The Wonder and Magic of Proxy Servers, By Glenn Rawdon
What is a Proxy Server?
When we want to surf the Web, the usual setup consists of a computer with a modem connected to a phone line. Dial Up Networking (DUN) dials up the Internet Service Provider (ISP), logs onto the network, and we are connected. This works fine for one computer from home or one user at the office, but if you have five users at the office, all of whom want to be connected, then you need five modems, five phone lines, and five IPS accounts. With a good 56K modem still costing about $150, a business line at least $50 a month, and an IPS at least $20, you are talking $600 extra in startup and $280 per month.
One way we can cut down this cost is with modem sharing software. This software (which is built into some network operating systems, such as LANtastic and Microsoft Small Business Server) lets several computers connect to a modem on another computer on the network. With this, you can eliminate the extra costs of Internet access. But there is a downside. Since there is only one modem, if someone is using it no one else can.
If all you need is occasional access, modem sharing might work for you, but the Internet is becoming a bigger tool in our business each day. After the fourth time you try to log on to do legal research, only to find the modem is still in use, the frustration level in the office will reach a new high.
Enter the Proxy Server. This piece of software is similar to modem sharing in that it allows several computers on the network access to the modem for Internet access. The difference is that more than one computer can be on the Internet at one time, still using one modem, one phone line, and one ISP account.
How a Proxy Server Works
The proxy server runs on the computer with the connection to the Internet, be it ISDN, T-1, or a 56K modem. It establishes the connection to the ISP, then takes requests from the other computers to retrieve information. For example, Bill opens up his browser and requests the Microsoft home page. The proxy server requests this page, then forwards it to Bill’s computer when it is returned. If Jane logs on and requests the OSCN page, the proxy server gets this page and sends it to Jane’s browser. The ISP sees only one connection, but two really exist, with the requests directed by the Proxy Server.
Most proxy servers require that your network run the TCP/IP protocol. This is the language of the Internet. With TCP/IP, each device, whether computer, printer, camera, or whatever has a unique number, called an IP address. A typical IP address looks like this: 192.168.0.112. The proxy server uses this address to route the information retrieved.
When you log on to your ISP with DUN, the server at your ISP assigns you an IP address for that session. Your ISP has a range of IP address assigned to it and it assigns them to you as needed. One session you will be one number, the next session a different one. When you request information using a workstation on the network, the proxy server makes that request from the number assigned by the ISP. When it comes back, the proxy server then routes it to your IP address.
Think of it this way  all of the mail for your office comes to one address, then your secretary sorts it and gives it to the appropriate person. A proxy server works in this same manner.
Setting up a Proxy Server
So you are sold on the idea of a proxy server, but how easy is it to set up? My experience has been that they are relatively simple to set up, but learning to use all of the features will take some time. Many of the terms and concepts you must come to understand may be new to you.
It is not unlike using a word processor. Getting out a simple letter doesn’t take much time, but learning to use tables, generating tables of contents, and creating outlines comes slowly, as needed.
I have had hands on experience with Wingate and Microsoft Proxy Servers. By far the easier of the two was the Microsoft. It comes included with Microsoft Small Business Server (SBS) and installed as part of the installation. With SBS, once the server is installed, you add users and it makes an installation floppy disk for each workstation. When you run the install floppy on the workstation, it logs on to the server and downloads all of the software it needs. Part of this is the proxy client. The only change to the default settings I had to make was so I could get mail both from Exchange Server and my POP3 account with my ISP. Once you know this change, you can make it on the server and it will download to the workstations as they are set up.
Wingate was more involved, especially if you do not have TCP/IP already installed on your network. You must configure each computer that will use Wingate to run TCP/IP before you install the software. This must be done on each machine, so it is time consuming. (But I installed the Microsoft Proxy Server as part of a new SBS install. If it were purchased as an add-on to an existing NT network, it might be as cumbersome to install.)
Once TCP/IP is set up, you install the server software. This can be done on an NT Server or any Windows 95/98 machine. This is one advantage of Wingate. You can set it up on an existing Windows 95/98 peer-to-peer network without investing in an NT Server. I have done this in one of our offices and it has worked fine.
After you have the server running, you configure the workstations. Wingate has a small program that does this and it does it quite well. It configures the workstation to see the Wingate server and configures your browser and POP3 and SMTP mail clients to use Wingate.
At this point you would be up and running for Web browsing. To get more sophisticated, you will have to start learning more.
Different types of information on the Internet come to your computer in different ways. They get routed to your computer through TCP/IP using different ports. You must set up the server and the clients to use the same ports. Here is what the Connection Tab for the settings of IE4 looks like when you set it up to use a proxy server:
If we go into the Advanced settings, you can see what I mean about ports.
You can see that the different functions of the browser look to different ports for their information. When you add another function, such as Real Audio, it looks to additional ports. For each service you want to pass through your proxy server, you must learn how to set it up.
