In today’s complex network architectures, sometimes it seems there are limitless ways to deploy networking equipment. While that may be the case for some networking gear, in actuality there are probably only a few proven deployment methodologies for web gateways that are effective and provide complete security. In this article, we’ll talk about the most four most common different types of web gateway deployments. Sometimes referred to as forward proxies; these devices are used to secure web access for an organization’s internal end-users. The three commonly used deployment scenarios for web gateways are: inline proxy, explicit proxy, transparent and SPAN port. Each one of these deployments has its advantages and disadvantages and we’ll discuss these as we explain each methodology over the next few days. We've already examined Inline and Explicit deployments. Today we'll look at Transparent deployments.
Transparent Deployment
Transparent Deployment allows a web gateway to be deployed in any network location that has connectivity (similar to explicit mode deployment), (See Figure 3) reducing the need for a configuration change to the network to implement. In addition, there’s no overhead of having to configure each end-user’s system, since the routing of HTTP and HTTPS traffic is typically done by the router or other network device. Transparent deployment is often used when an organization is too large for an inline deployment and does not want the added work and overhead needed for an explicit deployment. Most transparent deployments rely on Web Caching Communications Protocol (WCCP), a protocol supported by many network devices. Alternatively it’s also achieve Transparent Deployment using Policy Based Routing (PBR)
Transparent Deployment Advantages
The main advantages of deploying a web gateway in transparent mode, include: narrowing the amount of traffic processed by the proxy and the ability to more easily implement redundancy of the web gateway. In addition transparent deployment does not require changes to end-user systems.
Transparent Deployment Disadvantages
Transparent deployment does depend on the availability of either WCCP or PBR, and support for these by the web gateway. Typically support for these is available only on more sophisticated web gateways. Configuration can be trickier, as there typically needs to be compatibility between the supported versions of WCCP between the router and the web gateway. More in-depth network expertise is required to implement and deploy a transparent mode deployment, typically not a problem in larger organizations, but may be an issue for smaller organizations.
Tomorrow we'll look at SPAN port deployments
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment