Local Government Webmasters Meeting March 22, 2007 - Seattle, Washington Prepared by: Steven Niedermeyer Web Systems Analyst, City of Bellingham
Overview
What is a reverse proxy server? Business case highlights Examples of available solutions Considerations when implementing Additional resources
Internet Browser
Internet
External Firewall
Internal Firewall
Benefits of a reverse proxy server Cost of implementation Potential risks of implementation Potential risks if not implemented
Benefits of an RPS
Increased Security Single SSL certificate Caching and compression Central access logs for reporting
Increased Security
A reverse proxy may be used to prevent Internet clients from having direct access to less secure web servers or applications located on isolated networks or intranets.
Demilitarized Zone (DMZ)
Internet Browser
Internet
External Firewall
Internal Firewall
Internet Browser
Internet
External Firewall
Internal Firewall
Offload other webservers by caching static content, such as images. Compress content before delivering it to site visitors to optimize load times.
Centralized logging of web traffic Single format for access logs Simplified reporting and tracking of performance measures.
video.agency.org class.agency.org (Windows Media log format) (IIS format access log) Multiple Locations
Cost of Implementation
The purchase price of a reverse proxy server solution ranges from free to over tens of thousands of dollars depending on the needs of the agency. Staff time must be invested in implementation, training, and establishing policies to govern the management of this key component of an agencies web presence. The City of Bellingham implemented a solution for just over $11,000 ($9,000 server, $1,500 backup license and FTP software, $1,000 consulting to enable a web application to work with the reverse proxy server)
May increase your risk of a security breach May increase your operating costs for SSL certificates
Basic solution Apache HTTP + Linux/Windows Server 2003 Advanced solution Microsoft Internet Security Application Server (ISA)
Set up a test environment Provision a backup server with the same configuration as your primary reverse proxy server Keep detailed documentation as reverse proxy servers may require extensive configuration
Additional Resources
Product Examples
General concepts
Wikipedia http://en.wikipedia.org/wiki/Reverse_proxy