Last month's article, "Microsoft's Internet Access Server," looked
at the installation and basic setup process for Microsoft's new Internet Access
Server (IAS), a proxy server that makes connecting your intranet to the Internet
a much safer thing to do. IAS, which is in beta 3 testing, is slated for release
by the end of the year. This article looks at some details of configuring IAS
once you install it.
The Proxy Server
In a network environment, a proxy server has
the authority to act for other computers on the network. The IAS is a proxy,
providing each workstation with access to TCP/IP networks such as the Internet,
while keeping the workstation address anonymous. Such anonymity makes intruder
attacks on your machine almost impossible.
You manage IAS through the Internet Service Manager (ISM). To start ISM,
click Start, select Programs, Catapult Server, and then Internet Service
Manager. If you have other Internet services on your Windows NT machine, you'll
see them in the ISM display. Screen 1 shows the ISM with all the services
installed and running.
All the configuration settings are on the administrative interface for each
service. To display a service's administrative interface, double-click the
service name in the ISM or right-click the service name and select Service
Properties.
The Proxy Service
The Proxy service controls access to FTP, WWW,
and Gopher sites on the Internet. The administrative interface for the Proxy
service has five tabs: Service, Permissions, Caching, Logging, and Filters.
The Service tab is for informational purposes only and contains
nothing to configure but a comment field, which lets you describe this service
so users can view the description in ISM. Click Current Sessions to
display a list of the users connected to the Proxy service at any given moment.
The Permissions tab, as shown in Screen 2, lets you grant or deny
various users and groups access rights to the proxy for Internet access. You can
separately manage three types of access here: FTP, Web, and Gopher. To allow
access to a service, select it in the Rights pulldown, and click Add to display
the Add Users and Groups dialog. Once you add the users and groups that
get access, click OK. To disallow access rights to a user or group, select the
user or group and click Remove.
Tip: The User Manager for Domains lets you create a group
that includes the user accounts of all users who need access to FTP, Web, or
Gopher. Once you create this group, you need to apply permissions for each
service only once for the group, rather than once for each member. This approach
can be a real time saver.
The Caching tab, shown in Screen 3, presents the cache property
settings. The Proxy service cache lets you configure the service to store
Internet objects on your local hard drive for a given period. This option can
greatly reduce response times and bandwidth utilization. When a client machine
requests an Internet object that is in the cache, the Proxy server delivers the
cached copy instead of getting the object from the Internet site.
The cache expires at intervals the administrator sets. The proxy server
will retrieve a fresh copy of the Web object when a client requests it again or
before a client requests the object, depending on how the cache is configured.
The cache has two modes of operation: passive and active. In the passive
mode, IAS copies each object someone requests from the Internet to the hard disk
of the computer running the IAS server. In active mode, IAS updates objects in
the cache periodically, whether a user requests them or not.
The proxy cache has five areas to configure:
- The Enable Caching check box enables and disables the cache.
- The Cache Expiration Policy lets you adjust the freshness of
objects in the cache. Freshness is a measure of how long to store and use a
local copy of a cached object before IAS updates it from the Web site. A slider
bar lets you adjust this setting. Move the slider bar toward Always Request
Updates to keep objects fresher and increase the traffic the IAS server
generates. Move the slider bar toward Fewest Internet Requests to
lengthen the time you store objects before IAS refreshes and to decrease the
traffic the IAS server generates.
- The Active Caching Policy ensures the freshness of Internet objects you
store on the hard disk, by letting the cache manager generate a request for an
Internet object without a client's prompting. Move the slider bar toward Most
Client Cache Hits to update the cache more frequently, or toward Fewest
Internet Requests to reduce the frequency of update requests to Internet
sites.
- The Cache Size lets you add and remove drives from caching and set the
amount of disk space for caching Internet objects. The limit to the cache size
is the amount of disk space available. Theoretically, cache size has no upward
limitations.
- The Advanced Cache Options let you specify which objects to cache and the
maximum object size to cache, and enable server protection and cache filtering.
Cache filtering lets you specify filename, directory name, and domain name to
restrict which objects to always cache or never cache. To display Advanced Cache
Options, click Advanced.
The Logging tab presents the available log settings. You can turn
logging on or off, select regular logging or verbose logging, and select data
logging to a text file or a database. Each log record contains the username,
client type, client protocol, time and date stamp, and size of the requested
object.
The Filters tab, in Screen 4, presents the filtering properties
that let you control access to Internet sites through the server. The filtering
mechanism grants or denies access based on the IP address or domain name of
particular Internet sites. For example, to block access to a Web site to keep
employees from misusing company time, you select Denied, click Add, select
Domain, and then enter the Web address in the Domain data entry window. That's
all there is to it.