proxy server

In an enterprise that uses the Internet, a proxy server is a server

that acts as an intermediary between a workstation user and the
Internet so that the enterprise can ensure security, administrative
control, and caching service. A proxy server is associated with or
part of a gateway server that separates the enterprise network from
the outside network and a firewall server that protects the
enterprise network from outside intrusion.
A proxy server receives a request for an Internet service (such as a
Web page request) from a user. If it passes filtering requirements,
the proxy server, assuming it is also a cache server , looks in its
local cache of previously downloaded Web pages. If it finds the
page, it returns it to the user without needing to forward the request
to the Internet. If the page is not in the cache, the proxy server,
acting as a client on behalf of the user, uses one of its own IP
addresses to request the page from the server out on the Internet.
When the page is returned, the proxy server relates it to the original
request and forwards it on to the user.
To the user, the proxy server is invisible; all Internet requests and
returned responses appear to be directly with the addressed
Internet server. (The proxy is not quite invisible; its IP address has
to be specified as a configuration option to the browser or other
protocol program.)
An advantage of a proxy server is that its cache can serve all users.
If one or more Internet sites are frequently requested, these are
likely to be in the proxy's cache, which will improve user response
time. In fact, there are special servers called cache servers. A proxy
can also do logging.
The functions of proxy, firewall, and caching can be in separate
server programs or combined in a single package. Different server
programs can be in different computers. For example, a proxy
server may in the same machine with a firewall server or it may be
on a separate server and forward requests through the firewall.

This article contains important information

about Microsoft Proxy Server installation
requirements. For more information, please
review Chapter 2 of the Microsoft Proxy
Server online documentation.

Hardware Requirements

Microsoft Proxy Server has the same

hardware requirements as Microsoft
 Windows NT Server version 4.0. For more
information, see the documentation for
Windows NT Server version 4.0.

Software Requirements

The following programs must already be

installed on the server computer before
Microsoft Proxy Server can be installed:

• Microsoft Internet Information

Server version 2.0
• Microsoft Windows NT Server
version 4.0
• Microsoft Windows NT Server
4.0 Service Pack 1 (provided on the
Microsoft Proxy Server compact disc)

The server computer can be configured as a stand-alone server, a

primary domain controller (PDC), or a backup domain controller
(BDC). However, for the highest security level and the best
performance, it is recommended that you install Microsoft Proxy
Server on a computer configured as a stand-alone server. For more
information about member servers, PDCs, and BDCs, see the
documentation for Windows NT Server.

For best cache performance, it is strongly recommended that at

least one disk drive on the server computer be configured as a
Windows NT File System (NTFS) volume.

Before you install Microsoft Proxy Server,

complete the following tasks:

Verify your software configuration:

1. Verify that Microsoft Windows

NT Server 4.0 Service Pack 1 is
installed.
2. Verify that Microsoft Internet
Information Server 2.0 is installed.
3. Verify that TCP/IP is installed on
the server.

Verify your hardware configuration:

1. Setting Up the Disk Drives

Microsoft Proxy Server can be

installed on computers that have their
hard disks configured as file allocation
table (FAT) or NTFS volumes.
However, for security and
performance, it is recommended that
at least one of the server's hard disks
be configured as an NTFS volume.

Features that NTFS volumes provide

(and FAT volumes do not) include:

o A maximum file size of up

to 64 gigabytes (GB),
depending on the size of the
disk clusters.
o Integration with Windows
NT Server security to control
and audit file, share, and
directory access.
o An Activity log that you
can use to restore the disk in
the event of a power failure or
other problem.
o Support for flexible per-
file compression.

The Web Proxy service of Microsoft

Proxy Server stores cached Internet
objects on one or more of the server's
disk drives. The particular disk drives
used for this purpose are selected
during installation. For best cache
performance, it is strongly
recommended that you configure all
drives that have space allocated to
the cache as NTFS drives.

If your current server disk volume is

formatted to use FAT partitions, you
can convert these partitions to NTFS
(before or after installing Microsoft
Proxy Server) using the Convert
program included with Windows NT
Server. Convert does not overwrite
data on the disk. For more
information about using this program
to convert FAT volumes to NTFS
volumes, see your documentation for
Windows NT Server, or type
"convert/?" (without the quotation
marks) at the command line in the
Command Prompt window.

2. Setting Up the Network Adapter

Cards

Before you install Microsoft Proxy

Server, verify that network adapter
cards are installed and configured
properly. To create a secure
configuration, the Microsoft Proxy
Server computer must have at least
one network adapter card connected
to the private network, plus one
network adapter card, modem, or
integrated services digital network
(ISDN) adapter to connect to the
Internet.

You should install the network

adapter cards in your server computer
before installing Microsoft Proxy
Server. For more information on
installing network adapter cards, refer
to documentation provided with your
adapter cards. Once the adapter cards
are installed, you can use the
Network Control Panel to configure
each card.

To configure additional network

adapter cards, perform the following
steps:

1. Open Control Panel.

2. Double-click the Network icon,
and then click the Adapters tab.
3. Click the Add button to add the
additional network adapter
card.
 To configure TCP/IP settings for
internal and external network adapter
cards, perform the following steps:

4. Set TCP/IP protocol bindings for

the external network adapter
card.