Wingate’s configuration software is called Gatekeeper. Here is the opening screen for it:
I have expanded the Services portion of setup so you can see the different functions I have set up for my office. I want to get mail from my POP3 accounts so I had to set up Wingate to do this. Here is the setup screen for this service:
I also wanted to use Real Audio. Here is the screen for it:
As you can see, the port settings for these are different. I have learned that most of these settings are standards, but you must learn how to find them and how to set them up for the proxy server that you choose.
You can also see that there are tabs for many other settings for the services, such as Bindings, Sessions, and Policies. I have found that proxy servers give you great flexibility and control. Let’s explore that control.
Controlling Access
The control starts with how you connect to the Internet. You set up a DUN entry for your ISP. You then set the proxy server to connect to this entry when someone requests a connection to the Internet. You also set the proxy server to disconnect from your ISP when it is idle for a certain period of time.
The typical proxy server lets you name users just like you do with your network. You can then set access according to the user name, again just like granting access to files on the network. If you want a user to be able to view web sites, but not to be able to download files using FTP, you set these restrictions.
You can also set the hours of usage. If you wanted to restrict certain employees to certain hours of usage so that you could be sure not to overload your bandwidth, this can be done. Here is how this looks in Wingate:
This would be useful if you only have one dial up modem connection and ten users sharing it. You could set different hours for different employees insuring that no more than two or three were connected at any one time, thus insuring a faster connection.
You can also designate the sites that they can visit or exclude certain sites. Here is how that might look:
As you can see, no one in this office can visit the Hustler Web Site.
As well as giving you control, a proxy server allows you to monitor usage. You can set up log files which list as much information as you would ever want about your Internet usage. Every hit made by every computer can be recorded. Here is how the information is logged:
03/27/98 14:46:22 192.168.0.2 Guest 0000000075 Requested: http://home.netscape.com/netcenter/newslet…es/netstore.gif
03/27/98 14:46:22 192.168.0.2 Guest 0000000076 Requested: http://home.netscape.com/netcenter/newslet…etcenter_50.gif
03/27/98 14:46:23 192.168.0.2 Guest 0000000077 Requested: http://home.netscape.com/netcenter/newslet…ack2_banner.gif
03/27/98 14:46:23 192.168.0.2 Guest 0000000076 Traffic 1391 558 504 1391 2s
03/27/98 14:46:24 192.168.0.2 Guest 0000000078 Requested: http://home.netscape.com/netcenter/newslet…nNNSoftware.gif
03/27/98 14:46:24 192.168.0.2 Guest 0000000072 Traffic 990 556 502 990 5s
03/27/98 14:46:27 192.168.0.2 Guest 0000000079 Requested: http://home.netscape.com/netcenter/newslet…oductUpdate.gif
As you can see, the log is so extensive that it shows each image downloaded from this visit to the Netscape web site. Not only to see how much time your employees are using the Internet, but you can review your logs to be sure they are using it for work related activities.
Speeding Access
A cache stores Internet information on your server so that the next time it is requested it does not have to be downloaded. Having a proxy server with caching can speed up your access to the Internet. Suppose John logs on to OSCN at 9:00 AM, then Jane logs on at 10:00 AM. With the OSCN page in the cache, Jane will get her page much quicker. The second time it is coming from the local server, not through the modem. You decide how much hard disk space on your proxy server to use for your cache.
As you can see, I have set the cache in my office to 300 MB. What about pages that are updated? As you can see, the proxy server lets you set the number of days until it will recheck for updates. If the page has changed, the new page will be downloaded. If it has not, the cached version is sent. There are also settings to let you choose what files to cache and when to purge the cache.
If you couple this caching feature of the proxy server with the automatic update features built into the browsers, you can greatly increase your access time to the web pages you use the most. If you have not already done this with your browser, you should check it out. In Internet Explorer 4 it is called Subscriptions. You subscribe to a page and IE4 checks it for content, according to the schedule you specify. You can schedule daily, weekly, or monthly updates for all of the Web sites you subscribe to or for individual sites.
Using OSCN, let’s see how this would work. In IE4 I log on to OSCN. I then choose Add to favorites. Most of you have probably done this, but instead of just adding it, choose the last option.
After you have done that, go back into favorites and choose Manage Subscriptions. Right click on OSCN and choose Properties.
Pick the receiving tab and select Notify like the screen below.
Now choose the Schedule Tab and set it up to suit your preferences. I set mine up to download at midnight each night. By doing this, the proxy server will have this page in cache each morning. Anyone who logs on to OSCN will get the page directly from our server with no delay. Only one computer in the office needs to be set up for the common subscriptions. The proxy server will dial up at midnight each night, connect to the ISP, download the pages we use the most and have them waiting for us the next morning.
How well does it work?
My organization has proxy server software running in seven locations. After the initial period of getting the bugs out, they have worked well for us. The biggest limitation we have found is obvious. Even though ten people can connect to the Internet through one phone line, the modem speed has not increased. If one person is on at 56K, when two log on you each only have 28K. With four you are down to 14K.
