheOS, SGOS, SG, Spyware Interceptor, Scope, ProxyRA Connector, ProxyRA Manager, Remote Access and MACH5 are trademarks of Blue Coat Systems, Inc. and CacheFlow, Blue Coat, Accelerating The Internet, ProxySG, WinProxy, PacketShaper, PacketShaper Xpress, PolicyCenter, PacketWise, AccessNow, Ositis, Powering Internet Management, The Ultimate Internet Sharing Solution, Cerberian, Permeo, Permeo Technologies, Inc., and the Cerberian and Permeo logos are registered trademarks of Blue Coat Systems, Inc. All other trademarks contained in this document and in the Software are the property of their respective owners. BLUE COAT SYSTEMS, INC. AND BLUE COAT SYSTEMS INTERNATIONAL SARL (COLLECTIVELY BLUE COAT ) DISCLAIM ALL WARRANTIES, CONDITIONS OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON SOFTWARE AND DOCUMENTATION FURNISHED HEREUNDER INCLUDING WITHOUT LIMITATION THE WARRANTIES OF DESIGN, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL BLUE COAT, ITS SUPPLIERS OR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY EVEN IF BLUE COAT SYSTEMS, INC. HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Americas: Rest of the World: Blue Coat Systems, Inc. Blue Coat Systems International SARL 420 N. Mary Ave. 3a Route des Arsenaux Sunnyvale, CA 94085 1700 Fribourg, Switzerland Document History Date Version Note January 15, 2013 v0.1 Initial release

Contents Introduction... 1 Scenario... 1 Requirements... 2 Configuration Steps... 3 Advanced Features... 5 DNS Round Robin... 5 Conclusion... 5 Appendix... 6 Configuring DNS Round Robin... 6 About Technical Briefs... 6 iii

List of Figures Example of a ProxyClient deployment... 1 Client Manager dialog... 3 Update URL... 3 Configuration tab - Configuring Acceleration and ADN... 4 Configuration tab - Configuring Web filtering... 4 iv

Introduction ProxyClient is Blue Coat s remote user solution for WAN Optimization and basic Web Filtering. ProxyClient allows organizations to give remote users access to network resources with LAN-like performance, even when those users are connecting from outside the corporate network, for example, home, customer, or business-partner offices. This access is typically over the Internet using a VPN. ProxyClient can also enforce a per-user Web Filtering policy. Deployments make use of a ProxyClient Manager, which acts as a central repository for configuration files and software. In most scenarios, the ProxyClient polls the Manager periodically to check for configuration or software version changes. The Manager must therefore be accessible to all deployed ProxyClients. In the case of a large deployment with hundreds of ProxyClients, Manager availability becomes very important. This document describes how to increase the reliability and scalability of ProxyClient deployments using multiple Client Managers. Scenario When a ProxyClient Manager is configured, it creates an installation package that includes the ProxyClient application itself and an associated XML configuration file. The installation package is published on the Manager by default over HTTPS on TCP port 8084, for example: https://ip.address.of.manager:8084/proxyclient/ ProxyClientSetup.exe. This URL is configurable, and can be either an IP address or a DNS address; it is included in the XML configuration file so that the ProxyClient has the location of the Manager. The package can be obtained from this location for installation, and after the ProxyClient is installed and active, it polls the Manager to check for changes. If necessary, it will then download updated software or configuration. Figure 1 1 Example of a ProxyClient deployment In a typical scenario, an organization deploying a ProxyClient for WAN Optimization must include a Client Manager at the data center, and make this available on the Internet so that roaming users can always obtain updates from any location. This requires the Client Manager s IP address to be available on the 1

Requirements Internet, most likely with a static NAT address configured on the firewall. Alternatively, the Client Managers can only be made accessible internally, and require VPN connectivity for updates. For high availability, it is necessary to deploy at least two Client Managers with identical ProxyClient configurations, and some form of load balancing to distribute update requests to each device. These appliances can be located at the same data center or at different data centers, depending on the network architecture. This could also be a good way to achieve scalability for large deployments. The simplest way to do this is to configure the Client Managers to publish a DNS address based update URL, and then use DNS Round Robin to distribute ProxyClient requests between the Managers. Alternatively, a hardware load-balancer can be used. In the case of geographically distributed deployments, Global Server Load Balancing can be employed to direct users to Client Managers. The key point in each of these scenarios is that the ProxyClient Managers are accessible through a single DNS name, and the ProxyClient configuration on each Manager is identical. This configuration guide includes the following assumptions: The ProxySG appliances that will be used as Managers are already configured and running on the network. For ProxyClient acceleration functionality, an ADN should already be configured and an ADN Manager assigned, since an ADN Manager is mandatory for ProxyClient ADN. If Web Filtering capabilities are required, then the following requirements must also be met: The device must be licensed as a Full Proxy Edition. Blue Coat Web Filter must be installed on the designated ProxyClient Managers. Blue Coat Web Filter must be licensed for the appropriate number of users. Refer to the following documents, which are available at: https://bto.bluecoat.com/ ProxyClient Administration and Deployment Guide SGOS Administration Guide Acceleration WebGuide An ADN Manager can be the same device as a ProxyClient Manager, but dedicated devices should be used if many (for example, hundreds) ProxyClients are envisaged. 2