Set the binding to TCP/IP, so

that it can communicate over
the Internet. When binding this
network card to TCP/IP, you are
prompted for the card's Internet
Protocol address. This address
is usually supplied by your
Internet Service Provider (ISP).

If the external network adapter

card will be used to connect to
the Internet, it must be bound
only to the TCP/IP protocol. In
particular, do not bind IPX/SPX
or NetBEUI to the externally
connected cards.
5. Set protocol bindings for the internal network adapter
card.

If the server will be running the Web Proxy service, the

network adapter card connected to the private network
must be bound to TCP/IP. If the server will be running
the WinSock Proxy service, the network adapter card
connected to the private network can be bound to
TCP/IP, IPX/SPX, or both.

NOTE: You can choose to implement Microsoft Proxy

Server on a server that has only one network adapter
card. You can use this configuration primarily to provide
limited proxy service in the following ways:

 Caching service for

internal Web Proxy
clients.
 n IP application-level
gateway to support
internal IPX clients that
use the WinSock Proxy
service.
 6. Use one default IP gateway.

A Microsoft Proxy Server

computer should have only one
IP default gateway. The IP
address of the default gateway
should be configured on the
external network adapter card
only.
7. Disable dynamic host configuration protocol (DHCP) for
the adapter cards.

Use static IP addresses on the adapter cards. DHCP will

attempt to reset the IP default gateway you selected for
Microsoft Proxy Server.
2. Setting Up a Modem or ISDN
Adapter

RAS and Microsoft Proxy Server

ith Microsoft Proxy Server, you can

use the Windows NT Server Remote
Access Service (RAS) dial-out client to
connect to an ISP. RAS dial-out
requires the use of at least one of the
following on the Server computer:

o Modem - You can install

one or more modems. High-
speed modems, such as 28.8
Kbps modems, are
recommended.
o ISDN adapter - If you are
using an ISDN line and have
signed up for the ISDN service
option with an ISP, install an
ISDN adapter.

When selecting any hardware for use

with a dial-up network connection,
check the Windows NT Hardware
Compatibility List to confirm that the
modem or adapter you are purchasing
is supported. Microsoft has tested the
modems and ISDN adapters on this
list for use with RAS.
Also, try to select a modem or ISDN
adapter that is the same or very close
to the one that is used by the ISP you
are using. This helps to ensure
optimal performance and the highest
possible connection rates.

For information about selecting and

installing a modem or ISDN adapter,
see your documentation for Windows
NT Server 4.0 or documentation
provided with your modem or ISDN
adapter.

Setting Up a Modem

To set up a modem on the server

computer, perform the following
steps:

1. Install the modem and

start the server computer.
2. In Control Panel, double-
click the Modems application
icon.
3. Follow the on-screen
instructions for installing a new
modem.

For information about installing a

modem, see your documentation for
Windows NT Server 4.0 and the
documentation provided with your
modem.

Setting Up an ISDN Adapter

ISDN offers a much faster

communication speed than ordinary
telephone service that uses analog
equipment. ISDN can operate at
speeds of 64 or 128 Kb per second.

Unlike most available modems, not all

ISDN hardware uses the same
signaling technology. This may
introduce connection problems
between your ISDN provider (the local
telephone company) and your
hardware adapter. In some cases, the
adapter may not work at all with
service in your area. For this reason it
is important to consult with both
telephone and Internet service
providers you will be working with in
your local area before making a final
selection on ISDN adapters. As with
modems, obtaining an adapter that is
supported by Microsoft and on the
Hardware Compatibility List is also
highly recommended.

To install an ISDN adapter, perform

the following steps:

4. Install an ISDN card and

start the server computer.
5. In Control Panel, double-
click the Network application
icon, click the Adapters tab, and
click Add.
6. Follow the on-screen
instructions to select or install a
device driver for the ISDN
adapter.

You must restart the computer after

you have installed the ISDN drivers.
Otherwise, not all of the available
ISDN ports may be listed on the
screen when you configure Remote
Access for ISDN.

Setting Up RAS

You can install RAS either during or

after the initial Windows NT Server
Setup. To install and configure RAS
after Windows NT Server has been
installed, use the Network Control
Panel. You will need to log on as a
member of the Administrators group.
Also, because you are connecting to
an ISP, you need to have the TCP/IP
protocol installed before installing
RAS.

To install the RAS client with Microsoft

Proxy Server, perform the following
steps:

7. In Control Panel, double-

click Network, click the Services
tab, and click Add.
8. In the Network Service
box, select Remote Access
Service, and then click OK.
9. Follow the on-screen
instructions to complete the
installation of the Remote
Access Service.

Select Dial out only for port usage to

configure RAS for dialout-only
connection to an ISP. Port usage can
be set by clicking Configure in the
Remote Access Service Setup dialog
box.

Network protocol settings should

include TCP/IP only (the IPX/SPX and
NetBEUI check boxes should be
cleared). You can set the network
protocols by clicking Network in the
Remote Access Service Setup dialog
box.