Building an Internet Presence with Servers: Part I Page 2
Core Proxy Service Technologies
Organizations seeking a proxy server software solution may encounter an array of confusing technologies upon which these solutions are based. Each has their pros and cons, which are discussed below.
Network Address Translation (NAT) is a low-level protocol that allows proxy servers to behave much like a software router. Proxy servers supporting NAT work by forwarding packets between the local area network and the Internet while performing translation of the source and destination IP addresses. Each client computer uses the NAT proxy server as the TCP/IP gateway.
The primary benefits of NAT-based proxy solutions are the degree of transparency and the minimal client computer requirements. For many types of interactions with the Internet, such as web browsing, email, and FTP, NAT "just works," without the need to install special software on client computers, or configuring Internet applications individually.
(Be sure that any proxy server packages that you're considering supports bi-directional port mappings. The downsides of NAT-based proxy solutions reflect the limitations of the NAT protocol itself. Software applications that support network protocols requiring multiple connections or connections that originate from an external source may require special consideration from the proxy server vendor. Also, running services behind a NAT device will generally require special port mappings to handle incoming requests.)
Many of the first proxy server solutions were built on the concept of application proxies. Application proxy servers require the individual configuration of each software application that uses them. For example, a web browser must be configured (through its connection settings) to direct its HTTP requests to the proxy server on a specific port.
Since each user's software applications must be configured to use an application proxy server, managing them can become a burden. Further, not all Internet software applications support the traversal of proxy servers.
Most software applications that access the Internet establish TCP/IP connectivity through calls to the operating system's Winsock (Windows sockets) facility. This facility is provided via the presence of a special DLL located in the Windows system directory.
Some proxy servers require client computers to install software that replaces the operating system's Winsock DLL with a version that they've modified to allow for the interception of network requests, which are then redirected to the proxy server.
The downside of Winsock replacement proxy servers is that because they introduce proprietary functionality into a standard operating system facility, it can be difficult to ensure that any software application that utilizes Winsock will continue to operate normally. Due to the potential for stability problems and because Windows is gradually migrating to a protected system architecture model, Winsock replacement proxy technologies have largely fallen out of favor.
LSP Client Software
The last proxy server technology we'll discuss in this article is the installation of LSP (Layered Service Provider) software on the network client computers. LSP software is effectively installed at the layer just beneath Winsock, allowing it to intercept and redirect software network requests to a remote proxy server. This approach is far safer than Winsock replacement methods because it uses a well-known and supported operating Windows system facility (the Service Provider Interface). In addition, some LSP client software applications can automatically manage the port mappings required to run services behind a proxy server.
Although LSP proxy solutions require the installation of software on the client computers, it has the benefit of relatively transparent operation. It needs only to know which application requests to intercept and redirect. LSP client software can even work nicely in conjunction with NAT services -- simply configuring the LSP client software to "ignore" certain applications will cause those applications to use a NAT server instead (if available).
Most modern proxy servers employ NAT (Network Address Translation) technology, which often provides a seamless experience for end users, with no requirement to configure applications for use with the proxy server. The best proxy server solutions also allow for the use of application-level proxies or client-side application request redirection, effectively providing a greater level of overall flexibility should special needs surface.
In Part 2 of Building an Internet Presence with Servers, we'll explore the prospects of hosting Internet services such as web, FTP, email, and others.
Mark Richards is the Internal Product Manager for Deerfield.com, a server vendor.