Northwestern University Proxy Server Information

Stu Baker stubaker at nwu.edu
Fri Jan 30 16:28:19 EST 1998 

At Northwestern we have been using Proxy Services for over a year. In
general it has worked well on the user end and for support and maintenance
on the backend. I have included a general description of the config and
services we currently use. Our Academic Technologies staff has re-written
proxy to allow us to use a secure server. This has two advantages 1) it
does need any browser configuration (they go directly to a URL instead
where they are authenticated). 2) It allows for Secure passing of the
passwords through SSL.

We have not gone into production on our home-grown proxy server at this
point although we will be doing this shortly. We need our library staff to
bang on it a bit longer with the new databases we have subscribed to. This
page is at <http://web-proxy.it-services.nwu.edu/>

General user information on the Northwestern University Proxy Server can be
obtained at:
	<http://www.library.nwu.edu/help/proxy/ >

The NU Proxy server is an HP 700 workstation model C160 with 128 MB RAM and
a 4GB disk drive (fast-wide).  We are running HPUX 10.20 for the operating
system.

The web proxy server is Netscape Proxy server.

Our NetID authentication is being handled by Kerberos 5 using an NSAPI that
was written by programmers at Northwestern. You can talk to Phil Tracy
<ptracy at nwu.edu> or Albert Steiner < a-steiner at nwu.edu > at Academic
Technologies about this if you need more info on how our NetID stuff works.

When we implemented our proxy server we bought a box that was a bit
oversized to allow for growth. Although the proxy server is seeing
increasingly more traffic the load on the machine is pretty light. In fact
the system administrators at our computing center who monitor such things
say it is "barely yawning".

Part of this is because we are using a Netscape Proxy Server and most of
the campus uses Netscape as their browser. The Netscape browser has an
auto-proxy configuration. This configuration lets the browser use a cached
file it gets from the proxy server (upon authentication) to determine if
they need to go through the proxy server. If the host (or database) is in
the cached file the browser redirects through the proxy server, otherwise
it goes directly to the URL. A very elegant solution indeed. Internet
Explorer and other web browsers do not  have this functionality which means
all requests go through the proxy server, whether they need to or not.

The proxy server now that it is setup is basically a no-brainer. We rarely
have to deal with it other than adding new hosts when we have a new
database added. There is one person from the Library  (me) and 1 one person
from Academic Technologies that basically support the server. Our Computing
Services folks take care of the operating system, backups, security and
performance monitoring on the machine. This model has worked very well.
Nobody working with a net on this one.

We are currently implementing a new method to provide proxy services. The
current proxy server does not use Secure Socket Layers (SSL), thus NetID
passwords are not being sent over the network securely. Also many of our
patrons who use proxy services are coming from corporate environments that
already require them to use their proxy server, thus they can't access
things through our proxy server. Our AT folks have writen a new proxy
server that uses SSL. We have just started using it so there is not much
feedback I can give you on this. This obviously means no browser
configuration and much simpler support structures.

^^^^^^^^^^^^^
* Stu Baker *
Multimedia Services Specialist
<mailto:stubaker at nwu.edu>
<http://stubaker.base.org>
voice: 847.467.1984

More information about the Web4lib mailing list