Configuration Steps There are no specific software requirements, although it is recommended that the latest release of SGOS be used on the Client Managers, whether that version is in the SGOS 5.x or SGOS 6.x code stream. It is also important to use the latest ProxyClient image. All Managers should ideally have the same SGOS and ProxyClient version installed. For more information on recommended SGOS releases and ProxyClient images, go to https://bto.bluecoat.com/ Complete the following procedure to configure the Client Managers. Procedure: 1. From the ProxySG Management Console, select Configuration > ProxyClient > General > Client Manager. (See Figure 1 2.) 2. Select the Enable Client Manager check box. 3. Select Use Host and specify the client update URL in the field provided. The example is using client-mgr.company.com. Figure 1 2 Client Manager dialog 4. Click Apply to activate changes. The update URL is now reflected in the configuration. (See Figure 1 3.) Figure 1 3 Update URL 5. If required, define locations and behaviors from the Locations tab. 6. (Optional) Enable Acceleration. 3

a. From the ProxyClient Management Console, select Configuration > ProxyClient > Acceleration > General. (See Figure 1 4.) b. Select the Enable Acceleration check box. c. Specify Primary and Backup ADN Manager IP address. d. Click Apply to activate changes. Figure 1 4 Configuration tab - Configuring Acceleration and ADN 7. (Optional) Configure any other parameters from the ADN Rules and CIFS tabs. 8. (Optional) Enable Web Filtering. a. From the ProxyClient Management Console, select Configuration > ProxyClient > Web Filtering > Policy. (See Figure 1 5.) b. Select the Enable Web filtering check box. c. Define the Filtering policy. d. Click Apply to activate changes e. Check the Exceptions and Log tabs, then make any necessary adjustments, as required. Figure 1 5 Configuration tab - Configuring Web filtering 4

9. You must repeat steps 1 8 on all other designated Client Managers. 10. Update the externally published DNS zone to reflect the Client Update URL specified in step 3 above. Note: It is vital that any future ProxyClient configuration changes be replicated across all Managers to ensure consistent behavior. This can be done manually or through the use the Blue Coat Director. Other tools might also be available. For more information, contact your local Blue Coat sales representative. Advanced Features Conclusion DNS Round Robin DNS Round Robin is a simple way to distribute requests across multiple Managers. One potential issue, however, is that DNS Round Robin doesn t cater to device failures. Therefore, if a Manager become unavailable, DNS won t immediately reflect this. As a result, ProxyClients could make requests to a device that cannot respond. A workaround is to use the built-in failover capabilities of the ProxySG appliance (SGRP) to share Virtual IP addresses among devices. Thus, a device has a primary address that is referenced in DNS that acts as a backup for any secondary addresses. If a device fails, its primary address automatically becomes available on another device, thus providing seamless failover from a ProxyClient perspective. This can be useful in providing continuous service temporarily until the failed device is brought back online. For more information, refer to the following: See "Configuring DNS Round Robin" on page 6 for a sample configuration. Go to https://kb.bluecoat.com for information on configuring failover and its suitability when used with different applications. Client Managers perform a vital role in enabling functionality for remote users, and when robust and scalable deployments are desirable. DNS Round Robin is a simple way to achieve this high availability, and is straightforward to configure. Additional resilience can be provided by configuring ProxySG appliance Failover. Alternatives to DNS Round Robin are Global Server Load Balancing and Hardware Load Balancers. 5

Appendix Configuring DNS Round Robin DNS Round Robin requires that each relevant Client Manager IP address be configured against the same DNS A-Record. In this case, each request for the Client Update URL would resolve to the different IP addresses in sequence, thus distributing requests across the various Client Managers. For example: ; Client Manager definitions for ProxyClient client-mgr IN A 192.168.0.1 ; mgr1 IN A 192.168.0.2 ; mgr2 IN A 192.168.0.3 ; mgr3 About Technical Briefs Technical briefs are designed to illustrate the features and capabilities of Blue Coat products. By describing generic solutions, technical briefs provide a foundation that Blue Coat customers can use to understand how Blue Coat products can be used to solve specific problems. These technical briefs are not intended to solve customer-specific requests; if you need a customized solution to address a specific concern, contact Blue Coat Professional Services at Professional.Services@bluecoat.com. 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information