Hello everyone,
first of all thanks to the community of squid for such a great job.
I'm writing because I have to revise the current implementation of squid in my company so I would like to share with you some design ideas and possibly have some suggestions from you.
The group I work for has six offices/branches in six different italian cities and the networking infrastructure is based on a "hub and spoke" paradgima (ie https://www.checkpoint.com/products/vpn-1_power/images/vpn -1_pro_oneclick_star.gif) where every branch, the spoke, is part of the main datacenter, the hub.
Now the cache/forward proxy runs - for each branch - inside the branch office on a pair of squid nodes balanced by wpad/_javascript_ on ip address base (even ip/odd ip).
For obvious reasons of maintenance and for other technical reasons we intend to move the proxy navigation centralizing it to the datacenter hub on a couple (how many?!) of squid nodes.
I have some questions that I would like to share with you:
1. I would like to leave the solution we are using now (wpad balancing). In a situation like the one I have described, centralized squid serving the spokes/branches, which is the best solution for clustering/HA? If one of the centralized nodes had to "die" I would like client machines not to remain "hanging" but to continue working on an active node without disruption. A hierarchy of proxy would be the solution?
2. Bearing in mind that all users will be AD authenticated, which url filtering/blacklist solution do you suggest?
In the past I have worked a lot with squidguard and dansguardian but now they don't seem to be the state of the art anymore.
I've been thinking about two different solutions:
2a. To use the native acl squid with the squidblacklist.org lists (http://www.squidblacklist.org/)
2b. To use urlfilterdb (http://www.urlfilterdb.com/products/overview.html)
3. Which GNU/Linux distro do you suggest me? I was thinking about Debian Jessie (just frozen) or CentOS7.
Thank you to everyone for reading so far.
Regards,
a.
first of all thanks to the community of squid for such a great job.
I'm writing because I have to revise the current implementation of squid in my company so I would like to share with you some design ideas and possibly have some suggestions from you.
The group I work for has six offices/branches in six different italian cities and the networking infrastructure is based on a "hub and spoke" paradgima (ie https://www.checkpoint.com/products/vpn-1_power/images/vpn -1_pro_oneclick_star.gif) where every branch, the spoke, is part of the main datacenter, the hub.
Now the cache/forward proxy runs - for each branch - inside the branch office on a pair of squid nodes balanced by wpad/_javascript_ on ip address base (even ip/odd ip).
For obvious reasons of maintenance and for other technical reasons we intend to move the proxy navigation centralizing it to the datacenter hub on a couple (how many?!) of squid nodes.
I have some questions that I would like to share with you:
1. I would like to leave the solution we are using now (wpad balancing). In a situation like the one I have described, centralized squid serving the spokes/branches, which is the best solution for clustering/HA? If one of the centralized nodes had to "die" I would like client machines not to remain "hanging" but to continue working on an active node without disruption. A hierarchy of proxy would be the solution?
2. Bearing in mind that all users will be AD authenticated, which url filtering/blacklist solution do you suggest?
In the past I have worked a lot with squidguard and dansguardian but now they don't seem to be the state of the art anymore.
I've been thinking about two different solutions:
2a. To use the native acl squid with the squidblacklist.org lists (http://www.squidblacklist.org/)
2b. To use urlfilterdb (http://www.urlfilterdb.com/products/overview.html)
3. Which GNU/Linux distro do you suggest me? I was thinking about Debian Jessie (just frozen) or CentOS7.
Thank you to everyone for reading so far.
Regards,
a.
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
