donovan jeffrey j wrote:
On Oct 12, 2009, at 11:11 AM, Jason Martina wrote:
Hello,
Well im looking for a better solution than MS ISA proxy, we have 3000
users that uses 4 ISA proxy servers, and its a managment nightmare so
im going to attempt to use squid+dansguardian, on the squid side of
things i cant find anything about using it in a large orginization and
with the users we have about 1500-2000 hit the proxy's at a time,
there heavily used for customer service agents and i would like to use
ONE server to control all, so im looking for some help or a document
dealing with Larger companys!!
i run
2 primary transparent/nocache squid + squidguard
2 Authenticated squid cache + squidguard
covering 27 buildings and 2000 staff 9000 kids, and someone decided to
give them all laptops one day :)
squid can hang
We're also a school district (or it sounds like donovan jeffrey j is
anyway) though a little bit larger.
We have 40 sites and a bit shy of 14000 students. Not sure of staff but
probably in the 2000 to 3000 range.
We do cache and use squidGuard as the filter but do not authenticate.
Typical traffic is 30M to 35M bps and will burst as high as 55M - or at
least that is the highest I've seen.
We run two boxes with dual 1.6G processors, 3GB ram and three ultrawide
scsi disks. Multiprocessor boxes are of only limited advantage as the
main squid process is still single thread last I knew. Additional cores
can run the OS and other squid threads though (disk IO for example).
We have a modest degree of balancing occurring via wpad but the majority
of the traffic (~60-70%) is handled by the primary. We use the 2.x
branch of squid at present. While there are a things which can be done
to optimize performance RAM is the biggest issue IME. Be sure to have
plenty. Fast disks for cache and logging is the second. One thing
usually recommended is to avoid raid especially on the cache disks and
let squid handle them itself. A mirror of the system disk to ease crash
recovery is reasonable AFAIK.
Note that dansguardian will impose significantly higher hardware demands
than SG last I heard. We experimented with but have never deployed DG so
that may or may not have changed in the last few years.
HTH.
--
Mike Rambo
