Slashdot Mirror

← Back to Stories (view on slashdot.org)

Reverse/Server-Side Proxy Caching for Windows?

Posted by Cliff on from the living-in-a-microsoft-world dept.

frooyo asks: "I'm an currently looking for a good reverse proxy caching solution (server-side caching) for the Windows platform. This would be used as a transparent proxy between the corporate website and the outside world. Products that I have seen available include: Microsoft ISA server, Squid for NT and some others. I'm not completely opposed to using a non-windows platform for this type of solution, but I would prefer a Windows solution. I need a product that handles middle-large numbers of current users (10-30) with easy on one server. Additionally features such as caching pools and easy handling of FTP connections (since this will be used as a 'transparent' proxy) would be a much needed benefit."

9 of 35 comments (clear)

  1. Squid is good by Earlybird · · Score: 5, Informative
    Squid is a very good, well-designed, highly configurable proxy server implementation. I have not gauged its performance against other implementations, but performance, at least on Linux, seems entirely reasonable. It is popularly used to cache Zope sites.

    Being a relatively ancient open-source Unix program, it adheres religiously to standards, and will correctly use headers such as Expires and Cache-Control to maintain cache coherence; Squid will correctly cache anything with a Last-Modified header.

    Additionally, it supports upstream commands allowing your web server to tell Squid to invalidate cache records when content changes; you can implement this easily in server-side languages such as PHP, Java or Python (Zope's caching machinery supports this transparently).

  2. Re:troll. by Anonymous Coward · · Score: 1, Informative

    More evidence to attest to this is calling 10-30 middle to large numbers. ?!? Mid to large for our systems is in teh several hundreds not 10-30. Well maybe for a microsoft product 10-30 is middle to large wouldnt know anymore havent used it in years. Maybe a P1 200 class machine with 256 mb of ram running FreeBSD and Squid is about right for this machine?

  3. Concurrent users by Earlybird · · Score: 2, Informative
    If your web server can't handle 10-30 users, a cache isn't going to help much.

    Depends on what the "web server" is; it might be expensive SQL stuff, for example. Or it might be a heavy-weight CMS thing; Plone's default skin gives me less than 10 hits/sec on a very fast SMP box, and the lack of speed is, amazingly, mostly in the templating system. This is a case where caching would help.

    10-30 concurrent users I interpret as meaning 10-30 requests per second. To put it in perspective: 10 req/s is 864,000 req/day. 30 req/s is 2,592,000 req/day. If every page in your system is 30 KB in size, then 10 req/s is equivalent to a constant bandwidth usage of 300 KB/s.

  4. ISA by skinfitz · · Score: 3, Informative

    If you want a Windows solution then ISA is the way to go.

    It will handle reverse web proxying along with providing transparent caching etc.

    It's also very very easy to set up.

    If you want more specific into, try Thomas Shinder's site http://isaserver.org

    1. Re:ISA by matt_wilts · · Score: 2, Informative

      >If you want a Windows solution then ISA is the way to go

      Squid is also available for Windows - I have an issue where my company will not under any means run Linux servers, however, they have agreed that I (network manager) can run certain Open Source apps.

      Under Windows, Squid seems to work ok - I'm running the test server on a Celeron 333, with 128M of memory & 2 gig of cache under Windows 2000 Professional (i.e. it doesn't need a Windows server). It's currently handling about a dozen pilot users perfectly adequately, but I have pushed about 900 users through it in early testing & it held up OK.

      Matt

  5. Novell's product by FistFuck · · Score: 2, Informative

    Check out iChain from Novell, it's relatively cheap and very fast. It's a reverse proxy appliance.

    It does much more that what you're looking for, but some of the multihoming functionality is incredibly handy.

    The per user licensing only matters if you use it to authenticate users.

  6. try xCache by Glog · · Score: 3, Informative

    Try xCache - I've used it before and it's quite good: http://www.xcache.com/home/default.asp

    Many Fortune 500 companies use it.

  7. Clearifications by frooyo · · Score: 4, Informative

    Yes, the article was meant to say concurrent users. And yes, the current website is driven by a large CMS where all pages are dynamic (all content resides in a database).

    So after some clearification, what are peoples experiences with ISA or Novell's Volera (which I have heard very good things about) and any other caching solution.

    Does /. use a caching server? If not, why not?

  8. Wholeheartedly Recommend ISA by seigniory · · Score: 4, Informative

    I have to say, I've been using ISA for 2+ years now and am very familiar with its capabilities & performance.

    ISA's proxying is great, but does cost $$$ on top of your Windows 2K licensing and Hardware. Here's the setup of every ISA box I've spec'd in teh last few months:

    1. Dell GX50 Celeron 1GHz, 1GB RAM, 20GB 7.2k RPM HD, Adaptec 4-port NIC. About $900
    2. Windows 2000 Server. About $800
    3. MS ISA Server. About $1100

    Total: about $2800

    That said, it's expensive for use as "just a proxy". ISA offers much much more which is why I recommend using it in a more fully featured fashion. If you're planning on leveraging the Firewall, VPN, Secure-NAT, and PPTP Pass through capabilities at the same time, by all means, I can't recommend a better small/medium business security device.

    (FWIW: ISA is the only commercial firewall I know that can do both PPTP and L2TP/IPSec in a NAT configuration with more than 1 connection at a time on the same external IP address - true that PIXs and similar ones can do PPTP through NAT, but you need a 1:1 mapping ratio for private to public IPs to do it. I've had over 150 private IPs set up simultaneous PPTPs through my ISA box on a single external IP, but I digress...)

    ISA's proxying is suprisingly fully-featured. Want to scan all uploads & download for viruses? No problem, ISA's got a ton of plugins. Want to harden security on a single box instead of 10 individual web servers? No problem, apply all kinds of rules to the proxy service and block or allow things at the file or even mime-type level. Want to use NT/AD user certificates on Apache or non-IIS servers? No problem... with Feature Pack 1, ISA will provide authentication based on all these and "non-MS-ize" the auth data to your backend servers. Want redundancy? Just add another ISA server in array mode - 2 boxes, single config point, double the performance,

    There's so many other ISA features to mention. I can't say enough good things about it. My only wish list item is better logging.