How much a problem is this? It depends upon what you do with the Internet. If everyone is browsing Web pages, maybe not much of one. While I am reading my page you may be downloading yours. It also depends upon the pages you are downloading. High graphics pages take longer than those with primarily text. If you set up the cache so that much is downloaded automatically at night, this helps, too.
Where you begin to see real problems are with applications such as Real Audio. It is downloading the entire time you are using it. If you have a need for Real Audio, video conferencing, or something similar, a proxy server connected to video conferencingiable solution. But this is not a limitation of the proxy server, only a limitation of the bandwidth of a dial up connection. In our largest office, we have gone to ISDN to increase our bandwidth.
Security Issues
How will a proxy server affect the security of your network? A proxy server actually can give you more security than just a dial-up connection by using it as a firewall. According to the criteria you set, only that traffic is permitted. Here is how Wingate explains it: “As traffic passes between your network and the Internet it’s examined by the firewall, which follows the strict guideline of whatever is not expressly permitted is denied.” We have set up our proxy server to only permit our internal IP addresses access to the proxy server. With this setup, we have had no problems.
Which Proxy Server is Best?
I hate questions such as these. It is like asking which word processor is best. If one were a clear choice there would only be one. I have had good luck with both Wingate and the Microsoft Proxy Server. PC Magazine picked WinProxy as the best workgroup Proxy Server for 1998. They liked its low cost and ease of setup.
The good news is you do not have to buy one to try it out. You can get a 30 day trial copy of WinProxy at www.ositis.com and of Wingate at www.wingate.net. You can also download a 30-day trial version of Microsoft Proxy Server 2.0 from www.microsoft.com/proxy. Or a 60-day trial version of Netscape Proxy Server 3.5 is available at home.netscape.com/download.
What do they cost? Netscape Proxy Server with a 100-user license is $525. Microsoft Proxy Server lists for $995. (Before I would pay this much I would get SBS, which includes the Proxy Server.) The Wingate Standard 6 user version is $140 and the Pro version is $300. WinProxy Lite allows three users and is $59.95. WinProxy for unlimited users is $299.
There are other products out there. Artisoft (remember LANtastic?) makes I-Share. The good thing about this product is that you do not need to run TCP/IP on the whole network. The 10-user version of it lists for $219. I tried out an early version of it but went with Wingate because there was no NT version at the time. Now Version 3.0 works with NT as well as Windows 95/98. A plus for this product is that you do not need TCP/IP on all computers. One copy will support up to 32 users. For more information, find out all about it at www.artisoft.com.
For pure economy, check out 602Pro INTERNET SERVER Lite or 602Pro INTERNET SERVER. Both versions allow unlimited users for $50 and $200 respectively. To download and try, log on to www.602pro.com/lite.
Remember that most software companies have non-profit, government, or academic pricing for which you may qualify. Always ask; you will save money.
Recommendations
Log onto the Web sites listed here and read about these products. Go onto www.zdnet.com and see what the Ziff-Davis people have to say about the products. Pick out one you think best suits your needs and download the trial version. Drive it around the block.
If you have only a Windows 95/98 peer-to-peer network, look at WinProxy, Wingate, or I-Share. If you have been planning to get an NT network and have no more than 25 users (soon to support 50), get Microsoft Small Business Server. I think it is the best buy in software today. You get NT Server, Exchange Server, modem sharing, Proxy Server, SQL Server, Fax Server, and more all in one affordable package.
Benefits
As we covered at the beginning, a proxy server can pay for itself quickly in savings over individual connections to the Internet. This is just the beginning. Giving everyone in your office access to browse the web is beneficial, but the proxy server allows you to open up the world of e-mail to all of your users.
Once you have a shared connection to the Internet, all you need to give everyone an e-mail address is an account with a ISP or Web host to provide you with e-mail accounts. The cost for these can vary widely. Typically, your ISP will give you one e-mail account with your Internet connection. The account name will look something like username@isp.net. Additional accounts can cost as much as $5.00 apiece. This can add up quickly. Shop around.
We decided to go with a Web host. The one we chose, Top Choice, gives us a Web site and 25 e-mail accounts for $25 per month. Additional e-mail accounts are $5.00 for each 10 additional. An organization with 55 employees can have a Web site and 55 e-mail accounts for only $40 per month. That is a bargain.
Once you have your accounts, you do not need to spend anything on software. You can configure either Outlook, Outlook Express, or Netscape Messenger to check each employees e-mail automatically during the day using the proxy server connection. If you are using Outlook for your e-mail client, both intraoffice e-mail and Internet e-mail will come to the same inbox.
We have seven offices covering the entire eastern half of Oklahoma. Now we all communicate regularly, sharing information and solving problems. It has cut down on our costs for phone calls and, since documents can be scanned and sent as attachments, faxes have decreased. We do as much communication a possible over the Internet because there is no additional cost.
Perhaps the greatest benefit is the sense of community it provides our people. Instead of feeling like a small office in the middle of nowhere, each of us feels like an important member of a large firm serving the poor of Oklahoma.
http://www.mplp.org/technology/Proxy_Servers.htm